Identity Fraud

Don't be a victim

Following the recent announcements in UK regarding an estimated 25 million records that have been effectively lost it is a timely reminder to us all about data security.

Sadly there are many criminals who are targeting identity theft as a means of making money. Once an identity has been "stolen" the fraudster can set up accounts in the victim's name, these can range from an account with a mail order company through to credit cards and loan accounts. Once the fraudster has set up these accounts they can obtain vast sums of money using your identity, after which it will often take years to "prove your innocence" and re-establish a clean credit history.

So what can you do to prevent it happening? Firstly you need to understand what comprises sensitive data, for example on its own your name is not much use to the fraudster, but when your name is combined with other information such as your date of birth and address it becomes much more sensitive. Unfortunately too many people think that sensitive data is only a password or PIN number for a bank account, the reality is that combinations of other personal data are far more sensitive. For example, if a thief steals your ATM card along with your PIN you risk losing everything in your bank account. But if someone steals your identity they can apply for credit cards, take out loans, and effectively take over your identity running up huge debts amounting to £100,000 or more.

What is sensitive personal data? This can be any data that will enable a fraudster to take on your identity. Often it is the combination of data that provides the fraudster with what they need. Below is a list of some key items of data, many on their own will not be sufficient, but when several are combined the risk of identity fraud becomes very high.

- Your name
- Your current or previous addresses where you have been living
- Your date of birth
- Your signature
- National Insurance number or tax office references
- Photo identity
- Bank or other financial account details
- Credit card details
- Email address
- Phone number
- Details about your family, names of parents, children, etc
- Information on correspondence from banks, financial services companies, your local council, and utility companies.

Once you understand what data is sensitive you next need to consider how the identity thief can obtain this data, knowing this helps you to develop measures that will prevent your identity being stolen. Theft can be through a variety of means, and it is vital that people are aware of these so that appropriate action can be taken to safeguard data. Below are some key examples of how sensitive data can be obtained:

>> Your mail deliveries, in particular if you live in a flat or shared dwelling where other people can access your post. If you live in accommodation where this is a risk, consider having documents posted to a safe address, for example a family member.

>> Online purchases. When you enter payment details into an online account you are providing more than one sensitive item of personal data. You need to ensure that the company receiving that data is regulated in some way. For example check to see if the company is registered under the UK Data Protection Act.

>> Online social accounts. Many people do not realise that they are putting sensitive data online in open forums. For example, in Facebook people place online photos, names and dates of birth. To minimise fraud consider using a false date of birth and use alias names rather than your own.

>> Waste disposal. Any documents containing personal data can be easily taken if they are discarded in waste bins, etc. If a document contains sensitive data it should be destroyed through shredding (you can buy shredders for less than £20) before disposal. But even then take care, unless you have a high security shredder (one that shreds documents to a point where they can not be put back together) consider burning very sensitive documents after they have been shredded.

>> Mobile phones and PDAs. Many people store personal data on these, for example bank account details, credit card details, passwords, etc. If you must store sensitive information on your phone then use a method of coding so that the fraudster will not identify the data.

>> Phishing. This is a term given where a fraudster emails you requesting confirmation of personal details for an order, a bank account, etc. Often these emails look very professional. The simple solution is to never respond to emails where personal data is requested. If you have a delivery you are expecting or need to verify details with your bank, call them by phone instead.

So, back to the headline, 25 million records lost with potential risk of fraud. What do you do now that your data is (potentially) in the hands of a criminal? Changing bank account details is not generally the solution to protect identity, although in some cases it may help. Some key actions that can help are outlined below:

1. Be vigilant to check for any unusual activity in bank accounts and credit files. You can access your credit file with Equifax or Experian, here you will see if any unusual requests for information are being made using your identity.
2. Password protect your data with credit referencing agencies. When a password is applied to your credit file anyone trying to open a bank account or take on a mortgage using your name will need to provide a password that matches that on your credit file.
3. If you are a landlord or letting agent then use services of agencies such as credit-check-services.co.uk to check tenant identity. Remember that each additional level of checking carried out will reduce the risk of being a victim of the identity fraudster.