www.secure-it.com.my

Combating identity theft PDF  | Print |
User Rating: / 0
PoorBest 

get-attachment.aspx

How often do you receive phishing emails asking for your passwords or personal agents trying to sell you the latest insurance product? Today, wrong hands, be it those of bothersome marketers or identity thieves. Your personal information can be compromised through any channel, online or offline.

Experts share some thoughts on how best to protect your personal information.

How your information can be compromised

        As there is currently no law to protect one’s personal data, our personal information can be compromised an anywhere and anytime. Lim Eng Seong, general manager of personal financial services at HSBC Bank Malaysia Bhd, says the easiest way is when we write down our personal details or log in password and store them in unsecured places. The password could be compromised when it is discovered by a third party.”

         A more direct way obtaining personal details, especially financial information, would be through publishing website or emails. Lim says this technique is commonly used in financial fraud. “An email or fake website is disguised as a trustworthy entity to lure the unsuspecting into divulging personal information such as username, password or credit card details.”

          Personal information can also be compromised or services. For example, when signing up for loyalty and membership cards, or even free products offered by financial institutions, you may be allowing your personal information to be used by all sundry. Dawn Chuan’s (not her real name) bank offered her a free one-year personal accident insurance policy but she declined to accept it when she saw that there was a clause allowing the company the right to use her personal details for future marketing purposes.

           Some legitimate companies do pass on your information to third parties on your information to third parties for marketing purposes. Alan Puah, managing director of Secure-IT Solutions, says that sometimes, companies in the telecommunication industry have advertising arms that they outsource their marketing activities to. “When these third parties send direct mailers to the customers, they will need a database from telcos. So the data is given to them, it cannot be controlled [where the data goes after that]. They may sell it based on the demographics needed.”

           A great deal of personal information is also found in the internet, even through social network sites. While personal financial information may not be freely available here, other details such as photographs can compromise one’s privacy and bring severe implications. A well-known example would be recent case of the Canadian women on long-term sick leave because of depression, who found her insurance benefits revoked after her insurance agents found pictures of her looking happy on Facebook. Professor Abu Bakar Munir, professor of law at University Malaya, says information easily can be picked up online. “Overseas, prospective employers have been known to monitor social networking site and reject job applications based on information or pictures they have found."

          “When you allow access to your pictures and phone numbers through these social networking sites, anybody can retrieve personal information about yourself and also others whom you might have named or tagged in your pictures. These may cause repercussions in the future.”

How to safeguard your personal information

           Personal information is so much more valuable then it was before, so, prevent is better then cure. A simple guideline would be to be cautious when discussing your personal details. Roy Heong, consumer e-business head at Citibank Bhd, says it applies to institutions that hold much of your information. “Make amply clear to companies or financial institutions that you transact or correspond with on the phone or internet that they do not have the authority to pass on your personal information to their associate companies or any other parties not known to you. This would be a breach of confidentiality.”

            If in doubt, says Puah, clarity with the relevant organization. “I had to pay my telephone bill recently but my internet was down, so I couldn’t perform online banking and had to call the company’s helpline. When they told me the only other alternative was to give my credit card details over the phone, I asked them what steps they were taking to protect my personal data. They explained to me that they had CCTV cameras behind them whiled they keyed my details into the system before sending them through.”

            A manager with a local bank says that although Bank Negara Malaysia has not set put any regulations, it is standard practice for banks to put measures into place to protect their customer’s personal information. “Besides having CCTV cameras, customer service officer are not allowed to bring in personal belongings, including their bags, into the call centers. They have no email access and there are no USB ports available on the systems they are working on. All phone calls are recorded as well to help assist in investigations should there would be accusations filed against any officer.”          

             Limit the personal information that given out, especially when filling in application forms for non-financial institutions. Abu Bakar gives an example. “If you’re filling the form to purchase a Touch ‘n Go card, it’s pretty much like buying a bus ticket so there’s no need to given out details like your address and phone number.”          

             To protect yourself online, always ensure that you have proper anti-virus and anti-spyware programs to keep malicious, Trojans and malware at bay. Besides that, always be careful about signing up for membership on sites, even if they may be offering very attractive goodies.          

            The second reading of the Personal Data Protection bill, which was the midst of being passed at the time of print, will soon provide a layer of protection for consumers and their personal information. The bill gives the data subject the right to prevent the use of his personal details for marketing purposes. Should the data subject’s request, he or she is liable to a fine of up to RM200,000 or imprisonment of up two years, or both. The bill also prevents the unlawful collection of data, and any person who is convicted if doing so is liable to a fine of up RM500,000 to three years,  or both.          

            Meanwhile, if a crime has been committed through the theft of your personal information, time is of the essence. Notify creditors such as credit card companies, phone companies and other utilities, banks, and other lenders, says Heong. “Ask to speak with someone in the customer service, security or fraud department of each creditor and follow up with a letter immediately close accounts that have been tempered with and open new ones with new personal identification numbers (PINs) and passwords, even with credit card or banking accounts.”           

            Next, file a report with the police and the post office, if necessary. “Even if the police can’t catch the identity thief, a copy of the police report can help you if the bank, credit card company or others entities need proof of crime,” says Heong. “If an identity thief has stolen your mail to get new credit cards, bank and credit card statements and tax information, or even if the thief has falsified change-of-address forms, they are all crimes. Please contact the nearest Pos Malaysia branch.”           

            For online cases, consumers can complain to the Malaysian Computer Emergency Response Team (MyCERT), a division within Cybersecurity Malaysia that handle fraud, forgery, harassment or spamming. However, Senthil Vaasan director of Secure-IT Solutions, say MyCERT doesn’t have the authority to take action unless there is evidence of a commission of a crime.

Other Ways to Safeguard Your Information 

1)    OFFLINE

       Clear your mailbox

One of the easiest ways for anyone to pick up information about yourself would be to pick up   your mail. They would have your full name as well as your address. Roy Heong, consumer e-business head at Citibank Bhd, says the mailbox is the favourite target of identity thieves. “Retrieve your mail as soon as possible after the postman comes.”

       Get rid of your receipts

Keeping your details stored in a safe place is also crucial. Financial information stored in your wallet should be kept to a minimum. Besides leaving unnecessary credit cards and ATM cards at home, Heong says, receipts should be taken out and destroyed.Identity thieves look for information on old receipts. Hence, individuals are always told not to leave receipts at ATMs, bank counters or even at petrol station.”

Don’t give out your phone number easily

Certain stores may offers you a freebie or two, and ask you to fill up a form, providing your phone number. You might just find yourself receiving unwanted spam SMSes promoting their latest products later. We can’t tell how much we’ve given away till it’s too late, says Alan Puah, managing director of Secure-IT Solutions. “My guideline is not to give out my phone no matter what [because it is valuable to marketers]. Emails are all right because there they can’t get much contact with you unless you choose to”

 2)    ONLINE

Use unique password

When coming up with password, avoid using commons numbers such as your date of birth or identity card number. Use alphanumerical passwords that consist of both letters and numbers. Puah provides an example. "I have three level of password: one for secure transaction like banking; one for not-so-secure ones like social networking sites; and one that I can easily give out should I want to share files with people. All three types are made up of alphanumeric characters.” 

Another useful tip recommended by American-based internet education website GetNetWise would be to come up with a phrase that only would you remember."For example, the phrase ‘I was married on June 24 in Finland’ would result the password ‘iwmoj24f’ if you use first letter of each word in the phrase. This password includes both letters numbers and will be more difficult to guess. Or you can take the first letters and numbers and will be more difficult to guess. Or you can take the first letters of a favourite song title or phrase. For example ‘Old McDonald Had a Farm’ could be ‘omhaf'.’'

Use password-protected wi-fi networks 

Avoid using free public Wi-Fi when performing any financial transactions as third parties who could pick up and track your password and important personal details. For personal home Wi-Fi, Puah suggest, create a hidden wireless network."Those who want to join your network must manually type in the password, network and ID and be within range in order to join.”

Secure your online transaction    

When doing online banking, make sure that the website is secure enough. Ensure that the URL starts with ‘https’ or hypertext transfer protocol secure, says Puah. “Make sure the site has a ‘Verisign’ symbol. Look for the padlock symbol that appears at the bottom right of the window. Your transaction will not be easily compromised and any data that you send will be encrypted."

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Did You Know

arrow Identity theft is the top consumer complaint in the USA according to the Federal Trade Commission.

arrow US consumers reported fraud loss totalling more than $1.1 billion in 2006.

arrow Credit card fraud (25%) was the most common form of reported identity theft in the US in 2006.

arrow More than 100 000 people are affected by identity theft each year in the UK

arrow According to Privacy Rights Clearinghouse, more than 350 data loss incidents involving more than 140 million records have occurred since February 2005

arrow Organisations are obliged by law to take take adequate steps to ensure the proper disposal of data


You are here  :