Identification Theft

By Gale Yocom

Does your organization have a written identity theft prevention program in place? Such a program involves educating your customers and members about the importance of identification theft and letting the stakeholders in your business know that you share their concerns about this growing problem. By providing knowledge of how identification theft affects everyone and what your organization is doing to protect its members and customers, you help them understand the levels of security your institution provides.

According to the banking regulatory agencies that released "Identity Theft Red Flags" guidance at the end of October, leaders of financial institutions should expect to do more, not less, of this education in the next few years. With this in mind, how do you show your members and customers you also share their concerns and are doing all you can to address them?

A good place to start is by allowing your members and customers to choose how they receive information from your institution and by having a written privacy policy published on your website for anyone to see. By having choices available to your members and customers and publishing your privacy policy, you make your institution look proactive rather than reactive.

All institutions need to consider increased training in data protection responsibilities and should perform regular inspections to verify compliance with the training. Consideration should also be given to adding institution and customer data protection as an element of employee performance reviews.

Managers should be asked to assess their staff on compliance with these security policies. All email coming from an organization’s employees should re-emphasize the respective company’s anti-phishing and -spamming policies in a footer at the end of the email.

Make your protection of Customer data very clear. Customers who use your web site for their transactions want to know their data is safe. In a consumer survey, 88% of those who responded wanted to know if their data was secure, and 81% wanted to know if they could trust the site. The third most asked question was if the site has a good privacy policy.

Customers are looking for sites with security seals on them. These seals show that the site has been evaluated by an outside source and that it has passed inspection with proof of safety of their information. The seal also tells them you have a solid privacy policy, that your street address and phone numbers are readily available, and that your website has been checked for hacker safety. At your facility, you will want to show customers and members that their data is protected as a part of your normal everyday operations.

Some effective security precautions to prevent identity thefts in the office are:

1. Place the paper shredders where customers can easily see them.
2. Always store customer’s data out of view from others.
3. Place privacy screens over all computer monitors, especially those in offices with windows.
4. Never leave a computer screen unattended without first locking the screen with a password.
5. Keep a tight check on sensitive customer data access, preferably on a "need-to-know" basis. All access to this type of data should be recorded with information such as who accessed the information and when they did so.
6. Ensure that forms and applications do not ask for sensitive information that is not required.
7. Be sure that access to all sensitive data is controlled and that you know where all sensitive material is stored within your facility.
8. Ascertain that information about identity theft prevention is available through brochures, your company’s website and representatives of your institution at public speaking engagements.

(Look at the Federal Trade Commission’s website for a plethora of support materials, video, and brochures on Identity Theft prevention and reporting: www.FTC.gov).