Monday, June 25, 2007

Ohio’s state government places a value on personal information

The latest in the string of embarrassing data breaches involves the state of Ohio whose officials allowed a storage device to be stolen from a car.

This story keeps getting worse as at first it was thought that only 64,000 state employees personal information was on the device, but now they are realizing that a few hundred thousand Ohioan’s information was also on the device. Depending on the source the number varies from 200k to 500k. No matter what it ends up being it is a PR nightmare for the state government and elected officials.

At to add more embarrassment to the situation the person who had it stolen was an intern.
To me an intern is a student or a recently graduated individual who is now working for the state government as an apprentice to learn the ropes, the rules, gain exposure, acquire experience, and even earn college credits. In other words, a rookie.

So with all of the people that work in the state government, an intern is chosen to carry the storage device as a security measure to have copies of data in case something terrible happens. It just didn’t cross anyone’s mind that they were not paying attention to the security of the data at both ends. And something did happen, just not at the end they were expecting.

So with all of the concern about protecting this information they hand it over to an intern who leaves it in a car (by some accounts unlocked) and it disappears. Did the intern even know what they were taking home? Did anyone bother to tell the intern? What was the value of that information on the device if it could be handed over for safekeeping to an intern? The state must have felt it was very little since they gave it to the lowest person on the ladder. But now the value is starting to mount as the state is already spending hundreds of thousands on services to protect individuals and that is just the start.

If whoever took that device does crack into it successfully and spreads the wealth of information all over the internet, you can be assured that institutions that will start to bear the brunt of costs associated with this will surely look to the state for restitution.

Ohio is now falling into the same path as millions of Americans who do not bother to take pro-active steps, but then spend millions on reactions once a breach occurs.

Monday, June 18, 2007

Think before filling out that Free Prize or Sweepstakes Card

When you are walking through the mall, or at a fair, or even online, chances are you’ll get asked to fill out a form for a chance to win some wonderful prize or receive something for free.

And why not, it costs you nothing and someone’s got to win that new laptop, or the car, or the trip to the moon. A pen in hand and 60 seconds later you feel like you may be getting a call or letter for some fantastic prize. And you were sure to put down your phone number, so when you win, they’ll call right away.

We all like to be optimistic. We all want to think we have got a shot at the big one! I don’t know what the big one is, but it’s big!

Now let’s take a walk to the other side of the isle called reality. In reality there is no real prize, or the person who won it lives in the Arctic circle and the company cannot deliver it. If there is a prize, the barriers to get it may be out of reach. You get the picture, they are trying to get your personal information for a much bigger catch.

But what you may ultimately end up with, is your identity stolen, and you’ll become the victim of identity theft.

When you filled out that form for a prize, you labeled yourself as an optimist. The company who requested the information, may be legitimate, and there may be the prize,, and but may sell that list of names collected to a marketing company. You may end up on a “sucker list”.

Identity thief rings buy “sucker lists” from direct marketing companies. You’ll then be a target for a phone scam or “vishing”. You’ve already given them a good reason to call because you are optimistic or in their terms a “sucker”. Now your wide open, and they will throw every trick in the book at you. This is what they do, this is what they are good at.

The odds of getting your identity stolen are much greater than winning anything, so don’t bother trying to win by giving up information. You will have taken a significant step in defending your identity.

Tuesday, June 12, 2007

Can Check Fraud Become Obsolete?

I am still amazed as I stand in any line at a store and the person in front of me pulls out a checkbook and writes a check, has to dig out a shopper ID card or some other form of ID, then hands it to the cashier. The cashier, with a puzzled look, takes all the documents and writes down information on the check. The cashier hands any ID back to the patron then sticks the paper check into the register 3 different ways.

At about the midway point through this production, I realize why I don’t write checks anymore and the person who invented the debit card should win the Nobel prize. What an incredibly antiquated and outdated system that is still being used by millions of people despite all the pitfalls.

Beyond the fiasco at the register, look at what else this dinosaur system burdens us with:

The number of checks stolen or forged each year is about 500 million checks and over $10 billion in lost revenue. Check fraud in itself is expected to grow at a rate of about 2.5% each year.

The average number of fraudulent checks written daily is about 1.4 million equaling $27.3 million worth of fraudulent checks written everyday.

According to the National Check Fraud Center, check fraud and counterfeiting are the largest and fastest growing problem that the United States financial system now faces. The estimated losses produced annually are over $10 billion and is expected to continue to rise.

Sure checks have their place in very few instances but these statistics coupled with the surge in identity theft, makes me wonder why the banks and other businesses still embrace them.

Why does the public still embrace them as well? The alternative for many will result in anxiety and fear. Debit cards with PIN numbers, all the talk about loosing information in data breaches, plus identity thieves looking over my shoulder at the checkout, all give the feeling of fear.

Reality paints a different picture, because these are the same people who write checks in regular ink, place them in the mailbox in the morning before work, put that red flag up, and never give a thought that they could be contributing to the above statistics by the end of the day.

What can you pro-actively do to help make check fraud obsolete?

1)Switch to an online billpay system
2)Use a debit or credit card for all merchant transactions
3)Have companies that you pay monthly like a utility debit your checking account

But …..if you must still use checks:

1)Don’t put them in your mailbox in the morning and raise that red flag
2)Lock up all checks and deposit slips in your home
3)Don’t carry a checkbook around in a purse or leave it in your car
4)Use a black ink Bic Rollerball or a gel pen to write out any checks, they can’t be washed off

If your are a victim of identity theft and check fraud is one of the causes:

Report stolen checks, and close unauthorized checking and savings accounts.
If you have had checks stolen or bank accounts set up fraudulently, report it to your bank or to one of the check verification companies listed below. (If a merchant rejects your check, ask for the name of the check verification company.)
When you do contact any major check verification companies listed below, request that they notify retailers using their databases not to accept your lost or stolen checks. Place immediate stop payments on any outstanding checks that you have not written.

• CrossCheck: 1-707-586-0551
• International Check Services: 1-800-526-5380
• National Check Fraud Service: 1-843-571-2143
• SCAN: 1-800-262-7771
• Equifax Check Systems: 1-800-437-5120
• TeleCheck: 1-800-710-9898 or 1-800-927-0188
• Chexsystems: 1-800-428-9623

Thursday, June 7, 2007

Identity Theft with Obsolete Computers

We are coming to a point in time when many people are replacing their computers with a new faster and sleeker versions that will do just about everything they need to keep up with the multi-media world we now live in.

Judging by the age of the internet going mainstream, it will likely be your 3rd replacement with the last two really being used with much of your personal information embedded somewhere on the hard drive. Ten years ago you thought nothing of donating it to a school, or giving it to another family member or even the local Salvation Army.

If you still think that way today about disposing of that old PC, don’t! Yes you want to do the right thing, help out, be conscious of the environment, or any other good reason you may come up with for not just discarding it. But before you take that step, think about identity theft first. Your personal information from the last few years is somewhere on that hard drive. Sure you deleted it, formatted it, cleaned it, but to a persistent thief, they can dig up anything with a little effort, and they do.

Thieves pick them up on auction sites, at garage sales, in used shops, flea markets, all loaded with personal information.

There are software products in the market ranging from $30-$60 that guarantee you that they will wipe that hard drive clean to department of defense standards. I am not denying the validity of these nor endorsing them, but there are other surefire alternatives.

1)Remove the hard drive before giving the PC to anyone, a replacement will cost very little to the recipient verses buying a new PC.

2)Replace the hard drive and designate that PC as a “kids only” PC, let them download all the spyware and viruses while they fileshare using P2P networks. The keylogger they pick up will find nothing good on

3)Replace the hard drive yourself then donate it or give it away.

4)Recycle the entire PC, but remove the hard drive first. Call your local waste management office to find out how, many designate special days for these items.

5)Keep the PC forever and never let it leave the house (some are sentimental about everything)

So what do you do with that old hard drive that you removed? Just pick your weapon of choice and destroy it. Toss it on the grill for a half hour, smash it with a baseball bat, drill a half dozen holes in it, place it in your tool box and use it when you can’t find that hammer.

All this may seem extreme and time consuming, but the hassle of identity theft is much worse.

Monday, June 4, 2007

Identity Theft and the Hurricane Season

Hurricane season officially began and news stories are everywhere about predictions and who is at risk, and how people deal with it. I saw one news story in particular where a woman from an emergency planning office in a Florida locality was talking about what she sees every time a storm heads towards the coast: people rushing in to buy batteries, bottled water, and bread. She even saw two people fighting over a can of soup and longs lines at stores, arguments, and many other incidents that do not normally occur between neighbors.

Then they asked people what they were doing to prepare. One man stated “what can I do, I don’t have insurance”, another woman said “I’ve lived here 20 years and I have not had a hurricane impact me, YET, and I really don’t know what to do anyway”. One man said he would wait and see what happens this year before he takes any actions.

In fairness there are people who purchased plywood, generators, have supplies on hand, just in case.

So when a hurricane does hit, and if you live in Florida or the southeast United States, you will be affected by one eventually. Who will be in better shape to ride out the storm? Who do you think is going to be on the evening news standing in a waterline 3 blocks long?

The question lies in why do people who know or understand the inevitable, still sit back and do nothing. What makes people live in deniability constantly?

This same scenario is true with identity theft. If you have not been a victim of identity theft yet, your chance increases with each passing year. Approximately 1 in 30 will become victims this year alone. Even with those odds many will sit back and do nothing. But if a local Scout Troop was selling raffle tickets and gave you those odds, you’d likely buy one because those are pretty good odds.

People are just starting to recognize that identity theft is at epidemic levels, yet millions still do nothing to protect themselves. Since you started reading this 20 people will have had their identity stolen. Today alone will claim 25,000 victims. I have not met anyone recently who has not known a victim or been one themselves.

So why do people wait? Are Americans the ultimate optimists? It really does not matter why people don’t act, because in the end we are responsible for ourselves and our identities. If you don’t change behaviors and take steps to protect yourself, then you are destined for what will eventually provide misfortune, a hurricane if you live in the southeast US, or identity theft anywhere in the US.