Human fallibility blamed

By Peter Larsen @ Monday, October 13, 2008

A security researcher has concluded that online identity theft remains a critical threat.

In September, David Porter, head of security and risk at Detica, explained that there was only so much that experts and computer systems can do to prevent identity fraud. According to Porter, final responsibility rests with the consumer.

"Identity fraud attacks succeed largely because of human fallibility; however there are simple steps that people can take to avoid being caught out by fraudsters," said Porter.

Porter also noted that internet surfers need to be more guarded about their behaviour and realise that personal information posted on social networking sites could be "accessed and used by fraudsters."

J Prasanna, CEO of AVS Labs, told IT Examiner that users without an updated antivirus database and personal firewall were susceptible to Trojan key loggers that intercepted usernames and passwords. Prasanna also recommended installing Key Scrambler to encrypt every keystroke.

A number of high-level hacking threats have been highlighted by the Indian press over the past few months.

Economic Times reported that an unidentified Indian hacker had helped the Russian mafia steal the identities of nearly eight million people from the UK's Best Western Hotel website. Another article warned against the dangers of wardrivers, which are utilised by roving individuals to identify unprotected Wifi networks.

Pre-Paid Legal Services, Inc. provides the only comprehensive identity theft prevention and restoration service in the marketplace today. Call JB, Independent Associate, at (510) 931-5805, or (888) 206-2978 (toll-free) to get your own protection plan.

Both Companies Might be Victims of Larger Fraud Schemes

Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced Monday that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Meanwhile, Forcht Bank, one of the 10 largest banks in Kentucky, told its customers it would begin reissuing 8,500 debit cards after being informed by its own card processor of a possible breach.

In the case of Heartland, while the company continues to assess the damages inflicted by the attack, Robert Baldwin, the company's president and CFO, says law enforcement has already noted that the attack against his company is part of a wider cyber fraud operation.

"The indication that it is tied to wider cyber fraud operation comes directly from conversations with the Department of Justice and the U.S. Secret Service," Baldwin says. The company says it believes the breach has been contained.

Heartland, headquartered in Princeton, NJ, handles approximately 100 million transactions per month, although the number of unique cardholders is much lower.

"It is still a question as to the percentage of the data flow they were able to get," Baldwin says, adding he would not speculate on the number of cards potentially exposed.

Specifics surrounding when the breach occurred are still being analyzed. But Baldwin says two forensic auditing teams have been working on the breach analysis and investigation since late 2008, after Heartland received the notification from Visa and MasterCard. The investigation began immediately after the credit card companies told Heartland they saw suspicious activity surrounding processed card transactions. Described by Baldwin as "quite a sophisticated attack," he says it has been challenging to discover exactly how it happened.

The forensic teams found that hackers "were grabbing numbers with sniffer malware as it went over our processing platform," Baldwin says. "Unfortunately, we are confident that card holder names and numbers were exposed."

Data, including card transactions sent over Heartland's internal processing platform, is sent unencrypted, he explains, "As the transaction is being processed, it has to be in unencrypted form to get the authorization request out."

No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland's check management systems.

The company delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide Baldwin says the company moved quickly to announce the breach.

"It is important to get it out, but leaves us with incomplete information for our customers until the investigation is complete," he says. For more information on the breach, the company has set up a website: www.2008breach.com. Heartland advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers.

Forcht Bank: "Not Isolated" In a statement to Forcht Bank's customers, COO Tyronica Crutcher says that the bank's debit card processor, STAR, informed the bank that a retail merchant processor's information may have been compromised, and that some unknown persons are possibly creating duplicate debit cards. "According to STAR, there are several other banks affected, and this is not isolated to Forcht Bank customers," says Crutcher.

Forcht Bank has 34 branches in 11 counties, with more than $1 billion in assets.

Brian Krebs on Computer Security,
Washington Post

A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions credit and debit card transactions, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported.

Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.
Baldwin said it would be unfair to mention any one of his company's customers.

“No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair,” he said. “Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn't until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company's payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients. Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

“The transactional data crossing our platform, in terms of magnitude… is about 100 million transactions a month,” Baldwin said. “At this point, though, we don't know the magnitude of what was grabbed.”

The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach. The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

“The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address,” Baldwin said. As a result, he said, the prospect of thieves using the stolen data to rack up massive amounts of fraud at online merchants “is not impossible, but much less likely.”

In many cases where a processor experiences a breach, the affected banks may simply re-issue new cards to some customers. In other cases, consumers may spot the first signs of fraudulent activity by reviewing their bank statements. It is unclear whether consumers who receive new account numbers from their bank will ever be able to definitively tie the re-issuance to the Heartland breach. Baldwin said it was not appropriate for Heartland to offer affected consumers credit protection or other identity theft protection services.

“Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible,” he said. â€œIn this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers.”

Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland's disclosure — a day in which many Americans and news outlets are glued to coverage of Barack Obama's inauguration as the nation's 44th president.

“This looks like the biggest breach ever disclosed, and they're doing it on inauguration day?” Litan said. “I can't believe they waited until today to disclose. That seems very deceptive.”

Officials from the U.S. Secret Service could not be immediately reached for comment. Baldwin said Heartland worked to disclose the breach last week.

“Due to legal reviews, discussions with some of the players involved, we couldn't get it together and signed off on until today,” Baldwin said. “We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognizing of course that this is not an ideal day from the perspective of visibility.”

The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors.

Last Updated: Friday, September 7, 2007 | 9:55 AM ET
The Associated Press

A Seattle man has been arrested in what the U.S. Justice Department described as its first case against someone accused of using file-sharing computer programs to commit identity theft. Gregory Thomas Kopiloff is accused of using Limewire's file-sharing program to troll other people's computers for financial information and then using it to obtain credit cards for an online shopping spree, federal prosecutors said Thursday. According to a four-count indictment, Kopiloff is accused of buying at least $73,000 US worth of goods online — including iPods and laptop computers — then reselling those items at half price and keeping the proceeds.

Authorities said they have identified at least 83 victims, most of whom have teenage children and did not know the file-sharing software was on their computer. But investigators also said they believe the number of people affected was in the hundreds, and that in all they lost hundreds of thousands of dollars. According to the indictment, Kopiloff is accused of using Limewire and Soulseek — free file-sharing programs available on the internet — over a period of about 2½ years to search for people who had inadvertently allowed access to their sensitive files.

He was arrested after one of his alleged victims, a Texas resident, told his company's security officer about how his bank account had been compromised, with someone in western Washington passing bad cheques on his account. The agent forwarded the information to Secret Service agents and police in Seattle. Kopiloff is charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft. Kopiloff did not enter a plea during an appearance in U.S. District Court on Thursday. A detention hearing was set for Monday.

File-sharing security concerns
Each day, computer users inadvertently share hundreds of thousands of sensitive files through such programs, from banking statements and medical records to tax returns and legal documents, according to Robert Boback, chief executive of Tiversa Inc., a Pennsylvania firm that monitors file-sharing. Typically the mistakes occur when a user downloads file-sharing software and accidentally allows it to share all files on a computer, rather than just music files, for example.

“If you are running file-sharing software, you are giving criminals the keys to your computer,” said assistant U.S. attorney Kathryn Warma. “Criminals are getting access to incredibly valuable information.”

When other users might search on Limewire for “Madonna,” a criminal can search for “federal tax return,” or for student financial aid forms or other financial information, Warma said. And instead of getting access to a few hundred files containing Like a Virgin or Papa Don't Preach, they would get a few hundred files containing tax returns.

Boback showed during a news conference Thursday the searches being conducted on peer-to-peer networks at that moment. As the searches were entered, they scrolled rapidly along the screen of his laptop. Many clearly concerned music files and pornography, but interspersed were scores looking for files that contained terms such as “password” and “medical billing.”

Warning for users
“There are tens of thousands of individuals who make a living doing this,” Boback said.

A Limewire representative could not immediately be reached for comment. At a congressional hearing on July 24 regarding file sharing, the chairman of Lime Wire LLC, Mark Gorton, said the company warns its users about the dangers posed by the software and instructs them on how to use it safely.

“We continue to be frustrated that despite our warnings and precautions, a small fraction of users override the safe default setting that comes with the program and end up inadvertently publishing information that they would prefer to keep private,” Gorton said.

Saturday, January 3, 2009 Attorney General Kelly A. Ayotte encourages people to add some consumer-friendly activities to their list of New Year's resolutions. "These simple tips, such as monitoring your credit report to guard against identity theft, staying safe online, reporting scams, and learning about credit, can save consumers time and aggravation in the upcoming year. Taking some proactive steps as suggested below may help prevent consumer fraud in the first place," she said.

1. Get a free copy of your credit report. Visit www.annualcreditreport.com or call 877-322-8228 to request a free credit report once every 12 months from each of the nationwide consumer credit reporting companies. AnnualCreditReport.com is the only site consumers can depend on for a truly free credit report with no strings attached. To learn more about credit, mortgages, debt collection, and other financial issues visit http://www.ftc.gov/credit.

2. Stay safe online. The Internet provides access to information, entertainment, financial offers - in short, a world of countless products and services. Use security software and keep it up-to-date to reduce your risks from scammers, identity thieves, phishers, and more. Go to the New Hampshire Attorney General's online Identity Theft Toolkit to learn more.

3. Deter identity theft. Information packages can help consumers deter, detect, and defend against ID theft, and minimize the damage it can cause.

4. Foil a phone fraudster. Criminals use the phone to commit many different types of fraud, including sweepstakes and lottery frauds, loan fraud, buying club memberships, and credit card scams. Find out how to avoid them at www.ftc.gov/phonefraud.

5. Register a number. The National Do Not Call Registry gives consumers a choice about whether to receive telemarketing calls at home. Telemarketers are prohibited from calling phone numbers that have been on the Registry for more than 31 days. If calls are received, consumers can file a complaint with the FTC. To register a home or mobile phone number for free, visit www.donotcall.gov or call 888-382-1222.

6. Teach a kid about commerce. Take a kid to a virtual mall with interactive activities that provide lessons about advertising, marketing, and the benefits of competition.

7. Save energy. Consumers can save energy and money - whether they are buying a new refrigerator or trying to reduce their home heating and cooling bills. Find out how to save money in virtually every room of the home.

8. Have some healthy skepticism. At http://www.ftc.gov/health, consumers can learn how to spot health scams, such as fake cancer cures and bogus weight loss products, and do some research on buying generic drugs, Lasik eye surgery, and using dietary supplements. Consumers can also learn about rights they may not even know they had - like the right to obtain a copy of prescriptions for eyeglasses or contact lenses.

9. Report a rip-off. If you believe that a business has engaged in an unfair or deceptive practice, file a complaint with the New Hampshire Attorney General at http://www.egov.nh.gov/identity-thef and with the Federal Trade Commission

Ghost of Christmas Past (TJX) Still Casts Specter on Present and Future
December 22, 2008 - Linda McGlasson, Managing Editor

1. TJX Case Winds Up, Arrests Made 
Earlier this year, The TJX Companies (parent of retailer TJ Maxx) settled in federal court and paid out millions to its federal regulator, the Federal Trade Commission, banking institutions, credit card companies and consumers to bring to a close the court cases that had threatened to overwhelm the company.

The August arrest of 11 alleged hackers accused of stealing more than 40 million credit and debit cards brings law enforcement closer to closing what is still the largest hack ever. The U.S. Department of Justice brought charges against 11 alleged hackers from around the globe. Some of the hacking gang were nabbed and brought to the U.S. to face trial alongside three U.S.-based defendants. Two of the defendants, Christopher Scott and Damon Patrick Toey, have already pled guilty in the case. Others including the ringleader, Alberto Gonzalez, await trial.

Lesson Learned: The wide-range of the perpetrators brings to light something that those in the cyber intelligence realm have known for some time: Criminal hackers are part of a very mature and multi-billion dollar industry that reaches around the world. No organization is immune to the threat.

2. Bank of New York Mellon
An unencrypted backup tape with 4.5 million customers of the Bank of New York Mellon went missing on Feb. 27, after it was sent to a storage facility. The missing tape contains social security numbers and bank account information on 4.5 million customers - including several hundred thousand depositors and investors of People's United Bank of Connecticut, which had given Bank of New York Mellon the information so it could offer those consumers an investment opportunity.

Lesson Learned: For Bank of New York Mellon, know that when data is released to a third-party that their security is as good or better than yours. Encryption isn't just something that is good for the data held at an institution; it's also something to consider for data that leaves the institution.

3. Hannaford Data Breach
In March, the Maine-based Hannaford Brothers grocery store chain announced that 4.2 million customer card transactions had been compromised by the hackers. More than 1800 credit card numbers were immediately used for fraudulent transactions.

The affected banks and credit unions were forced to reissue the credit and debit cards. Within two days of the breach announcement, two class action suits had been filed on behalf of customers against the retailer. The retailer claims its systems were PCI-compliant and had passed a PCI assessment shortly before the hack was discovered.

Lesson Learned: The case is still open, and forensic reports by security investigators brought in by Hannaford have not been made public. The PCI Security Council has pledged that if the PCI requirements are found to be wanting in light of the report, they will make changes to tighten the requirements. Cases such as Hannaford may be the impetus behind legislation to require prompt notification of a data security breach.

4. Countrywide Insider Theft
In August, a former Countrywide Financial Corp. senior financial analyst, Rene Rebollo, was arrested and charged by the FBI for stealing and selling sensitive personal information of an estimated 2 million mortgage loan applicants. How he did it over a two-year period was to download about 20,000 customer profiles each week onto flash drives, working on Sunday nights, when no one else was in the office. Rebollo then took the excel spreadsheets to business center stores to email to buyers.

Countrywide, now owned by Bank of America, was already facing money and reputation issues because of the subprime loan meltdown before it faced the insider threat of Rebollo.

Lesson Learned: While Countrywide and Bank of America now know firsthand what a rogue insider can do, other institutions need to do a better job of monitoring their employees and creating asset controls. As the economy continues to produce layoffs, this threat may become even more so, as fearful employees look to cash in on their trusted status and take data just in case they face unemployment.

5. GE Money Backup Tape Goes AWOL
Early in January, Iron Mountain said it could not find a backup tape that belonged to GE Money, containing information on J.C. Penney customers and 100 other retailers.

The tape was stored in an Iron Mountain vault, says an Iron Mountain statement issued about the loss, and had been requested by GE Money in October 2007. The tape contained the personal information of about 650,000 J.C. Penney customers and the other 100 retailers. GE Money processes credit cards for those retailers. As a records and archive company that specializes in records management, Iron Mountain was at a loss to explain the tape's whereabouts.

Iron Mountain said it was an unfortunate case of a misplaced tape, but asserts that there was no evidence that the information was obtained and used by unauthorized persons. The missing tape also included about 150,000 social security numbers.

Lesson Learned: While GE Money paid for credit monitoring for the 650,000 credit card holders, Iron Mountain may have learned to better monitor where media is located. For the rest of companies that hold information of a personally identifiable nature, there is another reason to keep it safe from prying eyes. The cost of an average data breach can hit a company's bottom line. According to a study conducted by the Ponemon Institute, an independent information security and privacy research group, data breaches are costing businesses an average of $197 per customer record, up from $182 in 2006.

6. RSA Report: Half-Million Banking ID's Stolen
In November, security vendor RSA said it found a single Trojan that had taken more than 500,000 online banking accounts credentials, credit cards and other resources. The company's Fraud Action Research Team added that the hacking gang behind the Trojan may have been operating for as long as three years. The compromised data came from hundreds of financial institutions around the world.

Lesson Learned: The Trojan Sinowal is so tricky that the average institution or customer would not even know that they are infected with it. Taking a professional, defense-in-depth approach to protecting a network and customers is the best remedy.

7. Compass Bank Hard Drive Stolen, 1 Million Accounts Taken
At the sentencing of a former bank programmer at Compass Bank in Birmingham, AL. in March, it was revealed that the accused had stolen a hard drive with 1 million customer records and used it to commit debit-card fraud. James Kevin Real is now serving a 42-month sentence and was ordered to pay back the more than $32,000 that he and an accomplice withdrew from Compass Bank customer accounts. The bank claimed that the customer records contained limited information, but Real was able to create 250 counterfeit debit cards. He used 45 of them to access and withdraw cash before being arrested.

At the time of Real's sentencing, Alabama was one of 11 states that didn't require companies to automatically notify customers of data breaches.

Lesson Learned: Compass Bank dodged a bullet in terms of cost on this breach. It would have had to notify all 1 million customers of the compromise of their data had the hard drive theft been in a state that requires notification. Other than the 250 customers that Real took money from, no other customers were notified of the data loss. That means that 999,750 of the other 1 million customers weren't notified of the potential risk.

8. Ski Resort Okemo Suffers Hannaford-Like Data Breach
In an attack similar to what hit Hannaford Brothers in March, the Okemo Ski Resort in Vermont said in April it had been hit by hackers that installed malicious software to capture credit card data as it was being processed at the resort. Law enforcement officials at the time said they were investigating as many as 50 other similar incidents in the Northeast.

Lesson Learned: PCI compliance is like a driver's license—it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it is in compliance.

9. Retailer Montgomery Ward
Six months after a breach happened at the parent company of the Montgomery Ward website, the company Direct Marketing Services finally began notifying customers that their credit card information was stolen in the hack. At least 51,000 records were stolen out of a database in December, 2007.

Direct Marketing said it had promptly contacted its payment processor and Visa and MasterCard, and it also notified the U.S. Secret Service.

Lesson Learned: Direct Marketing Services was forced into contacting the customers after the company CardCops, an investigative firm that tracks credit card thefts for the financial services industry, found more than 200,000 payment cards being offered for sale on an Internet chat room often visited by card thieves. Better to take the public relations role and confess the breach than possibly face data breach notification lawsuits by consumers and state attorney generals.

10. More Than $5 Million Taken By ATM Capers
The Automatic Teller Machine capers are hitting everywhere. In June, two men were charged with making hundreds of withdrawals from New York City ATMs, grabbing $750,000 in the process, using stolen information from a previous computer intrusion into a Citibank server that processes ATM withdrawals. One of the same accused also allegedly took $5 million in withdrawals from iWire prepaid MasterCard accounts.

Lesson Learned: While Citibank denied the indictment's charge that their server had been breached and blames a third-party transaction processor for the compromise, it still meant it had to notify and reissue new debit cards to those customers that the bank believed were exposed to increased risk.

“PCI compliance is like a driver's license—it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it is in compliance.”

Don't get caught with your ID Theft pants down. Schedule a FREE seminar for your company's employees, from the top down, that will help to ensure that your company is in compliance with identity theft laws. Call (888) 206-2978, or e-mail JB@Get-AroundToIt.com today! Don't find your company on this list in 2009!

Identity theft is very common in todays' world. It is very easy for almost anyone to get all kinds of information about you- either on the
Internet, by calling and tricking you into disclosing information, or even from mail you might leave in your vehicle or home. A different kind of identity theft has been going on for many, many decades.

This is postmortem identity theft. That's right, people can steal your identity even after you die. This can have disastrous consequences on your surviving family members when and if it is discovered.

How could something like this happen at all? Well, all it takes is an identity thief to read the obituaries and find someone who matches either what they look like or what their clients are looking for.

Once you have a name and birthday, all you have to do is go to city hall and get a death certificate. Social security numbers actually remain valid for a number of years after death due to paperwork pileup and overall population. This enables the use of that social security number for a long time with no worries.

The problems with postmortem identity theft arise when creditors notice this person is amassing a lot of debt. There will be a lot of confusion between family members and creditors as they try to sort this all out.

If there are inheritances, the creditors may try to get paid from that lump of money before any family members receive their share. This is very unfair but that's exactly what the identity thief wants.

By the time all this has happened, odds are the thief has moved on to another victim. To protect yourself, make sure to notify the Social Security Administration as well as all creditors and consumer reporting companies. If they know this person is deceased, they won't issue credit cards and notify you immediately if that social security number gets used.

Get your personal and legal life in order with our low cost, easy-to-use membership plan! Why wait until something happens and then scramble to try and get it taken care of? You don't have to be in trouble to need the advice and guidance of an attorney. Get a comprehensive will, legal power of attorney, and directive to physicians (living will) now, while you're alive, so that your family won't have to suffer more when you're not.

Call (510) 931-5805, or (888) 206-2978, toll-free, for more information.

By DIANE WETZEL

By Stephen Gurr and Brandee Thomas
news@gainesvilletimes.com

Two Rochester Hills residents reported separate incidents of identity theft Nov. 22. In both cases, they had no idea who had perpetrated the fraud or how their personal information had been obtained. A Grosse Pines Dr. resident learned that someone had opened a credit account using her Social Security number. She said she had received a letter about the account being opened, but ignored it since she hadn't applied for it. Then she was contacted by Dell about the account, and called police. A Glenbrooke Ct. resident found charges on his phone bill he didn't recognize. Upon questioning, he learned that someone set up an e-mail account, using his address and phone number for billing.

Larceny

Two cars were broken into on Snowden Circle overnight Nov. 22-23. At one address, a window was smashed on a 2006 Volvo. The thief rifled through the glove box; a briefcase and glasses were stolen. At the second house, a window was broken on a 2004 Volkswagen and the glove box was again gone through. A GPS unit, camera and satellite radio were stolen. Both cars were in driveways.

Two cars were entered on Warrington overnight Nov. 22-23. At one house, a GPS unit was stolen from the glove box. The owner found the door ajar. At the second house, an unlocked pickup truck was entered and a purse belonging to a Sterling Heights woman was stolen. It was found in a neighboring driveway.

 

By Brian Krebs
washingtonpost.com Staff Writer
Friday, November 28, 2008; Page E10

Federal authorities this week announced a series of arrests and convictions in connection with a global identity theft ring that stole millions of dollars by hijacking home-equity lines of credit issued to thousands of consumers.

On Monday, state and federal law enforcement officials arrested four men who were part of a group that allegedly combined high-tech equipment with old-fashioned con-artistry to drain home-equity lines.

According to charging documents unsealed this week in New Jersey's U.S. District Court, the men and four others arrested earlier this year tricked multiple banks and credit unions into wiring more than $2.5 million from home-equity lines to accounts controlled by members of a fraud ring in Canada, China, Japan, Vietnam and South Korea, among other countries.

Last Thursday, three people authorities say were connected to the New Jersey gang pleaded guilty in the U.S. District Court for the Eastern District of Virginia to conspiracy to commit bank fraud and related charges. Officials say they stole at least $10 million through home-equity scams.

The cases highlight what the FBI calls an "emerging scheme" afflicting the struggling real estate and mortgage market. In such crimes, thieves target people with good credit and large, untapped home-equity lines of credit, digging through public records -- such as property deeds and mortgages -- as well as publicly available Internet databases to obtain credit applications, credit reports and victim signatures.

"Home-equity lines of credit are an expanding front in the battle against mortgage fraud," said New Jersey U.S. Attorney Christopher J. Christie. "Homeowners should carefully review their statements to make sure their hard-earned equity is not disappearing from under their noses."

According to the criminal complaint, the defendants and alleged co-conspirators used fee-based Web databases to find documents that included names, birthdates and Social Security numbers of people with large balances in home-equity credit accounts.

The government alleges that the group also used other online database to locate answers to common security questions, such as the victim's mother's maiden name, and used the combined information to order credit reports in the victim's name to verify account balances.

Authorities say the defendants then would phone the victim's bank or credit union and ask it to wire a substantial portion of the line of credit to banks in Asia and Canada.

In the Virginia cases, the defendants acknowledged using caller-ID spoofing services, prepaid cellphones and PC wireless cards to hide their location and identity online. In many cases, the government alleges, the defendants transferred victims' home telephone numbers to alternate lines they controlled to stay one step ahead when the banks called to verify transfer requests.

Law enforcement officials say the New Jersey group operated in much the same way. Hakeem Olokodana, 41, one alleged ring member awaiting trial in New Jersey, is accused of asking a victim's bank to wire $675,000 to an account in Tokyo. Olokodana allegedly called Verizon posing as the victim, complaining of problems with his home phone line. He then persuaded Verizon to forward all incoming calls to a separate telephone number that he controlled, according to officials.

Verizon spokesman Eric Rabe said the company's customer support technicians employ a number of methods for verifying such requests, from asking about information on the customer's last phone bill, to the amount of the last payment.

"We are a frequent target of these kinds of attacks." Rabe said. "And while we may not be 100 percent successful at stopping them, we certainly have lots of measures in place to prevent this sort of thing."

The government alleges that Olokodana and other conspirators also traded personal and financial data of their victims using free Web mail accounts. Investigators say the men took care to mask their location by variously accessing the e-mail accounts via public wireless networks and through wireless PC cards acquired using billing information of other victims.

Arrested Monday were Derrick Polk, 45, of Los Angeles; Oludola Akinmola, 37, and Oladeji Craig, 39, of Brooklyn, N.Y.; and Oluwajide Ogunbiyi, 32, of Springfield, Ill. They appeared Monday in federal courts in Newark, Buffalo, Los Angeles and Springfield. All four face charges of wire fraud, which carries a penalty of five to 50 years.

Between August and October 2008, charges were brought against Olokodana, and Yomi Jagunna, 44, both of Queens, N.Y.; Abayomi Lawal, 45, of Brooklyn; and Daniel Yummi, 40, of New York. They also face wire fraud charges.

Yummi's court-appointed attorney Marc Leibman said his client is married and has a family in California, despite having been deported from the United States previously. Leibman said "the government's evidence against my client appears to be insurmountable."

"Mr. Yummi is presumed innocent until he pleads guilty," Leibman said. "But we will strive for the most just result."

An attorney for Olokodana said he had just been retained and was not able to speak about his client or the case. Calls to attorneys for the others charged were not returned.

Last week, Precious Matthews, 27, of Miami, and Ezenwa Onyedebelu, 20, and Brandy Anderson, 30, both of Dallas, pleaded guilty in Virginia to conspiring to possess personal identification information with intent to commit wire fraud, conspiring to commit wire fraud and conspiring to gain unauthorized access to computers.

Matthews and Onyedebelu face a maximum penalty of 30 years in prison, a fine of up to $1 million and up to five years of supervised release, according to prosecutors. Anderson faces a maximum penalty of five years in prison, a fine of up to $250,000, and up to three years of supervised release.

In a report released last summer, the Credit Union Information Security Professionals Association said a number of credit unions have beefed up security in response to an increase in home-equity fraud, but those precautions have come with their own costs: "Customer service call times have increased one minute on average due to increased security verifications, and some legitimate members are failing increased security questions," the report noted.

Anne Wallace, president of the Identity Theft Assistance Center, a nonprofit industry group, said properly training bank employees to detect fraud is critical.

"It's a challenging problem for companies across the board," Wallace said, "how to train your employees to balance customer service and protecting critical assets."

Wallace said consumers can help combat this growing form of fraud by keeping a close eye on bank statements and by taking full advantage of a federal law that guarantees consumers a free copy of their credit report from each of the three major credit reporting bureaus. Consumers can request credit reports three times a year for free at each credit bureau.

Contact us to arrange a free identity theft orientation for your employees. (888) 206-2978 toll-free, or (510) 931-5805 direct. E-mail JB@Get-AroundToIt.com or visit Get-Around-To-It for more information.

Enforcement Delayed for FTC-Governed Institutions; Liability is Not November 12, 2008 - Linda McGlasson, Managing Editor

State-chartered credit unions may think they've at least temporarily dodged the enforcement bullet re: the Identity Theft Red Flags Rule. But just because the Federal Trade Commission (FTC) pushed back the compliance enforcement deadline for these institutions doesn't mean that they can take a break, industry experts say.

In fact, compliance will be a huge challenge for non-banking entities and those state-chartered credit unions, says Debra Geister, Director of Fraud Prevention and Compliance Solutions at Lexis-Nexis, an information services provider. While the bigger, federally-regulated banking institutions have pre-existing programs in place to meet the ID Theft Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA) requirements -- including a Customer Identification Program -- they are still struggling to meet compliance with the guidance, which had been estimated by federal regulators to take anywhere from 20 to 40 hours of work to be compliant.

"The problem for these non-banking entities is when you take this apart and see everything that has to be in place, it is a daunting task," Geister says. "It will be a lot more work for the non-banking companies that don't have the existing fraud programs in place."

And for non-banking entities that aren't regularly examined by federal agencies, compliance is a whole new organizational challenge.

Enforcement Delayed; Liability is Not When the FTC announced that six-month suspension of Red Flag Rule enforcement, many companies breathed a big sigh of relief, says Thomas Oscherwitz, vice president of Government Affairs and chief privacy officer at ID Analytics, a risk management solution company. "Some compliance officers may now be tempted to take their Red Flags working folders off their desks and put them in long-term storage," he says. "My best advice: Keep that folder on your desk; you still need it."

The three main parts of the regulation are: The Red Flags program, the address change process, and the address discrepancy rule. The last two are already being enforced since Nov. 1, despite the FTC's announcement that it was pushing back enforcement for businesses under the FTC's jurisdiction until May 1, 2009.

"Many businesses don't realize that point, that even though the FTC isn't enforcing compliance, it doesn't mean those businesses won't be liable if a data breach or loss of information occurs," Geister notes. The key issue is that the law was effective January 1, 2008. It was only the compliance portion that was not being enforced until November 1.

There are two dramatically different kinds of enforcement at work on this regulation, Geister observes. "With the FDIC, OTS, OCC, and NCUA's portion, a banking institution's expectations are [compliance] will fall under their information security exam or their safety and soundness exam (or both), so that is scheduled ahead of time. They know when they're going to be examined."

However, it's much different for non-banking entities, where the FTC operates as a law enforcement agency and reacts swiftly to consumer complaints. "So when a consumer calls in a complaint, the FTC isn't going be sitting on their hands. They're moving in to check it out," Geister notes. "If I were a business on the FTC side of enforcement, I would be nervous. At any time it could fall directly into your lap, and at $2500 per infraction -- not to mention the PR implications that a business would have to handle - well, it won't be good."

The FTC will look to put some "heads on sticks" when enforcing this regulation, predicts Geister. "They anticipate non-compliance, and when a business is hit with a breach, they will march you out to the center of the square and shoot you publicly." Geister cites earlier FTC enforcement actions against retailers such as DSW, BJ's Wholesale Club, and TJX, among others.

Oscherwitz agrees and adds compliance officers working in industries granted an enforcement delay should also keep in mind that this delay will likely make the initial FTC enforcement of the regulation tougher.

"Once May 1 rolls around, prudent compliance officers should not expect any leniency for programs that are works in progress," he predicts. Companies should anticipate that the FTC will expect full compliance. "So in reality, to avoid regulatory risk, compliance programs should be operational and audit-ready well in advance of May 1."

One can look at the FTC enforcement delay as a reprieve, he notes. "But prudent compliance officers should take this delay as a clarion call from the FTC that it takes these rules seriously and expects companies to develop compliance programs in earnest. "Use this time to build a Red Flag program that will protect your organization and customers over the long haul."

iProfile, an online CV company, recently conducted an experiment to see how many job seekers are unwittingly exposing themselves to identity theft.

They posted a fake job advertisement for the company 'Denis Atlas,' an anagram of “steal an “id.” Then they hired former fraudster Bob Turney, a reformed identity thief who now aids in keeping consumers better-informed about fraud vulnerability, to inspect the content of the resumes for vulnerability pockets.

If the job seekers had simply googled the company before applying, they would have seen that the whole project was a ruse. Instead, in one week, 107 resumes were sent to the fake listing. Turney said that of the 107, over half contained enough personal information for an ID theft to occur.

Turney said, “While many people now routinely shred things like bank statements and utility bills, they still seem happy to send their CVs to complete strangers. They need to realize just how easy it is to use the information in a CV to set up a bank account or to take out a credit card fraudulently.”

According to iProfile, a criminal only needs just three out of fifteen key pieces of information to commit identity theft, including date of birth, address, passport numbers, and detailed references. Rick Bacon, CEO of iProfile, said that job seekers need to host their resume securely on their Internet by using a reputable provider instead of aimlessly emailing resumes to unverified sources.

“There are many people who just place their CV online in an unsecured manner, for example by setting up their own simple web page,” Bacon said. “We'd caution against this as it can expose them to identity fraud. Stick to the established providers who invest in security and processes to protect your information online.”

Here's some simple ways job seekers can protect themselves against identity theft:

Verify that the company who is posting is legitimate

Be cautious when accessing personal information on public computers

Shred old copies of your resume

Use a phone-masking service to protect your personal number.

Do not include DOB, marital status, or place of birth on your resume

BULKSMS.COM

Companies that communicate with their customers using text messages could leave those same customers wide open to identity theft by fraudsters. Dan Perrin, business development manager at BulkSMS.co.uk, a provider of desktop and web-based mobile messaging solutions, explains why companies need to ensure that their customers are made aware of the types of text messages they send out, and what, if any, information they might request via the mobile phone channel, to reduce the risk of the customers falling victim to text message fraud.

Technology is used to protect people and companies against fraud but unfortunately it can also be used to assist fraudsters during a scam, especially when certain technologies are used widely among businesses to send communications. Increasingly, reckless communication practices by companies play into the hands of fraudsters. All it takes is one irresponsible communication that fraudsters can replicate and a company's integrity will be at risk and its customers' defrauded.

This is true for email where the most common techniques used to defraud people are phishing scams, an attempt to trick a person into revealing personal information such as credit card details or bank account information by sending an email with a fake web address or telephone number, and '419 scams', so named after the section of the Nigerian penal code that addresses fraud schemes, where a person is persuaded to advance relatively small sums of money in return for larger financial gain.

Due to the broad appeal of text messaging for business communications, phishing scams now also target mobile phone users by using a text to initiate a communication. For example, text message phishing, occurs when customers receive a text message from what seems to be a reputable financial institution prompting them to call a telephone number due to a possible fraudulent transaction on their account. They are then requested to divulge their PIN number, or other personal details, on the pretence of changing their PIN to secure their account. The fraudster however is now able to access the callers' funds. Customers become victims of the very fraud that they are trying to prevent when they follow up on these sorts of text messages.

The communications conundrum
While text messaging can be used in many ways to make transactions safe and reliable, it requires the careful planning and the implementation by companies of suitable communication policies and procedures. Companies require a good understanding of the benefits of texting - messages are read immediately as people have mobile phones with them all the time. Companies also need an understanding of the text message's weaknesses - these messages are not encrypted and are easy to imitate.

Some financial institutions may even perpetuate the impression that it is acceptable to divulge your personal information via insecure electronic channels – as long as you provide it only to your own banking institution. For instance, an institution may request your name, credit card number, Identity number and preferred e-mail address to the email address given in the text or call the client care centre telephone number provided. Not only is email an insecure means to send personal information but fraudsters can quite easily pretend to be your bank and imitate marketing material, emails and text message communications. Phishing scams go so far as to disarm customers by including the warning: “don't divulge your personal information to anyone but your trusted bank” in emails sent.

Then there are your typical banking notifications sent by text message telling you that someone has logged onto your internet banking account. The bank's name is followed by: “Internet – confirmation of log on: Account number ending in …5601: 26June08: 17h45: Helpline: xxx xxx xxxx”. As text messages are sent in plain text, it is very easy for a fraudster to imitate this message and include their own contact number in a message. In addition, by sending you this message, you would suspect that someone has fraudulently logged onto your Internet bank account. You call the number displayed in the text message thinking it's your bank's call centre, and there is someone on the line that asks you for all your relevant personal and account details and then offers to change your PIN to ensure the security of your account. At that point you have given all your account details and are now open to fraudulent activity on your account.

While it is easy to get caught up in the threat of text message phishing scams, the most effective solution to combat this fraud is for businesses to educate their customers about the risks involved when responding to a text message. Fraudsters rely on the ignorance of people and the trust customers place in their bank or other reputable brand.

Tips for customers:

1. Never respond to a text or email message that requests personal information. Do not divulge sensitive information such as credit card numbers via insecure electronic channels such as texting, e-mail or over the telephone.

2. Be aware that it is easy for criminals to imitate organisations by using electronic communications and initiate emails or text message phishing scams. If unsure whether or not something is a scam, always take the time to investigate it.

3. Always verify a contact number, especially those in emails or text messages. If the “bank” called you, call them back. Double check phone numbers that appear in a text message – you can do this via the Internet or by referring to any marketing material. For ease of reference, store banking phone numbers on your mobile phone, along with email and website addresses.

4. Never ever give your PIN number or password to a PERSON. Only use your PIN on systems that have been designed for this purpose, i.e. ATM's and official internet banking sites. These systems have been designed such that employees at the bank cannot access this information.

5. Report it. If you are unsure of how a company received your number, or are suspicious about a text message that you have received, you should contact the company and report your concerns. You can also visit the Mobile Data Association and 160Characters Association for more details on text messaging regulations in the UK.

During wartime, one of America's most solemn duties is to take care of its veterans. So why do careless government workers keep putting our vets at risk? That happened last January at a Department of Veterans Affairs medical center in Birmingham, Alabama, when an employee's portable hard drive containing Social Security numbers of more than 250,000 vets and more than a million doctors went missing. A jackpot for any identity thief, the computer was never found, despite an FBI reward. An inspector general later found that the VA office "did not take adequate information, physical, or personnel security measures to protect sensitive data from potential loss or disclosure."

Shocking, right? Well, it's even more shocking when you consider it had happened before. Less than a year earlier, another VA employee in the Washington, D.C., area brought home a laptop computer that held the names, birth dates, and Social Security numbers of 26.5 million veterans, only to have it stolen from his house.

When one chagrined U.S. Senator pronounced the incident "absolutely baffling," then-VA secretary Jim Nicholson assured Congress he was "mad as hell" and vowed to aggressively reform security practices. Another federal agency set new guidelines for the handling of portable computers, including the use of special encryption technology to keep unauthorized people from accessing sensitive data.

But the computer lost in Alabama wasn't encrypted. Neither was a laptop stolen from the car trunk of a researcher at the National Institutes of Health in February. That laptop had detailed information -- names, birth dates, medical histories -- on 2,500 patients enrolled in a federal medical study. (In a twist you couldn't make up, one of them was Texas Congressman Joe Barton, who also happens to be the founder of the Congressional Privacy Caucus. "I was stunned," Barton said.)

The San Diego-based Identity Theft Resource Center says that 2007 was a banner year for what it calls data breaches, with almost 128 million records reportedly endangered by theft, loss, or hacking. That's more than six times the 20 million exposed records the group counted the previous year. "That's unacceptable," says Ari Schwartz of the Center for Democracy and Technology. "People should be angry."

No one has yet reported being victimized as a result of government sloppiness, but it's only a matter of time: Identity theft is the No. 1 fraud complaint registered by consumers, according to the Federal Trade Commission. Scam artists who steal personal data can easily use it to make some cool cash -- and wreck your life in the process. Data thieves can sign up for credit cards, take out loans, and even receive medical treatment and stick you with the bill -- or commit a crime and then hand your information over to the cops. Have fun clearing that from your record!/

Portable computers have raised the risk. About one in five of the cases registered by the Identity Theft Resource Center so far this year involves a stolen or lost laptop. There was the U.S. Transportation Department laptop with data on 133,000 people that was swiped in July 2006 after a Miami-area employee left it in the back of his SUV when he went to lunch. In South Bend, Indiana, last November, a Memorial Hospital employee lost a laptop containing names, addresses, and Social Security numbers of more than 4,300 current and retired employees after reportedly giving it to a flight attendant to stow before takeoff.

It's not just our personal information, by the way, but also data with possible law enforcement or national security importance. A 2007 Justice Department audit found that the FBI was somehow losing 2.6 laptops per month, many with sensitive or classified information. More than 1,400 Energy Department laptops went missing in a six-year period, according to another audit. So much for homeland security.

Despite growing awareness of the problem, real safeguards are not in place. A February report by the Government Accountability Office found that only two of 24 agencies the GAO reviewed had implemented all the security measures recommended by the government. So it shouldn't be a surprise that the GAO also found that at least 19 of 24 agencies had experienced one or more breaches that could expose people's personal information to identity theft.

The same infuriating irresponsibility exists in the private sector: In March 2007, retailers T.J. Maxx and Marshalls admitted that 45 million debit and credit card numbers had been nabbed from their computer systems by hackers who most likely got it all wirelessly.

These kinds of incidents will continue until companies and the government take data privacy more seriously, says Linda Foley of the Identity Theft Resource Center. "People will take data home. It's just the way we are now," she says. "But there should be policies and procedures to protect this information, and they're lacking across the board." (Experts say banks and other financial institutions have generally been a happy exception to that rule.)/

One step, which all but 11 states have taken, is for companies and the government to notify the public when their data has been put at risk. But it took the VA three weeks to warn vets after its first major laptop loss -- a reminder that it's time for Washington and corporate America to get off their rears and pay more attention to the private data sitting in their laps. Do More… While you may not be able to stop government carelessness, you can protect yourself against ID theft.

Shred credit card information or any document with your Social Security number before throwing it away.

Make lists of your credit cards and emergency phone numbers in case your wallet is lost or stolen.

Check bank and credit card statements for suspicious charges, and order a copy of your credit report annually.

You can also be proactive in protecting your identity by purchasing a Pre-Paid Legal Identity Theft Shield protection plan.

As a real estate professional, you are out in the public eye. You have your phone numbers, addresses, and personal information everywhere so you will be noticed and gain business. But you are also exposed to identity theft.

Different Flavors of Identity Theft:

When your identity is stolen thieves can use it different ways. Running up credit is the most prevalent crime, but there is another one that has happened to a Washington appraiser. A competitor stole her identity and was appraising homes under her name!

Kathy Carpenter was reading an email on an appraisal when it hit her, she had not done that appraisal. What unraveled next was a sordid tale of identity theft by an office worker from another appraisers office who stole Kathy's identity and performed appraisals under her license.

The thief, Jean Faye Dodge, has been caught but Kathy is still fighting to find out and rectify the damage that has been done.

Read the rest of this article…

Identity theft has become a problem of enormous proportions in the United States. According to the Federal Trade Commission, nearly 10 million people fall victim to identity theft annually, costing consumers $5 billion in out-of-pocket losses and businesses $48 billion. For these individuals, the problems range from loss of credit to problems with medical history records and even potential wrongful exposure to criminal prosecution. The FTC's most recent study found that identity theft vict...

Secure Identity Systems Answers Call with Total Compliance Guarantee

While the clock ticks toward the Nov. 1 deadline, 50 percent of U.S. banking institutions are not ready to meet key provisions in the Federal Reserve's Red Flag rules, according to an Information Security Media Group survey. Over the next two months, financial institutions will be scrambling to reach total compliance or face potential sanctions and monetary p...

Phishing scams are no laughing matter. But when a tax-payer funded group tackles the topic in a comic book about identity theft, unintentional humor prevails. Cringely has the dirt.

Last week I wrote about the RIAA and its comic foray into warping the brains of our nation's youth via a "graphic novel" about the evils of Internet Pirac...

Click this link to see the interview. Get more information here. 

Associated Press 07.28.08, 10:59 AM ET

ADA, OKLA.

Pre-Paid Legal Services, which offers legal expense plans for a monthly fee to members, on Monday posted a 14 percent rise in second-quarter profit as its membership rose and costs declined.

For the quarter ended June 30, the company reported net income of $15.1 million, or $1.25 per share, compared with $13.2 million, or 99 cents per share, in corresponding period a year ago.

Per-share results reflects a 10 percent decrease in the number of outstanding shares.

Revenue rose to $116.9 million, up a bit more than 2 percent from last year's $114.1 million. Membership fees rose 2 percent to $109.5 million, while revenue from associate services gained 6 percent to $6.3 million. Expenses declined 2 percent, to $92.8 million.

Pre-Paid Legal Services sells plans to members that cover a range of legal expenses, similar to medical reimbursement plans. Law firms that are associated with the company's network handle criminal matters, routine civil issues like wills and home buying, and a program for dealing with identity theft.

In morning trading, Pre-Paid Legal shares fell 74 cents to $42.06.

Copyright 2008 Associated Press. All rights reserved. This material may not be published broadcast, rewritten, or redistributed.

============

Here are some comments on the above news story:

What You Need to Know About Identity Theft.

Written by Michael McCoy, this book is about the growing crisis of identity theft.  You can order the book here.

Follow the author's blog by clicking here.

With the information age quickly progressing, preparing oneself against identity theft has become an uphill battle for business owners and their clients.

From credit cards to social security numbers, thieves are making good money selling information abroad. Unfortunately, these white-collar criminals are rarely found.

One to two percent of all perpetrators are caught. Today it is so easy. All you need is a name and a social security number. Business people should know they are fully liable under the Federal Trade Commission if the stored information of their clients is breached (even when properly disposed of) and that they will soon be required to red-flag suspicious customers' information.

There are five types of identity theft: drivers license, social security, medical, character criminal and financial.

Your identity alone can be bought for as little as  $25.

According to the FTC, under the Fair and Accurate Credit Transaction Act of 2005, a business is still accountable for losses even if it takes precautionary measures, such as the shredding of personal information.

To further enhance accountability, the FTC passed a series of red flag laws in January that will require businesses (starting Nov. 1) to have up-to-date systems that alert them when someone is trying to use fraudulent information.

For example, if a person is using a different birth date than that of their social security number when applying for a loan, a red fl ag should pop up on a computer system that alerts the business of possible fraud.

Upgrading your computer system for better security requires updating both software and hardware, according to Cindy Karwacki.

Karwacki, a senior account manager for the Merchant Services Network, said many times when she evaluates business clients' computers, she finds newer security software in place, but often the machines are out of date.

"The equipment just isn't lasting as long as it used to because people are becoming so smart," she said. "I often advise people to rent."

Dempsey B. Hammond Jr., of Asset Protection Strategies, said thieves have gotten so good with hacking technology, that many can acquire credit card information with a special device by standing a few feet from the victim.

"The FTC knows you can't isolate yourself from identity theft," he said. "It's not a matter of if, it's a matter of when. Once you get something on your credit history you are guilty until proven innocent," said Hammond.

Many times identity is stolen from inside a company's walls. 50 percent of all identity theft comes from inside the workplace. And if security is breached, the trust of the customer is often lowered. If you experience a security break, 20 percent will no longer do business with you It also costs an average of $92,000 per victim (to clear up the identity beach).

There are a few things to help prevent your business from having a security crisis arise. Be cautious with how you share your information. You can no longer protect your information from being available, but you still should not make it any easier for people to acquire.

Hire a service that will both monitor and store your information. Many times people have monitoring services, but can't give you back your identity once it is lost. Realize identity theft is not just about money. Your identity is much harder to recover than any financial loss. Don't treat it like a wallet.

If you would like inform yourself and your employees about your risk for identity theft and what you can do about it, contact JB to arrange a free, 10-15 minute presentation.

As a business owner, have you ever:

• Signed a contract or document you hadn't fully read or understood?
• Had difficulty collecting money from customers?
• Wanted to have a resource for ANY business or legal question?

If you answered yes to any of these situations, we may be able to help.

You understand identity theft is a problem facing many people.

You may even know some of those people, or be a victim yourself.  Those who have not experienced it firsthand may not think about identity theft except when it pops back up in the news again.  Unfortunately this complacency can lead to an underestimation of the risk.  Unfortunately, we're all at risk:

• Do you hand your credit card to servers at restaurants?
• Do you sign your credit card?
• Do you supply personal information over the internet?
• Do you leave mail at your home or business for the postal carrier to collect?
• Do you shred unwanted mail containing personal information?

Learn more about how to be proactive by clicking on your country of residence.

• United States
  
• Canada
  

Medicare is doing nothing to protect its elderly recipients from identity theft. The health care provider's continued use of Social Security numbers on recipients' insurance cards puts millions of people at risk. Despite recognizing the danger, Medicare officials have balked at making any changes. Continuing a practice that make people vulnerable to criminal activity can't be justified. Congress should pass legislation to protect seniors, since Medicare refuses to.

Identity theft has become the most popular and profitable form of consumer fraud. Approximately 8 million Americans were victims last year, according to the Federal Trade Commission. Individuals can ill afford to be lackadaisical about keeping their personal information away from crooks. The government should be just as vigilant about protecting citizens' information, not make it easy for thieves to wreak havoc with peoples' credit and lives.

A Social Security number in the wrong hands can open the door to a multitude of trouble. It can be used to open bogus accounts, get credit cards, loans, mortgages or other services. The onus usually falls on the victims to clear their names and restore whatever damage has been done to their credit or reputation.

Warren Hufty relays the story of his wife's vicious mugging and robbery at the Bayshore Shopping Center over a month ago.

By ROBERT NAPPER
rnapper@bradenton.com

MANATEE -- Warren Hufty is a believer that tough economic times are turning law-abiding citizens into criminals. Criminals are coming out of the woodwork, he says; two of them attacked his wife in a shopping center parking lot. With $5,000 in medical bills piling up, he not only wants the criminals who attacked his wife caught, but fears for the future.

"As the economy gets worse, these people are going to come out and try to get money any way they can," Hufty said.

Hufty is not the only one seeing an economic downturn as a catalyst for crime.

Both crime analysts and crime fighters alike say an economic downturn can increase crime rates. Manatee County Sheriff's Office Sgt. Matt Miller oversees fraud investigations for the agency and says reports of identity theft, credit card fraud and check forgeries have skyrocketed.

"I think with the economy getting worse, people are doing anything they can to survive," Miller said.

Hufty believes the man and woman who robbed his wife are not only violent, but desperate. After they snatched her purse, Hufty's wife tried to fight back and her arm got caught in the window of the attackers'. They dragged Hufty's wife, a 50-year-old frail woman who suffers from rheumatoid arthritis, 100 feet as she screamed for her life. Her arm turned black with bruises, several layers of skin were ripped from her thigh and her legs were severely cut from the dragging.

"They then threatened to kill her and my grandson if she talked to the police," Hufty said. "These people are sadistic. They did this to my wife over $50."

Hufty's wife fears her life is in danger and requested her name withheld.

"I am terrified that they will come get me and my grandson," she said. "For a while, I had nightmares."

In recent months, robberies and burglaries have increased in Manatee County, according to statistics released by the sheriff's office. From January to May, robberies increased 13 percent as compared to January through May 2007. Burglaries increased 15 percent during the same months.

As gas prices rise, deputies have also been combating sporadic gasoline thefts, large and small. In April, deputies made arrests in connection with the theft of thousands of gallons of diesel fuel from large Manatee farms. Deputies have also arrested fuel thieves siphoning gas and cutting gas lines on vehicles, according to sheriff's Sgt. John Andrews, who oversees theft investigations.

Miller said fraud crimes are also on the rise, with detectives working an average of 60 per month.

Identity theft is on the rise both nationwide and in Manatee. A recent Federal Trade Commission study said 1 in 4 Americans will become victims of identity theft, as compared with 1 in 5,000 violent crime victims. In 2001, the sheriff's office received 1,919 fraud reports, including identity theft, credit card fraud and forgery.

By 2006, the number of fraud cases jumped to 2,353, Miller said. Those numbers continue to rise to the point that detectives are having trouble keeping up, according to Miller.