Monday, March 01, 2010

Fake NCOA changes could lead to id theft (consumers union advisory insert)


The Sunday Washington Examiner on Feb. 28 contained an insert called “Dollars and Sense Guide: Credit Union’s Consumer Resource to Financial Management”. On page C14 there appears a piece “Are you at risk of identity theft?”

The recommendations for consumers are the usual ones, except that it adds suggestions to use shredders with cross-cuts producing confetti bits rather than strips or slivers. That seems kind of paranoid. It also talks about dumpster-diving and old hazards from the bricks-and-mortar world.

But the article also highlighted a particular danger that crooks could submit NCOA changes to replace your identity. The symptom would be that you stop receiving expected bills by mail (although it you switch to doing everything online, you’ll still get them). Would my September 2006 proposal circumvent this? The problem is that a financial institution would still make a hit on the (mainframe, highly secured) NCOA database and not pick up a problem. However the USPS could set up independent verification schemes that would preclude updating NCOA until these identifiers are properly supplied. The MoveForward, etc. products used by companies to update clientization databases could easily be modified to check these parameters (including extra functions in the required USPS audit of financial institutions).

No comments: