Dale Penn

The Los Angeles Daily News ran a front page headline yesterday that was right up my alley! The L.A.P.D . in this case, got their man and the bust was one of the most significant fraud arrests in recent Southern California memory.

Not only was the culprit apprehended after a lengthy investigation, but the tools of his trade were confiscated, making this arrest one of the more successful in terms of peeking into the secret world of a full time identity thief.

Like the illusionists in Las Vegas, these trade secrets are highly guarded from the public unless someone gets the chance to pull the curtain back to reveal the inner-workings of these clever con-men.

As reported in the Daily News yesterday:

“….underneath his cool and collected exterior, the 44-year old man was found to possess more than 1000 forged credit cards he used to scam San Fernando Valley residents and businesses in an operation estimated to have netted millions of dollars, police said. His bail was set at $2 million and we’re investigating mail fraud, grand theft and additional charges…”

Investigators discovered state-of-the-art tools and equipment that enabled the suspect to create magnetic strips for the back of the fake credit cards. Stores like Costco, Wal-mart and Sam’s Club were perfect locations for the suspect to go on shopping sprees with the fake credit cards.

Fortunately, an alert internal investigations team at Costco noticed the suspect’s unusual purchasing patterns in one of their stores and the investigation was finally brought to a conclusion several months later.

Thanks in part to Hollywood, the theft or misappropriation of an identity for the purpose of financial gain is all to common in television and movies, which desensitizes us to the devastating financial impact of this no-so-victimless crime in the “real world”.

Anyone who rents property should note that this particular case includes private financial information which was included on confiscated rental applications. Costco has partnered with Identity Guard to offer credit monitoring services to their members for a nominal monthly fee.

A few reminders are in order:

• Don’t lend your credit cards to anyone (seems obvious I know)
• Monitor your statements to detect unauthorized activity on your account
• Report suspicious activity in writing to the card issuer
• Make sure your mailbox is locked to protect statements or new cards that arrive
• Minimize the number of credit cards that you carry
• College dorms and apartments are rich targets for prying eyes and sticky fingers
• Use online sites that start with https:// which tend to indicate they are “secure”

This case underscores the reality and vitality of professional identity theft gangs. Although credit isn’t as easy to obtain during this holiday season as it has been in the past, your chances of being victimized are better than ever.

Desperate times call for deliberate counter-measures!

With the holiday season upon us and the election season behind us, the average consumer may have their attention diverted away from personal privacy issues.

President-elect Barack Obama and Alaska Gov. Sarah Palin were concentrating on the election, while high tech thieves smelled an opportunity to violate the candidates’ privacy with reckless abandon. These fraudsters were phone company insiders and random email hackers, not mobsters from an Eastern European crime family.

Here is an excerpt from a story posted on fiercewireless.com:

“Verizon Wireless has fired the employees who accessed President-elect Barack Obama’s personal cell phone account without authorization.

A report on CNN.com quoted an unnamed Verizon source, who would not disclose how many people were fired but said, “we now consider this matter closed.” Apparently the employees were involved in customer service and were not authorized to look at an account unless a customer requested it.

The source also said that records of no other well-known customers had been breached. The phone that was accessed was a flip phone that had been inactive for months, and was not a Blackberry or other smartphone from which email could have been sent or data services could have been accessed.”

In Palin’s case, a 20-year-old student at the University of Tennessee has been indicted for breaking into one of Palin’s accounts and posting the information on a public website.

Here’s the point. We are all vulnerable to attack even if we are careful to do everything right in the privacy arena. Recovering from the emotional roller-coaster and sense of violation after being victimized can be both traumatic and lengthy. In extreme cases, you could even be facing a run-in with the law.

Prepare to remain steadfast this holiday season. If you are a member of AAA, you can unwrap an early Christmas present from them just by visiting their website and reading about their “free”, yes FREE credit monitoring and alerts for members only.

As major banks, insurance companies and investment firms fall victim to the current tsunami of financial storms, your privacy may suffer. When firms change hands, downsize their payrolls and transfer massive amounts of data, proprietary information is left exposed and privacy erodes.

At the end of September, the Dow Jones Industrial Average took the single biggest dive in history, dipping 777 points. In the wake of the impending reorganization of American business, your credit card balances, your mortgage, your savings accounts and your credit history will probably be reshuffled and reinserted into the database of the account’s new overseer.

After days of marathon negotiations, the bailout measure initially went down to defeat in the Congress by a vote of 228 to 205. After the Senate and the House gave final approval for a modified version of the $700 billion rescue plan, President Bush signed it into law on October 3rd, 2008.

Although the free markets globally are facing their toughest challenge ever, those markets do work. The problem is that they are controlled by human beings who are subject to behavior that is sometimes irrational, emotional and irresponsible.

Because of the irresponsible and sometimes deliberate misdeeds of the guardians of the financial gate, it is still your responsibility to to guard your personal information the best way you know how.

If you do not have a personal identity theft risk prevention, detection and mitigation plan in place, what are you waiting for? Visit the Privacy Rights Clearinghouse for great tips on how to protect yourself.

I appreciate the value of my intact identity profile…don’t you?

It has been too long since my last post. The past month has been a whirlwind for me as a result of my vacation to China.

As anyone who travels regularly will tell you, keeping tabs on your identity is a both a necessary evil and a blessing beyond belief when traveling abroad. Venturing off to China during the Olympics is certainly a test of all the safeguards that are supposed to be in place to make sure that you are really the real you when you travel.

Passing through customs, immigration and the tightest security I have ever witnessed gave me both a sense of awe and gratitude. Chinese security officials had their hands full and the world witnessed one of the most spectacular displays of pomp, ceremony and athletic achievement ever organized.

At the same time, security was at an all time high for good reason. The eyes of the world were fixed on Beijing and our hosts wanted the occasion to shine. I think we all agree …..it did.

The 12 hour flight from the West Coast gave me a chance to catch up on some of the latest and greatest scams we are facing here at home. One that caught my eye in particular was the number of credit card skimming cases which the Secret Service is investigating around the country.

In my seminars, I magically produce and vanish a card “reader” which could be called a “skimming device” if it fell into the wrong hands. The problem is that we are so used to seeing them, that we don’t even think about sliding our credit and debit cards into a device at an ATM, bank or retail location.

The challenge is that these high tech and deceptive skimmers don’t prevent the machine we are accessing from working and can be painted to match the color of any legitimate machine. According to USA Today, there are major investigations going on right now in California, Delaware, Nevada, Pennsylvania and Washington.

In Washington state alone, the number of recent victims could total as high as 250 people with losses totaling $500,000. The combined total of the cases totals between $1 million to $3.5 million stolen from victims.

The obvious first step for self protection is awareness and a keen eye for anything that may look suspicious. Thieves quite often place a small camera on or near the pump or ATM which records pin numbers as you key them in.

Diligent, constant awareness of irregularities and unauthorized activity on your accounts is your personal responsibility. The good news for American consumers is that reporting fraudulent or suspicious activity generally stops or reverses damage done with credit cards and most debit cards bearing the Mastercard or Visa logos. Irregularities must be reported in a “timely fashion” which generally means 60 days or less from discovery of the event.

Yes, old fashioned skimming is alive and well and being dispensed at an ATM or gas pump near you.

Not all Identity Theft protection providers are created equal.

Many consumers are scrambling for answers and guidance. Some just roll with their hunches or simply give in to the relentless marketing barrage of the “high profile “solution providers.

We all know who they are. These companies seem to pop up every time we visit the web. Their promises to prevent financial peril have been carefully crafted to deliver the greatest set of wiz-bang features ever offered before.

Some firms prop up spokesmen who carelessly boast of their own invulnerability to financial theft, while others claim to have cornered the patented ability to deliver a cloak of protection which only they can serve up.

All these contenders with their endless features and benefits remind me of a fantastic local deli near our house. The menu is huge and there are just too many delectable choices with a wide variety of prices!

So what’s a typical security seeker to do?

First, answer these revealing questions:

• Are you a victim? (If so, contact your local police immediately!)
• Have I checked the FTC’s online resources for information and guidance?
• Am I prepared between $9 and $15 dollars per month for the “right” solution?
• Do I mind paying someone to do something I could do myself for free?
• Are the company’s promises and claims reasonable and realistic?
• Is my entire family in need of protection or just me?
• Have I been lured with promises of “free” services? www.freecreditreport.com
• Do I really expect to “cash in on those well publicized $1,000,000.00 loss guarantees?
• Should I take a deep breath and examine my real no cost credit report?
• Have I taken advantage of freely accessible steps to minimize my exposure?

Consider your needs before “jumping on-board” with a provider.

Simply scratch off anyone on your list who claims to be able to PREVENT your identity from being stolen.

Consider that the Big 3 credit aggregators are in the business of selling your personal information to data-hungry marketers, while they simultaneously “protect” you from many of the very vultures that they feed.

It makes sense to protect yourself from the seemingly inevitable world of data breaches, medical fraud and financial fraud.

Well known Silicon Valley IT expert Ravi Char refers to information security as “the delicate dance”. No one solution is capable of covering all the bases.

In today’s complex world of portable data and predatory opportunists, the best identity protection solution is to stay light on your feet and keep on dancing.

Massive data spill leaves thousands of students out in the cold.

The combined number of people victimized in two separate incidents at the Universities of Virginia and Miami totals over 50,000.

Nearly every imaginable piece of private information was stolen; including names, addresses, credit card data and highly- prized social security numbers.

These giant leaks aren’t supposed to occur, but the fact is that the portability of laptops and backup tapes makes the crime more common than casual observers may notice.

In the Florida case, the records were being shipped off to a private off site storage facility. This practice is usually designed to safeguard the data off campus, but this time the stagecoach was robbed.

This isn’t the first time the University of Virginia has dealt with this crime. Last year the F.B.I. was called in to investigate the theft of data belonging to 5735 University faculty members.

Techweb Media reported this story last week and also disclosed new research from analysts at AMI Partners. The research indicates that a staggering 86 percent of mid-sized U.S. business reported some sort of security breach or data loss in the last 12 months!

What can you do to ward off the grim IDENTITY GRIM REAPER?

1. Back up your data. A backup allows you to restore missing, corrupted or stolen files quickly. A backup will also allow you to continue your work while your computer is being located, repaired or restored.

2. Download updates to your OS and software regularly. Security patches and “bug fixes” can help you keep your privacy armor polished.

3. Be on guard for viruses and worms. Fight these cyber-security threats by installing a good anti-virus software program.

4. Fight off malicious Ad-ware and Spy-ware. Everyone using the web, instant messaging or file-sharing is vulnerable. Install protective software to fight off malicious mal-ware and update it regularly.

5. What do you mean you don’t have a firewall? Install one immediately to protect your computer from intrusion. Purchase a firewall “box” or get the software version from a company like Norton or McAfee.

6. Use stronger-longer passwords. The longer and stranger looking they are, the better. Recent studies indicate that most computer users utilize the same password for everything. Create long and unusual alpha-numeric passwords that don’t contain easy clues like your dog’s name or the street you grew up on.

7. Lock your computer down! The trunk of your car doesn’t count. Visit a local retailer to purchase a computer locking cable device. Turning your back on your computer for even a moment at home, at the library or at Starbucks is just asking for trouble with a capital T.

Ironic twist makes this incident noteworthy!

Even high profile identity theft advocates are vulnerable to the threat of data loss, data compromise and data crime.

Representative Joe Barton (R-Texas) was among 3000 patients whose records were reported missing by the National Institutes of Health. An NIH laptop containing the medical records for the patients was reported stolen from the trunk of a vehicle according to a report this month by The Associated Press.

Here’s the irony. Barton is a founder of the Congressional Privacy Caucus, whose mission among other things is to educate members of Congress and their staffs on matters of individual privacy.

It is noteworthy that Rep. Barton only found out about his own breach in press reports. Barton has asked the inspector general for the Health and Human Services Department to investigate why the information wasn’t encrypted and why the NIH delayed disclosure of the breach.

As difficult as it may seem to protect your financial identity, your medical records are much harder to secure. This is primarily because patients have no control over the handling and care of their own personal medical records.

The federal regulation designed to prevent these unsettling scams is the Health Insurance Portability and Accountability Act ( HIPAA) Privacy Rule. Unfortunately, it can be extremely difficult for patients to correct inaccuracies in their medical records, because insurance companies are not compelled to correct records which they did not create.

According to a report on msnbc.com, one medical identity theft victim had the contents of her wallet removed and despite the fact that she quickly cancelled all her credit cards, had almost $14,000 in prescription meds and treatments charged up in her name. Over the next four months, restoring her identity became a part-time job. She fought off bill collectors, struggled to get her own medical prescriptions paid for and nearly got arrested herself on suspicion of being a co-conspirator in the scam.

The numbers can be deceiving. According to the Federal Trade Commission, only 3 percent of U.S. identity-crime victims have their information used by others to obtain medical services or false claim reimbursements. This still means that nearly 250,000 Americans may be victims each year! The rising cost of health-care will only make these crimes more prevalent going forward.

The lurking dangers of not being able to access your own health benefits or having your medical records polluted with potentially life threatening mis-information makes this topic a sure recipe for more than just heartburn.

If the gatekeepers are concerned, we should be too!

If you haven’t seen reports of  the latest Identity Theft attacks plaguing our country, you haven’t been reading much news lately. Where have you been?

Even the U.S. Air Force has waged an ad campaign designed to capture the imagination of a new crop of tech savvy young recruits to help fight the current “cyber-war”. This war is not imagined or “virtual”, it is very real indeed.  

The battle is raging on many fronts. In addition to the constant daily threat from foreign governments, bored adolescent hackers and low level organized criminals, there is a new enemy emerging.

Symantec Corporation is losing sleep due to concerns about the next virulent strain of Trojan horse programs.  According to the April 2008 issue of PC Magazine, the Trojan.Silentbanker program can perform “man in the middle” attacks between users and more than 400 banks.

This Trojan monitors usage patterns on the web, while looking for bank data that it can manipulate. This program can actually re-route the account destination of banking customer transfers. Apparently, the Trojan.Silentbanker can even overcome the “safeguard” of two -factor authentication.

The article correctly distinguishes between a single bank target like those that are cloned by realistic looking “phishing” sites and the multiple bank sites susceptible to this Trojan program.

Symantec’s well known suite of anti-virus and personal firewall products are designed to protect from these threats. If you are not in the habit of updating yours, you are headed for a hard fall someday. PC Magazine also reminds never to run executables we get from strangers.

Thank goodness for warriors like our Air Force and Symantec who “sit on the wall” for us and fight evil at every turn, keeping us from losing more than just our shirts.

Be afraid…..be very afraid.

We live in a world where our personal habits, personal preferences, personal information,  and private lives are sometimes taken for granted. Former New York Governor Eliot Spitzer now realizes the folly of this careless, foolish and whimsical approach.

Last week, msnbc.com reported about the rash of failed savings and loans who are dumping mountains of personal information into trash bins as their businesses shut their shingles, fold their tents and abandon their clients.

The article chronicles the failure of First Magnus Corp. who was one of the largest mortgage lenders in the nation. The company was hailed as a “powerhouse” of savvy technological innovation. As unimaginable as it seems, “tens of thousands” of  documents including credit card and social security numbers were “dumped” in a nearby trash bin.

It now appears that every personal tidbit we make available in the process of securing credit for mortgages and secured or unsecured personal or commercial loans is up for grabs and beyond our ability to provide or even expect protection. Is that line of credit really worth the open exposure of all your personal data?

This new reality hit home for me today as an eagle-eyed industry associate correctly pointed out that a commercial lender who served each of our company’s mutual business clients had suddenly collapsed, leaving their customers and pending applicants’ data completely unaccounted for.

Mountains of juicy private data files are turning up in dumpsters and garbage cans all over the country. This criminal carelessness leaves us all exposed and hopelessly vulnerable beyond our control.

What’s a consumer to do? Protect yourself at all costs. Private identity theft insurance, regular credit monitoring and reactive credit restoration services are all good ways of keeping your guard up. To avoid pro-active identity self-defense is foolish.

The reality is that the information that passes through our hands and into the care of nameless, faceless, careless corporate grunts cannot be safeguarded with any degree of reliability.

Despite the fact that the Fair Credit Reporting Act was amended by Congress in 2003 to mandate better consumer privacy protection, commerce and industry must each do their part.

Because of the implosion of the sub-prime lending industry, many phone lines are down, many office cubicles are empty and many trash bins are full. In the new financial frontier its “every man and woman for themselves”.

Why not begin your proactive identity theft prevention/resolution plan today?