Identity Theft Risks: Businesses Beware

The March arrest of a Brooklyn busboy who used the Internet tosteal the identity–and millions of dollars–from some of the nationswealthiest individuals has brought increased attention to thegrowing incidence of identity theft. Coupled with a number ofhigh-profile hacking incidents, the risk of identity theft has manyindividuals concerned about the online exchange of personalinformation.

Identity theft is one of the fastest growing crimes in America.Although identity theft isnt new, the widespread use of theInternet has enabled criminals to steal personal information anduse it anonymously, from anywhere in the world.

In a May 2000 report, CALPIRG, a nonprofit consumer and advocacyorganization in Los Angeles, and the Privacy Rights Clearinghouse,a San Diego-based nonprofit advocacy, research and consumereducation program, estimated that identity theft victims spend atleast 175 hours and $800 (not including attorney fees) inout-of-pocket expenses. The report was based on a survey ofidentity theft victims, according to a press statement.

Victims must take a number of time-consuming steps to restoretheir identities and to dispute fraudulent debts and accountsopened by an identity thief. Additionally, victims may not beimmediately aware of the theft and are often tipped off only whencredit is denied or debt collectors appear.

The insurance industry has responded to this growing exposure bydeveloping insurance products that, either as a standalone orendorsement to homeowners policies, reimburse the expenses incurredby policyholders to their names after occurrences of identityfraud. Additionally with the increased awareness of identity theft,there have been educational efforts to help individuals minimizetheir identity theft risks.

However, the rising tide of consumer concern over identity theftmay ultimately create a reputation risk for businesses, especiallythose that conduct or facilitate online transactions or maintaincustomers personal information online.

These companies include dot-com and click-and-mortar retailers,as well as banks, brokerages, credit card companies and Internetservice providers.

Ultimately, consumers will not only looks to these businesses touse the latest technology to create a secure online environment,but also to provide a solution in the event that their identitiesare stolen.

An August 2001 GartnerG2 report, entitled “Privacy and Security:The Hidden Growth Strategy,” underscored the privacy and securityconcerns of consumers and the need for companies to promotesuperior privacy and security protections.

The report, which was based on results from two GartnerG2consumer surveys, found that 86 percent of online American adultsare very concerned about the security of bank and brokerage accountnumbers when they are transacting or registering at a Web site.

Almost as many, 83 percent, expressed the same concerns aboutthe security of their Social Security and credit card numbers.

Additionally, 70 percent are very concerned about the securityof their personal information, including their income andassets.

The report also indicates that approximately 60 percent ofonline adults say security and privacy concerns stop them fromdoing business on the Web. In addition, more than 50 percent ofthose who buy on the Web say they'll enter their information, butadmit they are not comfortable about it.

Businesses that conduct or facilitate online transactions arenot alone in the exposures related to Internet-based identitytheft. Many employers use Internet technology to maintain employeespersonal records. Companies often make benefit information, such asindividual health insurance and retirement account data, availableonline through company Intranets.

Similarly, associations maintain members personalinformation.

Businesses, employers and associations seeking to create a safe,secure online environment should not limit themselves to relying ontechnological measures to address their key audiences security andprivacy concerns. (If anything, recent history has shown thehacking society relishes the challenge).

These organizations should consider a number of old-fashioned,non-technology risk management tactics to help individuals identifyand manage their identity theft risks, including:

Minimize individual risks.

Provide key audiences with information that can help themminimize their risk by managing their personal information wisely.This should include individuals handling of personal informationoffline, as well as through computer and wireless devise usage.

Insurance.

Personal lines insurance policies have long been offered througha number of distribution channels. Businesses may also considermaking identity theft insurance available to customers with privacyconcerns as a value-added service.

Assistance in the event of identity theft.

Among the time-consuming steps victims need to take are:contacting the fraud bureaus at the major credit bureaus;contacting the security departments of the appropriate creditors orfinancial institutions in which they have accounts that need to beclosed; and filing reports with various law enforcementagencies.

Businesses and other organizations may provide instructions tohelp individuals reestablish their identities, as well as provideaccess to a toll-free hotline that can offer assistance inreporting the event to all required agencies and referrals tothird-party legal services.

The growing incidence of online identity theft has created anindividual risk that extends to the organizations that serve theonline needs of those individuals. Incorporating risk managementpractices that complement their security technology can helpbusinesses allay their potential customers privacy concerns.

By addressing these concerns, businesses will enable theircustomers to realize the speed and convenience promised bye-commerce. At the same time, a business that addresses suchconcerns will earn an enhanced reputation for its commitment toconsumers privacy and the resulting benefit of increasedbusiness.

Jean McDemott-Lucey is vice president, B2C, for AIGeBusiness Risk Solutions in New York.

Reproduced from National Underwriter Property &Casualty/Risk & Benefits Management Edition, September 21,2001. Copyright 2001 by The National Underwriter Company in theserial publication. All rights reserved.Copyright in this articleas an independent work may be held by the author.

Contact Webmaster