Identity Theft: Who’s Protecting Your Customers?
By Cindy Schroeter Graham
have heard a lot about consumers’ personal information getting into
the hands of identity thieves. More and more people are taking steps
to minimize their exposure to such theft by reducing information on
personal checks, refusing to share their social security numbers,
being prudent in their use of credit cards, and shredding “junk”
mail that might allow another person to pose as them. However, we can
do little to protect ourselves against lackadaisical security methods
or unscrupulous business practices.
Because recent reports
confirm that personal information continues to fall into the wrong
hands, consumers have become increasingly concerned about how
companies handle their personal information. But consumers can only do
so much; then it’s up to businesses to provide their customers with
privacy policies that will ensure their information is handled
properly and kept out of the hands of crooks.
How can businesses help
ensure this security? The first thing is to own up to the
responsibility. Business owners, managers and supervisors need to
establish and enforce effective company privacy policies. These
polices should outline the handling, reviewing, storage, and
destruction of customers’ personal information, as well as that of
employees. Once privacy polices are drawn up, they must be carried out. All employees should be trained in the
handling of sensitive information.
When employees obtain
personal information from customers, several questions need to be
asked. Who is allowed to handle it?
How long will the information be unsecured? Can information
viewed on computer screens be seen by others? How will the information
be secured? Who will have access to it? How long will it be kept, and
when will it be destroyed?
information handling procedures can be cumbersome. However, they are
necessary if we are to gain and keep the confidence of our customers
and our employees. Review the following privacy policies that should
be established and practiced by every business.
computer screens so customer information is not visible by anyone
standing in close proximity. If the screen cannot be moved, place
something in the line of sight to block unwanted viewers. Hanging
plants, room dividers or frosted glass can block the view.
Computers should be
password protected. When an employee leaves his/her computer, it
should always be secured and protected by a password. Even if you
leave your computer for just a few minutes, unsecured information
could be accessed by anyone passing by.
files should never remain unattended on a desk that can be accessed by
customers or unauthorized employees (including cleaning or maintenance
staff). Files left unattended can be quickly viewed and documents
stolen or copied. Files should always be in a secured drawer or locked
room when not in use.
Customer information should be secured as quickly as possible. Once
information is obtained from a customer, the document or program
should not be left unattended. Secure all information before servicing
customer information is secured, assign specific employees who will
have access to the information. The more employees who have access to
the information, the more chances exist for misappropriation. Don’t
tempt employees with the access if they don’t really need it.
discuss customer information when other customers or employees are
able to hear. When requesting information from the customer, have the
customers write it down for you. Once you are finished with the
written information, it is very
important that you hand it back to the customer. This way the
customer can dispose of it, and there are no concerns that the written
information is intentionally or inadvertently passed on to someone
leave outgoing mail out over night or over the weekend. Mail or any
other documents that are waiting in an “out box” can be easily
access by cleaning, maintenance, or service staff, as well as by
children or friends of employees. Keep outgoing items secured until
pick up time. A central location should be designated for such items
during the week. Often items placed with other out going mail or
documents are quickly forgotten, that is, until the recipient notifies
you that the document has not been received. The more time that has
lapsed between sending and receiving the mail or documents, the less
likely you will be to locate them.
waiting to be shredded should be in a secure place. Many offices use a
box under each desk, where documents are thrown until the end of the
week. This system provides easy access to documents that are seldom
noticed if they go missing. Shred bins should be locked or kept in a
locked room. Larger bins are often used to store documents until a
document disposal company takes them. These bins should also be locked
or kept in a secured area.
The Fair and
Accurate Credit Transaction Act (FACTA) says that receipts for credit
and debit card transactions can include no more than the last five
digits of the card number or expiration date. That means, if you’re
using a merchant processing machine setup before
1, 2005, you have three years to comply. If the machine you are using was
set up after January
1, 2005, you have one year to comply. Take steps now to ensure that your
program will not print the entire credit/debit card number.
What all this boils down to
is that we, as employers, business owners, managers, and supervisors
need to make a greater effort to provide our customers with the peace
of mind that their identities and information are safe with us.
Employees must handle customer information with care and respect that
is apparent to all customers. Without our help in the secure handling
of the personal information, the fight to stop identity theft and
fraud will continue to rage. We need to be smarter than the crooks by
eliminating their means to this information. After all, the next
customer to have their identity stolen could be you.
Read other articles and learn more
about Cindy Schroeter Graham.
[This article is available at no-cost, on a non-exclusive basis.
Contact PR/PR at 407-299-6128 for details and