December 21st, 2013
Tamara here, AllClear ID Investigator. The holidays are here, and even the Better Business Bureau is getting into the spirit by re-creating their annual warning list about common scams during this season, The BBB’s “12 Scam of Christmas.”
BBB’s 12 SCAMS OF CHRISTMAS
On the twelfth day of Christmas,
The scammers gave to me:
Twelve malware e-cards,
Eleven stranded grandkids,
Ten counterfeit gifts,
Eight stolen gift cards,
Seven fake coupons
Six Santa scammers,
Five fake charities,
Four bogus websites,
Three travel scams,
Two phony loves,
And a totally fictitious puppy.
To help you avoid these scams, here are some tips to heed.
• Malware e-cards: That email you got claiming you were sent an e-card, but from someone you don’t know? That’s most likely malware or a virus, which would download itself upon clicking on the attachment or link contained within.
• Stranded grandkids: There are instances where a scammer will hack into an email or other type of social media account and contact the hacked family members and friends claiming to be stranded while traveling and need money. Check with other sources before sending money!
• Counterfeit gifts: So, you found an excellent price on that brand name item for your loved one. Before spending your money, there are a number of ways to ensure the item is legitimate. One of which is making sure to shop at reputable stores and websites.
• Pickpockets: Ensure your pocketbook, wallet, or purse is with you at all times! Even if for a second, do not turn away from your wallet.
• Stolen gift cards: There are a number of ways scammers can get you with a stolen gift card. One way to ensure you’re purchasing a legitimate card is to obtain them from reputable dealers.
• Fake coupons: Every penny counts, but it doesn’t count as much as having your personal information compromised by giving it to a scam artist. Be sure you’re obtaining the deals from the retailer themselves.
• Santa scammers: Before you enter your personal information into a website claiming it will send a letter to your child from Santa, ensure the site it legitimate. It’s probably best to skip any site that asks for an abundance of personal information.
• Fake charities: This time of year charities are included in many people’s gift list. But, be careful. Scammers are aware of that, and will attempt to clone a charity or create a fake charity to finagle the funds from the well intended source.
• Bogus websites: Ensure the site you’re using is legitimate. One way to determine it’s more secure is to look for the “https” in the address bar.
• Travel scams: This time of the year is one of the busiest in terms of travel. When searching for deals, as always, be sure to use a reputable site and ask for references. A quick check of the airline, hotel, or car rental company on the BBB website is always a good step.
So, there it is folks. These tips will help prevent you from being victimized by fraudsters or scammers. Have a good holiday season!
November 23rd, 2013
Ben here, AllClear ID Investigator. The Federal Trade Commission (FTC) has moved to shut down an international network of scammers that sent millions of unwanted text messages, luring consumers in with an offer of “free” gift cards and electronics to entice them into an elaborate scheme designed to take their money and target them with illegal robocalls. These messages promised consumers free gifts or prizes such as gift cards worth $1,000 to major retailers such as Best Buy, Wal-Mart and Target. In most cases it would be impossible for someone to receive this “free” card without spending money, having their credit score hit, and releasing personal information to be sold to marketers.
The complaint names nine defendants who allegedly were involved in operations violating the FTC Act and Telemarketing Sales Rule. According to the complaint, a consumer would follow a link in the unwanted text message and be directed to a site that collected a large amount of personal information. This information ranged from name, address, and telephone number to health information, and would then be sold for targeted marketing purposes. If a consumer was to put in their information for the $1000 gift card they would have to participate in several offers to qualify. These offers would include recurring subscriptions, paying upfront and shipping costs, and even submitting applications for credit that would be reflected on their credit score.
This complaint builds on a nationwide sweep conducted by the FTC in March to crack down on scammers. The FTC files a complaint when it has reason to believe that the law has been violated and that a trial is in the public interest. The FTC works for consumers to prevent fraudulent and unfair business practices, which they feel applies to these robocalling and texting operations.
October 23rd, 2013
A company called Barclays Wealth and Investment Management in the UK has started using voice biometric technology to authenticate the identity of customers during a conversation with a representative. Many call centers have experience trouble in identifying callers, and usually resort to a series of questions, often known as a test of knowledge. Mother’s maiden names, passwords, addresses, and SSNs are items that are often used during the verification process, but all of these things can be compromised by ID thieves. Voiceprints eliminates this risk by authenticating callers from their voices, not what they know.
Barclay’s Voiceprints Program
The results of the Barclay’s Wealth voiceprint investment have some interesting statistics.
• 84% of frequent callers enrolled within 5 months.
• 95% of enrolled callers successfully verified through speech.
• 93% of customers give Barclays a 9 out of 10 for satisfaction with the voice authentication.
• 5% reduction in call times
This passive approach to account verification is harder to crack. However, there could be some downfalls or drawbacks. Would a system like this be able to handle various dialects? A lot of call centers also use automated systems for account verification instead of live people. A program using Voiceprints would have to use live agents to initiate conversation to prevent a prerecorded message passing through.
While Voiceprints do appear to be a step in the right direction, only a more wide scale implementataion will be necessary before we know what effect, if any, Voiceprints will have on ID fraud.
September 30th, 2013
Christy here, AllClear ID Investigator. An unfortunate truth these days is that almost everyone is aware of the real threat of identity theft in its many forms, especially takeover of existing accounts. But how many of us are clear on why the credit card company isn’t responsible, and why the consumer cannot take legal action against the creditor for identity theft damages? There are a few logical theories, however, the main reason is in the fine print of the agreement signed when you opened the account. Many credit card contracts contain a mandatory arbitration provision which states that your consent to opening the credit card waives your right to a jury trial should disputes arise. Basically, any issues/disputes have to be settled through arbitration, for which the creditor selects and hires the arbitrator. A loss on the consumer side may result in the consumer paying those arbitrator fees.
All of this being said, there are beneficial clauses in the agreement a consumer signs when opening a credit card. The biggest one is that, under the Consumer Credit Protection Act, a consumer is not liable for more than $50 of unauthorized charges. Also, the consumer is not liable for any additional charges that occur after they have reported a card stolen or compromised. As for the fee, many times the issuer will waive the $50, though this is a decision completely owned by them. If the credit card number, but not the card itself, is stolen you are not typically held liable for any unauthorized use.
As you can see, the agreement signed upon issuing a credit card is something that is there to protect both the issuer and the consumer. As for detecting any unauthorized activity, the best thing anyone can do is be vigilant about monitoring your statements, shredding sensitive documents, and being wary of suspicious links or card readers. Some credit issuers have additional services they offer for monitoring your account, however the availability (and cost, or lack of) will vary from creditor to creditor.
September 12th, 2013
Jackie here. We recently discussed using gift cards and prepaid cards as anonymous form of payment, making this scam alert from the IC3 especially relevant. If you use gift cards, be sure to keep your eyes open so you don’t become a victim.
Gift cards are a popular source of fraud, probably due to their anonymous nature. Thieves can make purchases and access funds, all without ever having to reveal their identity. They utilize many different methods to execute this fraud. Let’s take a look at a couple:
Tactic #1- Steal and Return
Gift cards have no value until activated, so they aren’t usually under lock and key at the store. This makes them very easy to steal. Thieves steal the worthless gift cards, record card numbers and PINs, and then return the cards to the shelves at the store. These cards then wait for an unsuspecting buyer to purchase them and activate the funds. As soon as the card is activated, the thief uses the balance to make their own purchases online.
Tactic #2- Duplicate UPCs
In this gift card tampering method a thief will create multiple identical UPC barcodes for a gift card. These UPCs will be applied to cards at the store over the card’s existing code. When someone purchases a card, the UPC sticker is scanned and the balance added is put directly onto the card with the matching UPC, which is owned by the fraudster. They keep track of the balance, and as soon as it increases they spend it, often before the fraud is noticed by the consumer.
Tactic #3- Stolen Merchandise for Cards
Thieves don’t just tamper with gift cards on display; they also use them as part of other fraudulent schemes. For example, a fraudster might steal merchandise from a store and return it in exchange for store credit. They then use these gift cards as a trade to purchase drugs, other gift cards, or sell them for cash.
Tactic #4- Buying a Card for Sale
People that don’t want a gift card they’ve received often attempt to sell it. This gift card scam preys upon those with gift cards for sale. The thief will contact the seller and act interested in the card. They will request that a three way call be made to the retailer to ‘verify’ the balance amount. The seller calls the merchant with the fraudster on the line and enters in gift card information. The fraudster will then use special software to obtain the card number and PIN, which they then sell online.
Be careful with your gift cards so you don’t fall victim to one of these scams. Check out the full fraud alert from the IC3 here (second alert on the page).
September 9th, 2013
Tamara here, AllClear ID Investigator. Identity theft is a growing problem, and many financial institutions already have measures in place to detect, prevent, and address the issue. Yet, there are still a few that don’t, or the existing measures are out of date and ineffective. However, new regulations are aimed at helping solve this issue.
The Fair Credit Reporting Act requires The Securities and Exchange Commission and Commodity Futures Trading Commission to create guidelines for financial institutions regulated by the SEC to help fight identity theft. In April, the SEC and Commodity Futures Trading Commission published those regulations. The regulations went into effect May 20th, and the institutions must comply with the new regulations by November 20th.
How will these new regulations help fight id theft? Let’s say someone has some of your personal information. They go online, apply for a credit card, but use an address other than yours. When the creditor pulls your creditor report, do they notice the address is different? And, if they do, do they take further steps to verify your identity? Most likely, some of them do, while others do not.
Developing these regulations will help educate people working with financial institutions about id theft, and should help prevent id theft as well. A financial institution or creditor that maintains or offers one or more accounts that are used for personal, family, or household purposes is subject to the regulations. They require institutions to create “red flag programs” to help safeguard against id theft. It will take time to see if the programs actually do catch incidents of id theft, but they appear to be a step in the right direction.
September 6th, 2013
Jenna here. ID theft can be a complicated topic to understand, even for those who have many resources and lots of information at their disposal. Every day, our Investigations Team receives questions from our customers relating to ID theft and how to resolve it successfully. Throughout this process, we have come to realize that there are many misconceptions about ID theft and potential warning signs, so we decided to shed some light on many of the common misconceptions that our Investigators encounter.
Myth #1: Simply receiving spam texts or emails puts me at risk-many customers call in with concerns about the amount of spam or phishing texts/emails they receive. A common worry is that the simple fact that you receive these emails or texts puts you at risk for ID theft. However, this is not the case. If you receive one of these emails or texts, but do not open them, reply, provide any personal info, or click on any links in the messages, you are most likely safe. Most of the time, scammers send out mass emails or texts in an attempt to garner information from unsuspecting people; receiving a text or email does not mean your identity has been compromised in any way.
Myth #2: Credit reporting agencies only ask about things that are actually on your credit report-Before you are able to access your credit report, one of the three agencies (Equifax, Experian, TransUnion) asks security questions to verify that you are the rightful owner of that report. A security question may ask about recent activity on your report, such as a mortgage application, or a former address. However, these questions may be designed to “trick” unauthorized people—there may be no previous address or mortgage application at all. There is a “none of the above” or similar option available as an answer, and if you are certain there is no such activity or address, don’t hesitate to choose this option.
Myth #3: Receiving mail addressed to someone else means my identity has been compromised- a reoccurring concern among many of our customers relates to receiving mail or calls addressed to someone else. This often causes people to wonder if they are victims of ID theft, and if someone is using their address under a different name. More often than not, however, this practice is the result of skiptracing, a technique used by companies to find a current address or number for a person using public records. If you are truly concerned about the calls or mail you are receiving, it is a good idea to pull a free copy of your credit report to check for any signs of ID theft or fraud.
August 16th, 2013
Jackie here. On a recent trip to the grocery store I pulled out my credit card to pay for groceries, only to have it declined. It was quite embarrassing. Luckily, I had another card on hand and was able to make my purchase. I left the store and immediately called the bank to see what was happening. They told me a fraud alert had been placed on my card. After I answered a few questions, the hold was removed and my card was back in working order. But, a question remained: what triggers a fraud alert on your credit card?
Potential Triggers for a Credit Card Freeze
Credit card companies want to minimize fraud and reduce the amount lost if a credit card is stolen. They have developed complex processes to identify potentially compromised cards. While many factors can lead to a freeze on your card, there are a few red flags that card companies may be watching out for. Check out a couple of interesting articles on the topic here and here.
Gas Station Purchases
I buy gas with my credit card all of the time, but surprisingly this can be a trigger for a fraud alert on your card. Thieves often test cards to see if they are working by making a small purchase or by filling up at a gas station. Gas stations are a great place to make a test purchase since you can usually pay at the pump without ever having to show id or even talk with an employee. If buying gas always resulted in a fraud alert, no one would use their cards to fill up; alerts are more likely when getting gas in a different part of town or in a different city than usual.
Shopping in a Fraud Prone Area
Making purchases in a known fraud area can be another red flag for your credit card company, especially if the purchases are for large dollar amounts or on merchandise that is easily resold (think electronics, gold, jewelry, etc.).
Using the Card to Get Cash
Getting cash with a credit card (or buying gift cards and other similar items) can be a potential sign of fraud to your bank. ID thieves are often after financial gain, and taking out cash directly eliminates the need for them to use the stolen card to buy items, and then resell those items for cash.
If your card is being used to make purchases across the country or around the globe, it might be flagged for fraud. This often leads to vacationers or frequent business travelers getting the unfortunate surprise of a card that won’t work. To eliminate this flag for legitimate transactions, call your bank and let them know the dates and location of your vacation before you leave.
Changes in Purchasing Patterns
Most people are pretty consistent in their spending habits. They shop in the same areas, buy the same type of things, etc. Changes to this pattern can trigger a fraud alert. Since your credit card company has an extensive history of your purchasing habits, they know the type of things that you are likely (or not likely) to buy.
Fraud holds on legitimate transactions might be irritating, especially when there is a fairly long list of triggers banks use to detect fraud. However, these fraud holds are often the first warning sign of id theft and credit card fraud that many consumers receive.
August 15th, 2013
Aaron here, AllClear ID Investigator. After major disasters, it is very common for scammers to act as charitable organizations, hoping to gain money or personal information from unsuspecting donors or victims to commit id theft. Scammers running fake charities will use the email or telephone to get in touch with people to ask for money. These criminals will even go so far as to contact disaster victims and say they are affiliated with the Internal Revenue Service and will aid the victims to file fatality loss claims and get a refund on their taxes.
In addition, some scammers set up fake websites or disaster funds. This took place a short time ago during the Hurricane Sandy disaster. As a result, Attorney General Buddy Caldwell urgedLouisiana residents to prepare for the 2013 hurricane season (which began June 1), and to watch out for related scams. Caldwell stated, “As hurricane season quickly approaches, I encourage all Louisiana citizens to prepare now for the possibility of a storm…unfortunately, hurricane season is also a time in which unscrupulous con-artists try to capitalize on your misfortune.”
The Internal Revenue Service warns that this type of scam could be very common in 2013. Anyone who has been a victim of a natural disaster or wants to donate to charity to watch for scammers by following these tips:
- If you would like to donate to disaster victims, only donate to well known charities.
- Be cautious of charities that appear similar to well-known charities-scammers often impersonate well-known organizations. You can find reputable organizations by visiting IRS.gov and using the search feature, Exempt Organizations Select Check, this tool allows individuals to find recognized charities to which donations can be tax-deductable.
- Never provide personal information, such as your banking passwords, credit card info, or Social Security number over email. Reputable charities will have a secure system that you can use to donate.
- Never give or send cash. Always use either a check or a credit card
Call the IRS toll-free disaster assistance telephone number (1-866-562-5227) if you are a disaster victim with specific questions about tax relief or disaster related tax issues.
August 12th, 2013
Jackie here. We’ve been talking a lot about “Big Data” lately and I have to admit it makes me feel a little paranoid. When I swipe my credit card at the grocery store or make a purchase online I can’t help but wonder what information merchants are collecting and sharing about me. While there is probably no way to fully escape the big data trend, there are some ways to incorporate more anonymous spending into your daily routine, if you are looking to get away from the trend of companies tracking your purchase history. Let’s take a look at some of the benefits of purchasing anonymously.
What Are the Benefits of Purchasing Anonymously?
This article by Forbes provides some interesting insight into the benefits of making anonymous purchases. Check it out if you have the time. Some of the benefits of anonymous purchasing include:
- Avoid Marketing for Purchases- Card companies monitor and record each and every purchase you make. This information is often sold to marketers who may send you targeted advertisements based on your purchasing patterns. By using an anonymous card, you may be able to avoid much of this targeted advertising.
- Keep Information Out of “Big Data’s” Hands- We’ve talked quite a bit about the dangers of sharing too much information. By using an anonymous credit card you limit the information you share with data companies. This may be a helpful way to cut down on the amount of information about you that is available to data brokerage firms and advertisers.
- Avoid Fraud- Many people use anonymous cards to protect their bank accounts from unauthorized purchases and credit card fraud. With a prepaid card, the amount you could potentially lose is limited to the amount on the card, whereas with a bank account you could lose everything. This gets a bit tricky though when you factor in the fraud protections available to you. Regular credit cards and debit cards have limited consumer liability if the card is used fraudulentl. With prepaid cards, the protections are much weaker.
- Don’t Ruin the Surprise- When you share accounts with a spouse or significant other it can be hard to buy gifts. Your partner often knows exactly what you’ve purchased from online records. Anonymous cards can help you buy a surprise that will actually stay a surprise.
Do you use anonymous cards? What are your reasons?
August 7th, 2013
Allison here. When we talk about social media on this blog, it’s usually about the newest scam, or the latest data breach, or tips to stay safe when you’re sharing information online. As many id theft pitfalls as social media may have, it also has traps for the scammers and hackers themselves. Companies are now using social media to stop online payment fraud.
Using Social Media to Fight Fraud
Companies lose $3.5 billion each year to online payment fraud, and various organizations are using different networks to verify identities. Payment system provider Intuit is using LinkedIn to verify the identities of its users, checking to see if they are who they really say they are. Equifax is working with government agencies to use public information to verify that those who are receiving benefits are actually eligible. Essentially, companies are using the very fact that people post a lot of personal information online as a way to catch those who are attempting to defraud companies and organizations.
For now, companies are only using publicly available data, which does include blog posts, Yelp reviews, and online forum comments. They are not adding people as friends or creating profiles to get closer to you or others. Publicly available data includes photo tags, locale check-ins, and your network of friends. It appears social media sites may be the next frontier in the fight against id theft and fraud.
July 30th, 2013
Juan here, AllClear ID Investigator. Gangs and organized crime syndicates are more emboldened than ever to commit ID theft. Like any business, a gang is organized to make money, and id theft is just another way for them to do that. Gangs make money by committing ID theft in a variety of ways, ranging from fraudulent tax filings, stealing Social Security checks and other benefits from the elderly, and of course, by opening lines of credit in your name.
To commit fraud and ID theft, gangs must first get ahold of people’s personal information. Recently, the trend has been to have girlfriends or female gang members get jobs as data entry clerks, administrators, or receptionists. They show up for a couple days of work, copy the information of random people or download it to a flashdrive, then they never show up again. Sometimes, the company may take months to figure out what happened, or they may never know at all.
What About the Victims?
When a victim of ID theft successfully restores their identity, they are cleared of any responsibility to fraudulent charges and debts. Let’s say, for example, that a credit card was opened in your name, $5300 charged, but you were able to prove that you were the victim of fraud and are cleared of all responsibility for repayment. Next, the creditor asuumes reponsibility for the debt, and owes the $5300 charged on the card. At that point, the creditor more than likely has information as to who the suspect is and where they live. It is up to them, however, to decide to contact law enforcement or to pursue the id thief criminally. In many instances, the time and money a creditor must spend to bring charges against the gang or id thief is not worth the amount of money stolen, and creditors simply decide not to press charges or file a criminal complaint.
Even when the crime is a fraudulent tax filing used to commit tax id theft, the chance of being pursued criminally by the IRS for a filing of $500 to $2500 is almost non-existent. “The only thing you can try to do is complete the refund in January, before anyone else can file in your name,” according to Detective Craig Catlin with the North Miami Beach Police Department. Ultimately, many creditors, and even the IRS, often do not have incentives to take any criminal action against id thieves. Gangs are beginning to recognize this, and are using it to their advantage, committing more id theft than ever before.
June 19th, 2013
Allison here. Credit card fraud is the most common form of identity theft, possibly because it is difficult to catch in the act. Fortunately, that might change with iPad point-of-sale system provider Revel Systems, which has created the first ever photo confirmation identity theft protection.
About the System
The new system uses visual verification to check whether the person using the credit card is the person that owns it, and it’s built right into the POS system.“It saves the merchant and end-user. It’s a win-win for both sides,” said Chris Ciabatta, CTO and co-founder of Revel Systems, the company behind this identity theft protection system. Prior to this feature, if a retailer was notified about the use of the stolen credit card, the retailer would often lose the money from the sale, while the id thief would be able to continue using the stolen card. Now, the merchant can protect against the loss while catching the thief in the store, in the act of using a credit card that doesn’t belong to him or her.
“We saw that fraud was happening everywhere, but retailers don’t ask for a driver’s license when you use your credit card,” Ciabatta said. He also said that he had his own credit card stolen, so he wanted to create something that would stop a thief and prevent fraudulent charges for consumers and retailers.
How to use the System
Consumers can be part of this system by registering their photo and credit card at revelution.com. Simply create a profile, or integrate it with Facebook, and you’re in! Now, if a merchant finds someone other than you using your credit card, they can call the police. Also, the merchant can verify that you are the one who should be using your credit card without needing to ask for an ID. Signing up is completely free, and if you aren’t signed up yet, the receipt will encourage you to sign up. Currently, several thousand consumers have uploaded their photos and credit card numbers.
As this is a new system, some concerns do exist. For instance, the system matches your personal information with your credit card number in a database, creating the potential for hackers to gain access. Furthermore, if you loan your credit card to a friend, family member, or babysitter to use on your behalf, it is unclear how the use of this system will affect transactions such as these.
The id theft protection feature has been out for three months, with several thousand merchants across the country using the system. To see a video about the system, click here.
June 3rd, 2013
Jackie here. What does a fraud victim look like? Are they your friends? Your neighbors? Or maybe even yourself? An FTC survey found that almost 11% of US adults purchased fraudulent products in 2011. This means that 25.6 million people were victims of some sort of fraud. The FTC has created a profile that can help you to understand the factors that may increase your likelihood of becoming a fraud victim and give you some ideas to better protect yourself.
Commonly Reported Fraudulent Products
While any product or service could be used to commit fraud, some of the common culprits included weight loss products, prize promotions, unauthorized billing for clubs or internet, and work from home programs. If you are purchasing or looking to purchase an item in these categories, keep your eyes open and be aware of the increased potential for fraud.
Where You Find the Product Matters
How do you learn about new products and services? The FTC found that people who made a purchase after learning about a product from a telemarketer, TV ad, or spam email were three times more likely to become victims of fraud.
Life Events Impact Risk
Negative life events like divorce or the death of someone close to you can also impact your risk. Those that had undergone a serious, negative life event in the two years prior experienced more fraud than those that had not undergone these events.
The FTC also found that people aged 45-54 were the most likely to spend money on a fraudulent product or service.
Potential victims of fraud could be anyone you know. To learn more about ways to protect yourself from fraud check out these great fraud prevention articles on our blog.
February 4th, 2013
Jackie here. It’s official; the 2012 tax season is here! This year the season opens and returns can be submitted starting Jan 30th for most people (some with special circumstances will still need to wait). The most common, and some of the best advice for this time of year, is to file early, ensuring you are the first (and only) person to file under your name.
Last tax season it is estimated that more than $5.2 billion dollars in fraudulent refunds were processed and paid out by the IRS. While tax id theft can usually be resolved and your missing refund issued, it can take time and result in huge delays while your claim is investigated. Filing early will help lower your risk and save you the hassle of a lengthy investigation and delays in getting your refund.
As you file your taxes keep an eye open for potential signs of id theft like multiple returns filed using your social security number, a balance due or collection actions from the IRS or IRS records that indicate an employer that you haven’t worked for.
If something suspicious does come up or if you believe you’ve been a victim of tax related id theft you should contact the IRS Identity Protection Specialized Unit by calling 1-800-908-4490. You can also access more information about id theft on the IRS website here and here.
Now is a great time to start filing your returns and protecting your tax refund from identity thieves. In the meantime you should also check out past posts about tax id theft on the AllClear ID blog.
December 3rd, 2012
Jackie here. Have you heard of a Personal Health Record (PHR)? Basically, it’s a compilation of your medical records, including medical conditions and prescriptions, which you can manage and share with your medical providers. Unlike a traditional medical record, which the doctor is responsible for, the consumer is responsible for the PHR, which can give you more control over your medical history and give you more power in managing your health conditions. While PHRs have many benefits, there are a few important considerations you should understand to protect your medical history and your identity.
PHRs and Your Privacy
PHRs are generally created by a doctor, medical provider or private company, and are then stored in electronic format for easy access. While you have access to all of your information and can decide who to distribute it to as you like, protecting your medical information is a necessary consideration when choosing a PHR. As most are stored in electronic format, PHRs can be vulnerable to hacking and medical identity theft.
When choosing a PHR, carefully read their privacy documentation. PHRs run by health care providers and health plans typically have more stringent privacy regulations than private PHRs since they are governed by HIPAA (Health Insurance Portability and Accountability Act). If a PHR is not covered by HIPAA, your only protections are those listed in the privacy documentation, even if the provider advertises that they are HIPAA compliant. Some PHRs may seek to profit from your health information, so always find out what they plan to do with your records.
The Privacy Rights Clearinghouse has created a list of questions that you should keep in mind as you analyze potential PHRs. Check them out here (the questions start about halfway down the page). If you can’t find a PHR that you are comfortable with, but you still want to have access to your medical information, collect paper copies of your medical records and store them in a secure location yourself.
You can learn more about PHRs by reading this fact sheet from the Privacy Rights Clearinghouse. It was created with California residents in mind, but the information inside generally applies to everyone.
November 27th, 2012
Jackie here.When I was in school I always loved the days that the teacher decided to skip our lessons and show a video instead. So as a special treat for you, I’ve rounded up some of the best id theft videos on YouTube. Sit back, take a break, and enjoy learning more about identity theft.
1. Protect Yourself From Malware by the FTC
We talk a lot about malicious software and how to avoid it here on the blog, but if you’re a visual learner, this video might help reinforce important concepts. This video is very informative and since it’s easy to follow and understand, it might be the perfect way to introduce malware to your children or family members.
2. What to Do After a Data Breach by the Privacy Rights Clearinghouse
After learning I am affected by a breach, its stressful knowing my information has been stolen and I don’t always know the best way to protect myself and my identity. This short video provides step by step tips for protecting yourself after a breach. You’ll learn about credit monitoring, security freezes and the options available. This video is a must watch for anyone that has ever had their information compromised.
3. Keeping Your Kids Safe Online- by Stay Safe Online
Today’s kids are growing up in an entirely different world than we did. They have never known a time without the internet and many spend hours each day online. It is important to start teaching children about online safety and protecting their identities from a young age. This 10 minute video features interviews with parents, teachers and kids about internet safety. If you’ve ever wondered what you need to teach your kids about online safety, this video is for you.
4. Id Theft and Taxes from the IRS
Tax time will be here before we know it. Last year, id theft was a big problem during tax season and we expect that similar problems will arise this year. If you suspect that you’re a victim of id theft or even if you’ve just noticed problems in your credit report, you can work with the IRS to protect your tax refund from thieves. This video explains what you need to do if you are an id theft victim or are at risk for becoming a victim. Act quickly; the sooner you start getting help, the sooner you can resolve your issues.
5. Child Id Theft by AllClear ID
How does child id theft happen? What can you do to protect your child? This video is one we created here at AllClear ID to answer common questions about child id theft. If you have a child, watch this video and find out how to lower their id theft risk.
November 26th, 2012
Jackie here. As you know, credit reports are often one of the first places that signs of identity theft appear. Your credit report can lend a lot of clues about the safety of your identity, from accounts that you didn’t open to balances that appear to be too high. If you check your credit report and everything looks good, you don’t have to worry and you don’t have to do anything. But, what happens if you find an error or a problem? What do you do next?
Under the Fair Credit Reporting Act, you are entitled to dispute errors in your credit reports. This means that should identity theft occur, you have the ability to fix it. Here are some tips for fixing problems in your credit report. Don’t forget: the process might be difficult, but it is vital to dispute any false accounts or claims.
- Dispute with the Credit Bureaus- Many people make the mistake of disputing their errors with the creditor directly, not the credit bureau. Rather than simply contacting the creditor, also get in touch with the credit bureau as they are legally required to investigate your claim. If you have both the creditor and the credit bureau working on the error, you are more likely to get it fixed.
- Compare All Three Credit Reports- Different companies report to different credit bureaus, so your file with TransUnion might not look the same as your file with Experian or Equifax. You are entitled to one free report each year from each of the credit bureaus. You are also entitled to additional reports if you are denied credit based on information in your report, if you’re unemployed and plan on starting a job search, or if your report is inaccurate due to fraud or id theft. Compare all three reports, looking for errors and inaccuracies in each. A problem might be hiding on one report and won’t be visible if you don’t look at all of them.
- Get It In Writing- Rather than calling to report a dispute, send in a written letter. Include copies of any supporting documentation you may have. It is a good idea to create a file where you keep dated copies of all correspondence you send and receive regarding this matter. Once the credit reporting company receives your dispute, they will investigate and you will hear back from them, typically within 30 days. You should also send a written dispute to the creditor. It may be a good idea to pay extra when sending these requests off and get a return receipt so you have proof that the letter was sent and received. Online requests should also be avoided. When disputing errors, stick to the postal mail system.
For more information about disputing errors, check out this fact sheet from the FTC. We’ve also found a great article for you that talks about the 5 biggest mistakes people make when disputing errors.
August 31st, 2012
Jackie here, with AllClear ID. Cyber-scams are always changing and evolving. This makes it very important to stay vigilant and keep your eyes open for potential problems, even if the scam isn’t one listed here. The IC3 (Internet Crime Complaint Center) recently published a list of currently popular scams. Let’s take a look!
Fake Political Surveys
A fake political survey is on the loose and might soon be calling up your phone. The survey asks respondents to answer a few simple questions and then informs them that they have won a prize (a free cruise to the Bahamas). “Winners” receive a web address and are asked to provide their email address and credit card numbers for port fees. This is a scam. Do not provide your credit card number or other personal information.
The IC3 has been receiving complaints about an online phonebook website. This site allows users to post personal information about others including names, unlisted cell phone numbers, email addresses and other information. The website also allows users to make private phone calls to anyone listed on the site and to track others using GPS. Be careful who you share personal information with. You have no control of what others do with your info once they receive it.
Free Credit Services (That Later Charge)
Citadel malware’s new ransomware has been claiming victims across the web. Victims contract the ransomware at a drive-by download site where the program is installed on a user’s computer. Once it is installed the computer freezes and a screen is displayed which indicates that the user has violated federal law. Often, allegations of child pornography are included. The ransomware instructs victims to pay $100 to have their computer unlocked. Even after paying the malware is still operating on victim’s computers stealing banking and other information that can be used to commit id theft.
If you have been a victim of this scheme, report the problem to the IC3 and do not make a payment. We have more information about this scam on our blog. Check out the article here.
Scams are everywhere, but the IC3 has noticed these scams are especially popular right now. Keep your eyes open and don’t become a victim! Learn more about these trending scams from the IC3 here.
August 30th, 2012
Allison here. Do you use Dropbox to store files and information on the cloud? If you do, you’ll be happy to learn that the cloud storage provider has implemented a two-step verification process to make its user accounts more secure. This security boost comes weeks after Dropbox suffered a security breach.
The two-step verification works by requiring an additional step before logging into your account: providing a six-digit code that is sent to your phone via text or accessed through a mobile app. At first, this two-step verification is currently opt-in, so those who want the extra security will need to download the latest version of Dropbox and follow the instructions. However, within the next few days, all Dropbox accounts with have the two-step verification.
This verification takes place anytime you try to log into your account from a new computer or mobile device (logging into your computer, and then logging in on your iPhone will trigger the second verification). Google already has a similar system in place, which works very well. It can be inconvenient to put in a new code, especially if you use multiple computers or mobile devices but the second layer of security means that a hacker who gets a hold of your screen name and password won’t be able to get into your account and wreak havoc.
If you happen to lose your phone and can’t get in, this verification system does have an emergency backup code, once that can be used if you need to log in on a new computer or device, but can’t because you don’t have your phone to get the six-digit code. Using the backup code will disable the two-step verification, so if you get your phone back or get a new phone, Dropbox (and AllClear ID) recommend turning the system back on.
This is a big step for Dropbox users and other data storage providers who want security to be a number one priority. It’s only a matter of time before other large companies follow Google’s and Dropbox’s example to do better when it comes to protecting user accounts.
August 30th, 2012
Jackie here, with AllClear ID. Have you ever thought about the privacy implications behind a parking ticket? I hadn’t either until I stumbled across this article on Wired. A federal appeals court recently reinstated a class action lawsuit against Palatine Village (a Chicago suburb) ruling that putting too much information on a parking ticket is a privacy violation.
The lawsuit started when a motorist with a parking ticket sued. Palatine Village’s parking tickets list the vehicle owners name, address, gender, height, weight and driver’s license number. The driver sued using the Driver’s Privacy Protection Act of 1994, a law that protects DMV records from being openly shared. In addition to personal information being shared on the ticket, personal information is also visible on the exterior of the mailing envelope when the fine is paid by mail.
The court ruling is good news for identity protection. The information found on these parking tickets could potentially provide id thieves with bits of personal data that could be used to access your identity. Driver’s license numbers specifically are on the list of things to protect along with your Social Security number and mother’s maiden name.
Since parking tickets are left on the windshield of the offending vehicle, the information contained in them can be easily accessed by any passerby, including identity thieves.
August 29th, 2012
Jackie here, with AllClear ID. Citadel Malware has been making headlines recently. Until recently, this malware platform was available on the open market for anyone to purchase. This malware platform has been the delivery method for a variety of different viruses and ransomware schemes. The most recent is a type of ransomware known as Reveton.
The Citadel Malware Reveton Ransomware gets victims to head to a drive-by download site where the ransomware is installed on the victim’s computer. Once it is installed, it takes over the computer causing it to freeze and lock up. It displays a warning message that appears to be from the U.S. Justice Department or the FBI. A warning screen indicates that Federal Law has been violated and that the user must pay a fine to the Justice Department to unlock the computer. Once the “fine” has been paid the computer’s actions are tracked which can further lead to id theft, banking fraud and credit card fraud.
What Do You Do If This Happens to You?
If a warning screen appears on your computer, don’t make a payment. Know that your computer is affected and that you should take immediate action. Take your computer to a local computer expert for help removing the virus. Don’t visit banking sites, enter your passwords or make online purchases until the issue is resolved.
Even if you are able to unlock your computer on your own it is recommended that you take your computer to an expert after an attack. Keystroke logging software may be installed to capture user names, passwords and other confidential information.
You should also report the problem to the IC3. This allows law enforcement to obtain the information they need to investigate and prosecute offenders. You can file an online complaint at the IC3.gov. You will need to enter your name, mailing address and telephone number. They will also ask for information on how you believe you contracted the malware if you know.
Learn more about this malware from the IC3 here.
August 28th, 2012
Jackie here, with AllClear ID. We often talk about the importance of choosing strong passwords and keeping your passwords safe once you have chosen them, but no password is entirely secure. Passwords are compromised every day through various means like hacking, social engineering or the simple guess until it cracks method. Besides using your best judgment and common password safety tips, there isn’t much else you can do to keep your password safe– but this may someday change.
The Defense Advanced Research Projects Agency (part of the US Defense Department) hopes to someday eliminate passwords and instead identify computer users by their typing style. Everyone types differently from the amount of time in between keystrokes to the length of time a particular key remains depressed; this could someday lead to a unique way to identify yourself that can’t be compromised as easily as a password. According to a New York Times article, DARPA is planning to provide research money to make this a reality. Several universities are researching this technology including Carnegie Mellon, Pace University and Columbia.
Although everyone has a unique typing style, it can vary from day-to-day. How will computers know it is actually you, and not someone else? In the New York Times article, one researcher makes an analogy to music that really hits this idea home. He compares your core typing style to the core rhythm of a song. You can usually easily identify a popular song even if it is played poorly by an amateur group. This technology will seek to find your typing rhythm which can’t be easily copied.
The USNews reports on this technology in action. This technology verifies users at log in based on their typing style when entering a username and password. This could potentially make stolen passwords useless, since only half of the needed equation would be obtained. The technology isn’t yet perfected; longer passwords can make reproducing typing style difficult, even for the same user. Read more here.
August 27th, 2012
Allison here, with AllClear ID. When you’re at the doctor’s office or a health clinic, you often have to sign a few health information privacy forms. Most of us probably don’t read what they say, and trust our health provider to do the right thing with our information. So, what do all these forms mean? What laws exist to protect our medical records? What happens if your records or your privacy is breached?
Those forms you sign essentially are an acknowledgement notice. By signing them, you acknowledge that you are aware of the privacy practices of your doctor or health provider. These practices are how they implement the Health Insurance Portability and Accountability Act, or HIPAA, the federal law that addresses the security and privacy of health data. It’s important to read these forms the first time you get them, because some forms may actually be a permission form granting your doctor or health provider the ability to share information. You can always request a copy of these forms, or any part of your record, or question how your doctor or health provider will handle your medical information at any time.
HIPAA is the primary law that exists, although states can implement additional laws to increase protections. For example: California law allows patients to sue health providers for privacy violations. This law also covers health care services from providers not typically covered by HIPAA, such as hospices and mobile health care units. This law protects information that concerns health status, provision of health care, or payment of health care that can be linked to an individual, or essentially any part of your medical or payment record.
So in California you can, but what rights do others have in other states if your medical records or privacy is breached?
First of all, you have to determine who disclosed your medical information without your permission. If someone who isn’t a doctor, a hospital, a pharmacy, or someone working with your health plan disclosed your information (like a friend or family member), then HIPAA doesn’t apply. HIPAA also doesn’t protect information that’s disclosed to entities other those listed, such as an online medical forum, or information that’s disclosed as part of a worker’s compensation or disability insurance (even if disclosed by a hospital or doctor).
Second, if your rights have been violated, the most you can do is file a complaint to the privacy officer of the violating entity. All entities under HIPAA are required to have a privacy officer on staff to handle these sorts of requests. If the way the privacy officer handles the situation doesn’t satisfy you, then you can consider complaining to state officials. You can also try and to sue on other grounds, such as breach of contract or malpractice, but you can’t sue based on HIPAA.
Overall, it’s important to read the forms, sign them and to request your records from time to time. Medical identity theft is a growing problem, and it’s important to be aware of what you’re able to and unable to do when it comes to your medical information.
August 25th, 2012
Christopher here, AllClear Investigator. Authorities across the country are reporting a new trend in gang-related activity. It appears that gang members are becoming more and more active in white collar crimes like identity theft. According to the National Gang Intelligence Center’s 2011 National Gang Threat Assessment, “gangs are becoming more involved in white-collar crime, including identity theft, bank fraud, credit card fraud, money laundering, fencing stolen goods, counterfeiting, and mortgage fraud, and are recruiting members who possess those skill sets. Law enforcement officials nationwide indicate that many gangs in their jurisdiction are involved in some type of white-collar crime.”
They say gang members are moving to white collar crime because it’s a low risk, high reward crime. This means that there is a small chance that they will be caught engaging in this type of crime, while at the same time being much more profitable than their standard burglary. According to a report done by Jim DeFede of CBS4 News in Miami, FL, gang members in that area are also becoming heavily involved in IRS and tax fraud, which has plagued the entire state for the last couple of years. DeFede quoted Lt. Luis Almaguer, head of the Miami Dade’s gang unit, as saying “Fact of the matter is there is a lot more money to be gained than slinging crack at the corner… We’re dealing with people who used to make a hundred here or there selling crack on the corner and now they are making thousands of dollars.”
Gang members are using stolen Social Security numbers to do fraudulent electronic tax filings. DeFede also said that CBS4 was allowed to attend a briefing in March with a dozen law enforcement agencies from around the county, and that tax fraud was the most commonly discussed complaint.
Tax fraud and other forms of identity theft are growing, and will continue to grow among members of various gangs around the country because it’s very easy for them to commit the crime without being caught. Even if they do get caught identity theft cases are very hard to prosecute, and a felony charge for identity theft would only get you a maximum of about 3 years in prison. The point is that identity theft, as it compares to other crimes, is still fairly new and the judicial system hasn’t quite caught up to it yet. Until they do, these types of crimes will only continue grow throughout the entire country.
August 24th, 2012
Jackie here, with AllClear ID. We often talk about identity thieves taking identities for financial gain, but that isn’t the only reason an identity might be stolen. An article found on the NY Daily News website explains that sex offenders may also use id theft.
A study from Utica College found that 1-in-6 sex offenders will modify their identity to avoid registering. This can lead to offenders living in residences where they are not approved and hiding from mandatory law enforcement monitoring. Some use aliases, others use different birth dates or Social Security numbers, some steal identities from family members or change their name through marriage. Moving to states where sex offender regulations are less stringent is another common tactic.
Financial identity theft is one of the most common forms of id theft, but it is important to remember that it isn’t the only way identity theft can manifest itself. Others forms of id theft like criminal and medical id theft do happen and can have serious repercussions for the victim, often just as serious (if not more so) than financial id theft. Imagine trying to repair your identity if it was confused with that of a sex offender. It would be an absolute nightmare.
This 2010 story from King5.com, illustrates the problem. Dan Wheeler’s identity was stolen 15 years ago and since that time he has been mistaken for a sex offender multiple times. He has difficulty finding work and passing background checks and has even been arrested.
Protecting yourself from identity theft is an important financial decision, but it doesn’t stop there. Id theft isn’t just an inconvenience or a hassle; it can have real life consequences that can last for years to come.
August 23rd, 2012
Tamara here, AllClear Investigator. As we know, unfortunately, identity theft is a very common occurrence and the number of data breaches are on the rise. But there’s another form of fraud that people may not be so aware about, though it is definitely a trending crime. It’s called identity manipulation.
Identity manipulation is similar to identity theft in that the fraudster applies for credit, utilities, loans, and other types of services, but different in that they do not use someone’s actual identity. What they do is they slightly manipulate the Social Security number, date of birth, or use a fictitious name to obtain these accounts.
A first-of-its-kind study done by ID Analytics reports there are a few different patterns of identity manipulation. It found that over 45 million people deliberately manipulate their identities, including eight million people that are using two or more Social Security numbers, 16 million people that have used multiple dates of birth, and 10 million people who have manipulated their identities by using some of their spouse’s information as their own identity.
Not only to people manipulate their identity to gain credit, it is also found that it occurs as someone who wants to hide their bad credit history, get medical treatment, obtain employment, have access to government services and benefits, or to hide under an alias as they are a sex offender or a criminal.
Once opened or obtained, the account or service may match up and then report to the actual person’s identity (the victim) with the Social Security number, date of birth, or name. The victim then finds themselves with bad credit, unable to obtain utilities or government services, or have their medical records affected. And the time, money, and effort that it takes to resolve the fraud are staggering at times.
To ensure that you have not been affected by this crime, review your credit reports (each person is entitled to one free credit report from each of the three bureaus every twelve months here at www.annualcreditreport.com or by calling 877-322-8228), verify your wage statements from the Social Security association, and review your medical records. One can also have a background check done through Self Check. This is beneficial for employment eligibility status and is part of E-Verify, a Department of Homeland Security program administered by U.S. Citizenship and Immigration Services in partnership with the Social Security Administration.
If you find anything suspicious on those reports, call AllClear ID and we will help you clear your identity. The customer support hours are Monday through Saturday, 8:00 a.m. – 8:00 p.m. CST and can be reached by calling (855) 434-8077.
August 22nd, 2012
Jackie here, with AllClear ID. Identity theft can easily cost its victims thousands of dollars, not to mention countless hours spent resolving the damage. You might be surprised to learn however that victims aren’t the only ones paying for id theft. Every American taxpayer is on the hook for the billions of dollars stolen from the IRS in tax related id theft. A recent USNews article indicates that the IRS may have issued more than $5 billion in fraudulent tax return checks in 2011. Over the next five years another $21 billion could make its way out of the treasury and into the pockets of identity thieves. At a time of huge budget deficits and a struggling economy, this trend is extremely troubling.
The IRS has stepped up their fraud detection efforts and did find – and stop – many fraudulent returns from being processed this year, but many others slipped through the cracks. It is estimated that 1.5 million fraudulent returns were filed and not detected.
Hopefully improved IRS security will curb the number of fraudulent returns filed in the coming years and will keep that $21 billion loss from becoming a reality. New measures are planned including id theft screening filters, holds on refunds until questionable identities are verified and a system that flags Social Security numbers for deceased taxpayers.
August 21st, 2012
AllClear Investigator George found that as discussed in our recent story, medical identity theft is what it is called when an individual uses the name or insurance information of someone else to get treatment, prescriptions or even surgery. The financial medical identity theft happens when an individual uses a patient’s information to submit fraudulent bills or claims to insurance companies. This occurs far more frequently than the industry would like to admit. Healthcare is no different than any other industry. Information is valuable to identity thieves, from individuals just trying to steal, to professional fraudsters, to information traffickers on the black market. Information is money and attracts those who seek to exploit it.
In 2006, between 250,000 and 500,000 American medical identities were stolen. In 2010, the Coalition Against Insurance Fraud reported that this number had jumped to over 1.4 million Americans. Attorney General Eric Holder and Department of Health and Human Services Secretary Kathleen Sebelius released a report showing that the government’s health care fraud prevention and enforcement efforts recovered nearly $4.1 billion in taxpayer dollars in fiscal year 2011. This is the highest annual amount ever recovered from individuals and companies who attempted to defraud seniors and taxpayers or who sought payments to which they were not entitled.
Emergency departments are obligated to provide treatment in most emergency cases. The presence of law enforcement officials in emergency rooms may compel certain patients to commit medical identity theft to avoid potential arrest for other unrelated crimes. A healthcare consumer whose medical identity is linked with another individual’s medical information could encounter life threatening experiences as a result of receiving inappropriate medications or treatment.
Who the Victims Are
Medical identity theft, just like other forms of fraud, produces multiple victims. The victims can include the person whose identity was used. Consumers may suffer financial consequences when healthcare services provided to the fraudulent individual are billed to the medical identity theft victim or the victim’s insurance company.
At the organizational level– legal, financial, and public image risks occur. If unaware or if perpetrated by a knowledgeable insider, the financial damage could go unnoticed for a while and add up to very large amounts. Often times it can be an insiders who have legitimate or authorized access to the very system or data that is being compromised, making it very difficult to detect. The associated frustration and emotional impact of having to deal with cleaning up one’s credit is never pleasant or insignificant.
Other victims include the insurance companies who end up paying for these false claims, the healthcare provider, the physician or a large health system, which has to deal with the investigation costs or reputation costs, if the identity thief involved in the fraud is an employee.
The Warning Signs
If you think you are a victim of medical identity theft, the faster you can act to minimize the damage is essential. There are several warming signs that your medical records have been stolen: You start to receive many calls from debt collectors; You have unfamiliar collections on your credit reports; You have unexpected and unusual medical bills; Your legitimate claims are denied due to maxed out insurance coverage limits; Healthcare is denied to you for unfamiliar medical condition.
How to Respond
Tell debt collectors you are a fraud victim. Obtain the collection company name, contact information, the debt amount, creditor name, contact information, account billing number and the dates of the unpaid charges. Use this information to complete an Identity Theft Affidavit which can be printed off of the FTC website. Contact your medical provider’s billing office and request an investigation into the unusual charges or coverage denials.
Get a list of all the medical benefits paid in your name and challenge any inconsistencies found. File a police report. Send copies of the report to your health plan’s fraud department, your healthcare provider and all three credit reporting agencies. Keep in mind that medical identity theft is often tied to personal identity theft. Get copies of your credit report from Equifax, Experian and TransUnion and challenge any unusual discrepancies.
Place a fraud alert on your credit report with the credit bureaus. If the identity theft is severe, consider placing a freeze on your credit report. If you or creditors need access to your credit reports regularly, consider AllClear ID credit monitoring service. With triple credit bureau monitoring through AllClear ID, you will be alerted to any activity on your credit reports within 24 hours whether it is a credit check for new credit or a collection debt being reported.
August 20th, 2012
Allison here, with AllClear ID. We’ve talked a lot about mobile phone security and ways to keep your personal data and your apps safe. But, there’s an increasingly popular aspect of mobile phones that we haven’t discussed yet, but are also worrying consumers when it comes to security: mobile payments and mobile wallets.
This is different from making a purchase on eBay on your cell phone. Mobiles payments and mobile wallets involve using a program like Google Wallet, Square, or Dwolla to make a payment with your smartphone. It turns your smartphone into your wallet or credit card, as your smartphone can store this information in an app or on a chip. This has a very different sent of security issues that are separate from hacking into wireless networks and not using good passwords on your financial accounts.
How Do Mobile Payments Work?
Since the technology is so new, there isn’t yet one way mobile payments work, which is part of the reason why security is so blurred and mainstream adoption hasn’t happened yet. There are a variety of ways to do it, such as:
- Paying with a smartphone equipped with a special chip (Google Wallet)
- A credit card number stored in an app (GoPago, Square)
- A small device that attaches to the phone or tablet to act as a credit card processor (Intuit, Paypal Here)
With the first two options, the mobile payments work by utilizing near-field technology, so retailers need a special point-of-sale system in order to take a mobile payment. It doesn’t require putting in a PIN, but simply requires a scan of a bar code in the app or mobile wallet program. Some consumers may not like having to hand over their phone to the cashier. Some worry about what these mobile payment companies do with all these credit card numbers–which is the biggest security concern.
Mobile Payments and Security Concerns
When it comes to mobile payment providers and retailers, consumers wonder what they do with this data. Is it encrypted? What happens if I lose my phone (with Google Wallet, if the phone is lost or stolen, you can disable the program through a laptop or tablet)? Retailers and mobile payment providers are still remedying these issues. Some have argued that consumers will be even more guarded with their phones with the implementation of mobile payments and mobile wallets, as the smartphone becomes another form of money that people don’t want to lose. How well are these issues addressed? It’s tough to say since the practice isn’t ubiquitous and many are still using traditional payment methods. However, previous mobile phone security “best practices” still apply.