Several months ago, a weekly newspaper reported that a Connecticut bank did something unbelievably careless. The staff allegedly threw unshredded statements into a dumpster. A contractor reportedly saw it and commented that if he were a thief, he would have stolen millions of dollars. A subsequent story shed unflattering light on the contractor and the story' credibility is in question. But the fact remains that some financial institutions admitted to having clients' data compromised and are offering free credit monitoring for a specific amount of time.
Other than shredding such documents, what can a bank do to protect its customers? Banks should implement up-to-date IDS (Intrusion Detection Systems) and have qualified IT people check for vulnerabilities. It is much less costly in terms of money and reputation to do this as preventative maintenance than to do it forensically. It's a sad commentary that these proven methods are not used intensely enough throughout the banking system.
Part of my job has been to design and implement firewalls such as Fortinet, Checkpoint, CISCO PIX, Raptor and Gallant and utilizing intrusion detection systems such as Nessus Security Scan. Sadly, many decision makers at corporations do not understand the importance of keeping up to date with such security. Yes, it's costly, but security leaks costs companies more both financially and in terms of reputation. How often have you heard that ABC Bank will offer customers free credit monitoring for a year? It's not to lure new customers. Their data was compromised and their customers are at risk for identity theft. Free credit monitoring is not free for the institution that has to offer it after a security breach.
Saturday, April 4, 2009
The Great Pretenders
Everyone thinks: Identity theft can't happen to me. But according to the FBI, about 10 million Americans have been identity theft victims and experienced collective losses that almost rival Bernie Madoff's Ponzi scheme.
All a perpetrator needs is your name, Social Security number, date of birth and current address to start hacking into your bank account and even your social network. Many people think that identity theft is a quick robbery during which the perpetrator just goes on a spending spree with your credit card. These perps, however, think long-term. Once they have your basic information, they can open a bank account and obtain credit cards and bank loans. They change the address on the accounts. Soon they start asking for credit increases. Then they stop paying bills. They move and don't leave a forwarding address. At some point, the collection agencies trace debts back to you and your life turns into hell.
You can buy identity theft insurance, but you can just as effectively protect yourself.
First, freeze your credit reports. There is a nominal fee to set up the freeze and to thaw it if you need a loan. If you choose not to freeze your credit reports, then make sure you get reports every four months. The U.S. government allows you to obtaina free copy of your credit report from all three credit reporting agencies once a year (www.annualcreditreport.com). Stagger the requests so that you get one from TransUnion, then four months later, get one from Experian, and four months later, one from Equifax.
Second, if your credit card offers alerts on suspcious activity, be sure to sign up for them. Also, periodically check your activity online. Some credit card issuers offer alerts each time the card is used. (I can see all the places my wife went shopping before she even gets home!)
Third, use Shop Safe or virtual credit card to pay bills. It's easy to set up on your computer. You lock in the amount you will pay and generate a one-time credit card number that can only be used by that vendor. You can pay your car insurance bill or for anything you order online. You still get your points.
Finally, shred every piece of paper that has your Social Security and/or account number. You can get a very good shredder for under $100.00 and it will be worth every penny.
All a perpetrator needs is your name, Social Security number, date of birth and current address to start hacking into your bank account and even your social network. Many people think that identity theft is a quick robbery during which the perpetrator just goes on a spending spree with your credit card. These perps, however, think long-term. Once they have your basic information, they can open a bank account and obtain credit cards and bank loans. They change the address on the accounts. Soon they start asking for credit increases. Then they stop paying bills. They move and don't leave a forwarding address. At some point, the collection agencies trace debts back to you and your life turns into hell.
You can buy identity theft insurance, but you can just as effectively protect yourself.
First, freeze your credit reports. There is a nominal fee to set up the freeze and to thaw it if you need a loan. If you choose not to freeze your credit reports, then make sure you get reports every four months. The U.S. government allows you to obtaina free copy of your credit report from all three credit reporting agencies once a year (www.annualcreditreport.com). Stagger the requests so that you get one from TransUnion, then four months later, get one from Experian, and four months later, one from Equifax.
Second, if your credit card offers alerts on suspcious activity, be sure to sign up for them. Also, periodically check your activity online. Some credit card issuers offer alerts each time the card is used. (I can see all the places my wife went shopping before she even gets home!)
Third, use Shop Safe or virtual credit card to pay bills. It's easy to set up on your computer. You lock in the amount you will pay and generate a one-time credit card number that can only be used by that vendor. You can pay your car insurance bill or for anything you order online. You still get your points.
Finally, shred every piece of paper that has your Social Security and/or account number. You can get a very good shredder for under $100.00 and it will be worth every penny.
Subscribe to:
Posts (Atom)