by Doug Pollack

This week President Bush signed into law the Identity Theft Enforcement and Restitution Act of 2008.  As reported in the Washington Post, this law will:

“make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.”

It can take the victim of ID crime hundreds of hours to restore themselves to pre-theft condition. This law enables them to be compensated for this time at a level:

“equal to the value of the time reasonably spent by the victim in an attempt to remediate the intended or actual harm incurred by the victim from the offense.”

The FBI has set up a clearinghouse for addressing cybercrime complaints called the Internet Crime Complaint Center. It works closely with a range of law enforcement agencies and private sector organizations.

By Rebecca Seaman

A modified bill that would allow victims of ID Theft to recoup costs in federal court and which would impose harsher restrictions on cyberattacks passed in the Senate this week. The bill, known as the Identity Theft Enforcement and Restitution Act, still needs to be approved by the House, but is a much needed step in the right direction to further protect consumers. More details are available in the July 31 article from SC Magazine.

Interestingly, the bill would make it a felony to use various types of malware known as keyloggers and spyware to damage more than 10 computers, regardless of the extent of the damage. Previously, attacks resulting in less than $5,000 worth of damage were only classified as misdemeanors.

Patrick Leahy (D-VT), a co-sponsor of the bill said in a statement released Thursday: “The Senate’s action moves us in the right direction to provide critical tools to combat cybercrime and to protect the privacy of all Americans. I hope the leadership in the House will quickly act to pass this legislation and send it to the president for signature.”

The incidence of Identity Theft perpetrated through CyberCrime is a fast growing epidemic, and legislation such as this is great initiative to protect consumers from these crimes. However, it’s important that these bills move quickly through Congress if they are going to keep up with scammer’s increasingly sophisticated attacks. Hopefully, this bill and others like it will move rapidly. Stay tuned. 

by Heather Wells

In a recent article dated June 20, 2008 from npr.org, writer Dina Temple-Raston reports on the arrest of hundreds of people believed to be guilty of scamming the public out of millions of dollars of hard earned home equity.

She writes, “instead of stealing an identity to secure a credit card, scammers have been zeroing in on people they think have a lot of equity in their homes. They steal their identities, then go online and get a home equity line of credit on that person’s house and take the money.”

It’s a terrifying scenario for consumers who have worked hard for years to establish good equity and credit. As someone who works directly with victims of id theft, I know how frustrating it is for victims when the person who stole their identity is never caught or prosecuted. I am hoping that the news of these crooks getting arrested will bring about a feeling of justice for victims; that something is being done and people are being punished.

Temple-Rason concludes her piece with this warning, “the FBI is sending a specific message: If you are involved with mortgage fraud — whether on Wall Street with high-level investors, or on Main Street with ordinary homeowners — the bureau intends to catch and prosecute you.”

Score one for the little guy. For more, check out this video:

by Doug Pollack

The Identity Theft Resource Center (ITRC) today released its annual survey  looking at the impact of identity theft crimes on the victim. This is the  fifth  of these annual studies  titled “Identity Theft: The Aftermath 2007″ .

The authors encourage readers to note that:

“It is critical that we remember these numbers are people. These are people with lives that have interrupted, altered, torn apart and/or impacted for years to come. They are people with feelings and emotions whose outlook on life and interactions with others may change due to the invasive nature of this crime.”

Some of the key findings of this study include:

- 62% of the people responding said that the thieves had committed financial crimes resulting in warrants issued to the victim, two-and-a-half times more than the prior year

- While a third of identity theft cases are perpetrated by persons known to the victim, in 2007 there was increase in ID theft due to scams

- Victims spend and average of 116 hours repairing damage done by an ID thief to an existing account, and 158 hours when dealing with a new account that was created with their identity

The ITRC is a non-profit organization that is “dedicated exclusively to the understanding and prevention of identity theft”.

by Doug Pollack

We all hear about how more and more identity theft is now being done with the internet. What you don’t hear as much about is how an increasing percentage of US-based identity theft is perpetrated by organized crime overseas.

A recent FBI press release titled “38 Individuals in US and Romania Charged in Two Related Cases of Computer Fraud Involving International Organized Crime” describes a frightening phishing scheme that:

“uses the Internet to target large numbers of unwary individuals, using fraud and deceit to obtain private personal and financial information such as names, addresses, bank account numbers, credit card numbers and Social Security numbers.  Phishing schemes often work by sending out large numbers of counterfeit e-mail messages, which are made to appear as if they originated from legitimate banks, financial institutions or other companies.”

The level of organization of this criminal enterprise and effectiveness of their efforts is remarkable.  According to the indictment:

“The Romania-based members of the enterprise obtained thousands of credit and debit card accounts and related personal information by phishing, with more than 1.3 million spam emails sent in one phishing attack.  Once directed to a bogus site, victims were then prompted at those sites to enter access device and personal information.  The Romanian “suppliers” collected the victims’ information and sent the data to U.S.-based “cashiers” via Internet “chat” messages.  The domestic cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards, and similar cards such as hotel keys.  Cashiers then directed “runners” to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs.  The cards that were successfully tested, known as “cashable” cards, were used to withdraw money from ATMs or point of sale terminals that the cashiers had determined permitted the highest withdrawal limits.  A portion of the proceeds was then wire transferred to the supplier who had provided the access device information.”

As organized crime becomes increasingly sophisticated in using our affinity for online commerce to their advantage, we should all be extra cautious, especially in watching out for something that has become as commonplace as the phishing scam.

by Doug Pollack

We know that over 10MM Americans this year will far victim to identity theft. But a recent survey by Bankrate asks people whether they are worried about this problem. The results indicate that people who personally know a victim of identity theft tend to be both more worried about this and also more proactive about protecting themselves.

The poll titled “Americans worry about ID theft; but consumers may be confused about the most effective strategies to protect their privacy” highlights:

“The results show that consumers who personally know a victim of identity fraud tend to be more concerned about the crime overall. Further, their concern pushes them to take more steps toward protecting their personal information, although there does seem to be some ambiguity as to the most efficient privacy protection actions.”

The following chart illustrates people’s answers to the question of how concerned they are about identity theft.

How concerned are you about having your identity stolen? Total Know an identity theft victim Don’t know a victim Very/somewhat concerned 81% 88% 76% Very concerned 40% 46% 36% Somewhat concerned 41% 42% 40% Not very/not at all concerned 19% 12% 24% Not very concerned 12% 7% 15% Not at all concerned 7% 5% 9%

So while most of us are concerned about identity theft, this is a problem area where most of us do very little to actually protect ourselves. If you talk with a friend or family member that has had to recovery their identity from theft, you will learn just how scary and time consuming that this can be. So don’t be complacent.

by Doug Pollack

This past week, there were two class action lawsuits filed against LifeLock, one in its home state of Arizona and one in New Jersey. Following on a recent lawsuit filed against LifeLock by Experian, one of three US credit bureaus, these class action lawsuits also assert that LifeLock is engaged in deceptive advertising relative to the level of protection provided by their service against identity theft. The LifeLock offering depends almost entirely upon the placement of perpetual fraud alerts as the means for protecting their subscribers from identity theft.

As noted by David Paris, an attorney involved in this matter, in an article on the CNBC website titled “N.J. Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Regarding Limited Level of Protection Against Identity Theft“:

” ‘While fraud alerts may be effective in limited instances, they certainly cannot provide the comprehensive identity protection that LifeLock deceptively advertises,’ said Paris. ‘For instance, fraud alerts cannot stop the use of existing account numbers, and contrary to LifeLock’s advertisements, lenders are certainly not required to contact the subscriber before extending credit to a potential identity thief.’ ”

The article and comments from Mr. Paris also address the alleged deceptive nature a severe limitations on the highly publicized $1MM LifeLock Guarantee:

“According to the Complaint, LifeLock also misleads subscribers by advertising its $1 million service guarantee. ‘Potential LifeLock subscribers are enticed by the ’safety net’ of what appears to be a one-million dollar insurance policy against any losses sustained as a result of identity theft,’ said Paris. ‘In actuality, once you get beyond the limitations and disclaimers, you find that the guarantee is limited to fixing failures in LifeLock’s services and paying third-parties to attempt to restore subscriber losses.’ ”

Hopefully these lawsuits will help bring visibility and clarity to consumers as to the differences in identity theft protection services. Most services, including those provided by the company that sponsors this blog, ID Experts, do not rely on fraud alerts as a primary or sole means of protection, nor do they make questionable or misleading large dollar guarantees. It is unfortunate that brash marketing tactics have made it difficult for consumers to make an informed product decision based on the facts related to differences in these services.