Preventing identity fraud: how to protect your data and ID number
Identity fraud more often starts at the paper bin than with a hack. A discarded bank statement, a copy of your passport or an old phone can be enough to take out a loan or open an account in your name. Preventing identity fraud is therefore largely about carefully destroying everything that gives away your identity. That holds for individuals just as much as for businesses.
Want to gauge quickly how vulnerable you are? Run through these questions.
- Do you throw mail with your name and address out with the paper, untorn?
- Are there copies of your passport or driving licence in a drawer or your mailbox?
- Do you keep old phones and laptops without wiping them?
- Is your ID number on papers you simply throw away?
- Do you know which companies still hold copies of your customer data?
If you hesitate on any of these, below you read how identity fraud works and how to arm yourself against it with good destruction.
What is identity fraud?
In identity fraud someone uses your personal data to pose as you. With your name, address, date of birth and ID number a fraudster can take a phone contract, apply for a loan, place online orders or even claim a benefit. The bill and the consequences then land with you. Restoring your good name often costs months and a lot of effort. Prevention is therefore far easier than the cure. The first step is to understand that fraudsters rarely pluck your data out of thin air. They take it from documents and devices that you threw away or kept carelessly yourself.
Identity fraud starts with discarded documents
Most people associate fraud with hackers and phishing emails. In practice the paper bin is an at least equally easy source. A discarded binder, a box of old records by the bulky waste or a stack of mail with the paper form a treasure of data. Anyone who flips through finds names, account numbers, policy numbers and sometimes a complete ID number. This is also called dumpster diving. It costs a fraudster nothing and often yields more than a complicated digital attack. That is exactly why it matters so much that documents with personal data do not end up recognisable in the waste stream, but are destroyed beyond legibility.
What fraudsters look for
It helps to know which data is valuable. These are the pieces of information fraudsters hunt for:
- Name, address and date of birth, the basis to pose as you.
- The ID number, the key to government, tax and healthcare.
- Copies of passport, ID card or driving licence, gold for opening accounts.
- Bank account numbers and card details, often complete on statements.
- Usernames, passwords and customer numbers of webshops and services.
- Payslips, annual statements and insurance papers with financial details.
The more of these puzzle pieces someone can rake together, the more credible the fraud. One statement is annoying. A complete file is dangerous.
Protecting your ID number
The national ID number deserves special attention. It is not an ordinary detail but a legal identification number that gives access to tax, benefits and healthcare. In the Netherlands this is the BSN. Give your ID number only where it is legally required, such as to your employer or the government. A webshop, landlord or sports club does not need it. Redact your ID number on copies you must hand over anyway and never simply throw away old papers with it on. How to deal with ID numbers in old records is in ID numbers in old administration. For documents with an ID number the highest reasonable destruction level applies.
Mail and bank statements
Ordinary mail is an underestimated source of risk. Bank statements, payment slips, insurance letters and tax assessments are full of data a fraudster can use. Even advertising with a pre-filled name and customer number is usable. The rule of thumb is simple. Anything with your name on it that you throw away, you tear or shred first. For loose mail at home a small shredder often suffices. If you build a larger pile, for example when clearing a drawer or an archive, it is safer to have that collected and destroyed as a confidential stream rather than putting bags out with the paper.
Copies of passport and identity document
A copy of a passport or identity card is especially valuable to a fraudster, because many organisations accept such a copy as proof of identity. Yet copies lie around everywhere, from an old rental agreement to an attachment in your mailbox. Keep as few copies as possible and on the copies you do hand over, make the ID number and the photo illegible. Old copies on paper you destroy at a high level. How to handle this exactly is in safely destroying passport and ID copies. Do not forget the digital copies, because they are often easier to forget than paper.
Bank and credit cards
Expired bank and credit cards seem harmless, but the card number, the expiry date and sometimes the magnetic strip or chip contain usable data. Never just cut an old card in half and throw it away in one piece. The chip and the number must be made unusable. For anyone discarding many cards at once, for example a business with old fuel cards or access cards, controlled destruction is the safest route. Read how to do this well in safely destroying bank and credit cards. The same goes for gift cards and membership cards with a linked account.
Old phones, laptops and data carriers
Personal data has long ceased to be only on paper. An old phone contains photos, contacts, mail and logged-in apps. A discarded laptop or hard drive can hold years of documents and passwords. Simply deleting or a factory reset is often not enough, because data can sometimes be recovered with the right software. So wipe devices thoroughly or have the data carriers physically destroyed. If you pass a device on, first check that everything is really gone. For hard drives, USB sticks and phones you no longer use, physical destruction with a certificate is the surest option. More on this is in data destruction.
Watch the digital copies
Besides devices, your information also lives in the cloud and in mailboxes. A scanned copy of your passport in a sent email, a backup of old documents or a shared folder with personal data form a quiet archive you easily forget. Clear out those digital copies just as deliberately as paper. Remove attachments with sensitive data from your mail, empty the trash and check cloud folders. For businesses that clean-up also includes wiping backups. A document you neatly destroy on paper but leave standing digitally remains an open door for fraud.
Do not throw away, shred
The core of prevention is simple. Documents with personal data do not belong in the bin or the paper bin, but in the shredder. A whole sheet of paper or a document torn into large pieces can be made legible again with some patience. Only when paper falls apart into small particles does it become practically unusable for a fraudster. The difference between throwing away and destroying is exactly the difference between an open and a closed door. What counts as confidential and how to keep it separate is in separating confidential paper waste.
The right DIN level
Not every document needs the same fineness. The DIN 66399 standard describes how small the particles must be. For ordinary documents with personal data, P-4 is a good standard. For ID numbers, medical data and copies of identity documents you choose P-5.
| Level | Particle size | Suitable for |
|---|---|---|
| P-2 | Strips | General print without data |
| P-4 | Small particles | Mail and documents with personal data |
| P-5 | Very small particles | ID numbers, ID copies and special data |
A simple strip-cut shredder often only reaches P-1 or P-2. For protecting your identity that is too coarse. Choose a cross-cut device at home and have larger streams destroyed at P-4 or P-5.
What businesses must do
For businesses, identity fraud is not only an own risk but also a responsibility towards customers and staff. Whoever manages customer data, personnel files or copies of identity documents thereby also manages the fraud risk of others. The GDPR requires you to protect personal data for as long as you hold it and to destroy it once the retention period has passed. A forgotten box of old payslips or customer files is therefore not just a tidying chore, but a real vulnerability. Destroy old records in a structured way at the right level and record that it happened. That way you protect your customers and your own liability in one move.
Processors and third parties
Many businesses share data with other parties, from a payroll administrator to an IT supplier. Those parties are called processors and must handle the data just as carefully as you do. Agree in advance what happens to data at the end of the cooperation. Is it returned or demonstrably destroyed? Data that keeps drifting around at an old supplier is a risk you remain responsible for. So ask for proof of destruction when a contract ends or when a supplier clears out old backups. That way you prevent your customer data from being left unattended somewhere.
Identity fraud and the data breach
If personal data does end up in the wrong hands, we speak of a data breach. An open box of customer files that goes missing or an unwiped laptop that is sold can be a notifiable data breach. A serious data breach you report within 72 hours to the data protection authority. The step-by-step plan is in reporting a data breach in 72 hours. If you can show that sensitive documents were already demonstrably destroyed, there is simply less that can leak. Good destruction is therefore not only fraud prevention, but also the best insurance against an unpleasant reporting duty.
The role of confidential destruction and the certificate
Professional destruction adds two things you arrange with difficulty at home. First a closed chain, where the material is collected sealed and only opened again at destruction. There is then no moment where a file stands waiting on the street. Second a certificate of destruction with date and level, which proves the data was made illegible. For a business that proof is indispensable in an inspection or data breach. For an individual it mainly gives peace of mind during a big clear-out. Paper and data carriers come in the same collection, each destroyed at the appropriate level.
Prevention checklist
Want to make it concrete? Work through this checklist and you cover the main risks:
- Shred all mail with your name, address or customer number before you throw it away.
- Give your ID number only where legally required and redact it on copies.
- Keep no unnecessary copies of passport, ID or driving licence.
- Wipe or destroy old devices, phones, laptops, hard drives and USB sticks.
- Clear out digital copies in mail, cloud and backups.
- Destroy at P-4 or P-5, not at coarse strips.
- Ask for a certificate on large streams as proof of destruction.
What to do if you suspect fraud
If you suspect someone is misusing your identity, do not wait. Report it to the police and to the national identity fraud reporting point. Contact your bank when financial data is involved and keep an extra eye on your accounts and mail. Keep all evidence and correspondence, because you need it to clear your name. The sooner you are onto it, the more limited the damage usually stays. And immediately look critically at your own document flow, so you close the source of the leak and prevent a repeat.
Have sensitive documents or old devices destroyed safely?
Tell us what you have and you get a fixed price. We collect it sealed, destroy paper and data carriers at the right DIN level and you receive a certificate as proof. No call-out fee within 20 km of Amsterdam.
Request a quoteFrequently asked questions
How do I prevent identity fraud?
Limit what data you give away, keep as little as possible and destroy documents with personal data at DIN P-4 or P-5 instead of putting them out with the paper. Also wipe or destroy old phones, laptops and USB sticks.
What do fraudsters look for?
Name, address, date of birth, ID number, copies of identity documents, bank details and login credentials. These are often on discarded mail, old records and unwiped devices.
Should I protect my ID number?
Yes. Your national ID number is a key to your identity. Share it only where legally required, redact it on copies and destroy old documents with it at P-5 at least.
Does shredding really help against fraud?
Yes. Shredding illegibly at the right DIN level makes data unusable for fraudsters. An open paper bin does not offer that certainty.
Conclusion
Preventing identity fraud is not a matter of luck, but of habit. It starts with the realisation that your old documents and devices are valuable to a fraudster. Give away less data, keep less and destroy the rest at the right level instead of throwing it away. Protect your ID number, watch copies of your identity document and do not forget your old phones and hard drives. For businesses, the responsibility to demonstrably destroy customer and staff data belongs with it. With a closed chain and a certificate you close the last door a fraudster still had open.
See also the broader explanation of destroying confidential documents and the related articles shredding versus incineration, GDPR versus AVG and separating confidential paper waste.
Want to protect your identity with good destruction? Request a quote via desnipperaar.nl. We destroy paper and data carriers at the right level and you receive a certificate as proof.
Handy overviews: 8 documents you should shred at home.