Self Defense for Identity Theft

Summer is Here and Identity Theft Gets Easier

2010-06-11T06:39:00.000-07:00

How does summer effect identity theft? Just think of what you do during the summer and how you can be effected.

Going to the beach? Taking a trip anywhere....staying in a hotel with all the kids? Day trip to the local pool?

Most will do at least one of these events sometime over the next three months.

So how do identity thieves strike during this time of year? Let's focus on the simple stay in the hotel by the beach.

These places are packed this time of year. Different people come and go from every room with faces changing constantly. The hotel staff, specifically the cleaning staff don't recognize you from anyone else. How does that work against you?

You allow them to come in your room after you've cleared out and moved the family to the beach. You taken minimal items, sunscreen, towels, and some cash, after all you are going to be on the beach and don't want to leave your wallet vulnerable on the shore, hiding under towels while you go in the water. But you have left most of your valuables wide open in your room.

How? Just walk the halls anywhere from 9 am to 2 pm. Rooms on every floor are left wide open. Thieves can walk right in, even when the cleaning staff is in there! They act like the rooms actual occupant looking for the laptop, Blackberry, wallet etc. that they left behind and need to take to the beach. The staff does not stop them....they think they are the rooms' actual occupant! They see hundreds of faces every day.....nobody stands out. If they do recognize a person as not the current resident (highly unlikely) a simple....ooops....wrong room, wrong floor excuse and the thief is on their way...no questions asked.

So what can do? Plenty if you just take the time to trade off a few amenities. First and foremost....don't have them clean your room. Gross...right? Not really....they only neaten things up, make the beds, and empty the trash, and vacuum and change the towels, and leave you new soap. Well, if you were home, you would do this anyway, so it will not kill you to take 10 minutes (about all the time they spend on it) to protect your identity and personal belongings. Call for fresh towels and soap at the end of the day, empty your trash, and leave the bed messy and forget vacuuming...hey your on vacation! You get to leave the dirt behind!

Just tell the cleaning staff you will not need the service....and leave the "Do Not Disturb" sign on the door, with the TV on and the volume turned up a bit, just to be sure the staff don't enter the room.

Simple steps and some common sense will save you from summertime identity theft.

Identity Theft During Tax Season

2009-01-13T13:10:00.000-08:00

Christmas time for identity thieves is now upon us. W-2's, tax forms, financial statements, all come out this special time of year for just about every person in the country.

Many will think very little about putting all of their personal records in a folder and taking them to a preparer sitting in a kiosk or booth at the mall or at a store that has set up this temporary area to capitalize on tax season.

I was observing one such place recently and was shocked at what I saw.

For starters there was no shredder anywhere to be found and I saw papers just tossed in a garbage can close by. I was not about to sift through it but I am sure there were worksheets and other discarded items from the preparer that should have been shredded. Items that contained plenty of personal information and enough for a savvy thief to use.

I saw her and her clients leave the "booth" and documents were left out in the open on the desk for anyone to walk up sit down pretend to be waiting and with a simple pen and paper copy social security numbers down.

If you feel compelled to have your taxes completed in such an environment, try to be aware of your surroundings and who can see. Take all your papers with you when you leave, even the scraps and worksheets. Be sure the preparer has not left any of your information laying around.

Most importantly, keep in mind that many of these temporary stations are staffed by temporary workers. You may be providing your personal information to someone who has just been hired. While I have to believe that there was some screening process, that is no guarantee that your information will be kept safe.

These people are hired and trained to complete tax returns, collect a fee and do it as quickly as possible. Information safety and security is probably not very high on the list. I'm sure they were told about it, handed a sheet of paper on it, and technically speaking "trained" to handle it properly, but if the goal is something other than that, one has to keep in mind how diligent are they really going to be.

You really need to decide if this is the environment you want to have your personal information exposed too.

$10 Million Guarantee against Identity Theft

2008-04-04T00:00:00.000-07:00

I think it is truly starting to get out of control. Everyone has jumped on the $1 Million Dollar guarantee as a standard offering for identity theft services.

The value of what you really would get out of that is somewhat questionable. But now I recently noticed that one of the service companies has stepped up the guarantee to $2 Million Dollars.

Well count me in then! I was on the fence for the $1 million, but if they are offering $2 million, that is the ticket. How can I resist?

Are people out there really that foolish? Is upping the artificial "air in a bottle" service guarantee going to suck people in or away from the competition?

I wonder who will be the first to hit the $10 million guarantee mark.
At that point why not just up it to $100 million?

Are you worth a million dollars, how about $2 million? If you are, you most likely have that kind of coin in a brokerage account. Most of them now after E-trade started the trend, cover any fraud losses to your account.

The average loss or theft is in the low thousands with much of that being covered. Our company research has shown that many end up with minimal actual out of pocket expenses.

Their biggest loss is time, effort, anxiety, frustration, in cleaning up the mess left behind. We suggest people start placing a dollar value on that and collect from those companies.

If you receive a fraud alert no matter what is says, this is what it means:

" SOMEONE HAS YOUR PERSONAL INFORMATION......we stopped them from opening up a credit account....... since a thief already has stolen your info, we really can't tell you what else they may do with it"

Public becoming more Savvy to Identity Theft Services

2008-04-01T06:55:00.000-07:00

A recent story on ABC 7 in San Francisco pointed out the value or lack thereof for services by an identity theft service that charges over $100 a year and pointed out to their viewers how to perform the same services yourself easily and free.

But what we found to be the best comment was followed by a person who pointed out that any alert to fraudulent activity is NOT PREVENTION. If you are alerted to anything by any service you have already been compromised .

Finally, people are seeing the light and recognizing that being alerted does not equal being protected . The damage has been done. You will need to scramble to figure out what the thieves who already have your information are going to do with it next.

This is why defending your identity first and foremost is much more beneficial and easier than finding out you've been alerted.

The value of one Social Security Number in ID theft

2008-03-28T10:08:00.000-07:00

People need to understand how valuable that simple 9 digit social security number really is to an identity thief.

A Chicago area man racked up just under under $300,000 in debt with one womans Social Security number. His purchases included a Range Rover and a home.

Apparently this has been going on since June 2005.

An unfortunate event like this points out how far one person can go with one very crucial piece of information. While most studies point out that losses are generally much smaller, those numbers are averages and will be meaningless to this victim.

She is left picking up the pieces of this man's crime spree. Will she be out the $300,000? Definitely not, but she will be required to file numerous complaints and documents to prove she was not involved or had nothing to do with this crime. She has to exonerate herself first before any financial institution will release her from these debts.

She will spend many hours with various agencies clearing the debris from this. In the end it will cost her time, energy, anxiety, and frustration. She will likely need to take time off from work to handle certain situations.

Will she be out any money? To a large extent no, but what about time from work especially if she is self employed, gas money to travel to a police station to file an affidavit, a trip to a attorneys office, possibly a bank visit, cost of parking an so on. It can add up. Every step of the way will be filled with anger and frustration that she has to go through all this for something that she had nothing to do with.

What she should realize somewhere along this journey, is that people can do things to either avoid this, or prevent it from getting out of control.

This thief obtained her number from somewhere. The fact that he used this one for so long indicates it was likely the only one he had and found it somewhere, either in the mail, trash, on an old document, maybe in a wallet he found or stole.

Where she went wrong was allowing this to go on for 30 months. If she had been actively checking her credit reports, or had a credit freeze placed on her accounts, or fraud alerts put in place, much of this would have been avoided. She should also reflect back on where she may have provided her SSN or lost any personal information.

A little bit of prevention or mitigation would have gone a long way. It is up to you to defend your identity. This unfortunate circumstance with one person and one SSN is why.

HealthNow New York Shows How to Mishandle a Data Loss

2008-03-20T21:31:00.000-07:00

Healthow a healthcare claims provider in upstate New York has earned a spot on our office identity theft "Wall of Shame" this month for totally blowing how to handle a data loss then offering a service they will do next to nothing and the high cost will ultimately be passed on to their employers or members directly.

Last week the Buffalo, New York claims provider sent letters to 40,000 members alerting them to a possible loss of personal information. An employee downloaded patient information and then apparently lost the laptop. Apparently this happened many months ago and they first “spent an exorbitant amount of time” to try and locate the laptop, which they still believe is in the company’s building.

This company is responsible for keeping track of medical and health records of thousands and they want people to believe that they are just sitting on a laptop they cannot find. Maybe when they clean their room it will turn up. What are they, a 10 year old? It does not give me much confidence and points to pure lack of control on their part.

Then they make a second attempt at pacification by stating they are not even sure what information it contained. Teenagers deploy keyloggers, governors get their text messages exposed, malware can track every click of a mouse, and parents can track and view everything a child does on a computer for $39, but a healthcare organization of this magnitude has not a clue what their employee downloads from their database.

The employee is now a former employee but apparently they are still in contact with him. Another vote of confidence.

And the final nail in the coffin is this statement: “With all of the factors and orchestrating credit monitoring, we do believe our response time has been reasonable. Reasonable? For who? Around 4 months has passed and any chance of giving the people a heads up to potential fraud is all but vanished.

If you read between the lines....the laptop has sensitive information on it, they know it, that is why they looked for it for months. Better to not have to be exposed. The former employee who left for another job, fired within a week of the loss or theft. That laptop with sensitive information is long gone, they know it. Now, backed into a corner and options have run out, time to air the dirty laundry.

And to throw out a useless bone, free credit monitoring for a year. When you get alerted by the agency that someone tried to open an account in your name, you'll sleep better knowing a stranger definitely has your personal information and is trying to use it. Credit monitoring will alert you right away that a thief has opened up and used $10,000 of credit in your name. That way you can start the mop up and recovery process.

But wait, the thief may not be done with your information. They will use it for draining existing bank accounts, or for a criminal arrest and then the patient or victim get s warrants issued against them for not appearing in court. It will be useful when medical services are provided to the thief, or prescriptions are obtained then sold illegally on the street. It is handy for a disability claim , or sell to an illegal immigrant to get a job. So much for the monitoring bone, won't help with any of this.

There are pro-active ways to defend yourself against many of these pitfalls, but knowing about them in a timely manner is key.

FTC Identity Theft Data Causes Skewed Views

2008-02-23T13:54:00.000-08:00

The FTC has issued the latest report for 2007 on Consumer Fraud and Identity Theft Complaint Data. With no great shock or surprise identity theft is still the number one complaint by a long shot being 32% of the reported 813,899 total complaints reported. The next closest category was Shop at Home/ Catalog Sales with a mere 8%. There were 20 categories in all and the bottom 13 categories were each 2% or less.

This is a good report as it paints many pictures but at the same time skews the reality due to how the information is collected.

Certain areas of the US have more information available to consumers or police agencies that promote reporting identity theft to the FTC.

Because the reporting is entirely voluntary lends more of an explanation as to why some states have more incidences than others. The reality of identity theft crime statistics goes much deeper than the simplistic overview of the charts of this report.

A Skewed View

I have read a number of articles from various states that have had a decrease in the number of incidences reported to the FTC are feeling incredibly good about it. They are utilizing this information to pat themselves on the back. In Wisconsin one state that experiinced a decrease, had the administrator of the Division of Trade and Consumer Protection claiming they like to think they are getting the word out better, but also claims she does not know why they ended up so low in the rankings. She obviously needs to take a class on Understanding Reports 101, or is just looking to get a promotion. Statements like this coming from someone who is the head of consumer protection for the state should be a bit unnerving for the residents of Wisconsin.

But kudos goes to the Wisconsin Bankers Association who says the FTC information does not reflect what they are seeing.

Take a state such as Colorado with this same view. They have 4 of the top 50 metropolitan areas in the US reporting identity theft. Of those 4 areas, they all had a highly disproportionate number of reports compared to the other 46 areas. That does not directly indicate it is a state with an unusually high rate of identity theft, but likely a state that is actually educating consumers on what to do and encouraging reporting to the FTC.

No signs of abatement

One thing can be said with certainty is that identity theft is not showing any significant signs of abatement.

With all of the services available to stop this, and alert you of that, and the thousands that are paying monthly fees, one would expect this number would be dropping dramatically, or at least see a slight dent in the numbers.

But then again if you rely on some reporting agency with a subscription service you pay monthly to tell you someone has your information and tried to open some type of account in your name, the theft has already happened and is likely eligible to be reported to the FTC anyway. Paying money each month to have someone tell you a theft has occurred will not change the fact that a thief already has your information.

Reporting to the Police

What is still shocking in this report is the number of people who did not report the crime to a police agency which was 65% or 158,535. Why they chose not to is a mystery that we are looking into, but even more disturbing was the revelation that of the 35% that did take the time to report the crime 8% of those did not get a report taken from the police.

The reality of what was going on at the time is the police are looking around the precinct when a victim calls or shows up. They see they have 2 muggers, a car thief, and an arsonist all waiting to be booked and processed. An identity theft victim comes in declaring a theft that by appearances likely occurred across state lines or out of the country. The probability of an arrest is remote, but the headache of the extra paperwork 100% guaranteed.

The message sent is this is a crime to be treated lightly by consumers and the some (not all) police agencies are not be doing enough to encourage or educate people in how to protect themselves. If thousands are turned away and led to believe the police can do nothing, then a feeling of helplessness will likely prevail.

The best defense is self defense. A majority of identity theft starts with people leaving the gates to their identity open and allowing the fraud to occur.

Is your W-2 missing from your mailbox this week?

2008-02-06T20:12:00.000-08:00

This really is about the golden ticket for an ID thief, your W-2. It has everything they need to get started being you. That form is your link between your employer, you, and the federal government. It is the one item in your mailbox this time of year that the thieves know is coming and has your vital social security number on it.

The beauty of that golden ticket is they are sitting in millions of mailboxes this week waiting for you to save it from the grasp of an identity thief. Didn’t get yours yet? Did your employer mail it out already to an unlocked curbside ID thief treasure chest, also known as a mailbox? You might want to start inquiring now.

What makes this so easy for the thieves is you have been receiving it in this manner forever and it has never been a problem. You know it is coming; you wait for it almost, especially if you are anticipating a refund. Many also know that their employer is required to issue them no latter that the last day of January. For those who choose not to hand it directly to the employees, they use the always reliable, United States Postal Service.

The safety net ends there. Once it is placed in that old trusted receptacle on your house, by the curb, at the end of a long driveway, or in a communal type apartment system, it is fair game to anyone who happens by.

That’s what makes you so vulnerable. An old system that seemed stable and reliable is now being exploited on a grand scale by identity thieves who rely on you to think that it will not happen. Ask 1 out of every 30 Americans last year who thought the same way. They will beg to differ.

Federal government rebate scams continue to grow and flourish

2008-01-31T13:18:00.000-08:00

Two days ago I wrote about the issue of all the talk of the federal rebates and how fraudsters, scammers and ID thieves would come out of the woodwork to capitalize on it from unsuspecting and eager individuals. I had listed the common tactics that thieves will be using as reminders for what to be cautious about but it is already going well beyond those and getting people engaged from every possible angle.

Here is a list of the latest scams brought to the attention of the IRS:

Rebate Phone Call

At least one scheme using the word "rebate" as part of the lure has been identified. In that scam, consumers receive a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early. The caller then states that he needs the target´s bank account information for the direct deposit of the rebate. If the target refuses, he is told that he cannot receive the rebate.

This phone call is a scam. No legislation has yet been enacted that would allow the IRS to provide advance payments to taxpayers or that determines the details of those payments. Moreover, the IRS does not force taxpayers to use direct deposit. Those who opt for direct deposit do so by completing the appropriate section of their tax return, with bank routing and account information, when they file; the IRS does not gather the information by telephone.

Refund e-Mail

The IRS has seen several variations of a refund-related bogus e-mail which falsely claims to come from the IRS, tells the recipient that he or she is eligible for a tax refund for a specific amount, and instructs the recipient to click on a link in the e-mail to access a refund claim form. The form asks the recipient to enter personal information that the scamsters can then use to access the e-mail recipient´s bank or credit card account.

In a new wrinkle, the current version of the refund scam includes two paragraphs that appear to be directed toward tax-exempt organizations that distribute funds to other organizations or individuals. The e-mail contains the name and supposed signature of the Director of the IRS´s Exempt Organizations business division.

This e-mail is a phony. The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.

Filing a tax return is the only way to apply for a tax refund; there is no separate application form. Taxpayers who wish to find out if they are due a refund from their last annual tax return filing may use the "Where´s My Refund?" interactive application on this Web site, IRS.gov. The only official IRS Web site is located here at www.irs.gov.

Audit e-Mail

Another new scam brought to IRS attention contains features not seen before by the IRS. Using a technique calculated to get almost anyone´s attention, the e-mail notifies the recipient that his or her tax return will be audited. This is the first scam of which the IRS is aware that uses this to get the victim to respond.

Unusual for a scam e-mail, it may contain a salutation in the body addressed to the specific recipient by name. Most scam e-mails seen by the IRS are sent using the same technique used by spammers, in which hundreds of thousands of messages are sent to potential victims based on Internet address. Because of the volume, the typical scam e-mail is not personalized.

This e-mail instructs the recipient to click on links to complete forms with personal and account information, which the scammers will use to commit identity theft.

This e-mail is a phony. The IRS does not send unsolicited, tax-account related e-mails to taxpayers.

Changes to Tax Law e-Mail

This bogus e-mail is addressed to businesses, accountants and "Treasury" managers. It instructs them to download information on tax law changes by clicking on a series of links to publications on businesses, estate taxes, excise taxes, exempt organizations and IRAs and other retirement plans. The IRS believes that clicking on a link downloads malware onto the recipient´s computer. Malware is malicious code that can take over the victim´s computer hard drive, giving someone remote access to the computer, or it could look for passwords and other information and send them to the scamster. There are other types of malware, as well.

The urls contained in the link are not legitimate IRS Web addresses. All IRS.gov Web page addresses begin with http://www.irs.gov/.

Paper Check Phone Call

In a current telephone scam, a caller claims to be an IRS employee who is calling because the IRS sent a check to the individual being called. The caller states that because the check has not been cashed, the IRS wants to verify the individual´s bank account number. The caller may have a foreign accent.

In reality, the IRS leaves it entirely up to the individual to choose to cash or not cash a paper check. The IRS has no business need to know, and does not ask for, bank account or similar information, except when taxpayers indicate on their tax return that they are opting for the direct electronic deposit of their refund. In that case, however, it is the individual´s responsibility to provide the IRS with the correct bank routing and account numbers on the tax return; the IRS does not contact taxpayers to verify the information.

What to Do

Anyone wishing to access the IRS Web site should initiate contact by typing the IRS.gov address into their Internet address window, rather than clicking on a link in an e-mail or opening an attachment.

Those who have received a questionable e-mail claiming to come from the IRS may forward it to a mailbox the IRS has established to receive such e-mails, phishing@irs.gov, using instructions contained in an article titled "How to Protect Yourself from Suspicious E-Mails or Phishing Schemes." Following the instructions will help the IRS track the suspicious e-mail to its origins and shut down the scam. Find the article by visiting IRS.gov and entering the words "suspicious e-mails" into the search box in the upper right corner of the front page.

Those who have received a questionable telephone call that claims to come from the IRS may also use the phishing@irs.gov mailbox to notify the IRS of the scam.

Identity Theft “Prevention” Defined Accurately

2008-01-31T08:54:00.000-08:00

Everybody that talks about prevention uses the word in a different way. It is about perspective. Here is an example:

Think about how you would feel if this scenario happened: Your bank called and said “someone infiltrated your savings account and they have been making withdrawals regularly for the last three months. Your account has been drained of $25,000 but due to our diligence we stopped it and you still have $15,000 left. We have effectively prevented the thief from draining your account. We thought you’d like to know we mitigated your loss.”

Was there any prevention here? Absolutely! Are you going to be happy about it? I doubt it. People are paying big money for a false sense of the word “prevention”. They are really paying for and getting “mitigation”.

Now let’s compare the words “prevention” and “mitigation”:

pre·ven·tion [ pri vénshən ] (plural pre·ven·tions)

action that stops something from happening: an action or actions taken to stop somebody from doing something or to stop something from happening

the prevention of crime

mit·i·gate [ mítti gàyt ] (past and past participle mit·i·gat·ed, present participle mit·i·gat·ing, 3rd person present singular mit·i·gates)

to mitigate a loss

lessen something: to make something less harsh, severe

When put in the context of identity theft: Everyone uses the word prevention when they are referring to credit freeze, fraud monitoring and credit reports, and credit monitoring, data scouring etc.

Now let’s look at it from the context of the consumer: Prevention would be keeping my information completely secure and preventing it from being stolen in the first place.

Real prevention is thwarting the theft of your personal information. Securing your name so nobody uses it for anything. That is what ID theft “prevention” truly is.

If I rely on a credit report, a fraud alert or a credit freeze to stop something from happening, that means that SOMEONE ALREADY HAS OBTAINED MY PERSONAL INFORMATION ! A CRIME HAS ALREADY OCURRED! Now that does not sound like identity theft prevention at all, it most definitely is mitigation. Sure it may have plugged a small hole but in the grand scheme of the information that thief still has, it is like putting a bandage on a bullet wound.

So how can credit freeze, fraud monitoring and credit reports, and credit monitoring qualify as prevention? Well, they stopped something from happening, and that has some limited value, but now who has this information and where are they going with it next? Keep in mind if they have gone to the effort to steal your info, they are going to use it. A car thief does not steal a car and drive around in it until it runs out of gas. They are going to use the stolen device until it no longer meets their needs. The same with your identity, it could be used next for medical services, prescriptions, getting arrested, forging a check, and so on.

An ID theft recovery company stated under the guise of “prevention” that they look for changes in your existing accounts and they look for new accounts and transactions in your name. By doing this, they can detect someone's attempt to steal your identity before it gets too far and before any damage has been done. Sorry people, but if any of this is detected, the damage has been done. SOMEONE HAS ALREADY STOLEN YOUR IDENTITY! THEY HAVE YOUR PERSONAL INFORMAION AND ARE PUTTING IT TO USE! This should not be sugar coated as identity theft “prevention”. The prevention ship has sailed, it is now time to mitigate.

You will still have to wonder when or where they may use it next. And you still may have work to do, to get everything closed down, changed, modified etc. and you may never be completely sure you’ve plugged the gaps because how do you know your personal information has not been passed around or sold on the black market?

So how much is “mitigation” really worth? It is up to you, but most will pay much more for “prevention”.

True identity theft “PREVENTION” is about stopping the crime from occurring, and that starts with preventing and keeping your information out of the hands of the thieves to start with. True prevention is up to you! True prevention starts with you doing the right things with your personal information.

Don’t confuse paying for mitigation services and expect prevention. You may not end up being happy with the results.

Talk of federal government rebates gives identity thieves a fresh angle

2008-01-29T11:51:00.000-08:00

It is on the news almost nightly, in the newspaper daily, and on the internet. We are hearing about it just about every day. To stimulate the economy, President Bush is working very hard to seal the deal for many Americans to get rebate checks from the federal government.

For many Americans all the talk of a bonus $600-$1200 check from the federal government is exciting news. Many would like to get it today if that were possible. Everyone wants to be sure the government has their correct name, address, and all the other pertinent information so there will not be a delay. Unfortunately, many will end up with their identity stolen instead.

The thieves will play on that anticipation of you wanting the extra cash as soon as possible and will deploy all the traditional and still effective tactics.

The more common and widespread tactics that will be used:

1)Phishing: Hundreds of millions of emails will go out across the country claiming to be from the IRS or the federal government and will direct you to a special website to verify your personal information. If you click on the link you will end up at an official looking site with all the federal seals making it look authentic. Some phishing sites will even have warning about identity theft on them to give them a more secure look to any visitor.

Red Flag: People have many different email accounts, the government does not use email to contact anyone. You do not supply an email on you tax return!

2)Vishing: This is like the email hunt for information, but you will get a phone call instead. It may be a live person, it may be a recording, it may be a recording asking you to call an 800 number back and verify your information. They may ask for your social security number, bank account number where you would like your check deposited, even a pin number for a debit account.

Red Flag: The federal government will not call you for anything like this, ever. What makes this method even more dangerous, thieves can purchase any name they want to appear on your caller ID, such as IRS Rebate, Federal Rebate Office, US Gov’t Rebate, or any combination of words to get you to believe the call is authentic.

3)Websites: There will be scores of websites popping up using search terms to get you to visit them. Such terms will be “IRS rebate” ,“Federal Rebate”, “ Government Rebate” to name a few. They will bank on people using searches in Google and MSN and Yahoo, to find out more information. The sites may bait people in by claiming if you enter your information now, you will get a check in 2 or 3 weeks. That expediency will be extremely enticing to many so they will get drawn in and become victims.

Red Flag: The only sites that may have any information about this program will be an existing one with quite a bit of other information as well. It will end with a .GOV suffix. Examples are IRS.Gov, SSA.Gov, WhiteHouse.Gov. Any site with an official sounding name but a different suffix is not a federal site. Example is IRS.com which is owned by banks.com and is a play to get you to use their services for tax filing.

4)US Postal Service Mail: You may get a letter or a post card in the mail asking you to verify your bank account or social security number or other sensitive information. It may ask you to call a specified number or go to a website and enter in information.

Red Flag: The government will be using tax returns from previous years records to determine eligibility and addresses. They are not going to mount a new campaign to update records and personal information. If you do get something in the mail from the IRS or other federal agency, take the time to verify the validity prior to acting on it.

None of these tactics are new, but the event that will trigger their upsurge is. Basically this is an extra bonus for identity thieves to prey on victims who will not see this coming because they are blinded by the thought of the dollar sign.

The only real way to combat this offensive is to think about the details before you act. Ask yourself a few common sense questions, and practice fire prevention vs. firefighting.

The best defense for your identity is self defense.

Attention grabbing survey sites could set the stage for ID theft

2008-01-28T13:28:00.000-08:00

There are a number of sites that quiz you about yourself and then tell you something about yourself in return. Our site does that as well. We ask you information about your personal daily habits and use proprietary algorithms backed by research to gage your risk for ID theft with an output that is in an easy to understand ID Risk Level. No ads, no personal information requested, not even email.

Someone emailed me recently asking about other sites that have quizzes and pointed out a few in particular and asked me how safe they are even if just for fun.

Some sites, by piquing your interest in certain, even silly subjects, are looking for something. There are a number of sites that purport being able to tell you when you are going to die! Wonderful, that information will certainly come in handy. It makes my retirement investment planning so much easier.

Well, you’re not gullible, but you went there for fun, as a joke, just to see, etc. All in good fun as long as you are not giving them any personal information.

So what could a site like this really be after? Mainly ad revenue. By getting thousands of people to go through the site and take the “date of your death survey”, they land you in a seemingly never ending, page after page of offers for everything from free laptops to a cruise around the world to magazines and so on. The catch is you have to get past saying no to these or fill out a few with your personal information like name, address, phone number, email etc. and what seems to be fairly harmless information. Only, once you go past the myriad of ads asking you to fill in information will you get your “calculated” date with the grim reaper.

So I tried it at a site this person asked me about. I answered the few simple questions and then waited for my results, it had to be calculated, apparently they have a long connection to go through and the grim reaper’s WiFi was down. In the meantime, they graciously had me take review some of their fine offers and click “no” if not interested. I counted 97 (yes, I counted because I assumed it was going to be big) offers that I said “no” to and still was not given my much awaited date with death. I even filled in a few with some random misinformation thinking if they got me on one maybe they would cough up that date! Nothing. I literally gave up as it was appearing to be more and more of a perpetual scam. I guess I’ll need to keep my retirement plans in place for now.

Seriously though, what was really happening was a massive operation to get you to provide just the basics of personal information. Now the company that runs the site may only be a conduit and collecting ad dollars from the marketing agency who is the real culprit in this operation. Fill one out correctly with real information and you have just asked to receive a minimum of 100,000 emails with other exciting offers include. Hey, you asked!

That information may possibly be used by them directly for ID theft, Spamming, phishing, etc. They may sell it to others who will use it unscrupulously. Worse yet, you will be put on a sucker list. This is a list created about people who willingly provide information thinking they are going to win a prize. AKA in their business “a sucker”. ID thieves love suckers. They know they are the easiest of easy targets. The people who think they will really get something for nothing, the same people who ultimately will give the thieves the keys to their identity in much the same way. The thieves already know you are an optimists, and play that hand against you to the fullest.

So the next time you go to a site and think you are providing information that is harmless, looking for that humorous “date of your death” you may find out a new date, when your identity was stolen.

Prudential’s rock crumbles when it comes to securing personal information

2008-01-25T08:55:00.000-08:00

Prudential Financial gets a spot on our office’s Identity Defense Wall of Shame this month. They had a temp worker collect personal information from a customer then the temp worker stole the customer’s identity to go on a three month, $70,000 spending spree!

According to the article about this event, Prudential takes customer information and security very seriously. We see that clearly from the end result of this encounter between a Prudential temp employee and a Prudential customer.

Stop and think about what happened here. A financial conglomerate worth $36 billion does not have the sense of how to secure personal information that it receives. Collecting customer information is the most volatile point in a transaction because it is up to the person who collects it as to how the information is treated. This is where Prudential’s security falls apart. The people collecting information should be trusted, longer term, well paid employees, who hopefully, will want to keep their job and have little or at least minimal incentive to steal. Instead they gave that crucial task to a 23 year old temp worker, who obviously did not care about his temp job and felt he needed to supplement his income.

I’m sure they spend millions on data security, and backup systems and passwords and encryption etc. As a financial institution they are required to have secure systems on all fronts. But no matter how big your walls are, or how many lines of defense you have, if you can’t complete step 1 and put the information into secure areas, it is useless. Picture your bank having the tellers leave all the money on the counters at night and still go lock the safe.

If Prudential has procedures in place, the management team is not reading the company manual. To be fair, this could easily happen with just about any employee and it is where a significant portion of all ID theft occurs. But when you assign tasks to someone who is not even an employee, then any incentive to do the right thing is minimized because there is no long term bond.

For the sake of all of their existing customers let’s hope they have a better system in place for securing their personal information.

Identity Thieves are Now Becoming Scapegoats

2007-10-09T19:30:00.000-07:00

It is a sign that something is becoming mainstream when identity thieves start taking the blame for committing an offense probably not worth their time or effort.

Recently a woman was sued by and went to trail against the RIAA (Recording Industry Association of America) and lost. The RIAA is the trade group turned watchdog group whose members are recoding artists. They are the group that is fighting illegal P2P (peer 2 peer) downloading among mainly younger computer users.

The judgment came in the form of a fine of over $250,000. She was offered an out of court settlement and turned it down. Most if not all individuals offered this option are accepting it since they are liable for much more that the industry is requesting. They (RIAA) are really getting a pittance compared to the industry losses and the legal costs of suing young individuals is surely more then they are getting in return. But they are setting a great example. Until now.

This woman refused to settle because she is claiming an identity thief stole her web identity to file share on P2P. Is this idea original, probably not. There have likely been many users claiming they didn’t do. They claim it was someone else using their computer, hijacked their account etc. But I believe it is the first time it has been used in court when defending a suit filed by the RIAA. Is this defense possible? Anything is possible, but the court did not buy it and ruled against her.

Is this realistic? With so much to gain financially doing other misdeeds, would identity thieves go to this length to file share a few songs? Put in another light, if you are an identity thief, you obviously have little regard for the law, so worrying about file sharing, not even on the bottom of any list. But because the thieves are becoming so commonplace, the public has now decided that they could be a good scapegoat. And why not, since there are plenty of them lurking in every corner of the planet.

In retrospect, the RIAA should spend some of that recovered money educating parents on how identity thieves really use P2P networks to actually steal identities. Maybe if they got the attention of more adults they would have a much better army of soldiers to combat their problem of lost revenue, while at the same time educating individuals, college students and moms and dads, of the other unseen peril of illegal downloading, identity theft.

Apple Online Lawsuit Brings to Light Another Threat of Identity Theft

2007-08-20T18:15:00.000-07:00

A recent lawsuit alleges Apple Store is not in compliance with Fair Credit Reporting Act, thereby making it easier for identity thieves to gather more personal information on consumers.

All businesses need to heed this as an example of things to come and protect their clients' personal information in any way that they can after a class action lawsuit, case number 07-22040, was brought against Apple Store online last week in Florida Federal Court alleging that the stores violated the Fair Credit Reporting Act (FCRA). The FCRA is a federal law designed to help ensure that consumer reporting agencies act fairly, impartially, and with respect for the consumer's right to privacy when preparing consumer reports on individuals.

In 2003, an amendment was added that states, "No person that accepts credit cards or debit cards for the transaction of businesses shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the card holder at the point of sale or transaction."

It was this amendment that Apple Store online was violating. Apple Store was apparently printing credit card expiration dates on the receipts, in addition to the other personal information. Companies were given a three-year grace period to comply with the law and the cost is so miniscule to make the change that most have made the change well in advance of the deadline. Apple Store, as of last week, was still not in compliance.

Identity thieves are getting smarter and smarter. Consumers must stay one step ahead and protect themselves from the financial devastation of identity theft. Consumers expect businesses to uphold the law and do what they can to protect personal information they acquire.

While no proof of a specific identity theft has stemmed from Apple Store's non-compliance, it is a recipe for disaster that reminds consumers to take every precaution when making an online purchase or any purchase with a credit card. The federal government has made efforts to protect citizens from identity theft but consumers must be on the offense and take matters into their own hands.

Place yourself in a situation to protect your personal information from theft and learn to practice fire prevention versus firefighting.

Credit Freeze Not the Only Solution to Identity Theft Prevention

2007-08-13T13:55:00.000-07:00

Many people who live in states that allow you to freeze your credit are recognizing the benefits of such actions. But a lot are stopping there and not doing any more feeling they have covered the bases and have done what they can to protect themselves.

Governor Deval Patrick from Massachusetts recently signed into law comprehensive identity theft prevention legislation. This new law will require Massachusetts state residents be notified immediately if their personal information has been lost or stolen via security breaches with businesses and government agencies.

As a part of the legislation, the law also states that consumers have the right to freeze their credit reports to prevent new accounts from being fraudulently opened and also puts into effect strict standards for businesses when disposing of personal information.

The portion of the law that puts into place the standards for disposing of personal information is a step in the right direction to identity theft prevention. But allowing a consumer to freeze their credit report does not prevent the theft.

Personal information can already be in the hands of the wrong people. When personal information, such as social security numbers, drivers' license numbers or bank account information is used for widespread fraud, an emotional and potentially expensive mess is left for the victim to clean up.

Of the millions of victims of identity theft last year, many of them had crimes committed against them that had nothing to do with a credit card or loan. This would not be picked up by on credit report which is the focal point of a credit freeze. The black market is booming for individuals' names and IDs for thieves to sell and the buyers will use them for many different types of identity theft. That could include medical treatments, prescriptions, arrests, and theft of existing or open accounts.

One major solution to the problem is for people to practice self defense when it comes to their personal information. Society has become so accustomed to keeping droves of information available we are leaving it laying around us everywhere. The identity thieves are everywhere picking it up.

When it comes to your identity you need to think in terms of fire prevention and not firefighting.

Burden of Proof with Identity Theft

2007-08-08T23:34:00.000-07:00

Victims of identity theft often feel victimized twice when identity theft happens to them.

We are all familiar with our legal system where the burden of proof is up to the prosecution for the people and you are innocent until proven guilty.

But with identity theft you are guilty or liable until you prove your innocence.

It doesn’t really seem to make sense but if you look at the logic, it does make sense. Although it puts the victim in a difficult, tedious, and time consuming position of defending themselves while all the while feeling violated because they are a victim.

Our financial system is set up and regulated by the federal government to provide easy and convenient transactions to keep the economy moving along without interruption. You can thank federal laws that limit your exposure to credit card fraud. They enacted those laws long ago to make people feel comfortable with using credit cards when they were first introduced. If people felt liable they would have been reluctant to use the system. Now our economy is completely tied to credit.

Those laws are visible in other areas as well. Take check cashing scams for example. The thieves take advantage of federal laws that require funds for checks to be made available quickly again, to keep the flow of commerce moving. People get taken due the expediency that banks provide funds for check presented, but then find out weeks later that the check was returned as a fraudulent device. You become ultimately liable for any fraudulent check that you present for funds.

In both cases of checks or credit cards you were given the benefit of the transaction in real time while it may be quite some time before the bank or you determine fraud has occurred. In the case of credit card fraud you need to prove that you did not actually make the fraudulent charges and with a check the bank relies on you to know who you are conducting business with.

The banking system really is set to benefit you, so when something goes awry you need to prove you were not involved. Most people never consider that when they conduct transactions. Who is to say that you where not involved in a fraudulent transaction and were not colluding with the perpetrator from the start.

If you become a victim of identity theft, you are really a victim in the eyes of others only after you prove it, and that will never feel good.

Can Past Lessons Offer Clues to Combating Identity Theft?

2007-07-25T06:18:00.000-07:00

In 1994 about 58 percent of the US population was buckling up. By mid 2006 approximately 81% of the US population buckled up. Why the dramatic change? Did everyone suddenly recognize that the seatbelts they had been ignoring for years were suddenly cool? No, the reality came partially with education campaigns and laws enacted by many states in the 80’s that forced or convinced people to buckle up.

Today, the generation who never or barely used seat belts is giving way to a generation who has always used them. Part education, part learned behavior, but regardless the effort has paid off immensely. There are thousands alive today that would not be, if this effort had not been undertaken by numerous agencies, both public and private. Local television news channels tout that drivers of horrific looking accidents survived because they were buckled in. All of this adds to awareness and the effort has made seatbelt use the norm not the exception.

So how well is education and enforcement working? The latest numbers available from the US Department of Transportation shows an increase in drivers, miles driven, and number of registered cars on the road. But the fatalities per number of licensed drivers, per miles driven, and per registered vehicles, have been steadily dropping since 1994. The statistics from the NHTSA from 1986-1999 have clearly demonstrated an absolute link to the reduction in fatalities from seatbelt use.

This proves that the plan of educating and enforcement has worked and continues to work up to this day, but shockingly 19%, or 1 out of 5 still don’t think they need this life saving device. They live in the world of “it will never happen to me”, or “it only happens to other people”. Yet, every 13 minutes there is a vehicle fatality and of those some deaths could be avoided with a seatbelt if the person had only believed or understood.

How this is similar to identity theft is when it comes to our identities many are living in the same world of “it will never happen to me”, or “it only happens to other people”. There are many simple but effective changes people can initiate to stop identity theft from happening but choose not to. There are preventative measures they can put in place to mitigate it, but the majority will sit and wait for something to happen before they react.

As with seat belts, only until people become educated will they take the steps to prevent an event from occurring. Many still refuse to embrace technology to reduce risk, and instead they avoid or ignore it.

Over time, thousands lost lives while sitting on the simplistic technology of an unused seat belt. Will consumers finally step up to the plate and take simple but effective pro-active steps to prevent identity theft, or will they continue to ride around unbuckled and hope an accident never occurs? Every 21 seconds there are 3 new identity theft victims, of which 2 were potentially preventable by the victim.

Abatement of identity theft will start to change significantly once individuals start to take control of their personal behavior and not rely on others or hoping nothing will happen to them. Recognizing the vulnerabilities in personal everyday habits and making changes will reduce your risk significantly.

Many are already recognizing that they need to do something, and the actions of those will undoubtedly start a trend. But for those who are unsure of what to do, and still do nothing, are likely to become tomorrow’s victims.

Hopefully it doesn’t take 15 years for 80% of the population to finally become educated on how to adequately protect their identity.

GAO Reports on Identity Theft, Sort of

2007-07-09T23:28:00.000-07:00

Recently the US Government Accountability Office released its findings of a study on the net effect of data breaches, stolen data, and unaccounted for data and how much actual identity theft resulted from such occurrences. They undertook this task to help Congress decide if a federal law should be considered for a national breach notification requirement. Some states already have laws in effect to various degrees requiring notification of data lost so that consumers can take immediate actions to see if they’ve become a victim.

Sounds a bit odd, but breach notification would most likely just give you a heads up a bit sooner if you are a victim. Many times a data breach notification is the first time a victim looks at a bank or credit card statement, balances a checkbook for the first time in ten years, or obtains a credit report.

The GAO was asked to examine three distinct areas

(1) The incidence and circumstances of breaches of sensitive personal information

(2) The extent to which such breaches have resulted in identity theft

(3) The potential benefits, costs, and challenges associated with breach notification requirements.

The GAO used various sources for the research and came up with an earth shattering discovery; data thefts are rampant and occur frequently and are probably underreported due to lack of voluntary or mandatory disclosure.

They also determined they can’t directly link identity theft to many of the data thefts they reviewed because there is not clear and conclusive evidence that directly links those breaches with identity theft. Apparently the identity thieves are not disclosing the abundant sources of their windfall.

There you have it, if it is not conclusive then it must not have occurred, or at least they can’t say it occurred. It does not mean that it didn’t.

They even admitted that the lack of reporting on the part of victims also leads to skewed and invalid data that cannot be used to create a valid statistical picture.

So how do many interpret this : “GAO finds little identity theft results from data breaches”.

Apparently there are a lot of thieves going to a lot of trouble stealing personal data, then changing their minds finding religion and doing nothing with it after all.

But if that is the case, then where did all that personal stolen information come from that results in the billions of dollars in personal losses from the millions of actual victims each year? There was not a place to include them in this report.

Ohio’s state government places a value on personal information

2007-06-25T22:59:00.000-07:00

The latest in the string of embarrassing data breaches involves the state of Ohio whose officials allowed a storage device to be stolen from a car.

This story keeps getting worse as at first it was thought that only 64,000 state employees personal information was on the device, but now they are realizing that a few hundred thousand Ohioan’s information was also on the device. Depending on the source the number varies from 200k to 500k. No matter what it ends up being it is a PR nightmare for the state government and elected officials.

At to add more embarrassment to the situation the person who had it stolen was an intern.
To me an intern is a student or a recently graduated individual who is now working for the state government as an apprentice to learn the ropes, the rules, gain exposure, acquire experience, and even earn college credits. In other words, a rookie.

So with all of the people that work in the state government, an intern is chosen to carry the storage device as a security measure to have copies of data in case something terrible happens. It just didn’t cross anyone’s mind that they were not paying attention to the security of the data at both ends. And something did happen, just not at the end they were expecting.

So with all of the concern about protecting this information they hand it over to an intern who leaves it in a car (by some accounts unlocked) and it disappears. Did the intern even know what they were taking home? Did anyone bother to tell the intern? What was the value of that information on the device if it could be handed over for safekeeping to an intern? The state must have felt it was very little since they gave it to the lowest person on the ladder. But now the value is starting to mount as the state is already spending hundreds of thousands on services to protect individuals and that is just the start.

If whoever took that device does crack into it successfully and spreads the wealth of information all over the internet, you can be assured that institutions that will start to bear the brunt of costs associated with this will surely look to the state for restitution.

Ohio is now falling into the same path as millions of Americans who do not bother to take pro-active steps, but then spend millions on reactions once a breach occurs.

Think before filling out that Free Prize or Sweepstakes Card

2007-06-18T11:47:00.000-07:00

When you are walking through the mall, or at a fair, or even online, chances are you’ll get asked to fill out a form for a chance to win some wonderful prize or receive something for free.

And why not, it costs you nothing and someone’s got to win that new laptop, or the car, or the trip to the moon. A pen in hand and 60 seconds later you feel like you may be getting a call or letter for some fantastic prize. And you were sure to put down your phone number, so when you win, they’ll call right away.

We all like to be optimistic. We all want to think we have got a shot at the big one! I don’t know what the big one is, but it’s big!

Now let’s take a walk to the other side of the isle called reality. In reality there is no real prize, or the person who won it lives in the Arctic circle and the company cannot deliver it. If there is a prize, the barriers to get it may be out of reach. You get the picture, they are trying to get your personal information for a much bigger catch.

But what you may ultimately end up with, is your identity stolen, and you’ll become the victim of identity theft.

When you filled out that form for a prize, you labeled yourself as an optimist. The company who requested the information, may be legitimate, and there may be the prize,, and but may sell that list of names collected to a marketing company. You may end up on a “sucker list”.

Identity thief rings buy “sucker lists” from direct marketing companies. You’ll then be a target for a phone scam or “vishing”. You’ve already given them a good reason to call because you are optimistic or in their terms a “sucker”. Now your wide open, and they will throw every trick in the book at you. This is what they do, this is what they are good at.

The odds of getting your identity stolen are much greater than winning anything, so don’t bother trying to win by giving up information. You will have taken a significant step in defending your identity.

Can Check Fraud Become Obsolete?

2007-06-12T22:36:00.000-07:00

I am still amazed as I stand in any line at a store and the person in front of me pulls out a checkbook and writes a check, has to dig out a shopper ID card or some other form of ID, then hands it to the cashier. The cashier, with a puzzled look, takes all the documents and writes down information on the check. The cashier hands any ID back to the patron then sticks the paper check into the register 3 different ways.

At about the midway point through this production, I realize why I don’t write checks anymore and the person who invented the debit card should win the Nobel prize. What an incredibly antiquated and outdated system that is still being used by millions of people despite all the pitfalls.

Beyond the fiasco at the register, look at what else this dinosaur system burdens us with:

The number of checks stolen or forged each year is about 500 million checks and over $10 billion in lost revenue. Check fraud in itself is expected to grow at a rate of about 2.5% each year.

The average number of fraudulent checks written daily is about 1.4 million equaling $27.3 million worth of fraudulent checks written everyday.

According to the National Check Fraud Center, check fraud and counterfeiting are the largest and fastest growing problem that the United States financial system now faces. The estimated losses produced annually are over $10 billion and is expected to continue to rise.

Sure checks have their place in very few instances but these statistics coupled with the surge in identity theft, makes me wonder why the banks and other businesses still embrace them.

Why does the public still embrace them as well? The alternative for many will result in anxiety and fear. Debit cards with PIN numbers, all the talk about loosing information in data breaches, plus identity thieves looking over my shoulder at the checkout, all give the feeling of fear.

Reality paints a different picture, because these are the same people who write checks in regular ink, place them in the mailbox in the morning before work, put that red flag up, and never give a thought that they could be contributing to the above statistics by the end of the day.

What can you pro-actively do to help make check fraud obsolete?

1)Switch to an online billpay system
2)Use a debit or credit card for all merchant transactions
3)Have companies that you pay monthly like a utility debit your checking account

But …..if you must still use checks:

1)Don’t put them in your mailbox in the morning and raise that red flag
2)Lock up all checks and deposit slips in your home
3)Don’t carry a checkbook around in a purse or leave it in your car
4)Use a black ink Bic Rollerball or a gel pen to write out any checks, they can’t be washed off

If your are a victim of identity theft and check fraud is one of the causes:

Report stolen checks, and close unauthorized checking and savings accounts.
If you have had checks stolen or bank accounts set up fraudulently, report it to your bank or to one of the check verification companies listed below. (If a merchant rejects your check, ask for the name of the check verification company.)
When you do contact any major check verification companies listed below, request that they notify retailers using their databases not to accept your lost or stolen checks. Place immediate stop payments on any outstanding checks that you have not written.

• CrossCheck: 1-707-586-0551
• International Check Services: 1-800-526-5380
• National Check Fraud Service: 1-843-571-2143
• SCAN: 1-800-262-7771
• Equifax Check Systems: 1-800-437-5120
• TeleCheck: 1-800-710-9898 or 1-800-927-0188
• Chexsystems: 1-800-428-9623

Identity Theft with Obsolete Computers

2007-06-07T09:58:00.000-07:00

We are coming to a point in time when many people are replacing their computers with a new faster and sleeker versions that will do just about everything they need to keep up with the multi-media world we now live in.

Judging by the age of the internet going mainstream, it will likely be your 3rd replacement with the last two really being used with much of your personal information embedded somewhere on the hard drive. Ten years ago you thought nothing of donating it to a school, or giving it to another family member or even the local Salvation Army.

If you still think that way today about disposing of that old PC, don’t! Yes you want to do the right thing, help out, be conscious of the environment, or any other good reason you may come up with for not just discarding it. But before you take that step, think about identity theft first. Your personal information from the last few years is somewhere on that hard drive. Sure you deleted it, formatted it, cleaned it, but to a persistent thief, they can dig up anything with a little effort, and they do.

Thieves pick them up on auction sites, at garage sales, in used shops, flea markets, all loaded with personal information.

There are software products in the market ranging from $30-$60 that guarantee you that they will wipe that hard drive clean to department of defense standards. I am not denying the validity of these nor endorsing them, but there are other surefire alternatives.

1)Remove the hard drive before giving the PC to anyone, a replacement will cost very little to the recipient verses buying a new PC.

2)Replace the hard drive and designate that PC as a “kids only” PC, let them download all the spyware and viruses while they fileshare using P2P networks. The keylogger they pick up will find nothing good on Disney.com.

3)Replace the hard drive yourself then donate it or give it away.

4)Recycle the entire PC, but remove the hard drive first. Call your local waste management office to find out how, many designate special days for these items.

5)Keep the PC forever and never let it leave the house (some are sentimental about everything)

So what do you do with that old hard drive that you removed? Just pick your weapon of choice and destroy it. Toss it on the grill for a half hour, smash it with a baseball bat, drill a half dozen holes in it, place it in your tool box and use it when you can’t find that hammer.

All this may seem extreme and time consuming, but the hassle of identity theft is much worse.

Identity Theft and the Hurricane Season

2007-06-04T19:36:00.000-07:00

Hurricane season officially began and news stories are everywhere about predictions and who is at risk, and how people deal with it. I saw one news story in particular where a woman from an emergency planning office in a Florida locality was talking about what she sees every time a storm heads towards the coast: people rushing in to buy batteries, bottled water, and bread. She even saw two people fighting over a can of soup and longs lines at stores, arguments, and many other incidents that do not normally occur between neighbors.

Then they asked people what they were doing to prepare. One man stated “what can I do, I don’t have insurance”, another woman said “I’ve lived here 20 years and I have not had a hurricane impact me, YET, and I really don’t know what to do anyway”. One man said he would wait and see what happens this year before he takes any actions.

In fairness there are people who purchased plywood, generators, have supplies on hand, just in case.

So when a hurricane does hit, and if you live in Florida or the southeast United States, you will be affected by one eventually. Who will be in better shape to ride out the storm? Who do you think is going to be on the evening news standing in a waterline 3 blocks long?

The question lies in why do people who know or understand the inevitable, still sit back and do nothing. What makes people live in deniability constantly?

This same scenario is true with identity theft. If you have not been a victim of identity theft yet, your chance increases with each passing year. Approximately 1 in 30 will become victims this year alone. Even with those odds many will sit back and do nothing. But if a local Scout Troop was selling raffle tickets and gave you those odds, you’d likely buy one because those are pretty good odds.

People are just starting to recognize that identity theft is at epidemic levels, yet millions still do nothing to protect themselves. Since you started reading this 20 people will have had their identity stolen. Today alone will claim 25,000 victims. I have not met anyone recently who has not known a victim or been one themselves.

So why do people wait? Are Americans the ultimate optimists? It really does not matter why people don’t act, because in the end we are responsible for ourselves and our identities. If you don’t change behaviors and take steps to protect yourself, then you are destined for what will eventually provide misfortune, a hurricane if you live in the southeast US, or identity theft anywhere in the US.

Identity Thieves in Your Safety Zone?

2007-05-31T12:57:00.000-07:00

When I ask people to describe an identity thief I usually end up with a wide array of answers and descriptions. They range from thinking they must be from another country, or are in organized crime rings, or gang members, drug addicts, low income or poverty stricken etc. Truth is, because identity thieves come from many diverse backgrounds, you could say just about anything and not be wrong.

But everyone just about left off a description of a thief they would know best. Someone close to them!

If you’re a victim of identity theft, there is a chance you know the thief. The thief was someone close to you. How close do I mean? Well maybe not intimate close, but close enough for them to be inside your self imposed safety zone. What is that safety zone? Most likely your home, apartment, dorm room, anyplace you call home is your safety zone, the area you feel comfortable in enough to leave personal items lying out in the open because you’re inside your own personal zone.

Ever sit and think who you let into that zone? I’ll create a fictitious, but realistic list for you:

1) Aunts and Uncles plus their spouses
2) Cousins plus spouses
3) Nieces and nephews
4) Brothers and sisters plus Brother and Sister – in Laws
5) Step brothers, step sisters
6) Mother
7) Father
8) Nanny
9) Baby sitter
10) House sitter
11) Painter
12) Plumber
13) Repair Person
14) Friends
15) Co-workers
16) Teenagers friends
17) Housekeeper
18) Maintenance
19) Neighbors
20) Clergy
21) Sales people
22) Parents of your children’s friends

Now that we’ve looked at it in a little more detail, it’s a pretty big list. Probably much bigger than you envision.

Why these people? Why not? They represent a good diverse cross section of society. And in society there are plenty of people with bad and devious habits. Most bad habits are hidden from others and often require funds. Funds they do not have readily available so they have to become creative to get those funds. This new age of identity theft is giving these people easy access to funds.

Because you allow them into your safety zone, you never bother to put up your guard.

By leaving your personal information unlocked or in plain view, you are potentially inviting somebody from that list above to turn you into a victim of identity theft.

The easiest step would be to keep personal information from those people in the first place. Sounds easy but approximately 1.5 – 2 million people last year didn’t think about it and found out the hard way what people from that list were capable of.

identity theft

Fraud Alert Gives False Sense of Security

2007-05-28T10:47:00.000-07:00

Recently in a local community a laptop belonging to a county agency was stolen from a community center that had the names and personal information of 7,000 people who had applied for a state health insurance program dating back from 2003 to the present. It does not sound astonishing, but the community has about 45,000 people in it.

The county did do the right thing by disclosing it immediately; they fell extremely short when offering advice.

They told everyone who may be impacted by this to place a fraud alert on their credit report. They also mentioned providing credit monitoring.

Did they really understand what a fraud alert meant? Do they recognize that credit monitoring is an after the fact service?

A fraud alert is a notice you place on your credit report that technically REQUESTS additional verification by the lender with you personally when new credit is applied for.

Go into a store and request a store credit card, the lender who transacts credit for the store will check your credit report for viable credit. If there is a fraud alert on your account they have the OPTION of contacting you to verify that you have actually applied for credit at this store. Note the word OPTION, not mandatory nor legally required. If the lender cannot reach you at the phone numbers they have on file, they can go ahead and issue credit at their discretion.

So if everything works correctly for a thief they could obtain credit in your name despite a fraud alert. Remember it is at the lenders option and they want to issue credit, that is what they do. It only adds an optional extra step, but doe not guarantee a thief will not be able to open up an account in your name.

The name used for this notification is misleading. Local county officials thought it sounded like worthy all encompassing advice to offer to 7,000 victims.

P2P Networks Significantly Increase Risk of Identity Theft

2007-05-24T10:18:00.000-07:00

Ask someone who has a child in middle school up through college what P2P is and chances are you’ll get a look of uncertainty. Chances are they will not know what you are talking about and if they do the details will be scant.

If they do know what P2P is, do they truly understand the dangers of it outside of the fact the kids are likely using it to obtain copyrighted material for free and most likely illegally. There are legal ways to use P2P networks for sharing photos and video clips and other homemade material, but it is used mainly for illegal downloading of copyrighted material without paying for it.

P2P is an abbreviation for Peer to Peer networking. How it works in simple terms, you expose folders on your PC to other peoples PC’s on a network, and you copy anything you find in their folder back to your PC, generally music files. But anything else in that folder is fair game to anyone on the network who wants to look at your PC. And depending on how the PC user allows others to view files, your entire hard drive could be read like an open book to anyone on the internet. Nothing scary there! You might just as well go post files of last years tax returns in a chatroom of identity thieves and set a timer to see how quick someone becomes you.

The network is set up by a third party service who just acts as a hub that all the users pass through to get to other PC’s on the network. They are everywhere and becoming harder to shut down due to ruling in court cases and the ability to operate in a manner that cannot be easily detected.

P2P has been around for a long time, remember the name Napster in the news a few years back? They brought P2P file sharing to the mainstream. The recording industry got them shut down because of the massive losses in music sales all blamed on illegal P2P usage.

So what has changed since then? P2P is growing among younger PC users and exposing their own or their parents personal information to identity thieves. The thieves scour P2P networks looking for personal information in folders that your 9th grader has exposed unknowingly.

According to a recent study released by Dartmouth business school researchers, P2P users have increased from 4 million in 2003 to approximately 10 million today.

So no surprise that along with it, identity theft has also been on the rise. It is an epidemic in this country. Is P2P responsible for that? It sure has added to the ease in which the thieves are obtaining information.

So now what? Any sensible adult who has any child engaged in P2P file sharing of any sort, particularly illegal music, should shut it down and close that door immediately. The lure of free (illegal) music for the kids will pale in comparison if you bank account get drained by an identity thief. There are plenty of safe and secure site to buy music from at extremely reasonable prices.

It is up to individuals to protect themselves and keep tabs on what is happening on the family PC. Go take a look before it’s too late.

Medical Identity Theft Can be a Killer

2007-05-18T11:22:00.000-07:00

Financial identity theft is in the news all over. It is an epidemic in this country and is showing no real signs of letting up any time soon.

But medical identity theft and how it can impact someone is not a common topic and gets under reported by the media.

Medical identity theft occurs when someone steals your identity for any medical service ranging from prescriptions to full blown surgery.

While the number of victims for this crime is estimated to be low on a yearly basis in the range of 400,000 to 800,000 (compared to the 8-10 million financial thefts) the financial impact is much greater and the impact to personal lives can be deadly.

The theft can occur from an individual to the office staff member or by an actual practitioner. A doctor or psychiatrist may create an unfounded diagnosis in order to inflate bills and steal from your insurance. So how does this affect someone? Try getting a job if an employer does a medical background check on you and finds in your record you are diagnosed as psychotic and suffer from delusions when you really don’t. And then try getting something like that changed. Sure, the keepers of that information are going to let a psychotic person change their record! That can damage you for life! It makes financial identity theft look like a prank.

Someone could get medical treatment in your name for a serious heart condition and then you apply for life insurance. The letter will read “ We are sorry but we cannot offer life insurance to a 38 year old male who has had 3 massive coronaries and bypass surgery.”

The ramifications on a personal life can be horrific. And then try getting it changed. It is not a simple as sending a protest letter to the 3 credit agencies and telling them there is an error.

Can it get worse? Absolutely! You go to the hospital for a major medical issue and find out your health insurance has been maxed out and you are not covered for a treatment that you need. Are you going to jump out of that hospital bed and straighten out the error then come back to get the treatment in a month or two?

The killer issue is if you go in for surgery and someone has received treatment in your name prior to you but your records now reflect the identity thief, including things like blood type, medications and may not reflect your current medications. You receive the wrong blood type, a drug that interacts, or the wrong dose of anesthesia , all that will kill you in a heartbeat.

So now you need to start looking at your medical records before you receive treatment to be sure your true records are reflected.

More on this soon

The Hidden Costs of Identity Theft

2007-05-14T22:31:00.000-07:00

Recently I read a news article written about a seminar recently given on identity theft by an attorney from the Federal Trade Commission. While I will save my opinion of his stated facts about the cost of identity theft for another post, he said 99 percent of identity theft victims pay nothing, and if there is any cost vendors pay for it! WHAT? Did he just fall out of the sky and crash land on planet earth, head first?

Just think about all the other costs, the unseen, uncalculated, or unaccounted costs, we could be referring to a value that in some instances would be unbelievable.

Let’s look at time alone. Depending on what statistical survey you refer to, the time spent per victim usually averages in the range of 500 hours to clear all the hurdles to restore their name and credit and obtain any restitution. When do they do this? Many during normal business hours. An employer of a victim, and many are employed, will lose thousands in lost time and productivity due to phone calls, paperwork, making copies, faxing information and police reports. Also time off for trips to court, an attorney’s office, or police department. Think of the time loss and cost to the self employed.

Emotional costs are also not included in his figure. I was at an event recently and spoke with many individuals about identity theft, and I was truly amazed at how many had been victims or knew a victim directly. One woman had the most emotionally charged story about a close relative who stole her identity. She was forced to press police charges against that close relative, otherwise she could not get the $6,000 in theft cleared from her name and she did not have the funds to cover it either. She was extremely distraught because she knew the negative impact it would have on her if she did not press charges, but she also knew the lifelong damage the close relative would endure for this one event.

Others feel violated, hurt, constantly suspicious, untrusting and the list goes on.

So what impact do those feelings that now have on the economy? Many of these people will stop using credit or debit cards, will not buy online, will not do many things that will impact the economy much like a recession.

And for the cost to the vendors that do actually pay for or cover losses, where does he think that money will ultimately come from? We all bear the burden of paying for the costs of identity theft. Much in the same manner we share the costs for insurance when a major hurricane hits even a majority were never impacted by it.

So in the grand scheme of identity theft the impact of the actual dollar amount may only be a small part of the total cost, but everyone who gets hit with identity theft pays a price.

Homeland Security Department Not So Secure

2007-05-10T18:14:00.000-07:00

Last week the Transportation Security Administration had lost a computer hard drive containing data and payroll information for about 100,000 employee records. They use the term lost, but seeing who is involved in looking for it, stolen is probably the better word choice. They may find it being used as a bookend somewhere.

The data was on employees who worked at the agency between January 2002 and August 2005 and included Social Security and bank account numbers, names, dates of birth, salaries, benefit deductions, and bank routing information.

In case you don’t recall, the TSA is a part of the Homeland Security Department. That does not sound reassuring at all. The agency that was chartered after 911 to protect us is not even protecting itself.

But if you look at a short chronology from the last 3 weeks you could not make up this entire string of events that has just rolled out of our elected government.

- April 23, 2007 The President’s Identity Theft Task Force – Combating Identity Theft a Strategic Plan – 120 pages of what Washington wants everyone to do

- April 2007 Government Accountability Office – Privacy – Lessons Learned about Data Breach Notification – 78 pages of how and when to notify people the next time it happens! They were planning on it!

- May 4, 2007 TSA notifies 100,000 of a lost hard drive

- May 9, 2007 The American Federation of Government Employees (AFGE), along with four security screeners, charged that the TSA had recklessly violated the Privacy Act and also violated the Aviation and Transportation Security Act. The class action suit was filed in U.S. District Court in Washington on Wednesday 5/9/07.

President Bush has to be in the White House banging his head on the oval office walls. He would ask Attorney General Gonzales, but he has his own issues to worry about, and he issued that 120 page report, so he’s off the hook. So who else can take responsibility for this? Typical reaction is to roll a head or two in the management ranks. What does that solve? It only keeps the same inept individuals still guarding the data, which they didn’t do so well to start with.

What really needs to happen is people who are truly responsible for this, at the office level, get fired, loose their pensions drain their 401’s. If you were handed information and told your financial future depended on keeping it safe, you can be sure there would be people keeping better track of that data better than their wallet.

Lack of accountability breeds lack of responsibility.

What’s missing from your mailbox today?

2007-05-07T08:28:00.000-07:00

A habit that we are all used to doing since we had our first apartment, or first went away to college, is get the mail before we walk in the door. Every day we expect to get something when we open that box. Mail is a way of life in our society. It is woven into the thread of our daily lives.

Will physical mail ever go away? No, but it will evolve into a different service than what we see today. Email, estatements, online billpay, are all eroding at a service that has been in existence for ages. But what online taketh away, online giveth back in another form. Ecommerce has opened up the marketplace for any item you want with a click of a mouse.

So who still uses this age old system of antiquated origins? All of us do! There must be something about still receiving items in that box that keeps us attached to this extremely vulnerable system. Ever think about how vulnerable it is? Most don’t.

According to the US Postal Service they arrested 6000 people last year for mail theft! If it doesn’t sound like many, just think of how many they have not arrested. Then add in the ones who will start doing it. The number of mail thieves is growing as identity theft continues to grow year after year.

There is also the occurrence of “volume thefts”, that is prevalent in a number of states. The postal service does not specify what a “volume theft” is, but I would guess it is in the range of a bulk airline cargo hold shipment (ever look out the airplane window and see bulk bags of US mail being loaded with your luggage) to an entire truckload. I doubt they are looking for Ebay packages either. The thefts are occurring everywhere that mail is readily available, from collection boxes, apartment mailbox panels, postal trucks, your curbside box etc.

So what is missing from your mailbox today? A quick off the cuff answer is nothing, because you picked up your mail and it was there….so you thought. But were you there when it was delivered? Did it sit all day waiting for you to get it after work? And are those 2 credit card offers the only ones you received today or did the mailperson leave 4? You just don’t know what is missing from your mail because you never see it to start with.

You need to defend yourself from mail theft by eliminating the use of mail for all critical and essential information. Only use the mail for catalogs and advertisements and coupons, the thieves can have that.

President’s Identity Theft Task Force

2007-05-03T20:05:00.000-07:00

Last week Washington released a 120 page manifesto about all the ways identity theft is affecting all of us. A little late to the table? The Bush administration made mention of it briefly in 2003 and I believe they became preoccupied with a bigger fish called Saddam.

Well now that he’s fertilizer, they can get back to what’s on the minds of the American people. So it took them four years, and significant year over year increases in this crime ever since, for them to return to the topic.

This action is a result in the uproar being made by the public and this being covered by media all of the time, especially when a major data breach occurs.

Lost in all this public reaction is the fact that people are still engaging in high risk behavior when it comes to protecting their identity, and many still feel it will never happen to them. No amount of legislation will help them until people start helping themselves. At the end of the day the best defense is self defense.

We can’t expect the government to stop all of the gaps so we can continue as in the past leaving ourselves wide open. They can only protect you so much, the rest is up to you. You must realize that it is individuals (not the government or businesses) who will lose the most and suffer the biggest hardships financially and emotionally from this type of crime.

If Identity Theft continues to grow, as it has in the past few years, it will eventually start to have a major economic impact and the federal government is foreseeing this as very real possibility in the very near future. Statistically we all stand a good chance of getting impacted by identity theft; it will be the ones who have built up the best defense who will be impacted the least.

Don’t wait for it to happen to you!

The stolen laptop saga strikes yet again

2007-04-28T01:47:00.000-07:00

Retailer Neiman Marcus had a pension company report a theft of a laptop with the records of 160,000 employees current and past.

These “data breaches” are almost starting to sound too common. Almost a yawner compared to TJ Maxx and the 45.7 million tidbits divulged. Neiman Marcus disclosed this breach because some of those employees are in states that have laws requiring disclosure when information is lost or stolen. Stolen laptops and data breaches are not new, but due to disclosure laws, we are hearing about it more often than ever before.

The thief who took the laptop did so because of opportunity. He was a petty thug who saw an opportunity. That opportunity kindly was provided by a person who set it down somewhere in public and walked away for a minute, most likely to get extra napkins for the latte that spilled a few drops on a table in a café. I’m making this up, but the real scenario was surely that simple. Most thieves are lazy and go for the low hanging fruit, the easy targets. The thief was not thinking about what information it could possibly have on the hard drive either.

Now the thief takes this laptop and turns it into cash quickly. After all he’s done his work for the day, now time to get paid. That laptop will end up changing hands a few times and it will be the random luck of the draw of who’s hands it passes through and who looks at the data stored on it. It will most likely end up in a pawnshop and eventually on an internet auction site.

This laptop theft like all others that have come to light recently will cost Neiman Marcus much more than they would have spent on the control of that information. They paid for credit monitoring for 160,000 people, and that was a nice tidy sum they did not have in this years budget.

It would have been cheaper and easier to have spent more money up front to control their corporate information, through data-protection policies and training that applies to anyplace that information is stored, including a laptop with a third party. They will now be spending money on that.

If that was an individual's laptop, not a corporate one, the same reaction would happen. A flurry of activity would occur to fortify and monitor to be sure there are no attacks. Not only was the loss of the device costly, you now have, monitoring, worrying, time, and effort etc, added to that unecessary event.

You normally don't leave a purse or wallet unsecured in public, even briefly, because there is a good chance it will be stolen. The same is true with a laptop.

These thieves are not smart, but we have to be, and take some extra steps to not become a piece of low hanging fruit.

You can make a difference by refusing to hand over your information

2007-04-22T23:14:00.000-07:00

Recently a friend of mine wanted to volunteer to be an assistant Little League coach. There is an extensive application that everyone is required to fill out and turn in to a designated league volunteer. That volunteer then takes the application and runs it through a paid service to do a background check to be sure you are not a predator with a history of past offenses. This is all good as we all want the children to be safe from those individuals. But it is imposing a great risk to all volunteers.

My friend asked me if he should provide all the information requested, drivers’ license, date of birth, social security number, etc. I advised him against it. Why? Because he would be handing the keys to his identity over to a complete stranger, a volunteer, a person he had never met! He was sure this person was using the information correctly and as required, but what else should he be concerned with? The answer is a lot!

Let’s assume this person is an upstanding volunteer and only uses this information for its intended purpose. But what does he do with all of those applications emailed or mailed to him. He called to find out, and it turns out he has to keep them until the end of the season, and then he shreds them and delete them. Great, but how secure are they until then. My friend was never sure. The volunteer probably did not leave them on the kitchen counter, but didn’t lock them up either, and he was sure his email was probably not password protected. And that’s where the system falls apart. Everybody in the league knows he collects hundreds of applications with all this information. This is literally a goldmine to anybody with deceitful intentions. A plumber, a painter, the housekeeper, a babysitter, a relative, a teenager’s friend etc. Starting to see the picture?

Why do they need all this information? Simple, the more information they have on you, the narrower they can have the search results returned and the less duplication of names.

Well guess what started happening? People were refusing to provide information and therefore volunteer. On April 13, 2007 the Little League International issued a statement that they would no longer be requiring volunteer applications to include a social security number. It does not address the entire issue especially with the information volunteers possess, but it definitely is a step in the right direction.

The next time someone asks for more information than you think they should have, take a stand and refuse, you may not receive the service you wanted but ask yourself if it is worth loosing your identity over.

National identity theft awareness week

2007-04-14T23:30:00.000-07:00

While identity theft is a year round event, this coming week, could just qualify for National Identity Theft Awareness Week. The week could get this designation because it is becoming one of the more prevalent ones for identity theft due strictly to the time of year. No, there is no such week, but if there were any good time to raise awareness, this week is it.

We wouldn’t be human if we did not have some worry this time of year regarding filing our income taxes.

The forms, the documents, the receipts, the calculator, the room you barricade yourself in, and vow not to emerge until the deed is done. Those are all recurring items that we’ve been through before and will go through again, but we still feel anxiety regardless.

While getting your taxes done is paramount for this time of year, you need to be on alert for more than just an audit. The thieves and con artists go into overdrive this time of year. They feed on your sense of commitment and urgency to get that return done and in on time.

So what should you be concerned about? Here are my top 10 awareness items to think about this week for protecting yourself from an identity thief:

1) Shred all those printed copies that you found mistakes on, and had to reprint.

2) Keep your hard copy of your tax returns locked up.

3) If you use a tax preparer or a CPA, be sure they are securing your information, after you leave the office. Look around to see and verify that they use a shredder. Ask them how they secure your information when they are done for the night.

4) Give some consideration to where you are copying a tax return. It has recently come to light that copiers retain digital information of every copy they make, and some are not being properly erased.

5) If you used software at home on your own PC, save your tax returns to a disc and delete it from your hard drive. Keep in mind if you loose a laptop do you want your tax return available to anyone who acquires it?

6) Ignore and delete emails from the IRS. They don’t have your email address, do you remember providing it to them?

7) Only eFile through the links on the IRS website http://www.irs.gov/ . Recently thieves have been setting up fake eFile sites and collecting your information.

8) Don’t provide any information to any who calls claiming to be from the IRS.

9) Don’t leave your return in your mailbox. Take it to the post office directly.

10) Use a reputable tax preparer. Remember that you are handing them the keys to your identity, if you don’t know them, they may just drive off with it, or sell the information to a third party.

The IRS does not use email?

2007-04-10T12:16:00.000-07:00

Around this time every year millions of emails arrive proclaiming the IRS needs you to verify your information, needs more information, has money to give back to you, and the list goes on and on. To conform, all you need to do is cough up some very valuable information.

They all invoke some type of high emotion, either fear or excitement. Both can cloud clear judgment, and reasoning. And it works, all too well.

Lets look at this from a logical and simple point of view. What is the main goal of the IRS? To collect tax revenue. What else do they do? Audit you to try and collect more tax revenue. Have you ever heard of them doing anything else?

Those two functions just about wrap it up.

So if we look at what they don’t do here is my simple list of 5 rules, and read rule #1 at least 50 times:

Rule 1)The IRS doesn’t ask for an email address on your 1040
Rule 2)The IRS doesn’t ask for missing information via email (See rule #1)
Rule 3)The IRS doesn’t ask for more information via email (See rule #1)
Rule 4)The IRS certainly doesn’t offer additional refund money via email (See rule #1)
Rule 5)The IRS absolutely doesn’t locate bonus or extra money just for you

Now go back and read rule #1 above again. If you can remember that, you can be assured that any message you get proclaiming anything from the IRS is a fake and a phishing scam.

So when you see the words IRS in an email for any reason instantly think of my IRS #1 rule and then hit the DELETE key.

The costly disparity of debit and credit cards

2007-04-03T07:42:00.000-07:00

I can't help but wonder how many of the 45.7 million cards stolen from TJX were split between debit and credit cards. The number was lumped together as a whole as if they were all the same. To TJX there was no difference, they said sorry for the inconvenience, and moved on. Not so fast, because to the victims there was potentially a huge difference.

All this starts with the cards looking identical to consumers. This leads many to the conclusion that because they look alike they are alike. The biggest difference to them is one gets billed and the other comes from their checking account. What else could there be?

Under the Fair Credit Reporting act you cannot be held responsible for unauthorized charges to your credit card. The burden you face is to prove you did not make the charges, file a police report etc. Your liability is generally limited to $50 per card.

The people who had their debit cards compromised fall into a whole different category of liability. Within the first 2 days you liability is capped at $50. Up to 60 days it is capped at $500, after the 60 day window you are wide open for unlimited liability or the balance of your account. Those clocks start ticking the day you notify your bank of the theft, or the date of your first paper or online statement where the unauthorized charges appear. You become "notified" even if you don't open up the envelope or bother looking!

Remember , the "Zero Liability" card you have is not a mandate to the bank from the government, only a courtesy from your bank. Even then, it is at their discretion who is truly liable.

I'm sure many do not bother to review their charges or statements because they feel "protected" and have "zero liability". I would like to hear from some victims of the TJX fiasco to see how well they made out with these policies. I'm sure many looked at those statements for the first time in a long time when they heard about the breach and were quite surprised.

The easiest solution, review your statements regularly. They are your best defense to a costly theft!

TJX added to our ID Wall of Shame

2007-03-30T23:46:00.000-07:00

TJX owns T.J. Maxx, Marshall's and other stores in North America and the United Kingdom, and have great stores but they have proven without a doubt they have a PR machine that is compromised just like their computer system.

They do not publicly disclose the extent of the record breach but attempt to slip it into a regulatory filing, hoping it will go unnoticed. Sure 45.7 million cards represent an ugly number. But they backed themselves into a corner by having to explain it once it was plucked from the filing. TJX didn’t think to tell anyone about that ahead of time, but since you found it in our SEC form 10-K and brought it up we’ll have to talk about it now.

So that was not such a great move, but what was a bit more unsettling was they have openly stated they cannot offer any assistance to anyone who has been “inconvenienced” by a theft. They refuse to talk anymore about that due to litigation. You want a piece of them? You’ll have to get in line with the 20 plus lawsuits filed to date.

And the pitiful PR icing on the cake is they only offer free credit monitoring for 1 year for the 455,000 who lost personal information, drivers license numbers, military ID numbers, etc, which could be used to commit identity fraud.

What is that really worth? If the pattern follows through from the other 45 million card theft only victims, they probably will not help out if your identity is stolen but they will pay for a service that informs you about ID fraud after it has occurred. If that’s the case, once again it will be up to the victims to rectify the situation, incur the cost and the headaches to say the least. Something sound familiar here?

Haven’t they been down this road before? They may never learn.

While credit monitoring is one of many useful tools to combat fraud, there is much more they should be doing for all of those who may be “inconvenienced”. For that we have added TJX to our ID Wall of Shame.