Identity Theft Prevention
by Char Coburn
Columns
Identity Theft Prevention
Properties must ensure that personal identification data for both employees and customers is kept securely and disposed of thoroughly
Char Coburn is the director of Human Resources for the Bonanza Casino in Reno, Nev. She has been at the casino for the past 20 years, and is a human resources generalist who wears many hats. She can be reached at char@bonanzacasino.com.
The first part of December found me in Boise, Idaho, visiting with my daughter. We were finalizing the decorations and other plans for her upcoming wedding. As part of that, on Sunday we went to local craft store, and I used my debit card to pay for our purchase. Later that day I was at the airport catching my flight home, and I tried to use my card to get a bite to eat. My card wouldn’t work, but it didn’t alarm me, as there are still businesses that have older devices that refuse the cards once in a while.
I bank online—one of the best timesavers I’ve found in years—and I signed in on Monday morning to do so. When I pulled up my checking account I was astonished to see that it was being debited for a $453 transaction at Macy’s…in Brooklyn, N.Y., and another charge appeared to a subway station for $20, also in Brooklyn. I pushed the buttons to call the bank at record speed.
I was very surprised that the bank fraud unit had been alerted to the unusual transactions and had put a freeze on my debit card immediately. That, of course, was why I couldn’t use it at the airport. I was impressed with Bank of America and was really happy to have the funds credited back to my account quickly. I was required to sign an affidavit stating that my card was used fraudulently. And since it was impossible to be in Brooklyn and Boise at the same time, they readily believed me.
Locating the breech
My first concern was how my card number was obtained and used. The bank asked if I had been out of the country recently and used my card. Unfortunately, my answer was no, so that didn’t solve the riddle. The person who did so didn’t have my PIN, thank goodness, so we have surmised that someone randomly generated a series of numbers, created a plastic card and went out shopping. We will most likely never know for sure.
My next concern was for identity theft; how much more information could this person have about me? How it happened and whether something similar would happen again has been on my mind for a couple of months now. I jumped at the chance to attend a breakfast meeting where a speaker would offer information about this subject.
The theft of identities is running rampant. One of the easiest ways for thieves to obtain information they can use to “become you” is through breaches at companies that hold your information. At the seminar I learned that since May 2005, 101,896,209 records have been made available to the bad guys. That includes social security numbers, addresses, birth dates, credit card numbers, bank account numbers, medical histories…the list goes on ad nauseum. My heart sank, knowing I could be part of that.
The presenter told us about a trip she and a co-worker made to their local trash dump. Just below them, in the dirt of the dump, they caught sight of computer generated documents with names, addresses and other pertinent data and file boxes full of letters, files and other documents pertaining to interactions that these individuals had with the law firm named on the letterhead of many of the papers. Had she been a person searching for a way to steal someone’s life, the information was right there for the taking.
Knowing the laws
We also found out about a couple Web sites that are resources for you, personally, as well as for obtaining information pertinent to your property: privacyrights.org has a wealth of information that you can use to institute policies and procedures to protect your employees and yourself; ftc.gov, the Federal Trade Commission Web site, offers insight on how the government intends to deal with the problem nationally, as well as keeping the us updated on laws that we must be familiar with.
One of those laws is called FACTA—The Fair and Accurate Credit Transactions Act. It covers a lot of ground, from what help is available to victims of identity theft to workplace investigations standards. I recommend you go take a look, if you haven’t already done so.
We all know that we shouldn’t use social security numbers as identifiers for our employees. Indeed, I’m told that some states have laws prohibiting that practice. Out-of-date employee record disposal should be done through the shredder, just like confidential financial information. Have you considered the information that you have on file for your customers, such as in players club databases? That information must be highly protected, as well.
The 109th Congress will be looking at some legislation to address the release of sensitive personal information, which they define as a first and last name combined with a social security number, driver’s license number, or access code associated with financial institutions. The laws will direct employers and others holding that sensitive information to develop a security plan and install electronic safeguards, conduct periodic risk assessments and have policies on how to provide individual notification of a security breach. I understand that they will include penalties and other remedies for those who violate the statutes.
So that’s why I told you about my personal experience and my concerns that the bad guy will do something more. We must be proactive in preserving confidential information, not just because there are laws that do and there are more coming, but because it’s the right thing to do.
