May 18th, 2015
Jackie here. These days, it may seem like almost any bit of personal information about you can be used by fraudsters to commit ID theft. While methods are evolving, there are some standard pieces of information that make it much easier to pose as another person. Let’s take a look at what information thieves need to capitalize on your identity.
You use it all the time. It’s on your name tag at work, proudly displayed across your social accounts, and something you share with the doctors, repair people, and even strangers at the grocery store. Your name is a big key to your identity. That doesn’t mean you should start keeping it a secret, though. Your name might be one key to your identity, but typically it must be paired with other information for ID theft to occur. What’s more, in some instances, ID thieves don’t use your real name at all, but instead pair other pieces of your identifying information with a different name.
Your Social Security Number
Who have you shared your SSN with lately? You might not openly tell this number to friends and family, but odds are you’ve given it to doctors, utility companies, and others more times than you realize over the years.
Your address isn’t typically a secret (friends, family, and neighbors all know it), but it is an important part of your identity. With a name and an address, thieves can often access accounts, sometimes even sensitive ones. Your address can also be used to redirect mail, giving identity thieves a treasure trove of personal information. While you can’t keep your address a complete secret, you can take steps to better protect it. Don’t share it openly on sites like Facebook or Twitter. LexisNexis found that a surprising 20% of consumers admit to sharing their addresses on social media.
Your Date of Birth
If your PIN for your bank account is the year of your birth, change it immediately. Every combination of 19XX make up the top 20% of most common PIN numbers. Your birthdate can also be the final piece of identifying information to unlock various accounts.
These four keys to your identity are things we share daily. In fact, the only thing on this list that you don’t share often is your SSN. Do your best to protect your information, but know that it is out there. Watch closely for the signs of ID theft so you can catch it quickly if it does occur.
February 5th, 2014
Chris here, AllClear ID Investigator. The Bureau of Justice Statistics released its 2012 Victims of Identity Theft report, and there were some alarming statistics that came to light. The report states that 16.6 million people in the U.S. were victims of some form of identity theft in 2012. That’s about 7% of the U.S. population, age 16 or older. In total, these victims suffered $24.7 billion in direct and indirect losses. Compare that to the fact that all burglary, motor vehicle theft, and petty theft combined in 2012 only resulted in around $14 billion in losses.
According the report, the most common form of identity theft in 2012 was misuse of existing accounts such as bank and credit card information–this type of ID theft made up about 85% of all complaints in 2012. The number of complaints from people who had their personal information misused for things like opening new accounts, getting medical care, a job, or government benefits was much lower, totaling about 8% of the reported crimes.
While the number of cases involving misuse of personal information is much lower than that of existing account information, the report indicates that the financial and emotional toll that theft of personal information takes on individuals is far greater. The average total out of pocket loss reported by people who were victims of existing account fraud was $1,565. While that’s not a small amount of money, compare that to the $34,352 average loss reported by individuals who had their personal information used for things like obtaining medical care or government benefits.
There was also a significant difference in the reported emotional toll that each type of identity takes on its victims. Of individuals that reported misuse of an existing account, only 0.9% reported significant work or school related problems resulting from the theft, and another 2.9% reported significant family or friend relationship problems. Those percentages make a significant jump among people who reported having their personal information used to open new accounts. 6.1% of new account fraud of victims reported significant work or school related problems, and another 10.1% reported significant family or friend relationship problems.
Those numbers just go to show that identity theft is a serious problem that is continuing to grow in the U.S. This is precisely the reason that AllClear ID strives to make a difference in this industry. The main goal of every one of our investigators is to significantly lower or erase the emotional and financial tolls that identity theft takes on those affected while clearing their identity. If you suspect you are a victim of ID theft, don’t hesitate to reach out to one of us.
If you’re interested in reading more about these stats the full 2012 Victims of Identity Theft Report can be found here.
September 11th, 2013
Jackie here. What do you do if you notice fraudulent accounts on your credit report? One of the first steps is to work with companies to get these false accounts removed. It sounds easy, but in practice can be quite complicated. Who do you call? What do you say? Here are some tips for dealing with companies after ID theft.
Call the Fraud Department
If you notice a fraudulent charge or account, don’t waste your time with customer service. A company’s fraud department will be much more adept at addressing your concerns. If you don’t have the number to the fraud department, contact customer service and ask for it.
Ask to Have Accounts Immediately Closed
After reporting the fraudulent account to the company in question, ask them to immediately close or freeze the account. Request a closure letter from the company detailing any actions taken. It is a good idea to keep a record of who you talked to, when you called, and roughly what was agreed upon in addition to requesting a closure letter.
Send Dispute in Writing
You’ll need to provide your dispute of the account or specific charges in writing. Along with your written dispute, send an Identity Theft Affidavit.
Obtain Needed Documents
As an ID theft victim, you are entitled to obtain copies of transaction records relating to the theft. This includes credit applications. You may choose to authorize law enforcement to obtain these for you directly. If you authorize law enforcement, no subpoena is necessary for them to obtain needed records.
Dealing with companies after ID theft can be a long, complicated process. But, these tips will help make it a little easier to navigate the complex process. For more information, check out this report from the FTC.
August 7th, 2013
Allison here. When we talk about social media on this blog, it’s usually about the newest scam, or the latest data breach, or tips to stay safe when you’re sharing information online. As many id theft pitfalls as social media may have, it also has traps for the scammers and hackers themselves. Companies are now using social media to stop online payment fraud.
Using Social Media to Fight Fraud
Companies lose $3.5 billion each year to online payment fraud, and various organizations are using different networks to verify identities. Payment system provider Intuit is using LinkedIn to verify the identities of its users, checking to see if they are who they really say they are. Equifax is working with government agencies to use public information to verify that those who are receiving benefits are actually eligible. Essentially, companies are using the very fact that people post a lot of personal information online as a way to catch those who are attempting to defraud companies and organizations.
For now, companies are only using publicly available data, which does include blog posts, Yelp reviews, and online forum comments. They are not adding people as friends or creating profiles to get closer to you or others. Publicly available data includes photo tags, locale check-ins, and your network of friends. It appears social media sites may be the next frontier in the fight against id theft and fraud.
July 30th, 2013
Juan here, AllClear ID Investigator. Gangs and organized crime syndicates are more emboldened than ever to commit ID theft. Like any business, a gang is organized to make money, and id theft is just another way for them to do that. Gangs make money by committing ID theft in a variety of ways, ranging from fraudulent tax filings, stealing Social Security checks and other benefits from the elderly, and of course, by opening lines of credit in your name.
To commit fraud and ID theft, gangs must first get ahold of people’s personal information. Recently, the trend has been to have girlfriends or female gang members get jobs as data entry clerks, administrators, or receptionists. They show up for a couple days of work, copy the information of random people or download it to a flashdrive, then they never show up again. Sometimes, the company may take months to figure out what happened, or they may never know at all.
What About the Victims?
When a victim of ID theft successfully restores their identity, they are cleared of any responsibility to fraudulent charges and debts. Let’s say, for example, that a credit card was opened in your name, $5300 charged, but you were able to prove that you were the victim of fraud and are cleared of all responsibility for repayment. Next, the creditor asuumes reponsibility for the debt, and owes the $5300 charged on the card. At that point, the creditor more than likely has information as to who the suspect is and where they live. It is up to them, however, to decide to contact law enforcement or to pursue the id thief criminally. In many instances, the time and money a creditor must spend to bring charges against the gang or id thief is not worth the amount of money stolen, and creditors simply decide not to press charges or file a criminal complaint.
Even when the crime is a fraudulent tax filing used to commit tax id theft, the chance of being pursued criminally by the IRS for a filing of $500 to $2500 is almost non-existent. “The only thing you can try to do is complete the refund in January, before anyone else can file in your name,” according to Detective Craig Catlin with the North Miami Beach Police Department. Ultimately, many creditors, and even the IRS, often do not have incentives to take any criminal action against id thieves. Gangs are beginning to recognize this, and are using it to their advantage, committing more id theft than ever before.
June 19th, 2013
Allison here. Credit card fraud is the most common form of identity theft, possibly because it is difficult to catch in the act. Fortunately, that might change with iPad point-of-sale system provider Revel Systems, which has created the first ever photo confirmation identity theft protection.
About the System
The new system uses visual verification to check whether the person using the credit card is the person that owns it, and it’s built right into the POS system.“It saves the merchant and end-user. It’s a win-win for both sides,” said Chris Ciabatta, CTO and co-founder of Revel Systems, the company behind this identity theft protection system. Prior to this feature, if a retailer was notified about the use of the stolen credit card, the retailer would often lose the money from the sale, while the id thief would be able to continue using the stolen card. Now, the merchant can protect against the loss while catching the thief in the store, in the act of using a credit card that doesn’t belong to him or her.
“We saw that fraud was happening everywhere, but retailers don’t ask for a driver’s license when you use your credit card,” Ciabatta said. He also said that he had his own credit card stolen, so he wanted to create something that would stop a thief and prevent fraudulent charges for consumers and retailers.
How to use the System
Consumers can be part of this system by registering their photo and credit card at revelution.com. Simply create a profile, or integrate it with Facebook, and you’re in! Now, if a merchant finds someone other than you using your credit card, they can call the police. Also, the merchant can verify that you are the one who should be using your credit card without needing to ask for an ID. Signing up is completely free, and if you aren’t signed up yet, the receipt will encourage you to sign up. Currently, several thousand consumers have uploaded their photos and credit card numbers.
As this is a new system, some concerns do exist. For instance, the system matches your personal information with your credit card number in a database, creating the potential for hackers to gain access. Furthermore, if you loan your credit card to a friend, family member, or babysitter to use on your behalf, it is unclear how the use of this system will affect transactions such as these.
The id theft protection feature has been out for three months, with several thousand merchants across the country using the system. To see a video about the system, click here.
June 7th, 2013
Chris here, with AllClear ID Investigations. Illinois is set to become the fourth state to issue driver’s licenses to undocumented immigrants, joining New Mexico, Utah, and Washington State. The new law will allow an estimated 250,000 immigrants residing in the state to apply for a three year temporary driver’s license, and should take effect in October of this year. While this recent measure seems to have several positive implications for the state, such as being able to document the previously undocumented immigrants, required training and testing of immigrant drivers, and requiring all immigrant drivers to have insurance, others are concerned that the law will be abused and result in higher fraud rates.
Concerns about the Bill
Opponents of the new law have cited hundreds of cases of fraud that have already occurred in the other three states that have enacted similar laws. A recent article written by Regina Garcia Cano cites an Associated Press investigation that looked into immigrant driver’s license fraud in New Mexico. The report suggested that “immigrants tried to game the system to obtain a license. In one instance, 48 foreign-born individuals claimed to live at a smoke shop in Albuquerque to fulfill a state residency condition.” Regina goes on to write, “Authorities also busted a fraud ring last year that forged documents for illegal immigrants to use after driving from as far as Illinois and North Carolina to obtain a New Mexico license.”
One of the main things causing concern about the law is the fact that Illinois will not require fingerprints in order to obtain one of the new driver’s licenses, raising concerns identity fraud assoicated with immigrants obtaining fraudulent licenses. The state will, however, require that all photos from the licenses be run through the state’s facial recognition software, and the Illinois Secretary of State’s Office has assured the public that the facial recognition software is highly sophisticated and accurate. Henry Haupt, a spokesman for the offices said, “The integrity of our driver’s license system is a priority.” Utah also did not require fingerprints for immigrant licenses under its original law, but in 2011 amended it so that fingerprints now are required.
While the law’s affect on fraud rates in the state remain to be seen, the bill’s sponsor, Rep. Edward Acevedo, said “state roads will be safer because undocumented immigrants will receive training and be tested before obtaining a license. They also will be required to purchase insurance, an aspect that would save millions for currently insured drivers.”
May 15th, 2013
Juan here, AllClear ID Investigations. A major problem for many consumers over the years has been a lost or stolen W-2 form, as it contains not only personal information such as name and address, but also a complete Social Security number. It seems the IRS has taken notice of this problem, and now has a functional solution.
The idea is to allow certain businesses and organizations to provide individual tax filers with statements showing a “truncated taxpayer identification number” – or TTIN. While traditional W-2 forms will still be used, and will still contain a full SSN, employers will be able to provide statements related to income, annuities, and other financial matters using a TTIN, and not the full SSN.
The proposed changes would only affect filers of certain information returns. The TTIN can be used with 1099, 1098, and 5498 forms. It cannot be used with 1098-C forms.
The truncated taxpayer identification system began to be tested several years ago, due to a growing occurence of tax fraud and tax id theft. In an IRS statement, they recognized that the paper payee statements for individuals pose the greatest risk for potential fraud.
Of course, this sort of program does have its critics, and in this case, those are state tax boards. Their concern centers around whether this truncation of the SSN would affect state income tax returns. The IRS, however, concluded that state tax filings would be unaffected, since those filings are mostly done using W-2 forms, which will not be part of the truncation program.
Overall, the truncated taxpayer identification numbers seem to benefit the IRS, who loses money ever year due to fraudulent filings, as well as consumers, who may have a lower risk associated with filing taxes under the new system.
May 13th, 2013
Allison here. Identity theft increased eight percent last year, making 2012 the second highest year for identity theft. Over 12 million people were victims last year, and the average victim spent 165 hours repairing the damage caused by new fraudulent accounts that were opened in his or her name. This doesn’t include the average 58 hours it takes victims to repair the damage done to existing accounts. An infographic from Protectyourbubble.com illustrates more statistics about identity theft.
Some highlights from the infographic below:
• Victims who found out about their identity theft more than six months after the fact incurred costs 4 times higher than the average
• Smartphone owners have a 33% higher rate of identity fraud than that of the general public
• Victims of data breaches are 9.5 times more likely to be a victim of identity fraud
• Households with incomes greater than $150,000 are 7.7% more likely to be victimized
• 25% of people affected by fraud are deceased
April 26th, 2013
Allison here. The Consumer Sentinel Network collects fraud and identity theft complaints from all over the country, including those reported to the Federal Trade Commission and state law enforcement agencies. Over two million complaints were received last year, and a few months ago CSN released their 2012 Databook, a 100-page catalog containing tons of data and details about these complaints. One of these details is the states that received the most complaints per 100,000 people. The 10 worst states for identity theft, ranked by complaints per 100,000 people, are:
5. New York
Not only did Florida top the list again, but it’s apparent that highly populated states topped the list. Hawaii and the Dakotas, three states with small populations, were on the bottom of the list. Identity theft was also the top complaint in 2012 for CSN, followed by debt collection, banks and lenders, and shop-at-home and catalog sales. The most common type of identity theft complaints was government documents or benefits fraud, followed by credit card fraud, phone or utilities fraud, and bank fraud.
February 13th, 2013
Allison here. I’m sure you’ve all probably heard something about the girlfriend hoax involving Notre Dame football player Manti Te’o. If you haven’t, here’s a quick recap: an acquaintance of Manti Te’o created a fake Facebook account for a woman; photos included, and allegedly began an online relationship with Te’o. Now that the story has received national news attention, Diane O’Meara, the woman whose photo was used in the hoax, is claiming identity theft, as her photo was used without her permission. What are O’Meara’s claims for identity theft, and do they stand? Or is this another case of online impersonation?
O’Meara says that her photo was taken from her Facebook profile and used to represent Lennay Kekua, the fake girlfriend, for over a year, despite the fact that O’Meara says she has never spoken or contacted Te’o in any way. Te’o stated that he had no idea Lennay Kekua wasn’t a real person, and only learned of the hoax when he received a phone call from the impersonator claiming the whole thing was made up.
The perpetrator of the hoax, Ronaiah Tuiasosopo, could possibly face identity theft charges. O’Meara did admit that she had given Tuiasosopo a picture of herself in December 2011, but did not know anything about Lennay Kekua or the hoax until reporters uncovered the story and called her.
Is There a Case for Identity Theft?
AllClear ID defines identity fraud as “unauthorized use of another person’s personal information to achieve illicit financial gain” and considers it slightly different from identity theft. We define identity theft as, “a fraud committed or attempted using the identifying information of another person, without authority to do so.” According to this definition, O’Meara is indeed an identity theft victim, even though it was only her photo that was used.
This raises an interesting consideration for identity theft victims. When using many definitions of identity theft, a victim who has a simple photo used without his or her permission fall into the same category as a person who has sensitive financial information stolen. This does not mean, however, that these crimes are viewed the same under the law. While the federal government defines identity theft and identity fraud as “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain,” which doesn’t necessarily require economic motives, almost every state has differing levels of punishments for different types of id theft. This means that, under the law, stealing and using someone else’s photo is usually very different from stealing and using someone else’s financial or personal information, regardless of the definition of identity theft.
February 11th, 2013
Allison here, with AllClear ID. Over the past few months, the discussion around voter registration has mostly been about voter fraud and voter ID cards, not the possibility of identity theft. It’s a valid question, since a voter registration form does have a full date of birth and could have a Social Security number. Louisiana legislators have recognized the potential id theft threat posed by voter registration forms, and have proposed a new law this month that would make it a felony to copy or otherwise reproduce a completed voter registration application.
Even though there hasn’t been a case of identity fraud using voter registration forms in Louisiana, the identity fraud prevention law was proposed as a way to protect the information after the forms are filled out and after a voter registration organization dissolves. Part of the worry stems from cases where people filled out the forms, but there wasn’t a record of the forms being filed by the voter registration organization that collected the forms. This law does not address voter registration fraud or identity theft that could happen from registering through a third party (instead of the government) or through online means, or voter registration scams.
This proposed law does not deal directly with voter fraud, but instead deals with instances in which id thieves use voter registration cards to gain access to personal information. The best way to protect yourself against this type of identity theft is to check the voter registration rules in your state. If you are already a registered voter, then you have nothing to worry about. However, if you have yet to register, or have to re-register, try to do this through the local government instead of through a third party organization or via email or online form. This ensures that you are signing a legitimate form and that the form will go to the right place. If you fill out a form, and do not receive your voter id card in the mail, it is always a good idea to follow up with the agency responsible for processing the voter registration cards.
January 9th, 2013
Allison here, with AllClear ID. We talked about a lot of different cyber threats and identity theft issues this past year, some of them brand new and some of them new twists on old threats. We’d like to continue to keep you informed and protected in 2013, so we want to share a list of a few big cyber threats to watch for in the coming year. Here are four threats poised to increase or to appear on the scene in 2013:
- Monetization of Social Networks – Just over a month ago, Facebook added the “Sponsored Posts” feature to their site, adding to virtual gifts, and the many social media games that already required people to purchase goods or credits with their own money. All of these avenues through which users input sensitive personal and financial information could open up social media as an avenue for cyber criminals to steal that information or to con people into paying for something the user does not want or need. Granted, cyber criminals are already on social media, but the increasing monetization of social networks will only offer more chances for criminals to use fake gift notifications, fake email messages, and malware attacks to steal users’ personal information in 2013.
- Madware and Ransomware Will Continue – We covered both madware and ransomware before, and they aren’t expected to go away in 2013. According to Symantec, madware use has increased over 200% just in this year, and is expected to be most prevalent in Android apps. Ransomware is the newest form of malware that tricks victims into handing money over to the criminals in order to unfreeze their laptops or to clean up a virus. Expect us to cover the latest trends and twists on these topics next year as well.
- Moving to the Cloud – Cybercriminals are going to go where the action is, and action is increasingly moving and taking place on the cloud. Cloud apps like Dropbox and Evernote are already popular, and make prime targets for infecting a huge system or a lot of people at once. An example of this threat is a cloud-based botnet, where criminals build a virtual attack system using cloud computing resources.
- More Mobile Vulnerabilities – No, mobile cyber threats aren’t new, but there are new advancements in mobile technology that could open up doors for criminals. In particular, mobile browsers and mobile wallets, which are expected to increase in use for the next few years, can give thieves access to consumer’s money with the click of a button.
Here is a longer list of threat predictions from BusinessTech. As always, we will keep you updated as new threats arise, so check back in the coming weeks.
December 20th, 2012
Jackie here with Part 3 of our series on common e-commerce scams. We’ve covered some pretty serious scams (like botnets and phishing) in Parts 1 and 2,but we aren’t done yet. This post is the final one in this series; once you’ve finished reading it, you’ll be ready to shop online with confidence knowing the biggest potential threats you face.
E-Commerce Threat #3- Friendly Fraud
Friendly fraud doesn’t sound like much of a threat, but to merchants it can be serious business. It involves legitimate customers that purchase an item or service with their own card and then dispute the charges. The credit card companies will often hold the merchant responsible for the final bill, even when they properly verified the card and the customer actually received the item. While this scam may not affect most consumers, it is always good to be aware of the various scams happening in the e-commerce world.
There are a few things merchants can do to protect themselves from friendly fraud. They include:
- Requiring a Signature Upon Receipt- One way that merchants can protect themselves is to require a signature by the consumer before delivering actual physical goods. Many mail carriers and shipping companies offer this as an option when shipping packages.
- Verify the Security Code- Another way to combat friendly fraud is by requiring consumers to provide the three digit security code found on the back of the credit card. This proves that the consumer actually has possession of the physical card and can be very useful when disputing chargebacks.
- Verbal Signatures- In call center transactions recording a verbal signature before authorizing a purchase can prove that the customer was present and did authorize the charge.
E-Commerce Threat #2- Account Takeover
Imagine discovering that your accounts had been accessed by someone other than yourself. Money was transferred or purchases were authorized, all without your consent. You may not have discovered this was even happening for months because you’ve stopped receiving bank statements and can no longer access your online accounts. This scary scenario is an example of account takeover, or someone else taking control of your financial accounts by adding themselves or changing contact information.
Some of the most common methods thieves employ when engaging in account takeover are to:
- Change the Physical Address for the customer
- Add Themselves as a Registered User
- Change the Email Address on the Account
- Get a Credit or Debit Card Issued in Their Name
- Change the Account Phone Number
- Change the Online Account Password
- Change the PIN on a Card
- Obtain Checks
This form of id theft can be devastating to the financial health of both businesses and consumers. One of the best ways to protect yourself is to keep your personal information safe. Generally thieves gain the initial access to your accounts using your personal information. They may employ tactics like social engineering to gain additional information once they have the first critical pieces. Keep your eyes open for phishing emails and the like since the information thieves garner with them may then be used for account takeover.
E-Commerce Threat #1- Clean Fraud
Clean fraud is a very sophisticated type of online fraud. As businesses develop methods for uncovering and catching id thieves, the thieves continue to get smarter and to develop new strategies so they can continue to profit through id theft. Clean fraud requires thieves that have a lot of personal information and can easily appear as a legitimate customer, even when they are not.
In this type of fraud it may appear that an actual consumer is making the purchase, and these purchases are often automatically making their way through the fraud filters, only to be charged back to businesses when the accounts are ultimately discovered to be fraudulent.
Businesses can protect themselves from this type of fraud by staying involved in the ordering and verification process. It is important for them to carefully analyze each purchase to ensure that it is indeed legitimate. One big warning sign of clean fraud are multiple accounts with the same user id or email address. Another tactic businesses can employ is separating the returning customers from the new ones and holding purchases for a period of time between the order and delivery for new customer.
Being a safe online shopper means being aware of the threats you face online. An informed shopper is a safe shopper and can be one of the worst enemies to an identity thief. For more information check out the scam alert from the IC3 that inspired this post.
December 17th, 2012
Allison here with AllClear ID. As defined by the Department of Justice, identity theft includes, “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” Using this definition, online impersonation can technically be considered identity theft, but is there more to the story? Should there be one kind of penalty for identity theft and another kind of penalty for online impersonation? Let’s take a closer look.
A recent news story talked about a Texas woman who started to receive phone calls of a sexual nature from unknown men. When she finally asked one how he got her number, he replied that he saw it in an ad on Craigslist. As it turns out, the ad was posted by the girlfriend of her ex-husband, who claimed she posted the ad as a “joke” when she was confronted about it. The girlfriend was ultimately charged with online impersonation, but many people may think this was an act of identity theft as well.
Texas law defines online impersonation as “creat[ing] a webpage or send[ing] an email or an instant message on the Internet using the name or domain name of another person with the intent to harm, defraud, intimidate or threaten another person or persons.” The way the law is phrased outlines a key difference between identity theft and online impersonation: identity theft is meant to benefit the thief, while online impersonation is meant to harm someone other than the impersonator.
Furthermore, identity theft typically involves stealing very specific personal information, like a social security number or a credit card number. It often involves much more than using the name or telephone number of another, and usually necessitates some credit report cleanup on the part of the victim.
While these distinctions do not make either identity theft or online impersonation easier to deal with, there is one more distinct difference between the two crimes: the ability of consumers to take proactive measures to protect themselves. With identity theft, there are a variety of measures someone can take to secure their personal information and to prevent it from ending up in the wrong hands. We’ve talked about many of these before. Online impersonation is much more difficult to safeguard against, since theoretically all someone needs is a name and possibly a phone number to impersonate another person over the internet. Both identity theft and online impersonation can have serious consequences for the victims, and should therefore be criminalized under the law. However, the aftermath of identity theft is often much more far-reaching than that of online impersonation, which raises the question as to whether the two crimes should require different penalties for perpetrators.
December 4th, 2012
Allison here with AllClear ID. While there are many ways you can become a victim of identity theft, you can be proactive about protecting yourself in a lot of those instances. However, if a company you did business with was to suffer a data breach, and your personal information was put at risk or was stolen, there isn’t much you can do. In fact, in some states, data breach laws do not require a company to notify consumers of the breach, so you may not even be aware that your personal information is compromised.
The healthcare industry is required to notify all affected patients if a data breach takes place in a hospital, as patient information is protected under HIPAA. The Gramm-Leach-Bliley Act and the American Recovery and Reinvestment Act require some financial institutions and businesses that provide services to healthcare providers to notify affected consumers as well, but that is the extent of federal regulations. All other industries are regulated by separate laws on a state-by-state basis.
Alabama, Kentucky, New Mexico and South Dakota don’t have any sort of data breach notification law. However, that doesn’t mean those in the other 46 states have much more protection. Some data breach notification laws require businesses to notify residents within the state only. Therefore, if a business you transacted with is based in Montana, but you live in Idaho, that business isn’t required to notify you of the data breach and the possible risk to your personal information.
Although a national data breach law is in the works in Congress, it has not yet been passed. If it were to pass, it would override the laws that are currently in the states, and some worry that the national law won’t be as strong as what some states currently have on the books. Also, some businesses get around these notification laws by storing the data in countries with weaker laws.
Consumers can’t do a whole lot to change these laws, as that is up to members of Congress. They can work to pressure companies to adopt their own policies for data breach notification that will offer more consumer protection. Nevertheless, it is important to learn what the law is in your state and to keep a close eye on credit reports and other personal information.
August 31st, 2012
Jackie here, with AllClear ID. Cyber-scams are always changing and evolving. This makes it very important to stay vigilant and keep your eyes open for potential problems, even if the scam isn’t one listed here. The IC3 (Internet Crime Complaint Center) recently published a list of currently popular scams. Let’s take a look!
Fake Political Surveys
A fake political survey is on the loose and might soon be calling up your phone. The survey asks respondents to answer a few simple questions and then informs them that they have won a prize (a free cruise to the Bahamas). “Winners” receive a web address and are asked to provide their email address and credit card numbers for port fees. This is a scam. Do not provide your credit card number or other personal information.
The IC3 has been receiving complaints about an online phonebook website. This site allows users to post personal information about others including names, unlisted cell phone numbers, email addresses and other information. The website also allows users to make private phone calls to anyone listed on the site and to track others using GPS. Be careful who you share personal information with. You have no control of what others do with your info once they receive it.
Free Credit Services (That Later Charge)
Citadel malware’s new ransomware has been claiming victims across the web. Victims contract the ransomware at a drive-by download site where the program is installed on a user’s computer. Once it is installed the computer freezes and a screen is displayed which indicates that the user has violated federal law. Often, allegations of child pornography are included. The ransomware instructs victims to pay $100 to have their computer unlocked. Even after paying the malware is still operating on victim’s computers stealing banking and other information that can be used to commit id theft.
If you have been a victim of this scheme, report the problem to the IC3 and do not make a payment. We have more information about this scam on our blog. Check out the article here.
Scams are everywhere, but the IC3 has noticed these scams are especially popular right now. Keep your eyes open and don’t become a victim! Learn more about these trending scams from the IC3 here.
August 30th, 2012
Jackie here, with AllClear ID. Have you ever thought about the privacy implications behind a parking ticket? I hadn’t either until I stumbled across this article on Wired. A federal appeals court recently reinstated a class action lawsuit against Palatine Village (a Chicago suburb) ruling that putting too much information on a parking ticket is a privacy violation.
The lawsuit started when a motorist with a parking ticket sued. Palatine Village’s parking tickets list the vehicle owners name, address, gender, height, weight and driver’s license number. The driver sued using the Driver’s Privacy Protection Act of 1994, a law that protects DMV records from being openly shared. In addition to personal information being shared on the ticket, personal information is also visible on the exterior of the mailing envelope when the fine is paid by mail.
The court ruling is good news for identity protection. The information found on these parking tickets could potentially provide id thieves with bits of personal data that could be used to access your identity. Driver’s license numbers specifically are on the list of things to protect along with your Social Security number and mother’s maiden name.
Since parking tickets are left on the windshield of the offending vehicle, the information contained in them can be easily accessed by any passerby, including identity thieves.
August 29th, 2012
Jackie here, with AllClear ID. Citadel Malware has been making headlines recently. Until recently, this malware platform was available on the open market for anyone to purchase. This malware platform has been the delivery method for a variety of different viruses and ransomware schemes. The most recent is a type of ransomware known as Reveton.
The Citadel Malware Reveton Ransomware gets victims to head to a drive-by download site where the ransomware is installed on the victim’s computer. Once it is installed, it takes over the computer causing it to freeze and lock up. It displays a warning message that appears to be from the U.S. Justice Department or the FBI. A warning screen indicates that Federal Law has been violated and that the user must pay a fine to the Justice Department to unlock the computer. Once the “fine” has been paid the computer’s actions are tracked which can further lead to id theft, banking fraud and credit card fraud.
What Do You Do If This Happens to You?
If a warning screen appears on your computer, don’t make a payment. Know that your computer is affected and that you should take immediate action. Take your computer to a local computer expert for help removing the virus. Don’t visit banking sites, enter your passwords or make online purchases until the issue is resolved.
Even if you are able to unlock your computer on your own it is recommended that you take your computer to an expert after an attack. Keystroke logging software may be installed to capture user names, passwords and other confidential information.
You should also report the problem to the IC3. This allows law enforcement to obtain the information they need to investigate and prosecute offenders. You can file an online complaint at the IC3.gov. You will need to enter your name, mailing address and telephone number. They will also ask for information on how you believe you contracted the malware if you know.
Learn more about this malware from the IC3 here.
August 28th, 2012
Jackie here, with AllClear ID. We often talk about the importance of choosing strong passwords and keeping your passwords safe once you have chosen them, but no password is entirely secure. Passwords are compromised every day through various means like hacking, social engineering or the simple guess until it cracks method. Besides using your best judgment and common password safety tips, there isn’t much else you can do to keep your password safe– but this may someday change.
The Defense Advanced Research Projects Agency (part of the US Defense Department) hopes to someday eliminate passwords and instead identify computer users by their typing style. Everyone types differently from the amount of time in between keystrokes to the length of time a particular key remains depressed; this could someday lead to a unique way to identify yourself that can’t be compromised as easily as a password. According to a New York Times article, DARPA is planning to provide research money to make this a reality. Several universities are researching this technology including Carnegie Mellon, Pace University and Columbia.
Although everyone has a unique typing style, it can vary from day-to-day. How will computers know it is actually you, and not someone else? In the New York Times article, one researcher makes an analogy to music that really hits this idea home. He compares your core typing style to the core rhythm of a song. You can usually easily identify a popular song even if it is played poorly by an amateur group. This technology will seek to find your typing rhythm which can’t be easily copied.
The USNews reports on this technology in action. This technology verifies users at log in based on their typing style when entering a username and password. This could potentially make stolen passwords useless, since only half of the needed equation would be obtained. The technology isn’t yet perfected; longer passwords can make reproducing typing style difficult, even for the same user. Read more here.
August 27th, 2012
Allison here, with AllClear ID. When you’re at the doctor’s office or a health clinic, you often have to sign a few health information privacy forms. Most of us probably don’t read what they say, and trust our health provider to do the right thing with our information. So, what do all these forms mean? What laws exist to protect our medical records? What happens if your records or your privacy is breached?
Those forms you sign essentially are an acknowledgement notice. By signing them, you acknowledge that you are aware of the privacy practices of your doctor or health provider. These practices are how they implement the Health Insurance Portability and Accountability Act, or HIPAA, the federal law that addresses the security and privacy of health data. It’s important to read these forms the first time you get them, because some forms may actually be a permission form granting your doctor or health provider the ability to share information. You can always request a copy of these forms, or any part of your record, or question how your doctor or health provider will handle your medical information at any time.
HIPAA is the primary law that exists, although states can implement additional laws to increase protections. For example: California law allows patients to sue health providers for privacy violations. This law also covers health care services from providers not typically covered by HIPAA, such as hospices and mobile health care units. This law protects information that concerns health status, provision of health care, or payment of health care that can be linked to an individual, or essentially any part of your medical or payment record.
So in California you can, but what rights do others have in other states if your medical records or privacy is breached?
First of all, you have to determine who disclosed your medical information without your permission. If someone who isn’t a doctor, a hospital, a pharmacy, or someone working with your health plan disclosed your information (like a friend or family member), then HIPAA doesn’t apply. HIPAA also doesn’t protect information that’s disclosed to entities other those listed, such as an online medical forum, or information that’s disclosed as part of a worker’s compensation or disability insurance (even if disclosed by a hospital or doctor).
Second, if your rights have been violated, the most you can do is file a complaint to the privacy officer of the violating entity. All entities under HIPAA are required to have a privacy officer on staff to handle these sorts of requests. If the way the privacy officer handles the situation doesn’t satisfy you, then you can consider complaining to state officials. You can also try and to sue on other grounds, such as breach of contract or malpractice, but you can’t sue based on HIPAA.
Overall, it’s important to read the forms, sign them and to request your records from time to time. Medical identity theft is a growing problem, and it’s important to be aware of what you’re able to and unable to do when it comes to your medical information.
August 25th, 2012
Christopher here, AllClear Investigator. Authorities across the country are reporting a new trend in gang-related activity. It appears that gang members are becoming more and more active in white collar crimes like identity theft. According to the National Gang Intelligence Center’s 2011 National Gang Threat Assessment, “gangs are becoming more involved in white-collar crime, including identity theft, bank fraud, credit card fraud, money laundering, fencing stolen goods, counterfeiting, and mortgage fraud, and are recruiting members who possess those skill sets. Law enforcement officials nationwide indicate that many gangs in their jurisdiction are involved in some type of white-collar crime.”
They say gang members are moving to white collar crime because it’s a low risk, high reward crime. This means that there is a small chance that they will be caught engaging in this type of crime, while at the same time being much more profitable than their standard burglary. According to a report done by Jim DeFede of CBS4 News in Miami, FL, gang members in that area are also becoming heavily involved in IRS and tax fraud, which has plagued the entire state for the last couple of years. DeFede quoted Lt. Luis Almaguer, head of the Miami Dade’s gang unit, as saying “Fact of the matter is there is a lot more money to be gained than slinging crack at the corner… We’re dealing with people who used to make a hundred here or there selling crack on the corner and now they are making thousands of dollars.”
Gang members are using stolen Social Security numbers to do fraudulent electronic tax filings. DeFede also said that CBS4 was allowed to attend a briefing in March with a dozen law enforcement agencies from around the county, and that tax fraud was the most commonly discussed complaint.
Tax fraud and other forms of identity theft are growing, and will continue to grow among members of various gangs around the country because it’s very easy for them to commit the crime without being caught. Even if they do get caught identity theft cases are very hard to prosecute, and a felony charge for identity theft would only get you a maximum of about 3 years in prison. The point is that identity theft, as it compares to other crimes, is still fairly new and the judicial system hasn’t quite caught up to it yet. Until they do, these types of crimes will only continue grow throughout the entire country.
August 24th, 2012
Jackie here, with AllClear ID. We often talk about identity thieves taking identities for financial gain, but that isn’t the only reason an identity might be stolen. An article found on the NY Daily News website explains that sex offenders may also use id theft.
A study from Utica College found that 1-in-6 sex offenders will modify their identity to avoid registering. This can lead to offenders living in residences where they are not approved and hiding from mandatory law enforcement monitoring. Some use aliases, others use different birth dates or Social Security numbers, some steal identities from family members or change their name through marriage. Moving to states where sex offender regulations are less stringent is another common tactic.
Financial identity theft is one of the most common forms of id theft, but it is important to remember that it isn’t the only way identity theft can manifest itself. Others forms of id theft like criminal and medical id theft do happen and can have serious repercussions for the victim, often just as serious (if not more so) than financial id theft. Imagine trying to repair your identity if it was confused with that of a sex offender. It would be an absolute nightmare.
This 2010 story from King5.com, illustrates the problem. Dan Wheeler’s identity was stolen 15 years ago and since that time he has been mistaken for a sex offender multiple times. He has difficulty finding work and passing background checks and has even been arrested.
Protecting yourself from identity theft is an important financial decision, but it doesn’t stop there. Id theft isn’t just an inconvenience or a hassle; it can have real life consequences that can last for years to come.
August 23rd, 2012
Tamara here, AllClear Investigator. As we know, unfortunately, identity theft is a very common occurrence and the number of data breaches are on the rise. But there’s another form of fraud that people may not be so aware about, though it is definitely a trending crime. It’s called identity manipulation.
Identity manipulation is similar to identity theft in that the fraudster applies for credit, utilities, loans, and other types of services, but different in that they do not use someone’s actual identity. What they do is they slightly manipulate the Social Security number, date of birth, or use a fictitious name to obtain these accounts.
A first-of-its-kind study done by ID Analytics reports there are a few different patterns of identity manipulation. It found that over 45 million people deliberately manipulate their identities, including eight million people that are using two or more Social Security numbers, 16 million people that have used multiple dates of birth, and 10 million people who have manipulated their identities by using some of their spouse’s information as their own identity.
Not only to people manipulate their identity to gain credit, it is also found that it occurs as someone who wants to hide their bad credit history, get medical treatment, obtain employment, have access to government services and benefits, or to hide under an alias as they are a sex offender or a criminal.
Once opened or obtained, the account or service may match up and then report to the actual person’s identity (the victim) with the Social Security number, date of birth, or name. The victim then finds themselves with bad credit, unable to obtain utilities or government services, or have their medical records affected. And the time, money, and effort that it takes to resolve the fraud are staggering at times.
To ensure that you have not been affected by this crime, review your credit reports (each person is entitled to one free credit report from each of the three bureaus every twelve months here at www.annualcreditreport.com or by calling 877-322-8228), verify your wage statements from the Social Security association, and review your medical records. One can also have a background check done through Self Check. This is beneficial for employment eligibility status and is part of E-Verify, a Department of Homeland Security program administered by U.S. Citizenship and Immigration Services in partnership with the Social Security Administration.
If you find anything suspicious on those reports, call AllClear ID and we will help you clear your identity. The customer support hours are Monday through Saturday, 8:00 a.m. – 8:00 p.m. CST and can be reached by calling (855) 434-8077.
August 22nd, 2012
Jackie here, with AllClear ID. Identity theft can easily cost its victims thousands of dollars, not to mention countless hours spent resolving the damage. You might be surprised to learn however that victims aren’t the only ones paying for id theft. Every American taxpayer is on the hook for the billions of dollars stolen from the IRS in tax related id theft. A recent USNews article indicates that the IRS may have issued more than $5 billion in fraudulent tax return checks in 2011. Over the next five years another $21 billion could make its way out of the treasury and into the pockets of identity thieves. At a time of huge budget deficits and a struggling economy, this trend is extremely troubling.
The IRS has stepped up their fraud detection efforts and did find – and stop – many fraudulent returns from being processed this year, but many others slipped through the cracks. It is estimated that 1.5 million fraudulent returns were filed and not detected.
Hopefully improved IRS security will curb the number of fraudulent returns filed in the coming years and will keep that $21 billion loss from becoming a reality. New measures are planned including id theft screening filters, holds on refunds until questionable identities are verified and a system that flags Social Security numbers for deceased taxpayers.
August 21st, 2012
AllClear Investigator George found that as discussed in our recent story, medical identity theft is what it is called when an individual uses the name or insurance information of someone else to get treatment, prescriptions or even surgery. The financial medical identity theft happens when an individual uses a patient’s information to submit fraudulent bills or claims to insurance companies. This occurs far more frequently than the industry would like to admit. Healthcare is no different than any other industry. Information is valuable to identity thieves, from individuals just trying to steal, to professional fraudsters, to information traffickers on the black market. Information is money and attracts those who seek to exploit it.
In 2006, between 250,000 and 500,000 American medical identities were stolen. In 2010, the Coalition Against Insurance Fraud reported that this number had jumped to over 1.4 million Americans. Attorney General Eric Holder and Department of Health and Human Services Secretary Kathleen Sebelius released a report showing that the government’s health care fraud prevention and enforcement efforts recovered nearly $4.1 billion in taxpayer dollars in fiscal year 2011. This is the highest annual amount ever recovered from individuals and companies who attempted to defraud seniors and taxpayers or who sought payments to which they were not entitled.
Emergency departments are obligated to provide treatment in most emergency cases. The presence of law enforcement officials in emergency rooms may compel certain patients to commit medical identity theft to avoid potential arrest for other unrelated crimes. A healthcare consumer whose medical identity is linked with another individual’s medical information could encounter life threatening experiences as a result of receiving inappropriate medications or treatment.
Who the Victims Are
Medical identity theft, just like other forms of fraud, produces multiple victims. The victims can include the person whose identity was used. Consumers may suffer financial consequences when healthcare services provided to the fraudulent individual are billed to the medical identity theft victim or the victim’s insurance company.
At the organizational level– legal, financial, and public image risks occur. If unaware or if perpetrated by a knowledgeable insider, the financial damage could go unnoticed for a while and add up to very large amounts. Often times it can be an insiders who have legitimate or authorized access to the very system or data that is being compromised, making it very difficult to detect. The associated frustration and emotional impact of having to deal with cleaning up one’s credit is never pleasant or insignificant.
Other victims include the insurance companies who end up paying for these false claims, the healthcare provider, the physician or a large health system, which has to deal with the investigation costs or reputation costs, if the identity thief involved in the fraud is an employee.
The Warning Signs
If you think you are a victim of medical identity theft, the faster you can act to minimize the damage is essential. There are several warming signs that your medical records have been stolen: You start to receive many calls from debt collectors; You have unfamiliar collections on your credit reports; You have unexpected and unusual medical bills; Your legitimate claims are denied due to maxed out insurance coverage limits; Healthcare is denied to you for unfamiliar medical condition.
How to Respond
Tell debt collectors you are a fraud victim. Obtain the collection company name, contact information, the debt amount, creditor name, contact information, account billing number and the dates of the unpaid charges. Use this information to complete an Identity Theft Affidavit which can be printed off of the FTC website. Contact your medical provider’s billing office and request an investigation into the unusual charges or coverage denials.
Get a list of all the medical benefits paid in your name and challenge any inconsistencies found. File a police report. Send copies of the report to your health plan’s fraud department, your healthcare provider and all three credit reporting agencies. Keep in mind that medical identity theft is often tied to personal identity theft. Get copies of your credit report from Equifax, Experian and TransUnion and challenge any unusual discrepancies.
Place a fraud alert on your credit report with the credit bureaus. If the identity theft is severe, consider placing a freeze on your credit report. If you or creditors need access to your credit reports regularly, consider AllClear ID credit monitoring service. With triple credit bureau monitoring through AllClear ID, you will be alerted to any activity on your credit reports within 24 hours whether it is a credit check for new credit or a collection debt being reported.
August 20th, 2012
Allison here, with AllClear ID. We’ve talked a lot about mobile phone security and ways to keep your personal data and your apps safe. But, there’s an increasingly popular aspect of mobile phones that we haven’t discussed yet, but are also worrying consumers when it comes to security: mobile payments and mobile wallets.
This is different from making a purchase on eBay on your cell phone. Mobiles payments and mobile wallets involve using a program like Google Wallet, Square, or Dwolla to make a payment with your smartphone. It turns your smartphone into your wallet or credit card, as your smartphone can store this information in an app or on a chip. This has a very different sent of security issues that are separate from hacking into wireless networks and not using good passwords on your financial accounts.
How Do Mobile Payments Work?
Since the technology is so new, there isn’t yet one way mobile payments work, which is part of the reason why security is so blurred and mainstream adoption hasn’t happened yet. There are a variety of ways to do it, such as:
- Paying with a smartphone equipped with a special chip (Google Wallet)
- A credit card number stored in an app (GoPago, Square)
- A small device that attaches to the phone or tablet to act as a credit card processor (Intuit, Paypal Here)
With the first two options, the mobile payments work by utilizing near-field technology, so retailers need a special point-of-sale system in order to take a mobile payment. It doesn’t require putting in a PIN, but simply requires a scan of a bar code in the app or mobile wallet program. Some consumers may not like having to hand over their phone to the cashier. Some worry about what these mobile payment companies do with all these credit card numbers–which is the biggest security concern.
Mobile Payments and Security Concerns
When it comes to mobile payment providers and retailers, consumers wonder what they do with this data. Is it encrypted? What happens if I lose my phone (with Google Wallet, if the phone is lost or stolen, you can disable the program through a laptop or tablet)? Retailers and mobile payment providers are still remedying these issues. Some have argued that consumers will be even more guarded with their phones with the implementation of mobile payments and mobile wallets, as the smartphone becomes another form of money that people don’t want to lose. How well are these issues addressed? It’s tough to say since the practice isn’t ubiquitous and many are still using traditional payment methods. However, previous mobile phone security “best practices” still apply.
August 18th, 2012
Allison here, with AllClear ID. Summer may be over for many kids across the country, but the season itself officially doesn’t end until the Fall Equinox. That means over a month of summer left, and plenty of time for scammers to swindle others. We previously covered the home projects scam, but that’s not the only scam swindlers are using to bait people into giving up money and personal information. Watch out for these four other summer scams:
- The Mugged-Grandkid-on-Vacation Scam – Many families, friends and college students spend their summers abroad. If they haven’t calculated their budgets right or happen to get pick-pocketed, this may sometimes put them in a bind for cash help from grandparents, a family member or even you. However, it’s all a con and scammers can do it much more convincingly now that social media has all the information necessary to make it look real, such as contact information and relationship details. If you think you received one of these emails, talk to that person first before wiring over some cash. You wouldn’t want to send money to a hacker.
- Moving Man Scam – Summer is a popular time to move, and with many colleges starting in the next few weeks, parents will be looking for movers to help get their kids in the dorms. In this scam, the movers take your possessions hostage, saying that it was all heavier than expected so they’ll demand extra money to unload your belongings. If you refuse to pay, they may store your stuff at your expense until it’s settled. If you’re moving in the next month or so, do it yourself if you can. If not, make sure to take the time to pick a quality mover. It’s not just the “three-quote” rule that must be followed, but also research their backgrounds and customer reviews to be sure that they’re legitimate.
- The Job-Offer Scam – This is a really unfortunate one since so many people are looking for work and desperately need an actual job instead of a fake one. The scammers even go through great lengths to set up the scam, scheduling interviews and setting up websites for their fake companies. What ends up happening is that the scammers “hire” you, and then ask for money to do the background check or a credit check. Or, they might ask you to complete a few forms for the company. Either way, the scammers get everything they need to steal your identity, and you still don’t have a job.
- The Vacation Rental Scam – How awful would it be if you paid money to spend time in a vacation home or at a time-share, only to find that the keys don’t work or the address was fake? Well, nearly 8,000 rental-related complaints were reported to the center between June 2011 and June 2012, including vacation rental scams, according to the National White Collar Crime Center. Just like with the moving man scam, take the time to research these vacation rental homes and companies, as well as the person offering you the deal. It’s likely that the research will uncover whether or not the offer is a scam.
The temperatures may be cooling down slowly, but scam artists never fizzle. In fact, they are always looking for ways to scam people, and there are scammers who are always on the prowl for new people to victimize. Even though these summer scams may be less common in just a month or two, that doesn’t mean there aren’t any more scams to worry about.
August 17th, 2012
Christy here, AllClear Investigator. How much do you know about medical identity theft? We’ll be posting a follow-up story soon about the frustrations with detecting and cleaning up medical identity theft however today’s post is about a recent study commissioned by Nationwide Insurance which found few people know what it is or how devastating it can be to your credit and your health. How few? According to their findings, 1 in 6, or 15% of the people surveyed said they were familiar with medical identity theft. Interestingly enough, of that 15% only 1 in 3 (or 38%) were able to define “medical identity” correctly.
So what is “Medical Identity Theft”? This is what it is called when a person steals the medical information of another person to pay for or obtain health care treatment. It is also the fastest-growing type of identity theft. Reportedly, according to the World Privacy Forum, it has affected 1.5 million Americans and cost more than $30 billion. There are three common ways which your medical identity could be compromised. These are:
- Financial medical identity theft – Someone is getting medical help using your name and/or other information.
- Criminal medical identity theft – You are being held responsible for the actions of another’s criminal behavior.
- Government benefit fraud – Your medical benefits are being used by another person.
This crime can impact many areas, including personal, financial, and medical well-being. Imagine someone steals your medical information then uses your health care insurance illegally to obtain care, buy prescriptions, or submit false insurance claims. Now imagine how that could lead to hazardous changes to your medical records or devastating financial results and it’s easy to see why this can be such a problem for those affected. The cost and time associated with cleaning up a medical account can be sizable – actual victims from a 2011 Ponemon Institute Research Report reported personal expenses of resolving a medical identity theft to be about $20,000 and the same victims also said they had spent four to six months resolving the theft – but we’ll talk more about that in a later story.
When asked about reviewing their medical records for errors, 75%, or 3 of 4 study participants, said they “trust” that their medical records are correct. Kirk Herath, Nationwide Chief Privacy Officer, stated “Blind faith in a medical record is risky behavior. Nationwide Insurance recommends being as knowledgeable about your medical records as you are about your financial reports.” Here are a few things you can do to safeguard your medical identity:
- Closely monitor any “Explanation of Benefits” sent by health insurers
- Pro-actively request a listing of benefits from your health insurers
- Request a copy of current medical files from each health care provider
- If you are victim, file a police report
- Correct erroneous and false information in your file
- Keep an eye on your credit report
- Request an accounting of disclosures
Now that we’ve covered what “Medical Identity Theft” is, keep watching future blog postings for more on detection and cleaning it up (and the challenges with both).
August 16th, 2012
Allison here, with AllClear ID. Collection calls are a legitimate practice in collecting credit card debt and other outstanding bills. However, sometimes they aren’t done by legitimate people, or the calls aren’t conducted in the right way, or by good people. Here are some tips on how to deal with collection calls and avoid paying a debt that isn’t yours:
- Don’t Give Away Your Bank Information – To prevent fraud and/or identity theft, don’t provide your bank or routing number over the phone. Don’t allow direct withdrawals, or pay off part of the debt by personal check either, as both of those options makes it too easy for an identity thief. The best way to pay off a debt is to use a money order, as it protects your information while providing proof of payment.
- Ask for Proof of the Debt – Within 30 days of receiving a call from a debt collection agency, you can submit a written request for proof of the debt. This will let you know how much it is, who it’s for, and whether or not it’s a legitimate debt. It’s possible you could have already paid the debt, or that you are a victim of identity theft because the debt isn’t really yours. You’ll only know this for sure if you submit a written request.
- Take Notes During All Calls – It’s possible the debt collector is fake, even if the debt is real, and is only trying to pressure people into paying these things off. If you think the caller is an imposter, ask for their name, company, address, and telephone number. By law, legitimate debt collectors have to release that information so if the caller resists, you know the call is fake. Don’t give this caller any personal or financial information, and make sure to report the call to the authorities with any information you have.
- Take Action if the Debt is Fake – If you are, in fact, a victim of identity theft, you need to do several things. First, send a written dispute to the collection agency, letting them know you are a victim and the debt is not yours. Second, ask the agency to stop calling you. By law, the agency must stop contacting you if you ask them to do so. Next, check all of your accounts to see if anything else of yours has been compromised. After that, request all three credit reports for investigation, and notify those companies to stop them from adding new credits to those reports. Lastly, notify law enforcement of the crime.
Dealing with collection calls are never fun, whether or not they are legitimate calls. However it’s important to know the difference between them to avoid a scam or identity theft, and it’s also important to know how to handle the situation in case you are a victim of identity theft.