National Identity Fraud Prevention Week Blog

ID Fraud? It won't happen to me...will it?

2011-10-16T22:01:00Z

National ID Fraud Prevention Week (NIDFPW) kicks off today for the seventh year in a row. With more and more people falling victim to identity fraud and theft, this week is the ideal time for consumers and businesses to get wise to the risks and learn how to protect themselves.

Can you afford fraud?
The average ID fraud incident currently costs an individual £1,190 sometimes escalating to more than £9,000. Sobering figures, especially at time when for many money is tight. But just why are things getting worse?

]]> Many people suffer from the well known 'it won't happen to me' syndrome. We all know how easy it is to simply throw out our bills and statements along with junk mail, but it's a lot harder to recognise that, in doing so, we are also throwing an opportunity to fraudsters.

It's almost habit to be even less concerned in our virtual lives. As more and more of us surf the web, sharing and updating information with the world, there has been a staggering rise in the amount of personal data including addresses and dates of birth being published every day. This makes rich and easy pickings for the fraudsters. In fact, 88% of those who use social media sites admit to sharing this type sensitive and personal information which is directly giving rise to increases of ID theft cases.

So ask yourself again, ID Fraud, it won't happen to me will it? How many of us are even aware if our Facebook profile displays our date of birth, hometown or address? The truth is complacency is the best friend of ID fraud. We are simply not making the direct connection between giving away our private data and becoming a victim of identity theft. Only 18% of us are concerned about social networking sites being a vulnerable part of the fraud chain.

So what can you do? Being aware is the first key step and National Fraud Prevention Week is here to alert individuals and companies to the very real threats that exist today and the attacks that are happening right now as you read this.

Prevention is the cure
But we need to take action to help prevent ID fraud. Checking and shredding are the bed rocks of protecting your identity.

Checking banks statement for unfamiliar transactions, checking postal mail that goes missing and checking your personal credit report regularly all help to uncover any indications of ID fraud and prevent it from continuing.

Shredding all personal information is vital. Just throwing letters, statements, bills and receipts away is the same as putting your sensitive data all over your Facebook page and in the hands of the fraudsters.

So why not take a moment this week to make sure you are doing all you can to protect your identity and prevent fraud? A quick visit to www.stop-idfraud.co.uk will give you lots more tips along with a full advice pack on how to prevent identity fraud.

If you ask yourself 'it won't happen to me, will it?' you might just be surprised at the answer.

Do You Really Know Your Customers? - Authentication - a key practice for businesses

2010-08-27T17:14:04Z

Businesses around the world spend millions to learn more about their customers. They work hard to define what their customers need, want and like. This information is then used to create highly targeted marketing messages suited to their tastes.

However, it is equally important for a business to have a plan in place to authenticate and verify their customers' legal identities. This is a key practice in protecting any business against fraud and a failure to plan can result in businesses losing substantial amounts of money, suffering damage to their reputation and in some instances bankruptcy and closure.

]]>
1.    Discuss the use of a secure payment system (such as Verified by Visa and MasterCard SecureCode) with your bank
2.    Ensure cardholder data is secure by complying with the Payment Card Industry Data Security Standard (PCI DSS)
3.    Remain mindful that payment authorisation does NOT guarantee payment
4.    Call customers to verify large online transaction details
5.    Be wary of delivery addresses which are PO Boxes or those that are different to the billing address or telephone orders
6.    Proceed with care when processing priority shipments for popular products among fraudsters such as TVs or mobile phones
7.    Exercise caution when dealing with transactions from abroad
8.    Be alert to changes in a customer's usual buying habits
9.    Watch out for customers who use multiple cards to make purchases
10.    Consider using secure a courier delivery service for high value products

Additional information can be found at www.actionfraud.org.uk

Has your business taken preventative actions to protect itself against ID fraud? If so, your business is a potential winner of the prestigious National Identity Fraud Award. Why not enter now for a chance to win a year of free monitoring service for your business, suppliers and customers provided by Equifax, as well as £1,000 of Fellowes office products including a 100% jam proof shredder.

Identity Fraud Prevention Award Call For Entries

2010-07-19T21:53:02Z

Despite the fact that corporate identity fraud costs the UK about £1.2 billion every year, a mere 36% of businesses have a comprehensive policy or procedure in place to prevent it.

As part of the National Identity Fraud Prevention campaign, we would like to recognise organisations and businesses that have taken preventative actions to protect themselves and their customers against ID theft.

Have you or your business:

Implemented or developed a clear policy and procedure to help prevent corporate identity fraud?
Undertaken regular training and updates for your employees?
Helped stop or highlight a case of corporate identity fraud?
Implemented or changed your procedures in some way to reflect the risks of corporate identity fraud or invested in equipment or systems which help protect you and your business against corporate identity fraud?

If you were able to answer "yes" to any of the above questions, then we want to hear from you! During this year's National Identity Fraud Prevention Week (18th-24th October), we will launch the first ever Identity Fraud Prevention Awards, a best practice award to reward those companies doing excellent work fighting identity fraud.

Simply submit your story and examples of how your company has taken preventative actions. Companies that are innovators in the field of identity fraud prevention and those that have taken several steps to stop fraud are equally welcome. Eligibility for the award doesn't depend on how expensive your prevention measures are; some of the most effective ways of fighting fraud are simple and sometimes even free!

Tyron Hill, official spokesperson for the National Identity Fraud Prevention Week says, "Keeping data secure is crucial for any business, especially with increased sensitivity around the way that companies handle their own data and that of their customers and suppliers. Simple steps such as registering and checking your details with Companies House, verifying customer identities with a credit reference agency or destroying documents securely with a shredder can help. Whilst some companies are not following or demonstrating best practice, there are thousands of companies out there who are taking the fight against identity fraud seriously. We hope that these awards will not only recognise those companies who are going the extra mile but also help to educate and inspire other organisations to take up the fight too."

If you would like to participate, please fill out this form.

The submission deadline is the 17th September 2010.
The shortlist will be announced on the 27th September. Winners and shortlisted businesses will be featured on our website as Identity Fraud Ambassadors.
The winners will be announced just before the National Identity Fraud Prevention Week itself on the 17th October. The winner will be able to use the 2010 Identity Fraud Awards logo on their website and all marketing materials.

Questions, Comments - please email us at award@stop-idfraud.co.uk or please visit the terms and conditions and judging criteria.

Good luck!

It Happened To Me: True Stories of Identity Fraud

2010-06-24T09:50:27Z

According to a recent Equifax Study, business managers and executives are the most targeted group for ID thieves, proving that even the most meticulous working professionals can fall victim and soon find themselves combating damage done to their credit and customer service reputation.

For the 2010 National Identity Fraud Prevention Week, we're looking for people to come forward to act as case studies and share their stories of identity fraud. National Identity Fraud Prevention Week aims to make businesses and consumers aware of the dangers of identity fraud and true-life cases are the most powerful tool in achieving this. Your story could prevent someone else from having their identity stolen

Business owners share their stories below:

"Stuart" ran his own coaching and training company for businesses. He had his wallet stolen whilst attending a training course in Northampton. It took four months to get his identity back and deal with the repercussions of the crime. In addition, Stuart had to go away for a business trip the day after the incident, and had to borrow money to fund it.

"Marc," a 22-year-old assistant manager with a financial institution in Manchester, never gave much thought to identity fraud until he received an email last November from Alliance & Leicester telling him that his 'application for a credit card was being processed'. Marc hadn't applied for a credit card so he contacted A&L, who immediately cancelled the application. Unfortunately the criminal - who had got hold of Marc's date of birth, email and postal addresses among other bits of key information, such as his salary - had applied for other loans and cards and Marc continued to receive emails alerting him to new applications under his name.

To find out more about Stuart and Marc, and to hear more stories, visit our real life identity fraud stories section.

Click on the comment field below to share your personal story and lessons learned.

]]> http://www.stop-idfraud.co.uk/Questionnaire.aspx

For more information about Identity Fraud prevention or Identity Fraud Prevention Week in the UK, visit www.stop-idfraud.co.uk find us on Facebook, follow us on Twitter @stopidfrauduk or get the RSS.

ID Fraud Trends In The UK: Don't Judge a Book By Its Cover

2010-06-10T11:41:57Z

There are many assumptions about those who commit and fall victim to identity fraud, but a recent Equifax Insight Report might well encourage all of us to check our credit cards statements more carefully.

Victims: Location. Location. Location.

Where you live determines your chances for ID theft. Live in Knightsbridge? Congratulations! You are a resident of the promised land of ID criminal activity. Think twice about dropping your credit card receipt in the bin without shredding it first.

ID theft is also rampant in other London hot spots including Docklands and Blackwall as well as other areas of the UK such as Salford, Liverpool Street in Manchester and Cardiff.

It isn't only where you live which increases your chances, it is also what you do. When you picture a typical victim of ID Fraud, a young, university graduate who's more concerned about using the card than checking their statement might come to mind. And while students do remain near the top of the list of targets for ID thieves, it's the highly successful, ambitious professionals who are more at risk despite the many safety precautions they take, according to Equifax.

Are you a manager or business executive? Watch out. You're now the most "wanted" among ID thieves despite that new security system you just inked at the office. Consider shredding your papers in the office and especially at home.

Well known in your community or have a brand new degree? Beware. There's an emerging trend of targeting affluent or professional people in their mid-late twenties (elite, recent university graduates in nice areas), a group that is "more than two-and-a-half times more likely to be targeted by fraudsters" according to Equifax. So the next time you put that weekend holiday to Amsterdam on plastic, consider the risks.

Fraudsters: To Tell The Whole Truth...

It's easy to picture a masked spy hiding in the shadows or a tech-savvy villain mastermind leading the fray, but the report reveals perhaps the biggest surprise surrounds those committing fraud. CV falsification and hidden adverse fraud, or those who simply omit their previous address from an application to avoid a bad credit trace, are being committed every day by people you may know and trust. Lie about your previous salary? You may want to think again.

So what can businesses do? Because of the overwhelming data demonstrating fraud is on the rise, "it is vital that organisations validate all details of an application. Address history and employment details should also be subject to thorough, automated checks and any suspicious elements flagged for further investigation," according to Equifax.

]]> http://www.stop-idfraud.co.uk/Questionnaire.aspx

For more information about Identity Fraud prevention or Identity Fraud Prevention Week in the UK, visit www.stop-idfraud.co.uk find us on Facebook, follow us on Twitter @stopidfrauduk or get the RSS.

How to Guard Against Festive ID Fraud

2009-10-20T08:56:14Z

'Tis the season to be cautious. The season for giving is fast approaching. This holiday period make sure that you don't give away too much information, leaving you exposed to identity fraud.

Christmas is a wonderful time of year but it's also a time when we have a tendency to let our guards down. Increased spending, travelling and socialising all spell increased opportunities for thieves. Stay vigilant and don't let this holiday season cost you more than you planned.

Our handy checklist has been designed to give you a few tips to help you stay in control of your identity. These do's and don'ts also include a recap of many of the tips included in our previous posts to help you put everything you've learned into practice at work and at home.

FESTIVE DO'S AND DON'TS:

DO have fun, eat, drink and be merry...just not too merry. Don't let fraudsters spoil your fun but take sensible steps to limit the damage. Alcohol reduces inhibitions and can result in out of character behaviour. Not having your wits about you can result in lost mobile phones, keys or wallets and purses left in the back of cabs. All of these items help identity thieves greatly. It may seem terribly suspicious but also be careful who takes your photograph. The Metropolitan Police have reported an increase in social networking related blackmail related to incriminating personal or work photos. For more tips on keeping your identity safe while enjoying social networking sites, check out our recent blog, Social Networking - The Safe Way.
DO take extra precautions when shopping online. Experts have warned online shoppers to be especially vigilant and predict a surge in online ID fraud during the festive season.
DON'T give personal data out in public. It sounds obvious but it's surprising how often we give away too much in public especially when on the telephone. When ordering goods on the telephone or on the internet, do so in private especially if it involves providing payment details. For more information and tips on how to protect your identity all day, every day, see It Could Be You.
DON'T leave bags unattended in bars or restaurants. Unfortunately not everyone is as honest as you are. Keep an eye on valuable items and rather than leaving bags or wallets on the table, keep them about your person at all times. As well as containing credit cards, house keys and the like, bags and briefcases can also contain important paperwork such as email print outs, business cards, CVs and even post it notes with usernames and passwords - all of which are like gold dust of unscrupulous identity thieves. For more detailed tips on how to safeguard your paperwork, read our post Major Danger Documents.
DO check your bank statement for any authorised purchases. Increased spending can make it difficult to spot fraudulent transactions quickly. Check bank statements regularly. If you use internet banking, you'll be able to do this in real time. If you're not completely sure of any transaction, contact your bank immediately and ask for clarification. Also be sure to shred bills, statements and receipts throroughly so that identity fraudsters can't piece together important personal information. As National Identity Fraud Week partner, Fellowes says: 'Use your head, shred." Shredding is one of the easiest and quickest ways of protecting your identity so make it part of your routine, starting today.
DON'T let anyone see your PIN number. It's easy to get caught up in the Christmas shopping whirl but remember to keep you PIN details hidden when using cash points or in-store card readers.
DO inform the police and your bank immediately if any of your personal belongings are stolen. Your bank will be able to immediately stop anybody else using your accounts, conduct a full fraud investigation and ensure your money isn't lost.
DON'T let your credit or debit card out of your sight. Resist the temptation to run a tab and try not to let staff disappear off with your card in shops, bar and restaurants. It only takes a few moments to clone a card and start accessing your personal information. An extreme example of this is the US case of Albert Gonzalez who targeted Fortune 500 companies to ultimately stole more than 130millions credit card IDs. Read more about this and other cases in our recent post, The Top Three Corporate ID Thefts.
DO be on the lookout for 'phishing' emails. According to the Anti Phishing Work Group (APWG) up to 150 million phishing emails are sent every day. Phishing emails are fake emails requesting private data while posing as a legitimate entity - most often a bank. Until digital encryption becomes more commonplace the simplest advice is not to click on the link in the supposed email from your bank. Go to the website via your browser and check.
DON'T send cheques in the post. We've all been told not to send money in the post but cheques are equally problematic. Cheques include your name, back details and also your signature - making it relatively easy for anyone who is up to no good. This advice is especially pertinent at Christmas time but is valid all year round, especially for small businesses who often opt for cheque rather than BACs or CHAPs payments. For more advice specifically tailored to small business, check out our blog entitled 10 Things Small Businesses Must Do To Protect And Secure Data.
DO check your credit report on a regular basis. Your credit report is a vital part of your 'financial CV', it lists your past and present credit commitments and repayment history (including credit cards, mortgages and loans). Lenders look at your credit report when you apply for credit. By checking your report regularly, you can easily see if somebody is impersonating you and trying to borrow money in your name.
And most importantly, DO ask for help.

]]> The National Identity Fraud Prevention Week's website includes a full list useful numbers as well as information about how to protect yourself from identity fraud.

This year's campaign has been supported by the Association of Chief Police Officers, Metropolitan Police, the National Fraud Authority, the Federation of Small Businesses, Equifax, CIFA, Call Credit, Experian, the Home Office's Identity and Passport Service, the British Chamber of Commerce, the British Retail Consortium and Royal Mail.

Have you found these posts useful and have they inspired to you to look after your identity more carefully?

Let us know. We'd love to hear your opinions on the subject of identity fraud or anything else for that matter!

Hard Times Means Harder Work Protecting Our Identities

2009-10-19T08:31:44Z

Why the recession is increasing the problem of Identity Fraud.

Hardly a day goes by without another report detailing the state of the UK economy with experts warning us not to expect a return to growth before 2011. Even projections of a double dip recession abound.

The Recession - it's the topic we're all thinking about, talking about, and ultimately trying to protect ourselves against. And yet, are you protecting your most precious asset - your identity?

If not, it's time to start now.

The latest figures from CIFAS, the UK's Fraud Prevention Service, show that nearly 60,000 of UK residents have fallen victim so far this year - a 36% increase when compared with the first nine months of 2008! The figures speak for themselves -the threat of identity fraud is real and current - yet people continue to ignore the advice that could keep their identity, their finances and their reputation safe.

Unfortunate, but perhaps unsurprising, when we consider that these figures coincide with the period economists believe that the UK officially entered into recession.

And although figures are bad, it can be argued that the worse is yet to come. It is likely that it will be a number of years before the impact of the recession fully feeds through into fraud statistics.

The unhappy truth is that hard times inevitably mean that more people will be driven to commit identity fraud because of personal pressures.

The Metropolitan Police predicts that fraudsters will become even more resourceful targeting both individuals and businesses alike.

So how can you protect your identity and safeguard your business? By doing more, it seems.

]]> research conducted by Fellowes, only 54% of us routinely check our financial statements and just 45% of us follow up on missing post. The findings were equally stark from a business perspective with only 64% of businesses having a clear policy in place detailing how to handle documents with sensitive information.

Here are our top tips to help you look after your identity in a recession:

Recession-proof your identity: Top tips for Individuals

Be vigilant - Make the necessary checks before giving out personal information. Especially be aware if you are contacted unexpectedly and asked for personal information or account details even if they claim to be from your bank, the police or another official organisation. Ask for their name and a contact number and then check with the organisation in question before calling back.
Protect your cards - Minimise the information and the number of cards you carry in your wallet. If you lose a card, contact the fraud division of the relevant credit card company. If you apply for a new credit card and it doesn't arrive in a reasonable time, contact the issuer. Watch cashiers when you give them your card for a purchase and make sure you can see your credit card at all times. When you receive a new card, sign it in permanent ink and activate it immediately.
Watch out for missed bills - A missing bill could mean a fraudster has taken over your credit card account and changed your billing address. Make sure you contact the company in question immediately.
Shred All Documents - shredding documents is the best way to ensure that criminals cannot build up a profile based on the information you discard in your rubbish. Invest in a powerful crosscut shredder and make it a standard practice, whether at home or at work, to shred all documents containing personal or financial information before binning or recycling them. Crosscut shredders provide greater security by cutting paper into small confetti-like particles and also reduce bulk waste. Companies such as Fellowes offer affordable shredders for home and office use. You can also recycle shredded paper - most councils will accept shredded paper but some may not (but if you put it in a paper wrapper, such as an old envelope it can still be recycled)
Credit Report - It is a good idea to check your credit report regularly to ensure no accounts or credit has been illegally set up in your name. Regular monitoring of your credit report will alert you if someone has been using your identity to obtain credit.
Safeguard your documents - Store any documents containing personal details, such as your passport, driving license, bank statements or utility bills in a safe place. Limit the number of documents you carry around with you that contain your personal details.
Protect your post- Fraudsters may try to redirect your mail without your permission. If you suspect your mail is being stolen or redirected, contact Royal Mail Customer Care on 08457 740 740. Similarly secure the delivery point for your post.
Moving home - If you move house, ask Royal Mail to redirect any mail from your old address to your new one for at least a year.
Be safe online - If you use the internet make sure you have the latest security patches and up-to-date anti-virus software installed.

Recession proof your identity: Top tips for Businesses

Register with Companies House and make sure you sign up to their Electronic Filing, PROOF and Monitor services. This will help to prevent fraudsters changing the names of your directors and attempting to impersonate your company.
Make sure that all employees are fully informed about the risk of identity fraud. Create a clear set of guidelines and procedures for staff concerning the handling, storage and sharing of sensitive information, both on and off-line.
Always make sure that unwanted information is properly destroyed. As well as shredding paper using a crosscut or microshred shredder, don't forget to shred CDs and DVDs.
Wipe all information from old computers and destroy any staff uniforms before they are thrown out
Check the identity of your customers. Both business and consumer credit reference agencies offer a wide range of solutions to authenticate and verify the identity of customers to ensure that they exist and are who they say they are. Check their references, qualifications and past employment. A quick CV check may not be enough. The same goes for any partners and vendors with whom you enter into contracts - before you sign the dotted line. .
Check your Companies House registration regularly. If it changes, take steps immediately.
Secure all technology especially communications and storage resources and change password regularly.
Keep sensitive information secure. Don't put anything online, such as director's signatures.
Protect your post - Fraudsters may try to redirect your company mail or that of a vendor or partner. Make sure your post is delivered to a secure box or address.
Relocation - If your company relocates, get Royal Mail to redirect any mail from your old address to your new one for at least a year.

Have your say

Do you think the recession will make identity fraud even more of an issue? Have you become more vigilant now that times are increasingly tough? Do you have tips or recommendations to share that can help other individuals or businesses recession-proof their identities?

Have your say, share your story or just let us know what you think about this blog. We're interested in your opinion.

Social Networking - The Safe Way: How not to reveal everything to the world in a post

2009-10-16T08:08:03Z

LinkedIn, Facebook, MySpace, Twitter, Bebo, Youtube, Flickr, Ning, MeetUp. The options go on and on.

Social networking has exploded in popularity in the last few years - so much so that this fun, collaborative resource has started to become a part of modern business as well as home life.

And yet the problem with online sharing is that it is easy to sometimes give away just a little too much information.

Two sets of independent research commissioned by Fellowes and the National Fraud Authority exclusively for National Identity Fraud Prevention Week (NIDFPW) show that one third of small and medium-sized businesses have been impacted by fraud and that 60,000 UK individuals have personally been affected.

It's only natural though. After all, the online environment is a brand new world to many of us and one in which it's easy to forget to exercise the same caution you do in everyday real life.

So, while it's great to reconnect with former work colleagues, share job opportunities and ride the crest of the e-marketing wave, it's important to take a step back and consider exactly just what private information you're happy to place in the public domain. And what information you're most definitely not.

In order to help, we've compiled our top 10 tips and hints to staying safe while social networking:

]]>

Manage your personal information carefully. Security experts call it 'tombstone data' and by this they mean information such as your name, date and place of birth, marital status, contact details etc. Even with just a few of these details, an identity thief can apply for a loan in your name. Remember the advice your parents gave you: Don't write down what you don't want others to read.

Protect your identity. Consider setting up a free email specifically for social networking sites rather than your work or home email. Take care when choosing a screen name. Don't use your real name, email address or any other easily identifiable information.

Maximise your privacy settings. By this we don't just mean passwords although they're a good start. Try not to use the same password for everything though. On Facebook, make yourself unsearchable and keep your friendships private. Exposing your friends can expose you too.

Use a system such as OpenID. Use unique log ins and passwords for each of the sites you access. Better still, use OpenID - a secure provider you log into before visiting other OpenID enabled web sites. The OpenID provider manages the information you share with the site, asking you if you trust it and whether you want to pass on certain personal information.

Think before you post. Stop and consider the message you could be giving and the information you are giving away from free before making a post. Status updates are particularly revealing. So much so that research indicates that Facebook users who post about impending holidays have been proven to be at increased risk of having their homes broken into. Similarly, we've all spotted the colleague who has called in sick but brags about his hangover in his/ Facebook status or the employee who rubbishes her company in an online blog. Badly thought out posts cost jobs. At best, they can seriously undermine your professional standing. Neither of which are good things.

Watch out for cookies. Cookies are small files that websites use to store information about you between sessions. Although often used innocuously for e-marketing, they can be used to build up a profile of your interests and activities which is then used to target advertising at you or even with a view to fraud. Set your browser to warn you when a cookie is installed or alternatively use Microsoft Internet Explorer to block them completely.

Install anti-Spyware. Spyware is sneaky software that sends information about what you're doing on the Internet to a third party, usually to target you with pop up ads but occasionally for use as part of a wider scam. Spyware most commonly gets onto computers during the download of screensavers, music and other applications but can be blocked by using anti-Spyware software.

Maintain confidentiality. Do not post confidential or proprietary information about your brand, company, employer, fellow employees, family or friends. There are legal precedents for posting confidential or proprietary information online.

Beware of public wireless sites. Sometimes the urge to check your Facebook or MySpace site can be impossible to resist. Avoid accessing social media sites or sending personal or confidential information when using public wireless connections such as those in coffee shops. These sites are often not secure so fellow users could potentially monitor your internet usage from just a few feet away.

Lastly, keep a healthy dose of cynicism. Remember if something seems odd or even too good to be true then it usually is. If you've experienced a security issue with a social media account, reset all accounts (not just Facebook) that use the same credentials. If you use your accounts at work, report it to your IT team immediately as well.

Now it's your turn to test your online safety savvy.

Do you regulate the amount of personal information you share online?

Have you taken extra steps to safeguard your social networking profile and accounts?

Perhaps you've been the victim of an account hacking or have posted something you now regret.

Let us know your thoughts and tips on how best to enjoy sharing on social networking sites safely. Follow us on Twitter for the latest tips and share your stories with us on Facebook! We'd love to hear from you!

The 'Butterfly Effect' and Your Business: How small mistakes can cause big problems

2009-10-15T08:50:56Z

Back in the 1960s, a meteorologist at MIT called Edward Lorenz decided to use his computer in an attempt to simulate weather patterns.

In doing so, he accidentally discovered that small differences in his calculations could cause substantial changes to his simulations.

Or to put it another way, that 'a butterfly flapping its wings in Hong Kong, can change tornado patterns in Texas.'

Unsurprisingly Lorenz's findings became known as the 'Butterfly Effect' and brought the Chaos theory (as it is known in mathematical terms) to a wider audience.

So far, so interesting but how does it relate to modern business security and the problem of corporate identity theft?

The reason is because - despite being largely aware that small changes can have large-scale repercussions - many of us forget to apply this logic to our business data.

A mobile phone left on a train, a confidential report discarded in a hotel conference room or even a corporate credit card left in a coffee shop. Unwittingly we can set off our own chain of events, causing a potentially damaging 'Butterfly Effect' every day.

]]> National Identity Fraud Prevention Week explains: "Corporate security breaches and identity fraud have emerged as the leading crimes of the 21st century. Unfortunately the constant, global nature of modern business life makes it easier for criminals to compromise data security if it is not well guarded."

Business travel is a particular example. The average business executive takes four identifiable technological devices with them on a trip - a mobile phone, laptop, USB stick and a hand held device such as a Blackberry or PDA. Just these four items will hold data and files worth hundreds, if not thousands, of pounds more than the device itself. If mislaid, lost or stolen their contents can immediately expose both owner and employer to significant risk.

Added to this, it is also common to use a variety of other computers when out of the office or on business-related travel. These include hotel business centres, internet cafes and even at client or competitor premises for those times when it's necessary to send a few emails or plug in a USB stick to tweak a file.

Using a third party computer although convenient can be highly insecure. Anyone with intent can easily determine the web pages you have been on or pull up recent documents.

And yet how can modern business executives protect company data while still responding to the demands of the commercial world? Small preventative measures can avoid significant problems. Follow these top tips to keep your data secure wherever you are:

Easy tips to keep your data secure:

Do not flaunt private information. A surprising number of company laptops are stickered with employee's names. Similarly, keep company pass cards and/or delegate identification from being easily visible.
Ensure that all devices - mobile phones, Blackberrys and laptops - are password protected. Where possible ensure that you have a record of the device security codes, IMEI numbers etc.
Take responsibility for even the smallest items. Ensure that company documents are never left in hotels, client offices or on transport. Remove all paper items and shred if no longer required.
Exchange your USB stick for a Mobiu. This dongle-like device acts as a super secure key to an online vault that houses all of your company's work. It even contains its own software suites including an Office compatible word and spreadsheet program and an onboard Firefox browser. This means that your data will always remain independent to the third party computer you happen to be working on.

Have your say
Has this post prompted you to re-evaluate your data security when out of the office? Do you agree that small safeguards can guard against bigger problems? Have you experienced a butterfly effect you would like to share?

Let us know - we're always keen to read your thoughts, tips, comments and feedback.

If you're interested in more hints and tips on ways to protect your business, educate your employees and also protect your own identity, register here to access free downloadable leaflets, guides, checklists and posters that will help safeguard you from identity fraud.

Fraud Prevention: Businesses, Government and Society All Have a Role to Play

2009-10-14T12:20:43Z

Identity fraud awareness is deeply cultural. Corporations can take the necessary steps to protect against corporate ID theft if they train their employees on safe practices and processes, safeguarding both, employees and the company, from identity fraud.

However, education and training needs to go beyond just the company. Companies exist within frameworks set up by governments. Do you know what your government is doing to protect your company's identity?

And let's not forget about the new rage, Facebook, Twitter, MySpace, Bebo and blogs! These social media and social networking sites have quickly gained popularity. Some users, especially younger generations, are sharing everything from what they're eating to where and who they were out with last night. Are we nurturing a future generation of workers who are naturally careless with personal information, making their employers more susceptible to corporate ID theft?

So what are governments doing to reduce identity crime? Do businesses have clear and updated policies implemented to protect private data and information? Is society teaching younger generations about the dangers of sharing too much information? Let's take a look at what has been done and what needs to be done to safeguard our businesses from corporate identity fraud.

]]> Governments
Governments clearly have a part to play in preventing ID fraud, both personal and corporate.
In last week's post 'Major Danger Documents', we wrote about how in the UK, Companies House and the Metropolitan Police Service have created a 'Sterling Service' initiative which ties together the Companies House PROOF online documents system, promotes its monitoring system and gives general awareness tips for protecting a company's identity.

Furthermore, in the UK, The Home Office, in collaboration with other government departments and private sector organisations, has set up the Home Office Identity Fraud Steering Committee to lead a cross public/private sector work programme to tackle identity theft and identity fraud.

The programme co-ordinates existing activity in the public and private sectors and identifies new projects and initiatives to reduce identity crime. These range from aligning penalties for criminals, considering new offences, developing and sharing good practice, collaborating across departments (for example vehicle licensing and passport issuing), and raising general awareness both of corporate and personal identity theft.

In an effort to provide an easy and secure way for UK residents to prove who they are, the government introduced a national identity scheme in 2006 for residents to be issued an identity card that contains biometric information on a national identity register. What do you think of this identity scheme? If businesses required identity cards from vendors and business owners will it protect them from corporate identity fraud?

Business
The Sarbanes-Oxley Act tightened restrictions around data for publicly traded companies in the USA and as such, increased the monitoring of irregular activity that could be associated with fraud. Still, some sectors of business are more vulnerable than others. This includes private companies and certain industries which require the transfer of personal and corporate data.

In the UK, businesses have a legal obligation under the Data Protection Act. Principle 7 states that businesses must safeguard "personal data", which is defined as any information, including facts and opinions about living, identifiable individuals.

Retailing
In a recent post, we highlighted some large identity fraud cases. One touched the retailing giant TJ Maxx when 40 million credit card details were sold to criminals who then used them to obtain goods.

There are millions of transactions in the retailing world every day. Retailing companies, from their inception, have understood the significance of their reliance on technology and data and have always had an appreciation for the inherent risks in their model. So while they could be exploited, from the start they have developed methods to reduce this risk.

This is why bodies such as the PCI Security Standards Council (PCI-SSC) exist. This helps retailers enhance payment account data security by driving education and awareness of the PCI Security Standards.

Legal
As the threat of money laundering evolves and regulations tighten accordingly, a greater focus is centering on the ability of the legal sector to electronically verify a client's identity, whether of an individual or a company. Without this ability, criminals could assume a personal or corporate client ID.

Accounting
Companies House is taking measures to help companies protect their ID. However, those very measures are opening the way to new forms of ID theft.

One such involves a fraudster stealing an accountant's identity in order to legitimise a set of manufactured accounts, which will then be filed at Companies House in order to add a veneer of respectability to what is, in reality, an empty shell company.

Once the fraudster has filed the bogus accounts at Companies House, the bogus company is then in a position to secure credit based on the apparent strength of its financial covenant.
This is where personal and corporate ID theft become intertwined. Assume the identity of a key figure close to where the cashflows, and you can get into the company's identity too.

Society
Today younger people are keen to share everything, whether online or offline.
They could potentially put employers at risk of corporate identity fraud unless they are made aware of what they should and should not share.

We need to start nurturing a "Think Before You Share" generation to educate youths about the risks involved with sensitive information online. If we don't, this would cause concern among potential employers across the country. It seems that the more ubiquitous the potential for ID theft, the lower the awareness.

It's always interesting to look at differences across sectors, governments and indeed entire societies. What's your take on this? Do you find your particular industry sector places high priority on protecting ID security? Have you worked in a government department and been party to highly sensitive data that you've been responsible for safekeeping? Or maybe you've lived in more than one country and noticed differences between them. Let us know.

10 Things Small Businesses Must do to Protect & Secure Data

2009-10-12T11:53:41Z

While paper presents a considerable threat to a company's ID -and makes safe, secure disposal of it a prime concern for organisations - electronic data also presents numerous online challenges to a company's identity.

Increasingly, companies such as Symantec are helping companies not only to protect their systems from attack, but to secure their corporate data - and, in so doing, their clients' identities.

In this podcast, recorded by Symantec, Donna Childs of Prepared Small Business discusses some best practices to help small businesses keep their information secure, protected and well-managed.

Click on link below to listen to podcast:
Podcast_10_Things_Small_Businesses_Must_Do_Protect_Secure_Data.mp3

It goes beyond antivirus and offsite back-ups and looks at all information across the business, from human resources data to intellectual property. It also considers the implications of scanning critical paper documents to protect against disaster.

It Could Be You

2009-10-12T09:13:12Z

On the whole, the figures on corporate ID fraud awareness are fairly shocking.

Research conducted by Fellowes shows that 79% of businesses make no effort to destroy the sensitive material that they throw away or are preparing to recycle. This risks not just their identities being stolen, but those of their colleagues, their company, and its clients.

Furthermore:

Shockingly, only 64% of businesses have put in place a clear policy on how to handle documents with sensitive information - which no doubt goes some way to explaining why nearly one-third (32%) of employees admit to always throwing sensitive documents directly into the bin!
The 97% of employees are therefore justified in their beliefs that their company does not completely protects customers' identities; furthermore, 64% of employees believe that bins are a bigger risk to customer details than computer systems or document theft
Overall, 71% of UK employees think their companies should do more to ensure confidential documents are handled responsibly - and the UK is not alone. 66% of German, 70% of Belgian, 61% of Dutch and 85% of Irish employees agree that more should be done.
So we spoke to top professionals from different lines of work to find out how aware they are of corporate identity fraud and the dangerous consequences associated with it.

Do the results match with the Fellowes research? You decide... ]]> Finance

Carol is a project manager for a top City financial IT firm. Having worked in the City for more than 15 years, during which several prominent cases of fraud have arisen, from Nick Leeson to Enron, she is very aware of document and financial fraud. Her company's identity is another matter.

She says, "If someone else started trading under my company's name then we would lose business if the fraudulent company wins business under our name, or incur costs if they spend money in our name and run up debts."

Clearly in the finance industry the threat is two-fold: both from lost trade and incurred debts. Given the size of transactions involved, the corporation's ID needs to be protected securely.

Although Carol seems to have a good grasp on document and financial fraud, she has very little knowledge of how to protect her company's identity and may be at risk for corporate ID fraud.

Online

Philip is MD of De Leon, an online personal reputation management company. Given that his organisation exists to promote individuals, the issue of both personal and corporate ID fraud are a prime concern.

Philip says, "We all guard our headed stationery to prevent fraud. We know this is an important document and there is a high level of awareness throughout the company that we need to protect it. Anything that we don't need to archive, we shred."

So far, so good. Headed stationery is indeed a 'hot doc', as we discussed in last week's post. It's possibly the single most important document for a company to protect, presenting as it does a credible corporate face to the ID fraud victim.

However, he continues, "But our logos are now all over the Internet so it's very easy to represent yourself as something or someone you are not. Quite what I can do to stop somebody creating a website/brochure/etc similar to mine with different contact details - I am not sure I know."

So while the web gives us untold opportunity to build brands, the converse is also true: in so doing, we lose control over our brand identities and possibly corporate identities too. And no amount of online monitoring can cover the web in its entirety. In such cases, you could only discover the identity theft when it's too late. Perhaps this explains why 71% of UK employees feel that their companies should do more to ensure that confidential documents are handled responsibly. Does your company have policies and guidelines to safeguard its employees from id theft?

Communications

Brendan is a freelance copywriter who has worked in communications, publications and PR for over fifteen years.

He says: "When I worked for agencies I was very aware that I was representing the company to clients, whether meeting them in person, talking to them on the phone, or even when sending emails.

"However, I'm shocked to think that I could have been putting their identity at risk. Honestly, I've lost more post-its than I care to remember. And I've certainly left some of the so-called 'hot docs' lying around in the past. Note to self: must try harder. And that's not a post-it note either!"

Three people, three different industries: finance, online, and communications. It would seem that the financial expert is the most aware of the potential for fraud, which makes sense given the massive amounts of money at stake.

But across the board it would seem there is little awareness. No one has referenced a corporate ID protection policy; a clear-desk policy; even a shredding policy. Without this, they could be at risk.

So perhaps the Fellowes study rings true. Hopefully sites like Stop ID Fraud and this blog will go some way to changing this.

We're curious, what do you think? Do you feel that governments, businesses and society should do more to cultivate a culture that is aware of ID fraud prevention? Are you surprised by these stats? Do you see yourself in these quotes? Or are you a corporate ID specialist with advice for all? Let us know.

Corporate ID Fraud - Top Tips for Verifying Identities

2009-10-05T16:16:12Z

It's all very well scaring you by telling you about the threats of corporate ID fraud, but how do you stop it happening in the first place?

Today, we thought it might help if we provide pointers from the professionals.

Check the facts, say Equifax

Equifax is a global leader in information solutions, so it knows a thing or two about creating, analysing and - importantly - protecting its clients' intelligence.

Equifax believes identity verification is an important component to avoiding corporate ID fraud. So here are some simple, yet highly effective tips from Equifax that will help you sleep better at night:

]]>

Identify business partners and directors. Know who you're dealing with.

Confirm fax and telephone numbers. Even small changes to these can have devastating effects.

Never accept hand written order forms or faxes. If you deal with professionals, you expect professional documents back, right?

Ask for original headed company paper. The ultra-sophisticated fraudsters can recreate entire companies (see our post on The Top Three Corporate ID Thefts), but real stationery might be beyond most criminal's resources or thinking.

Don't assume information provided is correct, always double-check and follow up the references. Just ask your HR department about this one. They'll know about making sure references are valid.

Check that the telephone area code is relevant to where the business claims to be trading from. This is something you can do simply and quickly. If they say they're from Manchester when really they're from Manila, you may have a problem.

Finally, check for any connections to previous companies with similar or identical names. The keywords here are 'similar' or 'identical'. Small changes to company names are a warning sign, as it's a classic corporate ID fraud trick.

Think this is a bit overkill? Believe it or not, this is just the first step. There's a lot more things to check that aren't listed here. You can download a guide for businesses here. Be proactive, you need to be vigilant, for your sake, that of your company, and that of your company's partners, suppliers and vendors.

Sterling service from the Met and Companies House

The Metropolitan Police have started a 'Sterling' service in association with Companies House to help companies protect themselves. From the many, many potential steps companies could take, they've managed to distil this down to four.

These include:

Check your registered details at Companies House. Even a small change can result in fraudsters obtaining goods and credit from your legitimate registration.
Sign up for the Companies House 'PROOF' system. 'PROOF' - Protected Online Filing, introduced in June 2009, is a password-protected online system that prevents individuals from filing paper entries. Basically, if you say you're going to file electronically through PROOF, then anything and everything else is rejected.
Sign up for the Companies House 'Monitor' system. This helps you monitor when any changes are made to your company details. If you didn't make them, someone else did, and you can take action immediately.
Finally, the Metropolitan Police do stress that you shouldn't rely solely on Companies House. It really is up to you to check the identity of your partners, vendors and suppliers, and whereas you don't necessarily need to beware, you should certainly be aware of the issues involved. As the police themselves say, corporate ID fraud is not a victimless crime.

Of course, the paperless office is a dream we have yet to achieve. While online checks are a big part of this, you need to make sure your corporate ID protection policy considers all your paper-based material. Basically, the message is - Use Your Head - Shred!

Fellowes say do and don't

Fellowes has issued its own simple checklist for businesses but there's also a comprehensive guide created by the National Identity Fraud Prevention Week campaign. It removes any doubt by splitting them into DO and DON'T.

DO:

Develop an anti-fraud policy statement and clearly communicate it to all employees
Ensure that checks are carried out on all new employees (and all those with access to the building, such as cleaning staff) including references, qualifications, experience and past employment and verification of identity
Securely destroy all documents containing confidential or sensitive business information before disposing of them using a cross-cut or microshred shredder. Make sure you do this before you leave your department or office
Store confidential or sensitive information in a secure place and limit access to key employees
Check your business's registered details at Companies House on a regular basis
Register for Companies House PROOF scheme and monitor service
Review your credit report on a regular basis
Include fraud prevention and detection within your induction programme for all newmployees and provide ongoing fraud awareness training to all employees
Undertake checks on all new customers and review existing customers on a regular basis
Implement a clear desk policy
Encourage a 'no blame' culture where security issues can be discussed without recrimination
Introduce a whistle-blowing policy and clearly communicate it to all employees before transgressions occur
Ensure your IT security policy covers mobile devices, laptop computers, the internet, email and access. Review it on a regular basis

DON'T:

Assume that the information provided by prospective employees is accurate: independently verify it
Give employees unlimited access to sensitive or confidential information unless it is necessary
Rely solely on information obtained from Companies House when checking a new customer's credit history. Use other credible sources.
Put business bank account details and directors' signatures into the public domain (e.g. on your website, or send to anyone via unencrypted email)
Give out any information about your company, your customers or yourself unless it is for a valid reason and to a legitimate organisation - make sure all your staff are aware of this and all the steps included in this checklist
Use default or obvious passwords and make sure your staff don't either
Throw unwanted papers in the bin - shred them first, including abandoned or cancelled receipts, DVDs and CDs. When disposing of old uniforms or corporate clothing make sure these are destroyed properly so that no one else can use, and therefore impersonate one of your staff
Throw away an old computer or laptop without wiping the hard-drive clean first
Leave documents in meeting rooms or on top of printers

Just do all the DOs, don't do any of the DONT's, and you'll be fine!

The Top Three Corporate ID Thefts

2009-10-02T19:05:43Z

Corporate ID fraud comes in many forms. The consequences can be serious, both for companies generally and their staff and customers specifically.

Yet some cases are so bizarre or big, or - let's face it - ingenious that they raise eyebrows and show the importance of security and vigilance.

Case #1: If you can't beat them - recreate them

Possibly the most astonishing case of corporate ID fraud comes from China.

It started with a few reports filtering back to the Tokyo headquarters of the Japanese electronics giant NEC in mid-2004. Pirated keyboards and CD/DVD discs were appearing branded with NEC's logo, and were being sold in retail outlets in Beijing and Hong Kong.

]]> While this was counterfeiting fraud, it was uncovered as major corporate ID fraud after two years and thousands of hours of investigating. A clandestine group had effectively set up a 'duplicate' NEC. Their operation had spread across 18 factories. The entire network linked to a further 50 factories in China, Hong Kong and Taiwan.

They commissioned research under the NEC banner. Their 'executives' carried NEC business cards. They even developed their own line of consumer goods, from home entertainment centres to MP3 players - which NEC said were of generally good quality.

Such a - let's face it - sophisticated fraud begs the question: why didn't they just set themselves up as legitimate NEC dealerships? The answer, of course, is that they benefitted from the equity of the NEC brand, with assumptions of trust therein and, not least, the intellectual property of the electronics giant.

Another question: how badly was NEC damaged? The true monetary value is unknown, but the company believes the organisers had "profited substantially" from the operation.

A much broader issue however is one of trust. The case raised serious questions about trading between east and west, and even today the Chinese government comes under increasing pressure to prevent theft of intellectual property.

Case #2: The biggest corporate ID fraud in history

The NEC case was big in the extent to which the corporate brand was assumed, but without a value placed on the damage it's difficult to say whether it was the most financially damaging.

However, the case of The Largest Corporate Identity Theft Case in History - or at least, in the US - does have a value, and that comes to around 200 million US dollars.

In August 2009, Albert Gonzalez of Miami, 28 was charged with stealing vital account information in a crime that the Department of Justice calls "the single largest hacking and identity theft case ever prosecuted."

He had amassed the details of more than 130 million credit and debit card numbers. While this was a straightforward hacking operation, where it became identity theft was when Gonzalez - or '"Soupnazi" as he called himself online -sold the data to others who would then use it to make fraudulent purchases.

If convicted, Gonzalez could face up to 20 years on a charge of wire-fraud conspiracy and an additional five on the conspiracy charge. He also faces fines of up to $250,000 for each charge.

These are fairly hefty numbers. But consider this. The 200 million dollar value quoted earlier came from the estimated losses of only one of his victims, TJ Maxx, from whom he stole just - just - 40 million credit card details. At the time of his arrest another of his victims, Heartland Systems, was responsible for processing 100 million payments for at least 250,000 businesses each month.

This brings into sharp relief the importance of computer security and vigilance. Attack one Fortune 500 company and you gain access to countless more.

Case #3: From Asia to America to Europe

Even the most experienced businesspeople can fall victim to identity fraud.

In December 2005, Sir Philip Green, self-made billionaire and boss of Bhs and Arcadia, found that his property company Green had moved. Not to swanky new offices in the City, but to a flat on a council estate in Harrow.

From there, it was being used to order goods on credit - cars, computers and mobile phones - and run up bills under his company's name.

This particular scam only came to light when the fraudsters actually tried to change the address back to what it had been originally, so they could avoid detection. Oh, the irony.

This is another case that is hard to value. The UK Metropolitan Police Service has said that the average cost of this form of fraud is 2 million pounds. Given that Green himself is worth over 5 billion pounds you could argue that it hadn't damaged him materially.

But it's certainly a warning to any company out there that fails to check its registered address on a regular basis. As Companies House itself says on its website, you'll only lose your company once.

Major Danger Documents

2009-10-01T16:00:49Z

Do you have your wallet or purse on you now?

Are you sure? You might want to check. Because if you leave it lying around, not only do you put yourself at risk, but you're putting your company at risk of ID theft too.

How you ask? Those business cards you're carrying in it - for your company, for the company rep you met yesterday - and those credit cards and ID cards all offer valuable information for a corporate ID fraudster, especially if you're a director.

Or, perhaps you left your utility bill lying around? If so, you could be opening yourself to personal ID fraud as utility bills are a key piece of identification required to open a bank account, benefits payments and other accounts.

Of course, it's fairly obvious that your wallet is important. How about other 'obvious' documents? Do you think they're that obvious?

]]> The really hot docs

These are hot, but you might already know this:

CVs - just ask your HR department about this one. You need to make sure the people who you let into your organisation are who they say they are. Once they're in, and they're criminals, then you're at risk and so is your company's ID.
Director signatures - are gold-dust to a corporate ID fraudster. Have you ever seen how realistic scanned signatures can be? How carefully do you check signatures on documents you receive? A corporate ID thief can do a lot of damage if they can masquerade as a director.
Headed paper - is convincing. If you see properly headed not epaper you automatically assume it's from that company. So, you might process the invoice and authorise the payment...

Below are some other 'hot docs' you need to keep safe, and not all of them might be as obvious.

Email printouts

The paperless office? Forget it. Whenever you want to read something thoroughly, you print it, right? For some strange reason, the act of printing something and physically having it in your possession makes it more important, therefore you can magically read it carefully with more thought and consideration.

Fraudsters don't need to do this. All they need is that email address at the top, and some idea of what the email is about, and you've given them information that they can use to fool you, or your suppliers, partners and vendors, into parting with your identity and ultimately your cash.

Post-its

How many of us are guilty of writing usernames and passwords for online accounts on a post-it note, and conveniently sticking it onto our monitor for fraudsters? This isn't just opening the way to online fraud. Your company will have important documents online that protect its identity, especially at Companies House, for example.

Post-its get everywhere. Just think of the number of times you've written something important on one - a phone number, an account number, an address - then it's gone missing. At the time it didn't strike you as important, but really, post-its can materially damage you.

Personal documents - passports, ID cards and birth certificates

If you travel often, you'll have your passport in the office often too. Don't let it out of your sight. Same with ID cards if you're in the US. So you might not have your birth certificate at work often, but you might need it for HR purposes, or you might just have it lying around at home.

All of these personal details, if stolen, can have enormous consequences. Consider that at least seven of the 9/11 hijackers obtained genuine Virginia identity documents through fraud.

The fix

We don't advocate you cutting up your passport or ID card or starting a bonfire in the office! Instead, we encourage that you think twice before tossing sensitive printouts into the bin, or lose post-its.

Integral to your own behaviour and your company's corporate ID protection policy, make sure you consider shredding. If it becomes automatic for you to do it, you'll do it - and be safe in the knowledge that you've done it.