With the advent of online payments in recent times, transferring value across the world has never been easier. However, this comes at a price. Just as opportunities are widespread for legitimate businesses, illegal entities are also thriving via certain loopholes created by the rapid influx of enabling technology. One “juicy” loophole is identity theft – the fraudulent practice of using an individual’s personal information to obtain financial advantage either via credit, benefits and/or loans – usually to the disadvantage or loss of the individual. In many cases, victims of identity theft don’t even know they’re victims until long after the crime has occurred and they are contacted by their financial institution. In this blog post, we’ll take a look at the narrative behind identity theft, its consequences and possible ways it could be checkmated.
Typical scenarios of identity theft
Identity theft can occur in a number of ways but the most common methods include:
Skimming Devices — Certain retail stores may have skimming and cloning devices installed in their POS machines. These POS machines are then enabled to electronically read and copy card information form the magnetic strip – mainly masked PANs and CVV numbers and sometimes, PINs. This data is then uploaded to a database and then used in various forms either by imprinting these details on cloned cards or using them to make purchases online.
Phishing — Phishing mainly involves the art of obtaining personal details via sending what appears to be a legitimate email from a reputable organization say your bank, a business partner or some trusted entity. There are different forms of phishing, ‘vishing’ (voice phishing) and ‘smishing’ (SMS phishing) are quite popular. Usually, these messages come with attachments containing malware and appear as an invitation to click on a link or to provide some personal information to authenticate or validate something. Without carefully scrutinising messages of this calibre, most users unknowingly comply and forward sensitive information.
Web spoofing — Although similar to phishing, it’s different in that it involves tricking users into visiting what appears to be a legitimate website and having them input sensitive information which can then be recorded via key-logging software or uploaded to a server once a user hits the Submit button. Most times after a user submits their details they are usually redirected to a page with a 404 error message which makes them assume they have a faulty internet connection or the site is down thus allaying any suspicions that could arise. One way to detect web spoofing pages is to pay close attention to the URL address as the website loads. Most likely, the address will start out as the one you expected but then will change to another address as the page is loading.
WiFi Hacking — A subtle but effective way hackers can gain access to sensitive information is through public wifi hotspots. While private WiFi networks may use firewalls to defend their users from malicious attacks – the same can’t be said for their public counterparts. As a result, users of public WiFi hotspots at airports, malls or similar locations may suffer theft of data when they use these networks to perform certain activities such as internet banking, email and password logins, etc.
Long term effects on online businesses
Though identity fraud primarily hits individuals, the ripple effect can be felt on online businesses. Identity thieves involve businesses mainly when they are trying to use illegally obtained personal information to their advantage. A couple of negative effects this could have on businesses include:
Eroding customer confidence — If the clone of a business’s identifier such as an official email address, website or social media handle can be created and used to defraud its customers, it will result in loss of confidence in that business. Cases have occurred where share prices and market value of businesses plummeted due to a data breach or compromise of user identity in any form. This explains why reputable organisations would rather keep occurrences of data breaches or hacks of any form private and tend to handle these “internal bleeding” situations with utmost caution.
Depletion of trust capital built with financial institutions— A vast majority of user identity stolen in the form of credit/debit cards are used to purchase merchandise online. Most of these cards are zero liability payment cards thus businesses where they were used to make transactions will be dealt a huge blow when the real cardholders begin to file for chargebacks, which ultimately depletes revenue. Moreover, if the merchant bank feels a business is receiving too many chargebacks, it will rescind the ability of that business to process credit card payments – a huge blow to any online business out there.
Long term tax disputes with the government — Business tax IDs, profit margins and revenues are easily accessible and more rewarding to identity thieves than individuals. Should your business identity be stolen and used to file a fraudulent tax return, you can be liable to severe fines and penalties from the government and other tax agencies. An example of such grave penalties is the U.S government – whose penalty for fraudulent tax returns involves a $500,000 fine and/or 3 years imprisonment.
Ways of checkmating identity theft
The increased used of social media has made it easier for identity thieves to gain access to information that should be private. Answers to security questions like a person’s maiden name can easily be gotten by doing some snooping over social media applications. It’s important you protect yourself. Here are a few ways individuals and businesses alike could insulate themselves from identity fraud:
Be choosy with withdrawal and purchase points — As a cardholder, ensure you only use ATM and POS machines at areas you are familiar with. Refrain from trying to use machines that are not within your vicinity. You could even set up a security feature with your bank that flags certain transactions as suspicious when they are carried out on ATM machines that are not within your usual location.
Do away with passwords — Computer programmers will tell you that passwords were originally created to help secure individual time spent on computers by multiple people and not to protect personal information or to secure valuables. Embrace cutting edge technology – such as user biometrics that allows you to go passwordless when you can. Businesses could implement FIDO2 – a phishing proof, passwordless, authentication protocol developed by the Fast Identity Online Alliance (FIDO) and the World Wide Web Consortium (W3C). If you must use passwords, try using a different password for anything financially related. As a hack, you could use a space as one of the characters in your password – statistically, only 0.03% of passwords that exist are written this way.
Review credit card and bank account statements often — Endeavour to review your account statements at least every other week. You can also have your credit card issuer enable fraud alert notifications that can be customised to alert you each time your card is used to make a transaction that is different from the usual amount you spend.
Refrain from using Public Wi-Fi — Remote workspaces are currently taking over, but there could be dangers in setting up your “office’’ in the local coffee shop. Ensure you don’t conduct bank transactions, make online purchases or enter any sensitive information on your devices when using public Wi-Fi hotspots as your data could easily get compromised by intruders.
Request for a freeze card feature — Certain financial services like Barter, have a feature that allows you to “freeze” a credit card if you’re not going to be using it for some time. Once the feature is enabled, the card is inactive, thus the risk of identity thieves using the card is eliminated. Here’s a short clip on how Barter implements its Freeze Card feature.
Financial fraud remains on the rise – combatting it can only be successful when the human risk factor involved is whittled down to the barest minimum. Adoption of passwords for logins still remains popular because most digital authentication processes tare complicated. passwords. Engaging cybersecurity companies and insurance companies who provide cyber-insurance could pay off in the long run for businesses who would rather be safe than sorry. –Raphael Ugwu,Developer Advocate, Flutterwave