by Doug Pollack
Unfortunately, ID thieves don't take time off during the holidays. Because people are out and shopping (or on the web and shopping) more actively during December, there is an even greater risk of identity theft.
Christine Arevalo, an ID theft expert and head of data breach services at ID Safeguards, discusses ID theft during a recent edition of AM Northwest.
When shopping online during the holidays, remember to look for the "lock" icon and "https:" address in your browser when entering your credit card or other personal information. Also, she suggests that you dedicate just one credit card for your online purchases in order to make it easier to keep track of the charges in January. And never use a debit card for online buying since it directly accesses your checking account funds.
Tuesday, December 11, 2007
ID Theft During the Holiday Season
Tuesday, December 4, 2007
The Bad Check Boomerang
By: D. Jones, Recovery Advocate
Have you recently received a collection notice in the mail and don’t know why? Collection notices can be for outstanding balances on credit cards or for outstanding, uncollected checks. Those pesky notices are one of the main ways the average consumer discovers the theft of their identity.
When a check has been written, whether a forgery (signing a name that isn’t yours) or a counterfeit check (a false check created with accurate or completely inaccurate information or a mixture of both) it goes through a few steps before its final destination.
Ever notice those little machines or attachments to the register that scan your check when you present it to the merchant? Those are usually linked to larger check verification companies. The four major ones are: Telecheck, CheckRite, SCAN/ChexSystems and Certegy. The system used either denies or accepts the check and the merchant goes from there.
If the check is denied, it means there is a check collection or an alert out with the particular bureau the merchant uses. The merchant will often give the consumer a card with contact info for the bureau used. However, if the check clears, either the name, driver’s license number or checking account information is not on file with the bureau as being in “negative status”. When a check is verified as “no negative status” it doesn’t mean the check is good – it means there is no record of the check being bad. Not as easy as it sounds.
Back to those check collection notices in the mail – if you've received one it means your personal information (bank info, name, driver’s license number) was used to write a check to a merchant.
If the information used was your account info, you notice unauthorized debits exiting your checking account and alert the bank. If it does not belong to your bank, and here’s the frightening part, you may not know about it for a while.
Once the check doesn’t clear it goes back to the merchant to collect the amount. Often they use those same verification bureaus to collect for them and record the information as “negative” which means the victim is unable to present checks validly – another way a victim discovers the theft of their identity. Enter the appearance of the check collection notice in the mail.
Remember that frightening delay mentioned earlier? If incorrect address or fake address information was used the notice may not get back to you for some time, and identity thieves count on this delay to utilize the checks as long as they can.
Thieves obtain our info through various illegal methods including mail theft, purse/wallet theft, dumpster diving, or corporate breach compromise and black market dealings.
Sometimes the victim attempts to resolve the situation themselves but the collection notices can often be the tip of a very nasty iceberg. We’ve all heard about collection bureaus and their practices - dealing with these guys can run the gamut from irritating to abusive. So if you ever get one of those notices call the check collection bureau and ask them to provide verification of the debt – it’s your legal right!
Credit Union Customers Targeted with Latest Scam
The identity thieves are getting increasingly clever with their scams. They have realized that consumers are becoming less willing to respond to “phishing” emails that direct them to decoy websites asking for personal banking information or a social security number. Most folks delete these sorts of emails suspecting foul play, which is the smart thing to do. The newer version of this phishing scam is known as “vishing,” or “voice phishing.”
An article from consumeraffairs.com dated December 3, 2007 states that “sophisticated criminals now send emails instructing consumers to call a telephone number instead of clicking on a link. This tactic, known as ‘vishing’ can be especially effective because consumers who encounter a live person are much more likely to let down their guard.”
Read more from the article and view a recently circulated vishing email here.
Consumers who receive one of these bogus emails should contact their credit union directly by using the phone number on their monthly statement or by obtaining the number from the financial institution’s official website. It’s also a good idea to report this scam to the Federal Trade Commission at http://www.ftc.gov/.
Friday, November 16, 2007
The Missing Ingredient in Most ID Theft Services. Personal Help.
by Doug Pollack
There has been a great deal of attention recently paid to the actions by credit bureaus enabling consumers to use credit freezes as a tool to avoid or deal with identity theft events.
In a recent New York Times article titled "In ID Theft, Some Victims See Opportunity", the author highlights several companies, like ours, that provide ID theft protection services. Several of these companies see the use of credit freezes and credit fraud alerts as a panacea for eliminating the threat of identity theft. This is a position that we do not subscribe to. We believe strongly in encouraging consumers to use all appropriate best practices to avoid identity theft, and we provide a product, FraudStop, that provides broader prevention from ID theft by addressing not just credit records, but also other records including real estate, motor vehicles, utilities and the like, all of which can be used by identity thieves.
"Among its peers, LifeLock has attracted the most attention--much of it negative. In radio and television ads, Todd Davis, chief executive of LifeLock, gives out his Social Security number to demonstrate his faith in the service. As a result, he has been hit with repeated identity theft attacks, including one successful effort this summer in which a check-cashing firm gave out a $500 loan to a Texas fraudster without ever checking Davis' credit report. Last summer, The Phoenix New Times, an Arizona paper, reported that LifeLock's co-founder, Robert Maynard, had a criminal past. Maynard later resigned."
But despite the best protection, ID theft does and will occur. Which is why the consumer is best served by a company that can provide them with an expert to handle any identity theft issues. Which is what we do with our staff of personal recovery advocates. Most identity theft protection services companies do not provide recovery services. They do not have teams of trained professionals. They do not see this as important. We obviously do. And so do the over 2.5 million people that rely on our recovery services.
Among other things, the author highlights that identity theft services whose only value is in setting fraud alerts or credit freezes for consumer, are vulnerable to potential legislation.
"[This] business [specifically mentioned were LifeLock, TrustedID, and Debix] is vulnerable if Congress succeeds in pressuring the three major credit agencies to make these theft-fighting measures cheaper and more accessible to consumers. Sen. Charles Schumer, Democrat of New York, criticized the credit companies last month for making identity theft freezes too cumbersome to set and lift. Each of the three credit agencies recently bowed to public pressure and made freezes available in all 50 states."
But this article is silent on the consumer need for professional ID theft recovery services. It is projected that over 10MM people in the US will fall victim to identity theft in 2008. Identity theft protection services such as ours, and those provided by others in this space, will help in turning this trend. But consumers should be told the truth. There isn't a silver bullet that will guarantee that you won't become a victim of identity theft. ID thieves are using increasingly more sophisticated means to steal from you. Which is why if you opt for an identity theft protection service, it should include expert, professional, personal recovery assistance.
Monday, November 12, 2007
Experian, Equifax and TransUnion Offer Credit Freeze to All Consumers
Before November 1st of this year, there were 39 states (and DC) that had laws on the books stating that their residents could freeze their credit files. Some other states had adopted freeze laws that applied to victims of identity theft only. With this new law, everyone is eligible, whether they are victims of identity theft or not.
A security freeze (a.k.a. credit freeze) prevents creditors and other entities from viewing your credit report without your express permission. When you apply for credit with a freeze in place, you must use a PIN provided by the bureaus to temporarily lift the freeze. The temporary lift lasts 2-3 days and the entire process adds a few extra days to the application process. The freeze is in place indefinitely until you decide to permanently lift it. Much has been written about the benefits and drawbacks of the freeze. If you are thinking about placing a security freeze, be sure to take into consideration all of the negative consequences as well as the positive.
For example, with a freeze in place, you may be denied employment because your potential employer is unable to conduct a background check. I have personally worked with victims of identity theft who were unable to purchase a new car at a "super sale" rate because they did not time the "thawing" of their credit files just right. On the other hand, there are many id theft victims who enjoy the peace of mind that the freeze offers them, and are more than willing to put up with any potential inconveniences or out-of-pocket expenses.
The three credit bureaus have more information on security freezes at their websites, www.experian.com, www.transunion.com and www.equifax.com.
Wednesday, October 31, 2007
Warning: Be on High Alert for Fake FTC Email Containing Virus
“'The e-mail says it is from ‘frauddep@ftc.gov’ and has the FTC's government seal. But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.
'It's a treasure trove for identity theft," said David Torok of the FTC's Bureau of Consumer Protection. ‘We're concerned. The virus that's attached to the e-mail is particularly virulent.’”
The Federal Trade Commission is encouraging consumers to forward the email to spam@uce.gov, an FTC database, for investigation and then to delete the email. For more official information and instructions, go to the FTC website.
Tuesday, October 30, 2007
Synthetic ID Theft
by Doug Pollack
The Wall Street Journal this week published an article on synthetic identity theft titled "The Borrower Who Never Was" (Christoper Conkey, October 29, 2007).
It describes how an identity thief named James Rose would create synthetic identities, those that appear real on paper, but were actually used by him in order to trick financial institutions into making loans or issuing credit cards.
"Working with a partner, Mr. Rose tricked the guardians of the credit system -- lenders and the three big credit bureaus -- into treating his fake identities as if they were real, creditworthy consumers. He obtained several hundred credit cards in the names of Mr. Gregory and as many as 500 other fake personas over two years, filching around $750,000 over a two-year period."
Unlike more common identity theft, synthetic identities are used primarily to defraud financial institutions without affecting individuals. Mr. Rose noted that their goal was to "make a lot of money without actually hurting people."
Despite protestations to the contrary, some feel credit bureaus aren't doing enough to deter identity theft. In the case of synthetic identity theft, it is the knowledge of credit bureau procedures that enable criminals to create and exploit synthetic identities. Evan Hendricks, editor of Privacy Times, notes that "the credit bureaus are at the epicenter of identity theft and there's no pressure at this point to force them to make changes."
Tuesday, October 23, 2007
Business breaches a source of identity fraud
by Doug Pollack
A recently federally funded study on identity fraud by Utica College's Center for Identity Management and Information Protection "paints a complex portrait of the signature crime of the digital age, one that has been the top consumer fraud complaint to federal authorities for six consecutive years."
As described in a recent article titled In Many Major Cases ID Theft isn't Personal (Joseph Menn, LA Times-Washington Post, 10-22-07), this study challenges a widely held perception that a majority of identity theft cases occur with people that are known to the victim.
Based on 500 individuals arrested by the US Secret Service over the last several years, only 8% were relatives of or acquainted with their victims. The most common tool for identity theft based on this study was any of a variety of technology devices, including credit card encoders, computer printers and telephones, which contributed to 37% of the cases.
This study further reinforces the need for individuals to be very careful with their personal information, and how and when and to whom they disclose it, but also highlights that identity theft can occur even to those people that are consummately careful.
Thursday, October 18, 2007
Clark Howard on ID Theft Services
by Doug Pollack
I've been a long time listener of Clark Howard. It is hard not to appreciate the solid advice on how to save money and not "get ripped off".
With the expansion of competing services targeted at consumers to protect from identity theft, it can be difficult knowing who to trust or what criteria to use in selecting a service. He has commented extensively on identity theft, and provided the following advice to his listeners:
"Clark gets tons of calls about identity theft. It has remained a real aggravation for people, especially when they have been a victim. ...The only time he would recommend paying for a service is if a human being comes with the deal, and that person is going to clean up your credit for you. "
After 4 years in the ID theft protection business, ID Safeguards launched a new consumer identity theft protection service earlier this week called FraudStop. FraudStop is distinctive in that it provides exactly this kind of personal service to victims of identity theft. The company has a team of experienced "recovery advocates" that, if a FraudStop member falls victim to identity theft, will personally take on their case and do everything necessary on their behalf to restore them to pre-theft condition.
While I realize that Clark Howard doesn't endorse products, which is part of his appeal, I am pleased that the FraudStop offering from ID Safeguards is in alignment with the advice that he gives to his listeners.
Saturday, October 13, 2007
ID Thieves Steal Medical Services, Cause More Pain
by Rick Kam
In an article written by Victoria E. Knight on October 11, 2007 in the Wall Street Journal, Escalating Healthcare Costs Fuel Medical ID theft, Victoria explains:
"One of the biggest threats posed by medical identity theft is that victims can receive the wrong medical treatment based on the fraudulent information in their medical records. (You are allergic to penicillin, the impostor isn't.) In addition, theft can cause victims to fail pre-employment medical exams or become uninsurable."
What is Medical ID Theft?
Medical identity theft is when someone uses your name and health insurance without your knowledge or consent to obtain medical treatment, prescription drugs or goods. At least a half-million Americans have been affected, according to Pam Dixon, Executive Director of the World Privacy Forum, a San Diego research group that focuses on privacy issues.
What can be done to protect yourself from Medical ID theft?
Like protecting yourself other forms of ID theft, we suggest being aware of potential misuse of your personal data. Check those explanation of benefits statements you get after visiting the doctor to make sure the medical services you received are accurate, and that you were the one that received them.
There are new identity monitoring solutions in the market that detect both financial and non-financial fraud (i.e. medical ID Theft). Credit monitoring is not effective in detecting this issue or many other issues involving non-financial crimes.
Tuesday, October 9, 2007
Would You Notice $400,000 Missing From Your Checking Account?
by Rick Kam
In an article published in the New York Times by Sewell Chan on October 2, 2007, Chan reports that Mayor Bloomberg fell victim to Identity Theft.
"In early June, Mr. Bostic deposited a $190,000 forged check into the Sovereign account and a $230,000 forged check into PNC account, according to prosecutors. Both of the forged checks were drawn on Mr. Bloomberg’s personal account at the Bank of America and were issued in the name of the mayor’s financial manager, Geller & Company."
You might ask could this happen to me?
The answer is yes. There are many types of financial and non-financial ID theft. Credit card fraud and someone withdrawing money from your checking account happens a lot.
You might say, "I have a service that freezes my credit or automatically sets fraud alerts to guarantee against ID theft". The answer is, these solutions will prevent the issue that happened to Bloomberg - an ID thief stealing money being taken from his checking account.
There are new services on the horizon that monitor credit, checking, and other forms of financial and non-financial personal data to detect misuse of your information and provide 360 degree protection. You will see these new services become available in the market and be more effective, but cost roughly what consumers pay today for less effective solutions. More on this in a future post....
Wednesday, October 3, 2007
Gap Reports Theft of Laptop Containing Personal Information
by Heather Wells (Recovery Advocate)
1) Your Social Security Number
2) Date of Birth
3) Driver’s License Number
If a company requests any of this information simply write “see below” and then add a note at the bottom of the application stating that you would “be happy to give this information during the interview process.” Explain to your potential employer that you are simply protecting yourself from the threat of Identity Theft.
In general, employers do not make a hiring decision based solely on looking at an application or resume and they do not need this info unless they are truly interested in hiring you. The same goes applying for a job over the phone. Explain to the person taking down your name and work experience that you don't feel comfortable giving up so many other personal details on the telephone. You never know where your information could end up, on an unsecured computer or desktop, in a trashcan, or even worse, in the hands of an id thief!
Friday, September 28, 2007
Lose Your Customer or Employee Data?
by Rick Kam
Eric McNulty authored a Harvard Business Review case study September 2007 called "Boss, I Think Someone Stole Our Customer Data".
In this HBR case study, McNulty illustrates how a small business called Flayton Electronics learns that the security of its customer data has been compromised—and faces tough decisions about what to do next.
90% of organizations lose or have customer data stolen each year (see related blog). If you are one of the 65 million business in America and have this happen to you, how would you respond?
The most important decision a CEO and/or Chief Security Officer will make is what to do once you find out this has happened to their organization.
Remain calm. Just because personal protected information may be lost or stolen doesn't mean that the information will be misused by perpetrators to commit ID theft of financial fraud. In many cases, the perpetrator was targeting the laptop to resell it to a pawn shop for a few bucks to buy drugs. But, you still have to act quickly to determine if the information was compromised and do a risk assessment of whether or not the information may cause harm if it were misused.
There are several questions you have to ask. Here are a few of the key questions:
1. was the information encrypted or not?
2. if it was encrypted, was the encryption key protected?
3. when did we discover the information was missing or stolen?
4. what information was lost (name, SSN, account numbers, etc.)
5. was there evidence to believe there was criminal intent?
6. did we contact law enforcement?
7. who knows about the issue?
8. how many records were compromised?
Once you have an initial assessment of the issue, you make a risk assessment, develop a risk mitigation plan, and implement your incident response plan. If all of these sound foreign to you, ask your privacy or compliance officer to do a review of your ability to respond to a data breach.
Wednesday, September 26, 2007
Credit Bureaus Offer Credit Freeze
by Rick Kam
TransUnion and Equifax to offer credit freeze services according to a September 22, 2007 article in ConsumerAffairs.com by Martin Bosworth.
"offer consumers the ability to "freeze" their credit files in all 50 states in order to protect themselves against identity theft and fraud. The service will be available in the 11 states that do not already have credit-freeze laws, costing consumers $10 to set the freeze and $10 to unlock it, and will "meet or exceed the requirements" of states with existing freeze laws. The freeze service will be free to victims of identity theft, and is scheduled to roll out Oct. 15."
This means that you can instruct these two credit bureaus to freeze your credit making it more difficult for an ID thief to set up a new fraudulent credit card or take out a loan using your personal information. Experian is the other major credit bureau. They have not indicated whether or not they will also offer this service.
The question is whether or not this is a good solution to protect you from ID theft? There is a $10 cost to freeze and unfreeze your credit. If you are a victim of ID theft, the cost to freeze your credit is $0.
Our suggestion is to look at using this tool if you are a victim of ID theft versus a preventative measure. There are several reasons for this.
1. If you are a victim of ID theft, it can prevent more fraudulent accounts being set up by the thief
2. If you are not a victim of ID theft, this tool requires you to take an action each time you want to open a new credit line.
3. A credit freeze only protects you against credit fraud. There are many more ways ID theft can occur that this tool will not address including debit fraud, medical ID theft, criminal misuse of your ID etc.
The good news is there are new preventative tools entering the market that provide a 360 degree protection against all of these issues and provide better protection. These services scan both financial and non-financial data sources and do a much better job of protecting your identity. I will discuss more on this topic in future blogs.
Friday, September 21, 2007
Free Credit Reports?
There’s only one legitimate source where you can obtain your FREE credit reports and that’s http://www.annualcreditreport.com/. The law requires that each of the major credit reporting agencies-Equifax, Experian, and TransUnion-give you a copy of your credit report every year at no charge.
If you are ever online and are asked to enter a credit card number in order to obtain a copy of your credit report, DON’T DO IT. Many of the companies that advertise free credit reports and credit scores will enroll you in services that you don’t want or need. Cancelling these services once you’ve given over your billing information can be difficult or downright impossible.
So, before you give over your credit card number for something that is supposed to be “free,” don’t do it. Go to http://www.annualcreditreport.com/.
Monday, September 17, 2007
Share Your SSN with Anyone?
by Rick Kam
When is it OK to give someone your SSN, if ever?
The answer is ...
NEVER give out your SSN to an organization or person you don't know.
There are only a few reasons organizations need your SSN. One is if you are applying for credit. Say, you walk into your local car dealer and decide to buy a new/used car. The dealer will ask you for a copy of your drivers license and will check your credit report to see if you are an able buyer.
Another good reason an organization will ask for your SSN is if you are applying for a job. The employer will do some background and credit checking depending on the position you are applying for. If you are not comfortable with the organization having your personal information to do this background check, you may want to reconsider working for them.
The other reason is to pay taxes. The IRS will require your SSN on your tax returns. Many of us may ask why the IRS needs your SSN? Well, it is so they can identify that you submitted and paid any taxes due. Unless you want the IRS coming after you, it is probably a good idea to provide your SSN on your return.
If others ask you for your SSN, make sure you ask why they need it and ask how they plan to protect and destroy the information once they are done with it. It is incumbent on organizations to protect your personal information, especially with recent privacy legislation (i.e. HIPAA or GLBA).
Monday, September 10, 2007
New Data Protection Bill in California
by Rick Kam
K.C. Jones authored an article on September 7, 2007 in InformationWeek called "California Data Protection Bill Moves Forward".
Once the Bill is ratified it will provide several new consumer protections. The TJ Max issue, where 40+ million credit card numbers were lost/stolen is an example of where this legislation would apply.
"The bill would provide notice to consumers, telling them which retailers lost their credit or debit card information, and when the information was lost. It would require retailers responsible for data breaches to assume all costs of consumer notification and card replacement."
California has led the nation in several pieces of ID Theft legislation. I expect other States will also put consumer protections like this in place soon.
Can Sharing Music on the Web Expose You to ID Theft?
by Rick Kam
According to Brian Koemer who authored an article on September 10, 2007 titled "Peer-to-Peer Networks Used to Steal Identities", the answer is YES!
"In what federal authorities are calling the first of its kind, the arrest of Gregory Thomas Kopiloff of Seattle, who allegedly used P2P Software to steal the personally identifiable information (PII) of at least 83 people."
How many of you use P2P file sharing software like Kazaa or LimeWire?
If you have teenagers in the house, are they using these tools to share their favorite songs with friends?
There is a good chance that one of your computers have this tools installed. If you do, Brian Koemer provides tips on how to protect yourself online. Besides, these tips from Brian, We also suggest the following:
1. Make sure your computer has the firewalls enabled. A firewall will help reduce the risk of someone getting unauthorized access to your computer. If you bought a computer recently, most will come out of the box with the firewalls enabled (i.e. Windows Vista or MAC OSX).
2. Scan your computer regularly for viruses. You can schedule this function to run every week or once a month when you are not using it.
3. Make sure you obtain files from known sources (i.e. iTunes). Many versions of music files exist on the web. You can tell they are different because the file sizes differ. Some of these variations are legitimate and accommodate for various media players. Others contain viruses and other malware.
If you suspect any issues with files, just don't put it on your computer...
Tuesday, September 4, 2007
Another One Bites The Dust: Warranty Hard Drive Replacement
Enjoying your computer but one or more of the drives bites the dust? Realizing that it’s still under warranty solves only half the problem. What happens to that old, dead drive once your warranty service visits your home to replace it? Worse yet, what about when you ship your computer to the manufacturer for them to replace the drive at their facility? Both of these scenarios can be rife with identity theft opportunities.
As noted in a recent post on whatsnextblog, it has been shown that hard drive replacement could lead to data compromise. Manufacturers are supposed to wipe the drives with an industrial magnet, a technique called “degaussing”, before resale or render them unusable but that often doesn’t happen the way it should. One of our recovery advocates recalls a Dell computer drive that failed. The system was under warranty so a contractor made a house call to replace the drive. She asked if she could keep the old drive for security reasons and was told it was Dell’s policy to return the used drive. Daunted, but secure in the fact that the drive was new and therefore free from sensitive information, she watched as the drive was taken from her computer and removed from her home. Who knows what happened after that point? Its common knowledge now that the drives are repaired and resold but what happens to the info stored on the drives?
The auto mechanic industry has learned to honor our right to the broken, damaged parts that are replaced – why not the computer technician field? If we’ve paid for it, we should be able to keep the old part or be assured that our information is removed or the drive destroyed so that others can’t access it. Dell now has a policy that allows the consumer to purchase the damaged drive for an additional fee. As the article in the link states, at the very least, new manufacturers should revisit current policy on replacing dead drives or perhaps current laws need to be restructured to ensure corporate protection of consumer privacy.
Monday, September 3, 2007
Gone in 4 Seconds
by Rick Kam
Have you thought about how a perpetrator might steal your personal information? I came across this video called "Gone in Four Seconds." In this video, crooks prey on unsuspecting victims at a gas station, stealing their personal information while they are not looking.
Have you been a victim of ID theft? Share with our readers how this happened and any suggestions you have to help them avoid the crime.
Monday, August 27, 2007
90% of Businesses at Risk of Losing Your ID
by Rick Kam
Should business be responsible for protecting your identity and paying to restore it if crooks misuse it? There is an article in InfoWorld dated July 16, 2007 that says 90 percent of businesses at risk of losing your personal information:
"A new report by the IT Policy Compliance Group finds that the vast majority of businesses do not meet data-handling regulations, increasing the risk of a data breach".
As of this posting, there are 36 States and existing Federal laws that require businesses to safeguard your personal information and notify you if they lose it. Essentially, if a business requires your personal information as a prerequisite to doing business with you, they are required to protect it. So, why are so many business not compliant with current legislation and unprepared to react if they have a data breach?
Security experts say the cost of securing a business from every potential threat is unrealistic. Good information security practices suggest protecting mission critical or high risk information. Unfortunately this means that many systems and information sources may be left at risk. This seems to be where most information crimes occur (i.e. stolen laptops, compromised employees, lost paper documentation, missing back up computer media, etc.). Privacy Rights Clearing House is a good resource for businesses and individuals on data breaches.
Individuals can take action by voicing their opinion, asking questions of the business they frequent, or voting where they spend their money. Several legislators including Senators Gordon Smith, Darlene Hooley, David Wu, and Representative Greg Walden are supporting legislation to require businesses do a better job at protecting personal information. Write your State legislators voicing your concern. The next time a business asks you for your social security number, ask them why they need it. If they do require it, ask them how they protect it. And remember, in most cases you have the final vote as to whether or not you do business with them (vote with your dollars).
Tuesday, August 21, 2007
Dave Ramsey on ID Theft Among College Students
by Doug Pollack 
Prominent talk show host Dave Ramsey discussed the prevalence of identity theft among college students in an interview earlier today on the CBS News Early Show.
He stated that:
"Identity thieves zero in on college students much of the time. They're deemed particularly vulnerable to ID theft, and people aged 18-29 make up the group most commonly victimized by it."
Strangely enough, young people might seem to have the least to lose from identity theft, which may be why they are specifically targeted, because that they don't feel vulnerable, they can be very cavalier with their personal information, and because they're consumed by school activities. Most college students not only haven't ever checked their credit reports, most of them probably don't even know what a credit report is (I know mine don't).
One of his listeners wrote to him saying:
"My third day at college, I applied for several credit cards on campus. Five years later, I found out that all my personal information was posted on a Web site. I had cars bought in my name and credit accounts across the country. A college student who ran one of the credit card booths was responsible for posting my information. Even though I now have a new Social Security number, I constantly have to monitor my credit reports. I have had to explain all of this to employers who run background checks on me. Those free T-shirts wound up costing me $150,000!"
Obviously, you're never too young to be careful with your personal information.
Monday, August 20, 2007
Counterfeiting for the 21st Century
by Heather Wells (Recovery Advocate)One of the most common forms of identity theft and fraud is what is known of as “skimming”. This method of stealing someone’s credit card or ATM card information by using a portable reader is easy to do and difficult to trace. It also can pay off big time for the id thief who chooses to steal using this method.
Skimming can happen to you anytime your credit/ATM card is out of your possession. Restaurants, gas stations, and bars are common places that a less than forthright employee can obtain all the information they need to make online purchases or create a copycat card. The out of sight id thief will also make sure to take note of the 3 digit security code on the back of the card.
Skimming can also happen at an ATM that has a skimming device affixed to the card slot. The device will pick up the information from the magnetic strip and store it for later use. A small camera is often used in conjunction with the skimmer to get the ATM users PIN so the id thief can drain the unsuspecting victim’s bank account later on.
The magnetic stripe readers go for around $200-$300 dollars on EBay last time I checked, (do a search for portable magnetic credit card reader to see for yourself). The mini ones are kind of cute, and come in various shades of gray, black, white, and tan.
So, what should you do to avoid being “skimmed?” Obviously we can’t follow employees around and look over their shoulder when we hand off our credit card for payment. Just be AWARE of your surroundings. Making sure that your ATM transactions are secure and that there is not a device attached to the card slot is a start. But really, the best defense in this situation is a good offense. Check your credit card and bank statements as regularly as you can. If you see any transactions that you are not responsible for, let the company or bank know RIGHT AWAY.
The Fair Credit Billing Act (FCBA) limits consumer liability for unauthorized or fraudulent charges on credit cards, with a liability limit of $50.00 per card. The Electronic Fund Transfer Act (EFTA) that provides consumer protection states that if the loss or unauthorized ATM/debit card transaction is reported within two (2) business days, the consumer’s liability for losses is limited to $50.00.
If reported quickly, your bank should refund the entire amount. If they don’t, or try to hassle you, be firm with them and escalate the situation to a manager or branch manager if that’s what it takes. They should also assign you a new debit card number and PIN. If your credit card company gives you a hard time, ask to speak with someone in the fraud department and request an affidavit/affirmation to sign and deny responsibility for all fraudulent charges. They should close your existing account and open a new one with a new account number. You also should notify your local police department to report the incident. This will help to protect your rights as a victim in case the situation escalates.
More ID Theft Protection Offered By State of Ohio
by Rick Kam
On July 24, 2007 the State of Ohio announces additional identity theft protection offered to help hearing impaired.
"The Ohio Department of Administrative Services announced Tuesday that it has contracted with Identity Safeguards, a respected national leader in identity protection and restoration services, to provide a one-year membership to the deaf community affected by the recent theft of a state accounting and financial system backup tape."
Over 350 institutions have been in the news since ChoicePoint went public with their data breach in February 2005. Many public and private organizations have to comply with recent privacy notification laws. 36 States have enacted similar legislation today that require an organization to notify affected individuals if information they lose or is stolen may be misused. State and Federal legislators struggle with whether it is better to notify or not.
On side of the argument says that people will become complacent if they receive lots of notification letters -- "over notification". For example, if you are a VA, accountant, and have a B of A account, you could have received three notification letters last year. The other side says, it is better for you to know what happened so that you can assess your risk and take appropriate action to protect your identity. This is what we believe is most appropriate.
What do you think? Vote.
Friday, August 17, 2007
Connection between Cyber Terror and ID Theft?
by Rick KamIs there a connection between Cyber Terror and ID Theft? According to a July 5, 2007 article by MSNBC, the answer is yes.
"Authorities say the terrorists used phishing e-mails to trick recipients into divulging personal information, thereby making Westerners unwitting donors to al-Qaeda."
We have seen trends during the past two years where more and more identity theft victims fall prey to organized crime and potentially cyber terrorist. What does this mean for the average American looking to protect themselves from this new emerging form of identity theft?
The good news is you can still take proactive steps to reduce your risk of falling victim to identity theft. It doesn't necessarily matter who is trying to steal your personal information -- meth gang, organized crime unit, or cyber terrorist. They all use similar techniques and methods to steal your ID.
I do believe it is more difficult to recover from some of these more complex identity theft crimes where your personal information is used not only to generate cash for illegal purposes, but to impersonate you, or use your identity to commit a crime. It is more difficult to clear your good name if you are accused of crime (i.e. being a sexual predator) or have crimes your "cyber double" has committed associated with your criminal records in National and State law enforcement databases.
The best situation is avoid falling victim in the first place by taking steps to reduce your risk. If you do fall victim to one of these complex ID theft, get professional help to resolve it quickly and effectively.
Support for the Illinois Troops
This month, Governor Rod Blagojevich of Illinois signed a bill that will increase penalties for identity theft committed against members of the military who reside in Illinois and are serving abroad. House Bill 1236 is sponsored by State Representative Jil Tracy and State Senator John O. Jones.
This bill increases the penalties for identity theft by one class if the Illinois victim is an active duty member of the armed services, reserve forces of the US or of the Illinois National Guard serving in a foreign country. Each identity theft offense increases the penalty by one class. This new bill goes into affect on January 1st 2008.
Military personnel serving overseas are often victims or potential victims of identity theft. Thieves target service members when they have been deployed because it is harder for them to monitor their finances. Recently, a marine from Iowa had his good credit ruined by an identity thief while he was stationed in Iraq. According to this news story, the marine returned to the States and was turned down for a VA home loan.
Stories like this are extremely disheartening, but there is something that can be done for military personnel to decrease their chances of becoming victims of identity theft. It is advisable that all deployed military personnel place an “active duty” alert on their credit files to decrease the chances of their social security number being used fraudulently. This special alert is good for one year, as opposed to the 90-day initial alert available to all consumers. Both of these types of alerts are free and easy to place.
Experian: 1-888-EXPERIAN (397-3742); http://www.experian.com/
TransUnion: 1-800-680-7289; http://www.transunion.com/
Wednesday, August 15, 2007
Force an Identity Thief to Confess or Not?
by Rick Kam
In a July 26, 2007 article titled Dumb, dumber and Davis, InfoWorld's Robert X. Cringely points out the drawback of forcing an ID thief to confess to a crime using coercion. The story notes that Todd Davis, CEO of LifeLock, would put his social security number on company web sites and in advertising (see related post on why this is not a good idea). Turns out he fell victim to ID theft.
"After authorities identified the man who misappropriated Davis's identity, the idiot sent employees to the guy's house with a typed confession and a video camera. Yes, they got the confession they sought. And then the local DA dropped the case, because that confession would never stand up in court."
Monday, August 13, 2007
Replacing your computer hard drive? A few precautions…
By: D. Jones, Recovery Advocate
Tired of that old computer and ready to get a bigger, better, faster model? Let’s face it, we all use computers and most households have at least one. The way current technology moves so quickly our systems are outdated by the time we finish paying them off. If you’re thinking of purchasing a new computer or trading one in here are a few things to consider:
- Back up all your data from the old system and then wipe the drive
- Purchase a drive wiper program that removes all sensitive data from your hard drive and gets it ready for it’s new owner
- Purchase software that transfers data from your old computer to your new one
Maybe you remember hearing the story, a while back, about the cell phone users that bumped up to a new plan and changed phones. All of those phones were supposed to be wiped before resale but some of them were not, leaving the previous owner’s personal information in the hands of the new owner. Or perhaps you heard about the more recent snafu with Loyola University where a computer containing SSNs of 5800 students was scrapped. You guessed it - the computer's hard drive wasn't erased.
Keeping these precautions in mind when buying a new computer can really help protect your information from falling into the hands of identity thieves.
Wednesday, August 8, 2007
Go Green--Opt-Out from receiving Pre-Approved offers of credit
by Heather Wells (Recovery Advocate)
What do you do with all of those pre-approved offers from Capital One, Chase, and Citibank that you receive in the mail everyday? All of those tempting offers for shiny new credit cards…. Well, if you’re lucky, you actually see them and they didn’t get stolen from your mailbox by an ID thief and turned into actual lines of credit. Identity thieves often wander through neighborhoods looking for unattended mailboxes where they can easily find a treasure trove of people’s personal information. If the thieves intercept some pre-approved credit offers they can spend the rest of their time wandering through a shopping mall (at the expense of your good name and credit).
Check out this video from a local Colorado news report:
But there’s another reason besides ID Theft that those pre-approved offers of credit are bad for all of us. According the US Postal Department, over 1 million pieces of standard mail (bulk-advertisements) were processed last year alone. That’s a lot of junk mail!! That’s a lot of trees, too!!
To opt-out of receiving offers of credit in the mail for five years call 1-888-5OPTOUT (1-888-567-8688). It will take about 5 minutes of your time to do it. You will be asked to provide your Social Security Number and other identifying personal information. When calling, you will also be given the option to opt-out permanently or to opt-in (if you are so inclined). Even though your request becomes effective within five days, you may not see an immediate reduction in the amount of offers you receive. This is because your name may have already been provided to some companies that have not yet mailed their offers to you. If you continue to see the offers pour in even after several months, call and opt-out again. I would recommend calling to opt-out rather than doing it online for security reasons. It will reduce your chances of ending up at a fake website set up in order to obtain your personal information and use it for fraudulent purposes.
So, go green AND reduce your risk of becoming a victim of Identity Theft by making one simple phone call to 1-888-5OPTOUT.
Wednesday, July 25, 2007
Costly Free Credit Reports
Do an online search for “free credit report” and you’ll end up with a dozen or more websites promising online credit reports (and often credit scores) for FREE. Most of these companies even have the word “free” in their name, but don’t be fooled, there’s nothing FREE about their services. Many will entice people to sign up for a product that comes with strings attached. Most will request a credit card number to enroll and then will charge you if you do not cancel the service within a specific grace period.
A recent post (July 24, 2007) on the blogsite The Red Tape Chronicles written by Bob Sullivan explains that “one site, for instance, requires enrollment in pricey credit monitoring service, which can only be canceled online after precisely 23 days. Another automatically enrolls users in a discount travel service. And some hint that the real free credit report site established by Congress -- AnnualCreditReport.com -- isn’t all it’s cracked up to be.” He goes on to say that many of these sites actually can be traced back to the credit bureaus either directly or by affiliation.
There’s only one legitimate source where you can obtain your FREE credit reports and that’s http://www.annualcreditreport.com/. The law requires that each of the major credit reporting agencies-Equifax, Experian, and TransUnion-give you a copy of your credit report every year at no charge. This law was passed as part of the Fair and Accurate Credit Transactions Act (FACTA) and was a real milestone for consumer rights.
Increased consumer awareness and knowledge is a good thing. It’s a positive sign that more folks are interested in what’s being reported in their credit files. Everyone should check their credit reports at least once a year to make sure that all of the information contained in them is accurate and up to date. You should also check your reports for any information that is fraudulent, which could signal that you are the victim of Identity Theft. This includes accounts as well as personal information such as addresses and phone numbers.
So, before you give over your credit card number for something that is supposed to be “free,” don’t do it. Go to http://www.annualcreditreport.com/.
Tuesday, July 24, 2007
Freezing your Credit Report not a Panacea
by Doug Pollack
This week Terri Cullen of the Wall Street Journal (July 18, 2007) reported on how to use your credit report to protect against identity theft.
The article includes a lot of useful information on how to "interpret" your credit report and how to correct errors in your credit report. But it also touches on the option that is available in some number of states of "freezing" your credit report.
"As an additional barrier to identity theft, several states allow consumers to issue a "freeze" on their credit reports, meaning that the credit bureau cannot release your credit report to anyone without your approval. Very few lenders are willing to extend credit without seeing a copy of an applicant's credit report, so the freeze generally stops an identity thief from using your information to obtain a loan. If you live in a state that requires a credit bureau to honor your request for a freeze, you still have to initiate the freeze with each credit bureau independently."
While the idea of freezing your credit sounds like a failsafe way to avert identity theft, unfortunately this isn't the case. Identity thieves have become very clever and found ways to misappropriate your identity even with a frozen credit report. There are also a number of "inconveniences" that come into play when you choose to freeze your credit. As Mr. Cullen goes on to state:
"First, it's probably going to cost you unless you've already been a victim of identity fraud. Florida, for instance, allows a credit bureau to assess a $10 fee to place, temporarily lift or permanently remove a credit freeze. And you'll be incurring that fee each time you want to apply for new credit. It also takes a few days to get the freeze temporarily lifted, so no more impulse purchases using a retailer's offer of discounts in exchange for signing up for the store's revolving charge card. And there's the inconvenience of keeping track of the PIN that the credit bureau issues you when you first place the freeze. You'll need that PIN each time you want to lift the freeze."
And while a credit freeze can help keep an identity thief from opening most new accounts in your name, it’s not a means of protection from all types of identity theft. It will not protect you, for example, from an identity thief who uses your existing credit cards or other accounts. There are also new accounts, such as telephone, wireless, and bank accounts, which an ID thief can open without a credit check. In addition, some creditors might open an account without first getting your credit report. And if there’s identity theft already going on when you place the credit freeze, the freeze itself won’t be able to stop it. While a credit freeze may not protect you in these kinds of cases, it can protect you from the vast majority of identity theft that involves opening a new line of credit.Friday, July 20, 2007
Can They Really Do That? Know Your Rights Regarding Debt Collection
by Heather Wells (Recovery Advocate)
How many people have experienced this scenario? You’re just about to sit down to dinner when the phone rings. The voice on the other end of the line sounds threatening, telling you that “this is an attempt to collect a debt.” You explain that this must be a mistake, that you check your credit reports regularly and pay all of your bills on time. However, “Mr. Smith” tells you that you are obviously a no good, worthless, cheap, despicable, sorry excuse for a human being who will pay up or else! This clip from the recent film Maxed Out is a perfect example of the unscrupulous practices that are common to many collection agencies.
Obviously, debt happens. It’s a huge problem for many consumers who legitimately have incurred debt that they were not able to manage. But, then there’s the other folks who are victims of identity theft who, before their dinner was so rudely interrupted, had no clue that their social security number had been used to open up an account that was subsequently ignored and not paid on. For both of these groups of individuals there are some laws to protect them when “Mr. Smith” calls in order to harass and belittle.
According to the Fair Debt Collection Practices Act (FDCPA) collectors are not allowed to use unfair or deceptive practices to collect on debts. Here are some things they can and can’t do:
1) Collection agencies must provide you with written documentation regarding the debt, including how much is owed, the name of the original credit grantor, and how to dispute the debt. This documentation is especially crucial for victims of identity theft who will need to submit a written dispute to the collection agency.
2) They cannot contact you before 8:00am or after 9:00pm unless you tell them it’s OK.
3) They cannot contact you at your workplace unless you give them permission.
4) Collectors may not threaten you or use obscene or profane language.
5) They cannot call you over and over again just to annoy and harass you.
So, the next time you get that call from “Mr. Smith” trying to collect, remain calm and tell him that you know your rights. It’s amazing how docile they can become once they realize they can’t bully you.
For more information on the Fair Debt Collection Practices Act go to the FTC website.
Thursday, July 19, 2007
NBC's "To Catch An ID Thief" on Sunday
by Rick Kam
NBC's Dateline is doing a show Sunday, July 22, 2007 on ID Theft, based on the current series of "To Catch a Predator". Chris Hansen continues his mission to put a face on the crime of identity theft, working with CardCops, an organization specializing in monitoring ID thieves.
Date: Sun., July 22, 2007
Time: 7:00PM
Channel: 4, WNBC
Descriptor: New Episode, Stereo, CC
Lifelock Says You Can’t Stop All Forms of ID Theft
by Rick Kam
On June 11, 2007 an article in Wired Blog Network reports CEO of Lifelock, Todd Davis’ identity being stolen. Mike Prusinski, spokesman for Lifelock is quoted as saying,
“…there's no way to prevent all identity theft -- especially in cases in which a business (such as the check-cashing operation) doesn't run a credit report before providing someone with a loan or new credit card. It's a loophole," Prusinksi said. "We tell people that you can't stop every form of identity theft."”
Todd Davis was so confident in Lifelock’s identity theft protection solution, he regularly displayed his social security number on the company website. It was only a matter of time before an identity thief would use his social security number.
The Federal Trade Commission, Better Business Bureau, AARP, and law enforcement, as well as Identity Safeguards, all suggest protecting your social security number to reduce the risk of identity theft. It is the “key” to your identity. The ability to “freeze” or lock your credit will reduce the risk that an identity thief will be able to open fraudulent credit accounts, but it is not “fool proof” in stopping other growing forms of identity theft.
So how was Todd Davis’ identity stolen?
A plausible scenario would be that an identity thief saw Todd Davis’ social security number on the LifeLock website and decided to use it to commit the crime. There are many other ways an identity thief can access and use your personal information. For many individuals today, a government agency or company who has their information may lose it or have it stolen by identity thieves potentially exposing them to misuse.
While setting up fraudulent checking accounts or credit lines are the likely ways an identity thief will use stolen personal information, it is not the only way. Identity thieves also can set up cell phone accounts, obtain fraudulent driver’s licenses, or access medical services (note that medical ID theft is one of the fastest growing issues today). A credit freeze or fraud alert set by the credit bureaus (or Lifelock in Mr. Davis’s case) won’t necessarily protect them from these forms of identity theft.
The good news is you can reduce their risk of falling victim to many forms of identity theft by taking a few simple steps to protect your good name. The FTC offers good suggestions to reduce the risk and is a great consumer resource. My suggestion, consistent with that of many other security experts, is carefully protect your social security number in order to reduce your risk of identity theft.
Does Credit Monitoring Prevent Identity Theft?
by Rick Kam
Is this an effective tool that prevents identity theft?
Unfortunately, the answer is no. Credit monitoring provides a useful tool to determine if there is an unauthorized change to your credit profile which may indicate misuse by an identity thief.
Children are Victims of Identity Theft Too
by Doug Pollack
This excerpt from an MSN Money article titled "Your 5-minute guide to protecting your identity" published July 6, 2007 demonstrates the time consuming nature of dealing with an identity theft problem.
"Thieves may sell your information on the black market or use it to obtain money, credit or even expensive medical procedures. Unless you're vigilant in protecting your records, you'll have to work even harder to repair the damage to your credit. The average victim spends 30 to 40 hours rectifying the problem.
The article outlines numerous helpful tips for helping prevent the theft of one's identity. But something that is less "obvious" is that around 5% of identity theft cases involve children. They make particularly lucrative targets because it can take many years before they come of age and the identity theft becomes recognized.
A related Bankrate article notes that "...children's identities are used to obtain credit cards, get driver's licenses or open accounts. Often the information is sold for use by illegal immigrants or individuals attempting to restart their lives and avoid arrest." This makes it doubly important for families to protect not only their breadwinners but also their kids.
Thursday, July 12, 2007
What is an identity theft “Recovery Advocate”?
By Heather Wells
As head of the recovery department at Identity Safeguards, my group and I provide assistance to thousands of victims of identity theft. We are made up of a collaborative team of Intake Specialists and Recovery Advocates who are dedicated to the recovery and restoration of our victim’s identities. We take on the hard work of identity restoration every day so our victims don’t have to.
This includes performing the core of our duties: restoring a victim’s good name and credit back to pre-theft status after an ID theft incident. From the smallest compromise to the most complicated of cases, we have pretty much seen it all. We have established connections with the Fraud Departments of many major creditors and are privy to the specific requirements and procedures they have for their fraud investigations. This is time-saving knowledge that victims working on their own or even those working with a recovery “advice” service cannot claim.
Our job also encompasses providing education about victims’ rights and offering information regarding preventative measures. Identity theft is constantly evolving and growing in complexity, so part of our responsibility to our victims is to be informed about the latest scams, procedures, and legislation. You’d be hard-pressed to find a more knowledgeable group of people!
But most importantly, as Recovery Advocates we provide our victims with support and reassurance throughout the recovery process. Having personal, one-on-one interaction with the same Advocate for the duration of their cases is one of the things the victims we work with appreciate more than anything.
We are hoping that this blog will educate, inform, and entertain!
Tuesday, July 10, 2007
Identity Safeguards Joins Blog World
I’m Rick Kam, president of Identity Safeguards. I’d like to welcome you to the Identity Theft Protection blog.
I founded Identity Safeguards with John Davidson in 2003 in order to help Americans protect themselves from identity theft. We are proud to be a pioneer and leader in this industry, delivering quality services, and doing so with integrity.
Combined with John’s 26 years in employee benefits consulting, I bring to Identity Safeguards over 25 years of experience both at IBM and management consulting. We joined our business skills and passion to address the problem of identity theft.
Our purpose in creating this blog is to provide you with a central location to learn about and discuss issues in identity theft protection, relevant legislation, and new identity protection tools. Our mission at Identity Safeguards is to be the voice for victims of identity theft while driving innovation in identity management and protection services. This blog will include posts from experts on our staff as well as guest experts from the ID theft prevention community at large.
We founded Identity Safeguards on the promise of protecting you and your good name. Having pioneered the market for identity theft solutions, today we are honored to provide over 2,000,000 American citizens with identity theft protection services. Identity Safeguards is proud to serve as a beacon for the victims of identity theft and has grown into the leader in identity theft prevention and recovery services.
Monday, July 2, 2007
Why Choose Identity Safeguards?
Identity Safeguards began when a few frustrated identity theft victims decided to educate and assist other victims in restoring themselves to pre-identity theft status. Now a national leader in corporate identity security, Identity Safeguards provides fully-managed identity protection and identity theft recovery services to individuals and businesses of all sizes throughout the nation. Identity Safeguards offers businesses proactive and response solutions both to manage the risk of a confidential data breach and to respond effectively by offering the appropriate remedies to businesses and consumers in the event such a breach occurs. In the event of a data breach turned Identity Theft Event, highly trained in-house “Recovery Advocates” fully manage Identity Safeguards' member victim cases in order to successfully restore victim's credit and life back to pre-event status. This highly specialized service, along with Identity Safeguards' Confidential Identity Protection Solution (CIPS) and Emergency Incident Response Service (EIRS), is what separates Identity Safeguards from those who offer less complete solutions. Identity Safeguards provides restoration services to millions of citizens in the United States. Hundreds of corporate entities, government agencies and non-profit organizations nationwide offer Identity Safeguards' proactive and response solution to a confidential data breach and employee benefits or consumer protection programs. Contact a representative to learn how Identity Safeguards can help you and your business plan for, protect against, and react to a data breach.
With hundreds of programs already in place, Identity Safeguards covers millions of Americans from the hardships of identity theft and fraud. Having already served hundreds of companies, we are able to leverage significant relationships to provide your company with an unparalleled level of service. After taking the time to learn about the services that Identity Safeguards has to offer, contact a representative to request more information in order to learn about what Identity Safeguards can do for your company.
