The enormity of the Equifax® data breach has left a wake of fear and frustration among businesses and consumers alike. Names, social security numbers, birth dates, addresses, driver’s license numbers, and other information were among the types of data stolen from an estimated 143 million American consumers earlier this year.
To make matters worse, Deloitte and Sonic have also recently announced data breaches. It is safe to assume that the majority of your consumers have had their information stolen from one or a number of these breaches.
If you want to protect your business and account holders from identity fraud, you need to take action fast.
Below are a number of steps you should take to better protect your business and consumers from potential fraud exposures in the wake of these massive data breaches.
Risk mitigation measures to protect your business:
- Take swift measures to defuse the impact of an attack if you identify an uptick in identity fraud.
- When authenticating an account user, require personal information (i.e. high school crush, best friend from childhood, pet’s name) along with identifying information for access to the account to help prevent the identity theft of your consumers:
- Require that the account holders have a password or passcode to access their account.
- Use multi-factor authentication:
- Who you are: Inherence factors, such as biometric methods
- What you have: Possession factors, such as ATM card numbers
- What you know: Knowledge factors, such as password, pin or secret question
- Don’t just rely on SSNs, birth dates, home addresses or driver’s license numbers for granting account access.
- Adopt advanced tools, like biometric authentication, for verifying the identity of accountholders.
- Verify you have up-to-date contact information for all of your members’ accounts, including consumer cards and online accounts.
- Set up a website with information regarding how you plan to communicate with your account holders about updates related to the Equifax cybersecurity breach.
- Post and share contact resources and information for consumers so they know where to go for to have their questions or concerns addressed.
- Share educational resources and tools with your account holders that aim to help them prevent and manage identity theft and fraud.
- Train staff on fraud warning signs and job-relevant fraud prevention/response procedures
- Proactively build a response plan, so you can swiftly implement the plan should any fraud exposures occur. See our Data Breach Preparedness Checklist for recommendations on building a strong plan.
- Monitor likely points of entry for fraud, such as:
- New membership requests
- New products or services requests
- Change of account holder information for existing members, such as change of address
- Purchase institutional coverage that insures your financial institution should a cyberattack occur.
- Consider partnering with an identity theft vendor that offers “deeper” fraud monitoring services for consumers, namely:
- Dark web monitoring
- Social security monitoring
- Address change monitoring
As you work to mitigate the impact of the Equifax breach, we strongly urge you to also share breach information and updates with your consumers, while also educating them about how they can prevent and manage the risk of identity theft.
Risk mitigation recommendations to share with your members:
- Closely monitor all credit accounts and loans, to catch and report any suspicious activity on any one of those accounts.
- Immediately report any suspicious credit or loan account activity – no matter how remote the suspicion – to the financial institution and/or lending institution.
- Sign up for the fraud alerting services offered by the three credit bureaus to receive notifications about potentially fraudulent activity:
- Sign up for free credit monitoring services, to monitor and report unauthorized activity.
- Place a freeze on all three credit bureau accounts to prevent fraudsters from opening new accounts.
- Sign up for email/text alerts with live card activity through the financial institution and through the card issuer’s website:
- Visit Equifax’s data breach response site, which contains up-to-date information about how this data breach.
- Access Equifax’s newly created “hack-checker” tool to find out if they were among those impacted by this breach.
- Visit the FTC’s page on the Equifax breach to learn about what happened and what to do.
- Visit the FTC’s identity theft website to learn what steps to take in response to proven identity theft.
- Make sure all of your accounts are safeguarded by complex passwords and security questions.
- If your accounts do not require a security question, you may want to consider asking for this to be added to your account for better protection.
Reach out right away to Allied Solutions’ risk consulting team if you are experiencing an uptick in identity fraud, so we can help you to minimize the fraud exposure.
Sign up to receive Allied’s Risk Alert newsletter to receive updates regarding the Equifax breach, as well as other updates, education and insights related to cybercrime and fraud.
Register for our October 10 webinar on the Equifax data breach, prevented through NAFCU Services.