If I’ve heard these statements once, I’ve heard them a thousand times:
'The volume of verification requests we receive doesn’t warrant a process change. We are fine.’
‘I’ve never heard of anyone’s data being stolen because of a verification request.’
Last Tuesday, another data breach was announced. The State of Oregon DHS was the target and victim of an email phishing scam. A few years ago, a prestigious university was targeted in a phone phishing scam specifically related to employment verifications. I point this out because, at Verifent, these are the business challenges we help organizations avoid. When you stop to think about it, it’s no surprise that scammers will attempt to call and access employee (consumer) information from an employer when there is no process to confirm the identity of the verifier…that is unless you work with Verifent.
Day after day, one conversation at a time, Verifent is changing the way small to medium-sized organizations think about the mundane task of responding to verification requests. Slowly but surely organizations are starting to understand that securing the way they respond to verification requests must be part of their cybersecurity plan. If an organization’s staff has been trained to only respond to verification requests through the Verifent portal where the requestors have been credentialed, both the email and phone phishing scam become less of a concern.
As a society, unless you’ve been the victim of identity theft, we seem to be numbing to data breach announcements and forget that real people with families are impacted. That’s why, at Verifent, we live by the mantra: “Your data is your data, one day at a time.” We don’t accept big data files that can be breached, and we don’t allow highly sensitive PII to be a part of the verification transaction. We are challenging organizations, big and small, to rethink how they balance data security and process efficiencies.
If you are still responding to verification requests manually with paper and through the phone without knowing the identity of the verifier, maybe it’s time we talk. If you are still sending large scale payroll files to third-party providers, maybe it’s time we talk, too.