Friday, October 07, 2005

State of Pennsylvania Unveils Website on Fraud

In the past week, I have been focusing on efforts by politicians to take a bite out of the fraud crisis. The State of Pennsylvania recently put up a website to protect it's citizens from becoming statistics.

Below is a press release, directly from the Governor's office:

Governor Edward G. Rendell today announced a new effort to protect consumers and keep them alerted to fraud. The Governor said that the state Department of Banking has created a new, easy-to-use Web site that will provide consumers with instant notification when the Department of Banking takes action against a financial service provider.

"One way to protect consumers is to provide them with up-to-the-minute information on financial service providers," Governor Rendells said. "With this new Web site by the Department of Banking, consumers can sign up for free electronic updates to be kept apprised of any attempt to rip them off."

The new Web site, which went live early this morning is at www.banking.state.pa.us.

"Unfortunately, there are individuals and companies who want to prey on people," Governor Rendell said. "The information that will be provided through this Web site will empower consumers to make informed decisions about where they do business."

Making people AWARE is a key item in the fight against fraud!

Monday, October 03, 2005

The Social Solution to Internet Fraud

My last post was about trend setting legislation adressing identity theft being passed in California. To read the previous post go to Terminating Identity Theft in California .

Today, I read an article by James B. Kelleher from Reuters, which demonstrates the need for more of this legislation (worldwide). These laws can go a long way towards prosecuting the cyberscum that create 9 million victims a year in the United States alone.

Kelleher quoted two security experts from Visa USA and Mastercard International:

Speaking at the Bank Card Conference here, John Shaughnessy, senior vice president for fraud prevention at Visa USA, and Suzanne Lynch, vice president for security and risk services at MasterCard International, said that organized crime rings — with the help, in many cases, of former Soviet KGB cryptographers — were successfully using the Internet and "crimeware" software programs to circumvent the defenses credit card issuers erected against them.
Another root cause of the problem are corporations, who put profitability ahead of their customers:

"While the criminals are increasingly savvy, Shaughnessy and Lynch said that in many cases they were inadvertently helped by sloppy security policies within the payment chain and by slip-ups by merchants, third-party processors or the credit card companies."

Both experts agree that the end is nowhere near in sight.

It's going to be difficult to build technical defenses, especially when some of these gangs (notably those from the former Soviet Union) are known to employ highly educated technical experts. There have also been reports that the gangs are working in collusion with each other, or networking.

For every measure created to address their activity, they seem to have the experts to come up with a countermeasure.

To attack the problem, we need to figure out why this activity is so lucrative. One answer is that the laws are lax and the chances of getting caught are minimal.

Creating laws with strict penalties is a step in the right direction!

For the story from Reuters, click on the title of this post.

Sunday, October 02, 2005

Terminating Identity Theft in California

Senator Diane Feinstein was responsible for a law in California requiring victims to be notified by businesses and the government when their identities have been compromised. This law has had a far reaching effect on policy setting and is credited with starting a trend, both in the United States and beyond.

In January, she introduced more legislation to address the crime of identity theft.

"The Privacy Act – A comprehensive bill that would set a national standard for protecting personal information such as Social Security numbers, driver’s licenses, and medical and financial data, including information collected both online and offline. Modeled on California ’s financial privacy law, it requires companies to let consumers “opt in” before their most sensitive information is shared."

"The Social Security Number Misuse Prevention Act – This bill would regulate the use of Social Security numbers by government agencies and private companies by prohibiting the sale or display of Social Security numbers to the general public, and by requiring Social Security numbers to be taken off of public records published on the Internet."

"The Notification of Risk to Personal Data Act – Modeled on California’s database security law, this bill would define as personal data an individual’s Social Security number, driver’s license number, state identification number, bank account number or credit card number; require a business or government entity to notify an individual when it appears that a hacker has obtained unencrypted personal data; levy fines by the FTC of $5,000 per violation or up to $25,000 per day while the violation persists; and allow California’s privacy law to remain in effect, but preempt conflicting state laws."

Following the trend set by Senator Feinstein, Governor Arnold Schwarzenegger (with the help of a lot of California politicians) is also working hard to protect the rights of people, who become victims of a crime that can ruin people's lives. He has recently signed the following laws into effect:

"SB 13 by Senator Debra Bowen (D-Marina del Rey) - Personal information.
SB 13 requires that the Committee for the Protection of Human Subjects at the Health and Human Services Agency approve scientific research proposals before state agencies are permitted to disclose personal information to be used while conducting scientific research."

"SB 97 by Senator Kevin Murray (D-Los Angeles) - Commercial electronic mail: penalties.
SB 97 provides that a person who violates California's anti-spam law by sending unsolicited commercial electronic mail ("spam") has committed a misdemeanor punishable by a fine of not more than $1,000, imprisonment in a county jail for not more than six months, or by both the fine and imprisonment."

"SB 158 by Senator Michael J. Machado (D-Linden) - Powers of attorney: social security numbers.
SB 158 eliminates the requirement that one provide his or her Social Security Number on a power of attorney form and authorizes any party accepting the form to seek identification of the agent."

"SB 460 by Senator Bob Margett (R-Arcadia) - Offender access to personal information.
SB 460 expands existing law to prohibit any offender confined in a county facility or any inmate confined in the California Department of Corrections and Rehabilitation (DCR), from employment that provides access to the personal information of private individuals, by making the provisions of law applicable regardless of the commitment offense of the inmate."

"AB 361 by Assemblymember Sharon Runner (R-Lancaster) - Notaries public.
AB 361 provides that it is a misdemeanor for notaries public to willfully fail to perform the required duties of a notary and requires the court to revoke a notary's commission if the notary is convicted of a felony or for willfully failing to perform his or her duties. This bill also clarifies that the crime of forgery includes falsifying an acknowledgement of a notary."

"AB 1069 by Assemblymember Cindy Montanez (D-San Fernando) - Deceptive identification documents.
AB 1069 makes it a crime to possess deceptive identification document-making devices with the intent that the device(s) will be used to manufacture, alter, or authenticate a deceptive identification document, as defined."

"AB 1517 by Assemblymember Sharon Runner (R-Lancaster) - Department of Managed Health Care: employee information.
AB 1517 would permit the Department of Managed Health Care (DMHC) to run criminal background checks on any prospective employee whose duties would include access to medical information. This bill also requires the DMHC to conduct criminal background checks on any contractor, its employees, agents or subcontractors that, as a part of their contracts with the DMHC, will have access to medical records."

It's refreshing to see politicians ignore party lines to protect people from what is becoming the fastest growing crime of the century. I would like to commend Govenor Schwarzenegger, Senator Feinstein and the host of State Senators for their noteworthy efforts. These efforts will protect those they serve.

California is continuing the trend of enacting laws, which will (in my opinion) "terminate" the easy access cybercriminals have to all of our personal information.

You can support legislation (present and future) by letting your politicians know how you feel. Here are two sites to find out where to write:

In the United States go to: http://www.house.gov/writerep/.

In the United Kingdom go to: http://www.locata.co.uk/commons/.

To read the information on Govenor Schwarzenegger's site, click on the title of this post.

Saturday, October 01, 2005

Jury Duty Telephone Scam

On Wednesday, the FBI issued a warning about a new identity theft scheme. Fraudsters identifying themselves as employees of a court call telling people they have been selected for jury duty and ask them to verify their names, date of birth and social security numbers. In another version of this scam, they call and will claim you didn't show up for jury duty. Again, they try to get your personal information and sometimes credit card numbers, also. They are alleged to be very convincing and even threaten their intended victim(s) with fines and legal action for not complying.

I did a search of the news and noted local stories in Arizona and Virginia about this scam, also.

According to the FBI, "The judicial system does not contact people telephonically and ask for personal information such as your Social Security number, date of birth or credit card numbers. If you receive one of these phone calls, do not provide any personal or confidential information to these individuals."

"This is an attempt to steal or to use your identity by obtaining your name, Social Security number and potentially to apply for credit or credit cards or other loans in your name. It is an attempt to defraud you."

If you are approached with this sort of activity, please report it to your local FBI field office, which can be found at www.fbi.gov.

Identity Theft is a crime costing the U.S. (alone) 53 billion dollars a year and claims roughly 9 million victims. Here are some tips from the FBI on how to avoid identity theft:


  1. Never throw away ATM receipts, credit statements, credit cards, or bank statements in a usable form.
  2. Never give your credit card number over the telephone unless you make the call.
  3. Reconcile your bank account monthly and notify your bank of discrepancies immediately.
  4. Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.
  5. Report unauthorized financial transactions to your bank, credit card company, and the police as soon as you detect them.
  6. Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed.
  7. If your identity has been assumed, ask the credit bureau to print a statement to that effect in your credit report.
  8. If you know of anyone who receives mail from credit card companies or banks in the names of others, report it to local or federal law enforcement authorities.