Identity Theft Protection for Business
Identity theft is on the rise among businesses, which is why it’s so important to keep it protected. Ready to keep your personal data out of the wrong hands? Check out this helpful guide from the Federal Trade Commission (FTC) that can help you reduce your business’ risk.
- Keep valuable customer data, such as credit card or bank account numbers, in a secure location that it is not readily visible to others who may have access to the premises.
- Shred or destroy paperwork no longer needed, such as bank machine receipts, receipts from electronic and credit card purchases, utility bills, and other documents from customer transactions that contain personal and/or financial information.
- If part of the business involves online transactions, check regularly to see whether someone has set up a "spoof site" in the name of the business. If a spoof site is found, identify the web hosting service or Internet service provider the spoof site is using, and contact that service or provider immediately.
- If the business has a website that customers can use to order merchandise or enter personally identifiable information, have your information technology staff check regularly to ensure that there are no security "holes" through which others can improperly access customer data. This includes all upgrades of software used on your site. Security holes are sometimes inadvertently created as current programs are upgraded or patched but may expose customer data for long periods of time if they are not found and fixed promptly.
- Implement a fraud prevention and detection program. Online businesses, which often depend on credit cards for payment, should consult the financial institutions with which they have merchant relationships, and the major payment card associations as appropriate, to learn what programs or mechanisms may be most suitable for their businesses.
- Online merchants should be especially vigilant because when they handle "card-not-present" transactions, they may be held financially responsible for a fraudulent transaction even when the card issuer has approved that transaction.
- Merchants who conduct business face-to-face with their customers should establish a policy of requiring more than one form of identification when a customer is paying by check or credit card. In any event, all card-present merchants need to take all necessary steps to ensure, for each consumer transaction involving a payment card, that the card, the cardholder, and the transaction are legitimate.
If the business has become a victim of identity theft, it’s important to take these three immediate steps. First, contact the financial institution with which there is a merchant relationship. Second, report the matter to the local police. Police authorities often will take reports even if the crime ultimately may be investigated by another law enforcement agency. In addition, the police report may be useful in dealing with your financial institution or other businesses about the identity theft. Third, report the identity theft case immediately to the appropriate government organization, such as the Federal Trade Commission (FTC), and the fraud department of any of the three major credit bureaus (i.e., Equifax, Experian, or Trans Union).
At least 46 states have enacted legislation requiring customer notification of security breaches involving personal identification. The FTC also requires that certain businesses report data breaches. Businesses should comply with these requirements. For states, see http://www.ncsl.org/default.aspx?tabid=13489.