Identity theft: How it affects you, your clients and your businessLaura Lynn BurkeFederal Trade Commission, U.S. Treasury Department, mortgage fraud Thieves are taking identity theft to new levels Are you at risk? Are your customers? Let's look at some of the ways identity theft is happening and ways of preventing it. Stealing identities is a nationwide epidemic. Identity theft has become a national issue. According to the Federal Trade Commission, more than 24 million people in the United States have their identity stolen. They estimate $11,000 per case in damage, which represents 26 billion of potential liability if fault can be pinned on the data holder. According to a report by the U.S. Treasury Department's Financial Crimes Enforcement Network, suspicious activity involving mortgage fraud leapt 1,411 percent between 1997 and 2005. The same reports also show that identity theft was often reported in conjunction with the commission of suspected mortgage fraud. What that means is that if someone can obtain your Social Security number, name and date of birth, they may then be able to get a mortgage in your name. Some experts say that lenders have opened the doors for mortgage fraud through identity theft because of the mirage of mortgage products allowed. One such product is the no-documentation mortgage, which enables consumers to obtain a mortgage without job, income and asset information. The use of the Internet has also allowed us to receive and process loan applications from faceless clients. The nature of these transactions can increase the opportunity of fraud, especially identity theft, says the Treasury report. Compile this with the low-documentation loans and we can become a breeding nest for fraudulent activity. As originators in this industry, we need to know how to protect ourselves personally and from being liable for originating a fraudulent loan. As business owners, we must know how to safeguard our employees and ourselves from costly litigation and time. How identity theft is happening Pilshing: A spoof e-mail that is sent out leading its recipients to a fake bank Web site where recipients are lured into keying in account usernames and passwords. Don't give out any information online that feels in any way suspicious. A company will contact you in writing or by phone if there is a legitimate problem—don't fall for eBay or AOL pilshing scams. I have received them; they will state that your account had a problem that needs to be corrected immediately or that your credit card on file is about to expire and you need to complete a form with updated information. They are pilshing scams. Dumpster diving: Where the thieves dig through a company's or person's trash trying to find enough data to allow them to either steal an identity or credit card information. Internet and company security breeches: In what many look upon as the largest wake-up call in recent history for financial institutions, thieves disguised themselves as a cleaning staff last year and stole the equivalent of more than $400 million from the London branch of Sumitomo Mitsui. Here is a brief list of some of the many companies/agencies that had security breeches in the past year or so: •Illinois Department of Financial and Professional Regulation: Federal and state law enforcement agencies are still investigating the security breach. The breach affected both loan originators and real estate agents. •Chicago public schools: Nearly 1,740 former Chicago school employees' names, Social Security numbers and home addresses were mistakenly mailed to other members of the group. •The IRS had 478 laptops lost or stolen—112 contained our personal data, such as Social Security numbers. Department of Motor Vehicles (DMV): The DMV will issue replacement licenses fairly easily. In many states, all you have to do is walk in, state that you lost your wallet or purse, have a counterfeit birth certificate and Social Security card, and, most often, your licensed is replaced in minutes. Some states do not even have the capability of viewing a past picture to determine if it resembles you. Only seven states can verify identity with biometrics. A digital photo of each applicant is combined with recognizable software that measures distances between eyebrows, ears, facial lines, etc., creating an individual's profile. "Duplicate licenses are the choice of 'smart' bad guys," states a Springfield, Ill. detective. Employee/worker: "You can have a fortress security system, but if you are not terribly discriminating with consultants and both permanent and temporary employees, you can become terribly vulnerable as a company," says a New York computer crime consultant. Synthetic identity: Synthetic identity theft is where someone steals only your Social Security number, not your identity, and they give your Social Security number a new identity—sometimes multiple ones. This type of identity theft is more difficult to find and to trace. It is almost impossible to prevent. Thieves are creating fictitious persons with legitimate Social Security numbers. This is what makes it so hard to detect. Once the new person is up and running with his new identity, he can open bank accounts, new credit card accounts, buy a new car and maybe even purchase a house. Not only are his spending habits flowing to your credit report, but his driving record, possible medical record discrepancies and criminal record are as well. This is scary stuff, and it is big time. Analytics state that this type of identity theft is accounting for more than 85 percent of identity fraud. Because they are not buying things in your name, most of the time, it doesn't show up on your credit reports—which is what makes it so extremely difficult to detect, until something happens to catch your attention. Unexplained bills, medical/dental calls or reports, traffic violations, new services, etc. are possible clues that something may be wrong. One man found out his number was used by someone who was being tried for murder. Identity theft is ageless: Everyone is a target—from young children (children under 18 have become the fastest growing target) to individuals over 21, to death. Yes, even after death we are not safe from the identity thieves. They will steal dead people's identities in a heartbeat! Identity theft is one of the easiest crimes to commit and one of the most difficult crimes to prosecute. No one is exempt from identity theft. Steps to take to prevent identity theft for you personally Check your credit: You are entitled to a free credit report once every 12 months from each of the three bureaus—Equifax, Experian and TransUnion. Stagger your requests every four months, ordering from a different bureau each time. Look for any discrepancies. You can get reports by going to www.annualcreditreport.com or by calling (877) 322-8228. Place a fraud alert on your credit report: If you have lost your purse or wallet, or have any reason to believe your identity is at risk, place an alert on your credit report. This way, all will know to check with you directly before granting any credit in your name. Ordering checks: Use only your initials and your last name on them. This way, a thief is not sure how you sign your checks. Never put your Social Security number on checks. I tend to not put phone numbers either. When asked, you can always write it on. Make a list: Make a list of all your credit cards, credit card numbers, expiration dates and 800 numbers to call. You can also photocopy both the front and back side, but keep this list and the photo copies in a safe place. Copy your Social Security card: Call the Fraud Hotline at (800) 269-0271. Sign the back of your credit cards: Sign them or print "Photo identity required." Never give out personal information over the phone: Ask to call the person back—check the number. Don't respond to pilshing: Delete pilshing messages or forward message to main company. Check your annual Social Security report: Make sure there is no income that is being reported under your Social Security number that is not yours. Steps to take to protect your company Reduce your potential liability: Customer and employee databases are prime targets. Evaluate your risk and take the necessary steps to implement any necessary safeguards and precautions. Check background on all employees: Make a background check routine of all employees—including outsourced and cleaning staff. It is a minor added cost, but may save big dollars and headaches in the long run. Limit your access: Only allow those who need it to obtain it. Have a complete accountability system of who accessed it and when. Monitor employees: Watch for unusual large downloads and volume, as well as timing. Have all employees sign non-disclosure agreements: These agreements should prohibit them from misusing confidential information. Secure your data: Encrypt rather than storing personal information on laptops, PDAs and other mobile devices. Eliminate unnecessary data: Only keep what is essential. Archive it rather than keeping it in a readily accessible file. Discard or archive all data from inactive accounts. Know where your back-up tapes are going: Are they are being sent to an off-site storage facility or are they being mailed? Safe checking procedures can prevent them from getting into the wrong hands or being lost. Know who your cleaning person is: Check your cleaning staff out. Ask for references and call them. When calling, say something like: "Bill, the tall gentleman with a mustache" or "Sally, the redhead." By adding a descriptive overview, you are, in a minor way, verifying that this is the person whose references you are checking. They could be great references, but make sure they belong to the staff you are hiring. Under-promise employees and customers: The old rule: Under-promise and over-deliver. Only assure the personal data security that you can deliver. Have a written security policy in place: Make sure the plan clearly states what data is confidential and what steps your employees are to follow to protect this data. Provide security training, education and awareness to your employees: Informed employees are more aware of spotting security breeches from within and have a plan to follow. The more familiar an employee is with procedures, encryption and programming, the more they will be used. Test your security: Once in place, have someone try to breech it. Find your weaknesses before someone else does. No matter how good your security is, there is always the possibility of a breech. Have a plan for security breeches or failure: If a worst-case scenario should happen, you will be prepared. Have a plan in writing to follow for personal security breeches—who and how clients will be notified. Plan for legal issues that may arise: Knowing who to contact and what your liabilities may be is also a positive, proactive step. To sum it all up, be alert, proactive and recognize the importance of all of the above issues. Laura Lynn Burke is with Footprints International Training Company, d/b/a The Mortgage Institute. She may be reached at (708) 692-6199 or e-mail [email protected].
About the author