Friday, June 11, 2010

Summer is Here and Identity Theft Gets Easier

How does summer effect identity theft? Just think of what you do during the summer and how you can be effected.

Going to the beach? Taking a trip anywhere....staying in a hotel with all the kids? Day trip to the local pool?

Most will do at least one of these events sometime over the next three months.

So how do identity thieves strike during this time of year? Let's focus on the simple stay in the hotel by the beach.

These places are packed this time of year. Different people come and go from every room with faces changing constantly. The hotel staff, specifically the cleaning staff don't recognize you from anyone else. How does that work against you?

You allow them to come in your room after you've cleared out and moved the family to the beach. You taken minimal items, sunscreen, towels, and some cash, after all you are going to be on the beach and don't want to leave your wallet vulnerable on the shore, hiding under towels while you go in the water. But you have left most of your valuables wide open in your room.

How? Just walk the halls anywhere from 9 am to 2 pm. Rooms on every floor are left wide open. Thieves can walk right in, even when the cleaning staff is in there! They act like the rooms actual occupant looking for the laptop, Blackberry, wallet etc. that they left behind and need to take to the beach. The staff does not stop them....they think they are the rooms' actual occupant! They see hundreds of faces every day.....nobody stands out. If they do recognize a person as not the current resident (highly unlikely) a simple....ooops....wrong room, wrong floor excuse and the thief is on their way...no questions asked.

So what can do? Plenty if you just take the time to trade off a few amenities. First and foremost....don't have them clean your room. Gross...right? Not really....they only neaten things up, make the beds, and empty the trash, and vacuum and change the towels, and leave you new soap. Well, if you were home, you would do this anyway, so it will not kill you to take 10 minutes (about all the time they spend on it) to protect your identity and personal belongings. Call for fresh towels and soap at the end of the day, empty your trash, and leave the bed messy and forget vacuuming...hey your on vacation! You get to leave the dirt behind!

Just tell the cleaning staff you will not need the service....and leave the "Do Not Disturb" sign on the door, with the TV on and the volume turned up a bit, just to be sure the staff don't enter the room.

Simple steps and some common sense will save you from summertime identity theft.

Tuesday, January 13, 2009

Identity Theft During Tax Season

Christmas time for identity thieves is now upon us. W-2's, tax forms, financial statements, all come out this special time of year for just about every person in the country.

Many will think very little about putting all of their personal records in a folder and taking them to a preparer sitting in a kiosk or booth at the mall or at a store that has set up this temporary area to capitalize on tax season.

I was observing one such place recently and was shocked at what I saw.

For starters there was no shredder anywhere to be found and I saw papers just tossed in a garbage can close by. I was not about to sift through it but I am sure there were worksheets and other discarded items from the preparer that should have been shredded. Items that contained plenty of personal information and enough for a savvy thief to use.

I saw her and her clients leave the "booth" and documents were left out in the open on the desk for anyone to walk up sit down pretend to be waiting and with a simple pen and paper copy social security numbers down.

If you feel compelled to have your taxes completed in such an environment, try to be aware of your surroundings and who can see. Take all your papers with you when you leave, even the scraps and worksheets. Be sure the preparer has not left any of your information laying around.

Most importantly, keep in mind that many of these temporary stations are staffed by temporary workers. You may be providing your personal information to someone who has just been hired. While I have to believe that there was some screening process, that is no guarantee that your information will be kept safe.

These people are hired and trained to complete tax returns, collect a fee and do it as quickly as possible. Information safety and security is probably not very high on the list. I'm sure they were told about it, handed a sheet of paper on it, and technically speaking "trained" to handle it properly, but if the goal is something other than that, one has to keep in mind how diligent are they really going to be.

You really need to decide if this is the environment you want to have your personal information exposed too.

Friday, April 4, 2008

$10 Million Guarantee against Identity Theft

I think it is truly starting to get out of control. Everyone has jumped on the $1 Million Dollar guarantee as a standard offering for identity theft services.

The value of what you really would get out of that is somewhat questionable. But now I recently noticed that one of the service companies has stepped up the guarantee to $2 Million Dollars.

Well count me in then! I was on the fence for the $1 million, but if they are offering $2 million, that is the ticket. How can I resist?

Are people out there really that foolish? Is upping the artificial "air in a bottle" service guarantee going to suck people in or away from the competition?

I wonder who will be the first to hit the $10 million guarantee mark.
At that point why not just up it to $100 million?

Are you worth a million dollars, how about $2 million? If you are, you most likely have that kind of coin in a brokerage account. Most of them now after E-trade started the trend, cover any fraud losses to your account.

The average loss or theft is in the low thousands with much of that being covered. Our company research has shown that many end up with minimal actual out of pocket expenses.

Their biggest loss is time, effort, anxiety, frustration, in cleaning up the mess left behind. We suggest people start placing a dollar value on that and collect from those companies.

If you receive a fraud alert no matter what is says, this is what it means:

" SOMEONE HAS YOUR PERSONAL INFORMATION......we stopped them from opening up a credit account....... since a thief already has stolen your info, we really can't tell you what else they may do with it"

Tuesday, April 1, 2008

Public becoming more Savvy to Identity Theft Services

A recent story on ABC 7 in San Francisco pointed out the value or lack thereof for services by an identity theft service that charges over $100 a year and pointed out to their viewers how to perform the same services yourself easily and free.

But what we found to be the best comment was followed by a person who pointed out that any alert to fraudulent activity is NOT PREVENTION. If you are alerted to anything by any service you have already been compromised .

Finally, people are seeing the light and recognizing that being alerted does not equal being protected . The damage has been done. You will need to scramble to figure out what the thieves who already have your information are going to do with it next.

This is why defending your identity first and foremost is much more beneficial and easier than finding out you've been alerted.

Friday, March 28, 2008

The value of one Social Security Number in ID theft

People need to understand how valuable that simple 9 digit social security number really is to an identity thief.

A Chicago area man racked up just under under $300,000 in debt with one womans Social Security number. His purchases included a Range Rover and a home.

Apparently this has been going on since June 2005.

An unfortunate event like this points out how far one person can go with one very crucial piece of information. While most studies point out that losses are generally much smaller, those numbers are averages and will be meaningless to this victim.

She is left picking up the pieces of this man's crime spree. Will she be out the $300,000? Definitely not, but she will be required to file numerous complaints and documents to prove she was not involved or had nothing to do with this crime. She has to exonerate herself first before any financial institution will release her from these debts.

She will spend many hours with various agencies clearing the debris from this. In the end it will cost her time, energy, anxiety, and frustration. She will likely need to take time off from work to handle certain situations.

Will she be out any money? To a large extent no, but what about time from work especially if she is self employed, gas money to travel to a police station to file an affidavit, a trip to a attorneys office, possibly a bank visit, cost of parking an so on. It can add up. Every step of the way will be filled with anger and frustration that she has to go through all this for something that she had nothing to do with.

What she should realize somewhere along this journey, is that people can do things to either avoid this, or prevent it from getting out of control.

This thief obtained her number from somewhere. The fact that he used this one for so long indicates it was likely the only one he had and found it somewhere, either in the mail, trash, on an old document, maybe in a wallet he found or stole.

Where she went wrong was allowing this to go on for 30 months. If she had been actively checking her credit reports, or had a credit freeze placed on her accounts, or fraud alerts put in place, much of this would have been avoided. She should also reflect back on where she may have provided her SSN or lost any personal information.

A little bit of prevention or mitigation would have gone a long way. It is up to you to defend your identity. This unfortunate circumstance with one person and one SSN is why.

Thursday, March 20, 2008

HealthNow New York Shows How to Mishandle a Data Loss

Healthow a healthcare claims provider in upstate New York has earned a spot on our office identity theft "Wall of Shame" this month for totally blowing how to handle a data loss then offering a service they will do next to nothing and the high cost will ultimately be passed on to their employers or members directly.

Last week the Buffalo, New York claims provider sent letters to 40,000 members alerting them to a possible loss of personal information. An employee downloaded patient information and then apparently lost the laptop. Apparently this happened many months ago and they first “spent an exorbitant amount of time” to try and locate the laptop, which they still believe is in the company’s building.

This company is responsible for keeping track of medical and health records of thousands and they want people to believe that they are just sitting on a laptop they cannot find. Maybe when they clean their room it will turn up. What are they, a 10 year old? It does not give me much confidence and points to pure lack of control on their part.

Then they make a second attempt at pacification by stating they are not even sure what information it contained. Teenagers deploy keyloggers, governors get their text messages exposed, malware can track every click of a mouse, and parents can track and view everything a child does on a computer for $39, but a healthcare organization of this magnitude has not a clue what their employee downloads from their database.

The employee is now a former employee but apparently they are still in contact with him. Another vote of confidence.

And the final nail in the coffin is this statement: “With all of the factors and orchestrating credit monitoring, we do believe our response time has been reasonable. Reasonable? For who? Around 4 months has passed and any chance of giving the people a heads up to potential fraud is all but vanished.

If you read between the lines....the laptop has sensitive information on it, they know it, that is why they looked for it for months. Better to not have to be exposed. The former employee who left for another job, fired within a week of the loss or theft. That laptop with sensitive information is long gone, they know it. Now, backed into a corner and options have run out, time to air the dirty laundry.

And to throw out a useless bone, free credit monitoring for a year. When you get alerted by the agency that someone tried to open an account in your name, you'll sleep better knowing a stranger definitely has your personal information and is trying to use it. Credit monitoring will alert you right away that a thief has opened up and used $10,000 of credit in your name. That way you can start the mop up and recovery process.

But wait, the thief may not be done with your information. They will use it for draining existing bank accounts, or for a criminal arrest and then the patient or victim get s warrants issued against them for not appearing in court. It will be useful when medical services are provided to the thief, or prescriptions are obtained then sold illegally on the street. It is handy for a disability claim , or sell to an illegal immigrant to get a job. So much for the monitoring bone, won't help with any of this.

There are pro-active ways to defend yourself against many of these pitfalls, but knowing about them in a timely manner is key.

Saturday, February 23, 2008

FTC Identity Theft Data Causes Skewed Views

The FTC has issued the latest report for 2007 on Consumer Fraud and Identity Theft Complaint Data. With no great shock or surprise identity theft is still the number one complaint by a long shot being 32% of the reported 813,899 total complaints reported. The next closest category was Shop at Home/ Catalog Sales with a mere 8%. There were 20 categories in all and the bottom 13 categories were each 2% or less.

This is a good report as it paints many pictures but at the same time skews the reality due to how the information is collected.

Certain areas of the US have more information available to consumers or police agencies that promote reporting identity theft to the FTC.

Because the reporting is entirely voluntary lends more of an explanation as to why some states have more incidences than others. The reality of identity theft crime statistics goes much deeper than the simplistic overview of the charts of this report.

A Skewed View

I have read a number of articles from various states that have had a decrease in the number of incidences reported to the FTC are feeling incredibly good about it. They are utilizing this information to pat themselves on the back. In Wisconsin one state that experiinced a decrease, had the administrator of the Division of Trade and Consumer Protection claiming they like to think they are getting the word out better, but also claims she does not know why they ended up so low in the rankings. She obviously needs to take a class on Understanding Reports 101, or is just looking to get a promotion. Statements like this coming from someone who is the head of consumer protection for the state should be a bit unnerving for the residents of Wisconsin.

But kudos goes to the Wisconsin Bankers Association who says the FTC information does not reflect what they are seeing.

Take a state such as Colorado with this same view. They have 4 of the top 50 metropolitan areas in the US reporting identity theft. Of those 4 areas, they all had a highly disproportionate number of reports compared to the other 46 areas. That does not directly indicate it is a state with an unusually high rate of identity theft, but likely a state that is actually educating consumers on what to do and encouraging reporting to the FTC.

No signs of abatement

One thing can be said with certainty is that identity theft is not showing any significant signs of abatement.

With all of the services available to stop this, and alert you of that, and the thousands that are paying monthly fees, one would expect this number would be dropping dramatically, or at least see a slight dent in the numbers.

But then again if you rely on some reporting agency with a subscription service you pay monthly to tell you someone has your information and tried to open some type of account in your name, the theft has already happened and is likely eligible to be reported to the FTC anyway. Paying money each month to have someone tell you a theft has occurred will not change the fact that a thief already has your information.

Reporting to the Police

What is still shocking in this report is the number of people who did not report the crime to a police agency which was 65% or 158,535. Why they chose not to is a mystery that we are looking into, but even more disturbing was the revelation that of the 35% that did take the time to report the crime 8% of those did not get a report taken from the police.

The reality of what was going on at the time is the police are looking around the precinct when a victim calls or shows up. They see they have 2 muggers, a car thief, and an arsonist all waiting to be booked and processed. An identity theft victim comes in declaring a theft that by appearances likely occurred across state lines or out of the country. The probability of an arrest is remote, but the headache of the extra paperwork 100% guaranteed.

The message sent is this is a crime to be treated lightly by consumers and the some (not all) police agencies are not be doing enough to encourage or educate people in how to protect themselves. If thousands are turned away and led to believe the police can do nothing, then a feeling of helplessness will likely prevail.

The best defense is self defense. A majority of identity theft starts with people leaving the gates to their identity open and allowing the fraud to occur.