September 2nd, 2013
ID theft can have a big impact on your life. We often talk about the emotional and financial toll that it can take, but these aren’t the only aspects of your life that it can affect. ID theft can also negatively impact your performance at work and cost employers thousands of dollars each year.
ID Theft and Work Performance
For employers time is money. When employees are working hard and being productive, companies are more profitable. When personal problems and distractions get in the way, employees are less productive and the cost of labor increases. ID
theft can impact work performance in a variety of different ways. Let’s take a quick look at a few.
ID theft is a complex problem, which means that resolving the issue can take a lot of time. It can take hundreds of hours to resolve problems caused by ID theft. Often, these hours must occur during the day. Just like you work 9-5, so do those you’ll need to talk with to resolve your identity theft. This means time missed from work, either in the form of vacation or sick time, or work hours spent doing something other than work.
Employees often use company equipment and resources to resolve ID theft. To remove a fraudulent entry from your credit report, you may need to repeatedly contact the credit bureaus by mail. This often means photocopying important documents, which many employees do at work. They may also use the company fax, email, etc. to communicate with others during the resolution process. This can be expensive for employers.
Distraction is another big issue for employers when it comes to an employee dealing with ID theft. When worrying about personal problems, employees may be less observant, more exhausted, and less able to focus on work. This can lead to mistakes, sometimes costly, and a decrease in productivity. Distracted employees are unable to give their best efforts to their jobs since their focus is on the more pressing problems associated with id theft.
ID theft doesn’t just impact its victims. The effects of ID theft are felt by those other than the immediate victims of the crime.
June 12th, 2013
Allison here. It’s scary to be an identity theft victim. You might not know who did it, when it started, the extent of the damage, or how long it will take to clean up the mess. However, I’ve come across a story about something scarier than being an identity theft victim: having someone not believe you are an identity theft victim.
Case Study: Pat Callanan
That’s the case with Pat Callanan in Surprise, Ariz., who was surprised to find out that she had an outstanding bill with Maricopa Community Colleges for classes she took in 2007. The trouble was, she didn’t take those classes and was a victim of identity theft. However, MCC wouldn’t believe Callanan’s story, and was somewhat resistant to her requests for verification of the debt and any other information they had on this ‘Pat Callanan.’ Even a letter from a lawyer didn’t get them to budge or to communicate.
To further complicate matters, the MCC took Callanan’s state tax refund to help pay off some of the debt. State agencies can do this if you are delinquent on a debt, even in cases such as this, in which there is a dispute over the legitimacy of the claim. According to the school (and id theft statistics for the region), identity theft has become such a large problem in Arizona that many people falsely claim they are victims to avoid paying off a debt, so they reserve a certain amount of skepticism when people claim they are victims of id theft.
In the end, the MCC decided, in good faith, to wipe out the remaining balance owed and refund Callanan most of the state refund it confiscated. While this may be an extreme example of id theft, cases such as this one highlight the importance of checking your credit reports and financial statements regularly, to catch any instances of id theft or fraud before they have the chance to grow into bigger problems.
February 13th, 2013
Allison here. I’m sure you’ve all probably heard something about the girlfriend hoax involving Notre Dame football player Manti Te’o. If you haven’t, here’s a quick recap: an acquaintance of Manti Te’o created a fake Facebook account for a woman; photos included, and allegedly began an online relationship with Te’o. Now that the story has received national news attention, Diane O’Meara, the woman whose photo was used in the hoax, is claiming identity theft, as her photo was used without her permission. What are O’Meara’s claims for identity theft, and do they stand? Or is this another case of online impersonation?
O’Meara says that her photo was taken from her Facebook profile and used to represent Lennay Kekua, the fake girlfriend, for over a year, despite the fact that O’Meara says she has never spoken or contacted Te’o in any way. Te’o stated that he had no idea Lennay Kekua wasn’t a real person, and only learned of the hoax when he received a phone call from the impersonator claiming the whole thing was made up.
The perpetrator of the hoax, Ronaiah Tuiasosopo, could possibly face identity theft charges. O’Meara did admit that she had given Tuiasosopo a picture of herself in December 2011, but did not know anything about Lennay Kekua or the hoax until reporters uncovered the story and called her.
Is There a Case for Identity Theft?
AllClear ID defines identity fraud as “unauthorized use of another person’s personal information to achieve illicit financial gain” and considers it slightly different from identity theft. We define identity theft as, “a fraud committed or attempted using the identifying information of another person, without authority to do so.” According to this definition, O’Meara is indeed an identity theft victim, even though it was only her photo that was used.
This raises an interesting consideration for identity theft victims. When using many definitions of identity theft, a victim who has a simple photo used without his or her permission fall into the same category as a person who has sensitive financial information stolen. This does not mean, however, that these crimes are viewed the same under the law. While the federal government defines identity theft and identity fraud as “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain,” which doesn’t necessarily require economic motives, almost every state has differing levels of punishments for different types of id theft. This means that, under the law, stealing and using someone else’s photo is usually very different from stealing and using someone else’s financial or personal information, regardless of the definition of identity theft.
December 19th, 2012
Allison here with AllClear ID. While tax season is just around the corner, tax fraud is a year-round enterprise. One of the more recent tax fraud stories in the news involves a former resident of St. Louis who is accused of participating in a $1.5 million tax identity theft scam. Allegedly, the woman was taking the information of the recently deceased and using it to obtain their tax refunds. A federal investigation in late November found that 191 fraudulent tax returns were filed from her computer using the stolen identities.IRS,
Upon further investigation, authorities discovered that 27 of those refund checks were sent to three different states (Maryland, Missouri, and Florida), indicating that this woman was possibly the ringleader of a large network of people using these identities. In return for sharing the personal information of the deceased, the alleged ringleader was sharing the proceeds from the returns. During the investigation, a number of items were seized, such as $5,000 in cash, multiple notebooks containing the personal information of others, debit cards, and MoneyGram receipts. The woman admitted that these items were part of an identity theft scheme.
Tax fraud by means of identity theft is a growing problem because of how tax returns for the deceased are handled. In an effort to legitimize the process of claiming returns for a deceased taxpayer, the IRS requires that tax returns for the dead are accompanied by a form that describes the person filing the form. However, now scammers and thieves are often stealing the identity of the person filing the form and filing for tax returns under that name.
The rise in tax fraud involving the deceased serves as a reminder to all of us that we need to be protective of the identities of our deceased loved ones, double checking their reports and perhaps handling their tax returns right away. It’s now more possible than ever that these identities will be used by a thief.
December 17th, 2012
Allison here with AllClear ID. As defined by the Department of Justice, identity theft includes, “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” Using this definition, online impersonation can technically be considered identity theft, but is there more to the story? Should there be one kind of penalty for identity theft and another kind of penalty for online impersonation? Let’s take a closer look.
A recent news story talked about a Texas woman who started to receive phone calls of a sexual nature from unknown men. When she finally asked one how he got her number, he replied that he saw it in an ad on Craigslist. As it turns out, the ad was posted by the girlfriend of her ex-husband, who claimed she posted the ad as a “joke” when she was confronted about it. The girlfriend was ultimately charged with online impersonation, but many people may think this was an act of identity theft as well.
Texas law defines online impersonation as “creat[ing] a webpage or send[ing] an email or an instant message on the Internet using the name or domain name of another person with the intent to harm, defraud, intimidate or threaten another person or persons.” The way the law is phrased outlines a key difference between identity theft and online impersonation: identity theft is meant to benefit the thief, while online impersonation is meant to harm someone other than the impersonator.
Furthermore, identity theft typically involves stealing very specific personal information, like a social security number or a credit card number. It often involves much more than using the name or telephone number of another, and usually necessitates some credit report cleanup on the part of the victim.
While these distinctions do not make either identity theft or online impersonation easier to deal with, there is one more distinct difference between the two crimes: the ability of consumers to take proactive measures to protect themselves. With identity theft, there are a variety of measures someone can take to secure their personal information and to prevent it from ending up in the wrong hands. We’ve talked about many of these before. Online impersonation is much more difficult to safeguard against, since theoretically all someone needs is a name and possibly a phone number to impersonate another person over the internet. Both identity theft and online impersonation can have serious consequences for the victims, and should therefore be criminalized under the law. However, the aftermath of identity theft is often much more far-reaching than that of online impersonation, which raises the question as to whether the two crimes should require different penalties for perpetrators.
December 13th, 2012
If you’re in the market for a mortgage or car loan, you’re depending on your credit score for approval and a good interest rate, and work very hard to maintain your credit score. All of this hard work can sometimes be ruined by identity thieves who open fraudulent accounts in your name, but it can also be ruined by simple mistakes made by businesses who you actually transact with.
Sharon, an AllClear ID customer from California, maintained an excellent credit score until a collection company posted a collection account to her credit report. She was caught off-guard when she received the AllClear ID Credit Monitoring Alert notifying her of the change in her credit status. After a little research, she learned that a hospital she visited 7 years ago incorrectly posted the copay she made as a write-off, and sold it as a bad debt to a collections company. Recalling her frustration in disputing the debt, Sharon points out “The [agencies] have more rights than you do and can put a negative mark on your credit even if it’s wrong.” Initially, she thought it was a simple mistake that could be resolved with a phone call to the collection company, but this did not turn out to be the case. After dealing with what she calls “nasty and ruthless tactics”, Sharon called AllClear ID to help her remove the erroneous mark from her credit report.
Tamara, the AllClear ID Investigator who helped Sharon, says that even though, “a month later it was still posting to Sharon’s credit report, I contacted the bureau and faxed the documentation again and then it was finally resolved.” Sharon says on her own, she was not able to make any progress with the credit bureaus, and she felt, “It’s like they don’t want you to be able to find the correct number to reach someone. AllClear ID was able to get me through to the right person to get this cleared up.”
Having what Sharon calls an “advocate” like AllClear ID made a difference in getting her credit restored as well as keeping it safe in the future. “I had a separate experience later, when a new credit account was opened. I was out of town and the phone call alert from AllClear ID gave me details of the activity.” Sharon had never been to the area or heard of the stores where the account was initiated, but she recalls that just “getting the alert made me feel protected and I knew somebody was watching out for me.” It also gave her the ability to indicate the activity was fraudulent and AllClear ID was able to dispute the charges before any damage was done.
November 21st, 2012
Allison here with AllClear ID. We talk a lot about how easily our identities can be taken away, how the paper trail of the passport, birth certificate, Social Security card, and tax forms makes it so easy for someone to impersonate us and to ruin our credit. It’s incredibly easy for someone to pretend to be Allison, buy a house in Kansas and hold a steady job as a legal secretary. Woe is me if that Allison ever fails to pay a her utility bills.
But, we are much more than official numbers on a page; an address, a phone number, an email, a collection of tastes and preferences that makes it all too easy for companies to target us online with ads fine-tuned to what we did yesterday, and to the groceries we need to buy tomorrow. We are much more than who we know on social media, where we are located, and what we “like” and retweet.
We know this, and we ought to be thankful for the fact that we are much more than millions of data points scattered across the net. There’s more to our identities than the digital trail we leave behind; we are unique individuals, with unique lives, vibrant interests.
My name is Allison, and my digital trail will tell you that I am a writer. You might even find that I am an avid poker player and an active member of Amnesty International.
What that paper trail will never include is the exhilaration I feel when walking my dog, Oden, on a fall afternoon, or the extreme pleasure I get from enjoying a delicious red velvet brownie. The paper trail doesn’t include the pain I feel after flopping a straight and losing a poker match to a runner, runner flush. It could never include the embarrassment I’ve felt (on more than one occasion) of catching the wrong bus, or of learning that it’s “might as well” instead of “minus well.” My paper trail, while it may seem to offer a glimpse of who I am, could never include my last conversation with Nana, or thousands of other precious moments I have been able to experience in my lifetime.
It’s all that I’m thankful for, and it’s the thing that no identity thief can take away from me via an unsecured Internet connection.
August 30th, 2012
Jackie here, with AllClear ID. Have you ever thought about the privacy implications behind a parking ticket? I hadn’t either until I stumbled across this article on Wired. A federal appeals court recently reinstated a class action lawsuit against Palatine Village (a Chicago suburb) ruling that putting too much information on a parking ticket is a privacy violation.
The lawsuit started when a motorist with a parking ticket sued. Palatine Village’s parking tickets list the vehicle owners name, address, gender, height, weight and driver’s license number. The driver sued using the Driver’s Privacy Protection Act of 1994, a law that protects DMV records from being openly shared. In addition to personal information being shared on the ticket, personal information is also visible on the exterior of the mailing envelope when the fine is paid by mail.
The court ruling is good news for identity protection. The information found on these parking tickets could potentially provide id thieves with bits of personal data that could be used to access your identity. Driver’s license numbers specifically are on the list of things to protect along with your Social Security number and mother’s maiden name.
Since parking tickets are left on the windshield of the offending vehicle, the information contained in them can be easily accessed by any passerby, including identity thieves.
August 28th, 2012
Jackie here, with AllClear ID. We often talk about the importance of choosing strong passwords and keeping your passwords safe once you have chosen them, but no password is entirely secure. Passwords are compromised every day through various means like hacking, social engineering or the simple guess until it cracks method. Besides using your best judgment and common password safety tips, there isn’t much else you can do to keep your password safe– but this may someday change.
The Defense Advanced Research Projects Agency (part of the US Defense Department) hopes to someday eliminate passwords and instead identify computer users by their typing style. Everyone types differently from the amount of time in between keystrokes to the length of time a particular key remains depressed; this could someday lead to a unique way to identify yourself that can’t be compromised as easily as a password. According to a New York Times article, DARPA is planning to provide research money to make this a reality. Several universities are researching this technology including Carnegie Mellon, Pace University and Columbia.
Although everyone has a unique typing style, it can vary from day-to-day. How will computers know it is actually you, and not someone else? In the New York Times article, one researcher makes an analogy to music that really hits this idea home. He compares your core typing style to the core rhythm of a song. You can usually easily identify a popular song even if it is played poorly by an amateur group. This technology will seek to find your typing rhythm which can’t be easily copied.
The USNews reports on this technology in action. This technology verifies users at log in based on their typing style when entering a username and password. This could potentially make stolen passwords useless, since only half of the needed equation would be obtained. The technology isn’t yet perfected; longer passwords can make reproducing typing style difficult, even for the same user. Read more here.
August 25th, 2012
Christopher here, AllClear Investigator. Authorities across the country are reporting a new trend in gang-related activity. It appears that gang members are becoming more and more active in white collar crimes like identity theft. According to the National Gang Intelligence Center’s 2011 National Gang Threat Assessment, “gangs are becoming more involved in white-collar crime, including identity theft, bank fraud, credit card fraud, money laundering, fencing stolen goods, counterfeiting, and mortgage fraud, and are recruiting members who possess those skill sets. Law enforcement officials nationwide indicate that many gangs in their jurisdiction are involved in some type of white-collar crime.”
They say gang members are moving to white collar crime because it’s a low risk, high reward crime. This means that there is a small chance that they will be caught engaging in this type of crime, while at the same time being much more profitable than their standard burglary. According to a report done by Jim DeFede of CBS4 News in Miami, FL, gang members in that area are also becoming heavily involved in IRS and tax fraud, which has plagued the entire state for the last couple of years. DeFede quoted Lt. Luis Almaguer, head of the Miami Dade’s gang unit, as saying “Fact of the matter is there is a lot more money to be gained than slinging crack at the corner… We’re dealing with people who used to make a hundred here or there selling crack on the corner and now they are making thousands of dollars.”
Gang members are using stolen Social Security numbers to do fraudulent electronic tax filings. DeFede also said that CBS4 was allowed to attend a briefing in March with a dozen law enforcement agencies from around the county, and that tax fraud was the most commonly discussed complaint.
Tax fraud and other forms of identity theft are growing, and will continue to grow among members of various gangs around the country because it’s very easy for them to commit the crime without being caught. Even if they do get caught identity theft cases are very hard to prosecute, and a felony charge for identity theft would only get you a maximum of about 3 years in prison. The point is that identity theft, as it compares to other crimes, is still fairly new and the judicial system hasn’t quite caught up to it yet. Until they do, these types of crimes will only continue grow throughout the entire country.
August 24th, 2012
Jackie here, with AllClear ID. We often talk about identity thieves taking identities for financial gain, but that isn’t the only reason an identity might be stolen. An article found on the NY Daily News website explains that sex offenders may also use id theft.
A study from Utica College found that 1-in-6 sex offenders will modify their identity to avoid registering. This can lead to offenders living in residences where they are not approved and hiding from mandatory law enforcement monitoring. Some use aliases, others use different birth dates or Social Security numbers, some steal identities from family members or change their name through marriage. Moving to states where sex offender regulations are less stringent is another common tactic.
Financial identity theft is one of the most common forms of id theft, but it is important to remember that it isn’t the only way identity theft can manifest itself. Others forms of id theft like criminal and medical id theft do happen and can have serious repercussions for the victim, often just as serious (if not more so) than financial id theft. Imagine trying to repair your identity if it was confused with that of a sex offender. It would be an absolute nightmare.
This 2010 story from King5.com, illustrates the problem. Dan Wheeler’s identity was stolen 15 years ago and since that time he has been mistaken for a sex offender multiple times. He has difficulty finding work and passing background checks and has even been arrested.
Protecting yourself from identity theft is an important financial decision, but it doesn’t stop there. Id theft isn’t just an inconvenience or a hassle; it can have real life consequences that can last for years to come.
August 23rd, 2012
Tamara here, AllClear Investigator. As we know, unfortunately, identity theft is a very common occurrence and the number of data breaches are on the rise. But there’s another form of fraud that people may not be so aware about, though it is definitely a trending crime. It’s called identity manipulation.
Identity manipulation is similar to identity theft in that the fraudster applies for credit, utilities, loans, and other types of services, but different in that they do not use someone’s actual identity. What they do is they slightly manipulate the Social Security number, date of birth, or use a fictitious name to obtain these accounts.
A first-of-its-kind study done by ID Analytics reports there are a few different patterns of identity manipulation. It found that over 45 million people deliberately manipulate their identities, including eight million people that are using two or more Social Security numbers, 16 million people that have used multiple dates of birth, and 10 million people who have manipulated their identities by using some of their spouse’s information as their own identity.
Not only to people manipulate their identity to gain credit, it is also found that it occurs as someone who wants to hide their bad credit history, get medical treatment, obtain employment, have access to government services and benefits, or to hide under an alias as they are a sex offender or a criminal.
Once opened or obtained, the account or service may match up and then report to the actual person’s identity (the victim) with the Social Security number, date of birth, or name. The victim then finds themselves with bad credit, unable to obtain utilities or government services, or have their medical records affected. And the time, money, and effort that it takes to resolve the fraud are staggering at times.
To ensure that you have not been affected by this crime, review your credit reports (each person is entitled to one free credit report from each of the three bureaus every twelve months here at www.annualcreditreport.com or by calling 877-322-8228), verify your wage statements from the Social Security association, and review your medical records. One can also have a background check done through Self Check. This is beneficial for employment eligibility status and is part of E-Verify, a Department of Homeland Security program administered by U.S. Citizenship and Immigration Services in partnership with the Social Security Administration.
If you find anything suspicious on those reports, call AllClear ID and we will help you clear your identity. The customer support hours are Monday through Saturday, 8:00 a.m. – 8:00 p.m. CST and can be reached by calling (855) 434-8077.
August 22nd, 2012
Jackie here, with AllClear ID. Identity theft can easily cost its victims thousands of dollars, not to mention countless hours spent resolving the damage. You might be surprised to learn however that victims aren’t the only ones paying for id theft. Every American taxpayer is on the hook for the billions of dollars stolen from the IRS in tax related id theft. A recent USNews article indicates that the IRS may have issued more than $5 billion in fraudulent tax return checks in 2011. Over the next five years another $21 billion could make its way out of the treasury and into the pockets of identity thieves. At a time of huge budget deficits and a struggling economy, this trend is extremely troubling.
The IRS has stepped up their fraud detection efforts and did find – and stop – many fraudulent returns from being processed this year, but many others slipped through the cracks. It is estimated that 1.5 million fraudulent returns were filed and not detected.
Hopefully improved IRS security will curb the number of fraudulent returns filed in the coming years and will keep that $21 billion loss from becoming a reality. New measures are planned including id theft screening filters, holds on refunds until questionable identities are verified and a system that flags Social Security numbers for deceased taxpayers.
August 21st, 2012
AllClear Investigator George found that as discussed in our recent story, medical identity theft is what it is called when an individual uses the name or insurance information of someone else to get treatment, prescriptions or even surgery. The financial medical identity theft happens when an individual uses a patient’s information to submit fraudulent bills or claims to insurance companies. This occurs far more frequently than the industry would like to admit. Healthcare is no different than any other industry. Information is valuable to identity thieves, from individuals just trying to steal, to professional fraudsters, to information traffickers on the black market. Information is money and attracts those who seek to exploit it.
In 2006, between 250,000 and 500,000 American medical identities were stolen. In 2010, the Coalition Against Insurance Fraud reported that this number had jumped to over 1.4 million Americans. Attorney General Eric Holder and Department of Health and Human Services Secretary Kathleen Sebelius released a report showing that the government’s health care fraud prevention and enforcement efforts recovered nearly $4.1 billion in taxpayer dollars in fiscal year 2011. This is the highest annual amount ever recovered from individuals and companies who attempted to defraud seniors and taxpayers or who sought payments to which they were not entitled.
Emergency departments are obligated to provide treatment in most emergency cases. The presence of law enforcement officials in emergency rooms may compel certain patients to commit medical identity theft to avoid potential arrest for other unrelated crimes. A healthcare consumer whose medical identity is linked with another individual’s medical information could encounter life threatening experiences as a result of receiving inappropriate medications or treatment.
Who the Victims Are
Medical identity theft, just like other forms of fraud, produces multiple victims. The victims can include the person whose identity was used. Consumers may suffer financial consequences when healthcare services provided to the fraudulent individual are billed to the medical identity theft victim or the victim’s insurance company.
At the organizational level– legal, financial, and public image risks occur. If unaware or if perpetrated by a knowledgeable insider, the financial damage could go unnoticed for a while and add up to very large amounts. Often times it can be an insiders who have legitimate or authorized access to the very system or data that is being compromised, making it very difficult to detect. The associated frustration and emotional impact of having to deal with cleaning up one’s credit is never pleasant or insignificant.
Other victims include the insurance companies who end up paying for these false claims, the healthcare provider, the physician or a large health system, which has to deal with the investigation costs or reputation costs, if the identity thief involved in the fraud is an employee.
The Warning Signs
If you think you are a victim of medical identity theft, the faster you can act to minimize the damage is essential. There are several warming signs that your medical records have been stolen: You start to receive many calls from debt collectors; You have unfamiliar collections on your credit reports; You have unexpected and unusual medical bills; Your legitimate claims are denied due to maxed out insurance coverage limits; Healthcare is denied to you for unfamiliar medical condition.
How to Respond
Tell debt collectors you are a fraud victim. Obtain the collection company name, contact information, the debt amount, creditor name, contact information, account billing number and the dates of the unpaid charges. Use this information to complete an Identity Theft Affidavit which can be printed off of the FTC website. Contact your medical provider’s billing office and request an investigation into the unusual charges or coverage denials.
Get a list of all the medical benefits paid in your name and challenge any inconsistencies found. File a police report. Send copies of the report to your health plan’s fraud department, your healthcare provider and all three credit reporting agencies. Keep in mind that medical identity theft is often tied to personal identity theft. Get copies of your credit report from Equifax, Experian and TransUnion and challenge any unusual discrepancies.
Place a fraud alert on your credit report with the credit bureaus. If the identity theft is severe, consider placing a freeze on your credit report. If you or creditors need access to your credit reports regularly, consider AllClear ID credit monitoring service. With triple credit bureau monitoring through AllClear ID, you will be alerted to any activity on your credit reports within 24 hours whether it is a credit check for new credit or a collection debt being reported.
August 20th, 2012
Allison here, with AllClear ID. We’ve talked a lot about mobile phone security and ways to keep your personal data and your apps safe. But, there’s an increasingly popular aspect of mobile phones that we haven’t discussed yet, but are also worrying consumers when it comes to security: mobile payments and mobile wallets.
This is different from making a purchase on eBay on your cell phone. Mobiles payments and mobile wallets involve using a program like Google Wallet, Square, or Dwolla to make a payment with your smartphone. It turns your smartphone into your wallet or credit card, as your smartphone can store this information in an app or on a chip. This has a very different sent of security issues that are separate from hacking into wireless networks and not using good passwords on your financial accounts.
How Do Mobile Payments Work?
Since the technology is so new, there isn’t yet one way mobile payments work, which is part of the reason why security is so blurred and mainstream adoption hasn’t happened yet. There are a variety of ways to do it, such as:
- Paying with a smartphone equipped with a special chip (Google Wallet)
- A credit card number stored in an app (GoPago, Square)
- A small device that attaches to the phone or tablet to act as a credit card processor (Intuit, Paypal Here)
With the first two options, the mobile payments work by utilizing near-field technology, so retailers need a special point-of-sale system in order to take a mobile payment. It doesn’t require putting in a PIN, but simply requires a scan of a bar code in the app or mobile wallet program. Some consumers may not like having to hand over their phone to the cashier. Some worry about what these mobile payment companies do with all these credit card numbers–which is the biggest security concern.
Mobile Payments and Security Concerns
When it comes to mobile payment providers and retailers, consumers wonder what they do with this data. Is it encrypted? What happens if I lose my phone (with Google Wallet, if the phone is lost or stolen, you can disable the program through a laptop or tablet)? Retailers and mobile payment providers are still remedying these issues. Some have argued that consumers will be even more guarded with their phones with the implementation of mobile payments and mobile wallets, as the smartphone becomes another form of money that people don’t want to lose. How well are these issues addressed? It’s tough to say since the practice isn’t ubiquitous and many are still using traditional payment methods. However, previous mobile phone security “best practices” still apply.
August 17th, 2012
Christy here, AllClear Investigator. How much do you know about medical identity theft? We’ll be posting a follow-up story soon about the frustrations with detecting and cleaning up medical identity theft however today’s post is about a recent study commissioned by Nationwide Insurance which found few people know what it is or how devastating it can be to your credit and your health. How few? According to their findings, 1 in 6, or 15% of the people surveyed said they were familiar with medical identity theft. Interestingly enough, of that 15% only 1 in 3 (or 38%) were able to define “medical identity” correctly.
So what is “Medical Identity Theft”? This is what it is called when a person steals the medical information of another person to pay for or obtain health care treatment. It is also the fastest-growing type of identity theft. Reportedly, according to the World Privacy Forum, it has affected 1.5 million Americans and cost more than $30 billion. There are three common ways which your medical identity could be compromised. These are:
- Financial medical identity theft – Someone is getting medical help using your name and/or other information.
- Criminal medical identity theft – You are being held responsible for the actions of another’s criminal behavior.
- Government benefit fraud – Your medical benefits are being used by another person.
This crime can impact many areas, including personal, financial, and medical well-being. Imagine someone steals your medical information then uses your health care insurance illegally to obtain care, buy prescriptions, or submit false insurance claims. Now imagine how that could lead to hazardous changes to your medical records or devastating financial results and it’s easy to see why this can be such a problem for those affected. The cost and time associated with cleaning up a medical account can be sizable – actual victims from a 2011 Ponemon Institute Research Report reported personal expenses of resolving a medical identity theft to be about $20,000 and the same victims also said they had spent four to six months resolving the theft – but we’ll talk more about that in a later story.
When asked about reviewing their medical records for errors, 75%, or 3 of 4 study participants, said they “trust” that their medical records are correct. Kirk Herath, Nationwide Chief Privacy Officer, stated “Blind faith in a medical record is risky behavior. Nationwide Insurance recommends being as knowledgeable about your medical records as you are about your financial reports.” Here are a few things you can do to safeguard your medical identity:
- Closely monitor any “Explanation of Benefits” sent by health insurers
- Pro-actively request a listing of benefits from your health insurers
- Request a copy of current medical files from each health care provider
- If you are victim, file a police report
- Correct erroneous and false information in your file
- Keep an eye on your credit report
- Request an accounting of disclosures
Now that we’ve covered what “Medical Identity Theft” is, keep watching future blog postings for more on detection and cleaning it up (and the challenges with both).
August 16th, 2012
Allison here, with AllClear ID. Collection calls are a legitimate practice in collecting credit card debt and other outstanding bills. However, sometimes they aren’t done by legitimate people, or the calls aren’t conducted in the right way, or by good people. Here are some tips on how to deal with collection calls and avoid paying a debt that isn’t yours:
- Don’t Give Away Your Bank Information – To prevent fraud and/or identity theft, don’t provide your bank or routing number over the phone. Don’t allow direct withdrawals, or pay off part of the debt by personal check either, as both of those options makes it too easy for an identity thief. The best way to pay off a debt is to use a money order, as it protects your information while providing proof of payment.
- Ask for Proof of the Debt – Within 30 days of receiving a call from a debt collection agency, you can submit a written request for proof of the debt. This will let you know how much it is, who it’s for, and whether or not it’s a legitimate debt. It’s possible you could have already paid the debt, or that you are a victim of identity theft because the debt isn’t really yours. You’ll only know this for sure if you submit a written request.
- Take Notes During All Calls – It’s possible the debt collector is fake, even if the debt is real, and is only trying to pressure people into paying these things off. If you think the caller is an imposter, ask for their name, company, address, and telephone number. By law, legitimate debt collectors have to release that information so if the caller resists, you know the call is fake. Don’t give this caller any personal or financial information, and make sure to report the call to the authorities with any information you have.
- Take Action if the Debt is Fake – If you are, in fact, a victim of identity theft, you need to do several things. First, send a written dispute to the collection agency, letting them know you are a victim and the debt is not yours. Second, ask the agency to stop calling you. By law, the agency must stop contacting you if you ask them to do so. Next, check all of your accounts to see if anything else of yours has been compromised. After that, request all three credit reports for investigation, and notify those companies to stop them from adding new credits to those reports. Lastly, notify law enforcement of the crime.
Dealing with collection calls are never fun, whether or not they are legitimate calls. However it’s important to know the difference between them to avoid a scam or identity theft, and it’s also important to know how to handle the situation in case you are a victim of identity theft.
August 15th, 2012
Matt here, AllClear Investigator. While it is common knowledge that using a fake ID is illegal, thousands of young people obtain and attempt to use them every year. A 2010 University of Missouri study found that nearly 32 percent of underage college students own and use false identification in order to purchase alcoholic beverages by the end of their sophomore year. Obtaining a “fake” can be as simple as borrowing an ID from the guy next door with a similar hair cut to as high tech as ordering an individually tailored, hologram version. There are several such services in China that these budding drinkers can find with a simple web search. Anyone with an Internet connection and $75 to $200 can order their personalized ID card online. Buyers pick the state, address, and name, and send in a scanned photo and signature to complete their profile. Digital holograms are replicated, PVC plastic identical to that found in credit cards is used, and ink appearing only under ultraviolet light is stamped onto the cards.
Beyond the illegality of using a fake ID, there is a potentially more harmful drawback to even obtaining this type of ID. The “company” that is producing your new ID could also be stealing your identity at the same time. Very little is needed to steal someone’s identity. By using Google, Facebook and public records, a skilled hacker can eventually gather enough information to access a Social Security number. By filling out the ID order form, you’re just saving them the time. An American identity is extremely valuable in the black market, and these ID companies could just be a front for a multimillion dollar identity-theft ring.
The moral of this story, like most, is that you always want to be incredibly careful when it comes to the passing along of your PII, or personal identifiable information. No matter how bad something is desired, or how great of a deal it seems there can always be an unknown negative intention at play. One should always remain vigilant and skeptical.
August 11th, 2012
Jackie here, with AllClear ID. Identity theft can wreak havoc on your credit report and finances. While these issues can typically be resolved, it takes time to correct mistakes and remove fraud. This used to be bad news for job hunters, since many employers require a credit check as part of the hiring process. Luckily a new study indicates that fewer employers are using credit reports to screen applicants and those that do are often willing to hire employees with low scores or give the applicant a chance to explain.
The report was issued by the Society of Human Resource Management. In 2012, 53% of employers indicated that they do not use credit reports in their hiring process. In 2010 this number was only 40% and in 2004 it was 39%. The employers most likely to use credit reports are those where a credit report is extremely relevant to the type of work performed– like in law enforcement or banking.
Another positive trend for id theft victim job-seekers is the fact that 91% of employers perform the credit report after a job offer has been made or after a successful interview, not at the beginning of the hiring process. This can give id theft victims a chance to explain the problems in their credit report without being automatically disqualified for a position.
For more information on this report, read this article on McClatchy.
Many states have gotten involved in regulating how and when employers can use credit checks. For example some states have passed laws limiting employers use of credit reports or prohibiting this practice altogether. States with job applicant credit report laws include: California, Connecticut, Hawaii, Illinois, Maryland, Oregon and Washington. Many other states are considering legislation on this matter.
If you have suffered from identity theft and are searching for a job, you can breathe a sigh of relief knowing that your next employer might not require a credit check. Keep yourself safe during the job hunt by checking out our past blog post on “Protecting Your Identity While Job Hunting”.
August 10th, 2012
Jackie here, with AllClear ID. The internet has really changed things from a privacy standpoint. While your personal data used to be relatively private, it has now become big business for data companies who sell your information to inquiring parties for just a few dollars a pop. This makes it ever increasingly difficult to keep your identity safe in an online era.
What Exactly Do Data Brokers Sell?
If you haven’t much to do with a data broker, you may not realize how much information is available and how low the prices actually are. This article on Paid Content discusses the economics involved with consumer privacy and data brokerage companies.
One of the data brokerage companies specifically listed in the article is known as Intellius. My only interaction with this company has been when I Googled a name and their results popped up in the search. For no charge, you can find out a person’s full name, nicknames, age and relatives. A dollar or two will get you much more including their address, birth date and phone number. A full report (regular price $49.95) will include property records, criminal background check, a listing of bankruptcies, liens, lawsuits and judgments, information on their neighbors and even marriage and divorce records. Intellius isn’t the only company out there. Other data brokerage companies include: Ameridex, BeenVerified, LocatePLUS, People Search Pro, PrivateEye and many others.
What Can You Do?
Data brokers are in business to sell your personal information and as such, opting-out can be very difficult. But there are a few things you can do. The Privacy Rights Clearinghouse offers tips in their article titled, “Online Information Brokers and Your Privacy”. They recommend restricting the amount of information available about you. This means checking the privacy settings on social networks and other accounts, having an unlisted phone number, etc. You can also take action and let your representatives know how you feel about data brokerage companies. Finally, you can opt-out of many of these services.
How Do I Opt-Out?
Many data brokerage companies have options available to opt-out of their directories, but the process isn’t easy. Intellius – for example – requires you to complete an online form and verify your identity by providing a copy of your driver’s license or passport (or a notarized letter). Once your information is received, it takes 7-10 days to process and remove your information. That doesn’t mean you are done though. On their website Intellius notes:
“… please note that any time your identifying information appears in a public record in a manner which is different from the record you opted out, it will again appear in our system. (For example, if your address or area code changes your new information will again appear unless you opt out the new record.)”
If you want to opt-out, you will need to contact each data brokerage company individually to complete opt-out requests. Here is a list of some of the data brokerage companies provided by the Consumerist.
Data Brokerage Companies and the Law
Currently, data brokerage companies are completely legal – but that could change. Congress has recently opened an investigation into the practice. This article on the Washington Post explains more. Also check out our past blog post on Spokeo.
Identity thieves need information to prosper and since information is readily available at these data brokerage companies, they could potentially put your at an increased id theft risk.
August 9th, 2012
AllClear Investigator Aaron found that the most recent change in the world of identity theft are the “victims” being preyed upon. Identity theft criminals seek out any vulnerable person to obtain information from. This could mean that the person is vulnerable due to their circumstance or that person’s information is vulnerable due to unsafe keeping.
Recently in Georgia, a couple and a man were arrested in connection with an elaborate scheme stealing the identities of prisoners and falsifying tax returns. The couple worked for a company that claimed they offered help to prisoners that were in financial need. The couple offered to prepare tax returns for 185 inmates from seven different states using tax preparation software to file each falsified return. With the ruse of using their tax preparation software, the couple was able to obtain all personal information needed to file the inmate’s tax returns. They then had the checks, debit cards and other items obtained with the stolen information mailed to rented properties of a third party. In all, the three suspects claimed more than $77,000 in false refunds. Authorities also stated that the suspects withdrew around $53,000.00 of the stolen money in the course of six days. The couple was recently arrested in Georgia on charges of conspiracy, money laundering and identity theft. The other suspect is in custody in the Allegheny County jail and is waiting an extradition hearing.
Another example of this comes from one of our very own customers who– upon being released and starting their life again– found someone had been living their own life under his personal information. There was an auto loan, a mortgage, utilities, cellular and landline phone services, a secured loan, medical debt, and two credit cards found which were all established while he was incarcerated. The debt which had been incurred was just at $281,000. We are close to fully resolving his case but it has taken much time and patience to get the case to where it is today.
These stories are both examples of how identity theft has no boundaries. One might assume that inmates are the last people ID thieves would be interested in. Quite the contrary – anyone with an identity and any type of vulnerability makes them a prime target. These inmates are some of the most vulnerable as their information is widely accessible and they are exposed to many “free” programs asking for their personal information.
From the AllClear Investigators: Identity Theft Crimes Most Likely Committed by Someone Victim Knows
August 8th, 2012
Juan here, AllClear Investigator. Imagine a scenario where you’ve reviewed your credit history and noticed an account in collections that is not yours. You have done the proper thing and obtained information from the collector as to which company the debt was originally with, and have filed a fraud claim with them. After several weeks go by, you get a response in the mail from the creditor, stating that they will not treat the debt as fraud. Through their investigation, they have determined that you know who the suspect is, and should you like for the debt to be cleared as fraud, you will have to press charges.
We typically do not think that the perpetrator of fraud against us would be someone near us, and especially not a family member. But unfortunately, if you’ve been the victim of fraud involving utilities or telecommunications services, it very well could be someone you know. Situations similar to this occur each day. Victims of fraud are left to make a choice to pay the debt, resolve it with the family member or loved one (having them pay it), or contact local police and file a report and/or press charges in order to get the debt dismissed.
Take for example, the words of Lexington, Kentucky PD detective Wayne Thornton. According to him, “about 70 percent of identity theft cases handled… involve someone who stole the identity of a friend, coworker, or family member”. He goes on to say that, just as in the cases he’s worked, that they are “mundane, small-dollar amount cases”.
The majority of the times, these acts are not committed out of spite or malice, but rather necessity or under the impression that the victim will not know of the “favor” they are doing. That is, a person may get cable TV service under a family member’s name because they do not qualify, with the intent of never missing payments. The problem is that they do not always make the payments, thereby causing those accounts to end up in collections. That is when the victim has a very tough choice.
So, what can you do to prevent this from happening? The best thing to do is what you normally would do – protect your sensitive, personal information (Social Security number, specifically) and monitor your reports for hard credit inquiries. Most companies (including utilities and telecommunications) perform credit checks on applicants.
August 8th, 2012
Jackie here, with AllClear ID. Did you know that it may be possible to pay for items using your mobile phones? Mobile payment are becoming increasingly popular and their prevalence is only expected to increase in the coming months and years.
There are several different types of mobile payment options available, each with their own identity theft risks. Let’s take a look at a few:
Mobile Phones with RFID or NFC Technology- Today’s phones can easily be equipped with a chip that can wirelessly transmit your credit card number to a retailer – if they have the right technology. Currently, only about 10% of retailers are making use of this technology, but as prices come down, this could become more common. There are concerns that this type of payment method may not be secure, but manufacturers of this technology believe it may be more secure than credit cards since phones can be shut down remotely if they are stolen. More info on this topic available on USAToday.
Adding Charges to Phone Bills- Another method for making mobile payments involves adding charges directly to a phone bill. You may have seen this in action when buying a ringtone or game through your phone. The charges are automatically added to your bill and you pay directly to your phone provider when your bill comes due. One identity theft concern with this practice is known as “cramming”. It isn’t anything new, but has become a cause for concern again in recent months.
“Cramming” is the practice of adding fraudulent charges to your phone bill. These charges are often small to avoid detection and may look like they belong on your bill. The best way to combat them is to pay attention. Watch for suspicious charges on your phone bill and report them to your phone company should any occur. Some phone providers allow you to opt-out of third party charges so these will never appear on your phone bill. Learn more about this practice on the US Department of Justice Blog.
Other Mobile Payment Options- Other mobile payment options are becoming increasingly available. Phones may be able to store copies of credit information and credit card scanners are available for smart phones. Companies like PayPal are also getting on the game offering consumers the option to pay using their accounts at checkout at brick-and-mortar retailers. We will probably see many new payment methods available in the next few years.
The best way to keep on top of the new options available is to pay attention. Examine your credit card statements carefully. Don’t forget to check your phone bill for suspicious charges. Being aware is one of the best ways to prevent id theft and catch it early on if there is a problem.
August 7th, 2012
Allison here, with AllClear ID. It’s old news that hackers are creating phishing sites that are mimicking brands and other trustworthy websites in order to lull people into a sense of security and legitimacy. But, the new twist is that gaming sites like “Star Wars: The Old Republic” and “World of Warcraft” have been targeted as avenues to spread malicious links and to gather personal information for identity theft.
With World of Warcraft, phishers sent emails through the in-game mailboxes asking users to beta test the game’s newest expansion, “Mist of Pandaria.” Users who clicked the link were taken to a website where they would have to register and provide the credentials to their account. The Star Wars phishing scam was much worse, where users were subject to account verification checks. Not only did these checks ask for emails, but it also asked for answers to several security questions. It’s theorized that this was done to find those who use these emails and security answers for other accounts – such as banking and social media – so that hackers can get inside those other accounts as well.
These scams were caught in July, but this development coincides with a report from the Anti-Phishing Working Group that says the number of phishing sites is at an all-time high. More than 38 percent of the fake websites were related to financial services, according to the APWG’s report. The second most spoofed market vertical was payment services, followed by retail and other service sites. The sites spoofed 392 brands – also a new record – also coinciding with the trend that hackers and spammers are mimicking legitimate sites and brands as a way to get more victims and to steal more identities.
No one has been caught for starting these scams, but the gaming sites have boosted security and notified users of the problem. Even niche sites like an online gaming community aren’t safe from phishing scams and other cyberthreats, perhaps even more so since gamers interact with other people from all over the world without possibly ever meeting them. Overall, protection is simply a matter of being cautious when revealing personal information and credentials to accounts.
August 6th, 2012
Allison here, with AllClear ID. Summer is the season of home improvements. After all, is there a better time to install that deck or swimming pool, or maybe get that driveway paved or the windows replaced before the in-laws arrive? There may not be a better time, but there are certainly better ways to get those jobs done than to accept an offer from a stranger at the door.
That is exactly how the home projects scam starts. Someone arrives at your door offering to pave your driveway or to build a new porch or deck, and they have just enough extra materials to make it happen just for you. It seems too good to be true, but if you’ve been planning on building that porch for some time, this might be the chance to get it done. Unfortunately, it’s a scam– don’t fall for it. Here’s what to look for in these home repair/home projects scams:
- They initiate the conversation – If you didn’t contact a home repair company or a contractor to do this job, and someone suddenly shows up at your door or contacts you by telephone, then it’s probably a scam. Legitimate companies and contractors rarely find business in this manner, and never will offer anyone to do a project that he/she didn’t ask for.
- They Have Leftover Materials – Legitimate companies and contractors rarely, if ever, have leftover materials. They are very careful about that. Even if they did, would they really just offer it on a brand new job? Why not take it to another job that’s already been started, or to someone who’s already paid to have something done? It’s probably a scam to get you to allow them to do the work.
- They Say They Can Do It Cheaper than Most – First of all, if you haven’t yet done your homework on how much it would cost to pave your driveway or to get your windows replaced, how would you know this person can do it cheaper? Second of all, would you really want your swimming pool installed, or any other home repair project, completed by the lowest bidder? Like many things in life, you get what you pay for in home improvement.
- They Want You to Pay in Full, and Upfront – Legitimate companies and contractors don’t work that way. There are plenty of unforeseen costs in home repair, and it’s definitely fishy to pay in full for something that isn’t even done yet. Essentially, it’s the scammer’s way of getting your money, and you may get the work done in return.
- They Say Insurance Will Cover It – How could this person possibly know this? They don’t know who your insurance provider is, what kind of policy you have, or even if you have insurance. It’s another way for the scammer to try and get the money right then and there, but assuring that the insurance provider will cover the payment later on. Only you know what you’re insurance will cover.
- They Offer a Free Inspection – This is a tactic that’s meant to have the victim let their guard down, so the scammer can go into the house, take a look, and suggest that X, Y, and Z need to be repaired. The victim is then more likely to give the scammer money for the repairs, only then to have the scammer disappear for good. Again, if you didn’t ask a company or a contractor for an inspection, then it’s probably a scam.
Overall, the best way to avoid these home repair scams is to do your homework about the home repair companies and contractors in your area. That way, you can know who’s legitimate and who’s not, and you’ll be armed with the information necessary to prevent you for falling for one of these scams.
August 4th, 2012
Allison here, with AllClear ID. School is back in session in a few weeks, and whether you are freshman just starting your college career, or a senior ready to finish up and graduate, computer and online safety is something that effects all college students. It could be tough to think about among the classes, the tests, and the social gatherings, but all it takes is one virus or hacker to steal your identity and give you one more thing to worry about. Here are four computer and online safety tips for college students:
- Be Protective of Your Personal Belongings – Laptops get stolen. Roommates aren’t always the nicest or most trustworthy of those closest to you. Don’t leave belongings that have personal and valuable information lying around, even if it seems okay or that no one is around. Purchasing a computer lock and creating a strong password for a login will make is harder for someone to steal your things or to have a little fun with your Facebook status updates when you’re not looking.
- Share Selectively – College is a hive of social activity where you are meeting tons of new people daily and trying out tons of new things. It could be tempting to post a lot of information online, or to talk about things over the Internet with your new friends. However, exercise some caution when creating your social media profiles and chatting online. These are places where unauthorized eyes could see this information, and easily pick up something that could be used to harm you. Avoid giving away your address, revealing the make/model of your car, or discussing your exact location on campus.
- Check Your Wireless Connections – Although the connection on campus could be secure, that might not be the case if you decide to study at a coffee shop off-campus or at your friend’s apartment. If you’re using the Internet in locations where the wireless connection may not be secure, then it’s not a good time to purchase your textbooks or to have your parents wire you money. An unsecure network connection makes it easy for an identity thief to get your financial information. Save those activities for the dorm room.
- Install Online Security Solutions on Your Devices – Don’t wait until your hard drive crashes or until you do have a virus before doing something about it. It could be easy to forget purchasing an online security solution when you need textbooks and word processing software. However, by having these programs on your computer, tablet, and smartphone from the get-go, you’ll be better protected against cyber threats. Make sure to update these programs regularly so you are protected against the latest malware and viruses.
College is an exciting time, but college students aren’t any less vulnerable than anyone else out there. Safety in college is much more than walking with a partner at night and locking your doors. Nowadays, it involves computer and online safety as well.
August 3rd, 2012
Jackie here, with AllClear ID. We often talk about phishing and email scams here on the blog, but phishing isn’t just something to be on the lookout for when you check your email. Id thieves use phishing tactics to solicit personal information in other places across the web as well. Always be cautious when sharing personal information and pay special attention when visiting banking and financial institution websites.
Check out this warning we found on Chase’s website about viruses and malware that can solicit your personal information. Basically, your computer is infected by a virus when you visit an infected website or open an infected email. This virus doesn’t do anything right away; it lays dormant on your computer waiting for you to visit a targeted site, such as Chase. It then creates a pop-up window asking for personal information like your account number or Social Security number. This pop-up isn’t generated by the site you are visiting. Instead, it is a tactic used by identity thieves to get your personal information.
If you see a pop-up like this, don’t fill it out. Report the problem to your bank and get your computer checked out. You may need to update your anti-virus software or you may have contracted a virus that your software doesn’t recognize.
Banks don’t typically ask for personal information like Social Security numbers or account numbers when you are logged into your accounts. On their website Chase says, “We don’t ask you for personal information such as PINs or complete account numbers when you are logged in or through e-mail. We may ask for a mother’s maiden name or a Social Security number on an application that you initiated, but it is not our practice to ask you for personal information in this way or through an e-mail.”
If you are in doubt about whether or not your bank is requesting personal information, give them a call and ask. Use a known phone number to contact them. It is always better to be a little too cautious than to inadvertently share your personal information with an identity thief. If you have shared personal information or filled out a form like this, contact your bank immediately.
Keeping up to date on your antivirus software and using caution whenever you share personal information online will help protect you from id theft. To learn more about id theft and the banking industry, head on over to the FDIC’s identity theft information site.
August 2nd, 2012
Jackie here, with AllClear ID. They say a picture is worth a thousand words, but to an identity thief, a picture can be worth thousands of dollars– especially if it’s a picture of your credit or debit card. Posting pictures of your cards online puts you at an increased id theft risk and opens the door for fraudulent charges.
Do people really post credit card pictures online? Surprisingly yes. Social media platforms are filled with pictures posted by people of full credit card numbers, expiration dates and sometimes even security codes, everything needed to make fraudulent purchases. Check out @NeedADebitCard on Twitter for a re-tweeted feed of posted pictures and see just how common this problem actually is.
Not every picture shows the full card number and the security code is missing from many, but it still isn’t safe to post these pictures online. Security codes aren’t always needed and thieves may be able to obtain the rest of your card number through other means like trial and error, guessing or even looking at other pictures you may have posted. Play it safe and skip the picture when it comes to your credit card, driver’s license, Social Security number or other identifying information.
August 1st, 2012
Jackie here, with AllClear ID. One of the most basic lessons for protecting yourself from id theft is to create secure passwords and then to keep them safe. This means combining letters, numbers and symbols, not using the same password for multiple accounts, and never sharing your passwords with others. However, all of your password protecting efforts might be in vain if the businesses you frequent fail to provide adequate safeguards for keeping your passwords safe.
Take for example this recent article posted on Business Insider about Jet Blue. Apparently, the airline stores passwords in plain, unencrypted text and sends emails containing these passwords to their users. Email accounts are easily compromised and sending passwords in plain text in an email just isn’t safe. Additionally, companies that send emails with passwords plainly written probably don’t protect your passwords on their systems, thus exposing your password to employees and potentially to hackers. Couple this with the fact that many people use the same password across multiple accounts and you have an identity theft disaster waiting to happen.
Jet Blue isn’t the only company that emails passwords in plain text. The website – Plain Text Offenders – is doing their part to expose this common problem by allowing users to anonymously submit websites they find that store passwords in plain text. Check out some of the offenders in their gallery here.
Passwords stored in plain text are very susceptible to compromise, so it is especially critical not to use these passwords over multiple accounts. Create unique passwords for each site you use. I know it can be hard to remember a different password for each site, but it is an important id theft protection. Here are some tips from our blog for creating memorable, strong passwords.
Encourage the businesses you frequent to help you protect your identity by keeping your passwords safe. The fight against id theft isn’t one that you can win alone. We are all responsible for helping to keep each other safe from cyber-criminals and identity thieves.
July 30th, 2012
Jackie here, with AllClear ID. Do you need to change your email password? For those of you that have Yahoo email accounts, you might be aware of the recent Yahoo breach that rocked the fortune-500 company, and impacted many more affiliated—such as Gmail, Hotmail, and AOL users.
If you are worried that you might have been one of the 450,000 compromised users in the breach, worry no more. There is a simple way to check and see if you have been impacted. Head on over to Sucuri Labs’ Yahoo Leak Password Checker.
The checker is easy to use and will give you a peace of mind if your account is safe, or motivation to make some password changes if your password has been exposed.
What To Do
All you need to do is enter in your email address into the box provided and click, “Check Email”. You’ll get a response in seconds.
It’s that easy. If you do end up changing your password, make sure that you check out this article on password tips from the AllClear ID blog first. Use different passwords for each account to increase your safety. This password meter tool will help you determine the strength of your passwords and will show you some areas where you can improve your password strength. A strong password is an essential identity theft prevention tool.