Truston Identity Theft Blog

Close a huge loophole for credit card fraud

Sat, 18 Jul 2009 12:14:55 -0800

There is a huge loophole for criminals that want to take over your credit card account. They can get your account number and change your home address and phone number; redirecting all future statements and calls from customer service. Any calls alerting you to fraudulent transactions will go to the crook, not you! It costs them nothing, even the dumbest crook can do it, and it allows them to do it even if you put a PIN/password on your account. They never have to go online or call the credit card company. It's so simple you're going to laugh. It's also very effective.

The thief just needs to reach into your mailbox (if you have a "rural mailbox" that is standalone) and grab one statement. Now they have your name, address and account number. The real trick comes next: they turn your statement over, fill in the change of address form on the back and mail it in! There is NO authentication by the credit card compainies for this change of address and telephone. Any idiot can do it and it has zero security. If the thief tried to call to change your address, they'd have to enter your SSN, possibly mother's maiden name, and a PIN/password (if you have one and you should). That's too many hoops for the typical thief to jump through. But using the change of address form on your paper statement is as easy as it gets. I don't know of a single credit card company that notifies you when you change your address using that form (if you do, please let us know in the comments). Frankly, it should be a best practice to notify the cardholder before changing the addres, or at least sending a postcard to the OLD address after changing it.

So, the takeaway is this: go to paperless statements (or get a locking mailbox). I know many of you use the paper statement to remind you to pay your bills. I empathize with that need. But nearly every card issuer has an online service that will 1) send you an email notifying you that your statement is available, and 2) notify you several days before the payment is due (if you haven't paid yet).

I know this first hand because it has happened to me and it is no fun trying to unwind the mess.

Tags: USPS, change+of+address, credit+card

Truston Profiled in ID Theft Service Provider Report

Sat, 20 Jun 2009 11:10:05 -0800

Truston was profiled, for the second year in a row, in the Javelin Strategy & Research research report on identity theft service providers, entitled "2009 Consumer Identity Protection Services Scorecard". The report has an analysis of the top identity theft protection services and is based in Javelin's well-respected consumer ID theft survey.

Other companies featured include Equifax, Experian, TransUnion, Affinion, and Identity Guard (Intersections, Inc.)

Credit CARD Act of 2009: A Summary

Mon, 25 May 2009 14:36:15 -0800

On May 22, 2009 the President signed the Credit Card Accountability, Responsibility, and Disclosure (CARD) Act of 2009. This law was designed to substantially increase protections for consumers, while many on the card issuer and bank side have said it will lead to higher fees and lower rewards. Many of the most disliked credit card policies were abolished with this law. One of the biggest is the ban on rate increases for universal default.

Here is a summary:

No more retroactive rate increases on existing balances for "any time, any reason" or "universal default" (rate increases when you miss a payment on another, different credit card)
Severely restricts retroactive rate increases due to late payment.
Contract terms must be clearly spelled out and stable for the entirety of the first year. Promotional rates must be clearly disclosed and last at least 6 months.
Consumers get at least 21 calendar days from time of mailing to pay their monthly bill.
Prohibits late fee traps such as weekend deadlines, due dates that change each month, and deadlines that fall in the middle of the day (now it's always 5pm on due date).
Credit card companies required to apply excess payments to the highest interest balance first
Ends the confusing and unfair practice by which issuers use the balance in a previous month to calculate interest charges on the current month, so called "double-cycle" billing.
Card issuers must obtain a consumer’s permission to process transactions that would place the account over the limit.
Fees on subprime, low-limit credit cards will be substantially restricted.
Requires disclosure on fees for gift and stored value cards
Restricts inactivity fees unless a gift card has been inactive for at least 12 months.
Gift cards cannot expire in less than 5 years.
Creditors will give consumers clear disclosures of account terms before consumers open an account, and clear statements of the activity on consumers’ accounts afterwards.
Card issuers must display on periodic statements how long it would take to pay off the existing balance and the total interest cost if the consumer paid only the minimum due.
Card issuers must display payment amount and total interest cost to pay off the existing balance in 36 months.
Card issuers must make contracts available on the Internet.
Higher penalties if card issuers violate the law.

I haven't read the entire law. There are a couple interesting things tacked on. One has to do with the right for licensed gun owners to carry a gun in a national park. The other is Section 603 which appears to allow the FDIC and NCUA to borrow more funds, from $30 billion to $100 billion; not sure what that's about but I assume it has to do with allowing them to save more failing financial institutions.

Read up on the bill (S.414 and H.R. 627) at the Library of Congress.

Sex and Identity Theft

Wed, 20 May 2009 15:30:26 -0800

Affinion Security Center recently announced the results of a nationwide survey on the impact if identity theft.

The fascinating results centered around the disparity of the impact of identity theft on the sexes. Women are 26% more likely to experience identity theft than men. Women are also more harder hit when they fall victim. And, no surprise, women are more concerned about identity theft.

Read the press release for more.

Tags: affinion

Save 40% on identity theft protection - Ends in 48 hours

Mon, 04 May 2009 15:15:48 -0800

Exclusive discount coupon for blog readers.

Save 40% on a myTruston.com monthly subscription! Instead of the regular $10/month fee, you pay just $6/month. So you save $48 a year.

Click here and signup for myTruston Plus. After you register and begin using the service, you will see the billing page. Use coupon code SAVE40-WU on the billing page to take advantage of this offer.

Hurry! This offer expires May 6th 2009 at midnight Central time.

This offer can't be combined with other coupons. Limit one per member. No limit on the number of individuals that can use the coupon though (until it expires)!

Fair Isaac Now Known as Just FICO

Thu, 09 Apr 2009 11:02:10 -0800

Fair Isaac Corporation, the folks behind the FICO credit scores, announced in March that from now on they shall be using the corporate name FICO. Technically, they haven't changed their actual corporation name, rather they are using their well known FICO trademark as their corporate moniker (in other words, they will be doing business as FICO).

Not a bad move in my opinion, as Fair Issac was always a bit confusing to many people as a company name.

March 10, 2009 (Minneapolis, Minnesota, USA) – In the interests of clarity and consistency, Fair Isaac Corporation (NYSE: FIC), the leading provider of analytics and decision management technology, today announced that it has officially adopted the brand FICO™ as its corporate identity.

“The FICO brand means empowerment, innovation and value…qualities that we’ve earned over time, that mean a great deal to our clients and partners, and that distinguish us in the marketplace,” said Laurent Pacalin, chief marketing officer at FICO. “We believe that now is the time for FICO.”

The company will retain its legal name, Fair Isaac Corporation, and its NYSE ticker symbol, FIC. Effective immediately, however, the company logo, website and all other company materials will reflect its new identity: FICO.

Tags: fair+issac, FICO, credit+score

FBI Says Internet Crime Reports Up 33% in 2008

Tue, 31 Mar 2009 16:52:11 -0800

According to the FBI's IC3 (Internet Crime Complaint Center), the number of Internet crime complaints received increased by 33.1% in 2008 versus 2007. This doesn't necessarily mean that Internet crime itself increased by that amount, rather reports to IC3.gov's website did. It sure feels like a reasonable number considering what I hear, reports in the media, and ancedotal evidence, about ID theft, Internet crime, and non-violent crime increasing.

Regardless, this will garner quite a bit of attention and worthy of mention. From the press release today.

The 2008 Annual Report reports that complaints of online crime hit a record high in 2008. IC3 received a total of 275,284 complaints, a 33.1% increase over the previous year. The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007. The average individual loss amounted to $931.

I wonder if Ed over at Fraudwar is seeing a sharp increase in financial crimes in his world.

Tags: IC3, FBI, crime

Business Scam: Corporate Compliance

Wed, 18 Mar 2009 15:26:13 -0800

If you own or manage a business watch out for scams around corporate compliance.

This is how they typically work. The scammers buy data about your corporation from the state in which you are incorporated, such as corporate ID, name, and address. Then they mail you phony, official looking documents designed to sound ominous if you ignore them. The purpose of the letters center around keeping your company compliant with state (or federal) regulations for things like "Annual Minutes Disclosure Statement" or employee compliance. The idea is to scare businesses into thinking they will jeoporize their business or themselves legally and send a fee to the scammers. The scammers will then either send you something you could get for free yourself (from a government website) or they'll never respond at all.

Many of the scams have a grain of truth in them, except it's trivial for you to file the compliance forms yourself, or the compliance simply doesn't apply to your business and is pointless. Others are outright fabrications about non-existent compliance requirements. In any case, you are defrauded and lose your money to the scammers.

Often, it's pretty easy to spot the scams, but some fraudsters are clever and make the documents appear similar to what the state (or federal) government send you. Look at the fine print (they often place disclaimers admitting the solicitation is worthless to avoid prosecution). Check the return address for whether it's going to a true government office. Do an internet search for the title of the document, the address and so on. Ask your CPA, corporate attorney, or local SCORE volunteers.

These scams are not innocent pranks, they are serious crimes. A fraudulent solicitation letter is mail fraud, a federal crime, and would also violate other state or federal fraud statutes. If they accept payment electronically, that's wire fraud which is a broad, draconian federal statute.

Update: here is a good detailed blog post with quite a bit more on these scams.

FTC: identity theft complaints up 20 percent in 2008

Thu, 26 Feb 2009 16:30:58 -0800

The FTC just released their 2008 report on identity theft called "Consumer Sentinel Network Complaint Data Book". Dark Reading says this FTC report shows that identity fraud complaints increased 20 percent from 2007 to 2008 and remains the top consumer complaint. No surprise there.

The DR piece goes on to say that Tom Rusin of Affinion Security Center, a leading provider of identity protection and data breach services, believes "the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis."

Also, Arizona is still #1 for ID theft per capita, followed by California, Florida and Texas.

Truston Named 2009 Hot Companies Finalist

Wed, 11 Feb 2009 18:05:01 -0800

We've been named as a Hot Companies Finalist, second year running.

Heartland Announces Massive Data Breach on Inauguration Day

Tue, 20 Jan 2009 16:13:21 -0800

Heartland Payment Systems announced today, on the morning of Obama's inauguration, what appears to be a colossal data breach of credit card numbers. A coincidence they announced it today?

The number of compromised credit card accounts in unknown and was not addressed in the announcement. However, HPS processes a staggering 4 BILLION transactions each year.

Opt-out of CPNI sharing by Verizon Wireless

Mon, 12 Jan 2009 17:45:30 -0800

The vast majority of us have mobile cell phones--here is a way to boost your privacy. Verizon Wireless is the largest provider by sheer number of accounts. Every year they, along with other carriers, send a privacy notice to its subscribers. The notice is about sharing your Customer Proprietary Network Information (CPNI) within the "Verizon family of companies."

If you want to reduce the amount of marketing offers you receive and more tightly control the privacy of your personal information, you have the ability to opt-out of all sharing. There are three main ways to do this.

Use the automated system by calling 1-800-333-9956 and entering your cell phone number and following the directions (it's quick to do, under a minute).
Call 1-800-922-0204 and talk to a customer service representative (6am - 11pm, probably Eastern)
Log on to www.verizonwireless.com, register for My Verizon and opt-out there.

Tags: CPNI, verizon, opt-out

IRS Identity Protection Specialized Unit

Fri, 09 Jan 2009 15:33:28 -0800

A new IRS Identity Protection Specialized Unit opened October 1. Victims of identity theft can call a toll-free number Monday through Friday 8am to 8pm (unsure of timezone). That number is (800) 908-4490. When calling you can:

Report identity fraud
Report identity theft incidents like a lost or stolen social security number or other personal data that might put you at risk
Verify taxpayer identity and confirm identity theft

Tags: IRS, id+theft

Data Breaches Increased by 47% in 2008

Wed, 07 Jan 2009 08:36:26 -0800

According to the ITRC, reported data breaches increased by nearly half in 2008 compared to 2007. There were 656 reported in 2008 versus 446 in 2007.

Mal-attacks, hacking and insider theft, account for 29.6% of those breaches that reported the causal factor. Insider theft, now at 15.7%, has more than doubled between 2007 and 2008. On the other hand, data on the move and accidental exposure, both human error categories, showed noteworthy improvement, but still account for 35.2% of those breaches that indicate cause.

Tags: security+breach, id+theft

Truston Partners with Affinion on Identity Protection

Wed, 10 Dec 2008 13:35:38 -0800

Today we announced that our MyTruston product has been included in the portfolio of the Affinion Security Center, the largest provider of identity protection and privacy services. Affinion has nearly 35 years of industry experience and over 65 million members of their many products. Clients of their identity protection and privacy products include Wells Fargo, Bank of America and The Hartford Insurance. Truston's Software-as-a-Service technology is deeply integrated within the Affinion Security Center’s core solution platform, IdentitySecure.

Read press release.

Tags: direct+marketing, affinity+marketing, membership+marketing, ID+theft, identity+theft, affinity+groups