90% of Businesses at Risk of Losing Your ID

by Rick Kam

Should business be responsible for protecting your identity and paying to restore it if crooks misuse it? There is an article in InfoWorld dated July 16, 2007 that says 90 percent of businesses at risk of losing your personal information:

"A new report by the IT Policy Compliance Group finds that the vast majority of businesses do not meet data-handling regulations, increasing the risk of a data breach".

As of this posting, there are 36 States and existing Federal laws that require businesses to safeguard your personal information and notify you if they lose it. Essentially, if a business requires your personal information as a prerequisite to doing business with you, they are required to protect it. So, why are so many business not compliant with current legislation and unprepared to react if they have a data breach?

Security experts say the cost of securing a business from every potential threat is unrealistic. Good information security practices suggest protecting mission critical or high risk information. Unfortunately this means that many systems and information sources may be left at risk. This seems to be where most information crimes occur (i.e. stolen laptops, compromised employees, lost paper documentation, missing back up computer media, etc.). Privacy Rights Clearing House is a good resource for businesses and individuals on data breaches.

Individuals can take action by voicing their opinion, asking questions of the business they frequent, or voting where they spend their money. Several legislators including Senators Gordon Smith, Darlene Hooley, David Wu, and Representative Greg Walden are supporting legislation to require businesses do a better job at protecting personal information. Write your State legislators voicing your concern. The next time a business asks you for your social security number, ask them why they need it. If they do require it, ask them how they protect it. And remember, in most cases you have the final vote as to whether or not you do business with them (vote with your dollars).

Dave Ramsey on ID Theft Among College Students

by Doug Pollack

Prominent talk show host Dave Ramsey discussed the prevalence of identity theft among college students in an interview earlier today on the CBS News Early Show.

He stated that:

"Identity thieves zero in on college students much of the time. They're deemed particularly vulnerable to ID theft, and people aged 18-29 make up the group most commonly victimized by it."

Strangely enough, young people might seem to have the least to lose from identity theft, which may be why they are specifically targeted, because that they don't feel vulnerable, they can be very cavalier with their personal information, and because they're consumed by school activities. Most college students not only haven't ever checked their credit reports, most of them probably don't even know what a credit report is (I know mine don't).

One of his listeners wrote to him saying:

"My third day at college, I applied for several credit cards on campus. Five years later, I found out that all my personal information was posted on a Web site. I had cars bought in my name and credit accounts across the country. A college student who ran one of the credit card booths was responsible for posting my information. Even though I now have a new Social Security number, I constantly have to monitor my credit reports. I have had to explain all of this to employers who run background checks on me. Those free T-shirts wound up costing me $150,000!"

Obviously, you're never too young to be careful with your personal information.

Counterfeiting for the 21st Century

by Heather Wells (Recovery Advocate)

One of the most common forms of identity theft and fraud is what is known of as “skimming”. This method of stealing someone’s credit card or ATM card information by using a portable reader is easy to do and difficult to trace. It also can pay off big time for the id thief who chooses to steal using this method.

Skimming can happen to you anytime your credit/ATM card is out of your possession. Restaurants, gas stations, and bars are common places that a less than forthright employee can obtain all the information they need to make online purchases or create a copycat card. The out of sight id thief will also make sure to take note of the 3 digit security code on the back of the card.

Skimming can also happen at an ATM that has a skimming device affixed to the card slot. The device will pick up the information from the magnetic strip and store it for later use. A small camera is often used in conjunction with the skimmer to get the ATM users PIN so the id thief can drain the unsuspecting victim’s bank account later on.

The magnetic stripe readers go for around $200-$300 dollars on EBay last time I checked, (do a search for portable magnetic credit card reader to see for yourself). The mini ones are kind of cute, and come in various shades of gray, black, white, and tan.

So, what should you do to avoid being “skimmed?” Obviously we can’t follow employees around and look over their shoulder when we hand off our credit card for payment. Just be AWARE of your surroundings. Making sure that your ATM transactions are secure and that there is not a device attached to the card slot is a start. But really, the best defense in this situation is a good offense. Check your credit card and bank statements as regularly as you can. If you see any transactions that you are not responsible for, let the company or bank know RIGHT AWAY.

The Fair Credit Billing Act (FCBA) limits consumer liability for unauthorized or fraudulent charges on credit cards, with a liability limit of $50.00 per card. The Electronic Fund Transfer Act (EFTA) that provides consumer protection states that if the loss or unauthorized ATM/debit card transaction is reported within two (2) business days, the consumer’s liability for losses is limited to $50.00.

If reported quickly, your bank should refund the entire amount. If they don’t, or try to hassle you, be firm with them and escalate the situation to a manager or branch manager if that’s what it takes. They should also assign you a new debit card number and PIN. If your credit card company gives you a hard time, ask to speak with someone in the fraud department and request an affidavit/affirmation to sign and deny responsibility for all fraudulent charges. They should close your existing account and open a new one with a new account number. You also should notify your local police department to report the incident. This will help to protect your rights as a victim in case the situation escalates.

More ID Theft Protection Offered By State of Ohio

by Rick Kam

On July 24, 2007 the State of Ohio announces additional identity theft protection offered to help hearing impaired.

"The Ohio Department of Administrative Services announced Tuesday that it has contracted with Identity Safeguards, a respected national leader in identity protection and restoration services, to provide a one-year membership to the deaf community affected by the recent theft of a state accounting and financial system backup tape."

Over 350 institutions have been in the news since ChoicePoint went public with their data breach in February 2005. Many public and private organizations have to comply with recent privacy notification laws. 36 States have enacted similar legislation today that require an organization to notify affected individuals if information they lose or is stolen may be misused. State and Federal legislators struggle with whether it is better to notify or not.

On side of the argument says that people will become complacent if they receive lots of notification letters -- "over notification". For example, if you are a VA, accountant, and have a B of A account, you could have received three notification letters last year. The other side says, it is better for you to know what happened so that you can assess your risk and take appropriate action to protect your identity. This is what we believe is most appropriate.

What do you think? Vote.

Connection between Cyber Terror and ID Theft?

by Rick Kam

Is there a connection between Cyber Terror and ID Theft? According to a July 5, 2007 article by MSNBC, the answer is yes.

"Authorities say the terrorists used phishing e-mails to trick recipients into divulging personal information, thereby making Westerners unwitting donors to al-Qaeda."

We have seen trends during the past two years where more and more identity theft victims fall prey to organized crime and potentially cyber terrorist. What does this mean for the average American looking to protect themselves from this new emerging form of identity theft?

The good news is you can still take proactive steps to reduce your risk of falling victim to identity theft. It doesn't necessarily matter who is trying to steal your personal information -- meth gang, organized crime unit, or cyber terrorist. They all use similar techniques and methods to steal your ID.

I do believe it is more difficult to recover from some of these more complex identity theft crimes where your personal information is used not only to generate cash for illegal purposes, but to impersonate you, or use your identity to commit a crime. It is more difficult to clear your good name if you are accused of crime (i.e. being a sexual predator) or have crimes your "cyber double" has committed associated with your criminal records in National and State law enforcement databases.

The best situation is avoid falling victim in the first place by taking steps to reduce your risk. If you do fall victim to one of these complex ID theft, get professional help to resolve it quickly and effectively.

Support for the Illinois Troops

by Heather Wells (Recovery Advocate)

This month, Governor Rod Blagojevich of Illinois signed a bill that will increase penalties for identity theft committed against members of the military who reside in Illinois and are serving abroad. House Bill 1236 is sponsored by State Representative Jil Tracy and State Senator John O. Jones.

This bill increases the penalties for identity theft by one class if the Illinois victim is an active duty member of the armed services, reserve forces of the US or of the Illinois National Guard serving in a foreign country. Each identity theft offense increases the penalty by one class. This new bill goes into affect on January 1st 2008.

Military personnel serving overseas are often victims or potential victims of identity theft. Thieves target service members when they have been deployed because it is harder for them to monitor their finances. Recently, a marine from Iowa had his good credit ruined by an identity thief while he was stationed in Iraq. According to this news story, the marine returned to the States and was turned down for a VA home loan.

Stories like this are extremely disheartening, but there is something that can be done for military personnel to decrease their chances of becoming victims of identity theft. It is advisable that all deployed military personnel place an “active duty” alert on their credit files to decrease the chances of their social security number being used fraudulently. This special alert is good for one year, as opposed to the 90-day initial alert available to all consumers. Both of these types of alerts are free and easy to place.

To place an “active duty” alert, or to have it removed, call one of the three credit bureaus (Equifax, TransUnion, Experian) and follow the appropriate voice prompts. Individuals will need to provide personal information including social security number, date of birth, address, and a phone number for notification purposes. The phone number provided to the bureaus will be the one a business may use for verification purposes if someone tries to apply for an account. A personal representative of the individual in the military may place or remove the alert.

Equifax: 1-800-525-6285; http://www.equifax.com/
Experian: 1-888-EXPERIAN (397-3742); http://www.experian.com/
TransUnion: 1-800-680-7289; http://www.transunion.com/

Contact only one of the three credit bureaus to place an alert – that bureau is required to contact the other two bureaus, who will also place fraud alerts on their files. If the contact information changes before the alert expires, remember to update it.

Force an Identity Thief to Confess or Not?

by Rick Kam

In a July 26, 2007 article titled Dumb, dumber and Davis, InfoWorld's Robert X. Cringely points out the drawback of forcing an ID thief to confess to a crime using coercion. The story notes that Todd Davis, CEO of LifeLock, would put his social security number on company web sites and in advertising (see related post on why this is not a good idea). Turns out he fell victim to ID theft.

"After authorities identified the man who misappropriated Davis's identity, the idiot sent employees to the guy's house with a typed confession and a video camera. Yes, they got the confession they sought. And then the local DA dropped the case, because that confession would never stand up in court."

Replacing your computer hard drive? A few precautions…

By: D. Jones, Recovery Advocate


Tired of that old computer and ready to get a bigger, better, faster model? Let’s face it, we all use computers and most households have at least one. The way current technology moves so quickly our systems are outdated by the time we finish paying them off. If you’re thinking of purchasing a new computer or trading one in here are a few things to consider:

• Back up all your data from the old system and then wipe the drive


• Purchase a drive wiper program that removes all sensitive data from your hard drive and gets it ready for it’s new owner


• Purchase software that transfers data from your old computer to your new one
  

Maybe you remember hearing the story, a while back, about the cell phone users that bumped up to a new plan and changed phones. All of those phones were supposed to be wiped before resale but some of them were not, leaving the previous owner’s personal information in the hands of the new owner. Or perhaps you heard about the more recent snafu with Loyola University where a computer containing SSNs of 5800 students was scrapped. You guessed it - the computer's hard drive wasn't erased.

Keeping these precautions in mind when buying a new computer can really help protect your information from falling into the hands of identity thieves.

Go Green--Opt-Out from receiving Pre-Approved offers of credit

by Heather Wells (Recovery Advocate)

What do you do with all of those pre-approved offers from Capital One, Chase, and Citibank that you receive in the mail everyday? All of those tempting offers for shiny new credit cards…. Well, if you’re lucky, you actually see them and they didn’t get stolen from your mailbox by an ID thief and turned into actual lines of credit. Identity thieves often wander through neighborhoods looking for unattended mailboxes where they can easily find a treasure trove of people’s personal information. If the thieves intercept some pre-approved credit offers they can spend the rest of their time wandering through a shopping mall (at the expense of your good name and credit).

Check out this video from a local Colorado news report:



But there’s another reason besides ID Theft that those pre-approved offers of credit are bad for all of us. According the US Postal Department, over 1 million pieces of standard mail (bulk-advertisements) were processed last year alone. That’s a lot of junk mail!! That’s a lot of trees, too!!

To opt-out of receiving offers of credit in the mail for five years call 1-888-5OPTOUT (1-888-567-8688). It will take about 5 minutes of your time to do it. You will be asked to provide your Social Security Number and other identifying personal information. When calling, you will also be given the option to opt-out permanently or to opt-in (if you are so inclined). Even though your request becomes effective within five days, you may not see an immediate reduction in the amount of offers you receive. This is because your name may have already been provided to some companies that have not yet mailed their offers to you. If you continue to see the offers pour in even after several months, call and opt-out again. I would recommend calling to opt-out rather than doing it online for security reasons. It will reduce your chances of ending up at a fake website set up in order to obtain your personal information and use it for fraudulent purposes.

So, go green AND reduce your risk of becoming a victim of Identity Theft by making one simple phone call to 1-888-5OPTOUT.