Victims must take a number of time-consuming steps to restore their identities and to dispute fraudulent debts and accounts opened by an identity thief. Additionally, victims may not be immediately aware of the theft and are often tipped off only when credit is denied or debt collectors appear.

The insurance industry has responded to this growing exposure by developing insurance products that, either as a standalone or endorsement to homeowners policies, reimburse the expenses incurred by policyholders to their names after occurrences of identity fraud. Additionally with the increased awareness of identity theft, there have been educational efforts to help individuals minimize their identity theft risks.

However, the rising tide of consumer concern over identity theft may ultimately create a reputation risk for businesses, especially those that conduct or facilitate online transactions or maintain customers personal information online.

These companies include dot-com and click-and-mortar retailers, as well as banks, brokerages, credit card companies and Internet service providers.

Ultimately, consumers will not only looks to these businesses to use the latest technology to create a secure online environment, but also to provide a solution in the event that their identities are stolen.

An August 2001 GartnerG2 report, entitled “Privacy and Security: The Hidden Growth Strategy,” underscored the privacy and security concerns of consumers and the need for companies to promote superior privacy and security protections.

The report, which was based on results from two GartnerG2 consumer surveys, found that 86 percent of online American adults are very concerned about the security of bank and brokerage account numbers when they are transacting or registering at a Web site.

Almost as many, 83 percent, expressed the same concerns about the security of their Social Security and credit card numbers.

Additionally, 70 percent are very concerned about the security of their personal information, including their income and assets.

The report also indicates that approximately 60 percent of online adults say security and privacy concerns stop them from doing business on the Web. In addition, more than 50 percent of those who buy on the Web say they'll enter their information, but admit they are not comfortable about it.

Businesses that conduct or facilitate online transactions are not alone in the exposures related to Internet-based identity theft. Many employers use Internet technology to maintain employees personal records. Companies often make benefit information, such as individual health insurance and retirement account data, available online through company Intranets.

Similarly, associations maintain members personal information.

Businesses, employers and associations seeking to create a safe, secure online environment should not limit themselves to relying on technological measures to address their key audiences security and privacy concerns. (If anything, recent history has shown the hacking society relishes the challenge).

These organizations should consider a number of old-fashioned, non-technology risk management tactics to help individuals identify and manage their identity theft risks, including:

Minimize individual risks.

Provide key audiences with information that can help them minimize their risk by managing their personal information wisely. This should include individuals handling of personal information offline, as well as through computer and wireless devise usage.

Insurance.

Personal lines insurance policies have long been offered through a number of distribution channels. Businesses may also consider making identity theft insurance available to customers with privacy concerns as a value-added service.

Assistance in the event of identity theft.

Among the time-consuming steps victims need to take are: contacting the fraud bureaus at the major credit bureaus; contacting the security departments of the appropriate creditors or financial institutions in which they have accounts that need to be closed; and filing reports with various law enforcement agencies.

Businesses and other organizations may provide instructions to help individuals reestablish their identities, as well as provide access to a toll-free hotline that can offer assistance in reporting the event to all required agencies and referrals to third-party legal services.

The growing incidence of online identity theft has created an individual risk that extends to the organizations that serve the online needs of those individuals. Incorporating risk management practices that complement their security technology can help businesses allay their potential customers privacy concerns.

By addressing these concerns, businesses will enable their customers to realize the speed and convenience promised by e-commerce. At the same time, a business that addresses such concerns will earn an enhanced reputation for its commitment to consumers privacy and the resulting benefit of increased business.

Jean McDemott-Lucey is vice president, B2C, for AIG eBusiness Risk Solutions in New York.

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, September 21, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.

Contact Webmaster