Saturday, September 23, 2006

California Could be the First to Address RFID Safety

California might be the first to address the issue of RFID and privacy. The Identity Information Protection Act of 2006 is expected to be on Gov Arnold Schwarzenegger's desk by month's end.

To read a fact sheet by the Electronic Frontier Foundation - link here.

And our privacy might not be the only thing at stake. There is a scary video (from YouTube) about how RFID could identify what country a person is from, and be used by terrorists to detonate a bomb, here.

RFID is becoming a highly controversial technology. Here is a previous post, I did:

RFID, A Necessary Evil; or an Invasion of Privacy

Identity Theft Task Force Issues Progress Report

Here are the interim recommendations by the President's Identity Theft Task Force on how to fight the national identity theft crisis in the United States (courtesy of the FTC website):

The President’s Identity Theft Task Force has adopted interim recommendations on measures that can be implemented immediately to help address the problem of identity theft, Attorney General Alberto R. Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras announced today. The Identity Theft Task Force, which was established by Executive Order of the President on May 10, 2006, and is now comprised of 17 federal agencies and departments, will deliver a final strategic plan to the President in November.

The interim recommendations of the Identity Theft Task Force were announced following a meeting of the Task Force today at the Justice Department.

Link to recommendations, here.

Perhaps - identity theft - which isn't just a financial problem - is finally getting the focus it deserves.

eBay gets Sued (Again) for "Counterfeit" Sales on Site

Pocket-lint is reporting that eBay is being sued by Louis Vuitton and Dior Coutre. The actions allege that eBay doesn't do enough to stop the sale of counterfeit merchandise on their site.

Louis Vuitton is asking for $26 million and wants Dior Coutre $22 million in damages. The actions were filed in Euros - so the dollar figures are approximate.

Link, here.

Louis Vuitton isn't the first organization to sue eBay for selling counterfeit goods bearing their name. Tiffany filed an action in 2004 after commissioning a study which claimed that 73 percent of their items sold on eBay were counterfeit.

The Tiffany action is still pending.

Microsoft has taken a slightly different tact and has filed actions against the sellers (directly).

The buySAFE blog and Jeff Grass led me to this story via a del.icio.us article he "saved." When I found this story - I found another story Jeff saved - where eBay is suing start up auction sites for "trademark infringement."

Note that all these legal actions have one thing in common - they allege the wrongful use of a "name."

To read this article by MarketWatch - link here.

Law suits keep a lot of lawyers employed.

In all fairness - - counterfeiting is a worldwide problem -- and counterfeits aren't only sold on eBay. Here is a post, I wrote awhile back, which covers this:

Counterfeit Goods, A Borderless Problem

Jiffy Lube - A Sad Story About How Their Customers are Treated

Sometimes fraud is hidden right behind a "neon sign." NBC 4 News did a story about how this is happening at Jiffy Lube when people go in for an oil change:

"That's what NBC 4 found last May, when an undercover producer, took test cars to nine LA area Jiffy Lubes. One location charged the NBC4 undercover producer for a new fuel filter, but after the visit NBC4 found the old filter was still in the car."

"Four more Jiffy Lubes charged NBC4 for transmission flushes, supposedly using a high tech machine. But the machines just sat there, and the flushes were never done."

NBC4 also got this quote from a Jiffy Lube Manager:

"This stuff happens all over," a current Jiffy Lube manager in the Chicago area tells NBC4. He asked NBC4 to protect his identity. He says some Jiffy Lubes in Chicago routinely charge for work that's not done. "The customer is never going to know," he tells NBC4, He also claims employees sometimes even damage customers cars "Blowing up engines, transmissions, stripping bolts."

Link to NBC4 story, here.

After doing a little research, I was able to find a site (CarInfo.com) that is a good place to visit if you need to have your car repaired - or it seems - have your oil changed.

Of course - if you spot this type of fraud - the best thing to do is to report it. The right place is normally the "Consumer Affairs" department in your local area.

Wednesday, September 20, 2006

Auction Bytes Survey on eBay/PayPal Phishing Attempts

Auction Bytes did a survey - which reports that 98 percent of the respondents have seen "phishy" e-mails from eBay/PayPal. Even worse, 14 percent of the people surveyed answered these e-mails.

Phishing is a ploy to get an unsuspecting person to give up personal and or financial information, which is later used (normally) to commit financial crimes.

Sloppy password protection was another problem cited in the survey - which could cause an account to be compromised, also.

In the auction world - this leads to legitimate accounts being hijacked and used for illegitimate purposes (auction fraud).

Link to Auction Bytes survey, here.

Using a "trusted" seller's account, fraudsters sell items that are never received and even hire dupes to launder the stolen proceeds for them.

Depending on how sophisticated the "account hijackers" are -- they can also gather personal and financial information -- which is later used identity theft schemes.

PIRT (Phishing Incident Reporting and Termination Squad) - tracks phishing attempts and recently reported that eBay/PayPal are the two most "phished brands."

It pays to be AWARE on auction sites to avoid unpleasant and (costly) shopping experiences. Here is a post, I did on how to avoid being a victim:

How to Protect Yourself on eBay

I also did a post on a company that bonds eBay sellers - which guarantees their transactions:

buySAFE Protects it's Customers from Fraud on eBay

Canadian Bankers Call for Tougher Laws on Identity Theft

In Canada - an Identity Thief must be caught using stolen personal information before they can be charged with a offense. The Canadian Bankers Association is pushing to make it a crime to possess stolen personal information.

Reuters is reporting:

Police should be able to arrest people for possessing the materials used in identity fraud, such as blank credit cards, just as they can now charge someone with possessing burglary tools such as lock picks, the group said.

Association president Raymond Protti said police now have to wait until stolen personal information is actually used to commit a fraud, such as buying something on a fake credit card, before arrests can be made.

Link, here.

Sounds logical to me.

Making the laws tougher in Canada would protect people in the United States, also. A lot of the lottery and secret shopper scams (I've seen) originate from Canada.

Monday, September 18, 2006

Experts Speculate that Corporate Identity Theft is a Growing Problem

Identity theft has become a problem that continues to grow. While most of the victims are indivduals -- it now seems corporations are being targeted, also.

According to the Guardian (UK):

It happens when fraudsters steal the identity of a legitimate company and then trade under its credit and name. It can affect companies through assets being stolen and bank accounts being emptied by fraudsters trading on a company's credit worthiness.

Link, here.

This seems to be a new trend. Not much has been written about it yet, but I did find another story about corporate identity theft by Bob Sullivan of MSNBC, here.

Sunday, September 17, 2006

Was the VA Data Breach a Threat, or Not?

First a laptop containing 26.5 million veteran's information was compromised - then we were told it had been recovered from teenagers - and finally, the FBI thinks the data wasn't compromised?

Is the government positive the data wasn't breached?

Guard My Credit File.Org published an interesting analysis of this:

In May, the Veterans Administration was forced to announce that a computer containing the names, Social Security Numbers, and other personal information of 26.5 million veterans was missing. The laptop computer had been stolen from the home of a VA data analyst. As bad as the breach was, the VA was able to announce that the computer was recovered last month. Even more important was word that came from the FBI that there was no evidence that the file containing veterans’ information had been accessed. But not so fast. The VA now apparently wants to turn over a copy of the stolen database to a private company, without the permission of impacted veterans. Based upon this, the only logical conclusion is that FBI is not sure if the computer’s data was actually breached.

Very interesting analysis, here.

Unfortunately - with the record number of breaches being reported (recorded by the Privacy Rights Clearinghouse) - many people probably have had their information taken more than once. When they become a victim of identity theft - will anyone be able to determine - which breach the information came from?

The truth is that billions are made from selling personal information - and the people making all the money off of it - want to keep doing so!