Identity Fraud, Inc. Launches Comprehensive Data Theft Risk Management and Insurance Program for Small Business

Share Article

Combating data, privacy and identity theft exposures requires a comprehensive strategy. Identity Fraud, Inc. combines the top “10” essential components into SB Core Protector to help prevent, prepare and respond to the data complexities facing every small business. Is your data protected? Is your business identity insured?

(866) 4-ID-FRAUD

- The total number of records containing sensitive personal information involved in security breaches in the U.S. is 544,817,607 in 3,002 data breaches since January 2005. (Privacy Rights Clearinghouse – A Chronology of Data Breaches – March 2012)

2012 ETA Annual Meeting & Expo – Identity Fraud, Inc. (“IFI”) ( announces the availability of SB Core Protector, a combination of the “Top 10” small business data theft risk management solutions for prevention, resolution and insurance resources. It provides five proactive layered security risk prevention components, three types of data theft insurance and two incident response services. Now small businesses nationwide have the ability to affordably secure the optimal solution for their various data risks. As criminals shift their attention to the SMB sector; data breach protection and insurance, business security, payment card compliance and small business identity theft solutions provided by companies such as Identity Fraud, Inc.will become essential for most small and medium sized businesses in the near future.

“We are pleased to announce the release of our SB Core Protector programs at the ETA conference. The companies attending work with sensitive payment information and touch millions of merchants. Every business has a business identity, sensitive customer data, employees and compliance obligations. With the value of data being high and attracting thieves worldwide, protecting against data risks and identity crimes has become essential” states Tom Widman, president and CEO of Identity Fraud, Inc.

Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect that sensitive information

“While much of our focus here in Las Vegas remains on the risks and responses to the theft of payment card data, we are excited to broaden the discussion beyond PCI related obligations and underscore the need and opportunity to provide additional value. Our solutions complement and simply add more value to the industry’s existing PCI compliance efforts, where we are able to provide more remedies to the various data risks we all have, whether or not we are PCI compliant. This includes broader protection for breach liabilities and the nation’s only comprehensive business identity fraud protection” says Widman.

Dr. Larry Ponemon of the Ponemon Institute, states “We recently conducted a Small Business Data Theft Risk Management study and the results were very telling. In summary, it indicated that over 20% of small businesses had already suffered a data breach. A general conclusion from the study was that small businesses do not have adequate measures or remedies in place to protect themselves”. Small businesses generally lack the resources and expertise to fend off attacks as compared to larger firms. Additionally, an SMB having an attack or negligent error will experience problems that could prove catastrophic.

Every business has significant and real exposures to business identity fraud and separately, to data breach incidents involving customer information, trade secrets or other data assets. Although each involves a breach to data, to clarify the difference, a data breach is typically defined as the loss or theft of sensitive customer information, like an individual’s name plus their Social Security Number (SSN), driver’s license number, medical record or financial record/credit/debit card, which exposes the information to unauthorized use/fraud. An extract of notable data breach industry reports and statistics includes:

  •     Total number of records containing sensitive personal information involved in security breaches in the U.S. is 544,817,607 in 3,002 data breaches since January 2005. (Privacy Rights Clearinghouse – A Chronology of Data Breaches – March 2012)
  •     The total number of attacks is on the rise, while the number of records exposed per breach declines, indicating a willingness in the cybercriminal underground to go after the smaller, easier targets. (Verizon – 2011 Data Breach Investigations Report)
  •     Malicious attacks (defined as a combination of hacking and insider theft) accounted for nearly 40 percent of the recorded breaches in 2011. Hacking attacks were responsible for more than one-quarter (25.8 percent) of the data breaches recorded. (Identity Theft Resource Center’s 2011 Breach Report).

When data loss occurs, incident response obligations and liabilities arise as influenced by data breach notification laws in 46 states. There is little doubt, data theft risks and costs are significant, in part influenced by the type of data lost and the interruption to operations. Global Payments recently suffered a loss of 1.5 million payment cards, but the breach as reported did not include social security numbers. While large data breaches receive the media attention, breaches at small businesses tend to fly under the radar. A report by VISA indicates that 80% of all card breaches arise from Level 4 merchants (small businesses).

In contrast to the breach of sensitive customer or employee data, is the theft of business identifying information or ‘BII”. Business identity fraud occurs when a thief writes a fraudulent check, steals a business license, bank account, merchant account, EIN, web site and/or other BII and uses the information fraudulently for abuse or gain. While the much publicized consumer identity theft remains an epidemic affecting roughly 10 million individuals each year as highlighted in reports by Javelin Strategy & Research, business identity fraud presents a much newer and devastating scourge. Indeed, the typical risks and severity of loss are much greater for a business than for an individual. Having admitted “A Rated” insurance combined with business identity monitoring tools and resolution to protect the business and support other risk management efforts is simply timely and prudent.

Tom Widman states, “We’ve built SB Core Protector with broad benefits and a low price point to help small businesses optimize the use of their limited resources and better safeguard their operations and data assets. We all know data theft is hard to stop, but everyone must try. Data risks and identity crimes are simply too vast too ignore.”

For more details on IFI, its SMB programs or to download the IFI Data Theft Risk Management Study conducted by the Ponemon Institute, visit or contact Nick Legamaro at nlegamaro(at)IdentityFraud(dot)com.

About Identity Fraud, Inc.
Identity Fraud, Inc. (IFI) is a privately held corporation that helped pioneer identity fraud solutions with identity insurance and 'cyber' insurance development efforts starting in 1997. Today, IFI provides a variety of identity crime related solutions to protect individuals and businesses against identity crimes and data theft.

Identity Fraud, Inc. was founded to provide both classic and innovative risk management solutions to identity crimes. Education, prevention, remediation, incident response, and insurance are each required to maintain effective defenses and remedies against frauds and data thefts. IFI has maintained best-in-class solutions by leveraging their risk management experience and by maintaining expertise in insurance for financial institutions and emerging "cyber" and identity fraud risks. IFI continues to work with leading technologists, insurers, and credit-related companies to develop, promote, and provide comprehensive solutions to the perils surrounding identity fraud. As a licensed program administrator and insurance intermediary in all 50 states, IFI has built a legal framework and infrastructure that leverages its expertise and allows its clients to optimize their risk management and marketing objectives.

5 Tips to Help Protect Your Business Identity, Your Clients and Your Employees

1. Data Security
Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect that sensitive information.

2. Identity Security: Protect Your Employee and Client Data
Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, make sure you have instituted safeguards to protect that information. Your information security plans also should cover the digital copiers your company uses.

3. Plan Ahead: Implement a Written Security / Data Breach Incident Response Plan
Taking steps to protect personal information in your files and on your computer can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Putting together a “What if?” action strategy now may help reduce the impact an information breach can have on your business, your employees, and your customers.

4. PCI Data Security Standard (PCI DSS)
PCI Compliance is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. This is the first "layer of security" a merchant should follow to reduce the risk of a data breach, loss of client data or employee records.

5. Business Identity Theft Happens: Small Merchants Are Big Profits For Criminals
Small businesses often believe they're too small to interest identity thieves, but they're wrong. Identity thieves have an intense interest in small businesses. For example, a small business identity can easily be stolen by a check forgery ring dealing in gray market goods.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Media Contact:

Nick Legamaro, Director
Identity Fraud, Inc.
Email >
Visit website