identity theft
DESCRIPTION
TRANSCRIPT
Identity Theft: Protecting Your IdentityMarilyn A. Blake, CRMVP of Risk Management/Corporate Secretary(301) [email protected]
Presentation Overview/Goals
What is identity theft? How does it happen? What can you do?
DeterDetectDefend
Quick Statistics One of the fastest growing crimes today
#1 consumer complaint to Federal Trade Commission
42% of all reports of fraud are ID Impacts several million people per year; 27
million victims in the last 5 years $48 billion losses to businesses and financial
institutions $5 million out-of-pocket expenses that
victims have paid (time and expenses re-establish their credit and good name)
Average time to straighten it out—1 ½ years
Example of Identity Theft
One person reported that her tax refund was withheld due to past child support; child was born to a person using her name/SSN in another state that she’d never visited
One person couldn’t renew his DL or register to vote due to crimes committed in his name by another person—he was considered on probation
Example of Identity Theft
People have been denied employment or fired when a criminal record showed on the background check—really done by an imposter
Telcom—running standard MVRs for a company in MO found one with a revoked license—called authorities; turned out be an ID theft and the picture on the license wasn’t the telco employee; his name was wanted in TX for criminal offenses
Examples of Identity Theft in your business…
28% of complaints to the FTC said the identity thief opened up a telephone or cell phone account in their name
Are you susceptible?
Quick 10 questions (handout) The more “yes” answers, the more
susceptible you are
What is identity theft?
ID theft occurs when someone uses your personal information without your permission to commit fraud or other crimes
What kind of information? Credit card # SSN Bank account information
Ways ID theft can happen
“Dumpster diving”—going through your trash
Stealing your purse/wallet Stealing your mail or submiting a
change of address request form for your mail
Using “phishing” or fake emails to get you to provide personal information
Stealing personnel records/information from employers
What can you do to deter thieves? Safeguard your information
Shred papers Don’t leave printed personal information
lying around at home/work (often victims are friend/relatives/customers of the perpetrators)
Close inactive accounts Secure physical documents in locked filing
cabinets Secure and back-up electronic documents Don’t use obvious passwords
Deter: Specifically with checks Don’t mail checks from your home
mailbox, take them to the US post office Have new checks sent to the bank and
pick them up Store checks in a safe location (locked, if
possible) Leave off personal information on checks
Don’t use your whole spelled-out name Don’t put your phone number or drivers
license number on your checks
Deter: Social Security Numbers The key identifier to credit reports and
banking accounts is the SSN Be careful about giving it to doctors,
accountants, lawyers, schools, etc. Offer an alternative—like Drivers License # (most states are moving away from SSN and DL number being the same)
If a government agency requests your SSN, there must be a privacy notice accompanying the request
Deter: How are passwords compromised?
Sometime thieves trick you into revealing your password with bogus emails
More often people make their passwords something easy for them to remember (or they write it down in a place others can see it) and anyone who knows anything about the person can easily figure it out
Thieves have programs to go through all words in the dictionary to figure out your passwords
Deter: Keep your passwords safer
Don’t use the same password for all of your accounts
Don’t use any part of your SSN, mother’s maiden name, pet’s name, birth date, middle name, children’s name, or consecutive guessable numbers (1234)
Use character, number, and capitalization combinations (i.e. [email protected])
If you must write down your passwords, keep them in a safe place (locked away)
Deter: Keep your computers safe Install firewalls and virus-protection
software (personal and work) If you dispose of a PC, remove your data by
using a “wipe” utility (just deleting a file isn’t good enough)
Shred/break CDs, if you don’t need them anymore
Lock the computer, if you’re away for an extended period of time
Don’t forget PDA, smart phones have valuable information stored in them too
Deter: Watch out for cell phones In addition to the fact that people can
sometimes hear your conversationsSmile! You’re on cell phone camera
Deter: What is phishing?
Deter: What is phishing? A fraudulent email (spoof) pretends to be
from a company that you know and recognize trying to get personal information from you
Common characteristics: Generic greeting (Dear PayPal member) False sense of urgency (account is in jeopardy if
you don’t update ASAP) Fake links (mouse over the link and check the URL
—often @ in the middle of the URL means it’s a spoof)
Misspellings and bad grammar https—the “s” means secure, if you don’t see “s”
in the http, you’re not in a secure site Attachments (could contain a virus or spyware)
Deter: What is phishing?
Phishing scams are getting more popular among the online criminal set, according to a report out from the Anti-Phishing Working Group and Internet security firm Tumbleweed. The Phishing Attack Trends Report for April 2004 showed 1,125 different scams, a 75 percent increase over December 2003
Deter: Phishing Example ***Urgent Safeharbor Department Notice*** Fraud Alert ID : 00626654 You have received this email because you or someone else had used
your account to make fake bids on eBay. For security purposes, we are required to open an investigation into this matter. To speed up this process, you are required to verify your eBay account by following the link below.
http://scgi. ebay.com/verify_id=ebay&user=00626654 Please save this fraud alert id for your reference. When submit sensitive information via the website, your information
is protected both online and off-line. When our registration/order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry - SSL.
Please Note - If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be cancelled. We apologize for this inconvenience, but the purpose of this verification is to ensure that your eBay account has not been fraudulently used and to combat fraud.
We apreciate your support and understading, as we work together to keep eBay a safe place to trade.
Thank you for your patience in this matter.
Deter: New Market of Targeting Kids The ID Theft Resources Center in CA
receives 2-3 new cases per week of parents reporting that the children (4 months old, 12 years old) have been either turned down for a credit card or have an overdue account
Sometimes it’s an estranged parent or other family member with a gambling problem or in a nasty divorce
Sometimes young adults trying for their first credit card find out that someone has stolen their identity and they have been a victim of ID theft
Deter: More ways… Limit the # of credit cards you have and
don’t carry them all around with you Don’t carry your Social Security card
around with you; probably really only need it for I-9 verification
Copy the front/back of your credit cards and keep it in a safe place (not with the PIN)
Know the approximate date your individual bills arrive. If the statement doesn’t arrive, contact the sender
Deter: Active Military Duty If you are a member of the military and away from your
usual duty station, you may place an active duty alert on your credit reports to help minimize the risk of identity theft while you are deployed. Active duty alerts are in effect on your report for one year. If your deployment lasts longer, you can place another alert on your credit report.
When you place an active duty alert, you'll be removed from the credit reporting companies' marketing list for pre-screened credit card offers for two years unless you ask to go back on the list before then.
See Consumer Reporting Companies for contact information. The process for getting and removing an alert, and a business's response to your alert, are the same as that for an initial alert. See Fraud Alerts. You may use a personal representative to place or remove an alert.
Detect: Suspicious activity Be alert
Bills that don’t arrive Denials of credit for no reason
Inspect your credit report (at least once a year) Law entitles you to one free report a year from
each nationwide credit reporting agencies if you ask for it
Online: www.AnnualCreditReport.com; By phone: 1-877-322-8228; By mail: Annual Credit Report Request Service
P.O. Box 105281 Atlanta, GA 30348-5281
Inspect your financial statements Look for charges you didn’t make
Detect: Signs to watch out for Unexpected calls from creditors Strange credit card charges Getting turned down for credit
unexpectedly Account usernames and passwords or
ATM PINs stop working Missing bills Strange information in your files
Defend: As soon as you suspect Place a “Fraud Alert” on your credit reports
by calling any one of the three nationwide credit reporting companies: Equifax: 1-800-525-6285 Experian: 1-888-397-3742 TransUnion: 1-800-680-7289 Review reports carefully, looking for fraudulent
activity In 24 hours they SHOULD put an alert for
creditors to call before opening any accounts in your name, but creditors aren’t required by law to pay attention to fraud alerts
CA, TX, LA, and VT allows you to put a freeze on your account
Defend: As soon as you suspect Close accounts that have been tampered with
or opened fraudulently and change your account access information to something unguessable.
May want to contact the Social Security Administration, DMV, and utility companies
File a police report and send it to the creditors as proof of a crime
Contact the Federal Trade Commission and file a complaint
Complete the ID Theft Affidavit and send to your creditors
Government Intervention:
Identity Theft & Assumption Deterrence Act of 1998 Strengthens criminal laws Focuses on consumers as victims Sets up a centralized complaint and
consumer education function through the Federal Trade Commission
Government Intervention:
Online: ftc.gov/idtheft
By phone: 1-877-ID-THEFT
By mail: Identity Theft ClearinghouseFederal Trade Commission600 Pennsylvania Avenue,
NWWashington, DC 20580
Fair Credit Reporting Act If you use background checks (employment, criminal, MVRs)
for employment purposes, make sure you know the rights The Fair Credit Billing Act establishes procedures for resolving
billing errors on your credit card accounts, including fraudulent charges on your accounts. The law also limits your liability for unauthorized credit card charges to $50 per card. To take advantage of the law's consumer protections, you must:
Write to the creditor at the address given for "billing inquiries," NOT the address for sending your payments. Include your name, address, account number, and a description of the billing error, including the amount and date of the error.
Send your letter so that it reaches the creditor within 60 days after the first bill containing the error was mailed to you. If an identity thief changed the address on your account and you didn't receive the bill, your dispute letter still must reach the creditor within 60 days of when the creditor would have mailed the bill. This is one reason it's essential to keep track of your billing statements, and follow up quickly if your bills don't arrive on time.
Fair Credit Reporting Act You should send your letter by certified mail,
and request a return receipt. It becomes your proof of the date the creditor received the letter. Include copies (NOT originals) of your police report or other documents that support your position. Keep a copy of your dispute letter.
The creditor must acknowledge your complaint in writing within 30 days after receiving it, unless the problem has been resolved. The creditor must resolve the dispute within two billing cycles (but not more than 90 days) after receiving your letter
Fair Credit Reporting Act Free reports are being phased in during a nine-month period, rolling
from states in the West to the states in the East. Beginning September 1, 2005, free reports will be accessible to all Americans, regardless of where they live.
Consumers in the Western states - Alaska, Arizona, California, Colorado, Hawaii, Idaho, Montana, Nevada, New Mexico, Oregon, Utah, Washington, and Wyoming -can order their free reports beginning December 1, 2004.
Consumers in the Midwestern states - Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, and Wisconsin -can order their free reports beginning March 1, 2005.
Consumers in the Southern states - Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, and Texas - can order their free reports beginning June 1, 2005.
Consumers in the Eastern states - Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Rhode Island, Vermont, Virginia, and West Virginia - District of Columbia, Puerto Rico, and all U.S. territories can order their free reports beginning September 1, 2005.
HR Intervention: An employee benefit Employees want to know that the telco is
concerned with their financial security There are insurance policies that provide
an ID Fraud Expense Coverage Master Policy Lost wages as a result of time taken off work
to deal with fraud, wrongful incarceration, etc. up to $500/week for 4 weeks
Notary and certified mailing charges delivering fraud affidavits
Fees to re-apply for denied loans because of ID theft
HR Intervention: An employee benefit Long distance calls for calling merchants,
creditors, law enforcement to discuss ID theft Attorney fees (prior consent)
Defending suits as related Removing criminal/civil judgments Challenging information on a credit report
Can include all employees and their families (specific requirements)
No application—just # of employees (simple) Very inexpensive (talk to your Account
Executive)
Protect Your Identity
Contact Telcom for more information:
Telcom Insurance Group6301 Ivy Lane, Suite 506Greenbelt, MD 20770800-222-4664www.TelcomInsGrp.com