October 1, 2008

IN-FIRM Planning To Optimize Today’s Technology

Column: Technology IN Practice

Roman Kepczyk

From the Oct. 2008 Issue

Over ten million Americans have been a victim of identity theft according
to the TrustedID.com website. Virtually every week, there is another newspaper
story about hackers breaking into systems and capturing personal information
that could be utilized by criminals to steal the identities of your personnel,
members of their families, and your clients. And those are just the breaches
that are discovered and reported to the media! With the increased utilization
of digital personal records, digital payments and online banking systems, the
opportunity for hackers to get access to large volumes of information will only
increase the risk of identity theft. Surveys indicate that the average victim
of identity theft will spend $8,000 resolving the issue and will take an estimated
600 hours of personal time to do so. If one of your personnel or a member of
their family becomes a victim of identity theft, imagine the impact on their
productivity and the corresponding impact on the firm during that time. For
this reason, we feel it is imperative that firms take a proactive approach to
managing the risk of identity theft, which can be done with education of personnel,
providing resources to deter and respond to identity fraud, and having a prepared
response in the event that one of your associates becomes a victim, to minimize
the impact.

Education
The first step in managing identity theft is educating your personnel on how
it occurs and what they can do to minimize the risk. In addition to online breaches,
identity thieves steal purses and wallets, “skim” credit cards when
you pay for services, and sift through garbage to find un-shredded credit card
statements or other financial records that they can use to open other accounts
or change the address so they can bypass delivery of statements. They also use
this information to get identification such as driver’s licenses, so access
codes and PINs should not be easy to guess, such as mother’s maiden name,
the last four digits of your social security number and birthdates.

If an identity thief commits a crime, the unknowing victim must prove they
were not responsible, which can have very far reaching impacts. Employees should
be educated about warning signs such as not receiving bills when expected and
consider using a notification service. It is also important to review the annual
benefits statement from the Social Security Administration to verify that the
salary amounts are correct and that no one else is using your SSN for payroll.

Identity Theft Resources
The Federal Trade Commission (FTC) is the watchdog for consumers in the United
States, and they have developed resources specifically to assist identity theft
victims at www.ftc.gov/idtheft. They have also set up a telephone hotline where
they can be contacted directly: 877-IDTHEFT. The FTC created a document entitled,
“Take Charge: Fighting Back Against Identity Theft,” which can be
downloaded from their website and stored on the firm’s network for easy
access or forwarding. The Federal Deposit Insurance Corporation (FDIC) has also
developed materials for dealing with stolen wallets (Your Wallet: A Losers Manual)
or abuse of checking accounts (A Crook Has Drained Your Account. Who Pays?)
at www.FDIC.gov and through
their hotline at 800-934-3342. Reviewing these documents can assist the firm
in creating educational materials, as well as planning a response.

Third-party services can help with the prevention, detection and remediation
of identity theft, and firms should consider providing some of these as an employee
benefit. Services range from $5 to $20 per user per month, and some have plans
that include every member of the family for less than $200 per year. A list
of providers can be found at NextAdvisor.com,
comparing services such as LifeLock, TrustedID, IdentityTruth, IdentityGuard,
IDWatchdog, FamilySecure, LoudSiren and Equifax. This is not intended to be
a comprehensive listing of all resources and is provided for illustrative purposes.
Some of these services will place a fraud alert on your account for you every
90 days, provide you with regular access to your credit report, and manage the
removal of your name from pre-approved credit listings.

While all three of these services can be done by individuals for free, some
people will get peace of mind by outsourcing the responsibility. These services
can also proactively provide you an immediate notification of any inquiry or
change in your credit report. Finally, these services can also handle the remediation
for the victim by getting a power of attorney and doing all the legwork for
the victim, so they can get back to work with the knowledge that a professional
service is taking care of the problem much more efficiently than the individual.

Prepared Response
As soon as the firm becomes aware of any employee either becoming a victim or
even suspecting they are a victim, they should have a package prepared for the
person to respond as quickly and aggressively as possible to minimize loss.
This document should list the action steps beginning with the phone numbers
for the fraud departments of the three major credit bureaus (Experian, TransUnion
and Equifax) to place a “fraud alert” on the user’s record
and to post a “victim’s statement” requesting that you be
contacted prior to opening any new or making changes to any existing accounts.
The employee should ask for a free copy of their credit report to verify all
the accounts that are open and to review the section on inquiries for new accounts.
This fraud alert will usually be in place for 90 days and can be renewed. In
the event of a proven loss where the victim has filed an Identity Theft Report
with the Police, the victim can ask for an extended fraud alert, which will
be in place for seven years and will require potential creditors to contact
the victim directly before extending any credit.

The victim should then contact each creditor including banks, utilities and
the phone company and ask to talk to the fraud department, which should be followed
up in writing. All accounts that have any appearance of being tampered with
should be immediately closed. The victim should also make a concerted effort
to file a police report with the local department where the theft took place
as well as contacting the Federal Trade Commission, which has many available
resources to assist victims. If the victim’s driver’s license was
stolen, the victim should contact the licensing department and notify them of
the theft and get a new license issued.

Identity Theft can happen to anyone, leading to extensive lost time and possible
financial ruin. For this reason, firms need to take a proactive approach to
minimize the impact on the firm and to develop the resources to protect their
personnel.

On The Web:

www.ftc.gov/idtheft
— resources to assist identity theft victims

www.FDIC.gov — materials
for dealing with stolen wallets or abuse of checking accounts

NextAdvisor.com
list of third-party service providers that can help with prevention, detection
and remediation of identity theft

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Tags: Technology

Leave a Reply

Kepczyk 2019 5c6da0647d129

Roman Kepczyk

CPA, CITP, CGMA

Roman H. Kepczyk, CPA, CGMA, CITP, is Director of Firm Technology Strategy for Rightworks and works exclusively with accounting firms to optimize their internal production processes within their tax, audit, client services and administrative areas. Roman has been named a most recommended consultant for 17 years, has been in the AT Top 100 for 18 years, and has been named a CPAPA Top Thought Leader from 2011 to 2023.