1. Credit Security October 2012

2. What is it? Costs of Identity Theft Employer Risks 3 D’s (Deter, Detect, Defend) IRS Tips New Areas Questions Agenda 2

3. What is it? Credit Security is the freedom from any threat of danger or risk occurring to your finances and having precautions taken to guard against financial crime, attack or sabotage. 3

4. Most Common Form Related to Credit Security: Identity Theft A form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit or other benefits in that person’s name. 4

5. 5

6. 6

7. In 2010, the number of Identity Theft victims dropped 28 percent to 8.1 million Losses from identity theft also fell to $37 billion from $54 billion in 2009 7

8. 8

9. 9

10. 10

11. Personal Liability –Credit Cards: commonly liable up to $50 if the card is fraudulently used before reported stolen (Fair Credit Billing Act) Even if it is used for cash advances from an ATM Costs of Identity Theft in Regards to Individual Financial Instruments 11

12. Debit Cards: no fixed liability, but instead liable for when the loss is reported –Reported within two days theft or loss, liable for $50 –Reported after two days but within 60 days, liable for up to $500 of what is illegally withdrawn –Reported after more than 60 days, potentially liable for all money that was fraudulently withdrawn from the end of the 60 days until when the card was reported 12 Costs of Identity Theft in Regards to Individual Financial Instruments

13. Checks: banks typically are responsible for losses as a result of a forged check Victims may be liable if bank is not promptly noted of a forgery or if a victim does not monitor their accounts on a regular basis Forger could receive a felony between the fifth and first degree depending on the amount of loss http://www.identitytheftfacts.com/cost-identity- theft/ 13 Costs of Identity Theft in Regards to Individual Financial Instruments

14. Risks to Employers & Individuals Recent Example A nurse at Kings County Hospital in New York City was charged with stealing Social Security numbers of nearly 60 employees Received $200 per name Over $100,000 was purchased by the perpetrators Federal Fair and Accurate Credit Transaction Act of 2003 $2,500 fine per infraction if employee or customer information is stolen from Company State Ohio Law-Identity Theft Prison terms from 6 months to 10 years (5 th degree to 1 st degree felony) Fines range from $2,500 to $20,000 Penalties increased for the resulting loss and crimes against: Individuals 65 or older Against the disabled 14

15. 3 D’s (Deter, Detect, Defend) Deter: Minimize your risk Detect: Identify suspicious activity Defend: Recover from identity theft 15

16. Thieves steal an identity by: –Dumpster diving –Skimming –Phishing –Changing your address –Old-fashioned stealing –Pretexting Thieves use a stolen identity for: –Credit card fraud –Phone or utilities fraud –Bank/finance fraud –Government documents fraud –Other fraud Deter - Individual 16

17. Deter – Individual (continued) Nothing can guarantee you won’t become a victim of identity theft but you can try to minimize the risk through the following: –Protect your social security number –Treat your trash and mail carefully –Be on guard when using the internet –Select intricate passwords –Verify a source before sharing information –Safeguard your purse and wallet 17

18. Best way to protect personal identifiable information is by encryption. (Does not prevent information from being captured, but makes it unintelligible and therefore useless) –Identify the data that requires encryption –Determine the information's lifetime (i.e. credit card expiration dates) –Select the appropriate encryption techniques –Set policies, procedures, and train users –Identify encryption key access criteria: guard passwords –Install encryption technology: appropriate access Deter - Individual (continued) 18

19. Deter - Business 19 Common Steps to Protect Employees’ Information Secure job applications Require confidentiality agreements Run background checks on staff who handle personal information Implement a data removal policy Don’t cover up breaches Implement a document destruction period Bond employees Make sure business computers have anti-virus & anti-spyware protection Keep software and browsers updated with security patches Make sure network is protected with a firewall Educate employees about scams

20. Detect - Individual Signs of identity theft: Accounts opened or debts that can’t be explained Fraudulent credit report information Bills or other incorrect mail Credit cards not applied for Being denied credit or specific rates for no apparent reason Getting calls or letters from debt collectors about items not purchased 20

21. What personal information should you monitor regularly? –Financial statements/accounts –Credit reports: aggregate personal information, financial data & alternative data is collected Free report at least once every 12 months through: www.annualcreditreport.com Equifax.com, Experian.com or Transunion.com can be used to purchase credit reports Other types of ways a breach occurs are through: –Insider mistakes –Malicious insiders (Hospital article) –Outside attacks Detect - Individual (continued) 21

22. Ways to Detect –Security cameras in the building & at entrances/exits –Security alarm –Motion detectors –All confidential data appropriately secured with limited access –Third party IT company: monitor email & systems Detect - Business 22

23. Defend - Individual What should you do if your identity is stolen Place a fraud alert on your credit reports & review credit reports –Prevents more accounts from being opened Close the accounts that you know, or believe have been tampered with or opened fraudulently –Call each company & follow up in writing –Dispute transactions File a complaint with the Federal Trade Commission –Helps law enforcement to track down thieves –Provides report to the police File a report with the police where the identity theft took place 23

24. Defend - Business A type of employer insurance: “Employee Dishonesty Policy” protects the employer if an employee steals other employees’ information or client information. –Offered by the Uhl Agency Recovering from a breach Notify law enforcement & affected businesses –Banks or credit issuers that maintain the accounts affected Notify Individuals –Consider nature of the compromise, type of information taken, likelihood of misuse and potential damage arising from misuse –Send notice to individuals detailing the event, what could happen & how to protect against it –Designate a firm contact person –Consult with law enforcement so notification does not impede investigation 24

25. Awareness and knowledge are the most effective tools to Deter, Detect & Defend against Identity Theft 25 Best Defense is a Great Offense

26. IRS Tips (Individuals & Businesses) IRS does not initiate contact through email to request personal information. If you receive an email from the IRS or a website claiming to be the IRS but does not begin with www.irs.gove forward it to the IRS at phishing@irs.gov. To learn how to identify a secure website, visit the Federal Trade Commission at: www.onguardonline.gov/tools/recognize-secure-site-using- ssl.aspx. Identity thieves get your personal information from stealing your wallet, looking through trash, posing as someone reputable, etc. A stolen Social Security number can be used by an individual to get a job and cause your earnings to be under reported on your tax return. You will have to verify yourself with the IRS to correct this. Do not routinely carry your Social Security card on you. 26

27. IRS impersonation schemes flourish during tax season, contact the IRS if a letter seems to be not legitimate. Use a strong password to protect your tax return. Burn file to a CD or flash drive and store in a safe place to remove personal information from your hard drive. If you were impacted by an identity theft, file a complaint at www.ic3.gov. An easy to use convenient reporting mechanism. For more identity theft information, search Identity Theft on irs.gov. IRS Tips (continued) 27

28. Protection Services A good website for deterring the best and most comprehensive types of protection is located at www.5pointsofprotection.com. A review of the five most popular identity theft services and how they stack up to each other. –LifeLock is one example offering two services at either $10 or $25 per month. –This covers fraud & credit monitoring, junk mail & preapproved credit offer removal and $1,000,000 in ID theft coverage along with several other protection services. Brixey & Meyer uses a secure portal that minimizes the risks seen in emailing or faxing information. –The portal uses the highest level of encryption technology to minimize any threats to the security of your personal data. 28

29. Radio Frequency Identification (RFID) cards –Allow consumers to buy products faster with their card only needing to be waved instead of swiping and signing –Signal can be intercepted by electronic reader (available for purchase) –200 million credit cards contain these chips, usually seen by radio waves or by a “pay pass” label on the card SMS (Text messaging) Phishing Attacks –Increased 913% during the first week of September 2012 #1 Text-based threat –Forward message to 7726 to notify your phone carrier –Can spoof identities to make it appear text is coming from a legitimate source Fraudulent Tax Returns –In 2011, 335,341 tax returns claiming $1.9 billion in fraudulent refunds –Individuals taking deductions and credits they don’t qualify for or individuals filing returns using stolen identities New Areas of Risk 29

30. 30 Situation to Avoid!

31. Questions 31