A proposal for a project to develop system to protect personal identity in credit granting

Debt collectors paying record fines over stretching the rules

2012-02-01T07:11:00.000-08:00

The New York Times, in a story by Tara Siegel Bernhard, reports that the FTC has levied the second-largest-ever fine on Asset Acceptance, link (website url) here.

The company, which apparently buys other debt at pennies on the dollar, would make threats to sue consumers (which it cannot follow up) and to goad consumers into making partial payments to wipe out the expiration of limitations.

As noted before, employees in many debt collection agencies face extreme pressures to meet quotas and bend the rules.

Another company paying a big fine is West Asset Management.

Consumer tip: watch delivery options when buying theater tickets on the web

2012-01-08T19:10:00.000-08:00

This is not really an id-security issue, but it is a consumer issue.

On Tuesday, Dec. 27 I bought a ticket for a performance of “Jersey Boys” at the National Theater Jan. 5. I thought the price was about $125, from the National’s website. I checked an option to have a ticket mailed. I later discovered that this convenience had cost an extra $29. Maybe FedEx makes sense close to performance date, but there was time. And the ticket when delivered was exactly the same e-Ticket I had printed out the same day. And the price printed on it was just $66.

I didn’t have any problems at all in early December with “Sister Act” in NYC from Broadway.com, and the total for that show as just $51.50. But Jersey Boys in Washington turned out to be a rip-off. I will say, I haven’t run into anything like this with the Kennedy Center.

Business Insider gives five tips to protect your identity; consider "smart card" technology for credit cards, and "Bill Guard"

2012-01-06T20:17:00.000-08:00

Business Insider has a useful post, “5 Minute Tips to Keep Your Identify from Being Hijacked” (by Justine Rivero), and there indeed are five of them.

I don’t do sensitive business on my two-year-old Blackberry (but contract renewal comes soon), but it seems existing numbers in the cache could be stolen.

The smart card technology for credit and especially debit cards sounds like a good idea. No bank has offered it yet to me. I expect to hear from Wells Fargo and Bank of America soon on this.

Placing a daily limit on maximum withdrawals would limit the damage or exposure to carjackings and muggings at ATM’s.

For travel, a secure MiFi card (like Verizon’s) is safer than using public WiFi. I find the card very reliable in 95% of the country. But use of https should also provide protection.

Note the mention of the WPA2 security protocol.

Webroot tweeted this link today, here.

You could consider a service like BillGuard, link here

Newsweek: abuses by debt collectors increase, as more debt is sold

2012-01-04T16:07:00.000-08:00

Newsweek has the latest tirade against debt collectors, with the online entry here, an article called “America’s abusive debt collectors” and referring outright to America’s “overconsumption binge”.

Abuses by collectors have increased as collection agencies are less able to recover debt from more strapped consumers. People take jobs as debt collectors and are pushed by supervisors to break the law.

The article spends much of its space on debt buyers, who have often been individuals who put their “own skin in the game”. In time they form little companies and hire collectors themselves. Debt is sold several times for even less on the dollar (“tersh” means tertiary, or third time). In better times, hedge funds helped individual debt buyers.

For a couple months in 2003 (before moving back to VA), I worked for a company called RMA near MSP airport in St. Paul MN. The company did not engage in abusive practices and actually held employees to the FDPCA. I drove past the property in June 2011 and it looked like it belonged now to ACB, Associated Credit Bureaus. But I imagine in the era of the Internet collection companies would worry that prospective employees would later rat on them online as “blogger journalists”. Some companies that own debt say they have policies against employees “friending” debtors to spy on them! The Internet could have a big effect on the debt collection world.

Many collection agencies are located in the midwest, where the Central time zone makes calling easier.

Debt buyers sometimes sue debtors. I’m not sure of the legality of the practice.

John G Watts, an attorney in Alabama, has a video on debt buyer lawsuits:

In 2000, I was dinged for $650 by “National Credit Systems” for a twenty year old credit card debt with Chemical Bank (originally $130) which I’m not really sure was valid; it could have fallen through the cracks of a household move from New York to Texas in 1979, though.

Handling a “statute of limitations” on an old debt is tricky; even a partial payment reopens the entire liability.

Hackers penetrate Stratfor, pilfer consumer accounts; are the banks liable?

2011-12-26T11:54:00.000-08:00

The hacking movement called “Anonymous”, connected to Julian Assange, claims to have played Robin Hood by stealing credit card, debit card and other personal information from a US security think tank, Stratfor. The money pilfered from these accounts was then given to some charities like Save the Children, but obviously the charities will have to return the funds. Will the banks affected (with debit cards) have to make up the difference?

The Business Week story is here.

Stratfor Global Intelligence now says that its site is “undergoing maintenance”, link here.

Supposedly Statfor had not encrypted the information.

The latest, from TGDaily, (link) is that Anonymous denies the attack.

Here’s Stratfor video on YouTube (34 min, on month old) with Robert Kaplan and George Friedman, on China’s dominance.

Using NCOA as part of a scheme to stop fraudulent accounts could help USPS revenue and budget situation

2011-12-08T07:44:00.000-08:00

The United States Post Office is announcing big budget cuts, with longer delivery times and probably suspension of Saturday and maybe Tuesday deliveries. The USPS says it is totally self-supported, not by taxes.

It would seem to me, then, that to use NCOA as a plan to buttress identification of people to prevent fraudulent accounts from being created (Sept. 25, 2006), could help add revenue to the USPS, which it badly needs.

There has been talk that Facebook’s strict policy on using real names is motivated by the idea of using the site as a de facto standard of online identity, maybe a real future revenue-generating opportunity for the company. If so, it would seem that it’s conceivable it could be brought in as a partner in a way of preventing fraudulent accounts.

Does the FICO score really monopolize the credit world?

2011-12-06T05:59:00.000-08:00

Lynn Parramore has a big article on AlterNet on the Fair Isaacs FICO Score, “Are you held hostage by bad credit? The hidden truth behind the shady credit agencies that can ruin your life”, link here.

Now, “ruin your life” is a loaded phrase. I remember drill sergeants using it in Basic Training back in 1968, claiming an “Article 15” would “ruin your life”. It wouldn’t.

When I worked for Chilton (now Experian via TRW) in Dallas in the 1980s, we had a project called “risk predictor”, extracts from credit reports fed to Fair Isaacs. There is also a competing score called Vantage (discussion) and Sunday I discussed a new service called CoreLogic.

But AlterNet is right to question why the responsibility to bear the burden of errors in reports should fall on consumers. I have not had many problems; I did have a credit card hack in 1995, and in 2000 I got dinged by a debt collector for a credit card that I thought I didn’t have anymore (a debt more than ten years old).

Core Logic offers more refined credit reports and scores on consumers

2011-12-04T05:31:00.000-08:00

There’s a new credit reporting company, CoreLogic, which will provide lenders a more nuanced credit score and report based on smaller items like rent payments and even payday loans. It appears to look for items frequently requested by services like TenantCheck.

Tara Siegel Bernard has the New York Times story Saturday here.

Here is CoreLogic’s source on consumer lending. The company says it also provides information on trends in property values which could help consumers as well as lenders (avoid loans that will go upsidedown).

Will credit scores based on “online reputation” come next?

Arrest for ATM-related crimes in MD raises questions of consumer liability

2011-12-03T06:41:00.000-08:00

A man who had been released on bail in Maryland after one carjacking committed several moe, including three at a Wheaton, MD mall. He would kidnap elderly drivers returning to their cars and force them to drive to ATM’s. A Nov. 30 story reports on his re-arrest by Montgomery County, MD police.

The question that comes up is, would consumer habits placing a limit on the daily withdrawal from an ATM (say $300) minimize loss and discourage such crimes? Would limiting ATM use to just one card also help?

Will banks refund for losses to such robberies? What about on debit cards? If on credit cards, are consumers still liable?

Does anyone know? News reports didn’t cover this. Here is Washington DC ABC affiliate WJLA's coverage.

FTC reports rapid increase in complaints against debt collectors

2011-11-18T06:48:00.000-08:00

According to a USA Today story Friday Nov. 18, 2011 (front page) by Oren Dorell, complaints about abusive debt collection practices are accumulating more rapidly than in any other industry, including debt consolidation and other financial services.

The increase in complaints has risen from about 100000 in 2008 to over 140000 in 2010.

Companies vary in how strictly they enforce the Fair Debt Collection Practices Act (FDCPA) with their collectors, who typically make less than $13 an hour but get bonuses for performance. And I know from my own experience in Minnesota in 2003, where an interviewer, for a job that I did not get, asked me about assertiveness, that companies do push employees into manipulating others. (I did get a job with a different company and did fairly well before moving back to the East Coast later in 2003.)

Is this increase in complaints mainly about individual debt collectors, about specific debt collection companies, or against the industry itself? Many of the abuses occur with debts that the companies have purchased outright for cents on the dollar.

Some credit cards emit wireless signals that leave them vulnerable to hackers

2011-11-03T07:55:00.000-07:00

Walt Augustinowitz, who founded Identity Stronghold (link), helped television station WJLA (ABC, Washington DC) report on “electronic pickpocketing”. Some credit cards have a “wireless hologram” that send out a signal that cell phones or other devices can pick up, and credit card transactions processed on smart phones can sometimes be hacked.

It’s prudent to ask credit card companies to send cards without the wireless gonzo.

So far, very few such hacks have actually been reported to police.

A similar report has also been aired recently on Fox channels.

Unpaid fines (parking, photo-enforced light or speeding) can get turned over to collections, affect credit scores heavily

2011-11-02T08:56:00.000-07:00

Recently, the media have been reporting that more states and municipalities are turning over unpaid parking and photo-enforced speeding or red-light tickets to collection agencies. A single collection agency submission of an out-of-town ticket can lower a FICO score of maybe 780 or so by as much as a hundred points.

In many jurisdictions, people can lose points on driver’s licenses for unpaid tickets in adjoining states, but not far-away states or on car rentals (whose contracts always insist that tickets be paid; I had to pay a Delaware toll problem in 2002 when I didn’t know what lane to be in on 95).

But people will lose credit score points for unpaid violations anywhere if turned over to collections.

Here’s a question from Yahoo! on paying an old ticket, link.

Here’s a story on collections activity from Atlanta, link.

Banks have you hooked on their debit cards with their automated bill pay; is it really safe to use the cards in public anyway?

2011-10-17T13:02:00.000-07:00

Maybe this story doesn’t really apply so much to “personal identity security”, but maybe it does, as far as this column has dealt with debt collection.

The New York Times Sunday ran a story by Nelson D. Schwartz showing how big banks can get away with their new debit card fees because they have everyone hooked on the ease of automated bill paying. It would be too much work to move twenty bills to a credit union, right?

For now, if you never use your debit card to actually make purchases (which security experts say you shouldn’t do anyway – so here’s the relevance) there’s no problem.

But it’s a lot easier to use it at the 7-11 than worry about trips to the ATM with your same bank.

Here we go with the story. A friend had said on Facebook that it was easier just to pay bills by mail. I don't think so.

Couple faces foreclosure because "right" lender never received mortgage payments

2011-10-10T14:50:00.000-07:00

This is not exactly an “identity security” situation, maybe a debt one, though. A family (Brian and Khanklink Pyron) in Houston may face foreclosure after making all its payments on time to Bank of America, the lender. The problem is that the title company, through whom BofA was supposed to pass payments to Wells Fargo, went under, and nobody told the homeowners. The Huffington Post story and video is (website url) here.

In Massachusetts, someone faced foreclosure over a missed zero payment (does that make sense), and in Florida a similar situation occurred over a $4.70 fee.

Things a debt collector won't tell you (I didn't either when i worked as a collector)

2011-09-28T09:11:00.000-07:00

Here’s a cute story from the October 2011 Reader’s Digest, “13 Things a Debt Collector Won’t Tell You”, by Michelle Crouch, link here.

I worked as a debt collector in Minnesota for a while in 2003, and I did not like the idea of “fooling” people by not telling them things they have the right to do, especially now when I have gotten deeper into publishing stories as a “journalist”.

The tip about the possibility of expiration is interesting, and how it gets restarted if you acknowledge the debt again. Also provocative is the idea of telling people to borrow money from family or friends. I didn’t do that, but I did take other credit cards.

It’s true, a manager will not help you, as she says.

Maryland will make it tougher to collect on "purchased debt" without proper documentation that debts are real

2011-09-18T08:14:00.000-07:00

Michelle Singletary has an important column in the Sunday Washington Post, Business, “The Color of Money”, p. G1, “Maryland makes it tougher for debt collectors to sue consumers”, link here.

She is referring to the practice of buying debt, not just collecting debt under contract.

I once got caught in something like this. In 2000, I requested my credit report and found an old Visa card from Chemical Bank in NYC that I thought had been closed. A $125 bill had blossomed to $650 in ten years. I called National Credit Systems, and a woman called back and threatened to sue me. She would not accept a dispute. I wound up paying. It's possible that the card could have fallen through the cracks when I moved from New York to Texas at the beginning of 1979.

I went to work for RMA, a debt collector, in Minnesota for a while in 2003. It wasn’t until then that I learned that this charge probably had been wrong. There was nothing I could do.

Singletary reports that in many states, courts rubber stamp “robo signed” suits for bought debt without requiring due process or proof. Maryland is trying to tighten up the process.

IRS refund scams in Florida based on mass identity theft from family-tree websites

2011-09-02T17:30:00.000-07:00

MSNBC and Peter Williams are reporting on an IRS refund scheme in Tampa, FL based on identity theft. Identities were lifted off of “family tree” and genealogy websites. So far 49 people have been arrested in the Tampa area, with more to follow. One case involved the stealing of a developmentally disabled person’s identity.

Visit msnbc.com for breaking news, world news, and news about the economy

MSN lists the latest schemes to steal credit, financial information

2011-08-25T20:24:00.000-07:00

Here’s another list, on MSN, “5 ways thieves steal your credit”, link here.

Some of the schemes involves waiters, “gas station lasses” who skim gas pumps, and ATM’s, as well as the better known schemes to steal info at wireless hotspots for from public computers, or from phishing.

AOL is offering paying customers “free” use of Lifelock; I got an advice from AOL tonight.

NYC thief enlists bank tellers as part of ID theft ring

2011-08-07T09:27:00.000-07:00

A crook who stole wallets on NYC streets has been indicted in an identity theft ring that included collusion with bank tellers, especially those of J P Morgan Chase. He was called “Geovanni Kasonova” . In this story, the bank employees say they were fooled and are not guilty of crimes.

The ABC story and video are here.

It’s not clear if the stolen identities were active very long unbeknownst to their targets. As I’ve written here before, the critical point would be lenders checking addresses before giving credit to individuals, where billing information has been changed and made up by thieves. Much of this could be stopped.

Another good question would be whether the use of nicknames or pseudonyms on the web, on social media, a controversy raised recently here on other blogs, could make it easier for thieves to make up fake people and match them to stolen SSN’s.

Woman impersonated on Craigslist; a Section 230 issue?

2011-07-05T13:23:00.001-07:00

The Today Show on NBC has reported that a mother of 3 was set up by a “prank” by her ex-husband’s new wife, who put up “adult ads” on Craigslist in her name. (Craigslist had supposed "toned itself down" after the Massachusetts tragedy.)

Visit msnbc.com for breaking news, world news, and news about the economy

The Huffington Post also reported the story on AOL here.

The woman began receiving uninvited visits from strangers at her home, which would put her and her children at risk for crime.

The woman who perpetrated the prank was arrested. Astonishingly, she runs a day care center and takes care of children. The incident is reported to have occurred in Bradenton, FL.

It is becoming increasingly difficult for people to protect themselves from impersonation on the Web, it seems, which is one reason why Section 230 protections of the 1996 Telecommunications Act come under more criticism.

USA Today presents debate on credit bureau ability to fix errors

2011-06-06T18:33:00.000-07:00

USA Today has a view-opposing counterpoint on its editorial page today. “Our view” (of the paper) is “Credit reports stacked against consumers”, and the opposing view is “Credit report data show few errors”, by Stuart K. Pratt, reporting an unfixed error rate of about 5%. The entire comparison can be accessed online here.

I have not encountered any problems except some mixup with my parents.

So far, my only experience with unauthorized charges happened way back in 1995, with unauthorized phone charges from Canada from AT&T on my Merrill Lynch Visa.

I worked for Chilton Credit Reporting in Dallas in the 1980s. It was acquired by TRW in 1989, and later the entire operation was spun off as Experian, one of the three major companies, much of it in the northern Dallas suburbs.

Last picture: I used to work there (as a debt collector) in 2003.

Debt collectors use social media for skip tracing; is this legal per FDCPA?

2011-05-11T07:01:00.001-07:00

“Atlanta Business Litigation lawyers” has an interesting article on the use of social media (including Facebook) by debt collectors for skip tracing to find debtors.

The complete article, by Stokes Lazarus and Carmichael LLP, is here.

The Federal Trade Commission recently held a hearing on the use of social media in debt collection soon. There was a concern that social media could easily misidentify debtors.

The FDCPA was written long before social media, public search engines and blogs, all accessible at home, existed.

USPS security breach reported, would not affect ordinary customers or NCOA users

2011-05-05T21:18:00.000-07:00

A United States Postal Service subsite “ribs.usps.gov” was apparently hacked before early April 2007 and infected with scripting code associated with the “Blackhole Exploit Kit”, which could take a visitor to an embedded site distributing malware or spyware. The USPS service affected was the Rapid Information Bulletin Board service. It’s unlikely that any users were really “harmed”.

There is a detailed technical explanation at ZScaler, “leader in Cloud Security”, (website url) here.

I also discussed this story (giving other bibliographic references) on my “Internet Safety” blog today in conjunction of reports of malware purporting to offer contraband pictures of Osama bin Laden.

The story is significant because use of the USPS “national change of address” system in conjunction with products like Move Forward could be used to design a national strategy to combat identity impersonation, as I have explained on this blog before (esp. Sept. 25, 2006). But such a system would reside largely on IBM-style mainframes, kept off the public Internet and much harder to compromise (with typical mainframe security like RACF or Top Secret, etc.) Of course, people are still raising similar questions today about other systems not normally accessible to the Internet, such as with the power grid.

Sony has major security breach with Play Station, leading to outage, compromising customer identity data

2011-04-27T08:50:00.000-07:00

It looks like Sony has suffered a major breach of its network, affecting not only Play Station users but also those who stream some of its movie content. So account users have been unable to play games (chess?) over the Internet for several days, because of a major corporate breach.

What the story indicates is the risk not only with home PC use, but with the ability of major corporations and governments to keep their networks secure against determined hackers.

The New York Times story by Nick Bilton and Brian Stelter is here.

Here’s another version of the anti-gospel by Andrea Devaro at the Long Island Press, link.

Spammers imitate bill collectors in phishing attempts

2011-04-25T17:23:00.000-07:00

Well, now I’ve seen everything. Somebody sends me an email saying I’m in collections and owe Party X money. I know that’s spam. The FDCPA (Fair Debt Collection Practices Act) does not permit doing collections by email, or at least it wouldn't make sense to.

That’s just the latest way to phish, to impersonate a bill collector. Can probably happen by cell phone, too.

Old school phone phishing is alive and well

2011-04-08T13:30:00.000-07:00

Today, I got a phone call about a sweepstakes entry my mother (now deceased) had allegedly made, and mentioning an unbelievable sum she had supposedly won. I know that this was impossible during the last months of her life. I questioned him and used the word “scam”. He hung up.

So phone phishing seems as alive and well as the more common email phishing, whether for personal information, a “security deposit” (as with the Nigerian scam), or both.

Be forewarned. If it sounds too good to be true, it is.

ABC reports on tax refund scams with stolen kids' SSN's

2011-04-04T16:16:00.000-07:00

ABC News is reporting tonight that the tax refund opportunity is driving a lot of identity theft. There are two main scams: one is a “free” tax service on a site mimicking a well-known one, and the other, more common, is for crooks to use the social security numbers of other people’s children and claim then fraudulently as dependents, causing parents’ legitimate returns to be rejected later.

The main story, by Elizabeth Leamy, Ben Forer, and James Wang, is (website url) here. It was reported by Diane Sawyer on ABC World News Tonight on Monday April 4.

The IRS apparently doesn’t have very adequate automated ways to check for “real” family dependency, partly because of the complexity of American family life today. That certainly begs for some more systems development.

The IRS does not send emails to taxpayers (except for specially automated ones in conjunction with e-filing). Any email "from the IRS" about your tax return is likely a phishing attempt trying to get SSN's.

Some credit cards start charging "minimum interest" even on zero balance

2011-03-26T07:30:00.000-07:00

This isn’t really an “identity security” problem, but I want to report it. Today, I noticed that FIA card services, on the credit card for my mother’s estate, charged a minimum interest fee of $1.50 even though the balance due was paid in full (as it always is).

I haven’t noticed this on any of my other cards yet. But I wonder if that’s next. FICO scoring rules favor having more cards and not using all the credit. But that could mean even more fees.

Banks have complained that people who pay the balance in full (and follow Suze Orman’s advice) are the “freeloaders”.

Abuse by debt collectors increases as economy remains tough

2011-03-22T19:47:00.000-07:00

Diane Sawyer reported on ABC World News Tonight that complaints about abusive debt collection practices are up 17% in the past year, maybe because of the economy.

Consumers can write the debt collection company and tell the company not to call them again, although that does not relieve the debt. Consumer could still be sued by the debt owner (and sometimes collection agencies have “bought” the debt, a practice that sounds like champerty to some).

We’ve discussed the FDCPA here before. It’s illegal for collectors to make threats.

Another company, "Trusted ID", says it acts like an ID "reputation defender"

2011-03-21T10:50:00.000-07:00

Here’s another identity protections service I ran across, “Trusted ID”. The company says it offers the credit reports from the three major vendors, and monitors “black market websites” for stolen personal information (in a manner that sounds like it resembles “Reputation Defender” a little). The web reference is here.

When I was on the site, I was called away by a phone call, and when I went back, it seemed a Live Agent wanted to chat with me. Interesting. I’ve never seen that before.

Major breach in Visa central processing reported

2011-02-03T14:30:00.000-08:00

Here’s another story of a big corporate data breach, apparently this time at Visa itself, but this time limited in the information stolen Active Rain has a story by Robert Siciliano here. DataLoss (Open Security Foundation) also has a story here and says this resembles but is apparently unrelated to an earlier breech at “Heartland”.

They’re saying that anyone with a Visa account needs to look at his or her statements before accepting them. But the likelihood of identity theft from this breach seems remote, since not a lot of PII was involved.

In the late 1980s, in a job search, I became vaguely familiar with Visa's setup in north Dallas (as it was then), through the headhunter and interviewee grapevine.

WSJ covers aggressive tactics by some debt collectors, including "robosigning" of suits with deceased people

2011-01-03T17:31:00.000-08:00

Jessica Silver-Greenberg has an interesting video on the Wall Street Journal site about the frantic tactics of debt collectors, Nov. 28, 2010:

Then on Dec. 31 in the “Money & Investing” page of the WSJ she ran an interesting story about Portfolio Recovery Associates, a debt collection agency using the signature of the deceased woman Martha Kunkle in “robosigning” of affidavits associated with collection “letter lawsuits” filed against “delinquent” borrowers. Deceased people are not immune to “identity theft.”

One in 7 social security numbers are misused

2010-12-05T06:13:00.000-08:00

NBC Today has been reporting Sunday morning that social security number fraud has increased, and that there are millions of social security numbers with multiple names. In fact, 1 of 7 social security numbers have been used by someone other than the owner, according to the story.

Most people don’t find out about the problem until they interact with government and apply for some sort of benefits, or sometimes when they apply for more credit.

Some social security number fraud occurs when information is entered mistakenly into systems that take social security numbers, which are much less often required than in the past.

MSNBC’s link to the story is here.

Automated calls offering mortgage refiancing: suspcicious?

2010-12-01T17:23:00.000-08:00

It has come to my attention that people get automated phone calls offering mortgage refinancing. Some of the phone calls appear to go to people who don’t even have mortgages, and they may be attempts to get personal information illegally, through the phone system rather than by Internet phishing.

I’ll check more on what the FTC says about this problem.

Debt collecting companies purchase old debt and use robo-signing for "due diligence"

2010-11-02T07:33:00.000-07:00

Here’s a new wrinkle, or really an old one, in the debt collection world: debts sold to other companies, which then pursue debtors and sometimes sue them. Sounds like a precursor to Righthaven copyright suits in the news recently (my main blog) and it is, the same concept.

One problem is that information on debts is often inaccurate (you guessed it, partly because of identity theft). So innocent people could wind up having to pay legal expenses to defend themselves (even if they don’t blog – in fact, people with public reputations may be harder for thieves to “impersonate”).

David Segal had a story in the November 1 New York Times, “Debt Collectors face a Hazard: Writer’s Cramp”, link here. It seems like there is a robo-signing activity for affidavits related to purchased debts. Remember how in middle school at detention you had to write down “I will not talk in class” 500 times (Oh, I remember one time in ninth grade, we – “the kids” -- were “swinging from the chandeliers”. ) You got writer’s cramp as punishment.

I found a 10 year old credit card debt in 2000 on a Trans Union report and wound up paying $660 for a $130 debt in 1980 that had been missed when I moved. I never got to challenge it, but I was naïve at the time. In 2003, I worked as a debt collector for a while.

"Annual Credit Report" has some changes this time; including an id security score from TU

2010-10-22T10:29:00.001-07:00

Yesterday, I pulled up my annual free reports at “annualcreditreport.com” (not “free credit report).

Experian charged $7.95 for a Vantage score (max 990) Equifax charged for a FICO score (max 850). Trans Union offered a free Vantage score for a one week trial, followed by a $14.95 subscription for monitoring,

Trans Union also offered an identity theft risk assessment, where low 200’s was low risk.

Only Equifax specifically offered a line on public records (none) this time, as far as I could see. It would be important to make sure there were no default judgments against oneself, which could happen because of identity theft.

Does one late payment really lower your credit score? It can happen to anybody

2010-10-04T07:49:00.000-07:00

Last week, I noticed a past due on one of my credit cards. I thought I had checked it in time, and that there had been $0 due. But at least there was no penalty ($39 normally), just about $1.50 in interest. I immediately paid it online.

I don’t know if this oversight will affect my credit scores, but I found an article by Don Taylor on Bankrate ("Ask Dr. Don") about the issue, (website url) here. Actually, what we call FICO is FICO with Experian (aka TRW/Chilton), Beacon with Equifax (aka CBI), and Emperica with Trans Union.

Taylor also discusses whether inquiries can affect your score. It does seem as though I dodged the bullet, this time.

"First Life" identity security lessons

2010-09-26T21:42:00.000-07:00

Just a little more wisdom about “physical world” security. Today, I parked my car near a scenic overlook in West Virginia, and the hike to the view took much longer than expected. I left a sheet of paper out in plain sight with potentially some business matters I really wouldn’t want others to see. It was still there when I cam back, but it’s good to remember that some “identity” problems come from carelessness in the physical (pre-Internet) world (“First Life”), too.

Another visitor left his lights on, I thought as the family left a van in a handicapped space, and I said so, and the man said, “Oh, they turn themselves off. I think they will.” They did, after the family walked down the trail, just as I was leaving. What if they hadn’t? Wouldn’t want to get stuck in the boonies with a car that doesn’t start.

AOL continues discussion on homeowner's, auto insurance and identity, CLUE and FICO

2010-09-22T07:12:00.000-07:00

AOL offered a guide on homeowner’s insurance today similar to one offered by MSN in April of this year. AOL stressed the idea that sometimes phone calls asking whether a minor loss is covered can affect a CLUE report. The report is by Candy Evans, is called “Know what you’re buying”, and distinguishes between “bare bones” coverage (the standard companies) and luxury or Cadillac coverage. The link is here.

People can have property insurance problems because of “pre-existing conditions” from CLUE reports just as with health insurance. Previous owners on a property could have an effect. So can someone’s FICO score, which can be affected by identity theft.

Several states have passed laws prohibiting insurance companies from reporting to CLUE inquiries that don’t result in claims.

Another point is that sometimes real property and auto insurance can be packaged for a discount, and if offered for a married couple, is cheaper if autos are titled in both names. This would discriminate against same-sex couples in states that don’t recognize same-sex marriage.

Check Lexis-Nexis for its explanation of property and subject home and auto reports, and samples. The reports apparently show claims made before a subject acquired the property but identify them as such. Note mention of the FACT (Fair and Sccurate Credit Transactions) Act.

AOL warns of new perilts to identity security; watch for impersonation on Twitter and Facebook

2010-09-21T11:36:00.000-07:00

AOL has struck again (and not with an April Fools probe of Jupiter once invented by Steve Case). It has a lead story “Imposters and the art of Identity Theft” again today. Here’s their link.

The focus today is on impersonation on the web, both on Facebook and Twitter, or celebrities, and of non-celebrities (and in these days of self-display, it’s hard to tell the difference). A few states are trying to outlaw the practice. And be wary of friend requests from “Brad Pitt”, etc. (Oh, I liked Babel, too.) Of course, make sure you don't get impersonated.

Another thing to watch for is using debit cards in card readers at gas stations. Hackers have gotten to these in data transfer.

The rest of the advice in the article is pretty standard.

Whatever accounts you have online, check them frequently. That can be a bit of a problem if you have to travel a lot (especially internationally), and your employer doesn’t let you use a work laptop for personal purposes. You should consider carrying your own laptop, too, so you can keep up with everything. Handhelds and mobiles are getting better at this all the time.

P2P also invites data thieves to spy on your hard drive

2010-09-03T09:18:00.000-07:00

Now today AOL has a warning article “Are you inviting criminals into your home?” link here. This article concerns the risks of P2P computing, often for sharing music and video, where others are allowed to access your hard drive directly (although there is plenty of web based malware that might do that).

The Today show cited a study where 150000 tax returns and over 600000 credit reports could be found on personal hard drives.

It would be interesting to study whether the level of P2P participation, function as a “super node” (which EFF says attracted RIAA lawsuits in the past) could invite more criminal activity.

New FTC rule regarding debt settlement firms may actually jeopardize consumers

2010-09-01T09:55:00.000-07:00

Debt settlement companies, as opposed to legitimate debt collection companies, are certainly getting bad press these days, according to a report reprinted on AOL this morning from Daily Finance, by Charles Wallace, “Consumers Face Huge Losses with Debt Settlement Firms”, link (web rul) here.

The Federal Trade Commission adopted a new rule July 28 to stop debt settlement companies from collecting fees before settling debts, but the upshot could be that many go out of business, having taken consumers’ money.

The FTC has a related story today about Clean Credit Report Services, Inc.,, about an agreement to get it from making false claims, link (website url) here.

The FTC also has a July 2010 report, “Protecting Consumers in Debt Collection Litigation and Arbitration”, PDF link here.

Russia looks the other way on credit card and DOS hackers; harassment of consumers seems like part of its strategy

2010-08-25T14:18:00.000-07:00

Andrew E. Kramer has an important story about the arrest in France of Russian hacker Vladislav A. Horohorin (“BadB”) on or partly on a warrant from the US Secret Service for stolen credit card numbers, with possible extradition to the US. The story is titled “Hacker’s arrest offers peek at crime in Russia”, with link here. The US Justice Department has a statement on the arrest here.

The Times story explains why Russia tends not to arrest and prosecute hackers who have been publicly identified: that is, because the activity seems to fit into Russian national strategy, particularly to stifle dissidence, sometimes disrupting the operation of Facebook and Twitter with denial of service attacks against specific marks, as well as to disrupt commerce of competitors to Russian business.

Infant identity theft, and "phone denial of service attacks" covered by AOL article

2010-08-04T10:30:00.000-07:00

AOL’s walletpop offered an article this morning about child identity theft and several other scams, link here.

The infant id theft occurs when new social security numbers of babies are lifted and used to create fake people years before the kids will need to act as their own “number holders”. But during the teen years, parents might get sudden calls from debt collectors or run into issues when the kids apply for college. Lenders don’t seem to have adequate programs in place to detect social security numbers that may be those of infants. ‘

The article also describes (with another link within Walletpop) a bizarre and “creative” scheme using old technology, the “phone denial of service attack”. Months after the target has given out information in a phishing attack, criminals tie up users’ phones while trying to empty bank accounts, often impersonating the victims with separate lines. Banks don’t seem to have caught up with how to intercept these schemes. However, cell phone users, and people who check their accounts frequently online (generally younger customers) are much less likely to become victims.

There are also timeshare scams and fake auto dealer scams. Most of these can’t work with consumers who are more prudent with their habits.

The article discusses various schemes to defraud seniors, who may sometimes have lost reasoning ability before noticeable memory loss and be gullible for scams.

Passport technology could boost identity security for everyone

2010-08-01T08:24:00.000-07:00

The US Passport Office, of the Obama administration and Clinton State Department, is asking for new law-enforcement style authority to fight identity fraud, after some dress rehearsal tests identified some fraudulent passports, according to a Washington Times story July 29 by Shaun Waterman, here.

The office wants to use biometric and facial recognition software, data which, if more widely used in private banking and other business, might make identity theft much harder.

Could this be used readily at ATM machines, or even to sign on to a computer? Biometric control happens a lot in the movies. Here is a typical site explaining it.

At home, it could be inconvenient, or it could be an additional adjunct to home security.

Navy sets up "femme fatale" on Facebook to test threat of id theft in classified operations

2010-07-19T16:23:00.000-07:00

The Washington Times, on the front page Monday July 19, reports a caper where the US Navy Network Warfare Command set up a fake Facebook profile with a fake female person, to tempt other people with sensitive jobs to give away classified and personal information. The story by Shaun Waterman is titled “Fictitious femme fatale fooled cybersecurity; Intel, defense specialists fell for ruse in test”, link (website url) here.

People did give away classified information embedded in innocent material, but more disturbing to officials was the way some people gave away their own personal information and that of family members. For people in defense-sensitive jobs, this seems like a particularly sensitive issue, as identity theft could be a particular problem in intelligence operations.

Amateur novelists could have fun with this one. It’s even possible to imagine identities being “contracted”.

I worked for two Naval agencies early in my career, at David Taylor Model Basin and later at Naval Command Systems Support Activity at the Washington Navy Yard. Something like this could have been tested there.

Parents sometimes steal their kids' identities

2010-07-14T10:49:00.000-07:00

Mellody Hobson and Laura Zaccaro reported on ABC “Good Morning America” today “Parents stealing their kids’ identities in alarming trend”, link here. And it seems to be happening to fully grown adult children.

There is no mechanism to check a fraudulent social security number against age (as there is no direct correlation to age). So parents, desperate in a bad economy, have written off bills on their kids’ identities, who may find their credit ruined or get calls from debt collectors for their parents’ bills.

The report recommended calling both the Federal Trade Commission and local police and filing the reports therefrom to credit reporting companies. Adult children victims who don’t contest the bills with the proper procedures could wind up being legally responsible for the parents’ bills. Remember the old times when children were viewed as an “economic asset”.

The report starts with “look how devastating it can be when your own family steals from you.”

Cell phone phishing for debit cards and "mystery" phone numbers

2010-07-12T10:59:00.000-07:00

I have become aware of a cell phone phishing scam where the recipient is told by an automated prompt that his debit card no longer works. There may be variations on what the person is told. The target gets a cell phone call that sometimes fails to maintain connection. If the recipient checks the number (if not marked unavailable) it may be a number that assumes that the caller knows an extension and does not identify the company. The phone number is likely to be a local number, and Intellius will show it as unlisted but with a report available.

The recipient should contact his or her bank or local police if receiving such a call.

Phishers get sophisticated with Bank of America trademark emailks

2010-07-09T06:26:00.000-07:00

Today I got a particularly mischievous phish purporting to be “Bank of America,” using the trademark "professionally" (and illegally) claiming that security settings had to be redone. What was different was that the cursor did not show any real link when passed over, and when I forwarded the email to the BofA abuse address, the BofA logo appeared automatically in the new part of the forwarded email. I hadn’t seen this behavior before.

The bank phishers are getting even more bold in simulating real life.

Hotels have leaky security with credit cards

2010-07-07T07:04:00.000-07:00

Yahoo! republished the following article by Joe Sharkey from July 5 in the New York Times: “On the Road: Credit Card Hackers Visit Hotels All Too Often”, link here.

Hotel IT systems are not all that secure when it comes to encryption (and I have found not all that perfect when it comes to guaranteed reservations). This danger goes on top of unsecured wireless common in many hotel rooms.

Playing on the road involves more risks than letting the opponent bat last.

I’ve had only one really major credit card breach: Back in 1995, a Merrill Lynch visa card was used for about $300 worth of unauthorized AT&T calls in Canada, which AT&T reversed for me, after about an hour on the phone, at work on company time.

Data brokerage companies may offer consumers opt-outs of their public records information being sold

2010-07-05T10:10:00.000-07:00

I had a random conversation with someone on the DC Metro last night on the way back from the July 4 celebrations, who told me that his wife worked in intellectual property law, and, after talking about the Facebook controversies, we got to a discussion of data brokers and how personal information can be bought from them even when unlisted.

He said that data brokerage companies generally have an individual opt-out policy which means that you can go to each company and request that that company not sell your personal information, even if it comes from legal sources such as official public records (as maintained by local governments). However, you have to go to each company separately, and there can be many of them. In addition, some local governments publish personal information on line, especially with real estate tax records.

Here is the take on this problem from Intellius (link to privacy policy).

This information could be important to families or individuals that believe they could be especially prone to security problems.

I didn’t see a comparable policy at ChoicePoint (link ) == “purchase a shredder”. Not good.

Moreover the Electronic Privacy Information Center (EPIC) has information of the merger between Reed-Elsevier (owner of Lexus-Nexus) and ChoicePoint, and says it threatens privacy, link here. I’m not sure how old this posting is. but see next note.

See also "BillBoushka" blog, Feb. 29, 2008 for posting about data brokerage companies and online reputation. On Jan.. 30, 2008 on that blog there is discussion of the Reed-Elsevier merger, originating with an Erickson Times, a senior newsletter, article and later a Washington Post story.

Birth certificates can represent an identity security problem; Puerto Rico orders new ones for everyone

2010-07-01T07:04:00.000-07:00

The Associated Press, in a story by Danica Coto, presented a large story of special problems with identity theft in Puerto Rico, as reprinted in the Washington Times on June 28, link here.

The story starts with a chronicle of a snack bar owner in Puerto Rico arrested for thefts done in Miami and Chicago under his name.

Part of the problem is that illegal immigrants have been hiding birth certificates under mattresses, and they are easy to steal in a bricks and mortar world, almost becoming like fiat money. Furthermore in Puerto Rico the documents are required to join churches, go to school, and engage in many routine activities. So the territory recently required every resident to apply for a new certificate with security and anti-counterfeit features.

But it is shocking that security procedures with lenders or vendors are so lax that the false certificates get by.

Various other activities in the US require scanning of birth certificates, raising identity security questions, as with this story by Jed Boal from KSL in Utah.

Wikipedia attribution link for map of Puerto Rico

New FICO algorithm may be more forgiving of incidental late payments

2010-06-27T13:49:00.000-07:00

MarketWatch reports (on MSN) a change in the FICO scoring practice (“FICO 08”) used by some lenders that will reduce the impact of small lapses, such as a couple late payments of credit card bills. On the other hand, people who are closer to credit limits may find their scores lowered. The link ("The new math of FICO credit scores") is (web url) here.

People who “piggeback” onto stranger’s accounts with credit-repair companies will also see their scores lowered. The practice sounds fraudulent.

Social media users found to be blase about any identity theft risks by study

2010-06-21T13:58:00.000-07:00

A site called “Net Security” has an interesting column “The truth about social media identity theft”, link here . It refers to a study from the Ponemon Institute.

The survey showed that most users don’t use high privacy settings, and a large number actually publish their home addresses. Generally respondents didn’t feel that identity theft was a big risk from social media use. This may be because social media users are computer fluent and often check their accounts anyway, and because they believe lenders should be able to detect fraud anyway.

It is prudent to publish only a mail box address and mobile (not land) phone. However, very determined criminals still might track down a person by using data mining services that sell reports based on unlisted numbers and the like. But this tendency has not been consistently reported to be a big problem, even though some senior-associated publications (like Erickson), as well as some members of Congress, have expressed concern about it.

It is a bit hard to understand how crimes based on setting up copied identities where the targets don’t even receive bills could work for long, as one would think that address mismatches (detected with software like Group-1 or Pitney Bowes) would enable lenders (and credit reporting companies) to discover fraud more easily (even when DOB’s and SSN’s and names match). Problems may occur when lenders don’t verify transactions with the legitimate customers. Problems may be more common in industries, like hospitals or health care, where business processing is slow, giving crooks more time to get away with schemes.

Last night and weekend phishing from "banks" increases; oil spill compensation phishes sent

2010-06-14T09:19:00.000-07:00

Well, when you get multiple notices from your bank that your account access is suspended, and they were sent around 1 AM on a Sunday morning, you really know it’s phishing.

I’ve never seen so many phishing attempts sent to me over a weekend and in wee morning hours as this past weekend, from several different “banks” (some of which I do not have accounts with) as well as Paypal. I even got a couple of phishes offering me compensation from the oil spill, and I live in Virginia, in an inland area, far away from water, on higher land.

Also I’ve noticed a number of attempts to send comments in Chinese with multiple links to my blogs, apparently by mass attempts to get around the captchas required for sign ins. I get one or two of these to reject every day.

The spammers are as busy as ever, and most of them seem to be overseas, maybe in China and Russia. (If you pass your mouse over an embedded link in a phish, often it's a server in China.) Is the Chinese government still involved in hacks?

Media covers cell phone scams, and there are many different kinds of them

2010-06-11T09:31:00.000-07:00

In the past week or so, local television stations have discussed cell phone scams and identity security.

There’s a problem with being billed for cell phone notification services not ordered or authorized, or carried over from “dirty cell phone” numbers, as explained here.

Another problem some users have experienced is spam text, particularly in connection with (illegal) pump-and-dump stock market manipulations.

People may be exposed to hackers when they conduct financial transactions over cell phones, as in the Ezline article explanation (web url) here .

Or people may simply get calls from people purporting to be banks asking for personal information. Since people carry cell phones, such calls are more likely to be answered immediately rather than be returned. But banks don’t ask for personal information from cold phone calls just as they don’t ask for it in emails, so generally such calls amount to cell phone phishing. But banks do telemarket and offer credit cards or identity theft insurance. It’s much safer to visit a branch bank if you want such a service than to accept such a call.

Here’s a list of tips on cell phone ringtone scams: In the past week or so, local television stations have discussed cell phone scams and identity security.

Banks charge interest on all your purchases if you withhold anything during a vendor dispute

2010-06-08T05:11:00.000-07:00

Here’s a little knickknack that I’ve noticed on credit cards, at least with the Bank of America. I usually pay the “balance at last statement” every month, but if part of the bill is in dispute with a particular vendor, I subtract that amount (assuming I don’t go below the minimum, which never has happened).

The bank has never charged interest when the “amount due at statement” was paid, but if any portion is not (even one penny), it seems to charge interest all the time on all your purchases, even that not billed yet. That is sneaky! Therefore, if you would want to avoid any interest, you would have to pay disputed charges and wait for a vendor to refund.

I often have one dispute or another from time to time; usually I have $25-$100 in dispute among my cards much of the time.

Payment Card Compliance Guide: small businesses that process cards should check it out

2010-06-01T18:42:00.000-07:00

I got an email today from a company that thought that I process credit cards. I don’t, but the (Payment Card) PCI Compliance Guide, Facts and Myths, is well worth reading, with link here.

Note that there are four levels of merchants. A small business or non-profit that only occasionally takes cards (credit and/or debit) is at level 4 (it sounds like something out of sci-fi). But a data breach can escalate the level, or result in fines that could put a small operator out of business.

A business owner who processes no cards but funnels all his or her activity to Amazon, BN, Ebay, etc. would not be affected, because then his site does not need to record any personal or credit-related information. That is the case with me.

Some small local “bricks and mortar” businesses still take no cards. A local barber shop here in Arlington VA does not; same for a family restaurant I stumbled on in Glassboro NJ.

MSN Money: You can sue your debt collector for FDPCA violations

2010-05-26T11:56:00.000-07:00

Here’s a good one: not just “beat the bill collector” but sue your debt collector. At least that’s the topic of an MSN article today, “Sue your debt collector: Federal law sets clear limits on what debt collectors can do. If their tactics go beyond those limits, you can win -- and it's a surprisingly easy process”, by Kathryn Reynolds Lewis of MSN Money, link here.

Federal law allows a debtor to receive $1000 for each instance of abuse of their rights under the FDPCA (Fair Debt Collector Practices Act), which can include making false threats or calling at non-allowed times.

It’s not clear from the article whether the debt collection company is liable, or whether the individual debt collector as an employee of the company is liable as an individual for an FDCPA violation, but I believe it is the latter.

Debt collectors don’t make that much an hour (typically $12 or less), but do make commissions on what they collect. So the system can invite abuse.

ING creates site for educating kids about money, credit; says keeping low credit balances lowers credit scores

2010-05-23T16:05:00.000-07:00

ING was my employer from 2000 through the end of 2001, and it’s good to see ING Direct has a website ("Planet Orange") to educate teachers and parents, and kids, about credit and money -- and at least indirectly, about protecting private information and keeping your identity safe. Here is the site. It calls its members “astronauts”, rather like Geek Squad (Best Buy) calling its techs “special agents”. I think it's ironic that Titan, the largest moon of Saturn, may have a largely orange surface.

ING Direct also has its own quiz on which behaviors lower credit scores. The link on Yahoo! finance is here. What’s interesting is that keeping a small credit balance can lower your score. Many people (myself included) pay off last month’s bill but typically there are new charges since the last bill. I don’t know if this counts; Fair Isaacs can certainly identify a pattern of paying the due amount. Also, I don’t pay disputed amounts (as long as it won’t become delinquent). It’s normal for me to have a hundred dollars or so of bills in dispute. I wonder if that hurts. Yahoo’s link for the credit behavior quiz is here.

Congress considers a bill limiting ability of employers to check credit histories

2010-05-18T09:08:00.000-07:00

Can you be fired for bad credit? Liz Pulliam Weston has an article on MSN for MSN Money (4/23) that is pretty sobering. In Cleveland, the Defense Financial and Accounting Service fired some workers for bad credit because they couldn’t pass security checks. And just as with online reputation, people don’t get job offers because of credit scores and are never told why. The link for the story is here.

According to a survey from the Society for Human Resources Management (SHRM) 60% of employers use credit checks for some associates, and 13% do so for all employees, even those who don’t handle money. Must 65% allowed applicants to explain credit check problems before making hiring decisions.

Representative Steve Cohen (D-TN) has a bill to prohibit credit checks except for jobs requiring security or FDIC clearance, a managerial position in a financial institution, or certain state agency jobs.

At the same time MSN has an article suggesting that stellar credit scores, from people who do pay bills on time, can be brought down by accepting new credit lines and not using them.

Needless to say, identity security issues could damage credit scores of job applicants.

In 1987, Chilton Corporation, a credit reporting company in Dallas, decided to require credit checks of employees (it seemed ironic it had taken so long), while I worked there; when TRW acquired Chilton, it dropped the requirement. TRW is now Experian.

Banks sell identity protection; so do homeowners insurance companies, with caveats

2010-05-12T09:03:00.000-07:00

Consumers can often purchase identity theft protection, both from banks and from property (homeowners) insurance companies.

Wells Fargo, for example, has a link that explains how it covers up to $10000 for out-of-pocket losses, here.

And “Insurance agents” considers identity protection as almost a “mandatory” add-on for most people, as explained here.

Typically, this coverage is sold as an endorsement that will cover “resolution services” and lost wages and legal fees. But the coverage may not protect someone if the loss occurred because of online activity connected with a home-based business. I presume that this is available for renters, too.

The whole picture of identity protection may be evolving quickly, as insurance companies are starting to become more concerned about the risks people are creating for themselves online.

AARP: Medical id theft usually costs victims a lot out of pocket

2010-05-10T14:56:00.000-07:00

The May 2010 AARP Bulletin Today has a frightening article by Sid Kirchheimer “Scam Alert: Not what the doctor ordered: your medical records are very appealing to identity thieves”, link here.

Because of medical identity theft, victims sometimes lose health insurance or must pay higher premiums to keep coverage. The article says that it costs an average of $20000 out of pocket to close a case of medical identity theft. This is a shocking finding.

The problem could get worse if more medical records are automated (so that various specialists can see the medical chart and prescriptions online). The article also notes that stolen medical records could facilitate passport fraud, and could prove to a tempting lure for terrorists.

Consumer Reports notes that many people's carelessness on social media invites identity theft and other security problems

2010-05-04T10:26:00.000-07:00

Consumers Reports has recently run a survey that found that about 52% of social media users routinely post birthdates, home addresses, vacation plans, and other information that could endanger both home security and increase the risk of identity theft through the Internet.

The San Francisco Chronicle ran a story May 4 by Benny Evangelista, “Social network users found to endanger privacy”, link here.

The article mentions a number of steps that can improve security, including better use of social media privacy controls, especially using “only friends” option on Facebook and unchecking search engine availability.

I did find an article on Consumer Reports, "7 things to stop doing now on Facebook", link here. I did find the recommendation "letting search engines find you" a bit glaring, and it needs to be understood in context.

On the other hand, many individuals have, from their viewpoint, good reason to want to be found by everyone, including by search engines. This includes people who self-publish political or social materials, or artists and musicians attracting new performance opportunities. Furthermore, there is a big of a logical contradiction in sharing things only with “friends” if the purpose of social media is taken to be to make more “friends.”

Everyone’s situation is different, with regard to such matters as living circumstances, job conflicts, job travel, family structure, and most of all, skill in monitoring one’s own circumstances. So perhaps the adage “different strokes for different folks” applies here. A well implemented home security system is a good idea, as is the ability to monitor one’s own accounts and credit score online and ability to detect problems very early. Still another issue is maturity, and the ability to see through scams. Prevention of identity theft or other security issues has a lot to do with “whether you know what you’re doing”. Still, as I noted on the “BillBoushka” blog April 20 (and again April 29), interests ranging from property insurance companies to school principals are becoming increasingly concerned about the reach and subtlety of these problems, especially when there are minors at home without the maturity to deal with them.

Lenders are careless in checking applications for fraud; helps explain large number of victims despite FACTA

2010-04-23T19:18:00.000-07:00

Brad Stone has an important blog entry today on the New York Times site (Bits blog) exploring how careless lenders are in verifying applications, link here.

A paper at the University of California by Chris Jay Hoofnagle, “Internalizing Identify Theft”, with 9.9 million victims in 2009 just as in 2003, Social Science Research Network abstract link (web url) here.

In 2003, a change was made to the Fair Credit Reporting Act with the Fair and Accurate Credit Transactions Act (FACTA) (link ) that allows victims of identity theft to ask lenders for copies of fraudulent applications submitted under their names. Yet this capability has not reduced the crime, because lenders were so eager to grant credit, and still sometimes remain so, despite all the problems in the credit markets since the Crash of 2008.

Would the presence of an NCOA-based database for verifying identities (as I proposed here Sept. 25, 2006) and ensuring that people learn of all applications in their name slow down the activity of careless lenders?

Credit card companies know you pretty well, may even troll your Facebook "friends"

2010-04-19T13:54:00.000-07:00

Today (Monday April 19), AOL offered its visitors a “Daily Finance” article by Betsy Schiffman, “Who knows you better: your credit card company or your spouse?”, link here.

Data gathering goes on all the time, even when a cashier asks for a zip code at a supermarket and you pay by check. But, as noted before, credit card companies may be looking at the “poverty level” indicators of stores where you shop, or changes in patterns, for use of porn, etc. They also look for evidence of divorce (surprisingly, single people may look better in their eyes in many scenarios).

There’s the question of legality, and what they can get away with given recent laws in Congress. Another likelihood will be fees. Will they penalize customers who pay balance in full and don’t give them interest income (the “freeloaders”?) If so, that’s a problem, because cancelling credit cards to avoid fees will lower a FICO score even for someone who pays all bills on time.

There is even a rumor, maybe an urban legend, that some companies are using the bill paying habits of your Facebook “friends” to help score you, as if your “Friends” could help predict the level of your own financial responsibility. It sounds pretty unfounded scientifically.

I wrote about data collection on my “BillBoushka” blog (see Profile) on Feb. 29, 2008.

MSN offers consumers advice on homeowner's insurance industry "secret practices"

2010-04-12T15:10:00.000-07:00

MSN and Dell offered visitors a comprehensive guide to the homeowner’s insurance business, with all the dirty little secrets about canceling or dropping people, today. The link is here.

A couple of points: CLUE reports (discussed here in July 2009) are based on the property and can be influenced by claims filed by former owners. Insurance companies are more likely to look at insured’s FICO credit scores than in the past, so identity theft can be a real issue.

Some unusual perils (such as lava from volcanoes, sinkholes, or meteors) may in some states really be covered, even though most homeowners need to be careful to purchase special flood, earthquake, or maybe even mudslide or wildfire insurance. People in remote areas may have more difficulty because of wildfire risks in drought-prone areas.

The article noted that some insurers have dropped coverage when a homeowner started a home-based business. On the other hand, some insurers have covered media perils for online activity (libel) as long as the activity was totally “non commercial”. That issue is sure to evolve, and I think media perils should be covered separately, as I’ve discussed on my main blog in several past posts.

It does look like the claims management area of a property insurance company is a bottom-line-driven place to work. It seems to stress manipulation and competition more than "truth", judging from this article.

Debt collection for medical/dental bill leads to house foreclosure

2010-04-10T11:19:00.000-07:00

Here is a curious sidebar story by Michelle Diament in the April 2010 AARP Bulletin, p. 6, about the work of some debt collectors. It’s “what an outrage: dental bill puts bite on homeowner,” link (web url) here.

A woman lost track of a partially ubpaid dental bill in Utah. She says she never received the bill. It went into collections, was escalated to a collection agency’s litigation subsidiary, and eventually a sheriff ordered her house sold for about $1500 to pay the debt. She paid the buyer, Jarmaccc Properties LLC, the $1500 but cannot get the title back.

ABC GMA reports on increase in ATM scams, duplication of debit cards

2010-04-01T04:48:00.000-07:00

On March 31, ABC “Good Morning America” presented a story about bank ATM skimmers that are, in plain daylight sometimes, taken by thieves to connect to other machines, available on the Internet, to duplicate debit cards and drain bank accounts.

The news story is by Elisabeth Leamy and Chris Strathmann in a “Consumer News” column, link here.

It is difficult for a consumer to protect herself against this with certainty. It may help to use a neighborhood ATM with which one is familiar. It is more difficult to defend against away from home. Presumably banks would have to make up losses.

Another scam pulled on grandparents, reported on NBC

2010-03-27T12:18:00.000-07:00

On the NBC Today show today, another scam was exposed: people troll the Internet (especially social networking sites) to look for family relationships, and then call elderly people pretending to be a grandson in jail, needing money to get out on bail. It’s unbelievable that they can play on sympathy this way, and even tell the “grandparents” not to tell the parents. “Today” simulated one of these calls.

CA attorney general: Prescription drug rings use id-theft

2010-03-24T19:21:00.000-07:00

From A proposal for a project to develop system to protect personal identity in credit granting

Today, March 24, California Attorney General Jerry Brown appeared on the Dr. Phil show and spoke about identify theft by people getting illegal repeated prescriptions for certain pain-relieving or mind-altering drugs and controlled substances.

The link to Brown’s appearance is here.

So that seems to be the latest wrinkle on the debate on the id theft problem, sales of painkillers to fictitious people.

Jerry Brown was a governor of California in the 1970s, lived as a bachelor in a small apartment and not in the governor's mansion, and may run again.

Census forms will not seek personal information

2010-03-18T09:01:00.000-07:00

Multiple media outlets this morning are reporting that 2010 Census forms are arriving by mail this week, but that individuals and families should be careful about fraudulent imitations. Census will not contact you by email; it may call you after you return the form to clarify an answer. After May 1, if you did not return the form, you may be visited door-to-door but the worker will have ID and will not come into your home.

Census does not use personal information at an individual level; it only aggregates information for statistical purposes. It will not ask for personal identifying information. Forms that ask for personal information are fake.

Census also has strict confidentially policies for its employees, who must sign a lifetime confidentiality oath, even for information that is aggregated. See my “information technology job market” blog Feb. 2, 2010, and my “some approaches to filtering and labeling…” blog Feb. 8, 2010.

Phone scams can phish for personal info was well as Internet emails

2010-03-13T07:11:00.000-08:00

While we hear a lot these days about phishing (and we have heard a lot about this for years), there may be an older, low-tech scheme to watch: phone phishing.

Yesterday I got a call (on a landline, even) from someone who claimed to be from the FTC (Federal Trade Commission) and who claimed that the FTC was “managing” a sweepstakes or lottery winning, and that I had won an improbable sum. I haven’t even played a lottery or sweepstakes within recent memory, and the FTC doesn’t give out winnings. This sounds like an old-fashioned ploy for personal information. I hung up.

Remember how security was in the old bricks and mortar world? People didn't worry about it much in the suburbs until perhaps the late 1970s.

Fake NCOA changes could lead to id theft (consumers union advisory insert)

2010-03-01T09:04:00.000-08:00

The Sunday Washington Examiner on Feb. 28 contained an insert called “Dollars and Sense Guide: Credit Union’s Consumer Resource to Financial Management”. On page C14 there appears a piece “Are you at risk of identity theft?”

The recommendations for consumers are the usual ones, except that it adds suggestions to use shredders with cross-cuts producing confetti bits rather than strips or slivers. That seems kind of paranoid. It also talks about dumpster-diving and old hazards from the bricks-and-mortar world.

But the article also highlighted a particular danger that crooks could submit NCOA changes to replace your identity. The symptom would be that you stop receiving expected bills by mail (although it you switch to doing everything online, you’ll still get them). Would my September 2006 proposal circumvent this? The problem is that a financial institution would still make a hit on the (mainframe, highly secured) NCOA database and not pick up a problem. However the USPS could set up independent verification schemes that would preclude updating NCOA until these identifiers are properly supplied. The MoveForward, etc. products used by companies to update clientization databases could easily be modified to check these parameters (including extra functions in the required USPS audit of financial institutions).

Be wary of check processing job scams!

2010-02-07T06:56:00.000-08:00

MSN/Dell is warning the public about “payment processing” job scams where the “home worker” deposits a fraudulent check to the bank, takes a commission, and then wires money to the “employer”. For a short period of time, the bank is required to honor the amount, so this scheme has become an attractive scam, attracting people looking for work. The link is here.

Kathryn Reynolds Lewis (MSN Money) has the story “Cash a check, maybe go to jail: Did you get conned into joining a check-cashing scam? Even if authorities decide you're an innocent victim, you could find yourself owing a bank thousands of dollars.”

In a few cases, check processors have been threatened with prosecution, which would be possible if they knew that it was a fraud or should reasonably have known. They will wind up with liability for the money and could have their accounts frozen.

Some of these jobs have been offered on Craigslist.

Reviewing the Identity Theft and Assumption Deterrence Act of 1998

2010-02-03T09:53:00.000-08:00

I don’t think that I’ve explicitly covered the legal basis for prosecutions for “identity theft” in federal law, but one of the most important tools is the Identity Theft and Assumption Deterrence Act of 1998, Public Law 105-318, 112 Stat. 3007 (Oct. 30, 1998), Public Law 105-318, 112 Stat. 3007 (Oct. 30, 1998), HR 4151.

The FTC maintains a copy of the text of the statute at this link.

The site wikia.com has a better description than Wikipedia, with the (web URL) link here.

The law is criticized as not offering individual victims the right to collect civil damages for their time and inconvenience and disruption; instead institutions are compensated, and individuals must depend on law enforcement to bring about prosecutions.

The articles refer to a controversial Federal Victim and Witness Protection Act of 1982, which was supposed to assist victims and witnesses to crimes, but more often in criminal investigation and testimony situations, familiar in the movies. A link that summarizes many of these laws is at DOJ here.

A simpler reference is here.

Internet Privacy Day: an occasion to "celebrate"!

2010-01-28T08:12:00.000-08:00

Today, Jan. 28, 2010, is Internet Privacy Day, and AOL Walletpop has a good summary story, “Internet Data Privacy Day 2010: How to protect your kids (and yourself) online,”, by Lita Epstein, link here.

The story gives many links from different organizations, such as the Girl Scouts, but emphasizes that even with privacy settings, nothing is completely private anymore. The story gives links to other stories that discuss the harm of Internet rumor.

The article mentions an AOL blog “Safety Clicks” (link here) with many entries, including an entry that Social Networking Profiles could become a new target for hackers in 2010.

TSA no-fly list could be tied to an NCOA-based identity protection system

2010-01-04T06:48:00.000-08:00

Justin Florence has an article in the Jan. 4 Washington Post , “A Better No-Fly List”, that does link to the problem of identity protection. The link is here.

The article suggests a way for people mistakenly singled out by the list to appeal, with an in-person procedure where TSA employees could check identities more carefully on a system not connected to the Internet (and probably an old-fashioned mainframe system with mainframe security, starting with RACF). There also could be an appeals procedure, but who should pay the cost of attorneys is a good question when an innocent person is wrongly singled out. Similar names will be a reason for mis-identifications.

Of course, so could identity theft. It makes sense that such a system could tie in to NCOA verifications that I suggested on Sept. 25, 2006 on this blog.

Three big tips for identity security

2009-12-22T17:54:00.000-08:00

Smart Money has a three-way tip sheet on “how to thwart identity thieves” today, Dec. 22, which MSN/Dell shared with its users today. The link is here.

The first tip is to stay with big names when shopping, because “they have the most to lose” if security fails. Amazon got good marks. But I still find that some “really indie” film DVD’s are not available in Amazon and need to be bought from the self-distributor.

Another tip is to watch out for “shoulder surfing”, a physical security problem at ATM’s and even with cell phones and Blackberries (which can be harder to type on). But the biggest danger could be mugging or robbery off hours at ATM’s that are not in locked spaces (requiring card access).

Another tip is to watch debit cards use very carefully for bogus charges. Security purists say, don't use debit cards at all.

I think there are some others. Use strong passwords, and develop a secure system for keeping them straight, especially when traveling. Think through your security plans before traveling, which can force you to build good habits for when you return home. (Maybe that movie “Up in the Air” has some pointers for frequent fliers.)

Homeland Security delays RealID requirementsm

2009-12-19T07:54:00.000-08:00

States will have until 2011 to comply with federal RealID requirements, according to a Washington Post story Saturday Dec. 19 by Spencer Hsu. Now states will have until May 11, 2011 to comply with RealID requirements in issuing drivers’ licenses and public safety ID cards (instead of Dec 31, 2009). The link for the story is here.

RealID is touted as a major enhancement of travel security (airports and probably trains and even transit systems in the future). However, the concept is similar to a proposal advanced here to build an NCOA database as a repository for due diligence checks to make impersonation of people much more difficult. It would be possible to combine the two plans.

Moderately well known people (even bloggers or self-published writers), especially with unusual names in less common languages or uncommon spellings, are probably harder to impersonate even as things are now.

New Visa/MC scam reported in Canada

2009-12-16T11:11:00.001-08:00

Toronto police are warning North American users of a new scam in which a caller claims to be from Master Card or Visa and to have detected unusual activity on your card, very likely a lot of it overseas. The scammer already has your card numbers, but needs one more piece of information (usually a social security number in the US or similar government number in Canada or the UK) in order to start impersonation. They might ask for a PIN number.

The scam is apparently common in Canada now and spreading.

Note: "Western Union" phishing scam

2009-12-06T14:17:00.000-08:00

In recent days, I’ve gotten repeated emails about payments from “Western Union”. Of course, this is a variant of the “Nigerian scam” or phishing attack. I’ve gotten about five of these a day for the past week.

But what’s really curious, to me at least, is that when I worked for a debt collection agency in 2003, we often urged debtors to pay through Western Union (rather than send a check in the mail – some debtors are “unbanked” – as discussed today in a CNN report). That was mainly out of a need to convey a sense of “urgency.” Western Union was also a major customer of Sperry Univac when I worked for Univac in the early 1970s.

So, "Free Credit Report dot com" actually works!

2009-12-02T05:34:00.001-08:00

Well, “Free Credit Report”, with all the minstrel singing by attractive pseudo-deadbeats, actually worked. Recently, I misplaced a new Suntrust card, which I noticed when I pulled out the card at a gas station and saw it was the old one.

The Suntrust telephone script will close out the old account immediately, create a new one, and mail the card. But the interesting thing is, yes, I did get the email from “Free Credit Report” in 24 hours, as well as an email from Experian showing it as “potentially negative information.”

So, something here actually works.

House title theft is on the rise: visit FBI tip page

2009-11-04T08:14:00.000-08:00

Here’s identity theft taken to new highs: “house theft”. Criminals, after obtaining personal information, create various accounts and fraudulent documents and then go to county or local authorities and gain control to the deeds of property.

There’s a story by Paul McNamara on Network World here.

The FBI actually has a detailed page describing how the scams work, web URL here ("House stealing: the latest scam on the block"). Some tips: if you receive a payment booklet in the mail that you don’t expect, investigate. (But don’t click on unsolicited emails related to your mortgage, as they are probably phishing attacks). It’s a good idea to check your deed at your local government once a year. Title insurance companies will have to develop practices to detect house or land title stealing.

FTC not amused by "free credit report" services

2009-11-03T13:54:00.000-08:00

Ron Lieber has a not-so-amusing front page story in the Tuesday Nov. 3, 2008 New York Times, in a series called “The Card Game: Playing Off Anxiety.” It is titled “A free credit report score followed by a monthly bill”. The link is here.

Experian’s “Free Credit Report” (link) offers the Experian Plus score, not used by lenders (the FICO score is the lending industry standard), and requires signing up for monthly monitoring for a fee. It’s true that the monitoring would help some consumers catch identity theft. But the Federal Trade Commission is, according to Lieber, is not “amused” at the Free Credit Report TV spots, that show “slackers” forced or "demoted" into the life of the proletariat (demoted from the bourgeoisie) because criminals stole their identities. The young men in Pirate waiter gear and playing guitars are attractive enough, and fit the visual stereotypes of who would look good in a gay country and western disco (like Remington’s in Washington or the RoundUp in Dallas).

The government’s mandated report service is actually called “Annual Credit Report” (link) and the government has actually offered a spoof of the Free Credit Report commercial.

FTC has handbook on Red Flags Rules; CoNetrix offers major implementation service

2009-10-21T17:32:00.000-07:00

CoNetrix has a web page on Section 114 of the 2003 Fair and Accurate Credit Transactions Act (FACTA), as well as Section 315. The law requires financial institutions to implement an Identity Theft Prevention Program with “Red Flag Rules”. The link is here. The program comes with a subscription.

The FTC (Federal Trade Commission) has a press release on the Red Flags Rules (practices discovered by automatic audits that suggest a high probability of identity theft), that had to be in placed by November 2008, URL link here. The Manual and other basic literature can be accessed at the basic Red Flags link here.

One of the most interesting Red Flags is not trying to collect a debt, either directly for from a debt collection agency. When a party does not claim a benefit that generally would be legitimate, that is a sign of intentions that are amiss.

Small businesses need to heed the FACTA Shredder Law; New product "Identity Finder" and pre-protect personal info

2009-10-20T07:32:00.000-07:00

As far back as 2005, the FTC warned small businesses that keep customer personal information that they must “shred or else”. Even mom-and-pop shops face fines if they lose personal information. There is a column all the way back in May 2005 “Identity Theft 911” describing the Fair Accurate Transaction Act (or FACTA). To comply with the FACTA Disposal Rule (or “Shredder Law”) Businesses must shred documents and destroy electronic data (not merely delete it), although they may hire third party vendors to do these things.

A copy of the text of the law is at this link at the Government Printing Office (GPO) site.

I do not process transactions with individual people now, although in the past (well before 2005) I have sold copies of my book directly to people. According to the law, I would have to destroy their name and address information.

Here’s another item: Fortune Small Business has an article by Jennifer Alsever, “Steal Your Own Identity: New software sniffs out personal information before hackers can get to it”. The CNN Money link for the story has web URL here. The product is called “Identity Finder” (link) which will scan your PC for personal information, show you individual items and ask you if you want to encrypt the item.

Be careful with personal information on job boards: customs are changing

2009-10-19T06:28:00.000-07:00

Some job posting boards could become targets of identity thieves, according to the Oct. 19, 2009 issue of the Career News, link here.

It used to be that employers expected to find full home address and phone and employer information. In earlier days, resumes were on paper and circulated by recruiters on fax machines. With the Internet, the possibility of abuse of normally private information comes to the fore. Unscrupulous persons (maybe even unscrupulous employers) could use data brokers to get even more personal information about people they really are not interested in hiring.

Hence, with online job boards, the practice of making identifying information much leaner is developing. A UPS mail box address is one idea, too.

Many experts advocate using a different email for job search responses, in order to further reduce the risk of spam, or that your email will be used in spam spoofing as a fake sender.

Sun offers corporate customer identity life cycle management, free white paper/buyer's guide

2009-10-14T17:47:00.000-07:00

Today Sun Microsystems emailed its list an invitation to peruse its PDF booklet “A Complete Buyer’s Guide to Identity Management”. The visitor must fill out a simple registration form (“identifying” himself or herself).

The view of the Guide is that “identity” is a core concept and property of an internal or external customer in an enterprise. Therefore security checklists and protocols must be based on the idea that one will expect the visitor to validate that he or she is who “it” says “it” is. The guide does provide a long series of successive checklists for designing security architecture for an enterprise, related to how various Sun libraries are structured. Sun also describes a concept called “identity lifecycle management.”

The most important link is this. There is also open source directory management here.

Hotel peep-hole case involving filming Erin Andrews raises questions about identity security in hotels for everyone

2009-10-05T16:16:00.000-07:00

USA Today has a feature “Hotel Check: A road warrior’s guide to a changing landscape”, and it’s not exactly a replay of the classic movie “Grand Hotel”. Or maybe it is, in the official story “ESPN's Erin Andrews filmed through tampered peephole at Marriott Nashville hotel”, link here.

For this column, the lesson is that physical hotel security could be an important issue in personal identity security protection. Many hotels offer connecting rooms (my parents used to rent them all the time for me when I was growing up), and these offer opportunities for spying through peepholes or other devices (the witty Sony Screen Gems flick “Vacancy” (2007), dir. Antal Nimrod, offers an entertaining object lesson). The alleged activities of salesman David Barrett, as detailed in media reports, do blow the mind as to the extent that a stalker will go – and then, the alleged perpetrator thought that this sort of activity is necessary and sufficient for making money on the Internet.

How credit cards lower limits based on card-use locations, driving down FICO scores

2009-09-28T11:34:00.000-07:00

Today, on "American Morning", CNN reported on the practice of credit card companies, especially American Express, of lowering credit limits on “responsibly paying” customers (on time) -- even those with good FICO scores -- if there are sudden changes in patterns in where they shop and use their cards. AE told one customer that his limit had been lowered fro, $10000 to $3800 because other customers of the businesses he frequents have poor payment histories. Gerri Willis appeared, and explained that if a customer who usually shops at high-end stores suddenly starts using Wal-Mart a lot, that is a signal to the credit card company of possible impending or realized job loss. The sudden appearance of bar tabs on cards is a red flag.

Others on CNN called the practice outrageous, to penalize good customers for what others do. But isn’t that how insurance works? May credit limits will work that way too.

Lowering of credit limit can lower FICO score and cause other credit card companies to lower limits in a chain reaction, resulting in a lower FICO score.

My Safe ID says that the average victim loses $500 out of pocket despite best efforts

2009-09-06T05:10:00.000-07:00

A site called “My Safe ID” now claims that there are 10 Million identity theft victims per year, and that the average victim, despite his best restorative efforts, will incur a $500 out of pocket cost, and about 70 clock hours spent. The link is here. It’s true that the site seems to be selling a protection service.

Most creditors will work with victims to clear accounts, but there is a “guilty until proven innocent” mentality with collection agencies and creditors, according to the article.

Federal Reserve Chairman is accidental victim of id theft

2009-08-28T09:50:00.000-07:00

Although one would think it should be harder to impersonate celebrity, Federal Reserve Chairman Ben S. Bernanke and his family became victims, according to a story on p 22 of the Washington Post today by Jerry Markon, Neil Irwin, and Keith L, Alexander, link here. A purse was stolen, and one check for $900 was written illegally in his name. Now there is a prosecution of at least nine people in an identity-theft ring in federal court in Alexandria.

Today’s millionaire show asked which kind of device was useful in fighting identity theft, with the answer being “paper shredder.”

Can a computer user hide his IP address? Does he need to?

2009-08-27T11:46:00.000-07:00

Here’s another trick question, in a “Tech MSN” column written by Paul Hochman. The article is called “Hiding in plain sight: Is my personal information safe when I go online?”

A reader asks Paul if there is a way to hide his IP address when he sends an email. Paul gives an answer that, no, it can’t be hidden, although many ISP’s (like AOL) change it all the time. But it takes a court order to get anything more, even your name if your anonymous (and I’ve written a lot lately about misbehaving anonymous bloggers).

His answer is here.

If you have your own website, most ISP’s give you access to logs, which may enable you to see where page requests for your site come from. You can do a reverse IP lookup on WHOIS sites like “Domain tools”. If it’s your employer, a lot of times the IP address will give your employer away. That happened for me in 2005 with the local public school system where I was substitute teaching. I could tell that a school administrator had searched for my name with a disturbing search argument, and solve a personnel issue that was going on.

Beware of phishing with debt collection emails

2009-08-25T05:08:00.001-07:00

Today I got a debt collection notice by email, with instructions to “settle” for $79 by paypal. Of course, I marked it as spam. Curiously, AOL had let it through, and Spysweeper did not flag it.

The email did not have the mini Miranda worded correctly, and did not identify the supposed creditor. Furthermore, my credit reports are clean (there was one small medical bill that a doctor mis-submitted but that was for considerably more than $79).

As far as I know, you must be contacted by phone or US mail to collect a debt. The phone call must start with the Mini-miranda, must identity the creditor and amount.

So phony debt collection notices may be the next type of phishing attacks.

Debt collectors don't have an easy job!

2009-08-21T13:48:00.000-07:00

I could put this on my IT blog because that’s where I talk about the job market, but debt collection is related to identity security, so I’ll put it here. Today, AOL posted a “Career Builder” page “Confessions of a debt collector” which follows a 10 year old book “Beat the Bill Collector” by Max Edison.

The link is here.

I worked for a collection agency for a while in 2003 while still in Minnesota, and the quota was much less than $300000. But they are right about the FDCPA, the Fair Debt Collection Practices Act. Ethical companies do require collectors to follow it, and employees are monitored randomly by managers.

Good collectors are gentle with the customers, and focus on contacting customers who really want help with clearing up debt. Good collectors know that there are enough customers who do want help that they don’t need to harass those who don’t.

Unspam group goes after banks for info on their systems in suit against hackers

2009-08-20T13:00:00.000-07:00

Saul Hansell is reporting today (Aug. 20) in The New York Times Business Day that Unspam Technologies is taking legal action to get information about security systems and practices at banks that have accidentally leaked personal information to computer hackers. The suit appears to have been filed formally against the hacker gangs overseas. But the disclosure technique is similar to that used in “anti-anonymity” cases with bloggers and libel, or particularly to identify computer users who download songs illegally through P2P.

The story is “A lawsuit tries to get at hackers through the banks they attack” and the link is here.

Major id-theft and hacking ring broken with indictments (Heatland Payment Systems case)

2009-08-18T08:55:00.000-07:00

Three hackers have been indicted for compromising the payment processing systems of Heartland Payment Systems in 2008; indirectly affected are the customers of 7-Eleven convenience stores and Hannaford Brothers groceries.

There are many media stories, but Brian Krebs as an account in the Aug. 18 Washington Post here.

One of those indicted is a former Secret Service agent, Albert Gonzalez, and has already been indicted on some high profile compromises such as T.J. Maxx.

Hackers in the US worked with those in Russia and Eastern Europe.

It was not immediately clear how much monitoring assistance would be available to consumers.

Surprise mini-Miranda goes to "dead air"; Government websites tracking cookies could compromise privacy

2009-08-11T18:34:00.000-07:00

Well, guess what. I got a phonecall with a bad connection and the beginnings of a mini-Miranda when the call dropped into “dead air”. So I checked my credit reports on freecreditreport.com (the fish sticks guy) and found no problems, so I think it is a small medical bill that the hospital center sent to the wrong Medicare supplementary insurance carrier. Yes, the provider did not get paid, and I will get a call from a collection agency. I used to work as a debt collector (though not in medical – they say “you used the services”). I know how it works. I will get a call from a collector. It’s up to Virginia Hospital Center to fix it (or eat the cost).

But I think there are ways for phony accounts to get set up that wind up in collections but don’t even hit your three credit reports. It’s unusual, but there are technical loopholes that let it happen.

Today the Washington Post had a major story about tracking cookies and government websites., by Spencer S. Hsu and Cecillia King, “Obama Web-Tracking Plan Stirs Privacy Fears”, link here. This whole fiasco started with Obama’s own video website and the rigging of the video application. No,really I don’t think that this will lead to identity theft, but after what just happened today I start to wonder.

I encounter an apparent Blackberry glitch: a way personal information could leak

2009-08-08T14:37:00.001-07:00

Something bizarre happened with my Blackberry today that sounds like another identity security peril. I placed a sensitive call and left a message, having used the white tracking ball to bring up the number. I believe that I got the usual greeting for that number.

When I put it back on my belt, somehow the cursor moved and it playing back some recorded instructions. I looked at the call log, and it said that the call had been placed to another number, an 800 number for a bank. I logged on to my Verizon account and today’s call log did not show yet. Furthermore, the record of the earlier call to the correct number disappeared, and the call count got added in to the wrong number.

It’s conceivable that personal information could have been left with a wrong number. I’ll have to find out from the right party if it actually got one or two calls from me. I really think it got two calls, and it will turn out that this is a Blackberry software bug of some kind. But it could represent a serious security problem for some people in some circumstances.

As a movie title says, “something wicked this way comes.” Hopefully the Secret Service as eliminated any software bugs from president Obama's Blackberry, but it’s easy to imagine how something like this could be a security problem in military or diplomatic situations, too.