Friday, November 28, 2008

Feds break up major home equity loan theft ring

Brian Krebs reports in The Washington Post that the FBI and federal prosecutors have broken through an international identity theft ring that tapped into home equity loan lines. It’s rather odd that this scam could have worked during a time of declining home values and upsidedown mortgages. However, criminals went to public records to find people with healthy mortgages in order to tap them. Then they went through elaborate technical ruses to conceal their identities and tap banker money. Even so, it is surprising that financial institutions didn’t catch this. Much of it may have happened before the real estate crash accelerated into the mess that it has become today. The incidents probably reflect the pressure (the “always be closing” mentality) on employees of financial institutions to sell deals.

The very detailed story is on p E10 of the Nov. 28, 2008 Washington Post, link here.

The incident certainly reminds one of the dangers inherent in placing public records on the Internet.

Thursday, November 20, 2008

More advice on FICO scores -- and maybe some new concerns

AOL today offers a practical column on “Walletpop” by Lita Epstein, “Eight Myths About Your Credit Score”, link here. There is some pretty good and surprising advice. For one thing, the best credit score might not come from paying all balances off every month. A utilization ratio of 10% to 20% might be better. Credit card holders should bear in mind that payment histories tend to get reported to the three main credit card companies just before the billing statement is generated. Walletpop also offers other similar earlier pieces on credit score advice.

Also, card holders should not voluntarily downsize their credit limits – that will lower scores. Credit card companies may do that for you! If you cancel a card, cancel a newer one rather than an old one with long payment history.

The article does provide some discussion about what happens with wrong information or identity theft.

I was working for Chilton Credit Reporting in the 1980s when it developed interfaces to Fair Isaacs, then called "risk predictor." (Chilton is now "Experian.")

So far, credit scoring does seem limited to financial behavior. Other kinds of “private” background gumshoeing and investigating of people could look at things like Internet and social networking activity, as I’ve discussed on other blogs. There is something worrisome to me about this, as, this September, new kinds of blogger’s insurance got offered (see Sept. 28, 2008 on my main blog). It promotes the idea that a blogger (or at least an uninsured amateur) could be at an unpredictable long term risk for incurring judgment or at least expense in defending frivolous litigation, and that could create the perception that the person is a weaker credit risk. I haven’t seen anything like this happen yet, but the thought itself is scary, because it sounds all too logical.

Monday, November 17, 2008

"Future of Privacy Forum" will favor regulating corporate gathering of data on Internet surfers

A group called the Future of Privacy Forum will be headed by former AOL privacy chief Jules Polenetsky, and is getting help from AT&T’s law form, Proskauer Rose, according to a story by Wendy Davis in Media Post Nov. 16, link here. The think tank will develop positions on companies’ tracking consumers surfing habits, suggesting that consumers should have to opt in (as with compensated surveys run by market research companies like Nielsen). Advertisers maintain that they need better data to target their ads because of the recession. However, many people believe that the behavior of these companies jeopardizes the security of consumers and could expose them to identity theft.

The Forum does not appear to have its own website yet.

Kim Hart has a similar story in The Washington Post today, Nov. 17, on p A6 “A New Voice in Online Privacy
Group Wants Tighter Rules for Collecting, Using Consumer Data,” link here.

As I note on my Books blog Nov. 5 with my review, George Washington University law professor Daniel Solove has a new book “Understanding Privacy.”

The best known organization dealing with Internet privacy is the Electronic Privacy Information Center, which was very helpful during the COPA litigation. Note its article today on privacy issues and tracking the flu epidemic.

Thursday, November 13, 2008

New service "ID Watchdog" advertises on CNN

CNN has run ads for another ID protection service called “ID Watchdog”, with website here. The website home page has audio of case histories. The company says that it monitors credit reports and public records for illicit activity, and that it can save the customer “thousands of dollars” and hours in restoring reputation should there occur a breach.

I’ve seen other companies offer similar services, such as Lifelock.

I’ve wondered if people vary in how vulnerable they are. People with unusual or hard-to-spell names may not have identities stolen as often. It’s possible that someone who is even moderately well known, even because of the Internet or social networking site activity, might be harder to impersonate.

Tuesday, November 11, 2008

Job hunters could face identity security issues

Now there are more concerns that job seekers could place themselves in jeopardy of identity theft.

Recently, in Britain, an experiment was set up with a fake employer, encouraging the submission of resumes and CV’s (curriculum vitae). A group called “iProfile” reports on the experiment on this PDF:

Career experts suggest checking lesser known companies out carefully. If employers can check employees on Myspace or Facebook or personal sites and blogs (there are ethical questions about the way this has been done), employees can also check out employers, and should do so.

Another recommendation is to use a secure CV registration service, rather than submit it separately.

A CV could be thought of as like a profile, and some people believe that social networking site profiles should not contain material that would not be appropriate in a career-oriented CV.

Friday, November 07, 2008

Phishing attacks escalate because of financial crisis; phone calls as well as emails try to get personal information

ABC’s Good Morning America this morning (Nov. 7) warned consumers that spammers are increasing their phishing attacks in the wake of the closure or merger of so many banks during the financial crisis. They report that even the president of France had his bank account tapped.

Typically an email arrives warning that a bank account will be frozen if the consumer does not respond with personal information. Often the email has the bank’s trade dress embedded in the HTML and looks authentic. If the user runs the cursor over the links, the actual URL to be linked to may be different from that shown.

Phone scams have increased. People call customers of banks and make the same pitch, asking for personal information. The consumer should ask for a phone number and hang up, and call the bank at the phone number given on the bank’s statement.

Banks never seek personal information by unsolicited email or phone calls.

Tuesday, November 04, 2008

FTC delays "Red Flags Rule" until May 2009; would increase due diligence required of credit grantors

The Federal Trade Commission has developed a “Red Flags Rule” that would apply to credit grantors. The Rule is supposed to require more due diligence from creditors in making loans. “Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.”

However, on Oct. 22, 2008 the FTC announced that it would suspend implementation of the Rule until May 1, 2009. The link is here.

The concept of “creditor” does not apply to all businesses that accept credit cards. It apparently would not apply to a small book publisher or author accepting credit card payments for a book, for example.

The Rule is based on Fair and Accurate Credit Transactions Act of 2003 (FACT), PDF document for the law here.

Private vendors are developing solutions to meet the “Red Flags Rule:, such as “idBusiness”, link here.