Credit Security 

October 2012

 

• What is it?• Costs of Identity Theft• Employer Risks• 3 D’s (Deter, Detect, Defend)• IRS Tips• New Areas• Questions

Agenda

2

What is it?

Credit Security is the freedom from any threat of danger or risk

occurring to your finances and having precautions taken to guard against financial crime, attack or

sabotage.

3

Most Common Form Related to Credit Security: Identity Theft

A form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or

obtain credit or other benefits in

that person’s name.

4

5

6

• In 2010, the number of Identity Theft victims dropped 28 percent to 8.1 million

• Losses from identity theft also fell to $37 billion from $54 billion in 2009

7

8

9

10

Personal Liability– Credit Cards: commonly liable up to $50 if the

card is fraudulently used before reported stolen (Fair Credit Billing Act)• Even if it is used for cash advances from an ATM

Costs of Identity Theft in Regards to Individual Financial Instruments

11

• Debit Cards: no fixed liability, but instead liable for when the loss is reported– Reported within two days theft or loss, liable for $50– Reported after two days but within 60 days, liable for

up to $500 of what is illegally withdrawn– Reported after more than 60 days, potentially liable

for all money that was fraudulently withdrawn from the end of the 60 days until when the card was reported

12

Costs of Identity Theft in Regards to Individual Financial Instruments

• Checks: banks typically are responsible for losses as a result of a forged check• Victims may be liable if bank is not promptly noted of

a forgery or if a victim does not monitor their accounts on a regular basis

• Forger could receive a felony between the fifth and first degree depending on the amount of loss

• http://www.identitytheftfacts.com/cost-identity-theft/

13

Costs of Identity Theft in Regards to Individual Financial Instruments

Risks to Employers & Individuals

Recent Example• A nurse at Kings County Hospital in New York City was charged with

stealing Social Security numbers of nearly 60 employees• Received $200 per name• Over $100,000 was purchased by the perpetrators

Federal• Fair and Accurate Credit Transaction Act of 2003

• $2,500 fine per infraction if employee or customer information is stolen from Company

State• Ohio Law-Identity Theft

• Prison terms from 6 months to 10 years (5th degree to 1st degree felony)• Fines range from $2,500 to $20,000• Penalties increased for the resulting loss and crimes against:

• Individuals 65 or older• Against the disabled

14

3 D’s (Deter, Detect, Defend)

• Deter: Minimize your risk

• Detect: Identify suspicious activity

• Defend: Recover from identity theft

15

Thieves steal an identity by:– Dumpster diving– Skimming– Phishing– Changing your address– Old-fashioned stealing– Pretexting

Thieves use a stolen identity for:– Credit card fraud– Phone or utilities fraud– Bank/finance fraud– Government documents fraud– Other fraud

Deter - Individual

16

Deter – Individual (continued)

Nothing can guarantee you won’t become a victim of identity theft but you can try to minimize the risk through the following:

– Protect your social security number– Treat your trash and mail carefully– Be on guard when using the internet– Select intricate passwords– Verify a source before sharing information– Safeguard your purse and wallet

17

Best way to protect personal identifiable information is by encryption. (Does not prevent information from being captured, but makes it unintelligible and therefore useless)

– Identify the data that requires encryption– Determine the information's lifetime (i.e. credit card expiration dates)– Select the appropriate encryption techniques– Set policies, procedures, and train users– Identify encryption key access criteria: guard passwords– Install encryption technology: appropriate access

Deter - Individual (continued)

18

Deter - Business

19

Common Steps to Protect Employees’ Information• Secure job applications• Require confidentiality agreements• Run background checks on staff who handle personal information• Implement a data removal policy• Don’t cover up breaches• Implement a document destruction period• Bond employees• Make sure business computers have anti-virus & anti-spyware protection• Keep software and browsers updated with security patches• Make sure network is protected with a firewall• Educate employees about scams

Detect - Individual

Signs of identity theft:• Accounts opened or debts that can’t be explained• Fraudulent credit report information• Bills or other incorrect mail• Credit cards not applied for• Being denied credit or specific rates for no apparent

reason• Getting calls or letters from debt collectors about

items not purchased

20

What personal information should you monitor regularly?– Financial statements/accounts– Credit reports: aggregate personal information, financial data & alternative

data is collected• Free report at least once every 12 months through: www.annualcreditreport.com• Equifax.com, Experian.com or Transunion.com can be used to purchase credit

reports

Other types of ways a breach occurs are through:– Insider mistakes– Malicious insiders (Hospital article)– Outside attacks

Detect - Individual (continued)

21

Ways to Detect– Security cameras in the building & at entrances/exits– Security alarm– Motion detectors– All confidential data appropriately secured with limited

access– Third party IT company: monitor email & systems

Detect - Business

22

Defend - Individual

What should you do if your identity is stolen• Place a fraud alert on your credit reports & review credit reports

– Prevents more accounts from being opened• Close the accounts that you know, or believe have been tampered with or

opened fraudulently– Call each company & follow up in writing– Dispute transactions

• File a complaint with the Federal Trade Commission– Helps law enforcement to track down thieves– Provides report to the police

• File a report with the police where the identity theft took place

23

Defend - Business

• A type of employer insurance: “Employee Dishonesty Policy” protects the employer if an employee steals other employees’ information or client information.– Offered by the Uhl Agency

Recovering from a breach• Notify law enforcement & affected businesses

– Banks or credit issuers that maintain the accounts affected

• Notify Individuals– Consider nature of the compromise, type of information taken, likelihood of misuse

and potential damage arising from misuse– Send notice to individuals detailing the event, what could happen & how to protect

against it– Designate a firm contact person– Consult with law enforcement so notification does not impede investigation

24

• Awareness and knowledge are the most effective tools to Deter, Detect & Defend against Identity Theft

25

Best Defense is a Great Offense

IRS Tips (Individuals & Businesses)

• IRS does not initiate contact through email to request personal information.

• If you receive an email from the IRS or a website claiming to be the IRS but does not begin with www.irs.gove forward it to the IRS at phishing@irs.gov.

• To learn how to identify a secure website, visit the Federal Trade Commission at: www.onguardonline.gov/tools/recognize-secure-site-using-ssl.aspx.

• Identity thieves get your personal information from stealing your wallet, looking through trash, posing as someone reputable, etc.

• A stolen Social Security number can be used by an individual to get a job and cause your earnings to be under reported on your

tax return. You will have to verify yourself with the IRS to correct this.• Do not routinely carry your Social Security card on you.

26

• IRS impersonation schemes flourish during tax season, contact the IRS if a letter seems to be not legitimate.

• Use a strong password to protect your tax return. Burn file to a CD or flash drive and store in a safe place to remove personal information from your hard drive.

• If you were impacted by an identity theft, file a complaint at www.ic3.gov. An easy to use convenient reporting mechanism.

• For more identity theft information, search Identity Theft on irs.gov.

IRS Tips (continued)

27

Protection Services

A good website for deterring the best and most comprehensive types of protection is located at www.5pointsofprotection.com.• A review of the five most popular identity theft services and how they

stack up to each other.– LifeLock is one example offering two services at either $10 or $25 per

month.– This covers fraud & credit monitoring, junk mail & preapproved credit offer

removal and $1,000,000 in ID theft coverage along with several other protection services.

• Brixey & Meyer uses a secure portal that minimizes the risks seen in emailing or faxing information.– The portal uses the highest level of encryption technology to minimize any threats to the security of your personal data.

28

Radio Frequency Identification (RFID) cards– Allow consumers to buy products faster with their card only needing to be

waved instead of swiping and signing– Signal can be intercepted by electronic reader (available for purchase)– 200 million credit cards contain these chips, usually seen by radio waves or by

a “pay pass” label on the cardSMS (Text messaging) Phishing Attacks

– Increased 913% during the first week of September 2012• #1 Text-based threat

– Forward message to 7726 to notify your phone carrier– Can spoof identities to make it appear text is coming from a legitimate source

Fraudulent Tax Returns– In 2011, 335,341 tax returns claiming $1.9 billion in fraudulent refunds– Individuals taking deductions and credits they don’t qualify for or individuals filing returns using stolen identities

New Areas of Risk

29

30

Situation to Avoid!

Questions

31