Victims of Identity theft are confronted with a problem that is unique among victims of crime in the US. Unlike more traditional crimes, a victim of identity theft is forced to prove his or her innocence; not to one group or entity but to many. With identity theft, it will be assumed the victim is really the perpetrator until proven otherwise. As one tries to sort through the damage and clear their name, it is imperative that a victim knows the rights they have under the law, and where to go for legal resources and assistance in their efforts to get past this problem.

 

In the US, most consumer protection for financially related identity theft and fraud will fall under one of three major pieces of federal legislation. These are the FCRA (Fair Credit Reporting Act), FACTA (Fair and Accurate Credit Transactions Act), and FDCPA (Fair Debt Collection Practices Act). It is imperative that a victim of financial identity theft familiarize themselves with all three of these laws, in order to have a better understanding of just what their rights and protections as consumers and as potential victims are.

For financial or criminal identity theft it is also important to review the state laws and statutes directly related to identity theft, both in the state of the victim’s residence and the state where any portion of the theft or fraudulent use of the information occurred. A good place to start for any victim at the state level is to contact the state’s attorney general’s office, or review the state AG’s website. This will give the victim a far more thorough understanding of what their legal rights are, and the means of mitigation provided to victims in that particular state. In addition, for victims who may need to seek an attorney for any necessary litigation that may result from the theft, but who lack the necessary means to hire their own attorney; contacting the state’s associated Legal Aid Society will often provide insight into where pro-bono or discounted legal services may be found.
In many cases simple knowledge and understanding of the laws already in place will be sufficient for a victim of identity theft or financial fraud to successfully mitigate their case without the assistance of an attorney.

However if the determination is made that the only way to mitigate the fraud is to go to court, having an attorney is a really good idea. In that eventuality, the victim should ensure that whoever they enlist to be their legal counsel, has a clear understanding of identity theft related crimes, and understands that the victim’s legal defense rests solely on the fact that they are a victim of financial crime. Traditional legal education often doesn’t specifically address this niche area of the law, and any attorney who lacks at least a basic understanding of identity theft issues can often make things worse for their clients, despite the best intentions. A victim who has taken the time and effort to educate themselves will be able to determine who will be a good fit in any pre-hire legal consultation.

Above all, a victim needs to become their own legal advocate. Do a little research and come to an understanding of what protections are provided them under the law. A thoroughly educated victim is a hard one to take advantage of.

“What Are My Rights?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog

Last spring, it was revealed that iPhones and Android mobile phones send individual’s “user location data” back to their respective companies, Apple and Google. Initially the news was met by an angry uproar from citizens concerned that their right to privacy was being collectively violated. It didn’t slow down sales of either iPhones or Androids however, both of which posted significant gains last year. While Google is quick to point out that the information is stored anonymously, consumer concern has prompted Reps. Ed Markey (D-Mass) and Joe Barton (T-Texas) to call on the Federal Trade Commission to investigate whether Google’s privacy policies violate a previous settlement reached with the FTC last year.

This is in addition to the ongoing FTC antitrust probe into Google and Google+. Last June Google was answering questions about apparent manipulation of search results to accommodate its own products. The more recent probe includes Google +, and questions whether Google + has been given preferential treatment in Google’s vast network of online products and services. “The FTC is examining whether the company unfairly increases advertising rates for competitors and ranks search results to favor its own business, such as its networking site Google. According to the latest report, the FTC wants to find out “whether the company is using its control of the Android mobile operating system to harm competition.”

Google’s opponents have called for an investigation into Google’s search protocols for some time. Responding to reports of an imminent investigation, which originally surfaced in June of last year, FairSearch.org applauded the news. FairSearch.org represents companies such as Expedia, Travelocity, Kayak and Microsoft; all entities that have objected to Google’s actions.

“Google engages in anticompetitive behavior across many vertical categories of search that harms consumers,” the organization said in a statement. “The result of Google’s anticompetitive practices is to curb innovation and investment in new technologies by other companies.”

As of May 2011, Google had a 65.5 percent share of the U.S. search market, compared to 16 percent for Yahoo and 14 percent for Microsoft’s Bing. The European Commission began a similar antitrust investigation into Google’s search practices last year after numerous complaints from small businesses. That case is still pending. The gist of the FTC probe, prompted by the Senate, is that 1) since Google is a dominant gatekeeper to access competitive commercial opportunity online, and 2) if it deceptively represents that it is an equal opportunity search engine, 3) then favors the search results with Google products and services, then 4) Google is effectively using deceptive practices to steal the competitive opportunity of competitors and depriving Internet users’ of free choice to choose competing products and services.

While it is so far unclear what the long-term ramifications are for Google, the fact that this call to investigate has widespread bi-partisan support in Washington could lead to more trouble for the information conglomerate before all is said and done. Most recently Apple was subpoenaed regarding the Apple iOS use of Google products on their smartphones. Should Google be found to have violated the terms of their 2011 settlement, serious punitive action from the federal government may be in Google’s future.

“FTC and Google’s Ongoing Battle and its Implications:” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Late last week we launched a new survey here at the ITRC. This survey is intended to measure how well parents monitor their children’s social media and mobile device usage. There have been many stories in the news lately addressing serious problems with children on the internet. Issues such as bullying, sexting and identity theft have become a daily staple in the media. Questions are once again being asked as to the appropriate age for children to begin using social media and mobile devices. Another important factor being studied in this survey is what role do parents play in their child’s usage of social networks and mobile devices.

Parent surveyWe are trying to analyze these issues in order to find the best answers for parents and children. Parents are seeking knowledgeable advice on how to ensure the safety of their children. Our latest survey aims to do just that. We are hoping to better understand the practices of parents and children in the social media / mobile devices sphere, so that we may develop a set of best practices to recommend to parents and children alike. A successful completion of the survey will give us the data we need to move forward with creating those best practices based on the reality of today’s parenting.

Of course we wanted to give survey takers some incentive for taking the time out of their day to complete our survey. In conjunction with the survey we launched a contest to win one of five $100.00 gift cards. To enter the contest just visit the ITRC’s website and click on the Do You Have Children Who Use Social Media? link or click here to take the survey directly. The contest will run from May 1, 2012 through May 31, 2012. Five $100 prize winners will be announced and contacted on June 1, 2012. The survey results will be released on the ITRC website shortly thereafter.

The long awaited 2012 Child Identity Theft Report by AllClear ID was recently released, and it revealed alarming information regarding children and identity theft. AllClear ID’s conclusive investigation revealed that 10.7% of children were victims of identity theft in 2011 – a .5% increase from the 2011 Child Identity Theft Report. This report is based upon an extensive database scan of actual accounts rather than a survey, and it concluded that 2875 out of 27,000 American children were victims of identity theft.

The analysis of records revealed that 6,273 records or 59% of cases involved the credit bureaus – showing credit problems. The next category revealed 6, 273 records or 22% of cases involved utility accounts, followed by 1,459 records or 14% of cases involving either property assessments, mortgages, foreclosures, or deeds. The next two categories presented 345 records or 3% of cases involved vehicle registrations, and 214 records or 2% of cases involved Driver’s Licenses. Interestingly, one may wonder why the number of records may be higher than the actual number of confirmed child identity theft cases in the report. According to AllClear ID, many of these records involved cases that faced more than one type of identity theft, which drove the number of records up. In addition, many of these child identities were used for what appeared to be multiple different cases of identity theft.

In recent years, the ITRC has seen an increase in cases that involve more than one type of identity theft. These cases become more complex and difficult for the victims to mitigate. Child identity theft is a serious issue because a child’s identity provides the opportunity for different exploits – financial, governmental, criminal, and medical. Although the ITRC tracks child identity theft cases, we do not recognize child identity theft as a standalone type of identity theft because a case of child identity theft will involve one or more of the types of identity theft mentioned above.

In addition, the AllClear ID report states that children under the age of 5 are being heavily targeted. The percentage of victims in this age range is said to have more than doubled compared to that of last year’s study. The logic behind these findings clearly show that criminals are targeting children of this age because they recognize the value of a younger child’s identity – they are likely to get much more time using the identity before discovery. A child’s identity is recognized as a ‘blank slate’ – posing opportunity, potential and long term options. Children’s Social Security numbers are valuable to thieves because the crime can go undetected for years. A child does not begin to use his or her own identity until he or she has reached the age of 18 – the age a young adult applies for his/her first credit card, purchases his first auto, applies for student loans, applies for a job, or gets ready to do all the things adults do. Younger children pose an opportunity for a thief to enjoy the exploits for longer periods of times, all the while creating a devastating impact on the child’s identity and future.

Just how is it that companies always seem to know just how to advertise to us? Ever get a chill up your spine when Target sends you a coupon for the exact type of jacket you’d been thinking of purchasing for the last week? If it feels like internet marketers know what products you’re likely to be interested in, it’s because they do. It is well known that internet activity can be tracked by marketers and used to more effectively reach the consumers who are likely to be interested in the product or service they offer. What is less widely understood is how different websites track your information, and how they use it. Simply changing your privacy settings in your browser can limit the information that you share across the entire spectrum of internet advertising. But what if you want to go deeper?

 

In order to truly understand how each site you interact with tracks your information, and just who they share it with, would require the consumer to read each individual privacy policy for every single website they frequent. By law the terms of use and related privacy policy must outline exactly what information they harvest from you, exactly how they use it, and with whom they are sharing it. There is no law however, against making your terms of service long, using lots of tiny print, or against writing it in legalese jargon that makes it very difficult for the average consumer to understand.

There is a company with a new product that seeks to address this particular issue. PrivacyChoice has developed a digital service that indexes and disseminates privacy policies from a multitude of various websites, and has developed a scale designed to rate these sites based on how they collect and use your personal data. Their idea is to provide a one-stop easy tool that will allow consumers, site publishers, and administrators to compare various privacy policies across a given field at a glance. The hope is that not only will this spur more careful web shopping and browsing by the consumer, but will also provide greater exposure to how companies act with your information, making it advantageous from a public relations perspective for companies to create stronger privacy policies, and to encourage more responsible handling of consumer data.

Specifically, PrivacyChoice measures whether a website shares personal user data with other sites, how long the site retains that data, and whether there is a confirmation process to confirm eventual deletion of that data. Users who visit privacyscore.com can search for Web sites they wish to have scored. Users also can download a plug-in app for their web browsers that, when activated, will show a privacy score at the top of each Web site they visit. There is also a downloadable plug-in that will function like an additional tool-bar in your browser that will show you the privacy score of various sites as you surf the web.

“What Is PrivacyScore and What Does It Do?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

So you’ve discovered that you’re a victim of identity theft, and you need to file a criminal complaint with law enforcement. Having a clear understanding of what your expectations should be in dealing with law enforcement, and what their role is and should be in mitigating the damage to your identity will give you the best chance of successfully cleaning up your good name.

The first thing a victim of identity theft should understand is that law enforcement probably won’t be able to catch your identity thief. It’s not that they’re not law enforcementcompetent, or that they don’t care. As any regular reader of ITRC blogs is likely already aware, the problem is that identity theft is a very 21st century crime and our jurisdictional system was designed in the late 19th – early 20th century to effectively police crimes that existed at that time. Identity theft as we think of it today did not truly become a major issue until the last few years of the 20th century.

Many cases of identity theft transcend traditional jurisdictional boundaries. A police officer in Arizona may or may not have the time and resources, let alone the authority, to help catch an identity thief in Florida. While there

are some exceptions to this general trend (as when the victim and the thief live in the same area, or the thief is known to the victim), generally the victim’s focus should be on cleaning up the damage and preventing future incidence of fraud, and not on catching the bad guy. Deliver what information you have to the police when you file your report, and let them determine the likelihood of bringing the thief to justice.

The good news is you don’t need to catch the thief to mitigate the damage from past identity theft, and protect your identity from future harm. The principle value of contacting the police for identity theft is simply to get the incident report. The existence of a police report gives your status as victim credibility. In order to mitigate the damage done from identity theft you may need to contact creditors, collection agencies, government offices, or anyone else who may have been affected by the illegal use of your personally identifying information.

The ability to provide a complaint made to law enforcement shows that you’re not just someone trying to cleverly skate on paying a bill. Having a police report is also a critical component to invoking your protections under federal laws such as FACTA, FCRA, and FDCPA. Understanding that in most cases of identity theft the report itself is a greater asset in your fight to restore your good name than seeing the criminal brought to justice is paramount when you seek the assistance of law enforcement.

“Helping Law Enforcement Help You” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

A company called OneID is developing some innovative and interesting solutions to identity and password security. Vinod Khosla, Founder of Khosla Ventures, one of the principle groups that invested heavily in bringing OneID to market, briefly outlined why his company was willing to infuse 7 figures of capital into this relatively unknown company in the information security space.

“We believe OneID will attract the most forward-thinking businesses to offer a more secure alternative to the way we sign in to sites and share personal information.”

Information security is an issue for every consumer today. In attempting to make their personal information as secure as it can be, consumers are routinely expected to handle a multitude of different usernames and passwords across various internet portals to manage each of their virtual profiles or identities. This obviously can be problematic, forcing the account user to choose between remembering literally dozens of different username/password combinations, or using the same username/password (or close derivatives) for multiple account credentials. Sadly, there is a great deal of potential damage which can occur if through cyber hacking or phishing, any one of these online identities is exposed. A hacker will understand that the email address and password for your Facebook account that they just harvested will likely be very similar to credentials used for your financial accounts.

When the hacker successfully opens a user account, it can often place the account owner in a “guilty until proven innocent” scenario, where they must actively prove they are not responsible for a certain online action or transaction credited to their identity. Businesses that rely on online transactions must invest more and more in password security, fraud mitigation processes, and consumer compensation issues. And, this problem is definitely not going away. As the prevalence of online commerce continues to grow, so too will the issues surrounding digital security.

The idea behind the OneID approach is to allow both consumers and online businesses to benefit from a highly secure digital identity system without sacrificing convenience. For consumers, the advantage will be that they will no longer need to remember multiple usernames and passwords; allowing for greater control of their personal, financial and credit card information. For online businesses, OneID hopes to provide a one-stop convenient, secure, and relatively thrifty solution to the digital authentication problem. It remains to be seen whether or not this will significantly reduce the costs and headaches associated with digital identity verification, but what is clear is this is an innovative, elegant new solution in the battle against digital fraud and identity theft. Now, which version of “GreenElephantTusks” did I use for my Yahoo password…..

“Introduction to the “OneID” System” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Chances are you have a lot of accounts. Personally I have accounts (and passwords) for sites that I don’t even remember. And while I have more accounts than most due to my profession, I would bet many people deal with the same problem I do: Password Overload. Password overload is when you attempt to use your Pinterest, Twitter, work email and university login passwords (one after another) to get into your Money Market Account only to be locked out. Now you have to go into the branch with photo ID, or endure the dreaded “customer service hotline” (not-line) to prove that you are not indeed a thief. Maybe you haven’t experienced such an ordeal, but everyone has experienced something similar.

The problem seems like it could be easily solved by using the same password for everything. One password to remember, and no more jumbling through your notebook trying to find what password you used for your newest account creation or Facebook app. The problem with this approach is that if you are using the same passwords for all of your accounts, then if someone manages to get the password for say, your Instagram account, they would probably be able to drain your savings account, phish your family for personal information (such as your Social Security Number), or rack up a warrant in your name for writing bad checks…. This could all happen because you logged into Facebook at the internet café and re-use the same password for multiple accounts.

So, what do you do if you don’t want to tattoo 25 passwords on your arm (P.S. You would probably now have a MySpace log-in that would need to be covered up) and you don’t want to end up cuffed for felony check fraud? The answer is a password manager. This new service was created so that users can remember just one password, yet have access to all other passwords. The best part is that you can have access to these passwords from anywhere as most of the new password managers are internet based. As the need for password management increases, the options consumers have grown leaving even the strictest cybersecurity aficionado pleased with the service.

A few things you should look for when finding a password manager are:

  1. Is it cross platform? Will it work on your iPhone and your PC?
  2. How is the information (your passwords) encrypted?
  3. Does the service sync or will the user need to update the database every time they sign up for a new account?
  4. What is the initial authentication process and how strong is it?
  5. How reputable is the company who created the product and what is reported about the product itself?

By asking yourself these questions you should be on your way to making sure that your passwords are protected and you won’t lose your mind trying to keep track of them all. Just make sure you protect your login credentials for your password manager…. like really, really well…

“Too Many Passwords? Handle It…” was written by Nikki Junker. Nikki is the Social Media Coordinator at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Are you considering selling your old laptop or smartphone? As some of us may be aware, deleting files or data from these mobile devices is not enough. The truth is that some of what we think are “files” in these devices are actually “shortcuts,” and deleting these from the devices will not delete the files themselves. Nowadays, personal computers and mobile devices, such as smartphones have replaced the old paper-file method for storing or even doing work. If you are thinking about selling or donating your personal laptop or any of your mobile devices, there are some precautionary steps you may want to take in order to ensure that any personal or sensitive information does not get left behind. Sensitive information left behind can be retrieved and pose a serious problem.

For computers there are two methods for getting rid of files or information stored in hard drives. These two methods are called reformatting and wiping the hard drive. When you format your computer, the files on the disk are not completely erased; it means the address tables are – where a search will prevent the files from being easily located. Formatting the disk is much more than deleting files, however, it is important to understand that it is not completely secure. Reformatting a drive may still allow your data to be recovered, making you susceptible to data theft.

So, it will all depend on the data you have stored in your device. Think about what you have used your computer for. If you have used your computer for online banking, paying bills online, personal email, storing income tax return forms, and/or other important documents – you may want to consider disk wiping. Disk wiping is the other alternative for computers – it removes software and data from the hard drive. The process of disk wiping overwrites your hard drive. If you are getting rid of your laptop, you may want to consider performing a disk wipe service. If unfamiliar how to perform it, there are technical support groups who may be able to perform this task for you.

Here is a link to an excellent short article on this practice: http://enterprisefeatures.com/2012/02/disk-formatting-vs-disk-wiping/

On the other hand, let’s talk about smartphones. It is said that if you have a Blackberry or Apple device – that data wiping will completely remove any stored data on your device. Therefore, you shouldn’t be worried about the possibility of someone hacking into the operating system and retrieving your data. You may either install wiping software or for these two devices, use the factory settings for data wiping. Now, we know there is a third party missing – the Android operating devices. There has been recently publicized advice that if you are considering getting rid of your Android device, that you are better off keeping it rather than letting it go.

Android devices also offer a factory data reset, where all the data on your phone is erased. While the phone is in use, the user can also setup data encryption, where all personal data on the phone is encrypted. In addition, files can be encrypted to your memory card and internal phone storage – you’ll find this under the storage encryption option. Regardless of the type of smartphone you use, you need to be aware of all the information it harvests, and make certain that data is not given away when you are done with the phone.

Ultimately, the truth of the matter is your security depends on the type of information or data you have stored in your device. Often times, if we store personal identifying information or sensitive information that can lead to identity theft, we should be very concerned of the possible threat if we haven’t taken the measures to appropriately delete or erase the data. Exercise precaution.

Facebook privacy seems to be an ever more common theme of discussion. While the positive uses for Facebook and social networking platforms like it are numerous, use is not without risk. Aside from malicious use of personal information stored on Facebook, controlling how you share your information is an imperative skill set for anyone who has a Facebook page and makes a living in the corporate world, where unflattering pictures or posts could result in a negative impact on one’s career. It’s important to note that photos and posts you’re tagged in can show up on your profile even if you didn’t post them yourself.

The best way to take control of what shows up on your Facebook is to understand how to control the privacy settings related to Facebook tags. Here is how you do it:

From your home page which displays your news feed. Click the drop down menu tab in the top right corner, designated by a down facing arrow directly to the right of the “home” button. From there click the “privacy settings” option. That will bring you to a page where you can customize what information you share and with whom. About half way down this page is a section that’s labeled “timeline and tagging” with an “edit settings” button directly to the right of it.
From this page you can control what things you can be tagged in and where it will appear. For those in the professional world, it is wise to select the option that requires all tags to be pre-approved by you the user, before it can show up on your profile page.

This way, no matter how inappropriate you behave on Friday night, you can rest assured the co-workers in your office won’t be snickering at them on Monday morning. You can approve the tags you like and reject the ones you don’t. Learning how to manage the flow of information displayed through Facebook is an essential practice for most users, and especially those with a professional reputation to protect. Spending 20-30 minutes perusing through this section is all it should take to be comfortable with the settings and it could save you a mountain of trouble later on.

“How to Stop People from Tagging You in Facebook Pictures” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.