Workplace Identity Theft Response

By Henry Bagdasarian

Companies must be prepared for workplace identity theft response to prevent fraud resulting from increasing data breaches and comply with the consumer protection laws. We frequently hear about big data which is a reference to big databases and we hear about increasing role of the cloud computing for processing, sharing, and storing data. When we consider the implications of our technological evolution whether it is cloud commuting or mobile payment, we have to also consider the high risk of data breaches which result in an enormous amount of stolen data which can be used to defraud companies.

With the global Internet and advances in the data security, monitoring and discovery tools, anyone with some technical background can actually steal personal data from any company, post it to the Internet for free or to be sold, and most importantly, from any corner of the world. As world governments fight each other or criminal organizations, the chances of organized data theft is even greater and companies have to be more diligent.

On the bright side, technical advancements and acceleration of the mobile payment use also help the good guys protect their information and process transactions with security and authorization.

That said, data breaches are inevitable as we witness them almost weekly when they are advertised, and the impact will get even bigger as we consolidate data processing and storage into big data and cloud, including patient medical records.

What companies must be aware of and be prepared for is that personal data stolen from any company can be used to defraud them whether the stolen data belongs to their existing customers or not. To ensure that companies manage these specific identity fraud risks arising from data breaches, businesses must implement a program for workplace identity theft response which would not only help mitigate the risks but also help companies which operate in a regulated environment comply.

For example, financial institutions and creditors in the United States must develop and implement a written Identity Theft Prevention Program based on risk assessments in accordance with the Red Flags Rule requirements. The Program must identify the methods by which identity fraud can occur and describe the appropriate workplace identity theft response which all affected employees would have to follow after they undergo training.  For more information about the compliance requirements, you can read about the Red Flags Rule here, however, below you will find a concise list of workplace identity theft response that employees can follow when they detect an identity theft red flag. Normally, the typical red flags would be identified by management before detection and response procedures are documented and described to employees. Nevertheless, this list should provide some guidance for quick action and when planning to develop an organization-wide identity theft prevention program. Not all of these responses apply all the time and only one or more items may apply to situations.

Workplace Identity Theft Response List

  1. Contact the customer to verify the transactions
  2. Ask for more identification documents
  3. Request additional personal information to validated against internal and external information
  4. Monitor the account for evidence and theft detection
  5. Change any passwords and any other security codes which permit access to accounts
  6. Close the account and open a new account
  7. Close the account and refuse to open a new account
  8. Notify law enforcement and file a Suspicious Activity Report (SAR) if applicable
  9. Limit access to funds when security procedures are compromised
  10. Decline to issue a new credit card when the request coincides with a recent change of address until the address change is validated

Become a Certified Red Flag Specialist (CRFS) to be a recognized expert in workplace identity theft response, prevention and compliance.