The Sumsuber

Verification knowledge hub

How to
5 min read

Identity Theft Explained: How Businesses Can Detect, Prevent and Combat Identity Fraud

Business security is often too feeble to withstand the cyber attacks, allowing fraudsters to fest on the company and client financial data, and use it for identity fraud. No company needs to go through an identity fraud nightmare, having to deal with false bank accounts, fake licences, screaming headlines and police investigations.

The best practice is to avoid the identity threat mess by implementing certain anti-fraud controls.

  1. What is identity theft and how it hurts businesses
  2. How frauds steal personal data
  3. 7 common types of identity theft
  4. How to fight identity theft

What is identity theft and how it hurts businesses

Identity theft is a type of cybercrime, when frauds access their victim’s personal information such as name, date of birth, address, bank account, etc. Later on, frauds use this information for economic gain: to make purchases, open accounts, withdraw money and get tax refunds. All in the names of the ones they have robbed of an identity.

Data breaches ruin reputation and cost firms from thousands to millions of dollars. Identity fraud tanks businesses, especially those small and mid-sized that often barely have the necessary security measures in place.

As identity theft developed into a common crime in the digital space, identity thieves devised few ways to terrorize individuals and businesses.

How frauds steal personal data

Frauds can access personal data the easy way, by stealing letters or searching for people voluntarily leaking their credit card pictures on Facebook, Twitter or Instagram. The other, harder way, is to go further and hack into individuals’ emails, accounts or buy data from the “dark web”. All of these are equally damaging for the person they target and the business involved.

  • Physical theft
    Theft of credit cards or bank statements, any documents that have a name, address, account numbers or other sensitive information on it.
  • Phishing
    Frauds can send emails under the name of a fake company, agency or organization, asking you to share personal information, name, address, card or bank account details, passwords, etc.
  • Cold calling
    Some frauds pose as bank support or service providers, calling and tricking people into sharing personal information.
  • Hacking
    Criminals break into computer systems to steal identity and credit card details, bank data, anything that might be useful to then profit off.
  • Oversharing
    Sharing snaps of open passports or new credit cards with the entire 16-digit number exposed via social media is a direct invite for frauds to steal these people’s identity.
  • Inside job
    On many occasions the white-collars themselves, such as bank workers steal customer data to later sell in on the dark web or withdraw money.

Although these are the most popular ways for frauds to get their hands on somebody else’s identity, there are also many roads they can follow, regarding the type of identity theft.

7 common types of identity theft

Identity fraud manifests in all areas of life where it finds a benefit, financial or personal.

  1. Financial identity theft. Using stolen data to breach into existing financial accounts, or create new ones. It takes months to recover, not mentioning the impact it has on the credit score. Like that, a syndicate in Melbourne used stolen personal data to open 70 accounts at various banking institutions. They later withdrew the money overseas and transferred them back to Australia through cryptocurrencies.
  2. Driver’s license fraud. Issuing a driver’s license in another person’s name for the purpose of traffic violations or vehicle theft. A San Francisco-based luxury car-sharing service HiGear learned the lesson the hard way, when it was forced to shut down due to identity fraud related theft incidents.
  3. Social security number theft. SSN number can be used to steal the benefits of other people. It also contains sensitive information to file for documents, take out loans or credit cards. Just like that cybercriminals used a fake Citibank website to steal debit card and SSN in order to access bank accounts.
  4. Medical identity theft. The information stolen from people’s medical profiles can be used for health insurance and medical coverage fraud. As a result of a massive cyber attack in Singapore, criminals stole the personal data of 1.5 million patients, their name, NRIC number, address, gender, race, date of birth, medical history.
  5. Tax identity theft. Once criminals get hold of the data, they can file for a tax return and claim a refund. In the same way, two Florida men used personally identifiable information to file fraudulent tax returns under the roof of their tax preparation services firm.
  6. Employment identity theft. To land a better job or any job, frauds hide their real personal history from employers, by assuming a different identity. Following this scheme, an unknown Massachusetts man used a stolen identity for 40 years.
  7. Child identity theft. Children are a blank slate. Their personal data and SSN can be used to get fake documents, apply for loans and credit cards, which could take years to sort out later. In Portland, a nine-years-old lost his identity to frauds, who managed to to open a bank account and a credit card under his name.

Fortunately, frauds are also not without a fault and there are ways to trap identity thieves before they try to hurt customers and businesses.

How to fight identity theft

Identity fraud can be prevented. The bad news is that none of the methods can guarantee 100% protection. However, being aware of the blind spots and incorporating certain practices can considerably reduce the risks.

1. Protect sensitive data

  • Encrypt data. Securely encrypt customer data before transmitting or storing it. It includes such sensitive data as credit card, bank account and Social Security information. The thief might be able to steal it but they won’t be able to use it.
  • Use firewall and update software. Install a firewall to fight off the hackers. Make sure to do regular system updates that often fix certain security issues.
  • Limit access. Give access only to those employees that work with it, shred old business records.
  • Adopt new technology. Depending on the specific business, they might need help to mitigate risks. It can be an antivirus software, encrypted backups or DDoS appliances.
  • Check vendors. Make sure you are putting sensitive data in the hands of somebody who knows how to protect it.

2. Establish business policies

  • Build a company strategy. Develop and incorporate guidelines to how the business handles and stores customer information. It involves how the business accepts payments and client identification.
  • Engineer a step-by-step protocol in case of a data breach. Put a person in charge of the breach, establish the actions that will be taken.
  • Set deadlines for record keeping. Establish the timeframe for how long the company has to store the account and credit card numbers if the client hasn’t been in contact for a long time.
  • Get rid of excess data. Clear account data of sensitive information that is not vital to the account. Do not include SSN, driver’s license or birth dates.

3. Set customer processing rules

  • Request ID. Ask for ID in case a customer pays with a card. That allows you to compare the photo and data in the document with the name on the credit card and the customer themselves. If the data are suspicious, pass on the client.
  • Request verification code. Ask for the code from the back of credit cards. When accepting credit cards by phone or internet, use the address verification system, to check it against the cardholder’s account records.
  • Don’t collect unnecessary data. If you are not going to use the customer’s address or birth date, there is no need to request it at all.
  • Establish fraud alerts and inspections. Practice security freezes, if the system detects suspicious activity. Manually review unusual transactions if necessary.

Security stays central to the success of any financial business that has personal data of thousands or millions of people flowing through it. That said, it can be hard to balance between splurging on extra technology and ignoring the vulnerabilities. Here the businesses must focus on their internal practices and study their security needs step by step as there is no defence that suits all.

Have been thinking of a better security solution? Let us know, so we can help.

See Sumsub in action