A recent study revealed that incidents of identity theft in the United States grew by 16% in 2016, compared with the previous year. The Identity Theft and Assumption Deterrence Act of 1998 defines this criminal act as “knowingly transfer[ing] or us[ing], without lawful authority, a means of identification of another person with the intent to commit…any unlawful activity.” In the U.S., it’s a problem that left 15.4 million victims in its wake and a price tag of $16 billion in 2016. The European Union’s law enforcement agency, Europol, believes that victims worldwide lose around €290 billion each year due to cybercrime, calling it “more profitable than the global trade in marijuana, cocaine and heroin combined.”
How are identities stolen?
Never underestimate the resourcefulness and determination of an identity thief. There are many ways they can plot to get your customers’ personal details. Here are two common online schemes of which you should be aware:
- Phishing scams – Are your customers receiving fake or malicious emails that look like they are coming from your business? Spammers use this technique – masquerading as a trusted entity in urgent need of certain personal information – to trick customers into revealing confidential data.
- Bogus websites – Has your website been copied? Today, hackers can use very sophisticated techniques to duplicate the look of your legitimate website – and then use the bogus website to trick your clients into logging in, filling out forms and making purchases. Sites like this exist for the sole purpose of misleading people into providing their credit card information, with no intention of delivering any purchase orders.
In one example of a sneaky data security breach, a woman named Chantay Ware spent two years operating a scheme out of the Starbucks in Cleveland Hopkins International Airport. From 2006 to 2008, she stole personal information provided in Starbucks job applications and used it to apply for — and abuse — 65 credit cards, racking up a total of $115,000 in fraudulent charges!
In addition to individual identity theft, there is also wholesale identity theft. The latter occurs when a hacker steals a large batch of personal information – all in one shot – from a government or company database.
Identity theft and e-commerce
Putting a computer screen in between customers and vendors has made e-commerce stores particularly vulnerable to identity thieves. Think about it – if a cashier has any doubts about a credit card belonging to a customer, all they have to do is ask for proof of ID and check that it matches the card. When the transaction takes place online, there is no way to see if the card actually belongs to the buyer. This is called a card-not-present (CNP) transaction. Between 2015 and 2016, there was a 40% increase in CNP fraud.
Prior to the 2016 holiday season, a survey of 125 retailers that together represent 13% of online sales forecasted that online fraud attempts would rise 43% compared to the previous holiday shopping season. Quick shipping options are contributing to this rise, since vendors have even less time to scrutinize transactions.
If your company uses electronically stored information or has an online presence (e.g. website, email, social media), then you need to take precautionary steps to protect your customers’ information and your brand. Here are 6 important tips:
- Use computer passwords to prevent outsiders from accessing company machines.
- Set up a firewall to monitor and control incoming and outgoing network traffic.
- Update anti-virus software to defend against viruses, malware and other online threats.
- Use a spam filter to block malicious emails.
- Encrypt sensitive data to prevent unauthorized access.
- Use a wiping program to permanently remove old files from company hardware.
Putting a system in place to protect your customers’ personal information will go a long way toward building the trust – and reputation – you need to succeed.