Some Thoughts to Digest on Identity Theft

Identity theft….Credit Card Protection….Data Breach….Fraud Alert….Credit Freeze.   All phrases no one wants to hear but they remain front and center in our lives.

Let’s face it, we live in a world where crime rises as the economy falls.  As people lose their jobs or become “under-employed”, they may become desperate to meet their financial obligations.  And unfortunately, sometimes people turn to crime.  Crime is not always robbing a bank or breaking into a home or business.  Sometimes it becomes a bit more personal……identity theft.

We are seeing a dramatic rise in identity theft.  According to the Washington Post, there were more than 8.1 million victims in 2010 alone.  By capturing some basic information like social security number, date of birth, and address, thieves can open new credit card accounts, bank accounts, and even make major purchases like cars in YOUR name.  Any of you who have experienced identity theft can attest to the time and expense it takes to repair your name and credit ratings.

Individuals have become more aware of the threat of identity theft.  Many families are shredding their personal information like charge card receipts, bank statements, utility bills, checks, etc. before disposing of them.  While this habit certainly helps, an individual needs to do more.

Businesses have been fighting back, by participating in programs like “PCI Compliance”.  PCI Compliance is a standard set by the credit card industry to ensure secure handling and data retention for credit card transactions.  Compliance includes a checklist of steps like criminal background checks on employees, encrypting the data transmissions of sensitive information, using and maintaining anti-virus software within a data platform, and more.  If a business does not adhere to PCI compliance regulations, and a data breach occurs, the compromised business may be subject to additional fines and/or penalties.

A data breach can be extremely costly to a business. According to Information Week, the cleanup of the latest Sony data breach of their Playstation network will cost the company upwards of $171 million!

Many businesses have begun purchasing insurance programs to provide coverage for credit repairs should a breach occur.  Many of these are limited programs and provide only notification, not assistance in repairing the damage. Those services come as an extra cost on many polices.

A new trend is developing in the market that is little known to the consumers.  Businesses are purchasing identity theft solutions for their data bases, which can be upsold to provide comprehensive coverage to the consumer for a dramatically reduced price.  Because the large corporations have the power of a substantial subscriber base, they are able to negotiate favorable rates for their customers.  These programs are being packaged as another “benefit” to being a customer or member of an organization.   Comcast is the latest example of a business to roll out a program for it’s customers, calling it “Constant Guard from Xfinity”.

Whether you have a business looking to add an identity program to your suite of products or an organization or union looking to add benefits for your members, contact me @Davehanron on Twitter or via email at Dave@davehanron.com for more information on the available programs.

Worried About Identity Theft? Some Thoughts.......

As I’m sure mostly everyone is aware, Sony’s Playstation 3 on-line network and Qriocity streaming video and music service were hacked and were offline from April 20, 2012 to May 14, with all services restored by May 31, 2011.  According to Sony, as many as 77 million subscribers may have subject to privacy invasion, involving sensitive information including credit card numbers, security information, and purchase history.

According to a story published in the International Business Times, Sony has issued apologies for the breach and vowed to pay damages to affected users.

The problem this brings to light is how do today’s businesses protect themselves from these types of data breaches going forward? 

In today’s information age, the likelihood of future identity breaches is a constant threat.  There are identity protection services popping up all over the internet.  If you were to “Bing” identity theft companies, you’d get over 2.4 million results.  Google provides even more stunning results, more than 14 million companies providing the service!

But should the Consumer have to pay for this protection themselves?  Many people do….but is it necessary?  A little known fact is that the government passed an act called the “Red Flag Rules” as part of the Fair and Accurate Credit Transactions Act in 2003.  In summary, this Act requires financial institutions and creditors to provide for the identification, detection, and response to patterns, practices, or specific activities, known as Red flags, which could indicate identity theft.  These programs are required to be in place by November 2009.

According to Chris Heidkamp, VP of Channel Sales at Securus Identity Solutions, “While the Red Flag Compliance regulations don’t legally require any specific type of program be put in place, many corporations have neglected to implement any identity theft program because they felt the cost was prohibitive.  That is simply not the case any longer.”

According to Heidkamp, “programs can start as low as 15¢ per subscriber per month. This protection can provide the consumer the peace of mind they’re looking for in the event of a data breach like those seen at Sony and Epsilon.  Many of us have received the letters regarding the Epsilon breach, coming from merchants like Verizon, Hilton Hotels, Air Miles, Best Buy, Citigroup, and Walgreens.  This heartache can be avoided with the addition of a corporate identity protection program.”

It would seem it would be worth a phone call to your utility company or other monthly creditor to determine whether they have an identity program you can participate in.  Ask for the company’s position and business plan for “Red Flag Compliance” and you may just avoid the cost of a personal identity protection program.

If you would like any additional information on Red Flag Compliance, please contact me directly at @Dave Hanron or Mr. Heidkamp @ChrisHeidkamp on Twitter or Heidkamp@securus-solutions.com

Is Your Business Engaged with the Consumer?

How engaged is your company?  Have you added an interactive component to your web site so Consumers can share their sentiments?  Do you have a full time staff whose function it is to listen and react to your Customers’ comments and concerns?

The explosive growth of today’s social channels like Twitter, Facebook, Yelp, Digg, Linkedin, Consumer Complaints, and many, many more has created an instant need for businesses to respond publicly to the conversations and topics brought forth through social channels.

Only a few short years ago, the typical business website would contain non “click-able” pages of information for a Consumer to review. There’d be pages for product descriptions, the dreaded  “About Us” page that is only read by sales people, and usually some legal stuff like privacy disclosures. The leading edge companies might have had a video of some sort but the with the dial up internet connections of years ago, many Consumers couldn’t realize the true benefits of video.  All this has changed with the readily available high speed connections most of us have today.

These days if your company doesn’t have a “page” on Facebook, a “username” on Twitter and Digg, or a “profile” on Linkedin, you’re business is not involved in the social conversation and may be doing tremendous harm to your business name and brand.  By not participating, you are taking one of the biggest risks of your professional career :  not knowing what is being said about you! 

Years ago, it was pretty difficult for a single Consumer to cause any harm or add any significant value to a business reputation.  Methods of communication were pretty limited.  Maybe the Consumer could file a complaint with the Better Business Bureau, or write an editorial in your local paper, maybe even call in to a local radio station and get 30 seconds of air time, but ultimately, there weren’t a lot of options and the audience was very limited. 

Same problem with a recommendation.  If a Consumer had a great meal at a restaurant or received excellent service from their cable company (I know, that’s highly unlikely) options for praise were just as limited. Maybe a call to the owner of the business or a letter of praise about the specific employees involved, but again, unless someone saw the letter of praise hanging on a wall somewhere, there was not a great deal of benefit for the company to be derived from this type of positive feedback.

Today’s social media channels have changed all this.  A Consumer actively involved with Twitter or Facebook can literally have millions of “Followers” or “Fans” they can reach out to instantly and either positive or negative feedback can have a dramatic impact on a business or brand.  Comments can spread like wildfire, allowing a single point of view to go viral and become known worldwide almost instantly.  If not handled appropriately, the results could be catastrophic for a business.  For example, the data breach Sony experienced with their Playstation 3 online was publicized worldwide only moments after it happened.  It involved up to 77 million Consumers!  Think of how many X-Boxes must have been sold in the following weeks because people were afraid to be compromised using a Sony Playstation?  Sony has been trying to repair their reputation ever since.

In order to effectively protect your business name and brand, you need to develop a social strategy to gather information, and engage your Customers and potential Customers.  Add a blog to your web page, create a “feedback” page for your Customers to use, consider a “live chat” feature to interact immediately, and add video sessions to your site and if possible, use different employees when you film them.  We all like to see fresh faces and it creates a picture of a more diverse company if you have more faces in front of the public.

How many people remember the auto attendant “Claire” from Sprint PCS?........A big pet peeve of mine is on the “Contact Us” pages where you click on it and it goes to an email address like Support@abccompany.com  I always recommend to businesses that they make this piece more personal, and have it go to a person of some sort.  It doesn’t have to be a real person, but it can be made to appear as one.  Many companies have created “People” to engage Consumers.  Just create an email that goes to something like Claire@abccompany.com and you’ll get a lot better feedback.  You can still route it to a group of support reps if that’s your plan but it definitely gives a better personal presentation that the Consumers' experience with your brand matters to your business.

And lastly and most importantly, you must monitor the social conversations about your company and brand.  You need to develop a staff to listen and react to any publicity, either negative or positive about your products.  If you respond quickly to negative discussions, you will limit the impact of them.  If you respond to positive praise, you will gain tremendous benefits from the good publicity.  You’ll need to contract with a company to provide the monitoring capabilities for your business and then create a plan to deal with what you uncover.  If you search within your existing staff and don’t have the required skill set to handle this task internally, don’t ignore it as it will not be going away any time soon…….Outsource the process to a professional.

Contact me @DaveHanron on Twitter or leave me a comment and I’ll be happy to assist in your selection of a supplier for your social media research or development.