By Rebecca Seaman

A modified bill that would allow victims of ID Theft to recoup costs in federal court and which would impose harsher restrictions on cyberattacks passed in the Senate this week. The bill, known as the Identity Theft Enforcement and Restitution Act, still needs to be approved by the House, but is a much needed step in the right direction to further protect consumers. More details are available in the July 31 article from SC Magazine.

Interestingly, the bill would make it a felony to use various types of malware known as keyloggers and spyware to damage more than 10 computers, regardless of the extent of the damage. Previously, attacks resulting in less than $5,000 worth of damage were only classified as misdemeanors.

Patrick Leahy (D-VT), a co-sponsor of the bill said in a statement released Thursday: “The Senate’s action moves us in the right direction to provide critical tools to combat cybercrime and to protect the privacy of all Americans. I hope the leadership in the House will quickly act to pass this legislation and send it to the president for signature.”

The incidence of Identity Theft perpetrated through CyberCrime is a fast growing epidemic, and legislation such as this is great initiative to protect consumers from these crimes. However, it’s important that these bills move quickly through Congress if they are going to keep up with scammer’s increasingly sophisticated attacks. Hopefully, this bill and others like it will move rapidly. Stay tuned. 

VS.
by Doug Pollack

The Red Tape Chronicles yesterday reported on a recently-filed lawsuit by Experian, a major US credit bureau, against Lifelock. This lawsuit represents the first “shot across the bow” for vendors of credit services that rely on placing continuous fraud alerts on consumer accounts with the credit bureaus.

About.com’s identity theft site defines a fraud alert as a “flag that is put on your credit report through the consumer reporting agencies. This flag establishes that as part of any credit approval process, you need to be notified.”

Lifelock’s consumer service, which they tout as providing guaranteed protection against identity theft, relies solely on the setting of fraud alerts to provide consumers with the stated protection. The Experian lawsuit brings into question the efficacy of fraud alerts as a means to prevent identity theft.

The Red Tape Chronicles article highlights that a key assertion of the lawsuit is that LifeLock is using deceptive advertising practices and making misleading claims in order to persuade consumers to subscribe to their service. The article notes that the “credit bureau Experian is suing the identity theft prevention firm LifeLock, accusing it of deception and fraud in its familiar advertising campaign, which includes a spot in which CEO Todd Davis reveals his Social Security number and then brags about the effectiveness of the company’s protections. In the lawsuit, filed in U.S. District Court on Feb. 13, Experian contends that LifeLock’s advertising is misleading and that the firm is breaking federal law in the way it goes about protecting consumers.”

The Experian lawsuit also brings into question the legality associated with firms placing fraud alerts on behalf of consumers. The Red Tape Chronicles article notes that “Experian contends that LifeLock’s chief ID theft prevention tool — the placing of continuous fraud alerts on consumers’ credit files – is illegal because, under the Fair Credit Reporting Act, fraud alerts can only be requested by the individual consumer or an individual acting on behalf of the consumer.”

ID Safeguards provides corporations and consumers with identity theft services. Among these services are those that assist victims of identity theft with recovery of their identities taking a “fully managed” approach to recovery. Coincidentally, the company has handled identity theft recovery efforts for numerous LifeLock members who became victims of identity theft, despite the placement of fraud alerts by LifeLock.

The fact that LifeLock members do fall victim to identity theft should not be surprising. Fraud alerts do not prevent an identity thief from co-opting and using one of your credit cards. They also don’t prevent someone from using your social security number to work. They further don’t prevent thieves from signing up for utilities of telecommunications services using your identity. And they don’t stop someone from using your personal information to get access to health care services.

Fraud alerts also don’t prevent inquires for credit from showing up on a victims credit report. These “little dings” can have a detrimental effect on an person’s credit score. Fraud alerts do have their place in dealing with a threat to your financial identity, but they are not a silver bullet and certainly are not a guarantee that individuals won’t fall victim to identity theft.

by Doug Pollack

As we look forward to what is in store for us in 2008, The Identity Theft Resource Center is projecting an increase in both the number of security breaches and incidents of identity theft.

With this as a backdrop, we’ve developed a set of recommendations for people to protect themselves. As part of our ID Self-Defense Academy, a component of our subscription services member website, this Self-Defense Checklist includes both common sense suggestions that you are likely to be familiar with, as well as others that are new this year given the evolution in the use of the internet and computers in identity theft.

Some of the items you may not have thought about include using a “wipe” utility on your computer hard drive to make sure all of your information is permanently erased before disposing of the computer, and checking the annual earnings statement that you receive each year from the social security administration for any discrepancies in earnings or work history.

The complete checklist follows.

Self-defense Checklist

Protect Yourself At Home

• Switch to a mailbox with a lock.
• When you’re away from home, place a hold on your mail (online at www.usps.com or with a Hold Mail form at the post office).
• Use a cross-cut shredder to shred documents containing financial or other personal information.
• Secure important documents in a safety deposit box or a fire-proof safe hidden at home.
• Stop newspaper delivery and garbage service if you’re leaving town.
• Set up lights on timers to make your home look occupied when you’re away.
• Have a neighbor you trust keep an eye on your home, and leave a number where you can be reached.
• Immediately notify the post office and anyone you do business with if you change your address.
• Place outgoing mail in a post office mail slot or hand it to a postal worker instead of leaving it at your home mailbox for pick-up.
• Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Protect Your Computer and Internet Access

• Protect your computer with a password.
• Never provide personal information in response to an unsolicited e-mail.
• Avoid viruses and other scams by frequently updating your browser and e-mail software.
• Use and regularly update your firewall and anti-virus/anti-spyware software.
• Change your passwords often, and use letter and number combinations that are difficult to guess.
• Never have your computer remember your password.
• Don’t respond to instant messaging from unfamiliar users, and avoid instant message offers.
• To ensure the authenticity of e-mail requests for personal information, type the company’s Web site URL directly into your browser instead of clicking on a link in the e-mail. (The real destination of the link may be different than the URL that you see.)
• Don’t ever send personal or financial information via e-mail.
• Don’t open e-mail attachments or download files from strangers.
• Before doing business with any company, ask for and verify its name, street address, and phone number.
• Choose an Internet Service Provider and browser that use filtering software to limit spam in your e-mail inbox.
• Never respond to email asking for your help in getting money out of a foreign country.
  Encrypt your wireless network as soon as you set it up.
• When using Ebay, Craigslist, or other sites linking buyers and sellers, use PayPal for transactions. Don’t ever wire money via wire service, and don’t accept cashier checks or money orders, as these can be forged.
• Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Protect Yourself On the Road

• Carry only the credit cards and checks you absolutely need when traveling.
  Keep identification and credit cards in a secure wallet or purse on your person (and out of pickpockets’ reach) where you can keep an eye on them.
• Make photocopies of the fronts and backs of your credit cards, driver’s license, and passport and store the copies someplace other than your wallet in case of theft.
• Program the toll-free numbers for your credit card companies into your mobile phone in case of theft.
• Never leave valuables, phones, receipts, or other papers containing financial or personal information in your car, even if it is locked (and always lock it).
• Keep receipts in a safe place until you can cross-shred or safely store them at home.
• Always keep your mobile phone in a secure place on your person to avoid losing it. Activate the lock feature when it’s not in use so that it can’t be used and any stored information can’t be accessed if it is stolen.
• If you must discuss personal or financial information over the phone, do so in your hotel room or another private place where y
  ou won’t be overheard.
• Avoid downloading attachments from your e-mail account onto a computer other than your own. Erase your browsing history and discard any personal files in the computer’s trash or recycling bin, then empty it before logging off.
• Never enter or access personal information from a public-access computer or one in a hotel business center, as these can be fitted with hard-to-see key loggers that record your information.
  Be sure to eject any personal CDs, DVDs, or jump drives at the end of a session on a computer that isn’t your own.
• Especially after you travel, dealing with merchants you don’t know, remember to review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

by Doug Pollack

According to a December 30, 2007 AP article written by Mark Jewell, the trend in data breaches continues on the upswing. He reported that:

“The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn’t expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information.”

This of course is bad news for consumers who have also experienced meteoric rates of identity theft in 2007. It has been estimated that over 9MM US citizens fell victim to identity theft in 2007. If you’re counting, this averages out to one every three seconds. And the growing adoption of new technologies such as wireless internet and devices by businesses and consumers, provides new ways for technically-savvy criminals to circumvent data security measures.

by Doug Pollack

Unfortunately, ID thieves don’t take time off during the holidays. Because people are out and shopping (or on the web and shopping) more actively during December, there is an even greater risk of identity theft.

Christine Arevalo, an ID theft expert and head of data breach services at ID Safeguards, discusses ID theft during a recent edition of AM Northwest.

When shopping online during the holidays, remember to look for the “lock” icon and “https:” address in your browser when entering your credit card or other personal information. Also, she suggests that you dedicate just one credit card for your online purchases in order to make it easier to keep track of the charges in January. And never use a debit card for online buying since it directly accesses your checking account funds.

By: D. Jones, Recovery Advocate

Have you recently received a collection notice in the mail and don’t know why? Collection notices can be for outstanding balances on credit cards or for outstanding, uncollected checks. Those pesky notices are one of the main ways the average consumer discovers the theft of their identity.

When a check has been written, whether a forgery (signing a name that isn’t yours) or a counterfeit check (a false check created with accurate or completely inaccurate information or a mixture of both) it goes through a few steps before its final destination.

Ever notice those little machines or attachments to the register that scan your check when you present it to the merchant? Those are usually linked to larger check verification companies. The four major ones are: Telecheck, CheckRite, SCAN/ChexSystems and Certegy. The system used either denies or accepts the check and the merchant goes from there.

If the check is denied, it means there is a check collection or an alert out with the particular bureau the merchant uses. The merchant will often give the consumer a card with contact info for the bureau used. However, if the check clears, either the name, driver’s license number or checking account information is not on file with the bureau as being in “negative status”. When a check is verified as “no negative status” it doesn’t mean the check is good – it means there is no record of the check being bad. Not as easy as it sounds.

Back to those check collection notices in the mail – if you’ve received one it means your personal information (bank info, name, driver’s license number) was used to write a check to a merchant.

If the information used was your account info, you notice unauthorized debits exiting your checking account and alert the bank. If it does not belong to your bank, and here’s the frightening part, you may not know about it for a while.

Once the check doesn’t clear it goes back to the merchant to collect the amount. Often they use those same verification bureaus to collect for them and record the information as “negative” which means the victim is unable to present checks validly – another way a victim discovers the theft of their identity. Enter the appearance of the check collection notice in the mail.

Remember that frightening delay mentioned earlier? If incorrect address or fake address information was used the notice may not get back to you for some time, and identity thieves count on this delay to utilize the checks as long as they can.

Thieves obtain our info through various illegal methods including mail theft, purse/wallet theft, dumpster diving, or corporate breach compromise and black market dealings.

Sometimes the victim attempts to resolve the situation themselves but the collection notices can often be the tip of a very nasty iceberg. We’ve all heard about collection bureaus and their practices - dealing with these guys can run the gamut from irritating to abusive. So if you ever get one of those notices call the check collection bureau and ask them to provide verification of the debt – it’s your legal right!

by Rick Kam

In an article written by Victoria E. Knight on October 11, 2007 in the Wall Street Journal, Escalating Healthcare Costs Fuel Medical ID theft, Victoria explains:

“One of the biggest threats posed by medical identity theft is that victims can receive the wrong medical treatment based on the fraudulent information in their medical records. (You are allergic to penicillin, the impostor isn’t.) In addition, theft can cause victims to fail pre-employment medical exams or become uninsurable.”

What is Medical ID Theft?

Medical identity theft is when someone uses your name and health insurance without your knowledge or consent to obtain medical treatment, prescription drugs or goods. At least a half-million Americans have been affected, according to Pam Dixon, Executive Director of the World Privacy Forum, a San Diego research group that focuses on privacy issues.

What can be done to protect yourself from Medical ID theft?

Like protecting yourself other forms of ID theft, we suggest being aware of potential misuse of your personal data. Check those explanation of benefits statements you get after visiting the doctor to make sure the medical services you received are accurate, and that you were the one that received them.

There are new identity monitoring solutions in the market that detect both financial and non-financial fraud (i.e. medical ID Theft). Credit monitoring is not effective in detecting this issue or many other issues involving non-financial crimes.

by Rick Kam

In an article published in the New York Times by Sewell Chan on October 2, 2007, Chan reports that Mayor Bloomberg fell victim to Identity Theft.

“In early June, Mr. Bostic deposited a $190,000 forged check into the Sovereign account and a $230,000 forged check into PNC account, according to prosecutors. Both of the forged checks were drawn on Mr. Bloomberg’s personal account at the Bank of America and were issued in the name of the mayor’s financial manager, Geller & Company.”

You might ask could this happen to me?

The answer is yes. There are many types of financial and non-financial ID theft. Credit card fraud and someone withdrawing money from your checking account happens a lot.

You might say, “I have a service that freezes my credit or automatically sets fraud alerts to guarantee against ID theft”. The answer is, these solutions will prevent the issue that happened to Bloomberg - an ID thief stealing money being taken from his checking account.

There are new services on the horizon that monitor credit, checking, and other forms of financial and non-financial personal data to detect misuse of your information and provide 360 degree protection. You will see these new services become available in the market and be more effective, but cost roughly what consumers pay today for less effective solutions. More on this in a future post….

by Rick Kam

TransUnion and Equifax to offer credit freeze services according to a September 22, 2007 article in ConsumerAffairs.com by Martin Bosworth.

“offer consumers the ability to “freeze” their credit files in all 50 states in order to protect themselves against identity theft and fraud. The service will be available in the 11 states that do not already have credit-freeze laws, costing consumers $10 to set the freeze and $10 to unlock it, and will “meet or exceed the requirements” of states with existing freeze laws. The freeze service will be free to victims of identity theft, and is scheduled to roll out Oct. 15.”

This means that you can instruct these two credit bureaus to freeze your credit making it more difficult for an ID thief to set up a new fraudulent credit card or take out a loan using your personal information. Experian is the other major credit bureau. They have not indicated whether or not they will also offer this service.

The question is whether or not this is a good solution to protect you from ID theft? There is a $10 cost to freeze and unfreeze your credit. If you are a victim of ID theft, the cost to freeze your credit is $0.

Our suggestion is to look at using this tool if you are a victim of ID theft versus a preventative measure. There are several reasons for this.

1. If you are a victim of ID theft, it can prevent more fraudulent accounts being set up by the thief

2. If you are not a victim of ID theft, this tool requires you to take an action each time you want to open a new credit line.

3. A credit freeze only protects you against credit fraud. There are many more ways ID theft can occur that this tool will not address including debit fraud, medical ID theft, criminal misuse of your ID etc.

The good news is there are new preventative tools entering the market that provide a 360 degree protection against all of these issues and provide better protection. These services scan both financial and non-financial data sources and do a much better job of protecting your identity. I will discuss more on this topic in future blogs.

by Rick Kam

According to Brian Koemer who authored an article on September 10, 2007 titled “Peer-to-Peer Networks Used to Steal Identities“, the answer is YES!

“In what federal authorities are calling the first of its kind, the arrest of Gregory Thomas Kopiloff of Seattle, who allegedly used P2P Software to steal the personally identifiable information (PII) of at least 83 people.”

How many of you use P2P file sharing software like Kazaa or LimeWire?

If you have teenagers in the house, are they using these tools to share their favorite songs with friends?

There is a good chance that one of your computers have this tools installed. If you do, Brian Koemer provides tips on how to protect yourself online. Besides, these tips from Brian, We also suggest the following:

1. Make sure your computer has the firewalls enabled. A firewall will help reduce the risk of someone getting unauthorized access to your computer. If you bought a computer recently, most will come out of the box with the firewalls enabled (i.e. Windows Vista or MAC OSX).

2. Scan your computer regularly for viruses. You can schedule this function to run every week or once a month when you are not using it.

3. Make sure you obtain files from known sources (i.e. iTunes). Many versions of music files exist on the web. You can tell they are different because the file sizes differ. Some of these variations are legitimate and accommodate for various media players. Others contain viruses and other malware.

If you suspect any issues with files, just don’t put it on your computer…