The Scoop On Identity Theft

Identity theft is a growing problem. You can hardly turn on the news without hearing another story on identity theft or the importance of protecting personal information. Every day, we are bombarded with ads promising protection from identity theft if the right paper shredder is used or we subscribe to the monthly service that will protect our credit scores.

So, what is the risk from identity theft – is it really so dangerous? Are there steps that can be taken to protect against this type of crime? The answer to both is yes.

Let’s start with a look at the risks. The Federal Trade Commission estimated that total losses to business and financial institutions due to identity theft were $48 billion. The average loss to a business from identity theft was $4,800 per incident. Individuals lost an average of $580 to $800 depending on the type of fraud or identity theft. It may also take 30 to 60 hours to resolve identity theft. In some studies, victims have reported spending 175 hours to clear their names.

Biblical backgrounds

Isaac blessing Jacob in disguise (from WikiCommons)

Identity theft is not new. Perhaps the first documented case of identity theft is found in the bible. Jacob was the younger of twin brothers and wanted the blessing that his father was going to give to the older brother, Esau. Jacob knew that his father, Isaac, was nearly blind so Jacob disguised himself to resemble Esau, approached Isaac and tricked him into giving the blessing to him instead of Esau.

Wax seals were a form of protection from identity theft.
Since that time, kings, popes and other dignitaries have gone to great length to authenticate important papers with the use of wax seals. The seals were stamped with the crest or emblem specific to that individual as a mark to guarantee that the information therein was truly from that individual and to protect the privacy of the contents.

ID Theft in the 21st Century

Modern technology has brought about changes on how identity thieves operate. Contemporary techniques include pharming, phishing and skimming. Pharming involves using the Internet to redirect a victim from a legitimate website to an alternative site that is designed to look like the genuine site, but instead is used to collect personal information. Phishing is more widely known now and involves emails sent from what appears to be a legitimate business, usually citing a problem and asking for personal data to correct the problem. A new twist, called vishing, involves not only emails, but also follow-up phone calls from suspects trying to obtain personal information. Skimming occurs when a person, such as a waiter, takes your credit or debit card for payment. The card is swiped in an electronic reader and the data recorded and later used to create a fake card with the correct account information. This can be the most difficult to trace as consumers hand their debit/credit cards to merchants and their employees routinely.

There are also the cases in which the potential victim has no direct involvement at all. Think of recent news stories where databases have been lost or stolen along with thousands and even millions of individuals’ personal data per incident. More often than not, the data loss was not the real motive and was secondary to any actual crime, such as the theft of a laptop. In those cases, the involved individuals do not become victims of identity theft, but still have to remain vigilant.

People no longer use a personal seal to authenticate documents, but instead use numbers, usually a social security number or even a credit card number. Increasingly, merchants are requesting combinations of personal information in order to complete a transaction. For example, many online merchants request a customer enter a credit card number with the billing address for that card, even if the item is shipped elsewhere in order to verify that the purchase is legitimate. Some gas stations are now requesting the billing address zip code for credit card purchases as well.

The most common form of identity theft in more than ½ of the cases is simply the use of stolen credit cards to go on shopping sprees. This type of fraud is also the easiest to correct. However, about ¼ of the cases involve opening new accounts in the victim’s name and can be much more devastating and the impact can last much longer.

Rights and Responsibilities when Recovering from ID Theft

Everyone should understand their rights and obligations in regards to identity theft before becoming a victim. In general, victims are only liable for $50 for fraudulent debt. However, victims do need to notify their bank or credit card company within 60 days of learning of fraudulent activity. If an ATM or debit card is lost or stolen, victims need to notify the bank or credit union within two business days upon learning of the loss. In the case of fraudulent checks, victims need to notify the bank promptly in order to limit their liability.

Under Federal laws, everyone can obtain a free credit report once a year from each of the following three consumer credit-reporting companies: Equifax, Experian and TransUnion. Check the report for new accounts that you did not open. If you have been a victim of identity theft, you can place a fraud alert, which prevents new accounts from being opened in your name.

Many services offer protection from identity theft for monthly fees. Carefully evaluate the services offered to see if it is truly worthwhile for your situation. As noted, various laws limit the amount that a victim can be held liable for to $50 maximum. Be wary of the sales pitches that provide services already available free.

So what happens if you do become a victim of identity theft? The Federal Trade Commission (FTC) recommends placing a fraud alert with the three consumer credit reporting agencies and closing any accounts that may have been exposed to loss or accounts opened fraudulently. In addition, the victim should file a police report and file a complaint online with the FTC.

Unfortunately, filing a police report could be more difficult than it sounds. Identity theft often crosses numerous jurisdictions or is unclear where it exactly occurred. Police officers may refer victims to other agencies to file their report based on where part of the crime took place. The United States Department of Justice was involved in the development, along with several other organizations, of a national strategy to deal with identity theft. One of the recommendations is that police reports be filed in the jurisdiction where the victim resides. If a police agency is reluctant to take a report let them know about the recommendation. If the officer is still hesitant, ask that an ‘information only’ report be taken. Be sure to get the police report number for your records. Have an outline of the identity theft prepared ahead of time with dates, information on affected accounts, bank addresses and information on any other related police reports that may have been taken, as well as any suspect information, if available. This will make the reporting process easier and will help to make sure that no important information is forgotten or left out of the police report.

Solving ID Theft

Identity theft can be confusing and may happen in many different forms. One thing is clear – identity theft will continue, as the suspects evolve and develop new techniques to counter the steps used to thwart them. The FTC offers a wide-range of information on the Internet about identity theft and what to do if you become a victim. Protect your personal information; monitor your credit reports and review your account statements for any suspicious activity and you will minimize your risks.


Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email



If you would like to reprint this post, please contact Eric at


Tribute To Mentors

It is very easy to get caught up in the day-to-day grind, so busy we don’t look farther ahead than what is right in front of us at the moment. That keeps us from setting and striving towards long range goals.

While looking ahead is vital is worthwhile to look back at the road traveled as well. It is a good time to reflect on those people who influenced you and perhaps pushed you into new success that you may not have found on your own.

Recently, I ran into one of my mentors, a former co-worker. As we caught up, I was reminded of some of the ways that he had encouraged me. We had worked on a project together to implement online reporting for our police department, something new at the time. He had suggested that I write a magazine article and gave me contact info for various law enforcement magazines. The first one I tried accepted my article and I was published!

To all our mentors - thank you!
Since that time, I’ve written many articles and have contributed to several books and been cited in other books. Now I have a book deal of my own with Butterworth-Heinemann for a book due out next year.

That same friend taught me about public speaking, assisted with training sessions, and even helped when I hosted a seminar on school security. He truly played a key role in my professional development.

So take a moment from the day’s busy schedule to look back and remember those who helped you reach new heights and be sure to let them know how much you appreciate it. And be ready to mentor someone else and help him or her reach his or her own potential.


Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email



If you would like to reprint this post, please contact Eric at 

13 Must-haves of a Bomb Threat Policy

            For many organizations, responding to bomb threats can pose some difficult problems. It is not something that happens every day, but at the same time is not uncommon.

In light of the devastation from the bombs at the Boston Marathon, it is a good time to review your organizations’ bomb threat response plans. There are some common misconceptions and a solid bomb threat policy and procedure will help employees respond safely. It is vital to have a plan that is in sync with local police and that staff or faculty is very familiar with the procedure and know how to react.

Additional Links

Policy checklist – does your policy include the following elements?
From WikiCommons

1. Bomb threat received and phone check list available
2. Notification to police and ‘incident’ commander (be sure that role is identified, by title rather than name)
3. Evaluate available information to decide whether to evacuate or not
·       How specific or detailed is the threat
·       How accurate was the information provided
·       Have there been similar incidents to other businesses or offices in the area
·       Are there other risks, such as a disgruntled employee or domestic violence situation involving an employee
4. Incident command makes decision on whether to evacuate or not (consider the possibility of an explosive device around the exterior, including vehicles in the parking lot)
5. If there is no evacuation, begin a search of the entire building by the staff most familiar with their areas – keep in mind that unless a suspicious device is found, law enforcement will not normally make the decision to evacuate!
6. Search all rooms, common areas and exterior
·       Search floor to waist height
·       Search waist to eye-level
·       Search eye level to ceiling
·       Search above floating ceilings if necessary
7. Do not use cell phones or radios to communicate as that could trigger an explosive device
8. Do not touch any suspicious packages or items found
From WikiCommons

9. Notify police immediately if something suspicious is found
10. If office is evacuated consider how long the search may last and impact on associates and operations
·       How will staff get personal belongings
·       Consider bringing personal items such as purses or briefcases to avoid leaving behind more ‘suspicious’ items
·       Are office doors locked during evacuation
11. Account for all employees
12. Once the building has been searched and law enforcement agrees, allow employees to return to the building
13. Communicate event details and outcome as needed and lessons learned

Of course a great policy or procedure is only as good as the training to back it up. Since it is somewhat rare, a response plan has to be reinforced with training and practice. Different drills focusing on different parts of the policy is a good way to train and then conduct a drill from start to finish in order to test the policy and the response.

Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email


If you would like to reprint this post, please contact Eric at