Identity theft: threat to corporate reputation; Companies that are aggressive in protecting their customers will enjoy enhanced brand awareness.

• Author: Pearson, Harriet
• Position: Competitive Edge

THE U.S. HOUSE of Representatives recently passed a bill that gives consumers new weapons to fight identity theft--including access to free credit reports and tools to prevent thieves from opening accounts in their names. It's not hard to figure out what's behind this renewed push for federal identity theft legislation.

According to a September 3 survey by the Federal Trade Commission, identity theft cost consumers and businesses $53 billion last year, affecting more than 9.9 million Americans. This means that nearly one in eight U.S. adults has been a victim of ID theft. ID theft is now so widespread that it's being called the "all-American crime of the Information Age"--affecting young and old, rich and poor, male and female, across every ethnic group. Anyone using a credit card, Social Security card, or driver's license--in other words, nearly all of us--is vulnerable.

I would assert that identity theft has become such a serious issue that it could affect corporate reputation. Protecting consumers from fraud, after all, is an integral part of customer relationship management. Any company that fails to do what is necessary to help protect consumers is putting its reputation at risk.

While most identity theft cases occur on a decidedly low-tech level, such as purse snatching or mail theft, businesses still play an important role in protecting themselves and their customers.

First and foremost, management can make it so difficult for thieves--both outside and inside the enterprise--to hack their way into internal company systems and consumer data that they decide it's not worth it. Next, since no security system is completely invulnerable, companies need to know right away if a security breach has occurred, so they can report it and take steps to plug the holes.

Knowing of a potential security breach is a lot less common than it might appear. Roughly 50% of malicious hacker attacks go undetected by businesses, which means these companies can't comply with consumer notification requirements because they don't know they have a security problem. You can't fix a problem you don't know you have.

Here are some common-sense steps businesses can take to protect consumer information and reduce risk.

First, recognize that many of these thefts are generated internally, by current and former employees. Companies need to shut the door quickly on former and/or temporary employees who maintain valid company IDs and passwords. An even bigger inside problem...