Check Mate

The background screening process is drastically changed for some companies

IN the last 10 years, the background screening industry has grown tremendously and has moved from being a process used for security clearance, law enforcement and high-level, sensitive government jobs to an integral part of the hiring process of the vast majority of firms in the United States. Beth Miller of DataCheck Inc., located in San Clemente, Calif., said it best, as "more and more companies are conducting background screenings, it is becoming an everyday process and part of the norm."

With the rapid changes in information technology, the Internet, biometrics, security and human resource processes, the landscape of background screening is dramatically changing. As outsourcing of background screening sky rockets, numerous businesses are being attracted to the marketplace. New players are infusing the industry with innovative business practices and ideas. Despite this progressive movement forward, the industry's growth is primarily being driven by the usual suspects.

  • Employee theft is at an all-time high. The Annual Retail Industry report noted employees are stealing from their employers at an all-time high rate.

  • Identity theft continues at an alarming level.

  • Up to 60 percent of applicants lie or misrepresent their backgrounds on resumes.

  • Fake degrees are prevalent and still easy to acquire.

  • One of 10 applicants have a criminal background.

  • Employers continue to lose 73 percent of negligent hiring cases that go to jury trials.

In addition, challenges regarding privacy, data protection, impending legislation and clients' thirst to get value-added information faster continues to challenge background screening firms.

The Usual Suspects
The factors continuing to drive background screening numbers up are not new. According to the 2006 eCrime Watch Survey, 55 percent, of businesses surveyed experienced some type of electronic crime committed by an insider during the past year, with individual company losses up 46 percent to an average of $739,700. Fewer than 28 percent of the crimes were referred to law enforcement. This means there is no warrant or court record to report for potential future employers. It also is likely that a high percentage of the people were allowed to resign to avoid negative publicity for the company. That increases the likelihood of the fraud not being visible to future employers.

With the rapid changes in information technology, the Internet, biometrics, security and human resource processes, the landscape of background screening is dramatically changing.

In addition, the most recent Annual Computer Crime and Security survey, conducted by the Computer Security Institute and FBI, found that the top four security loss categories -- which account for almost three-fourths of the total percent of losses -- are viruses, unauthorized access, laptop theft and theft of proprietary information. The same survey found more than one-third of participants believe at least 20 percent of overall losses are due to insider threats.

There also is the emergence of the "Gigabyte Gangsters" -- gangs and organized crime moving the focus from the streets to the lucrative Internet. Friends, relatives or spouses of the gangs are getting jobs as retail clerks, mortgage loan assistant or hotel desk clerks, all positions that regularly view credit card information and personal information, and steal it for illicit purposes.

Because insider threats are escalating, clients are demanding more real-time information and solutions from the background screening industry to better manage risks and assets.

Bob Fischer of Employee Relations Inc. said while his firm continues to see rapid expansion of background checks, he also is seeing a much wider demand for checks against the national and local sexual offender databases. This is a politically charged issue that businesses are particularly sensitive to and want information on.

Data Protection
According to the Ponemon Institute's data breach study, data breaches in 2006 cost U.S. companies an average of $182 for every compromised record, compared to last year's $138, a 31-percent increase. The study reports that roughly $128 of the 2006 figure is related to indirect fallout from information leaks such as higher-than-normal customer turnover. Other associated costs spurred by data mishandlings or thefts were an average price tag of $660,000 per company in expenses related to notifying customers, business partners and regulators about data leaks. Total costs for each cited record loss studied in the report ranged from less than $1 million to more than $22 million.

"The burden companies must bear as a result of a data breach are significant, making a strong case for more strategic investments in preventative measures such as encryption and data loss prevention," said Dr. Larry Ponemon, chairman of Elk Rapids, Mich.-based Ponemon Institute. "Tough laws and intense public scrutiny mean the consequences of poor security are steep -- and growing steeper for companies entrusted with managing stores of consumer data."

In charting the most common sources of data leaks, researchers found that lost or stolen laptops remain the top culprit, accounting for 45 percent of all incidents. Records lost by third-party business partners or outsourcing companies represented the second-most popular type of event, representing 29 percent of reported leaks.

International Talent Search
According to the Bureau of Labor Statistics, by 2010, the overall labor shortage, measured in unfilled jobs, will be 21.3 percent. This means that "the competition to acquire new employees and retain existing personnel will reach dimensions that are unthinkable in today's environment."

One of the ways businesses are starting to address impending shortage is to expand talent searches beyond the U.S. borders. These searches have moved beyond technical fields, such as engineering, scientist or nurses, to many other management and professional-level positions. And, white collar, college-educated workers will not be the primary category where the shortages occur. Even larger shortages will appear in lower level service and production jobs. This is one of the real issues fueling the debate about immigration legislation, as legislators struggle with how to balance national security concerns with the employment needs of the economy.

This impacts background screening because the focus of background checks have been on U.S. employees applying for jobs within the country. A recent survey conducted by PreemploymentDirectory.com found only 47 percent of businesses conduct background checks on applicants from outside of the country, and 70 percent do not conduct checks on candidates hired in other countries.

This practice is going to change, and international background checks are emerging as one of the next frontiers where background investigations will take hold.

"The international market is growing significantly with more firms having locations outside of the country and more individuals being imported or exported. The labor market is no longer just in the United States," said Jason Morris, CEO of Background Information Services Inc.

Terry Corley, president of Global Screening Solutions, also sees the global marketplace wanting more tools and information made available that are not U.S. centric, but designed to meet the needs of firms that operate in multiple countries.

"Many of the needs deal with privacy provisions, data protection laws, applicant tracking systems and multi-national focused HRIS systems, all that are different than the United States," he said.

As growth continues in the sector employers are wise to make sure they do their homework or use expert firms. Court systems, laws, employer responsibilities and individual rights are very different in other countries, and each country has unique requirements. For example, in the European Union, primary laws that must be adhered to are the Data Protection Acts, as well as country specific laws. These laws impact information availability and transfer of personal information outside of the country.

There is a wide range of pricing that depends on the scope of the investigation and numerous other variables. Turnaround times in general average from five to 10 business days although many factors can influence the actual turnaround time to be up to six months. It also is important to know different countries have different definitions and levels of crimes than the United States, which must be considered in deciding the type of search conducted. The years covered in a search also will vary by country and identifying information will vary from standard information required in the United States to some unique requirements such as mother's maiden name in Spanish-speaking countries, father's name in Turkey, place of birth in Mexico or national identification number for numerous countries.

As firms move toward sophisticated ways of using and accessing data to facilitate better decision making, enterprise integration continues to drive data management. The trend is having a pervasive impact on security and human resources, driving forces of background screening in organizations. The business community is now demanding background screening information is integrated into greater human resource and security information systems via a dashboard, where all relevant data regarding an individual can be accessed rather than having to access a separate data feed.

Impact of Biometric Technology
Beyond traditional information technology issues several other technologies are likely to intersect with background screening as data collected by the systems are used as a unique identifier. There has been an explosion of identifying technologies since 9/11, and the trend can be expected to intensify for many years to come as the war on terrorism continues. From fingerprints to Iris or retina scans, all the way to implantable chips and DNA, the race to find the perfect identifier has heated up. An early shot in this battle was fired by the National Institute of Standards and Technology in a recent study which confirms fingerprints are still king.

Fingerprint identification systems have approached 99-percent accuracy and, perhaps more importantly, a slim 0.01 false-positive rate -- or only about one in 10,000 scans resulting in a misidentification. An NIST study tested 34 fingerprint ID systems from 18 companies. About 25,000 people supplied about 50,000 sets of fingerprints -- all in about 400,000 distinct digital images of fingers. The best systems reached 98.6-percent accuracy for a single-print match. Predictably, the more prints matched, the higher the accuracy rate. Two-finger matches were accurate 99.6 percent of the time. Four or more fingers matched had a 99.9 percent accuracy rate.

The study results are unlikely to stem the tide of researchers looking for the holy grail of identifiers. Implantable chips offer instant access to applicant or employee data and make it easy for individuals to show certain levels of security clearance ensuring they are who they claim to be. These high technology identifiers are likely to battle it out for a while. DNA may prove to be the ultimate identifier, even though there are voluminous issues associated with employers having access to the information. Only time will tell what technology prevails.

New potential identifiers have far-reaching implications for background screening. One of the essential ingredients of an effective and valid check is being able to positively identify the person being screened. False negatives lead to myriad of problems for employers and can end up in costly lawsuits. A recent case illustrates this point.

In less than three years, James R. Gorman went from being an investment manager to the lord of $100 million in client accounts for The Vanguard Group. But when Gorman's Pennsylvania insurance license came up for renewal, the company doing a routine background check found a problem. Gorman had pleaded guilty to loan and credit card fraud. He was a convicted felon. So Vanguard did what any financial services company would do. The company fired him.

There was just one problem. The company had the wrong guy. The James R. Gorman who worked for Vanguard had a different Social Security number, date of birth and address than the James R. Gorman whose conviction record had been unearthed.

Companies must make sure of a positive match from screening data, or other costly problems will occur. This is when the due diligence of having well-trained internal investigators or having selected a high-quality firm to conduct your screening truly pays off.

Continuous Background Checks
With availability of more sophisticated information tools, the ability to cross-reference databases and accumulation of massive amounts of data, experts are seeing the first wave of continuous-screening, post-hire services being offered to businesses.

Bill Bollinger, president of National Background Data said a newly-launched criminal monitoring service will offer firms the capability to proactively monitor background screening information on current employees. This extends a firms due diligence from the initial contact with employment candidates through the complete employment lifecycle of employees, providing real-time information for the business to make informed risk management decisions. The post-hire services help firms with early identification of potentially problematic situations, to assess risk and be able to take preventative steps before something bad happens. This will be a great tool to help avoid potential negligent retention lawsuits.

Outsourcing Overdrive
Another challenge in today's employment marketplace deals with the accelerating trend towards outsourcing work. Outsourcing work to other firms or to freelancers is occurring on a large scale. With the amount of talent existing in the freelancing pool and the acceptability of employing free agents, employers are motivated to use the specialized firms or free agents. This impacts the background screening industry because this is often the Achilles heel of many firm's background screening program -- checking the backgrounds of independent contractors or employees of their contractors.

The simple solution is to require every contractor to conduct background checks on employees as a part of all contract agreements. However, if you do not "inspect, what you expect" you are likely to find that many contractors are not complying with the contractual agreement. Businesses have not worried too much about the situation because companies have been able to go into court and use the defense that it was the contractors employees that caused the problem, therefore the companies have no liability. This view is starting to change and security professionals can help businesses close the gaping hole in the background screening program. For beginners, require contractors to provide a regular report summarizing background check results while periodically asking the contractors to review documentation.

David Sawyer, president of Safer Places Inc. in Middleboro, Mass., offers an interesting perspective on the situation. He believes contractors are going to start to recognize the time has come to diligently perform background checks. Progressive firms will not only start conducting checks, but use the information in marketing and advertising efforts to create a competitive advantage.

There's a lot happening with background screening and innovation will continue to escalate. There is widespread belief that background screening will continue to expand and security professionals should view this as another opportunity to further demonstrate value-added nature of their counsel.

Continuous screening is one of the services that will offer security professionals an ongoing opportunity to participate in risk management decision making, which will only raise their stature and perceived value to the organization.

This article originally appeared in the January 2007 issue of Security Products, pgs. 56-59.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3