The growth of online shopping increased risks associated with consumer identity theft and fraud. These concerns escalated in the early 2000s with some high profile “break-ins.” Today, identity fraud has reached a new level of concern. Consumers no longer speculate whether or not they will become a victim of identity fraud, but rather when and how often their personal information will be obtained and used fraudulently.
According to a study released by Javelin Strategy & Research in February 2012, one in 20 individuals became victims of identity theft in 2011 (up from one in 23). In 2011, there were 7.7 million victims of debit card and credit card fraud. Identity theft losses totaled $18 billion. Time spent trying to recover from identity fraud can amount to many hours – not to mention the mental and emotional anguish that consumers experience.
Today, the targets most at risk include small businesses. Identity thieves know that small business fraud typically yields higher returns than consumer fraud due in part to higher credit limits and more assets to be accessed. Furthermore, cyber hackers know that small businesses house large numbers of personal records of their customers and employees that can be sold very profitably on the black market, used for fraudulent purchases, or used to falsify “identification” for perpetrators. Businesses face greater challenges and expenses than ever before in protecting the security of their data. Many do not have the manpower or the resources to manage the escalating costs of fraud losses and to maintain a strong risk management infrastructure.
According to an upcoming study from the Identity Theft Resource Center(ITRC), previewed in January 2012 by Information Week, 22.9 million records were affected in breaches that were publicly disclosed in 2011. Attacks by hackers were the leading cause of data breaches for the year, responsible for 26% of all known data breach incidents.
A small business that suffers a data breach must respond by notifying affected customers and, to protect both the customers and its own reputation, provide services such as credit monitoring and identity recovery. Responding to a breach diverts attention from running the business. The combination of loss of focus, expenses to respond, and damage to the reputation of the brand can be devastating to the small business and can even call into question its longer-term viability.
Small businesses can protect themselves, their customers and their employees with a breach and fraud remediation program. Features vary from product to product. Following are some of the features that small businesses should seek:
- Business Fraud Detection and Prevention – Securely store up to 25 credentials (EIN, account numbers, etc.), for each business, for use in monitoring billions of records and thousands of databases, including black market sites, chat rooms and social networking sites.
- A Complete Breach Response Plan, provided within 48 hours, including communication to minimize brand damage. The plan includes state-by-state research to help protect the business against the risk of failing to comply with regulations and suffering fines or litigation as a result.
- Fully Managed Identity Fraud Recovery Services for up to 100,000 compromised records.
- Unlimited Business Fraud Recovery Service with NO time limit.
- Consumer Identity Protection for the business’s employees and board members.
Best-in-class identity fraud solutions today will include pre-event monitoring to prevent fraud (or minimize damage) in addition to gold-standard, post-event recovery services. While there is an expense associated with providing these services, the cost of not providing them can be far greater in the long run. In this arena, the old cliché that “ignorance is bliss” needs an update. For all of us, consumers and small businesses, ignorance is risk – and costly.
Consumers can purchase a program that includes monitoring, remediation and recovery. The key to recovery is a process often referred to as Fully Managed Recovery. The consumer wants to ensure that the advocate assisting them in their efforts to return their identity to its pre-event status is licensed and certified and working with the consumer via a Limited Power of Attorney. This working relationship allows the advocate to actually complete most of the legwork for the consumer, thus saving time and expense.
If your business works with small businesses or consumers, consider offering a Breach and Fraud Protection Program as an enhancement to the value proposition with your clients. Depending on your business goals, you may even position this program in a way that adds a new stream of revenue to your organization.
The bottom line is that many people, whether as an individual or a business owner, do not know the path to follow to recover from identity fraud or breach executed against them. Having a program in place before the fraud occurs ensures that the business has already taken the first step and will have guidance for every step thereafter . . . whenever it is needed.