Take a look from the other side of the table now and consider what you and your company are doing to protect employee and client information. Your company’s industry may have strict guidelines and regulations that mandate safeguards be put in place. Your company may have processes and procedures to mitigate the risk of losing this information. These processes and procedures should cover data collection, access controls, and data retention.

• Does your company need all of the personal information it is collecting? If not, why accept the additional risk of having this information?
• Is access to personal information limited to those who need it to do their jobs? This includes access to electronic records, and paper records.
• Is your company retaining personal information for a period longer than necessary, or in an unsecure format? If your company is not required to retain personal information and doesn’t need this information, don’t store it. If it does need this information, be sure it is stored safely and securely. This may mean encrypting electronic data.
• If your organization has policies and procedures in place, be sure to adhere to them. These policies and procedures are only as good as the people in your company. If your organization doesn’t have policies and procedures in place, take the initiative and suggest policies be drawn up. The American Institute of Certified Public Accountants is a good resource to begin your research on proven ways to protect personal information.

There is a great article in the Journal of Accountancy which goes into more specifics in these areas.

This Post from LifeLock: LifeLock Blog

Cell Phone Trickery

A woman had her handbag – containing her cell phone, wallet, credit cards, etc., stolen from her grocery cart. She called her husband a short twenty minutes later to tell him what had happened and he said, “I received your text asking about our Pin number and I replied a little while ago.” Need less to say, she hadn’t sent him any text. The thief had seen the “Hubby” number on her phone, texted a request for the PIN, and voila! Hundreds of dollars were gone from her ATM account.

Lessons to learn

• Don’t identify people or numbers by personal nicknames like “Hubby,” “Sweetheart,” or even “Home.”
• When you are asked for information, don’t assume you know who is asking. Call and speak to the person to confirm, and if you don’t know who it is, DON’T reveal the information.

Credit Card Switcheroo

A man went to his local gym and placed his belongings in a locker as usual. When he returned after his workout he noticed the locker was open so he checked his belongings—wallet, cash, keys, phone, everything in place. Nothing appeared to be missing. And yet, when he returned from vacation and finally found time to review his bank statements, he was stunned to see that charges totaling a whopping $14,000 where made on his debit card. Apparently, the thief had stolen his card and replaced it with another credit card—an expired one—issued by the same bank. The man hadn’t noticed because didn’t use it regularly.

Worst of all, the credit card company refused to pay the charges because the card had not been reported stolen. Ouch!

Lessons to learn

• Check carefully when something suspicious happens. Your personal information is worth a few minutes of looking at everything in your wallet if you suspect that someone has been snooping.
• Have a special set of gym-only stuff that travels with you to that locker room so you aren’t leaving everything about yourself in one easily compromised place.
• If you don’t want your life tipped upside down due to a thief stealing your wallet (or identity) –then you need LifeLock. WalletLock, a service included in a LifeLock membership, takes the time, panic and hassle out of a lost or stolen wallet.

As you can see, the people who would steal your identity are getting craftier, so you have to become even more careful. Don’t let these scams happen to you! With knowledge there’s power and with power there’s peace of mind –and with peace of mind there’s LifeLock!

This Post from LifeLock: LifeLock Blog

Moreover, recently the FTC released its yearly report on the statistics concerning identity theft. Many things had increased. From the number of cases, to the cost; however, one statistic stood out so strongly above the rest for this victim. The number of cases that get reported to the FTC and not the local authorities was among the highest for the 2008 year. This means that victims of the crime are reporting the crime to their credit companies and the then to the FTC without reporting the crime to the police. Maybe if more people report the crime to the police, more effort will be put forth to go after and stop these criminals. From students to teachers to families, everyone needs to do everything they can to keep thieves away from our personal identifying information.

If more of us report the crime, we not only protect ourselves, but also increase the safety net for our communities. Simply because the crime has increased in number for the last five years doesn’t mean this year has to be the same. With the right tools and drive we can put a stop to identity theft. Either by doing it yourself or having a company lock up your identity, we all have the ability to stay safe and start putting the pressure on thieves. It all starts by empowering and protecting yourself, then your family, then your community. Working together we can all put an end to the phishing emails as well as affect the outcome of the FTC 2009 statistics on identity theft.

This Post from LifeLock: LifeLock Blog

Problem is, human beings are very poor at rating the value of anything. We have a difficult time deciding what is a reasonable amount to pay/work for something, because we are extremely poor estimators of the actual value of anything. We spend billions on lottery tickets, will pay twice as much if shoes have a particular logo scribbled across them, will drive 30 miles to save 100 dollars on a TV, but will not leave a dealership for the one two miles down the street if it does not offer greater than a $2,000 savings on our auto loan.

So what does this have to do with your personal identity and identity theft protection?

Two questions:

• Do I truly recognize the true value of keeping my identity safe?
• And what is a reasonable price to keep that identity safe?

We already know there is high risk for identity theft. Identity theft is on the news almost every day. Odds are that most of us have some idea of the pain caused by identity theft, either through our own experience, or through the experience of someone we know. This risk gets greater every day. Every person on earth should be making efforts to protect themselves, but still some millions don’t do anything about it.

Why not? Perhaps in their eyes, the perceived likelihood of identity theft, and the possible pain of losing their Identity still doesn’t warrant the effort and cost of enlisting identity theft protection? LifeLock is the industry leader in identity theft protection, and offers its service for less than $10 a month. A pair of Double Chai Latte’s cost more! Yet some still refrain from enlisting identity theft protection services. This leads me to believe that some people have not truly understood the value of their identity. They do not recognize the value of not only not losing your identity, but also keeping your Identity.

So you may ask yourself, what is the value to me of keeping my identity secure? Let’s put it in terms of cash value. Imagine a handsome, yet slightly mysterious stranger came to you on the street and said, “I cannot tell you why, but I need your Social Security Number, current address, and first and last name. I am ready to hand you cash today. How much will you require?”
So, how much money would it take for you to give him your personal information? Knowing you will have to make every effort as soon as you get home (and for the rest of your life) to make sure that information cannot be used to affect you personally? Did you demand $100? $30,000? A million?

Now look at situations in the past where you did just that. You gave your personal information to a stranger. Maybe he wasn’t as handsome as the gentleman in our example, but the scenario was very close. You gave your personal information to a stranger the last time you bought a car (a $25,000 purchase?). But you would feel highly concerned if personal information was required in order to buy shoes ($100)? What is the threshold at which it would be “reasonable” to give them your personal information?

The cash value in each scenario may give you a clue of what the cash value of your identity is to you. Is the amount required in the car salesman scenario even close to the amount you would have required from the handsome stranger?

Now that you have a better idea of the cash value of a secure identity to you, what would be a reasonable amount to invest to keep it?
May I offer a suggestion?

LifeLock is the industry leader in identity theft protection, and offers its service for less than $10 a month. Our job is to protect your good name. As a consumer, you have rights that allow you to take more control over who uses your identity and how they use it. We do the mechanics, the details if you will, to enforce those rights. And we stand behind our service with our $1,000,000 total service guarantee.

We don’t think you will see a guarantee like this anywhere else from any other company. If you do, let us know because we’d like to do business with them. If you have a reason to think that you will become a victim of identity theft, we can help you stop looking over your shoulder, because we’ve got your back. We understand the investment on your part is twofold: trusting us with your personal information to allow us to protect you, and $10 a month.

This Post from LifeLock: LifeLock Blog

I made the call and low and behold….. I have fraud alerts on my credit report and they needed to take additional steps to verify my identity, prior to allowing the anticipation loan to be processed. DUH! I work for LifeLock and I’m a LifeLock member, why hadn’t I thought of that. It had slipped my mind that the refund coming within 8 - 15 days was still going to be a loan. I’m glad to know that no one else would have been able to get an anticipation loan using my information without my permission. Fortunately my story had a happy ending and I received my refund.

This Post from LifeLock: LifeLock Blog

If that doesn’t make your hair stand on end, then listen to this: Panda Security found that at least one percent of the 67 million people who utilized their free ActiveScan to test their computers last year were infected with malicious Trojan software programs. That’s 670,000 computers. They estimate that if 1 percent of the computers in homes across the world actually downloaded malware without knowledge of it, it’s safe to estimate then that over ten million computers worldwide could potentially be infected with software capable of stealing its contents—and along with that, personal identities.

The scary numbers just keep coming. According to Panda, their detection rate rose to over 800 percent between the middle of 2008 and the end of the year. Victims are usually infected after being duped into downloading virus programs through fake websites or pop-ups.

Malicious programs such as key logger spyware can go undetected for quite a period of time, whether or not the latest antivirus updates are installed. And once these destructive programs are downloaded onto a computer, every keystroke made—including credit card numbers entered, Social Security numbers typed, banking information and passwords input—are then in the hands of the bad guys. Thieves have become technologically savvy. In fact, Panda reported that more than a third of the PCs they found to be infected had fully-functional and recently-updated anti-virus programs installed.

Here are some of the highlights from Panda’s study on the evolution of online identity theft:

• Over three million of the audited users in the U.S. and more than 10 million users worldwide were infected with active identity theft-based malware in 2008
• 1.07 percent of all PCs scanned in 2008 were infected with active malware (resident in memory during the scan) related to identity theft, such as banker Trojans
• 35 percent of the infected PCs had up-to-date antivirus software installed
• The number of PCs infected with identify theft malware increased by 800 percent from the first half of 2008 to the second half

A few tips to help protect your computer and your identity;

• 1. If you are using a shared computer, always delete any personal information and passwords you may have entered.
• 2. Never click on pop-ups or embedded links contained in email from an unknown source, even if it says, “You have been sent a postcard from your friend!” These are most likely fronts for “phishing” scams. DON’T CLICK.
• 3. Use care when picking passwords. Don’t use passwords containing public information that a trained identity thief can easily crack. Hint: your birth date, the name of your pet, and your mother’s maiden name are not as secret as you think.

I have one last number for you: The Federal Trade Commission estimates that over nine million consumers have had their identities stolen in the United States alone. Remember, the best way to prevent an identity theft is to plan for one. If your wallet is stolen, “who ya gonna call”? I know I’m going to call LifeLock, and leave the clean-up to them!

This Post from LifeLock: LifeLock Blog

This element of the case not only provides specific clues to who the perpetrator is but also can be utilized to identify other possible victims which in turn can lead law enforcement to other locations where the information may have been utilized to gain credit in the victim’s name. For that matter it is extremely important to closely monitor your expenditures and credit card statements so that you can immediately recognize unauthorized activity on your account. The quicker a victim realizes they have been targeted the faster law enforcement can begin to identify the potential point of compromise.

This Post from LifeLock: LifeLock Blog

Caller: “Hi, I’m Carl from the Department of Economic Security. I’m calling to verify employment for Judy Smith.”
HR: “I’m sorry, I cannot provide any information to you without a signed release.”
Caller: “Well, Judy Smith is waiting for benefits from DES. I just need you to verify she works there.”
HR: “It is against our policy to provide any information without a signed release from the employee.”
Caller: “You’re just making it difficult for Judy Smith to claim benefits.”
HR: “We’re happy to help any way possible, once we receive the signed release. Here’s our fax number: 222.555.1111.”

The Reality

Judy Smith has a restraining order taken out against an ex-boyfriend as a result of his arrest for assault. The caller was the ex-boyfriend looking for information on how to find Judy.

Protecting Identities and Privacy

Human Resources, as the keeper of private employee information, receives a multitude of requests each week from a number of outside agencies and sources seeking information about employees. These requests come from state and Federal agencies, mortgage lenders, and other organizations.

Most of these requests for information are absolutely legitimate and organizations seeking this type of information are now used to HR departments requiring signed employee authorizations before the release of any information. Willingly they comply and fax over signed employee authorizations.

However, criminals and individuals with malice in mind contact HR departments, too, seeking private and confidential information. HR professionals have heard these people say, “I just need you to tell me they work there for my files to be complete.” Or “Can you verify what location where the employee works?” or even “They’re waiting to close on a house and you will mess this up for them if you don’t tell me over the phone.”

Rest assured that LifeLock’s HR department has implemented best practices to protect employee information and their privacy. LifeLock will only release information if an employee has signed an authorization to do so or LifeLock is required by a court order or subpoena to provide such information. Some steps you, your friends and family can take to assist HR departments in protecting your identity and privacy are to contact the HR department when:

• If you have filed a Restraining Order, contact your HR department immediately so steps can be taken to protect you while at work.
• You have applied for a mortgage or loan and you are expecting your lender to contact your employer for a verification of employment.
• You’ve applied for assistance through a state or non-profit agency that will verify your employment or hours worked.
• You suspect someone is trying to find out about your personal or professional life.

This Post from LifeLock: LifeLock Blog

For example, almost every day we mail out documents from our mailboxes at our residence. Most of the time, we mail out important documents, letters, or envelopes that contain information or other items that identity thieves can use to target us. We mail out bills with accompanying checks or even worse tax related documents. Not only do we mail them from our mailbox but we put the flag up on the mailbox to alert thieves that there is something in the mailbox worth stealing.

Everyone needs to do a better job at protecting their interest and valuable name by mailing out important items from secure places, were identity thieves are unable to steal them with ease. While it is a simple step of protection it may just be the one step that keeps us from becoming a victim of identity theft.

This Post from LifeLock: LifeLock Blog

“That’s right. The only way you can see the picture is with a subpoena.”

“Okay, but you’re still my banker, right?

“Right.”

“That’s okay, because as my banker you can just look at the film in your camera for me?”

“No. My supervisor says you’ll need a subpoena for that, too.”

Unlike most people, I know that my financial institutions don’t protect me from all identity theft. They only protect me for the accounts I have with them. In fact, my bank makes a big deal out of some of their services in their advertising.

Here’s what they say on their web site:

“If you’re a victim of identity theft or account fraud, you should notify your bank(s) immediately. If your account(s) is with us you should call your customer service representative immediately. We will work with you in an effort to make appropriate corrections of unauthorized transactions in your accounts and to correct any incorrect reports submitted by us to credit bureaus, and will attempt to help protect you from any future identity theft or account fraud.”

They also told me to place fraud alerts on my account and file a report with the police.

All of which I did (or LifeLock had already done for me). So you can imagine my surprise when after reporting that I had apparently been the victim of Skimming, my bank informed me that they found nothing wrong with they were recognizing as an “authorized transaction.”

Skimming is when identity thieves create a new card by stealing your credit and debit card numbers using a special storage device when processing your card (see Wayne Ivey’s blog of November 24, 2008). They also stole my PIN. The thieves then proceeded to withdraw the maximum daily amount. Luckily I caught them on Day 2 and reported the two thefts to my bank.

When the bank denied my claim, they told me I’d be able to view the material used to review my case, so in lieu of a subpoena forcing them to look at the ATM footage, I asked to see the material.

“What documents?”

“The documents used to review my claim. The denial notice said I could see all the material used to review my claim.”

“My supervisor says that’s just a form letter and there are no documents.”

“Then how did you review my case?”

“We have a series of guidelines.”

“Fine. Send me a copy of the guidelines.”

“Well, they’re not actually written guidelines.”

So, to make a long story only slightly less long, the first phase in my bank’s efforts to “help me” is actually a Denial Procedure. I know because two of the representatives I spoke with told exactly that. That is to say that, rather than help me recover my losses, the bank first looks to see if they can simply justify not helping me at all.

But I have LifeLock.

For three days my bank refused to help me in anyway. Forty minutes after LifeLock got involved, the bank agreed to review the footage, without a subpoena, and less than 24-hours after that my $1000 was back in my account.

LifeLock works. My soon-to-be-former-bank, not so much.

This Post from LifeLock: LifeLock Blog