Tuesday, January 27, 2009

Even ink pens have identity security implications!

So now, they’re reminding us of the identity dangers in the bricks and mortar world. Ever had a time in the 70s or 80s when you lost a checkbook, had the account closed and checks reissued “to protect your money?” Nothing new.

Remember the simple ideas like “check protection” in PICTURE clauses in COBOL programs?

A recent television commercial from a company called “uniball” (site) warns that even conventionally signed checks can be forged. The pen manufacturer claims that its technology drives the ink deeper into the check parchment.

We’re back to thinking about check security in the 18th century, before we even had electricity, let alone computers (outside of astrolabes). Heaven help us if we have an era like that again.

Picture: A high school paper chemistry test, Dec 1960. In those days we computed with slide rules. (Teachers: go ahead an use the questions if you like!)

Monday, January 19, 2009

Conservative columnist proposes tougher rules for creditors in reporting daya

Armstrong Williams has an interesting op-ed on p A21 of the Jan. 19 Washington Times, “Credit agencies are the messengers: Blame creditors for faulty data,” link here. Although the three major credit reporting companies are indeed required to correct errors and implement security freezes when requested, the “blame” goes to creditors when reporting data, according to William, who maintains that tougher rules ought to be in place for how data is reported. That might include more due diligence in making sure that creditors are really reporting on the right consumer (but then they need to identify the consumer before even making the loan, a major theme of this blog).

Thursday, January 15, 2009

Mainframe tape containing my own data reported lost

Well, “it’s happened”. I received a form letter from a “Shareowner Services” company stating that one of its disaster recovery vendors could not account for a bin of backup tapes that may have contained my personal information. The loss apparently happened in February 2008.

I won’t name the companies here (because I don’t, in sight of search engines, name entities that I do business with when discussing mishaps or issues).

I was given an access code to subscribe to a free credit monitoring service. The website is consumerinfo.com and the credit monitoring company turns out to be Experian (which was spun off from TRW after acquiring Chilton). The company also has a web link to state the status of any known incidents from the data loss, and as of today there have been none.

We’re in a different world, from the last big period of my own mainframe information technology career, leading up to Y2K, where employees tested with production data and kept listings and tapes around as proofs of tests. But during that period, even only ten years ago, there was nothing like the concern there is now for consumer id security.

I’ve had a credit card number misused once, in 1995. The card was rejected in a supermarket and the company called me the next day. I had about $300 in Canadian phone charges reversed.

Thursday, January 01, 2009

DC Examiner editor reports misuse of her own debit card: a cautionary tale

On January 1, 2009 the DC Examiner runs a particularly chilling story on p 19 about a personal experience of design editor, Joana Suleiman. The title of the article is “Hunting ME down: A needed wake-up call for card users”. The article is not yet available online.

Ms. Suleiman received a call that enormous amounts of electronics purchases had been charged to her debit card in Britain. When she looked up her accounts online, she found that all of her checking and savings had been depleted. It took two months for her money to be restored. Of course, one of her first steps was to place fraud alerts and security freezes with the three major credit reporting agencies.

The only “bad habit” she had was using her debit card online. She had a home and work firewall, didn’t visit risky sites, didn’t answer phishing emails. She also used a credit monitoring service and never had an negative reports. Had a credit card been misused instead of debit card, she simply could have disputed the charges.

People who use debit cards in stores should visit their accounts frequently (especially when on the road) to look for any unexplained charges or debits.

Update: Jan 5, 2009

The article is now available online at the Examiner, here, as an Opinion piece.