Consumer Protection | Business Protection

AllClear ID Listed as a Top Austin Workplace

November 30, 2015

Jean here from the AllClear ID HR team. As any company continues to grow at a rapid rate, preserving the company culture becomes increasingly important in maintaining a work environment that fosters a happy, productive team and attracting the very best talent. That said, we proudly announce that we’ve been listed on the “The Austin American-Statesman Top Workplaces” – a list of the best places to work in the Greater Austin area.

The evaluation for the Top Workplaces program is based on the feedback from an employee survey that was completed a couple of months ago. We were fortunate to have a high number of responses by our employees who are passionate enough about their roles and being part of the AllClear team to take time out of their busy schedules to share their invaluable perspectives on what it’s like to work at AllClear ID.

The list names 100 companies that were selected to receive the Top Workplaces award, and we are truly honored to have been selected, particularly since the judges were our very own employees! As a company, our mission is to provide excellence in customer service – something that we place equal importance on when it comes to taking care of our AllClear team.

As the Senior HR Manager here at AllClear, I couldn’t be happier to receive validation that we’re all doing something right in promoting a culture that provides a rewarding, encouraging, and fun place to work.


5 Tips to Stay Safe Online this Cyber Monday

November 25, 2015

AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.

There’s a new annual holiday event that a lot of smart shoppers are catching on to. Instead of waking up early and standing outside in the cold to battle the sea of shoppers once the doors open, a lot of consumers are checking out the ads and sales papers for an event that happens shortly after Black Friday. Called Cyber Monday, it’s a great way to plan ahead and save a lot of money this holiday season, all from the comfort of your own computer screen.

Cyber Monday can get your holiday shopping off to a really good start, but only if you know how to protect yourself and your family during your online activities. However, any time you mix internet websites, your financial information, and your personal data, the chances for identity theft go up.

Here are some helpful hints to protect your identity during the event:

1. Going Mobile? Keep It Safe – If you’re like one of the growing numbers of consumers who’ve turned to shopping on their mobile devices, you should put some protection in place. If you have the option to shop through a dedicated store app, that’s usually a safer bet than trying to browse and buy on the mobile version of the store’s main website. Regardless of how you make your purchases, though, make sure you look out for the HTTPS designation at the front of the web address. That tells you the website is secure.

2. Passcode and Password – Keeping others out of your personal data business is always important, but too many people overlook the dangers of their mobile devices. Your smartphone and tablet are gateways to your identity whether you know it or not, so it’s important to passcode lock them in case of theft or loss. But on this Cyber Monday when you’re shopping from the safety of a home network, it’s equally important to create strong, unique passwords for all of your online accounts. This is especially true for any new accounts you may establish as you browse unfamiliar websites.

3. Only the Best For You! – When you’re shopping online, be careful of shady-looking websites that claim to offer the hottest holiday toys and gadgets. Also, be very careful around these online auction sites that say they’re selling iPads for $50 or flat-screen televisions for $100. By sticking with major retailers and known web addresses, you’re more likely to actually receive your stuff. Your identity is also more securely protected, even in the event of a hacking, due to insurance against data breaches that many companies have in place.

4. Don’t Go Phishing – This is the perfect time of year to be caught in a phishing email net. After all, you’re very busy, you’re still looking for that “perfect” gift, and scammers know you’re likely to click on a link if there’s a promise of getting something off your to-do list. Never click on a link or an attachment in an email that you weren’t expecting, even if it seems to come from someone you know. At the same time, don’t fall for a “spoof” email that appears to come from your bank or credit card provider, telling you that there’s an issue with your account that you can resolve by clicking the link or entering your account information.

5. Secure Your Computer – No matter how you choose to shop this season, protect your computer now and into the New Year with strong anti-virus and anti-malware software. Having it in place before you shop on Cyber Monday will help protect you from harmful content in the websites you visit while browsing. Once installed, you’ll need to make sure you update it routinely whenever notifications arrive. Protective software is only as strong as it was the day you installed it if you don’t update it.

However you choose to celebrate the holidays, just remember to keep your security at the top of your to-do list. It’s a gift you’ll give yourself all year long.

Tags: ,

What Do Chip Cards Mean For You?

November 20, 2015

Jackie here. October 1st brought about a big deadline for the new EMV (also called “Chip and PIN”) cards, but what does this really mean for you, the consumer? Let’s explore the changes that took place and find out how they’ll change credit card processing.

The changes impact all major credit cards (Mastercard, Visa, American Express, and Discover) and all merchants that use them. The new cards are more difficult to counterfeit and are expected to slow the losses from credit card breaches and card cloning. Chip cards feature an added layer of protection when compared with cards that only have a magnetic strip. If a thief gets the number to your card, they may be unable to use it. This switch is intended to cut down on credit card fraud.

About the October 1st Deadline?

October 1st was a big deadline for merchants, financial companies, and card processors. The deadline required that all merchants and all financial institutions start using EMV technology. The deadline has come and gone, but if you’re like me, you probably haven’t seen much of a change. I can still swipe my card at many merchants and even have some cards without a chip.
While the deadline was a big one for merchants and card providers, it doesn’t really impact consumers as much as you’d think. However, businesses that haven’t made the deadline could be taking on big liabilities should fraud occur. If a counterfeit card is used, the party that is least EMV compliant will be responsible for the losses. This means that your bank will be stuck with the loss if they haven’t issued a card or the merchant will be responsible if they don’t have a payment terminal that processes the card.

What Changes Are Coming?

The October 1st deadline applied to most merchants, but outdoor terminals at gas stations are exempt until 2017. Expect to continue swiping your card at the pump in the near future. If your card hasn’t yet been upgraded, you’ll likely see a new one, complete with a chip soon. Right now, cards feature both a chip and a magnetic stripe, but future cards may rely solely on the chip function as systems are upgraded. We may also see the PIN function being used more often. Most of the new cards function as chip and signature cards, which are less secure than using a PIN.

Are you using an EMV card?


Trading Health Information for Insurance Perks

November 12, 2015

Jackie here. How much is your privacy worth? A life insurance company is hoping that consumers will trade a bit of privacy for a discount. The new program will provide participants with an activity tracker and steep discounts in exchange for information about their health habits. What privacy implications does this program have? Would you sign up?

Privacy and Your Health: What’s the Connection?

When it comes to trading information for insurance discounts, experts fall on both sides of the spectrum. Some believe the discounts will be a great opportunity for consumers, while others worry that privacy is more valuable. Let’s take a quick look at some of the pros and cons.

Benefits of Activity Tracking for Insurance Discounts

If the privacy policy is straightforward (be aware that policies can and do change) and consumers are aware of how their data will be used and who it will be shared with, programs like these can encourage healthy habits. When people are rewarded for healthy choices (like going to the gym), many argue that they are more likely to make these choices. Not only does this mean discounts, but it can also lead to better health overall, a benefit that has virtually unlimited financial value.

Risks of Activity Tracking for Insurance Discounts

Sharing your health and activity information for a discount does have the potential for some risk. Some privacy experts worry that changes in your health could result in losing your insurance policy when you need it most. A life insurance company could potentially cancel a policy when they realize that a person has been afflicted with a long term health complication. Other experts worry that insurance companies will use the information they gather to create tools to deny or cancel coverage.

Additionally, these programs could result in negative rate changes for healthy people that can’t exercise at the moment. For example, women may be unable to engage in the same physical activities immediately after having a baby or injuries may keep people from being able to work out, potentially resulting in rate spikes.

The data gathered may also be valuable to hackers. Activity trackers learn your habits (when you exercise, where you go, etc.) and can provide valuable information to potential thieves.

If you choose to partake in one of these programs, be sure you fully understand how your data will be used and who will have access to it.

Tags: ,

FTC Launches “Start with Security” Initiative to Educate Businesses about Protecting Personal Data

November 1, 2015

Earlier this year, the Federal Trade Commission expanded its efforts to help businesses protect consumer information by launching a new initiative called Start With Security. It is designed to help small- and mid-sized businesses in various industries understand how to strengthen data security around consumer information.

So far the initiative includes three daylong workshops in major U.S. cities and a new guidance document. Additional workshop locations are being planned throughout 2016.

“Promoting good data security practices has long been a priority for the FTC,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “The new Start with Security initiative shares lessons from the FTC’s 53 data security cases. Although we launch cases when businesses put data at risk, we’d much rather help companies avoid problems in the first place.”

Aimed at start-ups and developers, the workshops bring together FTC and local experts to provide information on security design, common security vulnerabilities, strategies for secure development, and vulnerability response. Sessions cover topics such as:
• Building a Security Culture
• Embracing Security Features
• Adapting Security Testing for DevOps and Hyper-growth
• Dealing with Bugs, Bug Reports, and Third-party Code

The first workshop was held in San Francisco on September 9th. It was hosted and co-sponsored by the University of California Hastings College of the Law.

The second Start With Security workshop is in Austin, Texas on November 5th. It is co-sponsored by the University of Texas Robert C. Strauss Center and the Center for Identity.

A third workshop is scheduled for Seattle at the University of Washington on February 9, 2016. More details will be published soon.

The FTC is currently exploring additional locations to hold the workshop throughout 2016, such as Chicago, Cleveland, and more.

The Start With Security business guide lays out ten key steps for effective data security drawn from its own cases. It’s meant to provide an easy way for companies to understand the lessons learned from these cases, and aligns with the FTC’s primary mission: to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.

The document includes case references, as well as plain-language explanations of the security principles at play. Advice includes, for example:
• Keep sensitive information secure throughout its lifecycle
• Verify that privacy and security features work
• Protect devices that process personal information

The new publication is available online. Print copies are available through the FTC’s publication bulk order site.

Further, the FTC has introduced a one-stop website that consolidates the Commission’s data security information for businesses at


The Results Are In: Customer Data Breach Notification And Response Services Report

October 30, 2015

By Kirsten Matetich, Marketing Director at AllClear ID

Forrester Research, Inc. recently released The Forrester Wave™: Customer Data Breach Notification and Response Services, Q3 2015 report. Based on their evaluation, AllClear ID is a leader in the space. We think that the report hits on a lot of important themes, including the challenge of capacity industry-wide, and the importance of putting customers at the center of any breach response plan.

We believe our ranking as a “Leader” validates our customer-centric approach and is further proof that AllClear ID is setting the industry benchmark for data breach response.

The opening of the report does a great job of summing up what we believe to be true about data breach response: “In the age of the customer, an incident response plan is not complete unless it includes considerations for customer-facing breach notification and response. A breach of customer data is emotional for both the customer and your organization! As such, waiting until a breach to start thinking about what to do is a recipe for pain and public scrutiny. Line up resources in advance to mitigate the fallout from a customer data breach.

The report scores are based on current offering, strategy, and market presence and across 23 pieces of criteria. AllClear ID received the highest score of any company in the Strategy category. As part of that category, we scored the highest possible rating in employee subject matter expertise, partnerships and affiliations, and corporate strategy– all of which we feel speak to our long-term view of our partnerships with our clients and our big-picture perspective of this industry. We’ve spent years honing our expertise while staying focused on what we do best – data breach preparation and response.

A few important points of differentiation that we see in the market include:

Capacity: Forrester characterizes the industry as in an “arms race to ensure scalability of resources.” We agree and recognized the need for high levels of quality capacity over a year ago, and have built capacity accordingly. We are first to market with a breach preparation program to reserve capacity for clients to ensure appropriate resources are trained and ready to go no matter the type or size of the breach.

Customer Service: Our focus on scale and quality translates into a great customer experience, reflected in a 97% customer satisfaction rating for AllClear ID. We have maintained our high customer satisfaction rating for years and continue to make it a priority to provide great service to our clients’ customers.

Specialization: According to the report, “AllClear ID’s core business is customer breach notification and response services. It is well-positioned for servicing multicountry customer breach notification and response. AllClear ID has made a conscious decision not to expand beyond its core strengths and instead refers clients to a vital network of partners for other breach-related services like PR/communications support and incident assessment and forensics services. Takeaway: AllClear ID specializes and innovates in customer breach notification and response.”

We are particularly happy that as a takeaway, Forrester included, ‘AllClear ID specializes and innovates in customer breach notification and response.’ While some companies pride themselves on being a generalist, we find specializing and innovating to be what our clients appreciate most. We always align with our clients’ needs, and avoid conflicts of interest that generalist companies encounter. For example, we think it’s a conflict of interest to do the forensics to determine if an incident is notifiable or not, then to turn around and sell notification services.

To read the report in its entirety, The Forrester Wave™: Customer Data Breach Notification And Response Services, Q3 2015 report is available to Forrester subscribers or for purchase at the following link:


Millennials and Identity Protection

October 27, 2015

Jackie here. Do Millennials neglect protecting their identities? A TransUnion survey suggests that Millennials are the age group least likely to actively protect their data. Interestingly, they are also the generation most concerned about cyber threats. How can Millennials change their habits and become more secure online? Here are a few key changes that can help enhance online security.

Don’t Check Financial Accounts on Public Wi-Fi

A large majority (84%) of Millennials (and other groups) put themselves at risk by using public Wi-Fi to access financial accounts. Public Wi-Fi is great for looking at the latest viral cat videos, but don’t use it for checking sensitive accounts. Check your bank account, credit card accounts, etc. on a secure connection. Data sent over public Wi-Fi can easily be intercepted. Consider using your data plan instead if you need to access any websites that contain sensitive information (including social networking, email, online shopping, and online banking sites).

Password Protect Your Phone

Millennials have grown up in a world where cellular phones are the norm, but a shocking 67% said they don’t bother to password protect theirs. If your phone doesn’t have a password, set one up right now. It takes just a couple of seconds to unlock and adds an important layer of security to your device.

Stop Storing Bank Info on Your Phone

Many Millennials appreciate easy access to their online accounts and too many (86%) reported storing banking information on their phones. This practice makes it easy for an identity thief or an untrustworthy friend to access your accounts should they ever get their hands on your phone – especially given the large majority of people surveyed said they didn’t have password protection enabled. I know it is a pain, but enter your bank information manually (username, password, etc.) every time you need to log in to your accounts.

What changes can you make to better protect your identity? Many of these habits apply to groups other than Millennials, so if you have similar habits, consider making some simple changes.

What You Need to Know About Chip-Enabled Cards

October 26, 2015

Jackie here. Have you been using your new chip card? These new chip-based cards are more secure than the magnetic strip cards alone, but more is still needed. The new chip cards aren’t the magic solution to credit card fraud.

How Are Chip Cards More Secure than Magnetic Strip Cards?

Chip cards look much like a traditional magnetic strip card with one difference: a golden chip on the front of the card. This chip is called an EMV chip (stands for Eurocard, Mastercard, Visa) and contains the information needed for a card to work properly. Today’s chip cards have both a magnetic strip (to be used when a terminal isn’t chip-enabled) and a chip, but as more retailers become compliant cards may eliminate the magnetic strip.

The technology in the chip protects PoS transactions and consumer data. The chip transactions also generate a special one-time code that further protects your information.

The Security Limitations of Chip Cards

While chip cards are more secure, they aren’t fraud proof. Lost and stolen cards can still be used for in-store and online purchases. Additionally, whenever a transaction is performed using the magnetic strip, data can be captured if thieves have installed malware on the payment terminal. Many of the chip cards used in the U.S. don’t have a PIN feature, an important added layer of protection that helps to ensure that only the registered user can use the card.

How to Protect Yourself

Now that you’ve got a new chip card in your wallet, here are some easy tips to protect yourself and reduce your chances of credit card fraud.

Use Chip Readers When Possible- If you can, insert your card into the chip reader rather than swiping your card. This limits the exposure of your sensitive data.

Be Careful with Your Card- Once you get a card, take care of it. Activate it promptly and store it securely. If you do lose your card, report it as soon as possible.

Check Your Statements- Check your bank and credit card statements often. If you notice a problem, report it.

The new chip cards are more secure, aren’t foolproof. It’s important to still keep an eye out for suspicious transactions on your statements.


Is Your Mail Putting You at Risk for ID Theft?

Jackie here. Does your mail put you at an increased risk of ID theft? We talk often about digital risks, but just like your inbox, your physical mailbox is packed with personal information. Let’s take a quick quiz and evaluate your mail practices. What are you doing well? What do you need to change?

Do you have a locking mailbox?- A locking mailbox is one of the easiest ways to protect your mail. Get a locking box with a key to protect against mail theft.

Do you collect your mail every day?- Don’t leave your mail sitting in the box, especially overnight. Bring it in as quickly as possible after it is delivered. If you’ll be out of town, put your mail on hold or arrange for someone to pick it up daily.

Do you pay bills online when you can?- Signing up for e-bills and online payments can keep thieves from accessing your credit card bills, bank statements, and other important documents. If thieves get access to a check of yours, they might be able to use a technique known as washing to change the payees name to theirs.

Do you take outgoing mail to the post office?- That little red flag on the mailbox alerts others to something inside. If you need to mail something containing personal information, take it to the post office.

Do you look for signs of id theft?- Prevention is important, but so is early detection. If you do become a victim of ID theft, you’ll want to find out as quickly as possible. Check your bank and credit card statements as frequently as you can. Examine your credit report at least once a year.

In a digital age, it is easy to forget that a big source of information is sitting right outside your front door. Take the necessary steps today to protect your mail.

Tags: ,

Protecting Your Data on Your Mobile Device

October 17, 2015

AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.

There’s little doubt that smartphones, phablets, and tablets have made life more convenient and more connected. But what too many tech users fail to recognize is that their mobile devices are just like mini hand-held computers. They’re vulnerable to cyber thieves and hackers if they aren’t protected.

What About Work Phones?

The first thing you must take into account is who owns your phone or tablet. That seems like a pretty simple question, but it can actually get very complicated when your personal use and your business use are intertwined. Some companies require their employees to carry a specific device and may even have a company phone number associated with it, but still charge the device, accessories, or even the usage plans to their employees. That means you’re paying for it, but the company’s name is on it. So what are you allowed to do with it? Can you download the latest game, or log into your personal
Facebook account in the Facebook app?

These are all things that need to be clarified with your employer before you do anything personal on the device. The behaviors you engage in through your personal use can have repercussions for the company, especially if a hacker gets access to company emails you sent, files you loaded in your personal/work Dropbox account, and more.

Personal Phones aren’t Always Safe

But even if it’s your own device, there are ways that your mobile device can turn on you once a thief targets you. Everything from losing the physical device (and therefore handing over control of your email to the thief) to accessing the internet over unsecured wireless connections can leave you vulnerable.

In the case of physical loss of the device—whether through theft or misplacing it, and whether it’s personal or professional—having a strong passcode on the device is important for keeping someone else out of your data. Envision this scenario: someone randomly finds your lost phone, then taps the email icon. He or she in your account now, and can change the password on your email to lock you out of it. Next, they head to your Facebook app and clicks “forgot my password,” and the link to reset it to a new one is sent to the email account that you no longer control. Then, it’s on to your banking app which is prominently located right there on the screen.

The thief now controls most of your important accounts, which are all easily accessible without a passcode on your mobile device.

Things get even hairier if the thief is intentionally targeting you and has the necessary tech skills to work his way into your accounts. For this reason, a VPN is a strongly recommended tool. It keeps others from “seeing” you when you’re online, and there are many great free options out there, as well as low-budget paid accounts.

These issues can mostly be prevented with a few security measures in place. Passcode locking is great, but two-step authentication is even better. Setting up your banking app to require additional information if you’re connecting from anywhere but home is a good step, and logging out of your accounts completely after each use is even better.

These few steps can go a long way in protecting your mobile device and the information stored on it from hackers and ID thieves.

“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”

Tags: ,

Kids and Online Safety – 4 Essentials for Parents

October 15, 2015

Jackie here. Today’s kids use the internet more than any other generation. For parents, increased internet usage means it’s important to know how to prepare kids for the risks they may encounter online. This often feels like a daunting task. Where do you start? These 4 essentials can help you get started.

Password Basics

Do your kids know how to create a strong password? All too often, adults choose passwords that aren’t secure (think ‘password123’) so it only makes sense that children do too. Teach your child the basics of a strong password (letters, numbers, symbols, not common words, no names, no important dates, etc.). Also, make sure your child knows when (and when not) to enter a password when prompted online. Many scams impersonate popular sites to attempt to steal your password.

Share Wisely

Parents can set a good example for their children by sharing wisely on social media. Teach your children not to overshare. The more information you put out there, the more information thieves have available for cracking your security questions, creating targeted phishing attempts, etc.

Secure Mobile Devices

Children often access the internet using mobile devices like tablets and smartphones. One survey found that 37% of children didn’t have security software on their mobile device. Only 34% of parents have installed a parental control app. Security software and parental control tools are an important way for parents to protect their children online.

Cyberbullying Basics

Cyberbullying is a bitter reality online and can be particularly harmful to children and teens. Help protect your child by teaching them what to do should cyberbullying occur. Teach them about the blocking and reporting options on Facebook and Twitter so they can control those that have access to their accounts and information on these sites. If abusive messages are received, teach your child to talk to you and to save the messages in case they are needed for sharing with school administration or the police.

For more great tips, check out this article from WeLiveSecurity.

Tags: , , ,

Wellness Programs and Privacy Risks

October 9, 2015

Jackie here. There has been a recent surge in health and wellness programs sponsored by employers, and this means companies are collecting more personal health data about their employees. Let’s take a look at some of the privacy implications.

What Are Corporate Wellness Programs?

Coming soon to a workplace near you are corporate or employer sponsored wellness programs. Wellness programs have become increasingly popular since the Affordable Care Act created new incentives for employers to create and increase participation in these programs. These programs encourage employees to take proactive steps to better health in exchange for incentives. Employers save money on healthcare costs, employees enjoy perks, discounts, and better health. Many of these programs involve sharing health data with your employer.

As health and wellness programs are relatively new, privacy protections and regulations vary greatly. This means that you must take a little extra time before you sign up for a wellness program to ensure your information will be protected.

Who Sees Your Health Data?

Wellness programs acquire a lot of data, information that is potentially seen by many.

Here are a few of the parties that may have access to your health data when you participate in a sponsored wellness program:

Wellness Provider- Many employers hire an outside company to manage their wellness programs. This company might have access to informational surveys and health histories you fill out, data from labs and doctors, self-reported health information, and much more. These companies often reserve the right to share your data with 3rd parties, as needed.

Employer- Employers often receive anonymized data about the health and wellness of their employees. While this data is anonymous, in many cases it can be traced back to a particular worker, especially in small companies (or in larger companies if the reports are broken down by department).

Health Insurer- Health insurers often have access to your health information and may store it in your records.

Fitness App Company/Wearable Device Maker- If you wear a wearable fitness device (like a FitBit) you’ll share information about your activity levels, heart rate, and even sleep patterns with the company managing the wellness app and the device maker.

Fitness Center- If you get points for checking in at the gym, you’re sharing your exercise history with your fitness center and others.

Can I Opt Out?

In some cases, these wellness programs are mandatory. Yes, you’ll get perks as you achieve health goals, but if you choose to opt out, you may have to pay. Many companies charge a premium on the insurance policies of those that decline to participate, sometimes hundreds of dollars each year. Employees are faced with the choice: participate and give up privacy or pay a fine.

What can you do? Understanding the terms and conditions of a wellness program is important. Read the information you receive carefully and ask questions (here’s a great list of ideas). Speak up if you’re uncomfortable.

Do you have a corporate wellness program at your work? Would you like one?

Tags: , ,

Quantum Mechanics and ID Theft

October 3, 2015

Jackie here. Today’s computers are smarter and faster than ever before, but even with all the technology we have, it often seems impossible to completely protect personal information. Quantum mechanics, a complex branch of physics, may hold some of the keys to enhanced protection.

Some researchers worry that quantum computers (currently theoretical, but could be a reality in the coming years) could put an end to current data protection practices. These computers calculate differently than a modern PC and are believed to be able to quickly break in to public key encryption systems.

While most experts think quantum computers are probably 10+ years away from becoming a reality, researchers have begun looking for ways to protect information from attacks with these devices. The NSA is warning that quantum computers could become a problem when it comes to protecting information.

One solution may be to use quantum mechanics in the fight against quantum computers. Researchers hope that by transmitting data using quantum principles, they will be better able to tell when information has been compromised. Some even say that the system will be un-hackable if done properly.

An un-hackable password may be waiting in the future, but before we can use it, we’ll need to change the way data is transmitted. Current systems use 0s and 1s to electronically send a signal. The quantum theory would use protons, or bits of light. The process is very complex and would require major changes in infrastructure.

While this particular threat, and its potential solution, are years away, it is a good reminder that protecting your identity should be an ongoing effort. New threats and new ways to protect your identity crop up frequently.


New Tool to Report Privacy Violations

October 1, 2015

Jackie here. In a connected world, keeping information private can be difficult. All too often, companies share or sell consumer information without their permission or knowledge. When it happens to you, you are now able to do something about it. The FTC has a new complaint tool that you can use to report privacy violations.

What Types of Violations Can I Report?

This tool is perfect for reporting specific instances when your information was shared without permission. For example, if you start getting targeted advertising in the mail (like ads for maternity clothes or formula samples when you are pregnant and haven’t signed up for them, etc.) and know what company gave up your information. Any time your personal information is shared in a manner that you didn’t expect or didn’t give permission for (and you know where the problem originated), you can report it. This tool isn’t for reporting ID theft, just privacy violations.

How Do I Report Privacy Violations?

If you see a privacy violation, report it using the FTC’s Complaint Assistant. You’ll see an alert near the top of the page that says, “Concerned about how a company is handling your personal information? Click here to report privacy concerns.” Click and fill out the form on the next page.

You’ll be asked for the company’s name, address, email address, phone number, website, etc., so have this information handy. Don’t worry if you don’t know all the information requested. The FTC says,
“Not all fields may apply to your complaint.” You can skip fields if needed.

After you fill in information about the company, you’ll be asked to provide your information and comments on your reason for reporting a company. Be specific. The FTC wants to know why you have a complaint, not just with whom.

Speaking up is a great first step in letting companies and the FTC know how you want your information shared. If you find your privacy has been violated, report it.

Tags: , ,

Don’t Lose Your Password in a Job Hunting Scam

September 28, 2015

Jackie here. Job hunting is stressful on its own, and identity thieves often try to cash in on eagerness find a job. This latest job-hunting scam might look like a promising job opportunity, but is really a way to obtain your password and gain access to other accounts. Here’s how to protect yourself.

Job Offers Aren’t Always as They Seem

You get an email that appears to be from a human resources department. They claim they found your info on LinkedIn. You’ve been searching for jobs and this seems like an answer to your hunt. The email looks legitimate. It often contains a company letterhead, a signature block, seemingly official email addresses, etc. The company asks you to click on a link to open a Google Docs file and share your information.

Don’t Click the Link

If you see this email, don’t click the link. It is actually a phishing attempt. The scammers have created public folder on Drive. When you click the link, you are directed to enter your password (as often happens when using Drive), but this time it isn’t Google asking, it’s the scammers and when you enter your password, they have it.

How to Protect Yourself

If you want to avoid this scam and others like it, I’ve got a simple piece of advice for you: don’t click on unknown links. If you receive an unsolicited email containing links or attachments, don’t click. You can find more advice for avoiding this scam from the BBB.

Tags: ,

Cybersecurity Awareness and the Aftermath of Identity Theft

September 25, 2015

AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”

As experts and advocates in the cybersecurity space gear up to host National Cybersecurity Awareness Month in a few short weeks, there’s no time like the present to take a closer look at some statistics regarding identity theft. One of the most comprehensive looks at the impact that this type of crime has on its victims is the Identity Theft Resource Center’s annual Aftermath report, which follows up with victims who’ve reached out to their center for support.

The 2014 report, which compiled all of the information over the course of the 2013 calendar year, offered some key findings for the cybersecurity community:
• Age, race, location, and income level had very little to do with rates of victimization.
• Utility and cell phone accounts are highly lucrative for identity thieves.
• Criminal, Government, and Medical identity theft are on the rise.
• Most victims reported less than satisfactory experiences in working with law enforcement to clear up this crime.
• 94.2% of the victims reported that they are still highly engaged on the internet and through their mobile devices, despite having their identities stolen.

One of the more telling findings about the annual survey has been the change in behavior that many of the victims experienced. Even though almost all of the victims have said they’re still highly engaged online, approximately half of them have adopted some new habits as a result. One of the most important habits is the routine perusal of their credit reports, something that many people overlook as a preventative measure.

Other proactive behaviors can prevent issues with some of the increasingly common forms of identity theft. The survey found that the majority of Medical identity theft victims—whose identities were used to acquire medical services—only discovered their identities had been used fraudulently after they were billed for medical services. At the same time, of the 40% of victims who reported they’d suffered Government identity theft—when a thief had used their identities to apply for benefits, commit tax return fraud, or other related behaviors—the majority of victims typically find out their identities have been stolen after their legitimate documents or applications (such as a tax return) are rejected for being duplicates.

The results of this year’s Aftermath Survey will be released on October 15th as part of National Cyber Security Awareness Month. It is the ITRC’s hope that the findings will encourage the public to take steps to protect their data and monitor their identities before a thief has a chance to use them, we can reduce the number of victims and minimize the damage. Next month, when NCSAM is in full swing, be sure to follow up on the educational and informative content that can help stop identity theft and turn these proactive behaviors into good habits.

Tags: ,

Hackable Cars

September 18, 2015

Jackie here. Plain and simple, smart devices are vulnerable to hacking. Many people, however, don’t think of cars as smart devices, but they are becoming increasingly automated and connected to other devices and systems. Here’s what you need to know when you get behind the wheel of your connected car.

Are Cars Hackable?

Are cars hackable? Technically yes, but in reality the answer is a lot more complex. Some cars aren’t hackable at all. If you drive an older model car that doesn’t connect to the internet, it likely can’t be hacked. Newer cars may be able to be hacked, but the process is complicated and isn’t something everyone has the knowledge to do.

Researchers have successfully hacked multiple cars, but the process is difficult. In one instance the researchers had to have physical access to components under the dash to be able to change the software to enable remote operation. This means that while possible, your car won’t be hacked by a random stranger in a faraway location. To be successful, the hacker would need physical access to your car and the mechanics inside. Hacking a car isn’t a simple feat. In another “hack”, the researchers damaged the vehicle multiple times, requiring repair, before they were successful.

While some vulnerabilities have been discovered (allowing the researchers to successfully hack cars), many of these have been corrected. That’s not to say there aren’t others, but as problems are found, they are often corrected by the manufacturer.

Technology is changing how we think about security. Hacking was once only a worry for computers, but now it is something to consider with almost every device you buy.

Tags: ,

Social Media and Credit Worthiness

September 16, 2015

Jackie here. How many Facebook friends do you have? Do you know them all? I recently read an article about how Facebook friends could impact your creditworthiness. It sounded too creepy to be true, so I did a bit of digging. Here’s what I found out.

Facebook Friends and Creditworthiness… What’s the Link?

Several years ago, Facebook started exploring the possibilities of using social media connections to determine creditworthiness. The idea has been touted as a tool to check credit on those without a credit score. But it doesn’t end there. According to some reports lenders may use your profile to check out friends, to share information should you go into default, to determine your odds of repayment, and more.

Facebook even filed patent paperwork that could potentially be used for this purpose. According to CNN Money, “Here’s how it would work: You apply for a loan and your would-be lender somehow examines the credit ratings of your Facebook friends. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.”

Would this work? The CNN Money article author has their doubts, “It’s not clear if Facebook would ever try to use the patent for lending, or how exactly it would work. How practical is it for a lender to try to access all the necessary information it needs from your Facebook friends?”

The questions remain, but one thing we do know is that social media may have larger implications than one would initially expect. Be careful what you share. Choose your friends with caution and be sure to check those privacy settings.

Tags: ,

Risk Pros Should Participate in Brand Resilience

September 15, 2015

Karen Taylor for AllClear ID

Brand resilience is a new strategic initiative for risk professionals, says Forrester Research in a new report for security and risk professionals.

Brand reputation and customer loyalty are intangible assets that are rarely viewed as risk categories. Yet, risk teams should be involved in protecting them to help strengthen a company’s brand resilience, stated Forrester Research in a new report, Brand Resilience: Understanding Risk Managers’ Key Role in Protecting Company Reputation.

Brand resilience is “the ability of the brand experience to live up to and remain consistent with the brand promise, maintaining its integrity even in the face of damaging interactions, events, or circumstances.”

Brand resilience is reinforced when companies forge a tight alignment between its values and the perceptions that people actually have of the brand, said Forrester.

When there is a gap between the brand promise and the brand experience, brands “become more susceptible to breaches that violate customers’ trust, and customers form brand impressions that are incongruent with the values and image that the company tries to represent.” This could result in significant risks from which companies “may never fully recover.”

While brand resilience is not itself a risk category, it is the result of any risk event. According to the report, risk professionals should be more active in protecting brand value.

Reputation Risk is a Growing Concern

In today’s uncertain business climate, consumer trust and loyalty are critical, but vulnerable, company assets. Worse, once compromised, the damage is difficult to repair. In fact, any breach of customer loyalty heightens the impact — as well as the probability — of damage from any other risk event, no matter the source, says Forrester.

Yet, they reported that “risk pros are failing to address growing risks to their firms’ reputations.” This is a mistake, because “in the age of the customer, reputational risk has become a major issue for business leaders.”

Today corporate reputation has even eclipsed other more traditional risk categories, like finance, regulatory, and the supply chain.

Risk’s Role in Brand Resilience

Risk professionals may wonder why a company’s reputation management should fall under their job responsibilities. After all, marketing is typically in charge of brand-related issues.

Forrester found three leading reasons why risk pros should get involved in brand-related issues:

1. Empowered Consumers.

Risk pros overlook the impact of empowered customers on their risk environments, including disrupting markets, upending competitive advantages, and determining companies’ success.

Today “customers’ perceptions and views matter,” noted Forrester. “Yet, risk teams remain focused on financial controls, change management, and IT compliance issues instead of adjusting their priorities to mitigate the customer-facing risks that consume greater amounts of companies’ resources, strategic plans, and innovation.”

2. Marketing Lacks Risk Experience.

While brand and marketing professionals are often put in charge of reputational risk, they are usually ill-equipped to appropriately track and evaluate risk, which leaves organizations exposed.

What’s more, corporate reputation often extends into areas far beyond the purview of marketers. Marketing teams have little control or impact on risks like data security breaches, workplace safety, and product quality issues. Risk professionals could supply the missing links.

“To strengthen their relevance in the organization, risk pros should complement their marketing team by helping them build brand resilience and customers’ trust,” stated Forrester.

3. Siloing Brand Risk.

Risk professionals typically miscategorize brand reputation risk. They often relegate it to its own risk category, thereby diminishing the impact of reputation damage on other risk categories. Instead, risk professionals should view the entire company-wide impact of any brand reputation breach — such as a personal data breach, which will impact many departments.

In recent months, we’ve seen the impact that a mismanaged data breach response can have on brand reputation. For risk professionals to successfully safeguard brand risk, they must begin to think of data breach preparation as a critical component of their traditional risk mitigation role. An effective response to a data breach can help repair relationships with customers and preserve brand loyalty after a data breach event. Planning and training in advance of an incident will minimize mistakes and costly missteps.

Tags: ,

What You Should Know About Security Questions

September 8, 2015

Jackie here. We talk a lot about passwords being the key to your accounts, but what happens you lose that key? Security questions to the rescue! These little questions are just as important as your password. How do you choose a good one? What should you avoid?

What Makes a Good Security Question?

Let’s start by taking a little quiz. I’ll list a few security questions below. Which questions do you think are strong?

• In what city were you born?
• What was the name of your favorite elementary school teacher?
• What is the name of your pet?
• Who is your favorite historical figure?
• What did you eat for dinner last night?

If you weren’t sure if the above questions are strong or not, here are some tips for picking the better questions. A good security question needs several key components. It should be impossible to guess or research, unchanging, memorable, simple, and have many potential answers (but only one answer to you). The key to a good question is an answer you’ll know, but no one else will.

Let’s look at the questions above and determine which questions are the better options on the list.

In what city were you born?- This question is problematic as it is easily researched. It may be public record and it is even an answer people may list on their Facebook profiles. Not a good choice for a security question.

What was the name of your favorite elementary school teacher?- This question is better. Few people probably know your favorite teacher in elementary school, but this is a question you’re likely to remember, especially if a specific teacher had a big impact on you.

What is the name of your pet?- If you frequently post online about your pet, this question is not the one to choose. This answer would be well known by anyone that knows you and is probably easily found on your Facebook profile.

Who is your favorite historical figure?- This is a good security question, provided you remember the answer. If you choose a question like this, make sure you choose a memorable answer.

What did you eat for dinner last night?- Although hard to guess, this question is constantly changing and will be impossible to remember. Not a good option for a security question.

While security questions are often pre-selected, you generally have a choice of options. Look for the best possible questions and choose answers that you will remember, but that others cannot easily figure out. If you can’t choose a unique question, consider creating a unique answer. You don’t have to answer with the actual correct answer if you’ll remember something else.

What Do I Do If I Forget My Answer?

Choosing a security question with a memorable answer is important, but what happens if you do forget? Every company handles this situation differently, but many will allow you to reset your questions with either a rescue email address (online) or a call in to verify your identity with a customer service representative. It is typically much easier to reset a password than a security question so make sure your answers are ones you’ll remember.

Do you have any tips for choosing good security questions and answers?

Tags: ,

A Scammer Might Be a Phone Call Away

September 2, 2015

Jackie here. You’ve got a question… what do you do? If you’re like me, you turn to the internet. I often believe that I can find the answer to anything online. That’s what’s makes this new scam so scary. Scammers are using our urge to find information online to set up unsuspecting victims. They are setting up fake websites and customer service lines that seem to be associated with big name companies.

Here’s how you can avoid this scam:

Start with the URL (if you can)- If you know a company’s official web address, start your search for phone numbers and information there. Look for a “Contact Us” page or something similar. If you can’t find a link on the main page, scroll to the bottom and look in the fine print. You may also be able to locate contact details using a site map if one’s available. It might take time to find contact details from the main company website, but it is a lot safer than calling a random number you find using a search.

First Isn’t Always Best- How do you find the right website for a particular company? Hint: it isn’t always the first web address you find. Scammers may use familiar looking variations of a company’s name or website address. The first phone number or website you find might not be legitimate, as these placements are often for sale on search engines.

There Isn’t Always a Phone Number- Some of us like to call companies with our problems, but as more and more companies embrace the internet, this isn’t always an option. Be aware that there may not be a toll free number available. Some companies choose to limit their communications to online chats, emails, etc. Others ask consumers to enter a phone number to receive a call back.

Keep Your Credit Card to Yourself- If you do call a number you find online, be cautious with your card information. Once they have you on the line, scammers will try to lower your defenses so you provide personal information or credit card details. Keep the information you share to a minimum.

Things you find online aren’t always true. Be careful when searching to avoid scams like this one.

Tags: , ,

Why You Should Never Save Passwords Using Your Browser

August 24, 2015

Jackie here. If you have trouble remembering passwords, it might be tempting to save them in your browser for easy entry the next time around. I’ve got a warning for you… it might be easy, but it isn’t worth it. Don’t save your passwords in your browser. Here’s why.

With a Bit of Technical Know-How You Can Retrieve Passwords

In most cases, this isn’t something the average person can do, but with a bit of technical skill it is possible to retrieve saved passwords. You might think, “No big deal. I’m not ever away from computer much. Nothing will happen.” However, this isn’t limited to being able to log in to one particular account on a particular computer, but your actual password can be uncovered and then used anywhere. Even worse, it only takes a few seconds. And for those of you that reuse passwords, this poses an even bigger security risk as one password will let hackers into multiple accounts.

If you want to know the ins and outs of how it’s done, check out this article from Business Insider. In the meantime, don’t save your passwords in your browser. If it has been a while since you’ve created new ones, change your passwords. More tips on password safety can be found here.

Tags: ,

Back to School ID Theft Tips

August 20, 2015

Jackie here. Before you know it, school will be back in session (for some of you, it has already happened). Let’s do a quick refresher on ID theft protection for back to school. These tips are perfect for any student, regardless of age.

Limit Use of SSNs

If your school, preschool, or daycare is asking for a SSN, ask why. Often, the number isn’t necessary and another identifier can be used. If it turns out to be necessary, ask how it will be protected. Another option is to simply skip the number when filling out the forms; you may not be asked for it later.

Give the Information Directly to the Source

When filling out forms with sensitive information, do your best to get them directly to their final destination. This can help to limit the number of eyes that see this personal information. Don’t clip your child’s form to a clipboard and pass it along, see the teacher or coach at a later time and turn it in directly.

Teach Your Child About ID Theft

Does your child know the basics of protecting against ID theft? While the information your child needs will vary depending on their age, even youngsters can benefit from a few basics. Send your child off to school prepared with these tips:

Shred- Every college student should have access to a shredder. Send one with your student when they head off to the dorms.

Lock Up Sensitive Paperwork- Your college student may need sensitive paperwork like their Social Security card or birth certificate with them at school (jobs, financial aid, etc.), but they do need to protect them. A small locking safe is a great investment.

Review Bank Statements- Teach your child to check bank statements and how to report fraud should it occur. They should also check their credit report often.

Be Careful When Signing Up for Cards- College students are often faced with their first credit card applications. Before they leave, help them opt-out of prescreened offers. Teach them the importance of using and choosing credit carefully.

Lock Your Phone and Computer- Phones and computers should always have a password

Advocate for Your Child

Child ID theft is a problem, so educate yourself and keep your child safe. This fact sheet from the Identity Theft Resource Center has some valuable tips every parent needs to know.

Help keep your kids safe this school year by talking to them about ID theft.

Tags: ,

The Problem with Flash

July 31, 2015

Jackie here. Are you having trouble with Flash lately? I’ve been having a few issues and this article from Yahoo! Tech explains why. If you use Flash, you need to read this.

The Problem with Flash

Flash is great for streaming video and running games inside of web pages, but that isn’t all it is good for. Thieves and scammers love the platform too. The fact that Flash can run complex scripts right inside of your browser creates vulnerabilities that thieves can exploit. Scripts can be created to access your computer and make changes to it, without your knowledge or consent. This allows for complex spying operations, etc. The very things that make Flash so useful also make it very dangerous.

In 2010 Apple said that Flash was a primary cause of Mac crashes. Flash has many vulnerabilities and more constantly being discovered. According to the Yahoo! article, in June 2015 alone there were 38 fixes for various Flash vulnerabilities.

What Can I Do?

Flash is problematic and many big companies want you to stop using it. Facebook, Google, Apple, and Mozilla have all spoken out against the software. The latest Firefox update even launched with Flash blocked (although this has been reversed) and Chrome disables Flash by default. While these companies see the problems with Flash, it is still used by some websites and applications. (If you’re curious if you have Flash, visit this webpage from Adobe.)

Are you willing to stop using Flash? Many websites have switched platforms so it shouldn’t impact your browsing experience much, but can really enhance your online security. Unless you need Flash for a specific website or use, it is best to disable it. You can have it installed, but disabled, and only enable it when you need it. Get detailed instructions here.

Tags: ,

California Speaks Out Against National Breach Notification Bill

July 30, 2015

Karen Taylor for AllClear ID

California was the first state to enact breach-notification legislation in 2003. So it’s perhaps apropos that now, in 2015, California is the first state to openly oppose the federal government’s national Data Security and Breach Notification Act of 2015, which is currently under consideration by the House Energy and Commerce Committee.

California’s primary concern is, if passed into legislation, the new bill will undermine the state’s own laws, including the many updates and amplifications it has made to its laws over the years. The state says it has consumer protections that go beyond anything Congress is considering.

In a letter to the House Energy and Commerce Committee, California Attorney General Kamala Harris wrote: “I urge you to recognize the important role that states play in developing innovative approaches to consumer protection, and to reject a one-size-fits-all law that establishes a ceiling rather than a floor on data security and data breach notification and consumer protection.”

Six consumers groups also wrote letters supporting California’s stance, urging the members of Congress to defeat the proposed federal bill, including Privacy Rights Clearinghouse, Consumer Federation of California, Consumer Watchdog, World Privacy Forum, The Utility Reform Network (TURN), and Consumer Action.

In their response, they stated: “It is among the strongest such laws in the country, and offers Californians significant consumer protections. It has served as a model for legislation enacted on dozens of states.”

They point out that the proposed federal legislation will upend many aspects of California’s breach notification laws such as:
• The California requirement that a breached entity provide notice to the California Attorney General.
• The right of security breach victims to sue to recover damages.
• The state’s requirement for breached entities to provide identity theft prevention and mitigation services to residents whose private information has been hacked or exposed.
• California’s Song-Beverly Credit Card Act, which makes it illegal to record a credit card holder’s personal identification information during a transaction.

California also pointed out that it has updated many of its laws over the years in direct response to emerging threats and rapidly changing technology. “For example, in 2008, in response to burgeoning medical identity theft and its life-threatening impact for California residents, medical and health insurance information were added to the personal information covered by the law.

“In 2013, with evidence that criminal organizations were targeting online account credentials, the law was amended, expanding the scope of personal information subject to existing security breach disclosure requirements to include a user name or email address, in combination with a password or security question and answer that permits access to an online account.”

California isn’t the only state to oppose the bill. Others are beginning to voice their opinions, as well.

Meanwhile, many businesses have lent their support for the bill. In January, the National Retail Federation announced its support, stating: “We urge you to adopt a framework for a federal law that applies to all entities handling sensitive personal information and that would establish uniform, nationwide standards to ensure clear, concise, and consistent notices to all affected consumers whenever or wherever a breach occurs.”

Forbes journalist, Adam Levin, recently wrote about the issue. “We need a strong federal law, but … any proposed bill that threatens to weaken existing laws has to be challenged, quickly and without equivocation.”

It remains to be seen how the proposed federal bill will fare in Congress, and what the implications will be for the future of breach notification. Regardless of the outcome, businesses should prepare today to respond effectively and rapidly to data breach events — because customers, regulators, and the media expect it.

Tags: ,

Could a Selfie Protect Your Credit Card?

July 27, 2015

Jackie here. Many of us love to take selfies, and one company is seeking to take advantage of that selfie love to make online transactions more secure. The Mastercard pilot program uses a binary code created from a selfie to authorize transactions instead of a typed password. The program is currently rather small, but if it works, you might be using your face to verify your payments soon.

How Does It Work?

The selfie identification program is only in the works for Mastercard users at the moment. It is part of a special service known as “Paying with Mastercard Identity Check”, and seeks to reduce fraud with an extra layer of security at the time of payment. The full details of the program won’t be unveiled until it is out of the testing phase, but right now we know that the selfie program is expected to be a part of the company’s smartphone app. Users will have the choice of a facial scan (done via selfie) or a fingerprint for identification.

What Can I Do Now?

The selfie program is currently just in the testing phase, so it isn’t yet available to regular users. In the meantime, how can you protect yourself from credit card fraud? Your best option is to be vigilant. Check your statements often and report any suspicious activity immediately. Credit card fraud might be a pain, but you’re not liable for fraudulent purchases, provided you report them.

Would you take a selfie to verify your identity?

Tags: ,

Make This Call Before You Travel

July 24, 2015

Jackie here. Hitting the road? Make sure you let your bank or credit card company know. This one simple step can keep your bank from freezing your card, a big hassle when you’re out traveling. Informing your bank before any trip out of town is a good idea, but it is even more important if you’ll be traveling internationally.

Why do you need to inform your bank before a big trip? Keeping your bank informed of your travel patterns helps them to know where you’ll be and to spot unfamiliar activity quickly. Often, banks put cards on hold when unfamiliar purchasing patterns appear (can be a sign of fraud). Since you’re in a different location and buying different things when you’re on a trip, getting your card shut down is a common occurrence.

If you do forget and your card does stop working, call your bank immediately. Often they can turn your card back on when you verify the purchases in question are actually yours.

Do you have any other summer travel tips you’d like to share?

Tags: ,

Beating Tax Refund Fraud Happens Early

June 19, 2015

“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”

One of the fastest growing forms of identity theft-related crime is tax refund fraud, which occurs when a thief files a false tax return using your personally identifiable information. This crime, which some experts estimate costs the IRS over $4 billion a year in faulty refunds, often goes undiscovered until the victim attempts to file his or her legitimate tax return and has it flagged as a duplicate.

Unfortunately, once someone has discovered that they are a victim of tax identity theft, they will struggle with the issue for many years to come. So just how does someone who has been victimized prepare for tax time? While the old “ounce of prevention” saying applies in so many different situations, this is truly one of those events that offer the victim almost no recourse other than keeping a thief from filing in the first place.

The most important thing you can do is to file your tax return early, literally in order to beat a thief to it. If anyone is going to find out that a return has already been filed in your name, you really want it to be the thief, not you. If you prepare your documentation in December, you’ll be ready to file after January 1st, the moment all of the paperwork is in order. There’s no reason to wait until April 15th, especially not when your tax refund is at stake. You will want to make sure that your employer is aware of your situation so that they can get your tax documents to you as soon as possible to enable early filing.

One of the tools that tax identity theft victims often overlook is using the resources of the IRS itself. While many victims are understandably disgruntled with the tax giant, you can be assured that the IRS dislikes identity theft as much as you do. Fighting identity theft has been an ongoing battle, and they are working to provide help to victims. Tax identity theft victims should contact the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490 as soon as they are aware of any problems or if they have questions or issues related to their filing. If you have contacted the IPSU and have not had a resolution to your case, you should contact the Taxpayer Advocate Service toll-free at 877-777-4778.

An important step to minimize the time spent on your identity theft case is being well organized. You should have filed a police report when you first found out you were a victim of identity theft. Keep a copy of this police report in a central, protected location. Along with this document, you should have a copy of any communication you have had with the IRS, including your IRS Fraud Affidavit. Just as you keep records of past tax returns, receipts and other documentation you need to file, hold on and protect these items.

Victims of tax identity theft must also remember that if your return was filed by a thief, that thief has your information and could easily have used it for other purposes. As soon as you learn of the false return, you should take steps to ascertain whether other aspects of your identity have been compromised. These steps include ordering a copy of their credit reports, closely reviewing financial statements, and even health insurance benefit statements.

If you are currently in the process of resolving tax-related identity theft, keep these resources in mind. As you look to the next tax season, try to start planning early to be sure you are able to file as early as possible. December is only six months away, so the time to prepare will be here before you know it.


Lesser-Known Ways to Steal an Identity

June 17, 2015

Jackie here. We talk a lot about checking your credit report and bank statements for signs of ID theft, but making fraudulent charges on your accounts isn’t the only way thieves can use your identity. Thieves also love using not-so-well-known methods for theft as they can often avoid detection for much longer. Which of these types of identity fraud were you aware of?

Health Insurance

Medical care can be expensive, making health insurance a gold mine for thieves. Thieves can steal your insurance information and pretend to be you at the doctor or pharmacy. This isn’t just a financial nightmare; it can also lead to serious medical problems including cancelled insurance and conflicting medical records (which can lead to treatment difficulties).

Medical ID theft is surprisingly common. It is estimated that at least 2.3 million American adults have fallen victim to medical ID theft and the number continues to grow. Resolution is difficult too. Only 10% of respondents in a Ponemon survey had satisfactorily resolved their problem.

Criminal Record

Some thieves commit criminal ID theft by giving another person’s name, driver’s license number, or SSN during a criminal investigation. This can lead to arrest warrants in your name for crimes you didn’t commit. Although this type of ID theft is concerning, it is luckily rather uncommon. Here are some tips if you do find yourself in trouble.

Social Media Accounts

Your social media accounts are vulnerable to hacking. Thieves can gain control of your accounts and use them to solicit money from friends and to spread malware and other harmful links. Hacking your actual accounts isn’t the only way thieves take advantage of your identity on social media; some thieves create secondary accounts using your name and your pictures to trick friends into “friending” you so the scammers can attempt to take advantage of them.

Tax Refund

Tax ID theft topped the list of FTC consumer complaints in 2014, with the problem only expected to continue growing. Tax ID theft occurs when thieves file taxes in your name and take your refund. One of the best ways to fight this problem is to be sure you file early.

Your Computer

Are identity thieves lurking in your computer? Thieves use malware, ransomware, and other types of malicious software to take over your computer. Thieves can track your typing to obtain your login credentials, lock up your computer until you pay a fee, and redirect you to their websites when you browse the web. Antivirus software is essential, as is keeping up on your updates. Here are some more tips for keeping your computer ID theft free.

Other Methods

While the methods listed above are some of the larger problems when it comes to lesser known types of ID theft, they aren’t the only things to watch out for. Thieves may also take advantage of your frequent flier miles, hotel points, gift cards, chat programs, etc. If it’s valuable, odds are thieves have found a way to take advantage.

Tags: , , ,

What Does Google Know About You?

June 12, 2015

Jackie here. What secrets does Google know about you? Your internet search history is packed with information you might not like the world to know. For a quick lesson in privacy, take a look at your search history and see what you’ve been inadvertently sharing. This simple exercise is very revealing of how much information we actually share online and how important protecting privacy actually is. What does your search history reveal about you?

Finding Your Google Search History

To access your Google Search history, head to the Google Web History page, click on the gear and select “Download” (detailed instructions here). You’ll need to log in to your Google account and accept a few authorizations. Google will then prepare your archive and send you a link when it’s ready. Then, you can download your history to Google Drive and take a peak. The file will be zipped so you’ll need to unzip it. Files will be arranged by date.

Just so you know, the files are JSON files which can be difficult to decipher, but if you use the search feature to find “query_text” you’ll be directed right to your search history. If you’ve turned the Web History feature off previously, you won’t be able to access your results.

What Can You Do?

If your results are a bit shocking (or a little embarrassing), there isn’t much you can do (short of revising what you search for in the future), but you can tweak a few settings.

Turn off Search History- You can turn off the Search History feature in Google from your Account History page. This will keep your searches from impacting the results of future searches (and will keep you from getting any results the next time you download your history), but won’t keep Google from having access your search information for internal purposes. While you’re there, you may want to tweak a few of the other privacy settings there (like location mapping). Be aware that turning off Search History will mean less personalized, and possibly less relevant results.

Tags: , ,