Identity theft

…protecting your personal information

Identity theft is a pressing global issue, and Ghana is not immune to its impact. In an era where personal information is frequently shared online, the risk of identity theft has surged dramatically. According to Verizon, “identity theft, also known as identity fraud or ID theft, is a crime through which an imposter obtains important pieces of personally identifiable information (PII)”, such as names, social security numbers, bank account details, date of birth, passport numbers, driver’s license numbers, or other confidential data, for fraudulent purposes. The consequences can be devastating, ranging from financial losses to damaged credit scores and reputations.

In 2021, the Federal Trade Commission in the United States of America (USA) received more than 1.4 million reports of identity theft linked to the USA only. According to the Bank of Ghana’s 2022 Fraud Report for Banks, Specialised Deposit-taking Institutions, and Payment Service Providers, identity theft is one of the most prevalent fraudulent acts on the market in recent times. These statistics depict how notorious this scam is and the need to protect our identity. Africa faces unique challenges due to factors such as inadequate identification systems, porous borders, and limited awareness about the risks associated with identity fraud. Criminal networks exploit these vulnerabilities, resulting in substantial financial losses and the erosion of public trust. However, by adopting preventive measures, informed by insightful statistics, we can better safeguard our identities and personal information.

Understanding the Threat

Identity theft can manifest in various forms, such as financial identity theft where fraudsters may use your payment card information to shop, withdraw funds from your account, or even access loan services. Other forms are criminal identity theft, medical identity theft, and more. Cybercriminals employ a range of tactics to pilfer personal information, including phishing emails, hacking, data breaches, and even physical document theft. Once they gain access to your information, they can open unauthorized bank accounts, make fraudulent purchases, engage in criminal activities under your identity, or access your sensitive records.

Ways to Mitigate Identity Theft

Mitigating identity theft is a collective effort that involves individuals, corporate bodies, and government efforts through regulations and education.

Role of Individuals

Below are a few ways individuals can protect themselves from identity theft.

1. Password Hygiene: A strong password is your first line of defence. Statistics reveal that weak passwords are a common vulnerability exploited by identity thieves. Therefore, it’s vital to create robust, unique passwords for all online accounts. The length of your password must be a minimum of 8 characters – comprising uppercase and lowercase letters, numbers, and special characters. Avoid using information that might be easily guessed, such as birthdays or common terms. Also, consider using a reputable password manager. These tools securely store your passwords and can generate complex, unique passwords for each of your accounts. They also simplify the process of updating passwords regularly. You also need to avoid reusing passwords.
2. Multi-Factor Authentication (MFA): MFA is a potent defence against identity theft. According to a recent study, MFA can avert up to 99.9% of automated cyberattacks. Activating MFA adds an extra layer of security by necessitating an additional form of verification, such as a one-time code from an app or biometric data. This makes it much harder for unauthorized individuals to access your sensitive data or accounts.
3. Secure Wi-Fi Networks: Secure your Wi-Fi network with a strong, unique password which will ward off attackers who may want to connect unauthorizedly to your network and siphon sensitive information on your devices. Weak Wi-Fi security can expose your network to cyber threats. Use WPA3 encryption and change your default router login credentials. Also, avoid connecting to less secure and public Wi-Fi. Individuals may be tricked into connecting to Wi-Fi set up by cybercriminals and every data shared on those networks can be accessed by these cybercriminals. This type of attack is known as the Evil Twin Attack.
4. Phishing Awareness: According to Proofpoint, “phishing is a common type of cyberattack which targets individuals through email, text messages, phone calls, and other forms of communication”. The objective of a phishing attack is to deceive the recipient into falling for the attacker’s demand, such as disclosing financial information, login credentials, or other sensitive information. Phishing emails are a ubiquitous technique used by cybercriminals to deceive individuals into disclosing sensitive information. Stay vigilant and cautious when encountering unsolicited emails or links that request your login information. It’s noteworthy that 65% of malware infections originate from phishing emails.
5. Secure Document Handling and Disposal: Safeguarding physical documents containing sensitive information, such as national ID cards and bank statements, is paramount. Dispose of them securely through shredding rather than discarding them. Dumpster diving remains a prevalent method employed by identity thieves. Identity thieves scour discarded documents for personal information. Thus, it’s wise to shred physical documents that contain sensitive data instead of merely throwing them away.
6. Limit Sharing of Personal Information: Statistics reveal that oversharing personal information on social media platforms makes individuals susceptible to identity theft. Be prudent about sharing personal details with unknown parties or organizations. Cybercriminals often gather information from social media profiles to facilitate identity theft.

Role of Corporate Bodies

Below are some ways institutions can partake in the fight against identity theft.

1. Compliance with Regulations: Institutions must comply with data protection and security regulations set out by regulators. They must do well to implement security best practices or robust security measures to protect customer information.
2. Monitoring and Reporting: Institutions must implement real-time monitoring for unusual activities and promptly report them to authorities. They should deploy monitoring systems that can track and notify of any anomalies in real time.
3. Identity Verification: Institutions must use robust identity verification processes for account creation and transactions. They can also employ advanced biometric authentication methods when possible.

Role of the Government

Below are some ways government agencies in Ghana can substantially contribute to mitigating identity theft:

1. Periodic Review and Enforcement of Data Protection Laws: Implement and enforce regulations that necessitate organizations to safeguard individual’s personal information and promptly report data breaches. Data protection laws such as the Data Protection Act, 2012 (Act 843) must be enforced stringently.
2. Public Education: Awareness campaigns must be launched to educate the public about online security, the importance of protecting personal information, and guidance on reporting identity theft incidents.
3. Support for Victims: Establish support systems for identity theft victims and provide resources on how victims can recover from identity theft.

Below are the contact details of mandated authorities to report cybercrime incidents including identity theft cases for assistance.

The Cyber Crime Unit of the Ghana Police Service

Email: [email protected]

Call: 18555 or 191

Cyber Security Authority (CSA)

Email: [email protected]

Call/ SMS: 292

WhatsApp: 0501603111

The author is a Global IT/Information Security Officer) / Member, IIPGH Communications team.

For comments, contact author via  [email protected] or Mobile: 0576396584 / 0550082315