Thursday, December 19, 2019

Is convenient enough to use for everything? It does seem curative for credit card fraud

As I recall, it was David Pakman who mentioned as a practical shield against fraud and maybe identity theft when shopping online.

Here’s a video

And here’s a writeup on how it’s supposed to work.  You create pseudo-cards with each vendor and pay from a bank account, but you give up rewards.

Thursday, December 05, 2019

Mozila Firefox and Google Chrome have new tools to check your email addresses for breaches, and the results are pretty shocking.

Clifford Colby has an article in CNET on how to check the dark web for your logon passwords after a data breach, link. 

I tried this with Mozilla Firefox Monitor and found seven violations.  The most glaring was “People Data Labs”   There was a breach of over 600 million accounts (potentially) in October 2019. This seems to be a generalized data broker company selling to advertisers.  Here’s another supporting story.

I’m a little concerned about in March 2019 because that happened when I was trying to get a digital wallet to work. There is very little value involved, however.  Here’s a story from the ITRC. Over 700 million violations.  This seems to be a pattern. 

I also have them from Ticketfly (2018), MySpace (2016), Linkedin (2016), and Adobe (2013).

I have very little on Myspace and haven’t looked at it for years. I look at Linked In occasionally.

The pattern of these breaches suggests mostly Russian, Chinese or former republic origins (maybe North Korean) for the hacks.

 These could explain some robocalls (which increased in 2018), some spam (that looks very silly). 

You would wonder if data breaches could complicate the enforcement of (and even liability problems for creators) associated with COPPA, and maybe CCPA, as third party plugins or cookies might be feeding these companies.  
There have also been emails claiming I purchased Apple products in Indonesia. Kazakhstan and Belarus, and no bill for them ever showed up.  Of course I haven’t been to these places.  Programmers don't have good legitimate jobs in these countries. 
Google Chrome offers a similar tool but it appears your devices need to be synced first.
In 2013, a pickpocket robbery on the DC Metro resulted in about $27000 attempted smart card fraud before the systems stopped it.  Metro had to eat this one. The perp was arrested later on another crime.

Wednesday, November 27, 2019

Equifax settlement up for approval in federal court, and many oppose it

Charlie Wertzel opines in the New York Times, “One Man can Bring Equifax to Justice (and Get You your Money)”.

That’s if judge Thomas Thrash in Atlanta rejects the Equifax settlement and recognizes many more lawsuits from victims.  The trail is Thursday, Dec. 19.

This is sounding a bit like Dupont in the movie “Dark Waters”.

Or it reminds me of YouTube and COPPA (and FTA).  Because the supposed COPPA violations by YouTube’s subterranean behavioral advertising might place some minors in danger of identity theft, although I haven’t heard this connection made very often.

Monday, November 04, 2019

Secret consumer scores approach "social credit" trustworthiness idea being implemented in China

NBC Nightly News reports tonight on “Secret Consumer Scores” from data miners, where browsing habits, yelp reviews, some social media posts, and other purchases are tracked by less well known companies, video here

Kashmir Hill reports for the New York Times here.  Even your Airbnb or Uber behavior seems to be fair game.
NBC interviewed Jason Tan, CEO of “Sift”, who says he detects fraud patterns with AI. 
We are getting closer to China’s “social credit score” of trustworthiness all the time.

Friday, November 01, 2019

Media turns attention to "Mylife" and maybe similar sites

I did a major story about online reputation and the site “” on my main blog today, and I see that this site had been mentioned here July 26, 2017.

The possibility of wrong individuals being mixed up would seem to exist, as would be the possibility of vengeance or “cancel culture” behavior as we have seen from activists trying to punish speakers personally for “privilege”.  It certainly can contribute to harassing unpopular persons with "smears". 

Tuesday, October 08, 2019

Could being mimicked overseas be a problem? Not really that likely, it seems

CNBC has some basic advice on how to protect yourself from bank account drainings and wire fraud, which may be more likely when you travel a lot.

I’ve wondered about the idea as I get phishing emails claiming I have made various purchases in third world countries. 

But frequent checking of all your accounts at home (or even when traveling domestically) would seem to make it impossible for anyone to copy you abroad. 

Yet I have wondered what would be the consequences if you for some reason then traveled to one of those countries.
Here is a resource on what to do if your passport number is breached (from the Identity Theft Resource Center). 

Wednesday, September 18, 2019

"Memory Theft": can it lead to "trading point of view"? Not quite identity theft

I’ve talked about identity theft a lot here, but what about something lower level, memory theft?

That occurs when some tells someone else’s story as if it were theirs and may actually think it happened to them (particularly with sexual or intimate events).

Psychology Today had a revealing article by Ira Hyman, Ph. D., on April 28, 2015.   This concept is possibly relevant to my novel in development, “Angel’s Brother”.  And in my screenplay Ephiphany I propose that people can share accounts telepathically through special brain reading software controlled by an “outside auditor” character who decides the permission levels for other characters on the space ship.  

Short film by Ollieread is called “Remember Me #3” based on a game.

Sunday, September 15, 2019

Payroll processing company gets in trouble, it seems some employees of clients get stiffed, at least temporarily

Employees of various small businesses suddenly found payroll deposits withdrawn, sometimes mistakenly several times, as a result of an apparent collapse of a payroll services firm, MyPayrollHR. Patrick Thobodeau explains for Techtarget here

An intermediary company Cachet in California seems to be intervening to restore accounts.
But it is not clear how long it will take to restore payroll amounts stolen or whether some employees could be stiffed, having to beg on social media crowdfunding sites.

The FBI is involved.

This is an incredible case.

Thursday, September 12, 2019

Con man gets hired as surgical assistant in California, steals data of patients and employees

NBC Los Angeles (Eric Leonard et al)  reports that a surgical assistant played “catch me if you can” with hospitals and stole data from patients and employees 

This seems rather incredible that he got to work in an O.R. with no adequate check on his identity.

It’s unclear if he has compromised the identities of a number of patients.

Tuesday, September 10, 2019

Scattered hospitals garnish wages, place liens on homes for medical debt

There are various reports of a few hospitals becoming aggressive in collecting medical debts, with he New York Times having a major story by Laura Beil about Carlsbad Hospital in southern New Mexico.  Very recently, the hospital has agreed to back off on lower income patients.  But the hospital has been reported to garnish wages.

A site called Accounts Recovery also discusses the lack of competition problem for some hospitals. 

But Jay Hancock and Elizabeth Lucas of The Washington Post report similar problems with the University of Virginia Medical Center, Charlottesville, resulting sometimes in liens on homes.

When I worked for debt collector RMA near MSP airport in 2003, the company had a medical debt operation. 

Reporters have discussed the recent book “The Price We Pay” from Marty Makary, MD, from Bloomsbury Publishing, available today on Amazon.

Friday, September 06, 2019

Experian replaces the company I used to work for in Dallas in the 80s; what has happened in three decades

Basia Hellwig of Investopedia has an informative article “Credit Karma v. Experian: What’s the Difference?’

The article selects what it calls the best known of the three large credit reporting companies as providing more information to consumers than the other two;  Credit Karma, by comparison, is free and scrapes all three.

Experian is an international company with headquarters in Dublin, Ireland.  In the US it has a large presence in McKinney, Texas, a distance suburb north of Dallas and Plano, along Highway 175.  In the 1980s (from 1981-1988) I worked for Chilton, which would be sold tor TRW in 1989, and then TRW credit would be spun off to become Experian later.  Experian more or less replaces Chilton as a major tech employer in the Dallas area. But Chilton’s Amdahl data center and programming support was located in Oak Lawn on Fitzhugh (the location later became a bank and may be all townhomes now)  and had a large LGB presence (in a conservative company) because of its location near the “crossroads” at Cedar Springs. When I was there, only one employee that I know of developed HIV (and died).  The executive offices were located at Northpoint on I-635 and 175, and ADR (which supported Datacomm DB and DC) was near that location (for training classes), but also near EDS.  
This was actually a good time in my life, so if someone at Experian finds this post, I hope this sits well with them.

However, “Economic Invincibility” does not like Experian’s version of customer service (although this video is 3 years old).
I really wonder what the three major credit reporting companies think about the concept of "social credit systems" which are developing in China and which tech companies seem to be doing underground to regulate who has a right to be on their platforms.
I spent some of my last summer in Minnesota working for RMA in 2003 as a debt collector, and I recall one person I called, with just a small $60 balance, ask if I would pay for it for him personally because I was “better off”.  Wokeness had already started in 2003.

Saturday, August 24, 2019

Arrest warrants for people who miss court appearances due to student loan debt?

Arielle Gray reports in the Huffington Post that she received a letter, in Boston,  informing her of an arrest warrant regarding collection of unpaid student loans.
Well, it was a “civil warrant”.  Apparently you can get this kind of notice if you don’t show up in court for resolving a debtor’s plan.
Dean Pyles discusses the law on nerd wallet.  

I can remember, when working for RMA, a collection agency, in Minnesota in 2003, one debtor (with a small balance of $60) asked if I would pay his debt personally if I had the nerve to call him (which was my job).

Wednesday, August 21, 2019

RealID notice: You need to "get it done" by Oct 1, 2020

NBC News tonight reminded viewers that people needing to board even domestic flights or enter federal property will need REAL ID stars on their driver’s licenses by Oct. 1, 2010.

Virginia’s strike page for the requirement is this, leading to this.

Legal presence in the US can be established with an unexpired passport. Residency may be trickier, and require a mailed utility bill, mortgage statement, or something similar, with postmark (from a recognizable business), to your residence (not to a mailbox store). You will need your actual physical social security card, too.

It also leads to a secondary page
I see that I last mentioned RealID here back in 2009.

Friday, August 09, 2019

A brief look at identify verification services

I don’t think I’ve mentioned that there are businesses that offer ID verification, to other businesses.
Tony Raval provides an article for Forbes in December 2018.

The article offers a larger variety of databases that could be used for cross verification.  In the past (Sept 2006) I suggested that the USPS could provide the basis for such a system.
Facebook has tried to use advertisers to verify identities of persons who want to have their business pages boosted.

A book "The Fifth Domain" by Richard A. Clarke and Robert K. Knake talks about the system called ReallyU. 

Wednesday, August 07, 2019

Are people with unusual names more immune to identity theft? what about wrongful arrest?

Marketwatch has a an article from Dec. 2017 (post Trump) ratifying the idea that people with common names may be more vulnerable to identity theft.

However people with foreign names (even mine) may have more namesakes than they think.  (This can become a problem with domain names and trademarks.)

The article notes the possibility that if you are stopped by police you could be held if someone had committed a crime in your name. It lists states that have "identity theft passport programs") and they include Virginia.

Some employers require credit checks before and during employment and require associated to take ultimate responsibility for protecting their own identities.  This may be more difficult for people with common names. This was the case with my last employer in Texas in the 1980s, when ID theft was much less common.

Thursday, July 25, 2019

How to "collect" from Equifax after the FTC settlement

Nick Statt has detailed directions on The Verge (Vox) of how to get at least $125 from this weeks settlement by Equifax with the government (FTC). 

You need to use the free credit monitoring (which is a pain) to collect the $125.

Your social is scanned first, but there is a very good chance it will test positive.

You can use outside sources like Credit Karma for the monitoring.
And you may be able to collect for time spent on your problems.

Tuesday, July 16, 2019

A questionable copyright bill in the Senate could become a boon to the debt collection industry

I’ve seen more discussion and speculation about a proposed CASE Act, now in the Senate (S 1273  ); it would allow the Copyright Office to set up a “small claims court” and hand out “fines” (like $5000) for small violations of copyright law with less due process.

What would really happen is a bit speculative, but some observers fear that copyright trolls would get judgments against ordinary users with little due process, and users would suddenly get calls from collection agencies, with debts that might even get sold like many others.
When an vested interest gets in bed with the collection industry, it can become abusive. And Trump has made it easier to go after old or questionable debts.

Saturday, July 06, 2019

Under Trump administration, debt collection companies are going after very old bills

The weekend Wall Street Journal has a feature story by Yuka Hayashi, “Debt-Collecting Surges as Regulation Eases”, link
Under the Trump administration, the Consumer Financial Protection Board has eased regulation on debt-collection companies going after old debts, which are often consolidated and sold to companies who specialize in going after them aggressively.

In 2000, I pulled a credit report on myself (thinking I would buy a home) and found a credit card debt from the early 80s that had been lost in a cross country relocation. I wound up paying $650 to settle a dangling $128 bill from a Best Buy-like store. I found another renewal of a Discover card that had been missed.  I simply paid the principle off voluntarily to close the account.

I worked for RMA, a debt collection agency, in the summer of 2003.  Many people said they had been affected by 9/11.

Wednesday, June 26, 2019

Do "hard" credit inquiries affect your credit score? Marginally

Experian has a useful article on how “hard credit inquiries”, often generated to get the best rate for an auto loan, can affect the credit score.  
Generally, Experian says, all inquiries are bundled together as one inquiry for credit scoring, so the effect is rather minimal, and it goes away with time.
No major credit reporting company has talked about “social credit systems” yet but it seems like the tech companies want them.

Friday, June 07, 2019

A scare when I try to create my IRS online account

I just signed on and created an IRS online account and got a scare.

But it looks like it was because of namesake relatives in the Midwest.  I created an account by adding a 0 to my last name.

But I’ve had a problem with not getting credit for two payments I made to the IRS.
If you call them you get a 15-30 minute hold.

Monday, May 13, 2019

Phishing scam grabs attention claiming your credit score has changed on all three major US companies suddenly

I wanted to warn others about still another phishing scam.  This one purports to tell you that your credit score has changed on Experian, Equifax and Trans Union.

The sender is your logon name for your email provider, and Amazon’s URL is spoofed as the sender.

This seems like a particularly deceptive and dangerous phish.
Imagine if this was done in China with a social credit score!  Or if a social credit score were hacked?

Tuesday, May 07, 2019

Could a recent phishing scam about package missed deliveries involved identity theft? Watch and see

Yesterday I got a bizarre email claiming a package sent by me had been returned to a UPS store, turning out to be in South Carolina, that I had never been to.

This appears to be a variation of the better known Fed-Ex phony delivery notice phishing attack.  I covered the details on my Internet Safety blog Monday.  Nevertheless, the possibility of an identity theft scenario could exist.  Someone could create a fake duplicate identity and send illegal materials to frame someone.  But it sounds improbable it could work.
I’ll check my credit reports soon again, but this much more likely a variation of a wellknown scam already.

Friday, April 19, 2019

Can automated bill payments improve your credit score?

Experian, in a corporate article by Stefan Lembo Stolba, posted an important article on its consumer site “Can automatic bill payments help my credit score?” 
Generally, yes.  One problem I have is that many credit card company sites (Target and Chase) are hard to log on to – passwords expire quickly.  The tendency is for them to be forgotten then if logon is difficult.
The Bank of America Bill Pay page has some issues, of not refreshing information between pages, and keeping expired cards. The end result is that sometimes payments go to wrong accounts and aren’t properly credited.

Tuesday, April 09, 2019

Arlington Public Schools (VA) offers adult class in identity theft self-protection

I don’t think I’ve shared an announcement of a class before, but Arlington Public Schools (VA) offers a course for adults in how to prevent identity theft and other scams, Wed. May 15 at 10 AM, with an announcement here.

There will be particular attention to scams targeting seniors and to smartphone security.

The event takes place in an office complex near the intersection of Washington Blvd and Route 50.

Monday, March 25, 2019

Can Dodd-Frank endanger ordinary bank depositors and investors? It's a risk a little bit parallel to ID theft?

I’m not sure which blog to post this on.  It’s not really about identity theft, but it concerns a risk to consumers that is fundamentally parallel to identity theft.

That is, the “bail-in” process of the Dodd-Frank Reform Act of 2010, which Trump has said little about, well, except according to The Atlantic.  

Assets, other than savings and deposits insured under the FDIC up to $250000, can be “confiscated” by creditors in some circumstances with a failing bank, even by derivative creditors.  Ivestopedia explains here

The irony is that this risk seems to comport with moral criticisms of “predatory capitalism” from the far Left, as placing the blame on “the system” rather than individuals – except individuals with unearned capital.

Kitco has a similar explanation

A few companies have been sending emails (possible spam) trying to sell protection to consumers.

How Dodd-Frank Affects Checking Accounts
Nerdwallet has a tamer discussion (shown).

Tuesday, March 19, 2019

"Suprise medical bills" not covered by insurance can lead to granishments, liens

Tonight, NBC News reported the problem of “surprise medical bills”, resulting in liens and even garnishments in New Hampshire, Vermont, Colorado, Oklahoma, Nevada and Ohio.

Lindsey Bomnin and Stephanie Gosk provided the story.

In one case, a woman had a normal appendectomy, only to get an extra bill for over $4000 from a surgeon, who might have been out-of-network, even though she repeatedly checked in her insurance during the hospitalization.

With my acetabular hip fracture in Minnesota in 1998, I ran into problems with some of the after care, in the rehab, but eventually “won” the argument.  Ironically the surgical device at the University of Minnesota was “free” because it was brand new and experimental (it worked perfectly).

I worked for a debt collection agency, RMA, in St. Paul in the summer of 2003 and might have wound up working in medical collections had I stayed, because I knew a lot about health care.

The arguments posed by debt collectors were “you used to service ….” – personal responsibility carrued to an extreme degree.

Sunday, March 03, 2019

North Korea seems to be creating fake identity accounts on LinkedIn and other social media, and running phishing campaigns with them

North Korea still continues hacking, which persisted during the summit his past week.

Most if the targets seem to be infrastructure, oil companies, and banks.  There seem to have been some attempts at airgaps at electric utilities.

A common technique is to pose as a recruiter (essentially impostering a real person) on Linked in.

This is the first time I’ve heard of Linked-In as a target for identity theft connected to spam.

Nicole Perlroth has a story in the New York Times and MSN.

Social media impersonation may be a technique particularly coming into use now.  But there have been numerous cases of fake accounts for real people in the past on Facebook and Twitter.  It happened to me once, and a friend caught it and the fake account was deleted before I knew about it.

Loose personal information might enable the creation of fake social media accounts.  It’s conceivable a foreign enemy could write posts that resemble what the real person would write, but that would take a lot of effort.  Still, a proof-of-concept attack like that would be very disturbing.

Sunday, February 03, 2019

Google's interest in "replacing" the URL system recalls the DNS crisis of 2008, any connection?

There are recent reports that Google is working on other ways of identifying website addresses as well as conventional domain-oriented URL’s.

Since domains are mapped to IP addresses, often on hosted servers, and propagated worldwide, it isn’t clear if this refers to that concept, or the tendency of many sites to add unnecessary qualifiers when offering popup links to sites, as from emails.  This practice facilitates phishing.

Ars technical has a typical story by Peter Bright on Sept. 5.  

The story reminds me of the controversy in the summer of 2008, when a Finnish researcher found a security flaw in the DNS mapping system, resulting in a big emergency conference at Microsoft near Seattle.

Microsoft offers enterprises a service called Azure, cloud-hosted, that also seems to break away from URL dependency.
And more and more sites encourage smart phone users to load their apps rather than use URL’s in browsers.

Sunday, January 20, 2019

Experian notes an id-theft risk in a popular game; Can credit-scoring companies develop a way to allow for the federal shutdown?

Experian has a detailed article by Matt Tatham on some consumer gamer vulnerabilities with Fortnite, apparently leading to some compromises of PII and even identity theft.
This reminds me of the idea of identity theft on a platform like Second Life.

Experian, by the way, is the successor to Chilton (through TRW) which I worked for in the 1980s.  Maybe somebody there remembers me (in Dallas).

I wanted to note also that for several months I got emails claiming to be from Apple about numerous (perhaps dozens) games I had supposedly purchased in Indonesia and Belarus (a particularly vulnerable country).  No, obvious spam, I think (although it simulated an Apple address, but no statement ever showed up on my cards).  It sounds possible that there is a digital copy of me overseas, maybe created by the Russians.  Could this be a problem if I travel overseas?   They’ve never shown up on my credit reports. 
I also want to note that, although I didn't work on the Fair Isaacs credit scoring (then called "Risk Predictor") interface, some coworkers did and I am somewhat familiar with it.  It strikes me that credit reporting companies should develop a way to account for missed payments from federal workers "taken hostage" by the president and Congress.  Technically, I know it can be done.  So do it.

Picture: where I lived in 1979, near Dallas North Tollway at Cedar Springs; new apartment complex replaced the old Embarcadero on Lucas St. 

Saturday, January 12, 2019

Darkening of FTC during shutdown increases risk of identity theft

Apparently the Federal Trade Commission is dark during the shutdown, increasing the risk of identity theft from hackers or even pickpockets.  NBC News reports.

Major incidents are already reported.

Furthermore, a complaint to the FTC about possible payment processor collusion against some content creators using patronage systems online won’t get started right now.

Thursday, January 03, 2019

Experian analyzes the risk to average consumers from data breaches

For the New Year, Experian (aka TRW aka Chilton) has some embeddable charts on “where your personal information is most at risk” from 2018. From data breaches.

Or this one, data records lost by industry

Most of these breaches are so massive that the practical risk for any person is very low.  And more of them seem to come from foreign states.