The KAOS identity theft protection framework offers 8 principles and a road map for personal identity protection. While it is impossible to eliminate identity thefts risks completely, these principles help individuals reduce their risk of identity theft to acceptable levels. The extent to which consumers adopt these principles largely depends on their awareness of and appetite for identity theft risks. Each person should determine the acceptable risk level based and the consequences of identity fraud in order to take measured actions to prevent, detect, and resolve identity theft. For example, someone may decide to occasionally monitor activities on their credit reports for unauthorized and suspicious transactions instead of subscribing to an automated alert system to be notified immediately when a change occurs.
KAOS Identity Theft Protection Framework Benefits
The KAOS identity theft protection framework and its principles were created many years ago by Henry Bagdasarian, Founder of Identity Management Institute which have been incorporated into the Certified Identity Protection Advisor (CIPA)® training course and certification. The 8 identity theft protection principles represented in the KAOS acronym are listed below and offer the following benefits:
- Reduce the occurrence of identity theft
- Detect potential misuse of personal information
- Minimize the damage caused by identity theft
KAOS Framework Principles
1- Know Target Information – We first need to identify our personal data which may be vulnerable to identity theft to protect ourselves from potential identity fraud. It entails listing our credit cards, online accounts, and sensitive documents before thinking about how to protect our identity. Like on the battlefield, you first need to know your opponents, their targets, and methods before taking measures to defend and protect yourself. The first step to protect your identity is creating a list of all your identity items and data which the KAOS framework refers to as “identity components” that are often targets of identity thieves. These may include personal assets such as death and birth certificates, passports, SSN, driver’s license, and credit cards. Bank statements and other valuable documents must be considered for inclusion. As mentioned, not just physical items are listed in the inventory list but also account numbers, passwords and login information.
2- Know Target Location – Locate where each physical item is stored and add them to your list of identity inventory. It could be in the office drawer, briefcase, or wallet. Either way, make sure you know where all your personal information is for quick access and recovery but most importantly to determine the appropriate security measure and level of protection each identity component needs. It is easier to protect your credit cards, bank statements, and passport when you know where they are.
3- Assess Data and Actions – After identifying all your identity components and including them in your inventory list, the next step is assessing the information. Assess whether it is necessary to modify your personal inventory list or not. You also need to assess if your actions to manage and protect your identity are appropriate. Don’t assess your information in a hurry because this is a critical process that will determine the measures that need to be in place to protect your identity. Assessing your identity theft protection data and measures is not a one-time process. Instead, it is an ongoing process that will require time and keen attention to detail.
Here are a few questions to ask yourself when assessing your identity inventory list and actions toward them:
• Are all these online accounts or credit cards necessary? Some of your online accounts and credit cards could be making you more vulnerable to identity theft. Get rid of any accounts that you feel expose you more to identity theft. Consider closing some bank and online accounts or cancelling credit cards, or shredding statements. Be sure to delete all personal information from your profile before deleting an online account.
• Is it necessary to open another account or apply for a loan? Sometimes we may accumulate more items and data that we actually need which the framework refers to as “identity obesity”, however if you do, it is unnecessary to add them to your inventory list. Just remember, the more items you add to your list, the more resources and efforts you need to protect your identity. For example, you need to frequently change the passwords on your major accounts.
• Where have I kept each piece of information? You should always be aware of where your identity components are. Knowing that your credit cards are in the briefcase or wallet can help locate them faster and better protect your identity.
• Who have I shared any of my personal information with? Be cautious with data sharing as we will cover in another principle. For example, if you have sent any original documents to someone, follow up to ensure you collect them. For example, we sometimes must submit our original documents, such as a birth certificate when we apply for passport.
4- Accumulate Less – You probably heard the saying “less is more”. This statement is true in this case as having less credit cards exposes us to lower risk of identity theft and offers peace of mind. It is better to accumulate less identity component rather than accumulate and manage more items and possibly being forced to eliminate later.
5- Organizing Information – The identity theft protection process doesn’t stop at identifying your identity components and compiling a list of your data. That information will need to be organized and monitored. Categorize each item on your inventory list based on their acceptable risk level and similarities. The risk level assigned to each item will determine measures needed to protect your identity. Be specific when categorizing these items, although you can opt to consolidate categories that are closely related. For example, it makes sense to keep all bank-related information together. Categorizing personal information items come with benefits such as easier access. It will also be easier to determine the risk level to apply for each category. Keeping credit cards separately from other documents may reduce your risk of identity theft and financial loss. Check your credit cards, passports, and birth certificates periodically to ensure they are always in the right place. The sooner you detect the absence of your credit cards, the sooner you can look for them or alert the card issuer and prevent potential financial losses and fraud damages.
6- Observe and Monitor – It is also paramount to review your bank and utility statements periodically for accuracy verification. Check to ensure that all your credit card transactions are authorized. Follow up with your bank if you notice unauthorized or incorrect transactions or don’t receive a transaction notification on time. The same concept applies to all your items in the identity inventory list and your credit reports.
7- Secure Your Information – After defining your information categories, address the level of protection for each category. You may assign the same level of protection measure for similar categories such as brokerage and bank accounts. For example, you can have a cabinet for keeping all statements related to utilities, brokerage accounts, and banks. Establish an extremely confidential documents category for keeping government-issued documents such as your social security card, passports, and credit cards. It would be best if you always kept this category under tight control to prevent confidential information from getting into the wrong hands. You may opt for an fireproof safe box for keeping all your valuable documents and a shredder to discard your sensitive documents.
8- Share with Caution – Finally, be cautious when sharing your personal information. Ask the requestor why they need your information and how it will be used. Seek to know who will have access to your data and how it will be stored and protected. Consumers often use too many credit cards or use them excessively to make small purchases without considering potential risks. It is often unnecessary to use debit and credit cards for frequent transactions such as paying for coffee. Instead store cards can be used to add occasional credits and use that card to make small and frequent purchases like coffee. Identity theft risk increases with each transaction that exposes our data. Finally, when it come to social media, it makes sense to share less and choose your friends carefully. Some people accept every friend request on Facebook and post many personal information daily. This can be detrimental in the long term.
In conclusion, identify what data or document is a high target for identity thieves or may be hard to reproduce if lost or damaged, then apply some security measures and best practices to protect your identity. As a last step, make sure you follow up to report any lost, damaged, or stolen personal data and documents as well as fraud and suspicious activities.