An individual comes home one day to find that their house has been burgled. All their valuables and personal belongings have been taken, their home upended. They, like so many others, are a victim of crime. Their first reaction? Clean and rebuild their home. Second - take extra precautions, research and buy the latest security products to put their mind at ease and rebuild their home. Third – check that your insurance coverage is up to date.
The house that was once a crime scene has quickly become one of the most secure on the street—far less likely to be burgled again, better protected and well covered.
So, what happens when the same person is a victim of another crime, this time their identity being stolen?
The difference in common response is stark. A person’s identity is almost certainly worth more than their flat screen TV. And once stolen, the risk of encountering additional identity related crime is higher than average. Yet, most of us fail to react in the same way as to a burglary, leaving us vulnerable. So why don’t victims of identity theft react like they should?
The ripple effects
In the first few months of 2018, 1.4 billion customer records were exposed in data breaches. No business is safe—both large and small enterprises have experienced cyber-attacks. Household names, including the likes of TSB and British Airways (BA), experienced sophisticated attacks on their security systems. In the case of BA, more than 380,000 transactions were compromised, alongside the personal and financial details of customers. Names, email addresses, credit card information and CVV security codes all fell into the hands of the attackers.
No matter how it happens, once the bad guys have access to this kind of data they can commit many types of fraud: they can access, open and use bank accounts in that customer’s name; make fraudulent purchases and even sell these details onto other criminals. But in the eyes of the customer, the bad guys are not just the individuals who have stolen their data. It can also be the organisation who let their personal data fall into the wrong hands – the equivalent of letting the burglars in through your front door from the inside. Due to an issue caused by the organisation involved, customers have now become, through no fault of their own, victim to identity theft and exposed to fraud that causes them severe distress.
Putting the house back in order
What’s more astonishing is once an individual’s identity is stolen and acknowledged by the organisation at fault, many victims are likely to leave the issue unresolved—failing to take any action that will protect them.
When data is stolen it is not as simple as a burglary—installing a security camera or placing a guard dog outside your home won’t help. Recovering and securing one’s identity is time consuming and confusing, especially if the victim doesn’t know where their identity is being used. There’s another added layer of complication: the police help you after a burglary, but who helps to fix identity theft?
Organisations need to work with their customers to provide a digital equivalent of a new security camera after an identity incident happens, especially if it happens on their watch. The hard part for organisations, large or small, is how to do this when the customer thinks that you’re to blame.
One idea is a digital version of a passport or driving license that could be used to verify themselves—and it already exists, though adoption is sparse. There is a system in Norway called BankID that was created through a collaboration between banks, and allows consumers to prove who they are, entirely online, with little hassle and high security. It’s trusted by the banks and trusted by consumers, so much so that its now used to access not just bank accounts but also secure mail and public services, and even sign contracts.
The key to rebuilding trust after a cyber-attack is digital identity, and business and consumers need to embrace this technology to ensure everyone sleeps soundly. To protect their customers, businesses must first protect themselves. When they leave their cyber windows unlocked and their cyber keys lying around, something bad is bound to happen.
Ultimately, customers don’t see securing their digital identity as something they need to take responsibility for - whether right or wrong it will always come back to the organisation.
Preparing for the inevitable
When someone’s house has been broken into, one of the first things they will consider is speaking to a security firm, to set up alarm systems and cameras. With quality partners, the individual can restore their home and put their mind at ease with expert help.
Identity fraud should not be any different. It should not be left to the individual to fix alone, instead the organisations that we trust as guardian of our data have a responsibility to fix things if something goes wrong. And it’s more than just a moral obligation, its sound business policy—stepping in and providing ID protection sustains loyalty and builds trust after a cyber-attack as well as protecting the individual and the organisation from further compromises.
We will continue to see businesses hit by higher levels of attacks and scams, all designed to obtain sensitive information on individuals, and further eroding the trust we put in them. Businesses need to take the correct measures to ensure that their customers data is protected, and their identity restored when the inevitable happens.
Thomas Bostrøm Jørgensen, General Manager, AllClear ID
Image Credit: Dom J / Pexels