Skip to content | Skip to navigation

Help Protect Against ID Theft

Create a plan to safeguard your business and your customers
Protect Against ID Theft

Identity theft is a big problem that just keeps getting bigger. But it’s not just a consumer problem. Businesses also feel the impact from fraudulent use of credit cards, checks, and other account transactions. Combined, the Federal Trade Commission (FTC) estimates that businesses and consumers lose over $50 billion each year due to ID theft.

For companies, the impact goes beyond immediate financial concerns. If your customers’ information is stolen as a result of doing business with you, they may have difficulty trusting you in the future. A high level of publicity can worsen the reputational damage that may have already occurred.

Therefore, protecting the personal information of your customers is critical. With new technologies making it easier for criminals to steal information, combined with the motivation of profit, all types and sizes of businesses are at risk. For example, keylogging software allowed thieves in recent years to capture valuable usernames and passwords in several locations of a major copy center chain. In another case, a large retail chain had 45 million credit card numbers and over 450,000 Social Security numbers stolen due to lax wireless security settings.

What can you do to help protect against ID theft at your business? Here are some guidelines:

  1. Adopt a comprehensive security policy. The policy should include responsible information-handling practices. Appoint a person to take charge of the security practice and policies —someone employees and customers can contact with questions and complaints.
  2. Dispose of documents and computer equipment properly. When shredding paper documents, be sure to use a shredder that crosscuts to prevent information from falling into the wrong hands via dumpster diving. When disposing of computer equipment, be sure to wipe electronic files or physically destroy computer drives by utilizing methods that conform to U.S. Department of Defense clearing and sanitizing standard DoD 5220.22-M.
  3. Regularly audit compliance with all information-handling practices and security policies.
  4. Notify customers and/or employees of computer security breaches involving sensitive personal information. More than 30 states have adopted security breach notice laws. Also notify individuals when security breaches involve paper records, outside the scope of most laws.
  5. Implement a Role-Based Access Control (RBAC). Restrict data access to staff with a legitimate need to know, and implement an electronic auditing policy and technical controls to monitor who is accessing what data.

For basic information on identity theft prevention, visit the FTC web site at www.ftc.gov/idtheft.