Be Proactive Against Phishing Scams

Security experts are warning that consumers are primed and ready to be phished. With the holiday bills due soon, bogus offers to consolidate debts into a low-rate, easy payment plan should be expected as this is what many people will need.

In a related note, Netcraft has confirmed that more than 450 URLs used for phishing presented a connection with Secure Socket Layering. This was seen in 2004, but more so in 2005. This SSL connection shows the user that they are in an "https" (secured) page and the lock in the lower right of the browser will also show. Many consumers are taught to look for these as evidence of validity and security. While internet shopping should only be done when these are present, this will no longer provide an automatic sense of security.

Teach your customers to look closely at the sites they shop from. Ask what took them to that site. Was it an email asking to validate information or did they use a bookmarked address from their list of favorite sites? Did a window tell them the certificate on the "secured" site was in question and did they just click "Yes" to proceed?

Train your employees and customers to be on the lookout. BOL has provided sample scam letters you may want to use in training and for customer reference.

Security Breach, Massive vs. Minor, Which is Best?

Is a massive security breach better than a small one? ID Analytics, a San Diego based fraud detection company, recently analyzed four recent security breach cases involving 500,000 accounts. The six month study compared the information which was compromised to applications for credit. They discovered that the smaller the breach, the more likely it is that the information would be used.

Mike Cook, ID Analytics co-founder, said “If you’re in a breach of 100, 200 or 250 names, there’s a pretty high probability that you’re identity is going to be used.” It is believed that the perpetrator can only use 100 to 250 identities in a year. If a breach is very small as to the identities compromised, there is a strong likelihood that the data will be used. If the breach yields more names and associated information, there is a lesser chance that any one will be used. Statistically they believe that only 1 in 1,000 identities will be used.

This is good news, in a way, because it says that only so much data can be used in a given period of time. It isn't good if you or your customer is the one in 1,000. And you must still react to the data breach. Using the FCRA, credit card loss reports and other tools available to raise red flags, can help mitigate the potential damage caused by the use of the data. The quicker these flags are raised, the less likely it is that the data will be useful. If no flags are raised, no precautions taken, the data has a longer shelf life and the risk of use in the long term is higher.

If your website has information on identity theft, this 1 in 1,000 statistic may provide some comfort to your customers. This is especially so when combined with your proactive stance on security and data theft prevention. You should clearly describe to your customers what you do, but in very general terms. Let your customers know that you take the security of their information seriously.