Tuesday, October 9, 2007

Identity Thieves are Now Becoming Scapegoats

It is a sign that something is becoming mainstream when identity thieves start taking the blame for committing an offense probably not worth their time or effort.

Recently a woman was sued by and went to trail against the RIAA (Recording Industry Association of America) and lost. The RIAA is the trade group turned watchdog group whose members are recoding artists. They are the group that is fighting illegal P2P (peer 2 peer) downloading among mainly younger computer users.

The judgment came in the form of a fine of over $250,000. She was offered an out of court settlement and turned it down. Most if not all individuals offered this option are accepting it since they are liable for much more that the industry is requesting. They (RIAA) are really getting a pittance compared to the industry losses and the legal costs of suing young individuals is surely more then they are getting in return. But they are setting a great example. Until now.

This woman refused to settle because she is claiming an identity thief stole her web identity to file share on P2P. Is this idea original, probably not. There have likely been many users claiming they didn’t do. They claim it was someone else using their computer, hijacked their account etc. But I believe it is the first time it has been used in court when defending a suit filed by the RIAA. Is this defense possible? Anything is possible, but the court did not buy it and ruled against her.

Is this realistic? With so much to gain financially doing other misdeeds, would identity thieves go to this length to file share a few songs? Put in another light, if you are an identity thief, you obviously have little regard for the law, so worrying about file sharing, not even on the bottom of any list. But because the thieves are becoming so commonplace, the public has now decided that they could be a good scapegoat. And why not, since there are plenty of them lurking in every corner of the planet.

In retrospect, the RIAA should spend some of that recovered money educating parents on how identity thieves really use P2P networks to actually steal identities. Maybe if they got the attention of more adults they would have a much better army of soldiers to combat their problem of lost revenue, while at the same time educating individuals, college students and moms and dads, of the other unseen peril of illegal downloading, identity theft.

Monday, August 20, 2007

Apple Online Lawsuit Brings to Light Another Threat of Identity Theft

A recent lawsuit alleges Apple Store is not in compliance with Fair Credit Reporting Act, thereby making it easier for identity thieves to gather more personal information on consumers.

All businesses need to heed this as an example of things to come and protect their clients' personal information in any way that they can after a class action lawsuit, case number 07-22040, was brought against Apple Store online last week in Florida Federal Court alleging that the stores violated the Fair Credit Reporting Act (FCRA). The FCRA is a federal law designed to help ensure that consumer reporting agencies act fairly, impartially, and with respect for the consumer's right to privacy when preparing consumer reports on individuals.

In 2003, an amendment was added that states, "No person that accepts credit cards or debit cards for the transaction of businesses shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the card holder at the point of sale or transaction."

It was this amendment that Apple Store online was violating. Apple Store was apparently printing credit card expiration dates on the receipts, in addition to the other personal information. Companies were given a three-year grace period to comply with the law and the cost is so miniscule to make the change that most have made the change well in advance of the deadline. Apple Store, as of last week, was still not in compliance.

Identity thieves are getting smarter and smarter. Consumers must stay one step ahead and protect themselves from the financial devastation of identity theft. Consumers expect businesses to uphold the law and do what they can to protect personal information they acquire.

While no proof of a specific identity theft has stemmed from Apple Store's non-compliance, it is a recipe for disaster that reminds consumers to take every precaution when making an online purchase or any purchase with a credit card. The federal government has made efforts to protect citizens from identity theft but consumers must be on the offense and take matters into their own hands.

Place yourself in a situation to protect your personal information from theft and learn to practice fire prevention versus firefighting.

Monday, August 13, 2007

Credit Freeze Not the Only Solution to Identity Theft Prevention

Many people who live in states that allow you to freeze your credit are recognizing the benefits of such actions. But a lot are stopping there and not doing any more feeling they have covered the bases and have done what they can to protect themselves.

Governor Deval Patrick from Massachusetts recently signed into law comprehensive identity theft prevention legislation. This new law will require Massachusetts state residents be notified immediately if their personal information has been lost or stolen via security breaches with businesses and government agencies.

As a part of the legislation, the law also states that consumers have the right to freeze their credit reports to prevent new accounts from being fraudulently opened and also puts into effect strict standards for businesses when disposing of personal information.

The portion of the law that puts into place the standards for disposing of personal information is a step in the right direction to identity theft prevention. But allowing a consumer to freeze their credit report does not prevent the theft.

Personal information can already be in the hands of the wrong people. When personal information, such as social security numbers, drivers' license numbers or bank account information is used for widespread fraud, an emotional and potentially expensive mess is left for the victim to clean up.

Of the millions of victims of identity theft last year, many of them had crimes committed against them that had nothing to do with a credit card or loan. This would not be picked up by on credit report which is the focal point of a credit freeze. The black market is booming for individuals' names and IDs for thieves to sell and the buyers will use them for many different types of identity theft. That could include medical treatments, prescriptions, arrests, and theft of existing or open accounts.

One major solution to the problem is for people to practice self defense when it comes to their personal information. Society has become so accustomed to keeping droves of information available we are leaving it laying around us everywhere. The identity thieves are everywhere picking it up.

When it comes to your identity you need to think in terms of fire prevention and not firefighting.

Wednesday, August 8, 2007

Burden of Proof with Identity Theft

Victims of identity theft often feel victimized twice when identity theft happens to them.

We are all familiar with our legal system where the burden of proof is up to the prosecution for the people and you are innocent until proven guilty.

But with identity theft you are guilty or liable until you prove your innocence.

It doesn’t really seem to make sense but if you look at the logic, it does make sense. Although it puts the victim in a difficult, tedious, and time consuming position of defending themselves while all the while feeling violated because they are a victim.

Our financial system is set up and regulated by the federal government to provide easy and convenient transactions to keep the economy moving along without interruption. You can thank federal laws that limit your exposure to credit card fraud. They enacted those laws long ago to make people feel comfortable with using credit cards when they were first introduced. If people felt liable they would have been reluctant to use the system. Now our economy is completely tied to credit.

Those laws are visible in other areas as well. Take check cashing scams for example. The thieves take advantage of federal laws that require funds for checks to be made available quickly again, to keep the flow of commerce moving. People get taken due the expediency that banks provide funds for check presented, but then find out weeks later that the check was returned as a fraudulent device. You become ultimately liable for any fraudulent check that you present for funds.

In both cases of checks or credit cards you were given the benefit of the transaction in real time while it may be quite some time before the bank or you determine fraud has occurred. In the case of credit card fraud you need to prove that you did not actually make the fraudulent charges and with a check the bank relies on you to know who you are conducting business with.

The banking system really is set to benefit you, so when something goes awry you need to prove you were not involved. Most people never consider that when they conduct transactions. Who is to say that you where not involved in a fraudulent transaction and were not colluding with the perpetrator from the start.

If you become a victim of identity theft, you are really a victim in the eyes of others only after you prove it, and that will never feel good.

Wednesday, July 25, 2007

Can Past Lessons Offer Clues to Combating Identity Theft?

In 1994 about 58 percent of the US population was buckling up. By mid 2006 approximately 81% of the US population buckled up. Why the dramatic change? Did everyone suddenly recognize that the seatbelts they had been ignoring for years were suddenly cool? No, the reality came partially with education campaigns and laws enacted by many states in the 80’s that forced or convinced people to buckle up.

Today, the generation who never or barely used seat belts is giving way to a generation who has always used them. Part education, part learned behavior, but regardless the effort has paid off immensely. There are thousands alive today that would not be, if this effort had not been undertaken by numerous agencies, both public and private. Local television news channels tout that drivers of horrific looking accidents survived because they were buckled in. All of this adds to awareness and the effort has made seatbelt use the norm not the exception.

So how well is education and enforcement working? The latest numbers available from the US Department of Transportation shows an increase in drivers, miles driven, and number of registered cars on the road. But the fatalities per number of licensed drivers, per miles driven, and per registered vehicles, have been steadily dropping since 1994. The statistics from the NHTSA from 1986-1999 have clearly demonstrated an absolute link to the reduction in fatalities from seatbelt use.

This proves that the plan of educating and enforcement has worked and continues to work up to this day, but shockingly 19%, or 1 out of 5 still don’t think they need this life saving device. They live in the world of “it will never happen to me”, or “it only happens to other people”. Yet, every 13 minutes there is a vehicle fatality and of those some deaths could be avoided with a seatbelt if the person had only believed or understood.

How this is similar to identity theft is when it comes to our identities many are living in the same world of “it will never happen to me”, or “it only happens to other people”. There are many simple but effective changes people can initiate to stop identity theft from happening but choose not to. There are preventative measures they can put in place to mitigate it, but the majority will sit and wait for something to happen before they react.

As with seat belts, only until people become educated will they take the steps to prevent an event from occurring. Many still refuse to embrace technology to reduce risk, and instead they avoid or ignore it.

Over time, thousands lost lives while sitting on the simplistic technology of an unused seat belt. Will consumers finally step up to the plate and take simple but effective pro-active steps to prevent identity theft, or will they continue to ride around unbuckled and hope an accident never occurs? Every 21 seconds there are 3 new identity theft victims, of which 2 were potentially preventable by the victim.

Abatement of identity theft will start to change significantly once individuals start to take control of their personal behavior and not rely on others or hoping nothing will happen to them. Recognizing the vulnerabilities in personal everyday habits and making changes will reduce your risk significantly.

Many are already recognizing that they need to do something, and the actions of those will undoubtedly start a trend. But for those who are unsure of what to do, and still do nothing, are likely to become tomorrow’s victims.

Hopefully it doesn’t take 15 years for 80% of the population to finally become educated on how to adequately protect their identity.

Monday, July 9, 2007

GAO Reports on Identity Theft, Sort of

Recently the US Government Accountability Office released its findings of a study on the net effect of data breaches, stolen data, and unaccounted for data and how much actual identity theft resulted from such occurrences. They undertook this task to help Congress decide if a federal law should be considered for a national breach notification requirement. Some states already have laws in effect to various degrees requiring notification of data lost so that consumers can take immediate actions to see if they’ve become a victim.

Sounds a bit odd, but breach notification would most likely just give you a heads up a bit sooner if you are a victim. Many times a data breach notification is the first time a victim looks at a bank or credit card statement, balances a checkbook for the first time in ten years, or obtains a credit report.

The GAO was asked to examine three distinct areas

(1) The incidence and circumstances of breaches of sensitive personal information

(2) The extent to which such breaches have resulted in identity theft

(3) The potential benefits, costs, and challenges associated with breach notification requirements.

The GAO used various sources for the research and came up with an earth shattering discovery; data thefts are rampant and occur frequently and are probably underreported due to lack of voluntary or mandatory disclosure.

They also determined they can’t directly link identity theft to many of the data thefts they reviewed because there is not clear and conclusive evidence that directly links those breaches with identity theft. Apparently the identity thieves are not disclosing the abundant sources of their windfall.

There you have it, if it is not conclusive then it must not have occurred, or at least they can’t say it occurred. It does not mean that it didn’t.

They even admitted that the lack of reporting on the part of victims also leads to skewed and invalid data that cannot be used to create a valid statistical picture.

So how do many interpret this : “GAO finds little identity theft results from data breaches”.

Apparently there are a lot of thieves going to a lot of trouble stealing personal data, then changing their minds finding religion and doing nothing with it after all.

But if that is the case, then where did all that personal stolen information come from that results in the billions of dollars in personal losses from the millions of actual victims each year? There was not a place to include them in this report.

Monday, June 25, 2007

Ohio’s state government places a value on personal information

The latest in the string of embarrassing data breaches involves the state of Ohio whose officials allowed a storage device to be stolen from a car.

This story keeps getting worse as at first it was thought that only 64,000 state employees personal information was on the device, but now they are realizing that a few hundred thousand Ohioan’s information was also on the device. Depending on the source the number varies from 200k to 500k. No matter what it ends up being it is a PR nightmare for the state government and elected officials.

At to add more embarrassment to the situation the person who had it stolen was an intern.
To me an intern is a student or a recently graduated individual who is now working for the state government as an apprentice to learn the ropes, the rules, gain exposure, acquire experience, and even earn college credits. In other words, a rookie.

So with all of the people that work in the state government, an intern is chosen to carry the storage device as a security measure to have copies of data in case something terrible happens. It just didn’t cross anyone’s mind that they were not paying attention to the security of the data at both ends. And something did happen, just not at the end they were expecting.

So with all of the concern about protecting this information they hand it over to an intern who leaves it in a car (by some accounts unlocked) and it disappears. Did the intern even know what they were taking home? Did anyone bother to tell the intern? What was the value of that information on the device if it could be handed over for safekeeping to an intern? The state must have felt it was very little since they gave it to the lowest person on the ladder. But now the value is starting to mount as the state is already spending hundreds of thousands on services to protect individuals and that is just the start.

If whoever took that device does crack into it successfully and spreads the wealth of information all over the internet, you can be assured that institutions that will start to bear the brunt of costs associated with this will surely look to the state for restitution.

Ohio is now falling into the same path as millions of Americans who do not bother to take pro-active steps, but then spend millions on reactions once a breach occurs.

Monday, June 18, 2007

Think before filling out that Free Prize or Sweepstakes Card

When you are walking through the mall, or at a fair, or even online, chances are you’ll get asked to fill out a form for a chance to win some wonderful prize or receive something for free.

And why not, it costs you nothing and someone’s got to win that new laptop, or the car, or the trip to the moon. A pen in hand and 60 seconds later you feel like you may be getting a call or letter for some fantastic prize. And you were sure to put down your phone number, so when you win, they’ll call right away.

We all like to be optimistic. We all want to think we have got a shot at the big one! I don’t know what the big one is, but it’s big!

Now let’s take a walk to the other side of the isle called reality. In reality there is no real prize, or the person who won it lives in the Arctic circle and the company cannot deliver it. If there is a prize, the barriers to get it may be out of reach. You get the picture, they are trying to get your personal information for a much bigger catch.

But what you may ultimately end up with, is your identity stolen, and you’ll become the victim of identity theft.

When you filled out that form for a prize, you labeled yourself as an optimist. The company who requested the information, may be legitimate, and there may be the prize,, and but may sell that list of names collected to a marketing company. You may end up on a “sucker list”.

Identity thief rings buy “sucker lists” from direct marketing companies. You’ll then be a target for a phone scam or “vishing”. You’ve already given them a good reason to call because you are optimistic or in their terms a “sucker”. Now your wide open, and they will throw every trick in the book at you. This is what they do, this is what they are good at.

The odds of getting your identity stolen are much greater than winning anything, so don’t bother trying to win by giving up information. You will have taken a significant step in defending your identity.

Tuesday, June 12, 2007

Can Check Fraud Become Obsolete?

I am still amazed as I stand in any line at a store and the person in front of me pulls out a checkbook and writes a check, has to dig out a shopper ID card or some other form of ID, then hands it to the cashier. The cashier, with a puzzled look, takes all the documents and writes down information on the check. The cashier hands any ID back to the patron then sticks the paper check into the register 3 different ways.

At about the midway point through this production, I realize why I don’t write checks anymore and the person who invented the debit card should win the Nobel prize. What an incredibly antiquated and outdated system that is still being used by millions of people despite all the pitfalls.

Beyond the fiasco at the register, look at what else this dinosaur system burdens us with:

The number of checks stolen or forged each year is about 500 million checks and over $10 billion in lost revenue. Check fraud in itself is expected to grow at a rate of about 2.5% each year.

The average number of fraudulent checks written daily is about 1.4 million equaling $27.3 million worth of fraudulent checks written everyday.

According to the National Check Fraud Center, check fraud and counterfeiting are the largest and fastest growing problem that the United States financial system now faces. The estimated losses produced annually are over $10 billion and is expected to continue to rise.

Sure checks have their place in very few instances but these statistics coupled with the surge in identity theft, makes me wonder why the banks and other businesses still embrace them.

Why does the public still embrace them as well? The alternative for many will result in anxiety and fear. Debit cards with PIN numbers, all the talk about loosing information in data breaches, plus identity thieves looking over my shoulder at the checkout, all give the feeling of fear.

Reality paints a different picture, because these are the same people who write checks in regular ink, place them in the mailbox in the morning before work, put that red flag up, and never give a thought that they could be contributing to the above statistics by the end of the day.

What can you pro-actively do to help make check fraud obsolete?

1)Switch to an online billpay system
2)Use a debit or credit card for all merchant transactions
3)Have companies that you pay monthly like a utility debit your checking account

But …..if you must still use checks:

1)Don’t put them in your mailbox in the morning and raise that red flag
2)Lock up all checks and deposit slips in your home
3)Don’t carry a checkbook around in a purse or leave it in your car
4)Use a black ink Bic Rollerball or a gel pen to write out any checks, they can’t be washed off

If your are a victim of identity theft and check fraud is one of the causes:

Report stolen checks, and close unauthorized checking and savings accounts.
If you have had checks stolen or bank accounts set up fraudulently, report it to your bank or to one of the check verification companies listed below. (If a merchant rejects your check, ask for the name of the check verification company.)
When you do contact any major check verification companies listed below, request that they notify retailers using their databases not to accept your lost or stolen checks. Place immediate stop payments on any outstanding checks that you have not written.

• CrossCheck: 1-707-586-0551
• International Check Services: 1-800-526-5380
• National Check Fraud Service: 1-843-571-2143
• SCAN: 1-800-262-7771
• Equifax Check Systems: 1-800-437-5120
• TeleCheck: 1-800-710-9898 or 1-800-927-0188
• Chexsystems: 1-800-428-9623

Thursday, June 7, 2007

Identity Theft with Obsolete Computers

We are coming to a point in time when many people are replacing their computers with a new faster and sleeker versions that will do just about everything they need to keep up with the multi-media world we now live in.

Judging by the age of the internet going mainstream, it will likely be your 3rd replacement with the last two really being used with much of your personal information embedded somewhere on the hard drive. Ten years ago you thought nothing of donating it to a school, or giving it to another family member or even the local Salvation Army.

If you still think that way today about disposing of that old PC, don’t! Yes you want to do the right thing, help out, be conscious of the environment, or any other good reason you may come up with for not just discarding it. But before you take that step, think about identity theft first. Your personal information from the last few years is somewhere on that hard drive. Sure you deleted it, formatted it, cleaned it, but to a persistent thief, they can dig up anything with a little effort, and they do.

Thieves pick them up on auction sites, at garage sales, in used shops, flea markets, all loaded with personal information.

There are software products in the market ranging from $30-$60 that guarantee you that they will wipe that hard drive clean to department of defense standards. I am not denying the validity of these nor endorsing them, but there are other surefire alternatives.

1)Remove the hard drive before giving the PC to anyone, a replacement will cost very little to the recipient verses buying a new PC.

2)Replace the hard drive and designate that PC as a “kids only” PC, let them download all the spyware and viruses while they fileshare using P2P networks. The keylogger they pick up will find nothing good on Disney.com.

3)Replace the hard drive yourself then donate it or give it away.

4)Recycle the entire PC, but remove the hard drive first. Call your local waste management office to find out how, many designate special days for these items.

5)Keep the PC forever and never let it leave the house (some are sentimental about everything)

So what do you do with that old hard drive that you removed? Just pick your weapon of choice and destroy it. Toss it on the grill for a half hour, smash it with a baseball bat, drill a half dozen holes in it, place it in your tool box and use it when you can’t find that hammer.

All this may seem extreme and time consuming, but the hassle of identity theft is much worse.

Monday, June 4, 2007

Identity Theft and the Hurricane Season

Hurricane season officially began and news stories are everywhere about predictions and who is at risk, and how people deal with it. I saw one news story in particular where a woman from an emergency planning office in a Florida locality was talking about what she sees every time a storm heads towards the coast: people rushing in to buy batteries, bottled water, and bread. She even saw two people fighting over a can of soup and longs lines at stores, arguments, and many other incidents that do not normally occur between neighbors.

Then they asked people what they were doing to prepare. One man stated “what can I do, I don’t have insurance”, another woman said “I’ve lived here 20 years and I have not had a hurricane impact me, YET, and I really don’t know what to do anyway”. One man said he would wait and see what happens this year before he takes any actions.

In fairness there are people who purchased plywood, generators, have supplies on hand, just in case.

So when a hurricane does hit, and if you live in Florida or the southeast United States, you will be affected by one eventually. Who will be in better shape to ride out the storm? Who do you think is going to be on the evening news standing in a waterline 3 blocks long?

The question lies in why do people who know or understand the inevitable, still sit back and do nothing. What makes people live in deniability constantly?

This same scenario is true with identity theft. If you have not been a victim of identity theft yet, your chance increases with each passing year. Approximately 1 in 30 will become victims this year alone. Even with those odds many will sit back and do nothing. But if a local Scout Troop was selling raffle tickets and gave you those odds, you’d likely buy one because those are pretty good odds.

People are just starting to recognize that identity theft is at epidemic levels, yet millions still do nothing to protect themselves. Since you started reading this 20 people will have had their identity stolen. Today alone will claim 25,000 victims. I have not met anyone recently who has not known a victim or been one themselves.

So why do people wait? Are Americans the ultimate optimists? It really does not matter why people don’t act, because in the end we are responsible for ourselves and our identities. If you don’t change behaviors and take steps to protect yourself, then you are destined for what will eventually provide misfortune, a hurricane if you live in the southeast US, or identity theft anywhere in the US.

Thursday, May 31, 2007

Identity Thieves in Your Safety Zone?

When I ask people to describe an identity thief I usually end up with a wide array of answers and descriptions. They range from thinking they must be from another country, or are in organized crime rings, or gang members, drug addicts, low income or poverty stricken etc. Truth is, because identity thieves come from many diverse backgrounds, you could say just about anything and not be wrong.

But everyone just about left off a description of a thief they would know best. Someone close to them!

If you’re a victim of identity theft, there is a chance you know the thief. The thief was someone close to you. How close do I mean? Well maybe not intimate close, but close enough for them to be inside your self imposed safety zone. What is that safety zone? Most likely your home, apartment, dorm room, anyplace you call home is your safety zone, the area you feel comfortable in enough to leave personal items lying out in the open because you’re inside your own personal zone.

Ever sit and think who you let into that zone? I’ll create a fictitious, but realistic list for you:

1) Aunts and Uncles plus their spouses
2) Cousins plus spouses
3) Nieces and nephews
4) Brothers and sisters plus Brother and Sister – in Laws
5) Step brothers, step sisters
6) Mother
7) Father
8) Nanny
9) Baby sitter
10) House sitter
11) Painter
12) Plumber
13) Repair Person
14) Friends
15) Co-workers
16) Teenagers friends
17) Housekeeper
18) Maintenance
19) Neighbors
20) Clergy
21) Sales people
22) Parents of your children’s friends

Now that we’ve looked at it in a little more detail, it’s a pretty big list. Probably much bigger than you envision.

Why these people? Why not? They represent a good diverse cross section of society. And in society there are plenty of people with bad and devious habits. Most bad habits are hidden from others and often require funds. Funds they do not have readily available so they have to become creative to get those funds. This new age of identity theft is giving these people easy access to funds.

Because you allow them into your safety zone, you never bother to put up your guard.

By leaving your personal information unlocked or in plain view, you are potentially inviting somebody from that list above to turn you into a victim of identity theft.

The easiest step would be to keep personal information from those people in the first place. Sounds easy but approximately 1.5 – 2 million people last year didn’t think about it and found out the hard way what people from that list were capable of.

Monday, May 28, 2007

Fraud Alert Gives False Sense of Security

Recently in a local community a laptop belonging to a county agency was stolen from a community center that had the names and personal information of 7,000 people who had applied for a state health insurance program dating back from 2003 to the present. It does not sound astonishing, but the community has about 45,000 people in it.

The county did do the right thing by disclosing it immediately; they fell extremely short when offering advice.

They told everyone who may be impacted by this to place a fraud alert on their credit report. They also mentioned providing credit monitoring.

Did they really understand what a fraud alert meant? Do they recognize that credit monitoring is an after the fact service?

A fraud alert is a notice you place on your credit report that technically REQUESTS additional verification by the lender with you personally when new credit is applied for.

Go into a store and request a store credit card, the lender who transacts credit for the store will check your credit report for viable credit. If there is a fraud alert on your account they have the OPTION of contacting you to verify that you have actually applied for credit at this store. Note the word OPTION, not mandatory nor legally required. If the lender cannot reach you at the phone numbers they have on file, they can go ahead and issue credit at their discretion.

So if everything works correctly for a thief they could obtain credit in your name despite a fraud alert. Remember it is at the lenders option and they want to issue credit, that is what they do. It only adds an optional extra step, but doe not guarantee a thief will not be able to open up an account in your name.

The name used for this notification is misleading. Local county officials thought it sounded like worthy all encompassing advice to offer to 7,000 victims.

Thursday, May 24, 2007

P2P Networks Significantly Increase Risk of Identity Theft

Ask someone who has a child in middle school up through college what P2P is and chances are you’ll get a look of uncertainty. Chances are they will not know what you are talking about and if they do the details will be scant.

If they do know what P2P is, do they truly understand the dangers of it outside of the fact the kids are likely using it to obtain copyrighted material for free and most likely illegally. There are legal ways to use P2P networks for sharing photos and video clips and other homemade material, but it is used mainly for illegal downloading of copyrighted material without paying for it.

P2P is an abbreviation for Peer to Peer networking. How it works in simple terms, you expose folders on your PC to other peoples PC’s on a network, and you copy anything you find in their folder back to your PC, generally music files. But anything else in that folder is fair game to anyone on the network who wants to look at your PC. And depending on how the PC user allows others to view files, your entire hard drive could be read like an open book to anyone on the internet. Nothing scary there! You might just as well go post files of last years tax returns in a chatroom of identity thieves and set a timer to see how quick someone becomes you.

The network is set up by a third party service who just acts as a hub that all the users pass through to get to other PC’s on the network. They are everywhere and becoming harder to shut down due to ruling in court cases and the ability to operate in a manner that cannot be easily detected.

P2P has been around for a long time, remember the name Napster in the news a few years back? They brought P2P file sharing to the mainstream. The recording industry got them shut down because of the massive losses in music sales all blamed on illegal P2P usage.

So what has changed since then? P2P is growing among younger PC users and exposing their own or their parents personal information to identity thieves. The thieves scour P2P networks looking for personal information in folders that your 9th grader has exposed unknowingly.

According to a recent study released by Dartmouth business school researchers, P2P users have increased from 4 million in 2003 to approximately 10 million today.

So no surprise that along with it, identity theft has also been on the rise. It is an epidemic in this country. Is P2P responsible for that? It sure has added to the ease in which the thieves are obtaining information.

So now what? Any sensible adult who has any child engaged in P2P file sharing of any sort, particularly illegal music, should shut it down and close that door immediately. The lure of free (illegal) music for the kids will pale in comparison if you bank account get drained by an identity thief. There are plenty of safe and secure site to buy music from at extremely reasonable prices.

It is up to individuals to protect themselves and keep tabs on what is happening on the family PC. Go take a look before it’s too late.

Friday, May 18, 2007

Medical Identity Theft Can be a Killer

Financial identity theft is in the news all over. It is an epidemic in this country and is showing no real signs of letting up any time soon.

But medical identity theft and how it can impact someone is not a common topic and gets under reported by the media.

Medical identity theft occurs when someone steals your identity for any medical service ranging from prescriptions to full blown surgery.

While the number of victims for this crime is estimated to be low on a yearly basis in the range of 400,000 to 800,000 (compared to the 8-10 million financial thefts) the financial impact is much greater and the impact to personal lives can be deadly.

The theft can occur from an individual to the office staff member or by an actual practitioner. A doctor or psychiatrist may create an unfounded diagnosis in order to inflate bills and steal from your insurance. So how does this affect someone? Try getting a job if an employer does a medical background check on you and finds in your record you are diagnosed as psychotic and suffer from delusions when you really don’t. And then try getting something like that changed. Sure, the keepers of that information are going to let a psychotic person change their record! That can damage you for life! It makes financial identity theft look like a prank.

Someone could get medical treatment in your name for a serious heart condition and then you apply for life insurance. The letter will read “ We are sorry but we cannot offer life insurance to a 38 year old male who has had 3 massive coronaries and bypass surgery.”

The ramifications on a personal life can be horrific. And then try getting it changed. It is not a simple as sending a protest letter to the 3 credit agencies and telling them there is an error.

Can it get worse? Absolutely! You go to the hospital for a major medical issue and find out your health insurance has been maxed out and you are not covered for a treatment that you need. Are you going to jump out of that hospital bed and straighten out the error then come back to get the treatment in a month or two?

The killer issue is if you go in for surgery and someone has received treatment in your name prior to you but your records now reflect the identity thief, including things like blood type, medications and may not reflect your current medications. You receive the wrong blood type, a drug that interacts, or the wrong dose of anesthesia , all that will kill you in a heartbeat.

So now you need to start looking at your medical records before you receive treatment to be sure your true records are reflected.

More on this soon

Monday, May 14, 2007

The Hidden Costs of Identity Theft

Recently I read a news article written about a seminar recently given on identity theft by an attorney from the Federal Trade Commission. While I will save my opinion of his stated facts about the cost of identity theft for another post, he said 99 percent of identity theft victims pay nothing, and if there is any cost vendors pay for it! WHAT? Did he just fall out of the sky and crash land on planet earth, head first?

Just think about all the other costs, the unseen, uncalculated, or unaccounted costs, we could be referring to a value that in some instances would be unbelievable.

Let’s look at time alone. Depending on what statistical survey you refer to, the time spent per victim usually averages in the range of 500 hours to clear all the hurdles to restore their name and credit and obtain any restitution. When do they do this? Many during normal business hours. An employer of a victim, and many are employed, will lose thousands in lost time and productivity due to phone calls, paperwork, making copies, faxing information and police reports. Also time off for trips to court, an attorney’s office, or police department. Think of the time loss and cost to the self employed.

Emotional costs are also not included in his figure. I was at an event recently and spoke with many individuals about identity theft, and I was truly amazed at how many had been victims or knew a victim directly. One woman had the most emotionally charged story about a close relative who stole her identity. She was forced to press police charges against that close relative, otherwise she could not get the $6,000 in theft cleared from her name and she did not have the funds to cover it either. She was extremely distraught because she knew the negative impact it would have on her if she did not press charges, but she also knew the lifelong damage the close relative would endure for this one event.

Others feel violated, hurt, constantly suspicious, untrusting and the list goes on.

So what impact do those feelings that now have on the economy? Many of these people will stop using credit or debit cards, will not buy online, will not do many things that will impact the economy much like a recession.

And for the cost to the vendors that do actually pay for or cover losses, where does he think that money will ultimately come from? We all bear the burden of paying for the costs of identity theft. Much in the same manner we share the costs for insurance when a major hurricane hits even a majority were never impacted by it.

So in the grand scheme of identity theft the impact of the actual dollar amount may only be a small part of the total cost, but everyone who gets hit with identity theft pays a price.

Thursday, May 10, 2007

Homeland Security Department Not So Secure

Last week the Transportation Security Administration had lost a computer hard drive containing data and payroll information for about 100,000 employee records. They use the term lost, but seeing who is involved in looking for it, stolen is probably the better word choice. They may find it being used as a bookend somewhere.

The data was on employees who worked at the agency between January 2002 and August 2005 and included Social Security and bank account numbers, names, dates of birth, salaries, benefit deductions, and bank routing information.

In case you don’t recall, the TSA is a part of the Homeland Security Department. That does not sound reassuring at all. The agency that was chartered after 911 to protect us is not even protecting itself.

But if you look at a short chronology from the last 3 weeks you could not make up this entire string of events that has just rolled out of our elected government.

- April 23, 2007 The President’s Identity Theft Task Force – Combating Identity Theft a Strategic Plan – 120 pages of what Washington wants everyone to do

- April 2007 Government Accountability Office – Privacy – Lessons Learned about Data Breach Notification – 78 pages of how and when to notify people the next time it happens! They were planning on it!

- May 4, 2007 TSA notifies 100,000 of a lost hard drive

- May 9, 2007 The American Federation of Government Employees (AFGE), along with four security screeners, charged that the TSA had recklessly violated the Privacy Act and also violated the Aviation and Transportation Security Act. The class action suit was filed in U.S. District Court in Washington on Wednesday 5/9/07.

President Bush has to be in the White House banging his head on the oval office walls. He would ask Attorney General Gonzales, but he has his own issues to worry about, and he issued that 120 page report, so he’s off the hook. So who else can take responsibility for this? Typical reaction is to roll a head or two in the management ranks. What does that solve? It only keeps the same inept individuals still guarding the data, which they didn’t do so well to start with.

What really needs to happen is people who are truly responsible for this, at the office level, get fired, loose their pensions drain their 401’s. If you were handed information and told your financial future depended on keeping it safe, you can be sure there would be people keeping better track of that data better than their wallet.

Lack of accountability breeds lack of responsibility.

Monday, May 7, 2007

What’s missing from your mailbox today?

A habit that we are all used to doing since we had our first apartment, or first went away to college, is get the mail before we walk in the door. Every day we expect to get something when we open that box. Mail is a way of life in our society. It is woven into the thread of our daily lives.

Will physical mail ever go away? No, but it will evolve into a different service than what we see today. Email, estatements, online billpay, are all eroding at a service that has been in existence for ages. But what online taketh away, online giveth back in another form. Ecommerce has opened up the marketplace for any item you want with a click of a mouse.

So who still uses this age old system of antiquated origins? All of us do! There must be something about still receiving items in that box that keeps us attached to this extremely vulnerable system. Ever think about how vulnerable it is? Most don’t.

According to the US Postal Service they arrested 6000 people last year for mail theft! If it doesn’t sound like many, just think of how many they have not arrested. Then add in the ones who will start doing it. The number of mail thieves is growing as identity theft continues to grow year after year.

There is also the occurrence of “volume thefts”, that is prevalent in a number of states. The postal service does not specify what a “volume theft” is, but I would guess it is in the range of a bulk airline cargo hold shipment (ever look out the airplane window and see bulk bags of US mail being loaded with your luggage) to an entire truckload. I doubt they are looking for Ebay packages either. The thefts are occurring everywhere that mail is readily available, from collection boxes, apartment mailbox panels, postal trucks, your curbside box etc.

So what is missing from your mailbox today? A quick off the cuff answer is nothing, because you picked up your mail and it was there….so you thought. But were you there when it was delivered? Did it sit all day waiting for you to get it after work? And are those 2 credit card offers the only ones you received today or did the mailperson leave 4? You just don’t know what is missing from your mail because you never see it to start with.

You need to defend yourself from mail theft by eliminating the use of mail for all critical and essential information. Only use the mail for catalogs and advertisements and coupons, the thieves can have that.

Thursday, May 3, 2007

President’s Identity Theft Task Force

Last week Washington released a 120 page manifesto about all the ways identity theft is affecting all of us. A little late to the table? The Bush administration made mention of it briefly in 2003 and I believe they became preoccupied with a bigger fish called Saddam.

Well now that he’s fertilizer, they can get back to what’s on the minds of the American people. So it took them four years, and significant year over year increases in this crime ever since, for them to return to the topic.

This action is a result in the uproar being made by the public and this being covered by media all of the time, especially when a major data breach occurs.

Lost in all this public reaction is the fact that people are still engaging in high risk behavior when it comes to protecting their identity, and many still feel it will never happen to them. No amount of legislation will help them until people start helping themselves. At the end of the day the best defense is self defense.

We can’t expect the government to stop all of the gaps so we can continue as in the past leaving ourselves wide open. They can only protect you so much, the rest is up to you. You must realize that it is individuals (not the government or businesses) who will lose the most and suffer the biggest hardships financially and emotionally from this type of crime.

If Identity Theft continues to grow, as it has in the past few years, it will eventually start to have a major economic impact and the federal government is foreseeing this as very real possibility in the very near future. Statistically we all stand a good chance of getting impacted by identity theft; it will be the ones who have built up the best defense who will be impacted the least.

Don’t wait for it to happen to you!

Saturday, April 28, 2007

The stolen laptop saga strikes yet again

Retailer Neiman Marcus had a pension company report a theft of a laptop with the records of 160,000 employees current and past.

These “data breaches” are almost starting to sound too common. Almost a yawner compared to TJ Maxx and the 45.7 million tidbits divulged. Neiman Marcus disclosed this breach because some of those employees are in states that have laws requiring disclosure when information is lost or stolen. Stolen laptops and data breaches are not new, but due to disclosure laws, we are hearing about it more often than ever before.

The thief who took the laptop did so because of opportunity. He was a petty thug who saw an opportunity. That opportunity kindly was provided by a person who set it down somewhere in public and walked away for a minute, most likely to get extra napkins for the latte that spilled a few drops on a table in a cafĂ©. I’m making this up, but the real scenario was surely that simple. Most thieves are lazy and go for the low hanging fruit, the easy targets. The thief was not thinking about what information it could possibly have on the hard drive either.

Now the thief takes this laptop and turns it into cash quickly. After all he’s done his work for the day, now time to get paid. That laptop will end up changing hands a few times and it will be the random luck of the draw of who’s hands it passes through and who looks at the data stored on it. It will most likely end up in a pawnshop and eventually on an internet auction site.

This laptop theft like all others that have come to light recently will cost Neiman Marcus much more than they would have spent on the control of that information. They paid for credit monitoring for 160,000 people, and that was a nice tidy sum they did not have in this years budget.

It would have been cheaper and easier to have spent more money up front to control their corporate information, through data-protection policies and training that applies to anyplace that information is stored, including a laptop with a third party. They will now be spending money on that.

If that was an individual's laptop, not a corporate one, the same reaction would happen. A flurry of activity would occur to fortify and monitor to be sure there are no attacks. Not only was the loss of the device costly, you now have, monitoring, worrying, time, and effort etc, added to that unecessary event.

You normally don't leave a purse or wallet unsecured in public, even briefly, because there is a good chance it will be stolen. The same is true with a laptop.

These thieves are not smart, but we have to be, and take some extra steps to not become a piece of low hanging fruit.

Sunday, April 22, 2007

You can make a difference by refusing to hand over your information

Recently a friend of mine wanted to volunteer to be an assistant Little League coach. There is an extensive application that everyone is required to fill out and turn in to a designated league volunteer. That volunteer then takes the application and runs it through a paid service to do a background check to be sure you are not a predator with a history of past offenses. This is all good as we all want the children to be safe from those individuals. But it is imposing a great risk to all volunteers.

My friend asked me if he should provide all the information requested, drivers’ license, date of birth, social security number, etc. I advised him against it. Why? Because he would be handing the keys to his identity over to a complete stranger, a volunteer, a person he had never met! He was sure this person was using the information correctly and as required, but what else should he be concerned with? The answer is a lot!

Let’s assume this person is an upstanding volunteer and only uses this information for its intended purpose. But what does he do with all of those applications emailed or mailed to him. He called to find out, and it turns out he has to keep them until the end of the season, and then he shreds them and delete them. Great, but how secure are they until then. My friend was never sure. The volunteer probably did not leave them on the kitchen counter, but didn’t lock them up either, and he was sure his email was probably not password protected. And that’s where the system falls apart. Everybody in the league knows he collects hundreds of applications with all this information. This is literally a goldmine to anybody with deceitful intentions. A plumber, a painter, the housekeeper, a babysitter, a relative, a teenager’s friend etc. Starting to see the picture?

Why do they need all this information? Simple, the more information they have on you, the narrower they can have the search results returned and the less duplication of names.

Well guess what started happening? People were refusing to provide information and therefore volunteer. On April 13, 2007 the Little League International issued a statement that they would no longer be requiring volunteer applications to include a social security number. It does not address the entire issue especially with the information volunteers possess, but it definitely is a step in the right direction.

The next time someone asks for more information than you think they should have, take a stand and refuse, you may not receive the service you wanted but ask yourself if it is worth loosing your identity over.

Saturday, April 14, 2007

National identity theft awareness week

While identity theft is a year round event, this coming week, could just qualify for National Identity Theft Awareness Week. The week could get this designation because it is becoming one of the more prevalent ones for identity theft due strictly to the time of year. No, there is no such week, but if there were any good time to raise awareness, this week is it.

We wouldn’t be human if we did not have some worry this time of year regarding filing our income taxes.

The forms, the documents, the receipts, the calculator, the room you barricade yourself in, and vow not to emerge until the deed is done. Those are all recurring items that we’ve been through before and will go through again, but we still feel anxiety regardless.

While getting your taxes done is paramount for this time of year, you need to be on alert for more than just an audit. The thieves and con artists go into overdrive this time of year. They feed on your sense of commitment and urgency to get that return done and in on time.

So what should you be concerned about? Here are my top 10 awareness items to think about this week for protecting yourself from an identity thief:

1) Shred all those printed copies that you found mistakes on, and had to reprint.

2) Keep your hard copy of your tax returns locked up.

3) If you use a tax preparer or a CPA, be sure they are securing your information, after you leave the office. Look around to see and verify that they use a shredder. Ask them how they secure your information when they are done for the night.

4) Give some consideration to where you are copying a tax return. It has recently come to light that copiers retain digital information of every copy they make, and some are not being properly erased.

5) If you used software at home on your own PC, save your tax returns to a disc and delete it from your hard drive. Keep in mind if you loose a laptop do you want your tax return available to anyone who acquires it?

6) Ignore and delete emails from the IRS. They don’t have your email address, do you remember providing it to them?

7) Only eFile through the links on the IRS website http://www.irs.gov/ . Recently thieves have been setting up fake eFile sites and collecting your information.

8) Don’t provide any information to any who calls claiming to be from the IRS.

9) Don’t leave your return in your mailbox. Take it to the post office directly.

10) Use a reputable tax preparer. Remember that you are handing them the keys to your identity, if you don’t know them, they may just drive off with it, or sell the information to a third party.

Tuesday, April 10, 2007

The IRS does not use email?

Around this time every year millions of emails arrive proclaiming the IRS needs you to verify your information, needs more information, has money to give back to you, and the list goes on and on. To conform, all you need to do is cough up some very valuable information.

They all invoke some type of high emotion, either fear or excitement. Both can cloud clear judgment, and reasoning. And it works, all too well.

Lets look at this from a logical and simple point of view. What is the main goal of the IRS? To collect tax revenue. What else do they do? Audit you to try and collect more tax revenue. Have you ever heard of them doing anything else?

Those two functions just about wrap it up.

So if we look at what they don’t do here is my simple list of 5 rules, and read rule #1 at least 50 times:

Rule 1)The IRS doesn’t ask for an email address on your 1040
Rule 2)The IRS doesn’t ask for missing information via email (See rule #1)
Rule 3)The IRS doesn’t ask for more information via email (See rule #1)
Rule 4)The IRS certainly doesn’t offer additional refund money via email (See rule #1)
Rule 5)The IRS absolutely doesn’t locate bonus or extra money just for you

Now go back and read rule #1 above again. If you can remember that, you can be assured that any message you get proclaiming anything from the IRS is a fake and a phishing scam.

So when you see the words IRS in an email for any reason instantly think of my IRS #1 rule and then hit the DELETE key.

Tuesday, April 3, 2007

The costly disparity of debit and credit cards

I can't help but wonder how many of the 45.7 million cards stolen from TJX were split between debit and credit cards. The number was lumped together as a whole as if they were all the same. To TJX there was no difference, they said sorry for the inconvenience, and moved on. Not so fast, because to the victims there was potentially a huge difference.

All this starts with the cards looking identical to consumers. This leads many to the conclusion that because they look alike they are alike. The biggest difference to them is one gets billed and the other comes from their checking account. What else could there be?

Under the Fair Credit Reporting act you cannot be held responsible for unauthorized charges to your credit card. The burden you face is to prove you did not make the charges, file a police report etc. Your liability is generally limited to $50 per card.

The people who had their debit cards compromised fall into a whole different category of liability. Within the first 2 days you liability is capped at $50. Up to 60 days it is capped at $500, after the 60 day window you are wide open for unlimited liability or the balance of your account. Those clocks start ticking the day you notify your bank of the theft, or the date of your first paper or online statement where the unauthorized charges appear. You become "notified" even if you don't open up the envelope or bother looking!

Remember , the "Zero Liability" card you have is not a mandate to the bank from the government, only a courtesy from your bank. Even then, it is at their discretion who is truly liable.

I'm sure many do not bother to review their charges or statements because they feel "protected" and have "zero liability". I would like to hear from some victims of the TJX fiasco to see how well they made out with these policies. I'm sure many looked at those statements for the first time in a long time when they heard about the breach and were quite surprised.

The easiest solution, review your statements regularly. They are your best defense to a costly theft!

Friday, March 30, 2007

TJX added to our ID Wall of Shame

TJX owns T.J. Maxx, Marshall's and other stores in North America and the United Kingdom, and have great stores but they have proven without a doubt they have a PR machine that is compromised just like their computer system.

They do not publicly disclose the extent of the record breach but attempt to slip it into a regulatory filing, hoping it will go unnoticed. Sure 45.7 million cards represent an ugly number. But they backed themselves into a corner by having to explain it once it was plucked from the filing. TJX didn’t think to tell anyone about that ahead of time, but since you found it in our SEC form 10-K and brought it up we’ll have to talk about it now.

So that was not such a great move, but what was a bit more unsettling was they have openly stated they cannot offer any assistance to anyone who has been “inconvenienced” by a theft. They refuse to talk anymore about that due to litigation. You want a piece of them? You’ll have to get in line with the 20 plus lawsuits filed to date.

And the pitiful PR icing on the cake is they only offer free credit monitoring for 1 year for the 455,000 who lost personal information, drivers license numbers, military ID numbers, etc, which could be used to commit identity fraud.

What is that really worth? If the pattern follows through from the other 45 million card theft only victims, they probably will not help out if your identity is stolen but they will pay for a service that informs you about ID fraud after it has occurred. If that’s the case, once again it will be up to the victims to rectify the situation, incur the cost and the headaches to say the least. Something sound familiar here?

Haven’t they been down this road before? They may never learn.

While credit monitoring is one of many useful tools to combat fraud, there is much more they should be doing for all of those who may be “inconvenienced”. For that we have added TJX to our ID Wall of Shame.