Fraud, ID theft top consumers’ nightmares, studies find

Clarionledger.com, 9/28/2015

PDF: Studies – Consumers fear fraud, ID theft

Americans are gearing up to do battle on their doorsteps this weekend. The foe takes the form of tiny superheroes, movie baddies and zombies demanding candy. It’s OK, though; we know that underneath the masks are sweet kiddies, not real monsters. But increasingly, many people are worried about the real threats that lurk under the bed – ghouls who can take your life savings with a keystroke, derail your carefully-laid plans for retirement or your kids’ education, or even destroy your reputation.

Within the past week, news of two separate studies (from Bankrate.com and the American Bankers Association) hit my inbox, highlighting the fact that Americans are worried about their financial and information security and feel vulnerable to predators.

Much of the angst stems from recent data breaches, which have exposed the security vulnerabilities in a system trusted to protect vital information. Hardly a day goes by that we don’t hear about some new breach, whether it’s customer contact information, credit card numbers, or embarrassing publication of names from sites like Ashleymadison.com. All this bad news is eroding our trust in the financial system at a time in which technology should be giving us more security than ever.

According to Bankrate’s study, nearly eight in 10 Americans worry about having their identity stolen. Nearly a quarter of consumers described themselves “very frightened” about the prospect of identity theft.  Then there’s this shocking claim: about half of Americans (46 percent) report that they’ve either been a victim of identity theft or know someone who was. That’s up significantly (12 percent) from just a few years ago.

While about one in five consumers (many of them Millennials) appear oblivious to or unconcerned about the threat, many have taken it seriously. Many in the Bankrate.com study say they aren’t checking their credit reports regularly, and 41 percent say they conduct banking and other sensitive tasks on unprotected Wi-Fi networks that don’t require a password. Both of these activities could help detect fraud, or prevent it from happening in the first place.

“When asked where cardholders feel most vulnerable to fraud following a credit card purchase,” the ABA’s study concluded, “64 percent say they are most concerned about hackers breaking into retailers’ computer systems, compared to just 16 percent who cite physical card theft and 13 percent who cite “phishing” scams.”

Similarly, the ABA study found that many worried consumers are holding the system responsible. Nearly eight in 10 consumers believe the government should “hold retailers, banks and other companies involved in the payments system to the same security standards.”

“Millions of Americans have had their most sensitive information compromised in retailer data breaches, so it’s understandable that consumers are concerned that retailers aren’t doing more to prevent future hacking incidents,” said Doug Johnson, ABA’s senior vice president of payments and cybersecurity policy. “These survey results reaffirm what we’ve believed all along.  Retailers need to join with banks and payment networks to combat fraud and focus on the future by updating their payment security systems and proactively working to address emerging threats head-on.”

The recent card conversion was part of a “liability shift” for credit and debit-card fraud, in which merchants could bear the cost of fraud if they don’t take sufficient steps to secure the data. Previously, such liability was borne almost exclusively by banks and the financial system.

That’s especially true with the recent conversion to new card reader (EMV) technology; the messy transition has confused customers and reinforced existing security concerns. “Following high-profile data breaches at major retailers including Target and Home Depot, 94 percent of consumers say it is important for retailers to upgrade their security controls, and 70 percent say retailers should be installing EMV chip-enabled card readers as soon as possible,” the ABA noted.

But many merchants and industry groups have protested that the new technology – while a step in the right direction – is vulnerable because it doesn’t take full advantage of the security features available, besides being expensive and difficult to implement. For example, the new EMV cards still in many cases don’t require the use of a PIN, a feature which could enhance security.

The National Retail Federation (NRF) and other industry groups have been vocal about these concerns. “EMV is all new to me, and banks and the networks are not contacting small businesses to help the transition in any way,” noted small business owner Keith Lipert, who recently testified before Congress on behalf of the NRF to protest the new requirements. “No one from my bank, processor or existing supplier even contacted me about the need to add a new EMV device, let alone a deadline by which to do so.”

The NRF’s David French recently stated that credit and debit card fees are the second-largest expense for many small businesses after labor, and that the card industry imposes “a multitude of complex rules on small businesses.” Chip-card readers and installation can vary from “a few hundred dollars to thousands of dollars” per terminal, he said, with an industry average of $2,000.

Whatever the outcome of this battle will be, consumers are looking for a hero to protect them from the very real monsters that wait to prey upon their livelihoods, identities and futures. So far, said hero remains out of sight.

Moak: Lifelock lets down customers, feds say

Originally published at Clarionledger.com on 7/29/2015.

Link: Moak: Lifelock lets down customers, feds say

We’ve all heard and seen the ads by LifeLock, which aggressively promote the company’s services of being able to protect and defend consumers against identity thieves. A pioneer of sorts in what was to become a highly profitable industry in a nation worried by potential identity theft, the company now is public and has a reported 3.6 million customers. But LifeLock now finds itself in hot water once again with federal regulators, who say they failed to live up to a 2010 settlement regarding alleged deceptive advertising and failing to practice what it preaches when it comes to its own customers.

The Federal Trade Commission last week asserted that LifeLock violated a 2010 settlement with the agency and 35 state attorneys general by “continuing to make deceptive claims about its identity theft protection services, and by failing to take steps required to protect its users’ data,” the FTC said in a news release.

“It is essential that companies live up to their obligations under orders obtained by the FTC,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “If a company continues with practices that violate orders and harm consumers, we will act.”

In the 2010 settlement, the FTC accused LifeLock of telling customers its services could provide a wide umbrella of protection against identity theft, but an FTC official noted at the time that the protection “left enough holes that you could drive a truck through it.” Furthermore, the company was accused of failing to protect its customers’ personal information — a key principle on which the company is founded. LifeLock was required to pay $12 million in refunds, ordered to start a stringent program to protect customer information and was barred from making any more “deceptive claims.” The company agreed to do so in the settlement.

But last week in an Arizona federal court, the FTC charged that from “at least October 2012 through March 2014,” LifeLock violated the 2010 Order by: 1) failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, Social Security and bank account numbers; 2) falsely advertising it protected consumers’ sensitive data with the same high-level safeguards as financial institutions; and 3) failing to meet the 2010 order’s record-keeping requirements.

The FTC also asserts that from at least January 2012 through December 2014, LifeLock “falsely claimed it protected consumers’ identity 24/7/365 by providing alerts ‘as soon as’ it received any indication there was a problem.”

After the action was announced last week, CNBC reported that LifeLock stock plunged 49 percent. For its part, LifeLock disagrees with the claims. In a statement, the company noted, it is “prepared to take our case to court.”

“Security of our systems has always been, and will remain, of primary importance to us,” LifeLock’s statement read. “Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member’s data being taken.”

I often get asked the question if people really need services like those provided by LifeLock and other companies. Neither LifeLock nor any company can prevent identity theft from happening; it’s a crime of opportunity, often financed by international criminal organizations with deep pockets, taking advantage of security vulnerabilities. Sometimes, it’s just a simple matter of a greedy person sensing an opportunity. But if an identity thief wants your information badly enough, he can probably get it. If a monitoring system is alert enough, it could warn you if someone attempts to use your account (but then, so do most credit card companies).

And in reality, if you do become a victim, you can do much of the work of clearing your name for free, if you are willing to do it. Recovering from identity theft takes time and persistence, though; if considering an identity theft monitoring service, be sure you understand exactly what you can expect. Consumer Reports has an informative article at http://bit.ly/1mgRVSK. Financial Finesse (http://bit.ly/1Mt0Y0A) has some good advice as well.

And — just as you take action to protect your personal security such as locking your car door — you can decrease your risk by being careful. Adopt habits like shredding your documents, using passwords that are hard to guess, and not allowing your credit card out of your sight at restaurants. As always, vigilance is the key.

New tool helps report ID theft, start recovery

Originally published in the Clarion-Ledger on 5/21/2015.

PDF: New tool helps report ID theft start recovery

Many years ago, my wife’s purse was stolen from her locked car while she walked at a Jackson-area park. She filed a police report, but never got back the cash and other items contained in the wallet. For the next couple of years, every time she bought anything on credit or had to show her personal identification, she had to relive the whole thing all over again and answer questions about why her license was “flagged”. The burglary probably took less than a minute, but the damage was long-lasting and went far beyond just losing cash and some credit cards.

Far from being a “victimless” crime, identity theft is a personal violation. Someone has taken your most important asset – your identity – and used it to create personal gain for themselves or criminal organizations. Although in many cases, the money stolen via identity theft can be replaced, it’s not as easy to restore your good name. Ultimately, once you find out you’ve been targeted, it can be a years-long, uphill battle to prove that you weren’t the one who charged all that merchandise on your credit card, or who opened up all those accounts and then failed to pay up.

Despite the fact that identity theft has been skyrocketing for the past two decades, it has often been difficult for consumers to know how to identify it, deal with it and repair the damage. As I’ve spoken to groups over the years about this topic, it’s apparent that there’s a lot of misinformation out there and a certain feeling of helplessness. In nearly every group, there are people who say their lives have been turned upside-down by some faceless predator who wrecked their credit, stole in their name and even got them in trouble with the law.

And adding to the confusion is the fact that there is now an entire identity-theft industry pitching all types of products and services – of varying levels of effectiveness — promising to prevent identity theft in the first place, help identify when a crime has been committed and to help you fix the damage. Some of these products are probably effective in helping identify when a crime has occurred and maybe to help educate you about the risk. But ultimately, repairing the damage by determined identity thieves is up to you, the victim.

The numbers around identity theft are staggering: back in February 2014, a report from Javelin Research found that 13.1 million people in the U.S. had been victims of identity theft. That amounts to about $18 billion stolen by identity thieves. That report did indicate that the total take by identity thieves was down somewhat from the previous year, probably due to better security measures. But the total number of people victimized has never been higher. This is often a global crime, transcending state and national borders.

In years past, the best way to respond to identity theft – once it’s been identified in the first place — was to file an affidavit with law enforcement at every level – local, state and federal – to get it on the record. Otherwise, you really couldn’t do a lot about it, other than contacting every creditor and institution to place yourself on their radar. Often, law enforcement often didn’t have the knowledge, tools or authority to help.

But a new website called Identitytheft.gov came online just last week, providing a sort of one-stop shop to help you respond should you become a victim. (A Spanish version is at RobodeIdentidad.gov.) Simple checklists on the site give you a roadmap of what to do, whom to contact and how to go about taking care of the many tasks required. There are also links to a lot of resources, such as lists of utility companies, credit card companies and government agencies.

The site also has tools specifically designed to help if you’ve been notified that your information may have been compromised in a data breach (such as the huge Target theft last fall), or if you’ve gotten the nasty surprise that someone has filed taxes in your name and absconded with your refund.

Ultimately, the site is a step in the right direction to helping give consumers some resources and assistance. But ultimately, when it comes to identity theft, there is no “silver bullet”; The best defense is educating yourself how to lower your risk, staying informed about your credit and financial accounts and having a plan to deal with it should an identity thief target you. A visit to the site (before you need it) may help you prepare yourself in case you need it one day.

Is your car tracking you?

It’s a spy-movie staple: wanting to keep tabs on an opponent’s vehicle, the spy sneaks up behind the car, implants a tiny tracking device under the bumper, and the vehicle can be tracked anywhere it goes. Although the technology may have at one time seemed exotic, today’s vehicles allow just about the same result in myriad ways – many with the full knowledge of drivers.

When we get into our cars, most of us don’t pause to consider the possibilities that someone is tracking our every move – or could if they wanted to. But the fact is that our cars are full of little electronic devices that monitor the car’s vital statistics. Any mechanic can hook into your car’s data center and download various pieces of information. But the recent revelations of just how far spy agencies can and will go in pursuit of personal data have raised concerns about just how clear are the fishbowls in which we all live. And those fishbowls now have wheels.

Particularly, privacy advocates are growing nervous about the pervasiveness of data being collected, based on fears that the information could be used against us. The National Highway Traffic Safety Administration (NHTSA) reports 96 percent of new cars are equipped with a “black box” of sorts called an Event Data Recorder (EDR) device, which collects data from crashes. The NHTSA requires EDRs in all new cars by September 1. EDRs collect information about speed, direction, seat belt usage and other factors. They only keep a few seconds of data, but that’s enough to provide critical information about what might have caused a crash, and factors that might have caused injury or death. Safety advocates argue that data is valuable in making safer cars.

But EDRs have a potential dark side, too. Insurance companies and attorneys can also gain access, using the information to place blame or aid in prosecution. And criminals have demonstrated they can hack the black boxes, even to the point of changing VINs (Vehicle Identification Numbers) so the car can be more easily stolen.

The use of EDRs has been regulated in 16 states, and some Congressmen earlier this year proposed a bill to limit their use.

Of course, the EDR is just one of many technologies which could be telling interested parties the specifics of our driving habits. Many of these are self-imposed, such as allowing location data on our cellphones. Some are safety features, such as GM’s OnStar or Mercedes’ Mbrace, but they are constantly collecting data about a vehicle’s location, speed, braking and many others. It’s important to note that these features bring security, comfort and convenience to our in-vehicle experiences, but also raise some thorny issues.

Insurance companies are getting in on the act, too. State Farm’s Drive Safe and Save program and Progressive’s Snapshot use different technologies to gather information on driving habits, which may then be used to “train” drivers by incentivizing them with potential discounts.

Regardless of whether you care or not about how much information is being collected about you, most Americans don’t like Big Brother snooping around. If you’re one of them, it’s important to be vigilant. Here are a few things Consumer Reports suggests to help minimize the information you’re sharing:

  1. Stay anonymous. Don’t share self-identifying infor­mation such as your Facebook status or publicize your location on social media.
  2. Scrub the data. When selling a car, clear the navigation system of recently visited addresses, or adjust the settings so that the system doesn’t save locations that you input.
  3. Read the fine print. Every company has a privacy policy, but many people don’t read it. Read it, and know what it says about your rights.
  4. Cancel the data flow. If you’re selling a car that has a telematics system or if you decide not to use it anymore, contact the company to let it know. Confirm what happens after you opt out and what is done with previously collected data.
  5. Don’t leave a trail. If you’re concerned about the security of other information sent from your car, use cash instead of electronic toll-collection devices such as E-ZPass. Also, don’t just turn off your cell phone; take out the battery, because phones still have tracking capabilities even when they’re shut off.
  6. Think security. Don’t leave a portable GPS or any other electronic device in your car; take it with you. Lock your glove box if that’s where you keep your insurance and regis­tration information. And use a valet key instead of handing over your personal car keys.

To read more about the use of EDRs, you can download a comprehensive study produced by the Congressional Research Service.

More than 1,500 take advantage of Community Shred Day

Mississippi consumers might be a little safer this week, thanks to the efforts of a partnership of agencies and organizations who came together to hold free shredding events last Friday and Saturday.

“We are happy to report that our numbers are up significantly this year from past years,” said Attorney General Hood.  “Thank you to all who came out to support the event.  We especially appreciate our sponsors support of this event so that we can help Mississippians avoid becoming victims of identity theft.”

According to a release from Hood’s office, consumers brought more than 47 tons of paper to be shredded by Cintas at one of six cities. Hood commended Cintas for stepping in at the last minute when the previously-announced vendor pulled out of the event.

The tally from Friday and Saturday’s events:

  • Jackson: 36,750 lbs (up from 20,000 last year)
  • Tupelo: 21,000 lbs (up from 6,900 last year)
  • Meridian: 12,600 lbs (up from 5,000 last year)
  • D ’Iberville: 8,000 lbs (up from 3,720 last year)
  • Hattiesburg: 8,000 lbs (up from 6,500 last year)
  • Vicksburg: 7,700 lbs (down from 8,000 last year)

All told, shredders ripped 94,050 pounds of paper, compared with 50,120 in 2013. A total of 1,513 consumers participated, up from 1,118 in 2013.

This year, the events also featured destruction of electronic devices. Magnolia Data Solutions destroyed 137 computers, 261 hard drives, 52 cell phones and about 30 pounds of CDs, cassettes and tapes.

In addition to the Attorney General’s Office, Magnolia Data Solutions and Cintas, these agencies participated: BancorpSouth, the Secretary of State’s Office, ClearPoint Credit Counseling Solutions (formerly CredAbility), the BBB Serving Mississippi, Mississippi State University Extension Service, Wal-Mart, The Home Depot, Mississippi Leadership Council on Aging, BancorpSouth Insurance Services and other Mississippi Consumer Education Partnership members.

Originally published by the Clarion-Ledger on 3/13/14.

7 reasons to have documents shredded

via 7 reasons to have documents shredded, clarionledger.com.

PDF: 7 reasons to have documents shredded

With all of the publicity surrounding the recent data breaches at Target, Michaels and others, the awareness of identity theft has mushroomed.

This crime victimizes consumers in ever-increasing numbers. According to the National Crime Victimization Survey, the incidence of fraud is increasing and claimed about 16.6 million victims in 2013 (about 7 percent of Americans).

That calculates roughly to about a one in 14 chance of being a victim. “I’ll take those odds,” you might say, if you’re a risk taker. But not so fast. That’s actually a pretty high level of risk, compared with a list of risks published by the National Safety Council, tabulating the odds of misfortune.

Statistically, the risk is much higher than, say, dying in a car accident (1 in 108, according to the National Safety Council), but not as high as perishing from cancer or heart disease (1 in 7). That’s pretty sobering, and, really, statistics only matter when the statistic is not you.

The fact is, identity theft does not respect borders or income, race or neighborhood. Far from being a victimless crime, it can shatter hard-earned reputations and mow down carefully-tended gardens of credit. In some cases, it can even lead to innocent people being wrongly accused or even prosecuted for crimes they didn’t commit.

Many of our state and local agencies and consumer-oriented organizations are getting together to hold shredding events this Friday and Saturday. Anyone with a pulse should make plans to attend these events, some of which will also provide a chance to bring old electronics junk, such as outdated computers, to be securely destroyed. Will shredding alone erase your risk? Absolutely not. But it’s one important piece of a strategy to decrease your risk of becoming a victim.

So, here are seven reasons why you should take advantage of this and every other free shredding opportunity, in Letterman-style presentation:

7. It’s cool to see and hear your documents being munched into confetti.

6. You are doing something to help keep you from becoming a victim.

5. There is an infinitesimally small chance anyone would be able to use those documents against you, because they’re hamster bedding.

4. You are doing your part for the planet; those old bank statements might become one of more than 5,000 products.

3. You can rest easy knowing you’re giving a job to the man who drives that cool shredding truck.

2. By bringing that old computer for destruction, you are saving some pretty nasty materials from going into landfills and poisoning groundwater.

1. Did I mention it’s free?

Bill Moak writes the Consumer Watch blog for The Clarion-Ledger. Contact him at moakconsumer@gmail.com.

TIMES AND LOCATIONS:

Friday, 7:30 a.m. to 2 p.m.

• Home Depot, 6325 I-55 North, Jackson

• Wal-Mart Supercenter, 3929 N. Gloster St., Tupelo

Saturday, 7:30 a.m. to 2 p.m.

• Wal-Mart Supercenter, 2400 Hwy 19 North, Meridian

 • The Home Depot, 50 Halls Ferry Park Road, Vicksburg

BancorpSouth, 3101 Hardy St., Hattiesburg

• Wal-Mart Supercenter, 3615 Sangani Blvd., D’Iberville

Clinton resident going to prison for ID theft

via Clinton resident going to prison for ID theft | Consumer Watch, clarionledger.com, 5/6/2013

Identity theft victims often lack the satisfaction of seeing the perpetrators of these crimes brought to justice, or even knowing who cheated them. But sometimes, justice is served. A Clinton woman has been sentenced to prison and ordered to pay restitution after pleading guilty to identity theft and other crimes, according to a release from Attorney General Jim Hood today.

The release lists the crimes of Emily Kristen McLellan-Bilbo, 25, of Clinton. On Friday, McLellan-Bilbo pleaded guilty to one count of felonious identity theft, one count of uttering counterfeit instruments and two counts of felonious use of a Social Security number or identifying information to obtain goods.

Hinds County Circuit Court Judge William A. Gowan sentenced Bilbo to serve 10 years for identity theft with five suspended and four years post release supervision. She was also ordered to pay $13,825.35 in restitution to the victims, $1,000 to the Victim’s Compensation Fund, and $2,000 for investigative costs. All costs must be paid during her four years post-release supervision. In addition, Bilbo received five years for each of the two counts of felonious use of a Social Security number and five years for uttering a counterfeit instrument. The sentences are to run concurrently.

At the time the crimes were committed, Bilbo worked as a receptionist at Audibel (a hearing aid company) in Jackson where she obtained credit card and other personal identifying information of customers. She then used the information to purchase more than $13,000 in goods, cash, and services.

The release noted that 13 victims of identity theft have been identified. The business owner told the court that he and his wife had been taken in by Bilbo and it had cost them and their family-run business dearly. Other victims of Bilbo’s crimes asked that Bilbo be sent to jail, that she be held accountable, and that she get some counseling.

“I hope Judge Gowan’s tough sentence and order of restitution for these victims will send a message to others contemplating identity theft,” Hood noted.

This case was investigated by Investigator Arthur Kendrick and Auditor Gilda Holbrook of the Attorney General’s Medicaid Fraud Control Unit and prosecuted by Special Assistant Attorney General Sue Perry.

Good work, Attorney General Hood and staff. Good work.

– See more at: http://web.archive.org/web/20130617160648/http://blogs.clarionledger.com/consumerwatch/2013/05/06/clinton-resident-going-to-prison-for-id-theft/#sthash.BHoCXKLn.dpuf

Shred your stuff for free this Saturday in Jackson

If you’re like me, you probably get lots of paper in the mail every day. Along with the countless solicitations for everything from carpet cleaning to cars, there are credit card statements, bank statements, bills, official correspondence and numerous other items. Many of those envelopes contain information that could be used to help scammers steal your identity. Personally, I shred almost anything that has my name on it.

Local agencies and businesses are getting together this Saturday (Oct. 20) to shred that stuff for free. Secure Your ID Day will be at Watson Quality Ford, 6130 I-55 Frontage Road in Jackson. Residents can bring documents to be shredded from 7:30 a.m.-12:30 p.m, and pick up helpful information to keep your identity safe.

The event is led by the Better Business Bureau Serving Mississippi, along with Cintas document destruction, CredAbility, the Mississippi Braves (who will hold a drawing for an autographed Javy Lopez baseball), Brown Bottling Group, McAlister’s Deli and of course Watson Quality Ford.

Earlier this year, the Mississippi Attorney General’s Office reported approximately 50,000 pounds of documents had been shredded at a statewide multi-location event.

So, what is the real risk from junk mail? Well, that risk has declined considerably in recent years. With required “truncation” of credit card and other sensitive numbers (for example, a social security number would be listed as xxx-xx-6789 instead of 123-45-6789), the risk has dropped considerably. Also, the availability of information online has increased dramatically, making the potential payoff from dumpster diving more difficult. However, there are still risks from “pre-approved” or “prescreened” credit card offers, bank statements and other pieces. Remember, the identity thief usually needs more than just one piece of information to be successful. For example, you couldn’t use a stolen ATM card at the ATM without the PIN. (But that same card could be used to purchase merchandise at many places with a signature.) Shredding remains a key strategy for reducing the risk from identity thieves. You should take advantage of opportunities like this; besides, it’s satisfying to actually see your documents being shredded!

(Originally posted by the Clarion-Ledger on 10/15/12).