Sunday, July 19, 2015

More on ID Theft


Last week, after our online students in Indiana read an article and watched a short YouTube video about identity theft they wrote short papers on the topic.  The 2012 video, in my opinion, made much too light of online threats.  I also touched on credit reporting and scoring since the “expert” speaker in a previously assigned video made both false and misleading statements, and the impact was evident in their papers.  The students also mentioned Credit Karma.  / Kurt
-------------------------------------------

I enjoy reading all of your papers; for this one, several of you shared stories about how identity theft and fraud has affected you or someone you know.

Early this year, the Federal Trade Commission released its 2014 Consumer Sentinel Network Data Book that reports complaints received by the FTC’s Consumer Sentinel Network during the year.  Identity theft again topped the list, for the 15th consecutive year.

The complaint categories making up the top 10 are:


 
Number
Percent

Identity Theft
332,646
13 percent

Debt Collection
280,998
11 percent

Imposter Scams
276,662
11 percent

Telephone and Mobile Services
171,809
7 percent

Banks and Lenders
128,107
5 percent

Prizes, Sweepstakes and Lotteries
103,579
4 percent

Auto-Related Complaints
88,334
3 percent

Shop-At-Home and Catalog Sales
71,377
3 percent
 
The founder and president of Javelin Strategy & Research, a company mentioned in the 2012 Session 9 identity theft video, has since warned that social media users are a growing target for identity theft.  A 2012 BankRate.com article  says that paying with a credit card or debit card makes you vulnerable, and mobile phone users are also a target.  In March 2014, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray warns, "your information is always at risk, every day."

My own interest in the topic likely dates back to 2002 when Walter Kevin Scott – a convicted felon - was working as benefits manager for the Indiana Public Employees’ Retirement Fund (PERF).  Mr. Scott had used a false Social Security number in the hiring process, and the State of Indiana had hired him unaware that he was a convicted felon who had served time in a federal penitentiary -  for identity theft!  During his trial it was disclosed that from November 2001 to August 2002, Scott had unlimited access to the Social Security numbers of 1.2 million current and former public employees and their families  -  the equivalent of nearly one in every six Hoosiers.  Investigators found personal information and pension fund balances of 750 people during a search of Scott's home after he quit working at the fund.

A few years later we began to hear more about breaches, most notably in universities.  In May of 2005, the Lafayette Journal and Courier listed ten universities that had already reported breaches in that year, including Purdue and IU.  Also in 2005 it was reported that identity thieves set up fake businesses and gained access to up to 160,000 consumer records from data broker ChoicePoint.

Heartland Payment Systems Inc. - one of the largest processors of credit and debit card transactions in the U.S – was hacked in 2009.  With vague explanation, one local bank sent new debit cards to replace ones that were not even near expiration.  When the Target and Home Depot names appear in the news we all noticed, but how many of us would even recognize the name Heartland Payment Systems or ChoicePoint?

According to the Identity Theft Resource Center (ITRC), from 2005 to 2013 data breaches increased by nearly 400%. The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.  The ITRC reports that, as of June 9, this year there have been 5,377 breaches, exposing more than 786 million records from businesses, financial institutions, schools, health service organizations, and governments.

Last year, Krebs on Security reported that a nationwide beauty products chain discovered a breach in its payment systems and a fresh batch of 282,000 stolen credit and debit cards reportedly went on sale in a popular underground crime store.  That same month, Indiana University reported that information including names, addresses and Social Security numbers of those who attended any of the university’s campuses from 2011 to 2014 was unsecured for more than 11 months because security protections weren’t working correctly.  Purdue associate professor of communication Josh Boyd states, “The recent security breaches . . .  are a good reminder that the online environment involves no guarantees.  If you put information online and somebody really wants it, it’s vulnerable.”

The use of a credit monitoring service cannot prevent ID theft, but it may help you to discover fraud.  About the well-publicized Target security breach during the 2013 Christmas shopping season, Purdue professor of cyber forensics Marcus Rogers warns, "People have to be vigilant for the next six months, year, even up to two years.”  The ProtectMyID credit montoring service offered by Target is a product of Experian, a credit reporting agency, and monitors changes only to a consumer's Experian credit report.  According to Consumer Reports, “The service can give consumers a false sense of security, and Consumer Reports can recommend this deal in its present form only as being better than nothing, and only for consumers who understand its significant shortcomings.”

Credit Karma has been advertised much recently.  Credit Karma is a service that provides no-cost credit scores, credit reports, and credit monitoring from TransUnion.  In 2014, Credit Karma settled with the Federal Trade commission on charges that the company “failed to take reasonable steps to secure” its mobile apps, “leaving consumers’ sensitive personal information at risk.”

To monitor your own reports from Experian, TransUnion, and Equifax, you may order copies through www.AnnualCreditReport.com.  For information about how to order by phone or mail, see the FTC's "Disputing Errors on Credit Reports".  If you’d like an estimated credit score, use a credit score estimator for which you do not disclose identity information.

A high score can be useful at times, but do not make it your primary focus.  The Fair Isaac Corporation (the "FICO" people) tells us that 65% of a credit score is related to payment history and amounts owed.  So as it turns out, some of the actions that can increase your score also make financial sense!  Pay bills on time, every time, and don’t take on too much debt.  Then make sure that the information on your reports is accurate.

It has become clear that no institution, public or private, is immune to data insecurity.  My guess is that by now just about every one of us has been a victim of ID theft whether we know it or not, and there’s nothing that we can do to change that.  Since there is so much that is outside of our control, it does make sense to at least control what we can.  Remain vigilant, and from today forward the less information that you provide - and the fewer places where you provide it -  the better.

Especially if you have a rural mailbox, consider a post office box instead, and remember that outgoing mail is just as important as incoming.  For several reasons, seniors are a very vulnerable population, and if you have a loved one who is aging watch for signs of fraud.  Whether credit card statement, checking account statement, or utility bill, look through every line and understand what is behind every charge.   Not all misinformation on a bill or in a consumer report is necessarily fraud – mistakes do happen.  But certainly make sure that all information is accurate.  If you know someone who has been denied a checking account, you might mention the ChexSystems consumer report and Bank On Tippecanoe; those outside of the Lafayette area may see Bank On Indiana.

The CFPB explains how to check a minor child’s reports from the three major credit reporting companies.  The Indiana Attorney General informs consumers how to place a security freeze with Equifax, Experian, and TransUnion.  The Attorney General has also produced an ID Theft Victim Kit that outlines the steps to follow if a consumer becomes aware that personal information has been stolen or used by someone else.

Considering the outrageous number of major breaches reported during the past two years I’ve just been unable to keep up with tracking.  Nevertheless, quite some time ago I reached the same conclusion as Lafayette editorial cartoonist Dave Sattler following Jimmy John’s September 2014 breach, “The recent security breach by Jimmy John’s as well as Target, eBay, and Home Depot has many wondering How do we protect our identity . . .  One way is to bring back an old friend . . ."

Take care.

Kurt Burnett
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)