Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. Identity theft is evolving in more complicated ways that make it harder for consumers to protect themselves. Education remains the most important tool to help prevent identity theft
The definition of identity theft is the stealing of a person’s financial information, including credit cards and social security number, with the intention of using that data to commit fraud and create a phony persona. As reported by Newsweek and Forbes, the annual dollar loss reported to Congress was $53 billion. The more frustrating aspects of identity theft include the many difficulties often encountered when attempting to restore one’s good name and credit, and the countless hours spent by law enforcement and financial institutions trying to resolve cases of identity theft each day.
Here are just a few important steps to remember:
• Never provide personal or financial information in response to an unsolicited telephone or Internet request (phishing scams).
• Never provide or share passwords over the phone or in response to an unsolicited Internet request.
• Review account statements regularly to ensure all charges and transactions are correct.
• Use a firewall, anti-virus and spyware protection software at work and at home.
• Use a shredder to dispose of personal or financial information.
• Employees with access to company computers should be educated about the latest threats and scams, and trained to question any suspicious requests for information.
• Be aware that financial institutions will not ask customers to provide sensitive customer information. Sensitive information includes items such as account numbers, date of birth, or social security numbers.
• Order copies of your credit report every three months from the different credit reporting agencies to ensure accuracy.
Online security threats are becoming more and more complex and sophisticated. The Federal Financial Institutions Examination Council (FFIEC) has issued guidance that states single-factor authentication is inadequate for high-risk transactions. This means financial institutions must implement additional authentication controls.
Single-factor authentication is the use of only one recognized identifier for authenticating individuals. Most of us are very familiar with these types of “authentications” which include the use of a password or personal identification number (PIN) when we log on to Internet locations with personally sensitive material.
Systems that require two-factor or dual factor authentication require at least two authentication identifiers, adding another level of protection – such as a selected picture to confirm or a question to be answered – to the normal password or PIN before gaining access to our final destination. This technology is usually referred to as multi-factor or two-factor authentication.
According to proponents, two-factor authentication could drastically reduce the incident of online identity theft and other online fraud, because the victim’s password would no longer be enough to give a thief access to sensitive information.
Several types of multi-factor authentication are available, but the most common of these currently being introduced are as follows:
• User selected SiteKey (picture) enables the customer to identify the financial institution. The customer can choose the verification image from a selected database of digital photos.
• Challenge question (provided by the customer) allows the financial institution to identify the customer.
Behind the scenes risk management (invisible to the customer) include:
• Customer profiling, which allows the financial institution to identify the customer with new technology.
• Transaction monitoring – a non-typical transaction may send up a red flag that prompts the bank to contact the customer by phone to verbally confirm the transaction.
The drawback to the multi-factor authentication is that some consumers have trouble keeping track of yet another means of identification in an age characterized by information overload.
In the coming months, many financial institutions will be implementing this technology to aid in the fight to protect sensitive financial information.