ProofWire: The ProofSpace Blog

Businesses Depositing "Certified Checks" Get Burned

2008-03-11T12:10:00.000-07:00

Canadian businesses suffered theft of more than $700,000 in electronic equipment, extensive credit card fraud, stolen vehicles and as much as $10 million in overall losses as a result of the work of one check fraud ring here, police said. Cops first became aware of the scheme last December, and they say the suspects set up a number of phony companies which appeared to be the real thing, and after gaining the trust of their "clients", would order large amounts of electronic merchandise. The purchases were paid for using certified checks which were later found to be counterfeit. But by then, the material had been delivered and the crooks who took it were long gone. As if that wasn't enough, cops say the men also rented a large number of expensive cars using the same M.O. Many were driven from the lot straight to a container, where they -- and the ill-gotten electronics -- were shipped overseas and resold.

"Positive Pay" for ACH? Complicated, Expensive... And Not Here Yet.

2008-03-11T12:08:00.000-07:00

Mary Schaeffer over at CPA insider reports that electronic fraud covers both automatic clearinghouse (ACH) credits and debits. In fact, it's the debits that can cause the problem. She says that with the right information, it's very easy to commit electronic payment fraud. And getting that requisite information isn't difficult. "Luckily, for now, crooks have not caught on and they still focus primarily on check fraud. This is not to say that electronic payment fraud doesn't occur today. It most definitely does -- just not as frequently as check fraud," Ms Schaeffer said. Many smaller businesses don't take the appropriate steps to protect their bank accounts because they don't make electronic payments. This is a big mistake. Unfortunately, a robust "positive-pay" product for the ACH environment is not universally available today. Positive Pay is expensive, and further complicated because some banks match the identities of those attempting to debit an account with those on the list provided by the company, and customers have to review exceptions manually before payment.

New Service Enables Consumers to Deposit Paper Checks Electronically

2008-03-11T12:06:00.000-07:00

Online banking service provider CheckFree Corp. just rolled out technology that could mean consumers will no longer have to go to a bank branch to deposit checks. Called "Remote Deposit Capture", the technology has been around for years and lets people scan checks through their home computers and deposit them electronically. Until now, it has been used mainly for businesses. "Customers want to be able to deposit checks without having to go to banks", said Rod Springhetti, CheckFree's vice president of global strategic marketing, "and banks want to be able to offer that. I think the ability to remotely capture a check will become part of the standard features and functions of online banking." No word yet on authentication safeguards planned for this service, which might become a concern (see this recent ProofSpace blog entry on check fraud).

Business Reaches the "Tipping Point" for Email Authentication

2008-02-27T16:12:00.000-08:00

Ray Everett-Church at Datamation reports that we have "reached the tipping point for the adoption of email authentication techniques", according to a study released last month by a leading online trust organization. In their most recent industry-wide survey, the Authentication and Online Trust Alliance (AOTA) found that adoption of email and domain-level authentication techniques has reached the 50 percent mark, including a majority of Fortune 500 financial services firms and companies with consumer-facing brands. AOTA has issued a call for all consumer-facing e-commerce and online financial services sites to adopt one or more forms of outbound email authentication for their top-level corporate domain within the next six months.

Check Fraud on the Rise -- National Consumer Protection Week March 2-8

2008-02-27T16:10:00.000-08:00

The U.S. Postal Service is asking consumers to be informed and use common sense in an attempt to fight growing fraud during National Consumer Protection Week March 2-8. Sarah A. "Sally" Florio, manager of consumer affairs for the Massachusetts Postal District, said the Postal Service theme this year is: Don't Fall for a Fake Check Scam. "All of them involve receipt of a check which looks genuine and will be accepted for cashing by most banks. The scammers convince the victim, that for one reason or another, all or part of the check needs to be immediately wired out of the United States. If the victim takes the bait and wires the money away, he or she will be on the hook to repay that money to the bank when the check is later found to be counterfeit," she said.

Protecting the Electronic Notary Journal from Tampering

2008-02-27T14:39:00.000-08:00

As eNotarization becomes more common, Notaries and state officials are debating the best methods for electronic recordkeeping, including whether Notaries should keep both paper and electronic journals and how to protect an electronic one from possible tampering, the National Notary Association reports. "An electronic journal must be protected against tampering and unauthorized access. The information kept in a Notary's journal is vital as potential evidence to track fraud and to protect the Notary from accusations of negligence." An electronic journal must be protected from unauthorized access and alteration to ensure the integrity of the Notary's records. Similarly, if a Notary must make backup files of electronic journal entries, those backups must be protected against unauthorized access or copying to protect the sensitive information in the journal.

Widespread Use of Hashing, Key-Based Encapsulation of Data Imminent

2008-02-12T14:17:00.000-08:00

Craig Ball at Law Technology News gazes into his crystal ball and comes back with some pretty interesting predictions for the near future of electronic data discovery (EDD). He says we will see more expert-mediated conferences as courts grapple with the technical intricacies of EDD and the inflated costs that dog inept efforts. "It just makes economic sense. In large cases, EDD expenses alone can dwarf the entire amount in controversy in smaller cases; in any size case, EDD mistakes can determine outcomes. Why wouldn't you resolve foreseeable disputes before you bet the company?" Hashing and key-based encapsulation of data are two of the more interesting prognostications he describes as coming down the eDiscovery pipe.

US Government Printing Office Authenticates Need for eDocument Integrity

2008-02-12T14:15:00.000-08:00

Adobe has won a large contract with the US Government Printing office to deploy digital signatures, a technology closely related to ProofSpace's own Transient-Key ProofMarks™. GPO has implemented the new digital seal of authenticity for their electronic documents, including last week's release of the FY2009 budget. The GPO said, "For almost 150 years, the U.S. Government Printing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity. In the 21st century, the increasing use of electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways. To help meet the challenge of the digital age, GPO has begun implementing digital signatures to certain electronic documents on GPO Access (the GPOss online portal) that not only establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it."

IT + Legal BFF to Prevent Document Tampering

2008-02-12T14:13:00.000-08:00

IT will have to develop processes for legal holds, in which messages or files that fall under the scope of litigation must be stored in such a way that they can't be changed, says Andrew Conry-Murray at InformationWeek. E-discovery was the word of the week at last week's LegalTech show in New York City. Vendors hawked a spectrum of products to help IT and corporate lawyers get their hands on relevant electronic documents, ensure those documents can't be tampered with, and pump them into the applications used by legal counsel. Just as important as products is close cooperation between your IT and legal departments. IT must help legal understand concepts such as metadata, archives, and tiered storage so the lawyers can more accurately describe to IT the scope of a discovery request.

Documentation Fraud Key to FBI Investigations of Mortgage Industry (Wall Street Journal)

2008-01-31T14:28:00.000-08:00

"The FBI's investigations represent an added dimension to the bureau's decade-long focus on mortgage fraud, which spiked during the housing boom. For years, the FBI has targeted fraud cases involving real-estate agents, appraisers and fake buyers. More recently, FBI officials and local prosecutors have set up teams to investigate mortgage fraud in several states where they have noted high fraud activity, including California, Texas, Florida and Arizona, all of which saw fast-growing rates of home-value appreciation.

Now, the FBI is taking a closer look at possible fraud in the secondary market for mortgages, which could implicate well-known financial firms. The faltering U.S. housing market and a rise in defaults and foreclosures, particularly among low-end borrowers, has whipsawed global stock and bond markets, led to the dismissal of Wall Street chiefs and resulted in losses by banks, hedge funds and securities firms."

One potential angle is whether real loans were used to create mortgage securities. Typically, a mortgage security might hold thousands of mortgages. Among other things, the Justice Department is likely to look at whether one mortgage was replicated across multiple securities as underwriters sought to meet high investor demand.

"On Jan. 17, the Florida Attorney General issued a subpoena to Countrywide. Among other things, the subpoena asks Countrywide to describe the standards it used to determine whether borrowers qualified for a prime, subprime or Alt-A mortgage and for no and low documentation loans. The subpoena -- which covers the period from Jan. 1, 2005, to the present -- also asks the company to explain how its underwriting standards may have changed over time. It also asks Countrywide for copies of "promotional advertisements, literature, booklets" and other materials aimed at subprime customers as well as for copies of any scripts or instructions given to Countrywide employees."

"The attorney general is "looking for information regarding whether or not consumers have been taken advantage of and whether or not any of these business practices may potentially violate Florida law," says a spokeswoman for Florida attorney general Bill McCollum. The attorney general is conducting "a widespread review of the mortgage industry," she says."

Low-Level Société Générale Insider’s Forgeries Cost Bank $7.2 Billion

2008-01-28T12:04:00.000-08:00

This week Economist.com reports that Jérôme Kerviel, the Société Générale employee who sparked the world's biggest-ever trading loss, was so low on the bank's totem pole that some didn't consider him a trader at all. That may have been what allowed him to pull it off. According to preliminary inquiries into the trading fraud that cost Société Générale €4.9 billion ($7.2 billion), Mr. Kerviel allegedly placed hundreds of thousands of unhedged real trades on stock-index futures markets. For months, Mr. Kerviel avoided detection because -- even as he allegedly built up massive positions -- he always managed to square his books as a low-level trader in the "Delta One" desk: never make a big profit or loss. When one trade caught the attention of a supervisor last week, and the system collapsed, myriad small losses compounded into a huge financial hole for the bank.

Large Percentage of Emails Found Unusable in Court Cases

2008-01-24T15:06:00.000-08:00

Janie Davies reports in last week's issue of Computing Magazine that less than one in four UK businesses are confident that they could rely on email as legal evidence in the event of a harassment or unlawful dismissal lawsuit. While 44 percent said they could not prove whether their emails had been tampered with, 35 percent could not even detect whether or not changes had been made, says a survey by research group Vanson Bourne on behalf of archiving and compliance supplier Forensic and Compliance. Financial services organizations are only slightly better prepared, with at least 45 percent still unable to prove interference with emails, compared with 58 percent of retail, distribution and transport groups.

Citigroup Pays Up, Big Time, for E-Discovery Software

2008-01-24T15:04:00.000-08:00

Apparently, the sub-prime crisis is good news for somebody... Especially if you're a legal discovery software vendor. Autonomy recently scored a $70 million order for "Desktop Legal Hold", one of the products that came into their portfolio with last year's acquisition of e-disvovery specialist Zantaz.

The customer wasn't identified by Autonomy, but insiders say that it's the global bank Citigroup. Autonomy bought Zantaz for $375 million in July, 2007. The company makes products for archiving, compliance and e-discovery. Desktop Legal Hold (DLH) enables customers to quickly identify, set aside and organize documents and emails pertinent to lawsuits. Could it be that Citigroup bought DLH to prep for the onslaught of lawsuits it is facing from investors and others over the sub-prime mortgage lending crisis? Hmmm...

Free Download! Gartner's E-Discovery Vendor Market Analysis

2008-01-24T15:00:00.000-08:00

Thanks to Guidance Software, who received Gartner's highest rating as a "Strong Positive", you can download Gartner's research note, "MarketScope for E-Discovery and Litigation Support Vendors, 2007", dated Dec. 14, 2007 for free. Among the very interesting findings in the report: "STRATEGIC PLANNING ASSUMPTION(S) By the end of 2008, there will be four viable categories of vendors in the e-discovery market: platform players, review and analysis platforms, collection, preservation and processing and full service outsourcers. By the end of 2008, there will be 25% fewer vendors claiming to have e-discovery functionality."

ProofSpace's Dave McClellan

2008-01-18T11:26:00.000-08:00

ProofSpace's Dave McClellan discusses why current data integrity strategies may be inadequate and what to do about them.

Part 1

Part 2

Countrywide Tells Judge It 'Recreated' Letters

2008-01-08T15:03:00.000-08:00

It's early in the year, but we agree with our friend Steve Teppler when he says this statement, from Countrywide's spokesman is an early contender for most obfuscatory spin of 2008: "A spokesman for the lender said: 'It is not Countrywide's policy to create or 'fabricate' any documents as evidence that they were sent if they had not been. We believe it will be shown in further discovery that the Countrywide bankruptcy technician who generated the documents at issue did so as an efficient way to convey the dates the escrow analyses were done and the calculations of the payments as a result of the analyses.'" English translation: It's not our custom to create or fabricate, except where we think no one will notice. In such instances, we will pile on the technical language in an attempt to blindside any inquiry. Also: "They were not generated to prove that they had been sent" Translation: They were generated to make people believe they were sent, not to prove they were sent. Jeez, can't you guys get it?

Amateur Time Hackers Play With Atomic Clocks at Home

2008-01-08T15:00:00.000-08:00

Wired Magazine reports that with the end of the Cold War, and with telecommunications technology advancing rapidly, surplus stores and eBay have filled up with discarded precision time equipment once exclusive to government labs. Cesium clocks, rubidium clocks and even the occasional hydrogen maser can be had for less than a decent laptop. A recent search on eBay turned up an HP 5061B cesium standard for sale for $2,000, and you can get a telecom surplus rubidium standard for less than $400. Some of this equipment costs upwards of $50,000 new. Their access to once-forbidden technology lets the time hackers play in a realm of precision that underpins the modern technological world. A select few, like Tom Van Baak, have started exploring the underpinnings of the universe.

Cabinet NG Partners With ProofSpace to Authenticate Document Management

2008-01-08T14:58:00.000-08:00

Cabinet NG, the preeminent automated document management and workflow solution for small enterprise businesses, and ProofSpace today announced an agreement to embed ProofSpace's patented ProofMark™ digital tamper-detection technology into Cabinet NG's flagship document management solution, CNG-SAFE. The ProofMark technology will be initially made available as an advanced authentication plug-in to CNG-SAFE, which consolidates all of a company's information into one organized and easy-to-use system. Targeted at Cabinet NG's financial industry customers, the ProofMark enhancement package will enable companies to better protect high-value documents and transaction records, and prove the authenticity of those records to regulators, auditors, clients and courts. You can read more about the deal right here.

Law.com Posts Great List of E-Discovery Blogs and Tools

2008-01-08T14:55:00.000-08:00

Robert J. Ambrogi, writer for Law Technology News writes in a two-part column that no lawyer today can afford to ignore electronic data discovery. "No matter the case, digital data is likely to be implicated. That means lawyers urgently need to understand EDD and keep abreast of developments in the field." In the first column, he looks at some of the more useful Web sites for learning about and keeping current with this essential area of practice. In the second, he surveys blogs about e-discovery and look at some vendor sites that include useful resources. Both are great bookmarks for any of you out there who are trying to catch the tiger-by-its-tail that is modern E-discovery.

The Top Five E-Discovery Cases of 2007

2007-12-11T08:52:00.000-08:00

As the one year anniversary of the amended Federal Rules of Civil Procedure (FRCP) approaches, our friends at Kroll Ontrack (one of the industry's largest providers of electronic discovery and forensics services) laid out a breakdown of important electronic discovery opinions from 2007, as well as a list of the year’s top five most significant discovery cases. Focusing primarily on interpreting the new FRCP, common topics reoccurring in judicial opinions issued in 2007 included: the importance of early case conferences, the accessibility of electronically stored information, and what to do when parties fail to play by the new rules. Among the five: the historic Lorraine v Markel decision, in which the Magistrate judge ruled emails inadmissable as evidence because of questions as to their authenticity. The court held there is a five-point test in determining the admissibility of electronic evidence. ESI must be 1) relevant, 2) authentic, 3) not hearsay or admissible hearsay, 4) the "best evidence", and 5) not unduly prejudicial. The court stated, "it can be expected that electronic evidence will constitute much, if not most, of the evidence used in future motions practice or at trial, [and] counsel should know how to get it right on the first try."

Establishing Authenticity: Is Hashing Enough?

2007-12-11T08:40:00.000-08:00

ProofSpace technology wonk Jacques Francouer writes "There has been extensive discussion and use precedent in the legal and security fields around hashing, its use and its value--real and perceived. Even though its robustness and usefulness are incontrovertible in the security world, hashing's perceived value in the legal field (for the purpose of establishing the authenticity of Electronically Stored Information) could benefit from some clarification. For a hash to be secure and useful for legal applications, there must be some additional mechanism to protect and preserve the unique association between the data that is hashed, a trusted time datum, and the original hash result." Read more of his discussion right here.

Exclusive Sneak Peek! Save $300 on ProofMark Unlimited™ Bundle

2007-11-26T09:13:00.000-08:00

ProofSpace announced availability of our new ProofMark Unlimited bundle, at special friends-and-family pricing. Until December 31st, you get the entire ProofSpace product line: ProofMail, ProofDoc and ProofMark On Demand for only $200 for a one-year subscription, with unlimited ProofMarking and validations. That's $300 off the retail price! Each of the new products offers a unique way to use the patented ProofMark technology to protect your most important documents and emails. With ProofMark On Demand, you can ProofMark virtually any file over the web, even when you're away from your primary computer. With ProofDoc, you get your own personal ProofMark engine, right on your PC desktop or shared server. And ProofMail makes it incredibly easy to digitally seal incoming or outgoing email. Claim your $300 discount now.

CERN Research Paper Urges "Checksums Everywhere"

2007-11-26T09:08:00.000-08:00

Error levels in modern magnetic storage are very, very low. Unfortunately, personal hard drives are now very, very big--and that means you're virtually guaranteed to have multiple corrupted files on your disk, just by virtue of its sheer size. That according to a recent study out of CERN/IT, the IT group at the world's largest particle physics laboratory. According to the executive summary, "We have established that low level data corruptions exist and that they have several origins. The error rates are at the 10Exp-7 level, but with complicated patterns. To cope with the problem one has to implement a variety of measures on the IT part and also on the experiment side. Checksum mechanisms have to implemented and deployed everywhere."

ProofSpace Announces E-Discovery Framework

2007-11-26T09:00:00.000-08:00

The worlds of Information Security and e-Discovery are coming together in a structured framework to encourage discussion among legal, security and records management professionals. Last week ProofSpace introduced the Information Security e-Discovery Framework (ISEF), a unique framework for discussing the specific role of information security before, during and after e-Discovery. The objective--bridge the gap between legal and security stakeholders. The result--a more effective response and successful outcome to an e-Discovery process. Soon a discussion white paper will be released, explaining how the ISEF was created and how it can be used. This release will also initiate a comment and review period on the ISEF. View the announcement PDF here.

The Next Big E-Discovery Challenge: Authenticity

2007-11-26T08:56:00.000-08:00

Up until now, most of eDiscovery has been basic "blocking & tackling". That meant a lot of cataloging and indexing of data, records retention work, legal holds, destruction policy establishment, and deploying "vaulting" technologies. But the future costs and benefits of eDiscovery will likely pivot on something much different: how you handle authenticity challenges used as a negotiating tactic in a lawsuit.