- Understand the risks specific to your industry or business sector.
Consider what kind of covered accounts does your business provides. How do the account holders open and access them? If, for instance, you run medical practice, your vulnerabilities lie in individuals seeking advice or treatment under false identities. They may present a social security card with a fake number (SSN ranges typically correlate to year of birth), or a document showing a different address than stated on their form. Employees handling such documents must be sufficiently trained in verifying them.
- Detecting possible “Red Flags” of Identity Theft
Once you have identified where the vulnerabilities to identity theft in your business lie, you can devote extra resources to plugging them. Returning to the case of the hypothetical medical practice, a patient presenting an obviously fake identity document would certainly raise some questions, as would the more subtle red flags such as medical histories inconsistent with treatment given, or a patient presenting bills for medical services they did not receive.
- Respond to Identity Theft
Long before uncovering possible incidents of identity theft, institutions must have in place a procedure to deal with them. This can include monitoring, and when appropriate closing or freezing questionable accounts, changing passwords of other security barriers associated with it, and notifying the customer of the potential breach.
While only you, as the most familar with your business, can figure out its potential vulnerabilities, you do have help with detection and response. Key to both, and highlighted by the FTC itself is reliable identity verification. This doesn’t just mean checking the document bearer’s name against the ID document, but mechanically checking the authenticity of that ID.
Leave a Comment