The study asked respondents if they had experienced credit card or identity fraud in 2007, and then aggregated the results into categories according to gender, age and regional location. Apparently, if you’re a young, professional male and living in London then you are one of the most likely victims.
While this is of course very bad news for those concerned, it’s much worse for businesses that are connected. They can be hit by:
– heavy fines and bad PR (in the case of companies that have negligently lost data)
– the substantial cost of resolving the cases (including, perhaps, the loss of valuable stock)
– potentially substantial losses of business and brand damage from customers and prospects who may well have experienced considerable ‘hassle’ from a lack of process to resolve ID fraud cases both quickly and easily
More vigilance is required
Christine Andrews is director of the DQM Group. Speaking to info4security.com, Andrews commented: “These worrying rates of reported ID fraud underline the need not just for consumers, but also the businesses and public sector organisations that hold their personal details to be much more vigilant when it comes to their data security standards. It’s not just about receiving substantial fines, such as the near GB pound 1 million imposed on the Nationwide Building Society by the Financial Services Authority. The far greater cost is the damage to brands and value of customer data – the two most precious assets a company holds.”
Andrews continued: “We trust public and private sector organisations with our personal details, and expect them to keep this data secure. However, several high profile cases in the past year alone highlighted the lack of adequate measures in place to protect against data theft, loss and misuse.”
Regular compliance auditing: an essential
In conclusion, Andrews stated: “Security is being addressed almost exclusively from the point of view of stopping data leaving the organisation and falling into the wrong hands. All organisations should now have in place detailed processes to protect against data theft or loss. However, very few actually undertake regular compliance auditing of these processes, or of third parties like Data Bureau who manage their valuable information.
“Recent events have shown time and again that data is stolen and doesn’t get lost, so it’s equally important for organisations to consider what to do once a data breach has occurred. It’s critical for organisations to be able to track, using unique ‘seed’ names, whether or not criminal abuse is happening such that measures to protect customers and citizens may be escalated immediately. Such tracking mechanisms, in combination with effective central monitoring to identify unauthorised use of records, are only in place in a minority of companies.”
For the survey, a representative sample of over 1,000 UK adults was questioned during January and February, with the sample balanced by age, gender, region and social class. Respondents were asked to state whether they had experienced someone trying to fraudulently use their credit card or attempting to perpetrate some other form of ID theft.
The fieldwork was conducted by Ciao Consumer Surveys, a member of the Greenfield Online Group.