Stop thief! That’s my identity

Identity theft is a multi-billion dollar problem – and growing. To the extent that financial advisers help guide their clients in protecting against risks, the topic of identity theft is arguably one that advisers can credibly discuss, and not just because financial product communications are often targeted by those by criminal intent.

Stories like this recent one – from a member of our team – are becoming commonplace:

“A few days ago I received a Facebook friend request from a good friend of mine. It seemed odd – not only have we been friends for years, we’ve been Facebook friends for years. I assumed she’d had a tech disaster and needed to re-establish her Facebook account. Just as my finger hovered over the ‘accept request’ button, I thought better of it, and sent her a message to check. She’d been hacked.

Although my friend had privacy settings in place, the hacker was able to access sufficient information to clone her account. They copied her photo, used her name, her school’s name and her friends list to send out dummy requests. By the time she realised, the clone had access to full Facebook profiles (and friend lists) of 45 of her friends.”

Through such actions, criminals can see photos of your home; see that you’re having a wonderful overseas holiday and that perhaps that home is unattended. Posts bemoaning banks and service providers open the way for targeted phishing scams. People lay their lives open on social media, not expecting to provide intel for criminals to exploit.

And that’s just the tip of the iceberg. There’s no disputing that technology and the internet has made life easy – getting cash from an ATM, using PayPass to ‘tap and go’, going online to pay bills or shop for bicycle parts. It’s hard to imagine life without technology; however it also comes with a downside…increased risk of identity theft.

It’s not just technology that makes us vulnerable. An unsecured letterbox provides access to bills, bank statements, part-filled credit card offers and sometimes the cards themselves. It’s not unknown for criminals to go through bins looking for useful papers – a credit card statement, superannuation fund advice, even a phone bill. Anything with identification can be used by the savvy.

Why should your clients be concerned about identity theft?

People steal identities for a number of reasons, commonly for fraudulent financial gain, but sometimes for more sinister purposes According to the Australian Bureau of Statistics (ABS) Personal Fraud Survey 2010-2011, Australians lost $1.4 billion due to personal fraud.  The same survey estimated that 1.2 million Australians over the age of 15 had suffered at least one incidence of identity theft in the previous 12 months (a 50% increase compared to five years prior).

Once a criminal has the information they need, using your clients’ details they could:

• apply for a credit card, bank account or other financial service
• run up credit card debts or obtain loans
• apply for identification vehicles such as birth certificate, driver’s licence or even a passport
• access superannuation and other savings
• apply for Centrelink benefits.

A quick-acting criminal could quickly run up tens of thousands of dollars worth of debt that takes time and effort to untangle. As well as being extremely stressful, your client’s credit rating can be negatively affected and they could experience a period of financial hardship as a result.

Tap and go technology brings fresh risks

With credit card signatures to be phased out in August this year, most cards issued over the last 18 months or so have included an inbuilt RFID (Radio Frequency Identification) chip, which allows the ‘contactless’ ’payment technology such as ‘tap and go’ to function.

Whilst most appreciate the convenience of being able to simply ‘wave’ your card in front of the special scanners, the downside is that an inexpensive credit card reader can get at the data from a few inches away, even if the card is in a purse or wallet.

How can your clients protect themselves from identity theft?

An important part of safeguarding your clients’ financial future is to ensure they’re aware of potential vulnerabilities and take action to protect them. Older clients in particular should be warned about email scams; not the amateurish requests to transfer money for an African prince, but the alarmingly sophisticated requests to verify bank data, or print off delivery labels for bogus parcels. The scary thing is that these techniques can be like a Trojan horse, silently running in the background of a computer, recording every keystroke and relaying them back to the scammer.

Tips to share with your clients include:

• put a lock on your letterbox and clear it regularly
• keep personal and financial papers secure, shred when no longer required
• ensure that virus and security software on your computers and mobile devices is up-to-date – new threats emerge daily, so currency is important
• don’t use the same PIN and password across cards and websites
• don’t use unsecured wifi for internet banking or financial transactions
• never respond to scam or phishing emails promising huge rewards for information or punitive actions for non-response
• regularly review financial statements and report unauthorised transactions immediately
• always use the most secure settings on social media sites and never accept unsolicited ‘friend’ requests
• if starting a new job, only provide your TFN to the new employer once you have commenced – the ATO warns of employment scams that seek to access TFNs.
• If you are travelling, or just extra conscious of the risks around RFID data theft, you can protect your cards in special wallets, usually made of aluminium or some other material that blocks signals.

Steps to take if a client’s identity is stolen

If a client does become a victim of identity theft, it’s important to act swiftly. While the extent and nature of the theft will dictate specific action, it’s important that these first steps are taken and documented for future reference:

• contact all financial institutions – highlight disputed transactions, change PINs and passwords and discuss whether other account changes are required
• report the matter to the police with as much documented evidence as possible
• contact the Credit Reporting Agency and explain the situation; regular checks on credit status should be made in the following months
• contact any other agencies such as the ATO, Centrelink or the Australian Passport Office.

If your clients aren’t sure that their online security practices are adequate, you can get them to take the ATO’s self assessment. It covers business and personal security practices.

Discuss this issue with your clients

It may be tempting – and legitimate – to decide this issue is not really an adviser’s responsibility. But this is undeniably an area where your clients can be exposed to financial risk, and those advisers who get on the front foot and discuss this issue with clients are likely to be rewarded with increased trust and loyalty.

—————-

Important information: The information in this article has been prepared by Zurich Australia Limited and is intended for Advisers use only. It is not intended for use by any retail client. The information is current as at 23 June 2014 and is derived from sources believed to be accurate as at this date. The information in this document may be subject to change. While all reasonable care has been taken in preparing this document and the consents of this document are presented in good faith, no warranty (express or implied) is given by Zurich as to the completeness or accuracy of the information in this document, and Zurich will not be liable (in contract or tort, including negligence, or otherwise) to any party or person if, and to the extent that, they rely on any information provided.