Cybereye | Consumer, protect thyself

Cybereye columnist
William Jackson

GCN

We all know by now to be careful about protecting account data and personal information from cyberthieves when conducting business online. But according to a study by the Identity Theft Resource Center (ITRC), the Internet accounted for only 5 percent of the ID theft cases it studied in 2007. The theft was usually by a friend or relative.

'We've played the computer and online card quite well,' said Jay Foley, executive director at ITRC, which helps victims of identity theft straighten out their finances and lives. 'But the fact is, your information is spread all over the place, and online is just one small portion of the problem.'

How do you protect that far-flung information?

'You can't, because you don't control it,' Foley said.

But you can make those who do control it aware that you expect them to keep your information secure and confidential. If your write a personal privacy policy and deliver it to your banker, for example, that policy could become an enforceable agreement, Foley said.

That sounded to me like a quick way to get tossed out of a branch manager's office. But Foley said banks are not necessarily hostile to the idea of customers making such demands.

'Surprisingly enough, there are banks that will do that. They don't want your information breached any more than you do.'

If your bank is hostile, find another one, he said. Foley said he has done this in two cases.

In other cases, he tells businesses that he expects them to adhere to the company's own privacy policies. The key is raising awareness, he said. Policy comes from the top down, but enforcement comes from the bottom, where consumer activism reinforces the policy.

'If enough people walked into Bank of America, into their doctor's office, and said, 'Look, we are holding you accountable,' they would respond,' Foley said.

Taking control of your own affairs can also help protect you after information has been stolen. Financial companies are supposed to check with consumers before opening new accounts or extending new credit when a fraud alert is put into customer records. Debix has started a service that automates this process, calling consumers to request an out-of-band authorization for questionable transactions.

The bottom line is that in cyberspace as in the physical world, taking control and protecting ourselves might be our best defense.

That means firewalls, antivirus and anti-phishing measures, and healthy doses of caution and common sense online coupled with a clear set of expectations in the commercial world. If consumers are aware, merchants and service providers will have to respond to our concerns.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above