Wednesday, October 21, 2009

FTC has handbook on Red Flags Rules; CoNetrix offers major implementation service

CoNetrix has a web page on Section 114 of the 2003 Fair and Accurate Credit Transactions Act (FACTA), as well as Section 315. The law requires financial institutions to implement an Identity Theft Prevention Program with “Red Flag Rules”. The link is here. The program comes with a subscription.

The FTC (Federal Trade Commission) has a press release on the Red Flags Rules (practices discovered by automatic audits that suggest a high probability of identity theft), that had to be in placed by November 2008, URL link here. The Manual and other basic literature can be accessed at the basic Red Flags link here.

One of the most interesting Red Flags is not trying to collect a debt, either directly for from a debt collection agency. When a party does not claim a benefit that generally would be legitimate, that is a sign of intentions that are amiss.

Tuesday, October 20, 2009

Small businesses need to heed the FACTA Shredder Law; New product "Identity Finder" and pre-protect personal info

As far back as 2005, the FTC warned small businesses that keep customer personal information that they must “shred or else”. Even mom-and-pop shops face fines if they lose personal information. There is a column all the way back in May 2005 “Identity Theft 911” describing the Fair Accurate Transaction Act (or FACTA). To comply with the FACTA Disposal Rule (or “Shredder Law”) Businesses must shred documents and destroy electronic data (not merely delete it), although they may hire third party vendors to do these things.

A copy of the text of the law is at this link at the Government Printing Office (GPO) site.

I do not process transactions with individual people now, although in the past (well before 2005) I have sold copies of my book directly to people. According to the law, I would have to destroy their name and address information.

Here’s another item: Fortune Small Business has an article by Jennifer Alsever, “Steal Your Own Identity: New software sniffs out personal information before hackers can get to it”. The CNN Money link for the story has web URL here. The product is called “Identity Finder” (link) which will scan your PC for personal information, show you individual items and ask you if you want to encrypt the item.

Monday, October 19, 2009

Be careful with personal information on job boards: customs are changing

Some job posting boards could become targets of identity thieves, according to the Oct. 19, 2009 issue of the Career News, link here.

It used to be that employers expected to find full home address and phone and employer information. In earlier days, resumes were on paper and circulated by recruiters on fax machines. With the Internet, the possibility of abuse of normally private information comes to the fore. Unscrupulous persons (maybe even unscrupulous employers) could use data brokers to get even more personal information about people they really are not interested in hiring.

Hence, with online job boards, the practice of making identifying information much leaner is developing. A UPS mail box address is one idea, too.

Many experts advocate using a different email for job search responses, in order to further reduce the risk of spam, or that your email will be used in spam spoofing as a fake sender.

Wednesday, October 14, 2009

Sun offers corporate customer identity life cycle management, free white paper/buyer's guide

Today Sun Microsystems emailed its list an invitation to peruse its PDF booklet “A Complete Buyer’s Guide to Identity Management”. The visitor must fill out a simple registration form (“identifying” himself or herself).

The view of the Guide is that “identity” is a core concept and property of an internal or external customer in an enterprise. Therefore security checklists and protocols must be based on the idea that one will expect the visitor to validate that he or she is who “it” says “it” is. The guide does provide a long series of successive checklists for designing security architecture for an enterprise, related to how various Sun libraries are structured. Sun also describes a concept called “identity lifecycle management.”

The most important link is this. There is also open source directory management here.

Monday, October 05, 2009

Hotel peep-hole case involving filming Erin Andrews raises questions about identity security in hotels for everyone

USA Today has a feature “Hotel Check: A road warrior’s guide to a changing landscape”, and it’s not exactly a replay of the classic movie “Grand Hotel”. Or maybe it is, in the official story “ESPN's Erin Andrews filmed through tampered peephole at Marriott Nashville hotel”, link here.

For this column, the lesson is that physical hotel security could be an important issue in personal identity security protection. Many hotels offer connecting rooms (my parents used to rent them all the time for me when I was growing up), and these offer opportunities for spying through peepholes or other devices (the witty Sony Screen Gems flick “Vacancy” (2007), dir. Antal Nimrod, offers an entertaining object lesson). The alleged activities of salesman David Barrett, as detailed in media reports, do blow the mind as to the extent that a stalker will go – and then, the alleged perpetrator thought that this sort of activity is necessary and sufficient for making money on the Internet.