Identity Theft: Who’s Protecting Your Customers?

By Cindy Schroeter Graham

 We have heard a lot about consumers’ personal information getting into the hands of identity thieves. More and more people are taking steps to minimize their exposure to such theft by reducing information on personal checks, refusing to share their social security numbers, being prudent in their use of credit cards, and shredding “junk” mail that might allow another person to pose as them. However, we can do little to protect ourselves against lackadaisical security methods or unscrupulous business practices.

Because recent reports confirm that personal information continues to fall into the wrong hands, consumers have become increasingly concerned about how companies handle their personal information. But consumers can only do so much; then it’s up to businesses to provide their customers with privacy policies that will ensure their information is handled properly and kept out of the hands of crooks.

How can businesses help ensure this security? The first thing is to own up to the responsibility. Business owners, managers and supervisors need to establish and enforce effective company privacy policies. These polices should outline the handling, reviewing, storage, and destruction of customers’ personal information, as well as that of employees. Once privacy polices are drawn up, they must be carried out. All employees should be trained in the handling of sensitive information.

When employees obtain personal information from customers, several questions need to be asked. Who is allowed to handle it? How long will the information be unsecured? Can information viewed on computer screens be seen by others? How will the information be secured? Who will have access to it? How long will it be kept, and when will it be destroyed?

Establishing strict information handling procedures can be cumbersome. However, they are necessary if we are to gain and keep the confidence of our customers and our employees. Review the following privacy policies that should be established and practiced by every business.

• Computer Screens: Adjust computer screens so customer information is not visible by anyone standing in close proximity. If the screen cannot be moved, place something in the line of sight to block unwanted viewers. Hanging plants, room dividers or frosted glass can block the view.

• Passwords: Computers should be password protected. When an employee leaves his/her computer, it should always be secured and protected by a password. Even if you leave your computer for just a few minutes, unsecured information could be accessed by anyone passing by.

• File Security: Customer files should never remain unattended on a desk that can be accessed by customers or unauthorized employees (including cleaning or maintenance staff). Files left unattended can be quickly viewed and documents stolen or copied. Files should always be in a secured drawer or locked room when not in use.
  
  Customer information should be secured as quickly as possible. Once information is obtained from a customer, the document or program should not be left unattended. Secure all information before servicing another customer.

• File Accessibility: When customer information is secured, assign specific employees who will have access to the information. The more employees who have access to the information, the more chances exist for misappropriation. Don’t tempt employees with the access if they don’t really need it.

• Written Information: Don’t discuss customer information when other customers or employees are able to hear. When requesting information from the customer, have the customers write it down for you. Once you are finished with the written information, it is very important that you hand it back to the customer. This way the customer can dispose of it, and there are no concerns that the written information is intentionally or inadvertently passed on to someone else.

• Mail Security: Don’t leave outgoing mail out over night or over the weekend. Mail or any other documents that are waiting in an “out box” can be easily access by cleaning, maintenance, or service staff, as well as by children or friends of employees. Keep outgoing items secured until pick up time. A central location should be designated for such items during the week. Often items placed with other out going mail or documents are quickly forgotten, that is, until the recipient notifies you that the document has not been received. The more time that has lapsed between sending and receiving the mail or documents, the less likely you will be to locate them.

• Shredded Documents: Documents waiting to be shredded should be in a secure place. Many offices use a box under each desk, where documents are thrown until the end of the week. This system provides easy access to documents that are seldom noticed if they go missing. Shred bins should be locked or kept in a locked room. Larger bins are often used to store documents until a document disposal company takes them. These bins should also be locked or kept in a secured area.

• Receipts: The Fair and Accurate Credit Transaction Act (FACTA) says that receipts for credit and debit card transactions can include no more than the last five digits of the card number or expiration date. That means, if you’re using a merchant processing machine setup before July 1, 2005, you have three years to comply. If the machine you are using was set up after January 1, 2005, you have one year to comply. Take steps now to ensure that your program will not print the entire credit/debit card number.

What all this boils down to is that we, as employers, business owners, managers, and supervisors need to make a greater effort to provide our customers with the peace of mind that their identities and information are safe with us. Employees must handle customer information with care and respect that is apparent to all customers. Without our help in the secure handling of the personal information, the fight to stop identity theft and fraud will continue to rage. We need to be smarter than the crooks by eliminating their means to this information. After all, the next customer to have their identity stolen could be you.

Read other articles and learn more about Cindy Schroeter Graham.