This article originally appeared in TravelWeekly Australia
Last year identity theft cost Australians $1 billion. Travel agents have been singled out as a high risk profession, due to the personal data they hold, as Justin Wastnage writesTravel agents like to be considered alongside other
<[etk]><[stk -5]>consulting professionals such as
<[etk]><[stk -3]> solicitors and
<[etk]><[stk -5]>doctors. But they
<[etk]><[stk -8]>mightn’t
<[etk]><[stk -6]> be happy to find themselves
<[etk]><[stk -3]> on a new watch list for businesses most at risk of identity theft.
<[etk]> Crime Stoppers Australia, a national body liaising between state and territory police forces, held the first National Identity Fraud Awareness Week from October 5 to 9, highlighting the risk of identity theft. Small businesses are placing their customers and staff at risk through the sloppy handling of sensitive personal information, the body’s chairman Peter Price has warned. Travel agencies are listed as high risk small businesses.
And the risks are indeed great. In 2001 a man used up to 50 false identities in a $7 million property fraud spanning Victoria, New South Wales and the Australian Capital Territory. The offender and an accomplice used the false identities to obtain a series of home loans from banks and financial institutions. The police traced most of the stolen identity back to old-fashioned “dumpster dives” rather than electronic fraud. Of the half-million Australian identity theft victims last year, one quarter were the result of their details being obtained in physical form.
Vanessa Coussias, product manager at shredder manufacturer Fellowes Business Machines says that in Australia paper-based fraud is still more pervasive than electronic fraud, but receives less attention than high-profile phishing scams. The reason why travel agencies can be a target for identity thieves is because of their combination of identity documents and financial data. “A passport, for example, is worth 70 points in a bank ID check, so you only need one credit card number to reach 100,” she says. Biographical data held by agents can bolster identity thieves’ stories when challenged by financial institutions.
In the US, the civil liberties group New York Public Interest Research Group has already questioned the amount of personal data collected by the travel trade. Its survey of 275 airlines, travel agencies, hotels and car-rental firms found that many of them ask for an “excessive amount” of personal information in the process of making a sale. “You <[lb]>have to share a lot of personal information to book a flight or a hotel,” Jeff Starr of the research group said. “If that information isn't treated correctly you could be at risk of ID theft.”
Peter Campbell, national marketing manager of Fellowes Australia, says that businesses are inadvertently fuelling the boom in identity fraud, Australia’s fastest growing crime. “Detailed biographical information on customers and employees taken from invoices, statements, pay slips and old personnel documents commonly found in business rubbish can be worth their weight in gold to identity thieves,” he says.
Armed with passenger travel dates, thieves can commit the fraud <[stk -4]>while clients are on holiday. This has<[etk]> a double attraction because credit card preferences are relaxed by card holders and the fraud has more chance of going undetected, Crime Stoppers Australia says.
Coussias recommends all travel agencies invest in a high-tech shredder to deter thieves from fossicking in their garbage. Handing documents to clients in person wherever possible can help too, she adds. Only 30% of households in Australia have shredders, compared with 60% in the US, where identity theft is more prevalent. Shredders now can dice an A4 sheet into 700 spots of confetti, she says.
There is good news for agents, however. Mike O’Mally, Chicago travel agent and spokesman of the American Society of Travel Agents, says consumers are now more wary of buying from online agents offering cheap fares for fear of identity theft. Rogue sites exist that solicit extra personal information <[stk -4]>such as passport numbers and birth<[etk]> <[stk -4]>dates. If an online company asks for<[etk]> that information it “should send up <[stk -6]>a red flag for the consumer,” O’Mally<[etk]> says. Bricks-and-mortar agencies who employ good data disposal methods can exploit this fear. <[lb]>But as well as a commercial imperative for better identity document protection, there is also a legal requirement, Campbell says. The National Privacy Act specifically regulates how the private sector handles the collection, use, storage and ultimately disposal of personal information. “Too often we hear in the media of yet another business that has carelessly discarded highly sensitive customer and employee information, he says.
In some cases, sensitive materials are disposed of in recycling bins <[stk -5]>meaning thieves don’t even get their<[etk]> <[stk -4]>hands dirty to steal people’s <[etk]><[stk -5]>identity.<[etk]><[stk -4]> “It is crucial that businesses<[etk]> educate their staff about the safe disposal of sensitive information,” he adds.
The law states that a company must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed. “Shredding is not only the easiest and most cost-effective way for business to comply with the law, it’s the only way to ensure that someone’s identity doesn’t fall into the wrong hands,” Campbell adds.
Other steps to protect your agency from being the source of ID theft are to check the identity of both consumer and business customers via credit reference <[stk -4]>agencies; limiting access to sensitive<[etk]> documents only to agency owners and managers; and to inform staff about the risks of corporate identity fraud. Businesses should also ensure that their firewall and anti-virus software is kept up-to-date.
So when it comes to sensitive information handling, travel agents may not want to join the illustrious company of lawyers and doctors.
Posts
No comments:
Post a Comment