The Veriff Times

Here’s how to stop identity theft in 2019

Cyber Monday, rather than being only one day in the year, should act as a wake-up call to everyone running an online business.

Your customers expect you to have everything in hand, and to make the process of buying something through your site, or using your product, as smooth and painless as possible. This doesn’t just mean creating a great user experience - it also means ensuring that they are safe on your site. You need to be sure that you can prevent identity theft online, whether you are running an e-commerce site, a social network, or any other kind of site. Here are some key ways you can do so.

Organise internal responsibilities

Identity theft is not a joke, and it can hit the best-intentioned people. If you work for a startup or a small or medium-sized business, it might be that you’re used to everyone mucking in to solve problems that come along from time to time. Indeed, one of the things that people love so much about working for a startup is that everything can be fixed super-fast.

A senior manager at an IT company, which had grown from working out of a garage to being bought by a tech giant said to a colleague, “I remember when we could solve a bug in a day. The guy who reported it would fix it.” That might seem like a great idea - it ensures that people take ownership for their own products, and that things move quickly - but this working method can also bring security issues.

As part of the fight to prevent identity theft, you need a cast-iron system for bug reporting and resolution. If you don’t, it means that significant changes in the code of your product are being made, potentially, tens or even hundreds of times a day, by multiple people. This is bad news, especially because if the changes are being made quickly, there’s an increased possibility they are being made without being comprehensively recorded. The result can be chaos at otherwise bright startups, and a user interface that leaves visitors wide open to identity theft, simply through small changes that create an accidental security hole.

In the scenario we sketched out above, nobody did anything malicious, and there was no intent to compromise the security of the product. Rather, it was a combination of errors that led to a potential security incident. Just as it was not only one person’s fault it happened, so too it was not any one person’s hope that anyone would be the victim of identity theft. It just happened.

We’re sure you don’t want anything like this to happen. You’re probably at a company which, whatever size it is, occasionally has software issues to resolve. Make sure that bugs are reported on a well-organised database, and that there is a clear chain of command when it comes to reporting, and resolving, issues.

In addition, make sure your IT department runs a fine-tooth comb over who has access to what in your back-end systems. Make sure that the people who need access to key systems have it, but that those who don’t, don’t. This means there are fewer people accessing those crucial systems who perhaps lack the knowhow to make the hasty changes they may attempt, and that the true specialists can get on with their jobs without worrying about who else is moving the goalposts. The end result is no, or fewer, security breaches, and safer customers.

Only ask for the data you need

If you went on a date, and your dining companion said, out of the blue, “for how long have you lived at your present address?” you’d be creeped out, right? We certainly would be. On the other hand, we’ve all had the thought: ‘if we have all these customers, why aren’t we asking them everything we possibly can?’ It means, after all, that you have all kinds of facts and figures available to you when it comes to designing a product that everyone loves using. So the theory goes, this helps your bottom line, and helps the all-important revenue soar. Not so fast.

GDPR has ensured that gathering reams of data on your users, quite apart from being, in many cases, unnecessary, is now potentially against the law. The near-unending scandals surrounding the likes of Facebook, which has frequently been accused of taking inappropriate amounts of user data in order to give a better return on investment for advertisers, should give data-miners pause and make them think twice about whether they want to be putting out a press release announcing a major hack.

Preventing identity theft is a bit like finding out a wallet has been stolen - if you don’t carry all your personal details around in that wallet, you might not lose everything at once. Similarly, if a site takes all manner of needless data about a user, trouble can ensue if that data is used by a rogue actor.

The answer: be sure you’re asking the right questions, but only the right questions. Don’t gather user data just for the sake of it, or with some nebulous future campaign in mind. Ensure that what lies on your servers is what you need to run a good user experience, and does not exceed that brief. Do that, and you’re on safer ground.

Get Veriff-fied!

You need to make sure that your software is being used by the kind of numbers that will bring you the profits you need in order to be successful. But more than this, you need your software to be as close to unhackable as possible. To avoid your loyal customers having their identities stolen, gold-standard security is essential. Not only will it make you feel better and more secure, it’ll ensure that you don’t lose the goodwill you’ve been expertly cultivating through your marketing efforts.

Failsafe data validation, for the best kinds of companies, is right here at Veriff. If you’re using our product, the results of machine learning, leading to pinpoint verification, mean that you’re far less likely to be landed with all kinds of angry customers, upset that their details have been exposed to hackers. Don’t allow that to happen. See how we can secure your product, and your future, and give anyone who enters their details on your site unparalleled identity theft protection.