Identity theft a business problem

Corporate accounts as vulnerable as personal accounts, expert says

By: Gwen McNamara
   WEST WINDSOR — Identity theft is on the rise, but it’s not just individuals who need to protect themselves — businesses need to be just as vigilant.
   That’s the message Robert Gionesi brought to the Princeton Regional Chamber of Commerce’s breakfast meeting at the Mercer Oaks Country Club on April 20.
   Mr. Gionesi, president of global markets for Cryptometrics, a New York-based security technology company, outlined why businesses should worry, who’s at risk and what protection tools are available.
   "According to CBS News, every 79 seconds a thief steals someone’s identity," said Mr. Gionesi. "If this was a disease, it’d be an epidemic."
   In 2004, he said, consumer advocate Consumer Sentinel received 635,000 complaints of consumer fraud and identity theft, and electronic fund-transfer fraud doubled between 2002 and 2004.
   New Jersey ranks 15th out of all 50 states in relation to identity theft, he added. Arizona and Nevada ranked No. 1 and No. 2, respectively.
   "With this kind of crime, everything’s at risk," he said. "Your physical security and safety, emotional security and safety, financial stability and your ability and right to remain anonymous."
   To protect you and your business, you have to think of your assets in two ways: physical assets and logical assets, Mr. Gionesi said.
   "Physical assets are things like airports, points of entry, buildings, laboratories, train stations, storage lockers, food and water supplies, dams, power plants and public venues," he said. "Logical assets are things like data, lists, personal files, bank account numbers and file passwords."
   Once you’ve identified all that needs protecting, businesses should realize that most identity theft occurs offline.
   "Research shows that 72 percent of personal information used in identity fraud is stolen from offline sources," Mr. Gionesi said. "It may seem counterintuitive, but think of all that is available — your pocketbook, wallet, laptops, personnel files. In 2004, identity theft cost U.S. consumers $52.6 billion."
   Recent announcements from companies like Wells Fargo and Choicepoint that thieves made off with thousands of customer IDs are good examples, he said.
   "In November 2004, Wells Fargo Bank announced a laptop containing the confidential information of more than 200,000 customers had been stolen," he said. "At Choicepoint, the databased information of 145,000 people may have been obtained through an elaborate fraud scheme and at the Bank of Rhode Island, a laptop was stolen with the information — names, Social Security numbers, etc. — of 43,000 people."
   To make sure identity theft does not happen to you or your business, Mr. Gionesi offers the following tips:
   • Don’t give out personal information over the phone, over the Internet or through the mail unless you’ve initiated the transaction and verified security.
   • Keep your Social Security number in a secure place.
   • Limit the identification you carry to only what you really need.
   • Monitor your credit report.
   • Check your bills carefully.
   • Buy a shredder and shred all bills, statements or anything with personal information before throwing it away.
   • Change your passwords on a regular basis.
   • Get your name off of marketing lists. To do so call 1-888-5OPTOUT.
   • Only use ATMs at financial institutions.
   • When using an ATM or making a purchase, be aware of who’s around you.
   For businesses looking for an added level of security, Mr. Gionesi recommends:
   • Dual-factor authentication — use more than one level of security for employees to enter the building or certain areas of your business. Levels of security could include swiping an ID card, facial recognition or fingerprint authentication.
   • Keep an updated watch list — know who is and isn’t allowed in your building. Make sure you keep track of employees who have been let go.
   • Create and update policies and procedures to protect your physical assets — know who should have access to specific rooms or facilities.
   • Join forces with other companies to share ideas and best practices — set up regular meetings with other industry leaders.
   • Encrypt messages and email.
   • Protect access to computers — at Cryptometrics, fingerprint authentication is used to get into its computers, an application or file.
   • Create and enforce a policy of changing passwords.
   "This may sound like a lot of work, but it’s worth it," Mr. Gionesi said. "The technology is out there to make your business secure."
   High-tech options like iris scanning, fingerprint authentication and facial recognition are becoming commonplace, he said.
   "Fingerprint ID is really becoming widely used," he said. "You see it in laptops, PDAs, cell phones and many data-centers use it.
   "Facial recognition is becoming the de-facto standard for biometric IDs," he continued. "It can be either passive or cooperative, and the technology is much better than it used to be."
   For example, Cryptometrics has a product that can capture faces from 75 feet away within a 45-degree arc without the subject even knowing about it, and the image can be compared against a database in real time, Mr. Gionesi said.
   Biometric security options also are cost-effective, he added.
   "Surprisingly, they’re not as expensive as you might think," he said. "There’s intense competition in this industry, so you can get a fingerprint authentication device for as little as $30 or a more sophisticated model, something wireless that can be used as a key-chain or with multiple devices, for $100."
   Facial recognition cameras can be as inexpensive as a couple of hundred dollars or climb up to several thousand dollars, he said.
   A typical organization — with two or three entry points, database management, an employee watchlist and oversight — can easily be protected for between $50,000 and $75,000, Mr. Gionesi said.
   "Businesses need to think of it this way, it could cost them much more if something happens, and they’re not secure," he said. "The tools are out there, people just need to be proactive to secure their personal data and workspace."