Maybe I just have fraud on the brain since attending last week’s annual PLUS International Conference in Chicago (see our Web exclusive article on data breach), where the subject came up a lot, but there does seem to be a lot of synchronicity about fraud issues in the zeitgeist lately. 

Just today, National Underwriter posted the findings of a new PricewaterhouseCoopers global economic crime survey showing that insurance was the second most fraud-prone industry, right after communications. It’s not surprising that insurance is a target, given the amount of data used in processing products and services. Typical crimes include asset misappropriation (such as inventory theft), accounting fraud, and bribery — all crimes that are easier to commit because of reduced resources deployed for internal controls, according to PwC.

The threat is just as real for the average joe, especially in a world fueled by virtual transactions. Electronic data files are dismayingly easy to hack for expert criminals who know what they’re doing, according to Lori Nugent, partner at law firm Wilson Elser Moskowicz Edelman & Dicker. Lori, a specialist in the security breach area, scared the bejezuz out of me by describing how easy it is for sophisticated hackers, many of whom are part of huge international fraud rings, to grab data like credit card and Social Security numbers and ruin your life.

For agents, the burden is on you to protect your customers’ confidential information — hence the FTC “red flags” ruling. But you shouldn’t need a federal mandate to establish internal safeguards for your firm. In a conversation about data security breaches on the LinkedIn ACT group, several readers offered recommendations on how to start, including:

• Creating a data security plan and establishing proper controls
• Limiting data access with proper security rights assignment
• Establishing a system to eliminate paper in an encrypted repository
• Limiting access to confidential life/health data to restricted employees
• Limiting the ability to access personal information between commercial and personal files
• Establishing security settings so only producers have access to their clients’ data 

Tech guy Steve Anderson has written a book on client data security that’s worth a read — check it out at www.clientdatasecurity.com.

Meantime, with the red flags law looming, what are you doing to secure your clients’ data?

This entry was posted on Friday, November 20th, 2009 at 2:44 pm and is filed under agency automation, data security, fraud. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.