Local BBB chief Richard Eppstein didn t know his credit card numbers had been stolen until he received a bill for not one but two $900 tools charged at two Toledo businesses.
A quick call to his credit card company got the charges off his bill, but the Toledo businesses that had handed over the tools after they had been charged by phone weren t so lucky.
“The two local companies each got socked $900 for this tool, and they re just out the money. They have no recourse,” said Mr. Eppstein, president of the Better Business Bureau of Northwestern Ohio and Southeastern Michigan.
“A lot of businesses ... work on trust and they get burned.”
Identity theft is a growing problem in the United States, according to the Federal Trade Commission.
It found in a survey last fall that more than 27 million Americans were victims of identity theft in the last five years -10 million in 2002 alone at a cost to the victims that year of $5 billion. Complaints have nearly doubled each year since 1998.
But businesses have taken an even heavier hit. The federal agency estimates identity theft losses to businesses and financial institutions were nearly $48 billion in 2002, the latest year for which figures are available.
A new federal law may help some, but the Fair and Accurate Credit Transactions Act of 2003 signed last month by President Bush is to help consumers whose names, Social Security numbers, credit card numbers, or other personal information were stolen and who then encountered problems including unauthorized charges.
“[Many consumers] are blaming themselves for becoming victims ... but we have companies that are still in the dark ages thinking this is a consumer problem and we are not involved, ” said Linda Foley, executive director of the nonprofit Identity Theft Resource Center in San Diego.
“Yes, consumers should have locked mailboxes, but businesses need to be aware of what they re doing, and that means starting with the mailroom.”
One key way for businesses to thwart thieves is by not using full information on statements and other mailings, so there is nothing usable in case the mail is intercepted, she explained.
Also, she said, Social Security numbers should be used only to establish credit or loans or for specific governmental purposes. Companies should come up with other digits for account numbers, she emphasized.
“Companies have to remember that what they don t have, they can t be held liable for,” she added.
That s the philosophy under which Dave Jankowski, co-owner of Jann s Netcraft in Monclova Township, operates.
Although the company collects $3.8 million in revenues a year by selling fishing tackle by mail order and, increasingly, on the Internet, he said identity theft has never been a problem because of the firm s security measures.
In addition to having its computer servers under lock and key, Netcraft s computer system automatically encrypts credit card numbers on Internet orders so employees do not know the combination.
“It costs more, but it s what you have to do if you re processing charge cards over the Internet,” Mr. Jankowski said.
Security experts said businesses must find a way to dispose of customer information so it can t be retrieved from the trash.
“You would be surprised at the number of businesses that have no idea they should be shredding loan forms or other personal documents,” said Nate Segall, vice president of AccuShred, a division of State Paper & Metal Co. Inc. in Toledo.
“From the time a document is deemed as not usable anymore, it should be put into a locked container or at least gotten out of public access. The quicker you do that, the better off you are.”
Companies wanting to do the disposing themselves can invest in a shredder, but Mr. Segall said businesses like his usually charge $45 to $50 per container. Employees of professional shredders typical undergo background checks to try to safeguard against them stealing information before the destruction.
Shredding is standard practice at Brooks Insurance Co. in Toledo, but other commonsense measures also are taken, said Ben Brown, vice president.
“Everybody here has the ability to lock up their desks and cabinets to protect sensitive information, and if someone s away from their desk, we tell them to log out of the data base so someone can t get access to the records,” he said.
Especially hard hit in recent years by identity thieves has been the banking industry, prompting such institutions to be in the forefront of increasing security measures, said Phil Scholz, financial crimes investigator for KeyBank in Toledo.
For example, loan documents are held for a period of time in a locked room in case a lender needs to verify something, and then the documents are shredded, he said.
Plus, tellers are repeatedly warned to “know your customer,” and are instructed to ask for different forms of identification if a customer says he or she has forgotten an account number.
“It s not 100 percent fool proof, but we try to be comfortable with who we are dealing with,” Mr. Scholz said.
But not all businesses are so careful. Paul M. Johnson, an investigator with Corporate Intelligence Consultants in Perrysburg, said he is amazed at the number of companies that leave checks and other account numbers laying around in the open, where they could be pilfered easily.
He said he discourages clients, many of whom are dealing with worldwide identity theft problems, from putting checks in windowed envelopes.
“With the advent of computers and printing programs, we re seeing a big problem with counterfeit payroll checks. There are thieves who get hold of either a canceled check or an active check and then they use the account number to print out new checks.”
Mr. Johnson is working on a case for a client outside the Toledo area that fell victim to a very sophisticated crime ring to the tune of $1.3 million. The ring operates by setting up in new towns and creating a phony investment company with its own bank account, and then has people steal payroll checks either from the mail or when cleaning the headquarters, he explained.
The security expert said many companies are not aware such theft is going on and, even after being informed, are slow to put safety measures in place until they get burned themselves.
“Security is intangible,” he said. “There s no dollar amount until you get ripped off ... and then, it s management by crisis.”