Protecting Your Business and Your Customers from Identity Theft

Businesses have experienced a dramatic increase in identity theft crimes in the last few years, substantially increasing their costs and exposing their customers to more risk.

Despite massive efforts to combat the crime wave and reduce risk exposure, cyber thieves are staying one step ahead, finding new ways to infiltrate data sources to steal sensitive information. Until the technology becomes available to stay ahead of them, your business is the first and last line of defense against identity theft. Fortunately, there are steps you can take to protect your business and customers from identity thieves.

Establish More Secure Information Collection Policies

The first line of defense is how your business collects information from customers. It may seem like a step backward to request a photo ID or verification codes with purchases, but it can be very effective in preventing identity fraud.

• Request a photo ID from every customer who uses a check or credit card for purchases. Instruct your employees not to accept the payment if the ID looks fake or the photo does not resemble the customer, or the signature doesn’t match the one on the ID.
• When taking orders by phone, fax, or the Internet, ask for the three-digit verification code from the back of the credit card and crosscheck it with the address verification system. If the information provided by the customer does not match the cardholder’s account records, decline the sale.
• Avoid collecting information that isn’t pertinent to the product or service you are providing. For example, if it is not essential to the transaction to have your customer’s birthday, don’t ask for it.
• Instruct employees to keep sensitive customer information to themselves. If they have to ask the customer for personal information, make sure they do so out of earshot of other customers and employees.

Increase Your Information Storage Security

Keeping up with cybersecurity technology doesn’t have to be an expensive proposition. Simply ensuring it is up to date and that procedures are strictly followed is often enough to keep thieves at bay.

• Use encryption when transmitting or storing customer data, especially Social Security, credit card, and bank account information. While thieve may still be able to access the information, they may be unable to use it.
• Firewalls are the first line of defense for your computers and servers. Make sure you have one installed for all information portals.
• Keep up with operating system updates, which often include fixes to potential security risks.
• Store vital business records in locked cabinets within a sealed storage unit or closet. Limit the number of employees who have access to the records.
• Never dispose of records without shredding them. A cross-cut shredder is the most effective in rendering them unreadable.

Establish Security Policies

• Create policies for accepting payments that include customer identification requirements.
• Create an account number system that does not include sensitive customer information, such as birthdates or Social Security numbers.
• Create a system for expunging credit card and account numbers of customers who haven’t ordered from you after a certain period of time.

Finally, review security and business policies with your employees at monthly, quarterly, and annual meetings. The more identity theft or fraud is discussed and highlighted, the greater your employees’ awareness of the potential risk. Then, announce or post your policies so your customers are aware of your efforts. Your employees and your loyal customers are your last line of defense.