However, education and training needs to go beyond just the company. Companies exist within frameworks set up by governments. Do you know what your government is doing to protect your company's identity?
And let's not forget about the new rage, Facebook, Twitter, MySpace, Bebo and blogs! These social media and social networking sites have quickly gained popularity. Some users, especially younger generations, are sharing everything from what they're eating to where and who they were out with last night. Are we nurturing a future generation of workers who are naturally careless with personal information, making their employers more susceptible to corporate ID theft?
So what are governments doing to reduce identity crime? Do businesses have clear and updated policies implemented to protect private data and information? Is society teaching younger generations about the dangers of sharing too much information? Let's take a look at what has been done and what needs to be done to safeguard our businesses from corporate identity fraud.
Governments
Governments clearly have a part to play in preventing ID fraud, both personal and corporate.
In last week's post 'Major Danger Documents', we wrote about how in the UK, Companies House and the Metropolitan Police Service have created a 'Sterling Service' initiative which ties together the Companies House PROOF online documents system, promotes its monitoring system and gives general awareness tips for protecting a company's identity.
Furthermore, in the UK, The Home Office, in collaboration with other government departments and private sector organisations, has set up the Home Office Identity Fraud Steering Committee to lead a cross public/private sector work programme to tackle identity theft and identity fraud.
The programme co-ordinates existing activity in the public and private sectors and identifies new projects and initiatives to reduce identity crime. These range from aligning penalties for criminals, considering new offences, developing and sharing good practice, collaborating across departments (for example vehicle licensing and passport issuing), and raising general awareness both of corporate and personal identity theft.
In an effort to provide an easy and secure way for UK residents to prove who they are, the government introduced a national identity scheme in 2006 for residents to be issued an identity card that contains biometric information on a national identity register. What do you think of this identity scheme? If businesses required identity cards from vendors and business owners will it protect them from corporate identity fraud?
Business
The Sarbanes-Oxley Act tightened restrictions around data for publicly traded companies in the USA and as such, increased the monitoring of irregular activity that could be associated with fraud. Still, some sectors of business are more vulnerable than others. This includes private companies and certain industries which require the transfer of personal and corporate data.
In the UK, businesses have a legal obligation under the Data Protection Act. Principle 7 states that businesses must safeguard "personal data", which is defined as any information, including facts and opinions about living, identifiable individuals.
Retailing
In a recent post, we highlighted some large identity fraud cases. One touched the retailing giant TJ Maxx when 40 million credit card details were sold to criminals who then used them to obtain goods.
There are millions of transactions in the retailing world every day. Retailing companies, from their inception, have understood the significance of their reliance on technology and data and have always had an appreciation for the inherent risks in their model. So while they could be exploited, from the start they have developed methods to reduce this risk.
This is why bodies such as the PCI Security Standards Council (PCI-SSC) exist. This helps retailers enhance payment account data security by driving education and awareness of the PCI Security Standards.
Legal
As the threat of money laundering evolves and regulations tighten accordingly, a greater focus is centering on the ability of the legal sector to electronically verify a client's identity, whether of an individual or a company. Without this ability, criminals could assume a personal or corporate client ID.
Accounting
Companies House is taking measures to help companies protect their ID. However, those very measures are opening the way to new forms of ID theft.
One such involves a fraudster stealing an accountant's identity in order to legitimise a set of manufactured accounts, which will then be filed at Companies House in order to add a veneer of respectability to what is, in reality, an empty shell company.
Once the fraudster has filed the bogus accounts at Companies House, the bogus company is then in a position to secure credit based on the apparent strength of its financial covenant.
This is where personal and corporate ID theft become intertwined. Assume the identity of a key figure close to where the cashflows, and you can get into the company's identity too.
Society
Today younger people are keen to share everything, whether online or offline.
They could potentially put employers at risk of corporate identity fraud unless they are made aware of what they should and should not share.
We need to start nurturing a "Think Before You Share" generation to educate youths about the risks involved with sensitive information online. If we don't, this would cause concern among potential employers across the country. It seems that the more ubiquitous the potential for ID theft, the lower the awareness.
It's always interesting to look at differences across sectors, governments and indeed entire societies. What's your take on this? Do you find your particular industry sector places high priority on protecting ID security? Have you worked in a government department and been party to highly sensitive data that you've been responsible for safekeeping? Or maybe you've lived in more than one country and noticed differences between them. Let us know.
Governments clearly have a part to play in preventing ID fraud, both personal and corporate.
In last week's post 'Major Danger Documents', we wrote about how in the UK, Companies House and the Metropolitan Police Service have created a 'Sterling Service' initiative which ties together the Companies House PROOF online documents system, promotes its monitoring system and gives general awareness tips for protecting a company's identity.
Furthermore, in the UK, The Home Office, in collaboration with other government departments and private sector organisations, has set up the Home Office Identity Fraud Steering Committee to lead a cross public/private sector work programme to tackle identity theft and identity fraud.
The programme co-ordinates existing activity in the public and private sectors and identifies new projects and initiatives to reduce identity crime. These range from aligning penalties for criminals, considering new offences, developing and sharing good practice, collaborating across departments (for example vehicle licensing and passport issuing), and raising general awareness both of corporate and personal identity theft.
In an effort to provide an easy and secure way for UK residents to prove who they are, the government introduced a national identity scheme in 2006 for residents to be issued an identity card that contains biometric information on a national identity register. What do you think of this identity scheme? If businesses required identity cards from vendors and business owners will it protect them from corporate identity fraud?
Business
The Sarbanes-Oxley Act tightened restrictions around data for publicly traded companies in the USA and as such, increased the monitoring of irregular activity that could be associated with fraud. Still, some sectors of business are more vulnerable than others. This includes private companies and certain industries which require the transfer of personal and corporate data.
In the UK, businesses have a legal obligation under the Data Protection Act. Principle 7 states that businesses must safeguard "personal data", which is defined as any information, including facts and opinions about living, identifiable individuals.
Retailing
In a recent post, we highlighted some large identity fraud cases. One touched the retailing giant TJ Maxx when 40 million credit card details were sold to criminals who then used them to obtain goods.
There are millions of transactions in the retailing world every day. Retailing companies, from their inception, have understood the significance of their reliance on technology and data and have always had an appreciation for the inherent risks in their model. So while they could be exploited, from the start they have developed methods to reduce this risk.
This is why bodies such as the PCI Security Standards Council (PCI-SSC) exist. This helps retailers enhance payment account data security by driving education and awareness of the PCI Security Standards.
Legal
As the threat of money laundering evolves and regulations tighten accordingly, a greater focus is centering on the ability of the legal sector to electronically verify a client's identity, whether of an individual or a company. Without this ability, criminals could assume a personal or corporate client ID.
Accounting
Companies House is taking measures to help companies protect their ID. However, those very measures are opening the way to new forms of ID theft.
One such involves a fraudster stealing an accountant's identity in order to legitimise a set of manufactured accounts, which will then be filed at Companies House in order to add a veneer of respectability to what is, in reality, an empty shell company.
Once the fraudster has filed the bogus accounts at Companies House, the bogus company is then in a position to secure credit based on the apparent strength of its financial covenant.
This is where personal and corporate ID theft become intertwined. Assume the identity of a key figure close to where the cashflows, and you can get into the company's identity too.
Society
Today younger people are keen to share everything, whether online or offline.
They could potentially put employers at risk of corporate identity fraud unless they are made aware of what they should and should not share.
We need to start nurturing a "Think Before You Share" generation to educate youths about the risks involved with sensitive information online. If we don't, this would cause concern among potential employers across the country. It seems that the more ubiquitous the potential for ID theft, the lower the awareness.
It's always interesting to look at differences across sectors, governments and indeed entire societies. What's your take on this? Do you find your particular industry sector places high priority on protecting ID security? Have you worked in a government department and been party to highly sensitive data that you've been responsible for safekeeping? Or maybe you've lived in more than one country and noticed differences between them. Let us know.
Leave a comment