The internet and social media – combined with the naivety of the public in sharing personal information – have helped make the work of criminals easy.
By sharing their information on social media, clicking on unsafe links in emails, and by responding to phishing emails and phone calls, an increasing number of unsuspecting members of the public are becoming victims of identity fraud. By using stolen identities, criminals are able to steal money from bank accounts, apply for financing on vehicles in someone else’s name, and all manner of fraud.
Although the internet has helped perpetuate the scourge of identity theft, fraudsters are also known to use less technical means such as going through rubbish bins in search of important documents and mail such as credit card and insurance statements. Other more organised criminals hack into organisations’ networks to access consumer files and information.
“To protect yourself from becoming a victim of ID fraud and/or theft you must be aware of the growing problem and act immediately if you notice any suspicious activity on your bank account or receive any strange phone calls or emails requesting you to supply information or worse still, if you receive documentation about finance or insurance on vehicles you haven’t bought, retail accounts that you have never applied for, or credit cards you don’t have.
“Organisations are obliged by the Protection of Public Information Act (PoPIA) to implement measures to stop unauthorised access to, and protect, the information they store and process about their customers,” says Charl Ueckermann, CEO at AVeS Cyber Security.
In terms of PoPIA, consumers have certain rights with regards to their personal information. It allows people to have control over when and how they choose to share personal information. For instance, they would need to give their consent before the information is shared. Furthermore, information should only be shared for a valid reason.
PoPIA obliges companies to be transparent and accountable about how they will use the personal information they collect and to notify their customers should their data be compromised. In addition, PoPIA obliges companies to provide their customers with access to their own information as well as the right to have their data removed or destroyed. Companies also need to put adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing customer information. This means implementing strict processes and technologies to control access to data and prevent data losses and breaches. Failure to do this puts companies at risk of penalties.
“Be informed of your rights with regards to your information and how it is used by companies. If you feel that your queries in this regard are not answered satisfactorily, then don’t hand over your data,” warns Ueckermann.