Sunday, June 27, 2010

New FICO algorithm may be more forgiving of incidental late payments

MarketWatch reports (on MSN) a change in the FICO scoring practice (“FICO 08”) used by some lenders that will reduce the impact of small lapses, such as a couple late payments of credit card bills. On the other hand, people who are closer to credit limits may find their scores lowered. The link ("The new math of FICO credit scores") is (web url) here.

People who “piggeback” onto stranger’s accounts with credit-repair companies will also see their scores lowered. The practice sounds fraudulent.

Monday, June 21, 2010

Social media users found to be blase about any identity theft risks by study

A site called “Net Security” has an interesting column “The truth about social media identity theft”, link here . It refers to a study from the Ponemon Institute.

The survey showed that most users don’t use high privacy settings, and a large number actually publish their home addresses. Generally respondents didn’t feel that identity theft was a big risk from social media use. This may be because social media users are computer fluent and often check their accounts anyway, and because they believe lenders should be able to detect fraud anyway.

It is prudent to publish only a mail box address and mobile (not land) phone. However, very determined criminals still might track down a person by using data mining services that sell reports based on unlisted numbers and the like. But this tendency has not been consistently reported to be a big problem, even though some senior-associated publications (like Erickson), as well as some members of Congress, have expressed concern about it.

It is a bit hard to understand how crimes based on setting up copied identities where the targets don’t even receive bills could work for long, as one would think that address mismatches (detected with software like Group-1 or Pitney Bowes) would enable lenders (and credit reporting companies) to discover fraud more easily (even when DOB’s and SSN’s and names match). Problems may occur when lenders don’t verify transactions with the legitimate customers. Problems may be more common in industries, like hospitals or health care, where business processing is slow, giving crooks more time to get away with schemes.

Monday, June 14, 2010

Last night and weekend phishing from "banks" increases; oil spill compensation phishes sent

Well, when you get multiple notices from your bank that your account access is suspended, and they were sent around 1 AM on a Sunday morning, you really know it’s phishing.


I’ve never seen so many phishing attempts sent to me over a weekend and in wee morning hours as this past weekend, from several different “banks” (some of which I do not have accounts with) as well as Paypal. I even got a couple of phishes offering me compensation from the oil spill, and I live in Virginia, in an inland area, far away from water, on higher land.

Also I’ve noticed a number of attempts to send comments in Chinese with multiple links to my blogs, apparently by mass attempts to get around the captchas required for sign ins. I get one or two of these to reject every day.

The spammers are as busy as ever, and most of them seem to be overseas, maybe in China and Russia. (If you pass your mouse over an embedded link in a phish, often it's a server in China.)   Is the Chinese government still involved in hacks?

Friday, June 11, 2010

Media covers cell phone scams, and there are many different kinds of them

In the past week or so, local television stations have discussed cell phone scams and identity security.

There’s a problem with being billed for cell phone notification services not ordered or authorized, or carried over from “dirty cell phone” numbers, as explained here.

Another problem some users have experienced is spam text, particularly in connection with (illegal) pump-and-dump stock market manipulations.

People may be exposed to hackers when they conduct financial transactions over cell phones, as in the Ezline article explanation (web url) here .

Or people may simply get calls from people purporting to be banks asking for personal information. Since people carry cell phones, such calls are more likely to be answered immediately rather than be returned. But banks don’t ask for personal information from cold phone calls just as they don’t ask for it in emails, so generally such calls amount to cell phone phishing. But banks do telemarket and offer credit cards or identity theft insurance. It’s much safer to visit a branch bank if you want such a service than to accept such a call.

Here’s a list of tips on cell phone ringtone scams: In the past week or so, local television stations have discussed cell phone scams and identity security.

Tuesday, June 08, 2010

Banks charge interest on all your purchases if you withhold anything during a vendor dispute

Here’s a little knickknack that I’ve noticed on credit cards, at least with the Bank of America. I usually pay the “balance at last statement” every month, but if part of the bill is in dispute with a particular vendor, I subtract that amount (assuming I don’t go below the minimum, which never has happened).


The bank has never charged interest when the “amount due at statement” was paid, but if any portion is not (even one penny), it seems to charge interest all the time on all your purchases, even that not billed yet. That is sneaky! Therefore, if you would want to avoid any interest, you would have to pay disputed charges and wait for a vendor to refund.

I often have one dispute or another from time to time; usually I have $25-$100 in dispute among my cards much of the time.

Tuesday, June 01, 2010

Payment Card Compliance Guide: small businesses that process cards should check it out

I got an email today from a company that thought that I process credit cards. I don’t, but the (Payment Card) PCI Compliance Guide, Facts and Myths, is well worth reading, with link here.

Note that there are four levels of merchants. A small business or non-profit that only occasionally takes cards (credit and/or debit) is at level 4 (it sounds like something out of sci-fi). But a data breach can escalate the level, or result in fines that could put a small operator out of business.

A business owner who processes no cards but funnels all his or her activity to Amazon, BN, Ebay, etc. would not be affected, because then his site does not need to record any personal or credit-related information. That is the case with me.

Some small local “bricks and mortar” businesses still take no cards. A local barber shop here in Arlington VA does not; same for a family restaurant I stumbled on in Glassboro NJ.