Wednesday, April 20, 2005

Who are you?

Identity theft is a growing problem whose costs are hitting consumers hard. But good solutions remain elusive.

Has this happened to you yet?

  • Fortune’s David Kirkpatrick clicked on the Microsoft Word document containing his passwords, code numbers, URLs for work-related websites, and credit card numbers. But when he tried to open it he saw a message that read: "File is in use by another user." As a user of an insecure wireless network, Fitzpatrick’s data was transmitted 150 feet in every direction. He immediately canceled all the credit cards and changed sensitive passwords, including the one for his online banking account. As of mid-April he had not detected any misuse of this potentially stolen information.
  • Art Sullivan of Newark, DE is one of 1,000 people in Delaware and nearly 145,000 people nationwide who got a letter in February from ChoicePoint, an information broker. The letters told them identity thieves might have gotten their names, addresses, Social Security numbers and credit reports. So every day since then, Sullivan has been checking his credit report online, thanks to a free year of credit monitoring provided by ChoicePoint. He also took ChoicePoint's suggestion that he put fraud alerts on his credit reports. “They gave me some tools to use so I can do this, I guess, for the rest of my life,” Sullivan said. “It's almost become a part-time job for me.”
  • University of California, Berkeley researcher Diana Jones wants to know why her loan application was among those stolen from Berkeley, CA's McKevitt Volvo. Besides suffering the loss of $5,000 from an ATM she had never visited, Jones said, "The perpetrator opened new accounts in my name and charged $16,000 worth of merchandise at Wal-Mart, Target and Trader Joe's in Emeryville, CA. According to Jones, “I have lost hours of time and sleep, and it's been hard on my family.”
  • Patricia Nelski of Carlton, MI, still fights to keep her credit record clean after a woman posing as her ran up $50,000 in bills, including a $4,000 loan from a Virginia bank. So Nelski did what the experts recommend - she ordered her credit report. It came back 22 pages long, filled with credit card and other accounts Nelski did not recognize. She isn't sure how the woman got her information, but when she did, she ran with it. Nearly 10 years and a second incident later, Nelski is still fighting to keep those black marks from ruining her credit “All it takes is one unscrupulous person, and your life is a wreck’’ according to Nelski.

In 1982, I wrote a paper on legal and technical issues in database privacy for an MIT Database course. 23 years later, these issues are more pressing than ever. According to a Federal Trade Commission survey released in September 2003, the latest year available, nearly 10 million Americans have been victims of some form of identity theft, resulting in $47.6 billion in damages accruing to businesses. Victims spent an average of 30 hours trying to fix the damage and suffered losses totaling $5 billion.

Some of this theft is unsophisticated -- laptops full of personal data disappear, stolen credit cards get used to make unauthorized purchases -- but a lot occurs online. Thieves hack into a consumer’s bank's computer system and steal their account numbers. Or they send scam e-mails encouraging people to renew their accounts on eBay by providing their name and other details. Or they infect a user’s computer with spyware that can extract information from the user’s hard drive. Having stolen a user’s name, date of birth, address and Social Security number, the theft can take out an auto loan or go on a credit card spree.

There is a big market for the fruits of this poisoned tree – in the form of online crime Web sites. And the government is trying to crack down on them. For example, in October 2004, New Jersey prosecutors, along with the Secret Service and the Department of Justice's Computer Crime and Intellectual Property Section, announced they had shut down three of the major online crime Web sites -- Shadowcrew, Carderplanet and Darkprofits -- and arrested 28 alleged participants who are scheduled to go on trial in October. On Shadowcrew alone, 4,000 members trafficked in 1.5 million stolen credit cards, causing $4 million worth of losses to financial institutions, according to the indictment.

The government hasn’t closed them all down. Social Security numbers can be had for $35 at
www.secretinfo.com and $45 at www.iinfosearch.com, where users can also sign up for a report containing an individual's credit-card charges, as well as an e-mail with other “tips, secrets & spy info!”

Here are seven recent cases representing the theft of 3.5 million people’s identities:

  • In mid-February 2005, ChoicePoint, the data broker and credit reporting agency with access to 19 billion records, said a criminal ring stole personal information on about 145,000 Americans. Their data had been mistakenly made available to a ring of thieves with apparent ties to Nigerian organized crime.
  • LexisNexis, whose subsidiary, Seisint, sells personal data, said thieves might have accessed information on about 310,000 people by using stolen passwords. LexisNexis initially announced about 32,000 suspected thefts of identity data, which soon balloon to 310,000; LexisNexis found that the thieves were using the log-in names assigned to former employees of Seisint customers or were correctly guessing uncomplicated ID and password combinations or accessing customers' systems through a virus. Siesent suffered 57 incidents. And there were two more at other subsidiaries.
  • Bank of America lost a backup tape containing Social Security numbers and other vital data on 1.2 million federal workers. As luck would have it, Bank of America's gaffe involved the loss of account records of U.S. senators, and that has helped galvanize Congress to consider taking action.
    HSBC and GM have recently announced that 180,000 holders of their jointly branded credit card should cancel and change their MasterCard credit cards that may have been stored in the retailer's system.
  • In April, Retail Ventures also suffered a hack of credit information on customers of more than half of its 175 DSW stores, compromising the personal data of 1.5 million consumers' personal data.
  • On April 14th, Manhattan-based Polo Ralph Lauren acknowledged that it was informed last fall that "some credit card information of its customers may have been misappropriated" after learning that data from the magnetic strip was being improperly stored in its point-of-sales system. The company, which purged the stored data, didn't disclose the extent of the breach.
  • On April 19, Ameritrade said account information may have been lost for 200,000 customers when a package containing tapes with back-up information on customer accounts went missing. Ameritrade said it was told in February that a package with four data cassettes of current and former Ameritrade account holders' information from 2000 to 2003 was misplaced by a shipping company that Ameritrade uses.

Fears of identity theft are running high among consumers; 59% say they are very concerned, according to a USA TODAY/CNN/Gallup Poll, taken in late February after the ChoicePoint disclosure.

Here are some things you can do to protect yourself:

  • Don't carry any document with the number in your wallet or purse. In addition to leaving your Social Security card at home, make sure health-insurance cards or other documents don't have the number on them.
  • If your driver's license number is your Social Security number, ask your motor-vehicle department to change it. Don't print the number on your checks.
  • If any of your financial-service or insurance providers print your Social Security number on statements or checks that move through the mail, call and ask them to stop.
  • Adopt policy of not disclosing your number without requesting an explanation of why disclosure is necessary and will benefit you. Businesses cannot require it, but they can refuse to provide you service if you do not provide it.
  • If your number is both an account number and a password for any service, change one or both of them yourself or request the service provider allow you to do so. Do not use your Social Security number as a PIN.
  • Check your credit reports once a year from all three of the credit reporting agencies.
  • Watch for people who may try to eavesdrop and overhear the information you give out orally.
  • Carefully destroy papers you throw out, especially those with sensitive or identifying information. A crosscut paper shredder works best.
  • Be suspicious of telephone solicitors. Never provide information unless you have initiated the call.
  • Delete without replying to any suspicious e-mail requests.
  • Use a locked mailbox to send and receive all mail.
  • Reduce the number of pre-approved credit card offers you receive by calling (888) 5OPT-OUT (they will ask for your Social Security number).

If you are a victim of identity theft

  • Put a fraud alert on all three credit reports. That warns creditors to contact you before approving any credit applications.
  • Call the police. That includes your local police department, as well as police wherever the thief applied for credit. Even if local police can't investigate because the crime happened somewhere else, they can validate victims' identity for other agencies.
  • Get your credit reports from the three reporting agencies so you know what accounts have been opened.
  • Contact the fraud departments of those creditors and tell them the accounts are bogus. Ask for a transaction record, which shows details of the credit application, including what type of identification the thief is using. Send those to police.
  • Keep notes on everyone you speak to, including their name, title, time of the call and what was said.
  • Make copies of every letter or affidavit. Send everything by return-receipt mail.
  • Stay organized and don't overload police with emotions and irrelevant details.
  • Pay attention to the emotional impact of the crime. It can lead to sleeplessness, paranoia, irrational outbursts and even damaged relationships.

Various legislators are trying to pass Federal and state laws to address these problems, including the following:

  • Senator Diane Feinstein is trying to pass a Federal law patterned after the California law that gives people the option of doing more than placing a fraud alert on their credit history, which can only be extended beyond 90 days if the threat of fraud is documented; instead, Californians can freeze their credit data indefinitely, so no new loans will be extended to themselves or their shadows. California also requires corporations whose data have been compromised to inform affected individuals. The breach suffered by ChoicePoint, of Alpharetta, GA, became public when ChoicePoint had to comply with California’s law and tell residents their information had been passed onto thieves. Requiring national alerts would heighten awareness and create a bigger safety net for consumers, particularly if it were combined with free annual reviews.
  • Senators Charles Schumer and Bill Nelson are introducing a bill in Congress calling for a ban on the sale of Social Security numbers and for tighter controls for companies like ChoicePoint and Seisint.
  • New York attorney general Eliot Spitzer called for state legislation aimed at reducing identity theft through regulation of data brokers, consumer opt outs, mandatory data breach disclosure and tougher penalties for identity thieves and hackers.

While government intervention seems to make political sense, the problem will not be solved until the penalties paid by the data leakers – such as Seisint and ChoicePoint – get much higher. Specifically, the problem will not be solved until the penalties for leaking data exceed the costs of the procedural and technological changes required to plug the data leaks. Should that day come, the data leakers will make the investments needed to minimize these penalties and your identity will be safer.

Until then, you are on your own.

17 Comments:

Blogger Rolo said...

Found a lot of useful info on your site - thank you. Haven't finished reading it yet but have bookmarked it so I don't lose it. I've just started a auto loans blog myself if you'd like to stop by.

10:50 AM  
Blogger hplauze said...

Sad to say I just got back from a bowling tournament and decided to log in and do some websurfing. petercohan I love your blog. I had some very good laughs. I am doing a paper on credit cards counseling and have been downloading information for the last hour. I don’t know how I came across Who are you? but I am glad I did. It has set me back a little because I have spent the last hour reading your archives. If you don’t mind I would like to add you to my favorites so I can back again and read some more. Well I need to get back to credit cards counseling. I am almost finished with it. Great job.
p.s some very good points on your blog

10:33 PM  
Blogger Derek said...

I love your blog Blogger. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of credit cards citi and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on credit cards citi . Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Who are you? again!!

6:32 PM  
Blogger cmeltifa said...

Hey petercohan. Very nice blog :0) I just got inside from washing and waxing my truck. It is my baby. Took me 2 hours though. So I settled down into my basement and started doing some web surfing. Anyways I am in the process of grabbing my masters degree and have spent the last 6 months researching fix rate credit cards. In the midst of my surfing I landed smack dab in the middle of your blog. I hope you do not think I am intruding but I must say it is great blog. Even though Who are you? is way off base from fix rate credit cards I found myself cruising through your blog archives for the last half hour :0) You have some nice blogging friends. Anyways, I need to get back to my mission. I wrote don’t your url and feel free to visit me here at fix rate credit cards. I am so busy so I can only update my site monthly. Keep up the great work.

9:31 AM  
Blogger Rebek said...

I love your blog petercohan. How long has it been on-line? Reason I ask is I am doing a ton of work in the area of credit cards citi and will probably end up starting a blog of my own. Funny how the internet brought me here when I was doing searches on credit cards citi . Oh well, I am glad it did. Keep up the great blogging and I am sure I will visit Who are you? again!!

11:06 PM  
Blogger hplauze said...

I have been on-line searching for hours for information regarding credit cards fixed rates and stumbled across your blog during my journey :-) petercohan your blog is really amazing! Keep up the great work. Obviously my search on credit cards fixed rates was way off when compared to Who are you? and find it funny how it landed me here. The internet is a funny thing. Anyways, great job on your blogging and keep up the good work! I been searching for credit cards fixed rates for over 2 hours and needed a break from it. I started reading your blog and really started getting into it.
P.S I will add you to my favorites so I can come back and visit later
P.S.S If you want to bookmark my site I am at credit cards fixed rates. You never know you may find some good deals!

8:13 AM  
Blogger Rachel said...

Well I just got back from the gym and I am beat. I am currently doing some research on citi credit cards and stumbled across your blog. Which cracks me up really. The internet can certainly land you off base sometimes. Even though Who are you? is not completely related I think it is a cool blog. I have read back through the archives and lots of people make some very good points. Well I have been on-line forever it seems. I need to continue to plug away at citi credit cards. If you have the energy swing by citi credit cards. I try to update my site weekly and maybe you will see something you like. I already snagged your URL and put it in my favorites. If you do not mind I will be back again. Great job!

11:47 PM  
Blogger hplauze said...

Well this blog certainly is not about credit cards online processing. What the heck! I guess the internet can play some tricks on us sometimes. I have been on-line for two hours
researching credit cards online processing and came tumbling across your blog. I LOVE IT! I needed a break from credit cards online processing anyways :-) If you don't mind I want to add your
blog to my favorites list so I can come back later on and read some more stuff. Well I guess I should get back to researching credit cards online processing.
Even though my search is not on Who are you? I am glad I came across your blog. Keep blogging away!

8:23 AM  
Blogger Rebek said...

Well this blog certainly is not about credit cards online processing. What the heck! I guess the internet can play some tricks on us sometimes. I have been on-line for two hours
researching credit cards online processing and came tumbling across your blog. I LOVE IT! I needed a break from credit cards online processing anyways :-) If you don't mind I want to add your
blog to my favorites list so I can come back later on and read some more stuff. Well I guess I should get back to researching credit cards online processing.
Even though my search is not on Who are you? I am glad I came across your blog. Keep blogging away!

4:50 PM  
Blogger cmeltifa said...

I have been on-line searching for hours for information regarding credit cards online processing and stumbled across your blog during my journey :-) petercohan your blog is really amazing! Keep up the great work. Obviously my search on credit cards online processing was way off when compared to Who are you? and find it funny how it landed me here. The internet is a funny thing. Anyways, great job on your blogging and keep up the good work! I been searching for credit cards online processing for over 2 hours and needed a break from it. I started reading your blog and really started getting into it.
P.S I will add you to my favorites so I can come back and visit later
P.S.S If you want to bookmark my site I am at credit cards online processing. You never know you may find some good deals!

5:08 AM  
Blogger Derek said...

Hey this blog is not about bank credit cards. Silly internet bringing me here :-) Funny I have been doing hours of research on bank credit cards and it brought me to your blog on Who are you?. The web plays funny games sometimes. Anyways, I was reading your blog petercohan and I think it is really cool. Keep up the great work.
If you do not mind I will snag your blog and put it in my favorites. I read a ton of stuff on here that interested me. Keep blogging away :-)

12:44 AM  
Blogger Derek said...

Well this blog certainly is not about hsbc credit cards. What the heck! I guess the internet can play some tricks on us sometimes. I have been on-line for two hours
researching hsbc credit cards and came tumbling across your blog. I LOVE IT! I needed a break from hsbc credit cards anyways :-) If you don't mind I want to add your
blog to my favorites list so I can come back later on and read some more stuff. Well I guess I should get back to researching hsbc credit cards.
Even though my search is not on Who are you? I am glad I came across your blog. Keep blogging away!

8:18 AM  
Blogger Rachel said...

What up petercohan! I just finished up a ten hour work day and decided to kick back and do some surfing. So I grabbed myself a drink and stumbled across your blog while doing some research on bank credit cards for a upcoming project I am doing. Well even though Who are you? isn’t what I was looking for I really enjoyed reading your blog. Your doing a great job and please keep up the good work. Lots of people do not keep their blogs up to date :0) There are some very interesting view points stated here. Anyways I am going to grab the bull by the horns and continue to plug away at bank credit cards. I have already bookmarked your blog. You many want to visit me at bank credit cards. You never know you might see something you like! Again great job.

7:42 PM  
Blogger cmeltifa said...

Well this blog certainly is not about bank credit cards. What the heck! I guess the internet can play some tricks on us sometimes. I have been on-line for two hours
researching bank credit cards and came tumbling across your blog. I LOVE IT! I needed a break from bank credit cards anyways :-) If you don't mind I want to add your
blog to my favorites list so I can come back later on and read some more stuff. Well I guess I should get back to researching bank credit cards.
Even though my search is not on Who are you? I am glad I came across your blog. Keep blogging away!

6:49 AM  
Blogger Derek said...

Hey this blog is not about fix rate credit cards. Silly internet bringing me here :-) Funny I have been doing hours of research on fix rate credit cards and it brought me to your blog on Who are you?. The web plays funny games sometimes. Anyways, I was reading your blog petercohan and I think it is really cool. Keep up the great work.
If you do not mind I will snag your blog and put it in my favorites. I read a ton of stuff on here that interested me. Keep blogging away :-)

10:18 AM  
Blogger Rebek said...

What up petercohan! I just finished up a ten hour work day and decided to kick back and do some surfing. So I grabbed myself a drink and stumbled across your blog while doing some research on bank credit cards for a upcoming project I am doing. Well even though Who are you? isn’t what I was looking for I really enjoyed reading your blog. Your doing a great job and please keep up the good work. Lots of people do not keep their blogs up to date :0) There are some very interesting view points stated here. Anyways I am going to grab the bull by the horns and continue to plug away at bank credit cards. I have already bookmarked your blog. You many want to visit me at bank credit cards. You never know you might see something you like! Again great job.

4:28 PM  
Blogger Rebek said...

All I can say is WOW petercohan. The other half and I just got back from our friends house (well her friends house) and I needed a huge break. I am working on a project right now that is based on hsbc credit cards. I have literally been on-line for 2-3 hours doing research. Even though Who are you? really isn’t on the same page as hsbc credit cards I am certainly glad I came across your blog. There are a ton of great view points on this blog. Well I think I can here the kids screaming in the background. I put you in my internet favorites and I will certainly come back and visit. If you want to take a peek at my site you can find me here at hsbc credit cards. I update my site very frequently. Again, great job blogging and I will be back again soon!

1:03 AM  

Post a Comment

<< Home