Public- and private-sector employers are unwittingly facilitating identity theft by giving detailed personal and financial product information on payslips.
An urgent review of payslip practice is necessary at large employers, says life assurer Liberty Life, which is taking an increasingly proactive approach to the job of protecting its millions of policyholders from the risk of identity theft.
Liberty Life initiatives include increased vigilance in all its client-facing and administrative posts, intensive anti-fraud education of staff and ongoing consumer-awareness campaigns. To cover all the bases, increased attention is being paid to potential weak spots across business and the public sector.
The “great payslip slip-up” has worried anti-fraud experts for some time. The “slip” occurs when an employer prints so much information on an employee that the worker can become a soft target for fraud.
Clayton Thomopoulos, head of fraud prevention at Liberty Life Group forensic services, says: “Many companies may well carry out data security and identity-management reviews during 2008 as impending enactment of the Protection of Personal Information Bill will impose new duties on organisations that gather and store information — not only on customers, but also on employees.
“Responsible employers should not only look at data-protection software and system security, but should review all data-dissemination practices, including payslip distribution and the detail that is given with pay advice.
“For some years, this has been a potential weakness in fraud defences. Slip-ups with payslip security are costly for individual employees and in future could prove expensive for employers if it is held that an organisation failed in its duty to protect its data.”
Thomopoulos, a certified fraud examiner, says some employers distribute payslips through the post with no special effort to protect slips that go out in the same type of envelope at the same time every month.
Some employers print:
the staff member’s ID number;
policy numbers or other financial product when debits are made against pay;
pay-point number and employee work number; and
full job description of the employee.
Thomopoulos says: “Obviously, some information is necessary to ensure the right pay advice goes to the right person. But often it is possible to withhold some data or be less detailed and explicit.
“Here, on one slip of paper openly distributed through the mail, is an extremely good starting point for identity theft — one of the biggest growth areas in international crime.
“The bigger the organisation is, the bigger the potential payoff for the criminal — which means large employers have to be aware of the risks and take appropriate action.”
Liberty Life already advises its clients to shred payslips and other information relating to financial products.
The life office tells policyholders to notify their payroll departments if a payslip goes missing or is delivered late. All payslips should be checked carefully to verify deductions.
It predicts consumer awareness will increasingly be complemented by heightened corporate vigilance, partly as a result of impending legislation, but also because of the reputational and litigation risk to business when sloppy data security affects clients, suppliers and workers.
Thomopoulos notes: “The general advice ‘Don’t make yourself a target’ applies to companies as well as consumers. We are hopeful the message will be taken to heart in 2008 as never before.”