Identity theft - the facts

Block fraudsters
All of these forms of identity theft are problems but none are guaranteed to succeed. With a few precautions and a little common sense you can beat the fraudsters at their own game.

All major antivirus software checks for keyloggers automatically; just remember to update your definitions daily if possible. If you use the Opera or Firefox web browsers, security updates will be flagged. If using Internet Explorer, visit www.windowsupdate.com regularly if you do not receive automatic updates.

Phishing attacks, and other forms of scamming, require users to think before they act. The golden rule with email is simply this: no reputable company will ask you to confirm details by email.

Similarly if you receive a phone call asking for personal information take the caller's number and then call them back via the main switchboard number.

Many companies still send out emails containing links to their websites. We say don't click on them. If you want to visit a website, type in the address yourself. As for eBay, the site runs an extensive tutorial on how to stay safe online at www.ebay.co.uk/safetycentre.

The security of personal information is primarily the responsibility of the individual and the bulk of identity theft occurs because we get complacent and let down our guard.

At the moment most financial institutions indemnify their customers against serious loss from identity theft, and most pay back stolen funds quickly providing a crime number is obtained from the police.

But the scale of recent losses has prompted a rethink. At last month's E-Crime Congress the high-street bank HSBC issued a warning that "the industry may have to take a stronger line" and start refusing full indemnity to customers who either had unsecure computers or failed to follow the rules. Quite how they would judge who was secure and was not is another matter.

One solution will come from computer networks themselves. The companies that design them are already building so-called 'intelligent networks'. These analyse any computer seeking to join a network or visit a website. If the central computer deems the new computer to be unsecure, it limits or cuts off its access.

The banking industry is also introducing technical fixes. Several banks are currently trying out a system called two-factor authentication. This consists of a small token like a keyring that generates seemingly random numbers in concert with a central server.

When a user enters an online banking site they use one of the random numbers as well as their password to log on and, since those digits change every minute, the transaction is secure. The banking industry has said it should reach a common standard for such devices by the summer, with products available to customers within a year.

Some within the industry have also considered more low-tech fixes, such as including as little personal information as possible in correspondence.

"Something as simple as a utility bill is all that is needed for somebody to steal your identity, so it's no wonder people are worried about it," says Iain Clink, managing director of Royal Bank of Scotland's Cards Business.

Professor Neil Barrett from Cranfield University computer security department agrees. "I suspect it's not so much bank statements that are the problem as utility bills. Perhaps banks and utilities should print up a large warning telling customers to destroy documents if necessary."

Safe and sound
There is serious concern that identity theft, and more importantly the fear of it, will stop consumers enjoying the benefits of the online world. But there's no reason why it should; the vast majority of websites have good security and criminals make up a tiny fraction of the online community.

But that doesn't mean we can be complacent. Fraud thrives when people forget what they should be doing and many of these scams are easy to see through. There's no need for paranoia but maintain a watchful eye and if in doubt, check it out.

The benefits of services like electronic banking and online shopping are too great to be ignored. If you keep a level head and follow our advice you'll be as safe using a credit card online as you are on the high street. 

Secure your PC
Ensure that security patches and antivirus software are updated regularly. Firewalls can be had for free - use the XP Firewall or Zone Alarm. 

Protect passwords
It is very rare for a bank or business to ask for your account details. If you get such a request call and check first before proceeding. 

Ignore unsolicited email
If you don't know the source the email is likely to be bogus. Check it against previous correspondence if you are unsure. 

Reduce risk
Secure your physical personal documents in a safe location and destroy any documents you no longer need. Maintain a list of emergency numbers in case of theft. 

Don't panic
If you get a request for urgent action don't jump to it but stop, think and double-check with the institution, if necessary, before acting.

Spot the fakes
Phishing sites - fake versions of legitimate websites - can be hard to spot but if you do have concerns about a web page there are common signs to check if a site is legitimate.

First, look at the website address on your browser. If you are supposed to be on a secure site, the start of the address should be 'https://' rather than just 'http://'. In Internet Explorer, choose Properties from the File menu to display more information.

Second, look at the page layout and design. Company logos are easy to copy from the internet but if the site looks different from normal call the company and check.

The Anti-Phishing Working Group, a global organisation to combat the crime, has advice plus a free tool that spots most phishing sites and an email address to report new ones.

The British Association for Payment Clearing Services also has a good site on the subject, as does PayPal. Finally an online quiz has been set up to teach you how to spot phishing emails.