Thursday, February 28, 2008

Identity Theft on the Rise

You know, it seems if you want your statistics to end-up a certain way, you can pretty much create a survey to get you that result. There are those out there that actually believe that Identity Theft is on the decline; I have seen the results of their surveys. However, I tend to question the methodology used by some of them and the fact that some studies are funded by major banks or credit cards companies. Pardon me for being captain obvious, but it seems that a study funded by institutions that are part of the problem carry as much weight as the "ground breaking" results in the 80's that smoking was not bad for you ... oh yeah, those studies were funded by big tobacco.

Thanks to Bill Garner of Texas for this information and thanks to Felisa Cardona of The Denver Post for writing it ...

"ID theft cases soar"

"I do not owe money to DirecTV. I do not live in Detroit.

I want my good credit restored. I am a victim of identity theft.

I AM SHELDON CHRYSLER."

Click here for full article from The Denver Post

Monday, February 25, 2008

Consumer Product Alert - Identity Theft - LifeLock not all it's cracked up to be

If you are looking for a product to help detect identity theft, I am sure you have heard the advertisements from a company claiming they can lock down your life. First of all, I firmly disagree with the notion that identity theft is 100% preventable. I would ask this company "How can locking down my credit (which is something you can do you on your own by the way) going to prevent someone from committing a crime is my name or getting a job using my social security number?" The answer is it doesn't.

First warning sign on LifeLock:
They don't fully understand identity theft.

Check out our earlier post that illustrates why Identity Theft is so much more that just your credit cards or finances.

(http://idthefttimes.blogspot.com/2007/05/identity-theft-five-major-types.html)

Second warning sign on LifeLock:
The CEO had his identity stolen!!!!!

(http://www.macsplaceonline.com/2007/09/25/reposted-ceo-of-lifelock-identity-stolen/)

Third warning sign on LifeLock:
The co-founder stepped down due to questions raised about his "ethics".

(http://blog.wired.com/27bstroke6/2007/06/lifelock_founde_1.html)

Fourth warning sign on LifeLock
They are being sued by one of the major credit agencies.

(http://redtape.msnbc.com/2008/02/experian-sues-l.html)

I am usually not one to publicly denounce a company like this but as an expert in the industry, I just can't remain passive on this one. If you are looking for a product, don't buy LifeLock.

jmo

Monday, December 17, 2007

Identity Theft Red Flags Rule Effective Jan 1 2008

The following is an abstract from a newsletter sent to me by The Institute of Fraud Risk Management. This is not my research and full credit for this post is given to them. This is the organization that certified me as an "Identity Theft Risk Management Specialist." They have a wealth of information and if you are a security professional, their designation is one you MUST have. For more information, please visit www.tifrm.com


------------------------------------------------------------------------------------------------


Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003

(aka Identity Theft Red Flags Rule)

Background:

The issuance of the final rule of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 rule implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003, an amendment to the Fair Credit Reporting Act. The purpose of the Rule is to attempt to minimize incidents of Identity Theft and fraud in the opening and maintenance of covered accounts by financial institutions and creditors, as well as addressing issues of address discrepancies by users of consumer reports (credit reports and specialty consumer reports) and debit or credit card issuers.

Summary of Key Requirements:

The final rules requires each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement a written Identity Theft Prevention Program for combating identity theft in connection with the opening of new accounts and the maintenance of existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft of its customers and enable a financial institution or creditor to specifically:

  1. Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the Program;
  2. Detect red flags that have been incorporated into the Program;
  3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
  4. Ensure the Program is updated periodically to reflect changes in risks from identity theft.

The agencies also issued guidelines to assist financial institutions and creditors in developing and implementing a Program, including a supplement that provides examples of red flags.

The final rules also require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card. In addition, the final rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency.

It is important to note that, as with the Disposal Rule, the Red Flags Rule does NOT automatically apply to every business. Under the final rule, only those financial institutions and creditors that offer or maintain "covered accounts" must develop and implement a written Program. For example, a restaurant that accepts credit cards as a means of one-time payment in full by a customer who purchases a meal is not impacted; whereas, a utility company that opens and maintains accounts for its customers is impacted.

Administration and Oversight of the Program:

Each financial institution or creditor that is required to implement a Program must provide for the continued administration and oversight of the Program and must:

1. Obtain approval of the initial written Program from either its board of directors or an appropriate committee of the board of directors; and

2. Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program; and

3. Train staff, as necessary, to effectively implement the Program; and

4. Exercise appropriate and effective oversight of service provider arrangements.

Oversight by the board of directors, an appropriate committee of the board, or a designated employee at the level of senior management should include:

1. Assigning specific responsibility for the Program's implementation;

2. Reviewing reports prepared by staff regarding compliance by the financial institution or creditor; and

3. Approving material changes to the Program as necessary to address changing identity theft risks.

Staff of the financial institution or creditor responsible for development, implementation, and administration of its Program should report to the board of directors, an appropriate committee of the board, or a designated employee at the level of senior management, at least annually, on compliance by the financial institution or creditor. The report should address material matters related to the Program and evaluate issues such as: the effectiveness of the policies and procedures of the financial institution or creditor in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements; significant incidents involving identity theft and management's response; and recommendations for material changes to the Program.

Flexibility for Small Entities:

The final requirements of the Red Flags Rule were drafted in a flexible manner intended to limit the burden on a substantial majority of low-risk entities, allowing these entities to conduct periodic risk assessments for covered accounts and allowing the remaining minority of low-risk entities to develop and implement different types of programs based upon their size, complexity, and the nature and scope of their activities.

Final Rule Effective Date: 1 January, 2008

Date of Mandatory Compliance by Covered Institutions and Creditors: 1 November, 2008

Regulatory Agencies:(Applicable regulatory agency determined by the business' industry or nature of business / statutory regulator)

· Office of the Comptroller of the Currency

· Federal Reserve

· Federal Deposit Insurance Corporation

· Office of Thrift Supervision

· National Credit Union Administration

· Federal Trade Commission

Tuesday, September 18, 2007

Social Security Identity Theft

As you know from my May 14th post, Identity Theft is not just about your credit cards. One of your identity types that can be compromised is your social security identity.

According to Merriam-Webster Social Security is:


a United States government program established in 1935 to include old-age and survivors insurance, contributions to state unemployment insurance, and old-age assistance

The Social Security Identity was established to create and maintain a permanent master earnings record for the individual worker in the United States. It is maintained by the Social Security Administration (SSA) and the record has a unique number assigned to it; that is your Social Security Number (SSN). Although the use of your Social Security number has moved well beyond its’ initial purpose, it is still the master identifier of your earnings history. In other words, all the reported money you ever make, is reported under your SSN. Have you ever thought about what would happen if someone took your SSN, a false name, and used that to get a job?

Theft of this portion of your identity occurs when thieves use your SSN to gain employment or report income under your name. Many things could happen as a result of this.

For example:

· Thieves take the income, but don’t pay the taxes, leaving you with the bill and possibly making you subject of an audit.

· Wanted criminals use your SSN so they can get employment without being found.

· Illegal immigrants use your SSN to gain employment.

· Multiple people obtain employment under your SSN and it has a negative impact on your ability to collect your social security benefit.

One of the problems that has become increasingly common is the use of stolen SSNs by illegal immigrants. They are by no means the only group that is using illicit SSNs, but they are the largest group. Employers are required to verify the SSNs of all new employees. Illegal immigrants need to work to make money just like everyone else, but without an SSN, what can they do? In some cases, they act maliciously to take a number and use it. Sometimes, they are given a SSN from someone who makes them believe that it is real and that it now belongs to them. They don’t even know that they are committing a crime. Although the statistics that the government is using state that the number of illegal immigrants is between 10-15 million, we believe that the number is much higher. Why is that a problem you ask?

When one of my colleagues, John Gardner, was speaking to a group in New Mexico, he met with a number of business owners and received a rude awakening. After discussing the different identity types and how they relate to identity theft, a business owner said that it is standard policy for ‘employees’ to change their SSN. What happens is the person in question uses an SSN until it doesn’t work any more. That could be because the government has finally gotten around to finding out the SSN didn’t match the individual or the real owner of the SSN found out that he had new income in his name. Regardless, when the ‘employee’ is no longer able to either work or, more importantly, use the SSN to be able to cash checks, he simply walks into HR and changes his SSN. He doesn’t really care that it messes you up, just that he can cash his check.

Okay, so you may be thinking, so what!? How can an illegal immigrant using my SSN to get work really affect me? At least he is paying taxes, right? Say your right, that he really is paying taxes using your SSN. What happens when the income that he reports gets added to the income that you really did earn? How would you like the next higher tax bracket? Stings, doesn’t it? People need to wake up to this problem. Your current tax bracket and future benefits may be effected by this right now.

How bad is the problem? Well, according to one industry magazine, there are entire industries that would disappear if the illegal immigrants couldn’t work. Meatpacking, bakeries, or any one of a dozen more. The problem is, what happens when there is more than one person works under the same SSN? According to MSNBC .com

“With every paycheck, U.S. workers pay FICA taxes, destined for Social Security funds. But each year, millions of payments are made to the agency with mismatched names and numbers. The Social Security Administration has no idea who deserves credit for the taxes paid by those wage earnings -- so no one gets it. The amount of uncredited Social Security wages is now an enormous $420 billion, an amount that sits in what's called the Earnings Suspense File, an accounting limbo.” *

One doesn’t have to do a tremendous amount of connecting the dots to understand that there is not a lot of incentive for the SSA to fix this problem. If MSNBC is correct, the SSA has $420 billion in excess cash to do whatever with until the disparities are corrected. I am not saying this report or these theories are right or wrong, it is only my job to report the findings.

*http://www.msnbc.msn.com/id/6814673/page/2/print/1/displaymode/1098/

"Your loss of privacy is a package deal"

It is important to begin to understand the link between the loss of privacy and identity theft. The following illustrates just how much information you give away on a daily basis. Thank you to John Gardner for sending this to the Identity Theft Times.

--------------------
Your loss of privacy is a package deal
--------------------

David Lazarus
Consumer Confidential

September 12 2007

"The all-you-can-eat packages of voice, video and Internet services offered by phone and cable companies may be convenient, but they represent a potentially significant threat to people's privacy."


View Entire Article

Monday, August 27, 2007

Identity Theft - "Monster.com took 5 days to disclose data theft"

A big thanks to Bob Omtvedt who passed this on to The Identity Theft Times.

--
By Jim Finkle Fri Aug 24, 9:34 AM ET

"BOSTON (Reuters) - Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive told Reuters on Thursday."

View Entire Article

Tuesday, August 7, 2007

Identity Theft - Do you know what it really is?

Do you think you know what Identity Theft really is? After all, you are an intelligent person, you have read articles, seen television shows, watched commercials and they all say pretty much the same thing. Aside from the occasional horror story, identity theft is mostly about your credit cards and finances, right? Well, not exactly. There is no doubt identity theft is a heavily covered topic, but despite all of the media attention, the information you are receiving doesn’t even come close to telling the full story. It’s like the iceberg that sank the Titanic, what they saw at the surface, was not what caused the real problem. In fact, it was only the “tip” of the problem. It is the same with Identity theft, what you see in the media is only a small part of the real threat.

Okay, so if it isn’t what you’ve been told it is, then what is it? And even if you aren’t being told all of the details, why should you care? After all, Identity Theft happens to other people and not you. And when it does happen, it really isn’t that big of a deal, right? Well again, not exactly.

Just like the iceberg, the danger is real, and it is difficult to tell from the surface exactly what it will do to you. Fortunately, knowledge truly is power and the more of it you have, the better off you will be. Whether you are a nanny or a CEO, a politician or a policeman, a janitor or a doctor, Identity Theft should matter to you. Whether you have good credit or bad, no credit cards or a dozen, you are a felon or a saint, doesn’t matter. The fact is, someone else wants to be you, and chances are it won’t be in your best interest to have that happen.

The real question is, when it does happen, what do you do? Are there measures you can take to reduce it from taking place? Are there measures you can take to prevent it completely? Are there products you should buy or can you do it all yourself? If you own a business, should the idea of losing personal information about your customers or employees matter to you? Identity Theft is growing and changing every day, so it this not the definitive volume on the subject, but it will help you connect the dots so that you will have the basic knowledge you need to live with and respond to the threat of identity theft.