Identity theft is a term used to describe the fraudulent practice of using someone else’s information, such as name, ID/Passport number, or social security number, and using it without the victim’s permission. Identity theft costs companies millions of dollars every year.
Some common methods employed by criminals to steal personal information include:
• Stealing the victim’s identity card/passport/driving license
• Stealing the victim’s bank statements
• Buying personal information from a corrupted employee of an entity holding customers’ information
• Buying stolen personal information (from data breaches) through the dark web
• Employing Phishing/Smishing/Vishing attacks
• Impersonating someone the victim knows or trusts (i.e., a bank)
• Employing fake websites to impersonate organisations selling products or services.
• Skimming from ATMs with the use of an electronic device that steals information from the card’s magnetic strip
• Hacking the victim’s personal or business computer
Due to the enhancement of technology and the internet, many companies expand their services globally and, as a result, started onboarding customers remotely. These companies have significant exposure to identity theft risk, where criminals
Companies that collect customers’ information often become targets of cybercriminals looking for vulnerabilities in the systems and controls of an entity that will enable them to steal personal information.
Another way an entity is exposed to identity theft is when it is approached online by non-face-to-face customers who present fake or forged documents to open an account. This practice is usually employed by criminals who want to hide their real identity when laundering proceeds of criminal activity.
The criminal may perform certain activities with the stolen information, such as:
• Opening a credit card or bank account with the victim’s name
• Obtaining a loan using the victim’s name
• Opening a phone, electricity, or gas account
• Using the victim’s name to receive medical treatment
• Pretending to be the victim and committing fraud or other crimes
Additionally, the criminal may change the address so that the bills are sent to a fake address. However, the criminal never pays the bills. If arrested, the criminal pretends to be the victim.
It is essential for entities that collect personal information from customers to ensure, among other things, that:
• Customer information collected is limited to what is strictly necessary for the performance of an agreement.
• Customer information is not exposed to public view.
• There are security controls in place to protect customer information, such as firewalls, anti-virus software, encryption, and other measures.
• Only authorised staff have access to the company’s correspondence with clients.
• Customer information that is no longer required is immediately destroyed.
• Customer information is destroyed with a paper shredder.
Entities must undertake appropriate measures to reduce the risk of accepting clients using fake or forged documents and ensure that the customer is who they claim to be.
The most common methods employed by companies to reduce the risk of identity theft include the following:
• Biometric verification: Usually includes facial recognition, scanning the fingerprint, or anything else that attributes to a person. One of the main benefits of biometric verification is that biometric information is much more difficult to steal or copy while providing a better customer experience.
• Document verification: This includes the proof of government IDs, passports, and driving licenses, which can be photographed and then validated with a verification tool.
• One-time password (OTP): A password that authenticates the client by utilising something the consumer has, such as a phone number or email address. A single code is delivered, and the user must enter it in the appropriate field.
• Two-factor authentication: This is used to verify the customer with a combination of two elements, usually a code sent to a trusted phone number with which the user must interact to verify the identity on a website.
To conclude, identity theft is a major issue that may harm individuals and businesses. Companies must protect their consumers' data from increasingly sophisticated identity thieves. Biometric verification, document verification, one-time passwords, and two-factor authentication are some ways corporations limit identity theft risk. However, businesses must remain attentive and frequently examine and update their security procedures to protect against this threat. Companies may protect their customers' data and minimise financial and reputational losses by preventing identity theft.