Identity Theft

Identity Theft is fast becoming a major issue for Australian financial institutions and their customer's funds. Identity Fraud can take many forms, it can be perpetrated in a number of ways including:

• Take-over of a valid identity of a customer using valid channels such as Internet Banking, Telephone Banking, bill payments, account opening, lending applications via remote sources and changing customer contact details.
• Theft of a valid identity and attempt to open an account in the customer’s name using the stolen and sometimes altered documentation.

In dealing with possible identity theft issues, The Rock may have to ask for additional proof of identity for certain types of transactions and although this process may cause some inconvenience for the customer, it is an essential action The Rock must take to protect the customer’s funds.

Some of the requests that may require heightened proof of identity include:-

• Almost all non face-to-face requests (phone, email, fax etc)
• Requests to change address (may also require other proof of this change)
• Third party introduced lending and account applications where original documents have not been sighted by the individual institution
• Requests for issue of debit card or internet/phone banking access (particularly over the phone)

• Never carry your identification such as your birth certificate or passport in a wallet, case or handbag unless you need them
• Ensure you retain personal tax records and other financial documents such as statements and receipts in a secure place.
• Destroy or delete your tax file number (TFN) from any documents before throwing them away never quote or give out your TFN unless there is a good reason- completing a government tax form or opening an account
• Never leave documents such as registration papers, expired drivers' licences, utility bills or spare house keys in the glove box of your car (even locked) as these are all items a would be thief can use to steal your identity
• Receipts and other personal information should never be disposed of unless shredded or destroyed
• Identity thieves will search through bins for your personal information. Always ensure that documents disclosing your credit card number are destroyed
• Install appropriate anti-virus and anti-spy ware controls on your home computer and in addition run live updates to ensure use of latest version
• Public computers or sharing a friend’s can be dangerous as PINs and passwords can be captured by criminals and be used to steal funds
• Try to select passwords you can remember but that will be hard for a thief to guess if your details are stolen, having separate passwords spreads the risk whereas one password for all means all may be compromised
• Always have a locked mailbox to send and receive mail or use a post office box.
• Ensure your mailbox is big enough to take large articles so that they can’t fall out or easily be taken
• Be alert to when your account statements should arrive and card expiry dates and always advise your financial institution immediately if an expected new or reissue credit or debit card or PIN mailer has not arrived
• If you suspect mail theft, contact the post office to confirm that your mail has not been redirected to another address
• Never reveal personal or account information over the telephone unless you are absolutely certain the person is genuine and YOU initiated the phone call
• Identity thieves sometimes trick you into providing your credit card number by claiming that you have won a competition or a holiday- don’t let this fool you
• If you photocopy proof of identity documents, keep them in a safe place.
• If you suspect you may be a victim of identity fraud, contact all financial institutions you do business with immediately. Keep records of persons you have spoken to, lodge a report with police and advise your credit reporting agency as soon as possible
• Check all your statements and account details regularly following any suspected incident and immediately report to the police and The Rock institutions any instances of misuse of your personal information

  Protecting your business or organisation from identity theft and fraud

• Staff training in detection and prevention of identity fraud is crucial both to assist them to recognise potential signs and understand what to do.
• Practice a clean desk policy, ensuing that all customer records and similar are locked away each evening
• Ensure that all information on laptops, disk drives and portable storage devices is either encrypted or password protected
• Use a locked bag or post office mailbox, identity thieves can steal and alter incoming cheques from customers
• Account department validation of all accounts including any online services should be performed daily and regular audits performed on access controls
• Ensure you have facilities for secure destruction of sensitive information and never throw customer details into the rubbish
• Never divulge customer information to anyone and ensure staff are well trained in privacy legislation and requirements
• Law enforcement and government agencies may approach you to request records of customer accounts are produced. Always ensure you check on the legitimacy of the document and if necessary call the issuing department
• Tasking your external and internal auditors to regularly review items such as accounts, debtors and customer details can assist to reveal incidents of internal fraud. Ensure early action on any triggers or red flags especially with items such as dormant accounts, statement cycle manipulations or similar
• Always practice robust pre-employment screening of your staff – permanent, temporary and contractors
• Practice a zero tolerance to fraud by reporting all suspected frauds to the police
• More information on on-line safety can be found at Stay Smart Online