Uncle Sam Fails to Heed Own Advice on Identity Protection

The government doesn’t have to look very far to see who’s ignoring its advice on preventing identity theft.

It’s the government itself.

The nation’s Medicare agency and the Pentagon want at least 52 million Americans to carry their Social Security numbers in their wallets, contrary to warnings by the Federal Trade Commission that people should avoid doing so.

At least 44 million Medicare insurance cards include the beneficiary’s full Social Security number. The number also appears on 8 million Defense Department identity cards used by active duty and reserve forces and their dependents, and on identification cards issued to military retirees. The Pentagon, however, plans to remove the numbers but won’t complete the effort until 2014.

And the Internal Revenue Service still tells taxpayers to write their Social Security number on checks used to make payments, a potential problem for those using the mail rather than filing electronically. The IRS has no plans to change the system.

Changing the identity numbers would cost Medicare less than two days’ spending for the war in Iraq.

All this contradicts advice from the Federal Trade Commission, the lead federal agency for deterring identity theft.

“Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check,” the FTC warned in a pamphlet sent months ago to every mailing address in the United States.

Source: Associated Press

---

Do-It-Yourself ID Protection

You don’t have to spend $100 to $200 a year to defend yourself from identity theft at the level of protection that a paid service offers. You can do almost everything the services do, for free. But following these steps will require time and effort.

1. Get a free copy of your credit report by visiting AnnualCreditReport.com. Don’t be fooled by look-alike sites that promise free reports if you subscribe to their credit-monitoring services. Better yet, order by phone at 877-322-8228.

2. For DIY credit monitoring, order a free report every three months from a different bureau. Scan the report for unfamiliar information, such as accounts you don’t remember opening.

3. Place a fraud alert on your credit report by calling one of the credit bureaus. (You can find contact information for all three bureaus by browsing to Fight Identity Theft.)

4. Put a recurring event in your online calendar to remind you to renew your fraud alert in 90 days.

5. Tell the bureaus to stop selling your information to credit services, by calling 888/567-8688 or visiting OptOutPrescreen.com. Doing so will reduce but not eliminate the number of preapproved credit card offers you receive.

6. Request a free public records report from ChoicePoint. You’ll have to print a form and mail it, along with copies of your driver’s license and proof of address. Scan the report for addresses and other details not related to you.

7. Take your name off other marketing lists by signing up for ProQuo.com’s free service. In some instances, you may have to mail letters or navigate to a marketer’s own site to complete your opt-out request.

8. Buy a mailbox that locks, or use a post office box. This will help prevent thieves from stealing your identity via paper mail.

9. Buy a crosscut paper shredder and shred junk mail to frustrate dumpster-diving identity thieves.

10. Never click a link from an e-mail message to log in to your bank or to any other financial institution. Type the secure site’s address into your browser, bookmark it, and use that link to access your accounts. Otherwise, you risk having your identity stolen by phishers.

11. If you believe that you are a victim of identity theft, contact the Identity Theft Resource Center. Volunteers there can walk you through the process of restoring your identity.

12. Get educated. Mari Frank’s IdentityTheft.org, the Privacy Rights Clearinghouse, and the Federal Trade Commission maintain huge libraries of information on how to avoid being victimized, and what to do if it has already happened.

Source: Computerworld

Lifelock CEO’s Identity Stolen

“There’s nothing on my actual credit report about uncollected funds, no outstanding tickets or warrants or anything,” Todd Davis said. “There’s nothing to indicate my identity has been successfully compromised other than the one instance. I know I’m taking a slightly higher risk. But I’ll take my risk for the tremendous benefit we’re bringing to society and to consumers.”

The above statement from Todd Davis was reported by the Wall Street Journal today when he was asked about his social security number having been used by someone illegally.

Mr. Davis routinely publicizes his social security number openly to dare the identity criminals and thieves to show how his Lifelock product and services protect customers’ identities from abuse. Mr. Davis acknowledged in an interview with the Associated Press that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday-loan operation last year into giving him $500 using Mr. Davis’s Social Security number.

Mr. Davis learned about the fraud in Texas when the payday-loan outfit called to collect on the loan, he said. He didn’t get an alert beforehand because the company didn’t go through one of the three major credit bureaus before approving the transaction.

Mr. Davis has become subject of a lawsuit claiming that his product does not protect the customers as advertised. It should be noted that Lifelock does offer a $1m guarantee to help defend customers and cover the losses in case their identity is compromised.

Mr. Davis denied his identity has been stolen. Speaking about the reports of his identity having been stolen, Mr. Davis said, ” Those are attempts,” Davis said, responding to a list of driving license applications offered by Matt Lauer of NBC. “These are some of the 87 people who tried to use my identity … and were turned away.”

The Today Show segment’s intro narrative said, however, that at least one person had successfully stolen Davis’s identity. This would make the CEO one of about 100 customers who the company has failed.

Companies like LifeLock can help guard against only certain types of financial fraud by helping consumers set up alerts with credit bureaus, which inform them when someone tries to open a new line of credit or boost their credit limit to finance a buying binge, for example.

The services don’t guard against many types of identity theft such as use of a stolen Social Security number on a job application or for medical services, or even the instance of an arrestee giving police a stolen Social Security number to shield his own identity.

Sources: Associated Press
Wall Street Journal

Identity Fraud Glossary

Identity fraud occurs when one of more piece of an individual’s personal information is used as a basis to create a profile for a nonexistent person.

Identity theft occurs when somebody steals your name and other personal information, such as a social security number, driver’s license number, and/or usernames and passwords, for fraudulent purposes, assuming your identity.

Pharming is a scheme whereby criminal hackers redirect Internet traffic from one Web site to a different, identical-looking site in order to trick you into entering your username and password into the database on their fake site. Unbeknownst to you, these hackers have hijacked your computer into going to the fake site or hijacked the DNS server on your intended site.

Phishing is the latest technique in identity theft. Scam artists send emails that contain links to malicious web sites to obtain personal information. The computer user follows the link, which directs them to a Web site that is designed to capture your personal information. According to the FBI, phishing has become the leading type of Internet-based fraud with financial institutions accounting for approximately 90% of all phishing attacks.

Malware, short for malicious software, is an umbrella term for any harmful software to a computer user. Malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

Keystroke logging (also known as keylogging) is a diagnostic tool used in software development that captures the user’s keystrokes. Keylogging can be useful. For instance, it is sometimes to measure employee productivity on certain clerical tasks or for law enforcement. However keylogging is also used by individuals to spy on computers by providing a means to obtain passwords or encryption keys. Unfortunately, keyloggers are widely available on the Internet.

Single-factor authentication describes username and password sign in systems and relies on something you know. If someone types in the correct username and password, access is granted to the account. Financial institutions have long known that single-factor authentication is difficult to keep 100% secure.

Smart cards contain an embedded microchip, called a “smart card chip”, that can contain much more information than a magnetic strip and can be programmed. Commonly used in Europe for electronic transactions, smart cards generally contain some form of security system.

Spyware is an umbrella term for any technology that gathers about a person or organization without their knowledge. Advertisers or other interested parties often use spyware programming to gather and relay information.

Trojan horses are programs that, unlike a virus, contain or install a malicious program sometimes called the payload or “trojan.” Trojan horses can run autonomously, masquerading as a useful program, or hack into the code of an existing program and executes itself while that program runs.

Two-factor authentication requires information you know and something that you have or own, to access an account. ATM cards, for instance, require something you know (one factor: your personal identification number) and something you have or own (second factor: your ATM card). Security experts recommend two-factor authentication over single-factor authentication.

Viruses are programs with the ability to replicate and install themselves, or infect, a computer without the computer user’s knowledge or authorization.

Worms are computer viruses which can self-replicate by resending themselves via email or a network message.

Identity Theft and Protection Primer

What is identity theft?

Identity theft or identity fraud occurs when someone uses your personally identifying information, such as your name, Social Security number, your birth date, or credit card number, without your knowledge or permission, to commit fraud or other crimes. The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector. Identity theft is serious.

How do thieves get your personal information?

Identity theft starts with the acquisition of your personally identifying information such as your name and Social Security number, credit card numbers, or other financial account information. For identity thieves, this information is as good as gold. Skilled identity thieves may use a variety of methods to get hold of your information, including:

1. Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.

2. Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.

3. Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.

4. Changing Your Address. They divert your billing statements to another location by completing a change of address form.

5. Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.

6. Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. For more information about pretexting, click here. back to top What do thieves do with a stolen identity?

What do thieves do with the stolen personal information?

Once they have your personal information, identity thieves use it in a variety of ways.

Credit card fraud:

* They may open new credit card accounts in your name. When they use the cards and don’t pay the bills, the delinquent accounts appear on your credit report.

* They may change the billing address on your credit card so that you no longer receive bills, and then run up charges on your account. Because your bills are now sent to a different address, it may be some time before you realize there’s a problem.

Phone or utilities fraud:

* They may open a new phone or wireless account in your name, or run up charges on your existing account. * They may use your name to get utility services like electricity, heating, or cable TV.

Bank/finance fraud:

* They may create counterfeit checks using your name or account number.

* They may open a bank account in your name and write bad checks.

* They may clone your ATM or debit card and make electronic withdrawals your name, draining your accounts.

* They may take out a loan in your name. Government documents fraud: * They may get a driver’s license or official ID card issued in your name but with their picture.

* They may use your name and Social Security number to get government benefits. * They may file a fraudulent tax return using your information.

Other fraud:

* They may get a job using your Social Security number.

* They may rent a house or get medical services using your name.

What consequences do victims suffer?

The victims of stolen identity can suffer a range of consequence from heavy financial losses to landing in jail for crimes committed by the identity thief. It may take a very long time and lot of expense to recover your good name after you discover that your identity has been stolen. The thieves may borrow large amounts of money in your name and destroy your credit. Or they may give your personal information to police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

How to protect your identity?

1. Protect of your personal information. Do not carry more than what you need in your wallet. Do not keep your social security card along with your driver’s license.

2. Protect your mail. Lock your mail box. Shred your bills and other documents with personal information. Erase the hard disk before disposing of your computer.

3. Monitor your credit. Sign up for a credit monitoring service.

4. Sign up for credit alerts so when anyone makes a credit inquiry or tries to take out a loan in your name, you get an alert.

5. To cover all bases, sign up for a proactive identity theft protection service that offers a wide range of services including protection guarantees up to $1m in losses.