Jun 15, Identity Theft Risk Management | Celframe ? Blogs

Last Updated on Monday, 12 March 2012 01:17 Written by Celframe Security Team Saturday, 19 May 2012 10:08

An effective identity theft risk management program must consider all risks associated with identity theft and related fraud including the unauthorized download of customer information, operations fraud resulting from stolen personal information from internal and external sources, and, excessive and inappropriate access to view customer information inside and outside of the information systems. In general, identity theft risk management efforts are usually concentrated around four general areas which are protection of personal information, compliance, fraud prevention and lawsuits.

As we increasingly share information with third parties due to outsourcing and other reasons, and digitally store business information including customer personal information, incidents of system intrusions by employees or outsiders become inevitable as we have witnessed in recent news. The excessive collection, retention and sharing of personal information as well as their storage in computer systems which are often connected to the public networks make computer incidents much more devastating for companies and their millions of customers. System intrusions have a much higher impact that non-technical theft of personal information such as hard copy reports containing personal information because digital information can be stolen, stored, carried around and shared in much higher quantities and speed. Many business databases have millions of customer information such as email addresses, names, credit card numbers, date of birth, and unique identifiers such as a social security number used in the United States which can easily be used to commit fraud.

External intrusions as well as unauthorized activities by internal employees to view and download confidential business information pose some of the greatest identity theft risks management challenges for companies. In fact, damage inflicted by insiders is huge and very common and although some employees may have authorized access to business information for legitimate business reasons, their access to systems and information is often not monitored to detect unauthorized activities. This lack of control is often due to the perception that since their access is authorized, inappropriate activities will not occur. This assumption can not be further from the truth as it is only an assumption. Companies must implement internal controls specifically designed for restricting and monitoring insider activities in the areas of information download, storage on external devices, and activities during unusual times of the day.

Identity theft risk management specialists are not only concerned with the protection of their customers? personal information from external and internal sources for fraud prevention and compliance purposes, but they are also concerned with personal information stolen from other companies which can be used to defraud their own companies. Companies often face Identity theft and fraud risks regardless of where the information was obtained from. High quality information stolen from any source which can be used to easily commit fraud has a wider identity theft ripple effect affecting many other companies. Affected companies may have the best information protection practices; however, if their identity theft risk management efforts do not address their operations, they are likely to experience fraud due to another company?s negligence.

In fact the Red Flags Rule was created to address fraud prevention at the transaction point regardless of where identity fraud components were stolen from. This law is a huge step in the right direction for the identity theft risk management field. For many years, the focus had been around protecting customer information although with less oversight around insider activities. However, we now recognize that information stolen from other sources can affect other companies and their customers which is why the Red Flag identity theft prevention law was created; to force and guide high risk companies toward an effective identity theft risk management and prevention strategy which identifies, detects and mitigates identity theft red flags.

Learn about identity theft risk management certification programs at Identity Management Institute.

View the original article here

Related posts:

1. Mar 5, Identity Theft Prevention Program
2. Identity Theft Police Report
3. Employee Fraud Risk
4. Identity KAOS
5. Getting Your Identity in Order

This entry was posted on Saturday, May 19th, 2012 at 10:08 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

mark kelly jeff goldblum annie annie zuccotti park leymah gbowee ows