South Africans are all too trusting when it comes to their personal information, and that can be dangerous. Sarel Lamprecht, MD of leading cyber insurance company Phishield, says that very few South Africans realise that when they hand over their ID cards for scanning to get into a building or a complex, or even to rent a video, they are handing over enough details to open themselves up to ID fraud.
“Until the Protection of Personal Information Act (POPI) is in full force, there’s very little anyone can do to stop this. PoPI lays down rules about collecting and storing personal information such as your ID, name, address and even faith,” he explains.
“However, many people find themselves forced to hand over their ID cards – which contains several bits of information including fingerprints – to people they don’t even know just to get into a building. While this request is legal, it’s also your right to ask where this information is being stored, and who has access to it.”
He adds that there are other common ways people give away their information, including:
* Throwing away receipts, credit and insurance information, medical records and bank statements, without shredding them.
* Carrying an ID. When it isn’t needed, leave it safely at home.
* Not asking why people need the information they are asking for, what they will use it for and how it will be stored – and if they really need it.
* Not querying whether the request for details is legit.
* Not permanently deleting info off memory cards and hard drives.
* Not using encryption and antivirus software.
* Using weak passwords, public WiFi hotspots for sensitive actions and posting personal ID information online.
So, if you break these rules and become a victim of ID theft, what should you do? First, Lamprecht says, report the breach to the Southern African Fraud Prevention Service by sending an SMS with “PROTECTID” to 43366 and someone will call you back after logging a case at the police.
“Then you need to report this to the main credit bureaus (CompuScan, Experian, TransUnion and XDS) because the last thing you want is someone buying a car on finance in your name – that’s a mission to sort out. There are also companies that will help you to monitor your credit report more closely, which will alert you to unusual credit activity, but they’re not free.”
He points out that companies are also subject to ID theft, and this can have disastrous consequences. Even though the Companies and Intellectual Property Commission has put measures into place to prevent companies from being hijacked, there is still a risk that some conniving thief will hack into their systems, or find a loophole, or steal a director’s ID.
“That could see your company in debt to a rather large amount if the new directors spent a fortune in your name. This is where cyber insurance comes in. It covers your losses, helps find the breach, and deals with any reputational fall out. If you transact, you can’t afford to be without it,” Lamprecht concludes.
