SKIP THE FROG PROTECTION AND OFFER IDENTITY THEFT
With ID theft on the rise, now is the time to offer theft protection as a voluntary benefit
By Christopher W. Cook
A few years ago, Discover ran a humorous TV commercial about its fraud protection service in which a customer is seeking “frog” protection. We had a good chuckle regarding the miscommunication between the service rep and customer—played by similar-looking actors—and how by the end, while one was saying “fraud” and the other “frog,” they agreed that they were on the same page. In reality, however, identity theft and fraud are no laughing matter. Just recently, a friend of mine from high school discovered that a fraudulent social media page was using her photographs, including images of her family members; the site has since been removed. Identity theft and fraud are on the rise, andthis presents an opportunity to offer protection benefits for your employees and coverage for your clients.
On the rise
After committing identity theft, the thief can use the information for illicit financial gain—identity fraud. According to Javelin Strategy & Research’s 2018 Identity Fraud Study, in 2017, the number of identity fraud victims in the United States increased 8% from the previous year, rising to 16.7 million consumers who lost a total of $16.8 billion. Online shopping sees the most offenses, as “card not present” fraud is now 81% more prevalent than “point-of-sale” fraud. The report also notes that “fraudsters are getting more sophisticated in their attacks, using stealthier and more complex schemes.”
“Identity thieves are becoming more sophisticated in both their strategies and technologies; they are more skilled in the nuances of how best to steal personal data without getting caught,” says John Thornton, executive vice president of Amalgamated Life Insurance Company. “They understand the vulnerabilities in today’s computers, mobile devices and other con-nected technologies and have developed techniques for capturing personal data.
“ID thieves are now starting to steal only parts of an individual’s identity rather than all of their personal information,” he continues. “This makes it more difficult for an individual to detect the fraud and also for the crime to be prosecuted. Despite our attention to online ID theft, the Federal Trade Commission reported that a lot of ID theft occurs using hard copy printed materials or mail, which the FTC notes is involved in 53% of all ID thefts.
“There is now heightened awareness regarding the importance of protecting one’s personal information and following safe online practices, such as changing your password, keeping your security software up to date, and avoiding unsecure websites.”
Executive Vice President
Amalgamated Life Insurance Company
“Another trend relates to our extensively connected lives,” Thornton adds. “Besides our mobile phones, iPads and other devices, many households now have smart TVs and use Alexa or Siri to get information quickly. Many luxury cars are equipped for Internet connection and Wi-Fi. These technologies all increase our vulnerability to ID theft. To capitalize on these vulnerabilities, the most sophisticated hackers and identity thieves are now investing in what are called ‘Exploit Kits’ that encompass code that makes it easy to steal personal information.”
ID theft protection
After my friend discovered the fraudulent social media page, she couldn’t sleep a wink. Now imagine how your employees would act if the same thing happened to them, let alone if they had their bank accounts drained. With the worrying and distractions from their work, you can bet that productivity will suffer. This is where employers can help.
“Many employers are now seeing ID theft protection and credit monitoring solutions as a valuable voluntary benefit for their employees,” says Thornton. “The IdentityForce Progressive Benefits Survey reported that 67% of HR professionals are looking into identity theft coverage as an employee perk. A BenefitsPRO survey found that 83% of employees said they would enroll in a voluntary ID theft and credit monitoring benefit. Other ancillary solutions being offered include social media monitoring and new loan application monitoring.
“Many employers are offering or considering a voluntary benefit that encompasses identity management, credit monitoring and alert tools,” he continues. “These products offer robust identity management that includes giving employees access to fraud specialists on a 24/7 basis, along with options for credit monitoring and other risk management services including data breach and theft resolution support services. Additional offerings are available for full coverage of credit and non-credit information used in fraud, such as public and private databases, social media channels and the Internet’s black market.
“Many employers will invite companies that provide ID theft solutions to their worksites to present their ID theft and credit monitoring solutions,” Thornton says. “Specialists are on hand to answer questions and provide consumer-friendly literature that explains how these tools work and the scope of the protection and risk mitigation they provide. They also post product information on their websites for easy access.”
For agents and brokers whose clients may be alarmed about identity theft, they “should remain aware of what’s happening in ID theft and share their knowledge with their clients,” Thornton says. “They should be encouraging their clients’ IT departments to be diligent in their deployment of best practices in system security and advise them to advocate for employees’ adherence to best practices pertaining to system security both in the workplace and at home and for all of their connected devices.
“There is now heightened awareness regarding the importance of protecting one’s personal information and following safe online practices, such as changing your password, keeping your security software up to date, and avoiding unsecure websites. There are also many more players in the ID theft and credit monitoring world that are offering a wide range of solutions that weren’t available five years ago. Going forward, you can expect more choices in ID theft and credit monitoring products and more sophisticated solutions being deployed at points of sale in retail operations where a large percentage of ID thefts occur,” Thornton concludes.
For more information:
Amalgamated Life Insurance Co.
Last year, the European Parliament and the Council of the European Union (EU) implemented the General Data Protection Regulation (GDPR). Its aim: to give control of personal data to the individuals it belongs to.
“It was a leading step in protecting people’s personal information,” says John Flory, cofounder and partner of Cyberstone Security. “In the EU, if you ask Google to provide you with every piece of information it has on you, it will have to provide it, and you can also opt out. Any time your name, picture or information comes across, you can have it removed from public or private places.”
While the United States doesn’t have a national online privacy standard, each state has its own laws.
“It’s state by state, and it’s not effective,” Flory says. “When you accept an application, you are generally inviting the developer to invade your privacy in some way; and if you don’t accept it, you don’t get to use the application.”
In addition to privacy laws that exist, business owners can take steps to help keep their data safe.
According to Flory: “Policy is key for organizations, especially regarding third-party vendors. Who has my data? Who is coming onto my premises? Criminals are focusing from a third-party perspective. They know that if they’re a ‘janitor’ in a building, they can go wherever they want and get access to any information.”
Background checks shouldn’t be performed only on prospective employees but also on vendors.
“You can buy all types of firewalls or Internet technologies, but then somebody shows up to your office with a big box and you buzz them in,” Flory says. It’s best to know who they really are and that the work being performed is what was actually ordered. Aside from having a policy in place, Flory stresses the importance of using multi-factor authentication, encrypting data and training employees in identity theft prevention. “If you’re an employer, you have to make protecting company data mean something,” he says. “It has to be personal or the employees won’t care. Put in their job description that they have to protect company data, and put in the company policy ‘up to and including termination’ if they don’t do so.
“We did an experiment at a bar in upstate New York where we offered $500 for an employee’s work log-in credentials. Almost 70% of the time, they gave it.”
Remember that when it comes to protecting data, employees are the weakest link.
Agents can also educate their clients in the importance of data protection and avoidance of identity theft.
“Nothing’s a greater asset for an insurer than protecting someone’s information; the customer’s information is more important than their car or house,” Flory says. “Consumers are not educated. They’ve heard of problems, but their practices are really bad.
“Privacy is becoming more public. People care less about their information and put more of it online. If you look in your Facebook settings, you are connecting to many different applications and websites.”
In light of the most recent Facebook hack, Flory advises against using your Facebook account to log into other web pages. Additional best practices that agents can recommend to their clients include:
- Retaining a credit monitoring service like LifeLock or Identity Guard
- Not using home mailboxes or their flags for outgoing mail
- Not signing credit cards; instead write “Please ask for photo ID”
- Never carrying a Social Security card unless absolutely necessary