Last
week, after our online students in Indiana read an article and watched a short
YouTube video about identity theft they wrote short papers on the topic. The 2012 video, in my opinion, made much too light
of online threats. I also touched on
credit reporting and scoring since the “expert” speaker in a previously
assigned video made both false and misleading statements, and the impact
was evident in their papers. The
students also mentioned Credit Karma. / Kurt
-------------------------------------------
I enjoy reading all of your
papers; for this one, several of you shared stories about how identity theft
and fraud has affected you or someone you know.
Early
this year, the Federal Trade Commission released its 2014
Consumer Sentinel Network Data Book that reports complaints received by
the FTC’s Consumer Sentinel Network during the year. Identity theft again topped the list, for the
15th consecutive year.
The complaint categories making up the top 10 are:
|
Number
|
Percent
|
Identity
Theft
|
332,646
|
13 percent
|
Debt Collection
|
280,998
|
11 percent
|
Imposter Scams
|
276,662
|
11 percent
|
Telephone and
Mobile Services
|
171,809
|
7 percent
|
Banks and
Lenders
|
128,107
|
5 percent
|
Prizes, Sweepstakes
and Lotteries
|
103,579
|
4 percent
|
Auto-Related Complaints
|
88,334
|
3 percent
|
Shop-At-Home and
Catalog Sales
|
71,377
|
3 percent
|
The founder and president of
Javelin Strategy & Research, a company mentioned in the 2012 Session 9 identity theft video, has since
warned that social media users are a growing target for identity theft. A
2012 BankRate.com
article says that paying with a credit card or debit card
makes you vulnerable, and mobile phone users are also a target. In March 2014,
Consumer Financial Protection Bureau (CFPB) Director Richard
Cordray warns, "your information is always at risk, every
day."
My own interest in the topic
likely dates back to 2002 when Walter Kevin Scott – a
convicted felon - was working as benefits manager for the Indiana Public
Employees’ Retirement Fund (PERF). Mr.
Scott had used a false Social Security number in the hiring process, and the
State of Indiana had hired him unaware that he was a convicted felon who had
served time in a federal penitentiary - for identity theft! During
his trial it was disclosed that from November 2001 to August 2002, Scott had
unlimited access to the Social Security numbers of 1.2 million current and
former public employees and their families - the equivalent of
nearly one in every six Hoosiers. Investigators found personal
information and pension fund balances of 750 people during a search of Scott's
home after he quit working at the fund.
A few years later we began to
hear more about breaches, most notably in universities. In May of 2005,
the Lafayette Journal and Courier listed ten universities that had already
reported breaches in that year, including Purdue and IU. Also in 2005 it
was reported that identity thieves set up fake businesses and gained access to
up to 160,000 consumer records from data broker ChoicePoint.
Heartland Payment Systems Inc. -
one of the largest processors of credit and debit card transactions in the U.S
– was hacked in 2009. With vague explanation, one local bank sent new
debit cards to replace ones that were not even near expiration. When the
Target and Home Depot names appear in the news we all noticed, but how many of
us would even recognize the name Heartland Payment Systems or ChoicePoint?
According to the Identity Theft
Resource Center (ITRC), from 2005 to 2013 data breaches increased by nearly
400%. The ITRC
defines a data breach as an incident in which an individual name
plus a Social Security number, driver’s license number, medical record or
financial record (credit/debit cards included) is potentially put at risk
because of exposure. The ITRC reports that, as
of June 9, this year there have been 5,377
breaches, exposing more than 786 million records from businesses, financial
institutions, schools, health service organizations, and governments.
Last year, Krebs on Security reported
that a nationwide beauty products chain discovered a breach in its payment
systems and a fresh
batch of 282,000 stolen credit and debit cards reportedly went
on sale in a popular underground crime store.
That same month, Indiana University reported that information including
names, addresses and Social Security numbers of those who attended any of the
university’s campuses from 2011 to 2014 was unsecured for more than 11 months
because security protections weren’t working correctly. Purdue associate
professor of communication Josh Boyd states, “The recent security breaches . .
. are a good reminder that the online
environment involves no guarantees. If you put information online and
somebody really wants it, it’s vulnerable.”
The use of a credit monitoring
service cannot prevent ID theft, but it may help you to discover fraud.
About the well-publicized Target security breach during the 2013 Christmas
shopping season, Purdue professor of cyber forensics Marcus Rogers warns,
"People have to be vigilant for the next six months, year, even up to two
years.” The ProtectMyID credit montoring service offered by Target is a
product of Experian, a credit reporting agency, and monitors changes only
to a consumer's Experian credit report. According to Consumer
Reports, “The service can give consumers a false sense of
security, and Consumer Reports can recommend this deal in its present form only
as being better than nothing, and only for consumers who understand its
significant shortcomings.”
Credit Karma has been advertised
much recently. Credit Karma is a service
that provides no-cost credit scores, credit reports, and credit monitoring from
TransUnion. In 2014, Credit
Karma settled with the Federal Trade commission on charges that
the company “failed to take reasonable steps to secure” its mobile apps,
“leaving consumers’ sensitive personal information at risk.”
To monitor your own reports from
Experian, TransUnion, and Equifax, you may order copies through www.AnnualCreditReport.com.
For information about how to order by phone or mail, see the FTC's "Disputing
Errors on Credit Reports". If you’d like an estimated
credit score, use a credit
score estimator for which you do not disclose identity
information.
A high score can be useful at times,
but do not make it your primary focus. The Fair Isaac
Corporation (the "FICO" people) tells us that 65% of a
credit score is related
to payment history and amounts owed. So as it turns out, some of the
actions that can increase your score also make financial sense! Pay bills
on time, every time, and don’t take on too much debt. Then make sure that
the information on your reports is accurate.
It has become clear that no
institution, public or private, is immune to data insecurity. My guess is that by now just about every one
of us has been a victim of ID theft whether we know it or not, and there’s nothing
that we can do to change that. Since there
is so much that is outside of our control, it does make sense to at least control
what we can. Remain vigilant, and from
today forward the less information that you provide - and the fewer places
where you provide it - the better.
Especially if you have a rural
mailbox, consider a post office box instead, and remember that outgoing mail is
just as important as incoming. For several reasons, seniors are a very
vulnerable population, and if you have a loved one who is aging watch for signs
of fraud. Whether credit card statement, checking account statement, or
utility bill, look through every line and understand what is behind every
charge. Not all misinformation on a bill or in a consumer report is
necessarily fraud – mistakes do happen. But certainly make sure that all
information is accurate. If you know
someone who has been denied a checking account, you might mention the ChexSystems consumer
report and Bank On Tippecanoe; those
outside of the Lafayette area may see Bank On
Indiana.
The CFPB explains how to
check a minor child’s reports from the three major credit
reporting companies. The Indiana Attorney General
informs consumers how to
place a security freeze with Equifax, Experian, and
TransUnion. The Attorney General has also produced an ID Theft
Victim Kit that outlines the steps to follow if a consumer
becomes aware that personal information has been stolen or used by someone
else.
Considering the outrageous number
of major breaches reported during the past two years I’ve just been unable to
keep up with tracking. Nevertheless, quite some time ago I reached the
same conclusion as Lafayette editorial cartoonist Dave
Sattler following Jimmy John’s September 2014 breach, “The
recent security breach by Jimmy John’s as well as Target, eBay, and Home Depot
has many wondering How do we protect our identity . . . One way is
to bring back an old friend . . ."
Take care.
Kurt Burnett
No comments:
Post a Comment