How to protect yourself from fraud

By James Coney for the Daily Mail
Updated:

 

At least one major company or public body breaks rules supposed to protect your personal details every day, figures reveal.

A worried woman looking at her statement

Watch out: Never give personal details to companies which have cold-called you

These breaches include losing personal information, not keeping it safe, and even revealing customers' bank and credit card details.

Yet many more than the 464 reported rule breaches are likely to happen every year, as there is no requirement on companies to disclose lost data to the regulator, the Information Commissioner.

Last week, computer giant Sony was forced to contact around three million users of its PlayStation games console to tell them their personal details had been stolen by hackers.

Yesterday, the firm admitted a further 25m people worldwide were affected and up to 12,700 customers outside the U.S. had had their card details stolen.

Many have been advised they may have to cancel their credit cards. At present, this is not classed as a breach of data protection rules, since the details were stolen in a criminal act.

It is only when a company is found to have not looked after your details that it becomes an issue for the Information Commissioner. Last month, Mothercare and Marks & Spencer admitted losing customers' personal details. In recent years other high-profile incidents include HM Revenue & Customs losing a disk containing the child benefit details of 25m claimants, and a Royal Navy officer who had a laptop containing 60,000 people's details stolen.

How to protect yourself

But what can you do to ensure information you or your children give to companies is safe?

Not all information kept digitally by companies has been supplied by you over the internet. When you fill out a form in a shop, or phone up, these details will often be transferred to a digital file.

Cameron Ross, managing director of data protection expert Veritape, says: 'There have been great advances in card technology, such as chip and pin, which have caused a big drop in fraud. But where companies have not kept up is with the risk caused when someone is giving their information over the phone or sending it through the post.'

From the moment you are asked for personal information, the Data Protection Act should keep you safe. Companies must tell you why they need your personal details before you hand them over. This will be in a Privacy Notice, which explains why your information is needed and what it will be used for.

It is worth thinking whether a company actually needs your details — you can object if you think they are for marketing purposes only. All companies and public bodies have a duty to keep these details safe. If you are paying through a call centre, then avoid telling the person at the other end of the line your card details. Most reputable companies allow you to enter your digits by pressing buttons on your phone.

A report by Veritape found that in 2009 there were 90 major breaches of personal details from call centres — on each occasion, more than 37,000 people were affected. When companies become aware they have lost your details or had them stolen, they must assess what damage the leak may cause to your personal circumstances. Financial Fraud UK, part of the payment card trade body, will act as a go-between for companies that fear their customers' details have been taken. If you are affected, it may not be necessary to cancel your credit card — although some banks may think the risk of you being a victim of fraud is so great they will replace your card anyway.

For fraud on your credit card, you are protected under the Consumer Credit Act. And on your debit card, rules from the Financial Services Authority mean money should be returned to your account immediately. Any losses you incur should be reimbursed by your bank. And if the company is found to be at fault, it may have to pay your bank back.

Sandra Quinn, from Financial Fraud UK, says: 'The rules are there so, whatever happens, consumers are not left out of pocket.'

You do not need identity theft insurance which is offered by some banks, as these rules should protect you to the same extent.

Companies can be fined up to £500,000 for breaking the Data Protection Act, although only four fines have so far been handed out: three to local councils, and one to employment services firm A4e for £60,000 after it lost a laptop with the details of 24,000 people.

 
›› More: Why fraudsters want your personal details
 

THE GOLDEN RULES

•   If you are using a website, look for a padlock symbol and the address should start https:// instead of http://

•   Don't use passwords that are easy to guess, such as your mother's maiden name, or your child's name.

•   Watch out for boxes where you could inadvertently agree to your details being shared with other companies.

•   Pay by a credit or debit card. Any losses to fraud will usually be protected.

•   Never give more information than is absolutely needed — your name, address and payment details should be enough.

•   Never give personal or payment details over the phone to a company that has called you out of the blue.

Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

Most watched Money videos