Home » Identity & Access » Identity Theft

Five Ways to Fight ID Theft

What's more valuable than your own good name? ID theft is the fastest growing white-collar crime in the country. What's a CSO to do?

By Sarah D. Scalet

Page 4

Sound paranoid? Perhaps. However, notes Lefler, although "criminal enterprises generally are small and loosely knit, they can be very large and very sophisticated.

"Other forms of white-collar crimes have become more difficult, so many of the criminals have migrated into doing identity takeover because they can increase their returns." In other words: Don't underestimate your enemy.

2 Limit the use of personal information. The best way for individuals to protect themselves from identity theft is by not carrying their Social Security numbers in their wallets. Yet many insurance cards, student IDs and drivers' licenses still use this unique number as an identifier. (Only California has passed legislation making it illegal.)

And even businesses that aren't guilty of putting Social Security numbers on cards in people's wallets routinely put it on monthly account statements, which travel through the mail, which means that they can theoretically pass through the hands of everyone from envelope stuffers to mail sorters to, eventually, the garbage collector.

The CSO can protect customers and employeesand make everyone's job easierjust by limiting how many places this number appears. That's what Harriet Pearson did when she became chief privacy officer of IBM three years ago.

First, she worked with human resources to try to get Social Security numbers off of internal documents.

Then she turned her attention to the companies that insure IBM's half a million employees and dependents.

In early 2003, IBM asked all its 150 health insurance providers to stop using the Social Security number as an identifier. The 16 companies that did not immediately agree to the request received a letter from Pearson and the vice president in charge of health benefits "making the request a little more formal," Pearson says.

While they stopped short of making it a requirement, they did warn companies that compliance would be considered as part of the annual renewal process. By the deadline of Jan. 1, 2004, only Empire BlueCross BlueShield and two or three small HMOs had to request an extension.

Pearson understands that making the change can be an expensive and time-consuming process, but it's also one that your customers and employees will appreciate. "People notice that the SSN is not gone from the cards" of those carriers who have not yet complied, she says.

3 Consider address change confirmations. One popular tactic of identity fraudsters is opening a new account with the victim's real address, then immediately changing the address. That way, the victim never gets a single bill or finds out about the accountat least not until she checks her credit report or, worse, gets a call from a collection agency. In response, a growing number of organizations, from the U.S. Postal Service to mutual funds companies, have started sending address change confirmations to both new and old addresses. This simple step alone would solve much of the identity theft problem, but there are still plenty of banks, stores, telephone companies and other groups that don't bother.