Saturday, January 27, 2007

Congress needs to take a hard look at credit practices

Right before Christmas, the Consumers Union spearheaded a campaign calling for credit card reforms. It now appears as if some of the issues they surfaced are being looked into by the Senate Committee on Banking, Housing and Urban Affairs.

And Consumers Union isn't alone - a lot of other consumer groups are pretty much calling for the same kind of corrective action for the industry, here.

But it's not only consumer groups that are up in arms. Merchants seem to be, also.

The Merchants Payment Coalition is also applauding this development and is calling for a "deeper look" into interchange fees, which they say cost consumers $30 billion a year. Notably, they state that this amount represents twice the amount the industry charges for late fees, which have also been under attack by the consumer groups mentioned above.

The describe these fees as:
Americans pay a hidden fee on virtually every transaction they make, whether they use a credit card or not, costing consumers tens of billions of dollars a year. This fee, called interchange, is a percentage of each transaction that Visa and MasterCard banks collect from merchants every time a consumer uses a credit or debit card to pay for a purchase. The fee varies with type of card, size of merchant and other factors, but averages close to 2 percent for credit card and signature debit transactions. These hidden fees drive up the cost of goods and services for all consumers whether they pay with plastic, cash or check.
Merchants Payment Coalition page about this, here.

The National Retail Federation is also very "passionate" about interchange fees.

In July, they issued a press release, stating:
The National Retail Federation welcomed a hearing on soaring credit card interchanges rates scheduled to be held today by the Senate Judiciary Committee. The hearing is expected to focus on the $26.3 billion in credit card interchange fees collected each year, the impact of the fees on American retailers and consumers and whether the price-fixing practices involved in setting interchange fees violate federal antitrust laws.
National Retail Federation press release, here.

Since this release was issued in July stating that interchange fees brought in 26.3 billion, I guess the current estimates of $30 billion means that these fees were more profitable than anticipated for the credit card issuers?

We seem to be living in a world, where the amount of debt carried by consumers is at an all time high and fraud is running rampant. Critics claim that credit is issued too easily and not very responsibly.

Please note, this doesn't only apply to the credit card industry, we are (also) beginning to see the impact in the mortgage industry - where defaults are at a record high. Probably the result of too many people "flipping properties," and what appears to have been a record amount of "mortgage fraud."

We are also seeing a growing amount - especially with all the data breaches - of payment card (credit/debit) card fraud.

It makes one wonder how much longer it will be before we hit "bottom," and an economic disaster is the result. If this happens - who will pay the cost?

Our leaders need to examine this problem carefully - and take appropriate action to fix it. Passing the costs of it between businesses (and ultimately consumers) will only work for so long.

Thursday, January 25, 2007

TJX's stolen data is being used - 200,000 accounts identified, so far

My guess is that the recent TJX data breach will prove to be the largest on record. Several sources are already reporting data from this breach is being used to commit fraud.

The Boston Globe is reporting:

The Massachusetts Bankers Association said yesterday that several banks reported fraud linked to debit and credit card numbers pilfered from TJX's computer system for unauthorized purchases made in Florida, Georgia, and Louisiana in the United States, and Hong Kong and Sweden overseas.

Middlesex Savings Bank is reissuing at least 20,000 Visa debit cards and had about a dozen suspected cases of fraudulent activity as far away as California and Japan, bank officials said. The bank said it costs at least $5 to replace a card, and many of the fraudulent charges were occurring at gas stations, discounters, grocery stores, and Internet merchants.

Boston Globe story, here.

This is likely the "tip of the iceberg" because a majority of the affected institutions haven't reported in yet.

Meanwhile up North, thousands of Canadian citizens have been affected. CTV is reporting:

Fraudulent activity has been confirmed on the accounts of thousands of Canadian credit-card holders who had their information stolen during a security breach at the U.S. parent company of Winners and HomeSense.

CTV story, here.

My advice is that if you have shopped at a TJX company recently - watch your statements, carefully.

Especially, if you have a debit-card. Debit cards aren't protected as well as credit cards. Tom Fragala (Truston Identity Theft Services) has a great post on his blog about this, here.

Tom developed this service from a victim's standpoint and has helped many victims, both personally and with his well-known commentary on the subject.

If you are a victim - I can personally recommend his services - which don't expose your personal information (again), also.

Here is my previous post on the TJX data breach:

TJX named as point-of-compromise in International …

Symantec warns of newsletters and "legitimate" advertising being hijacked!

Viagra with your Fantasy Football?

Spam is getting worse than ever, and a lot of spam filters don't seem to be stopping it. Even worse, legitimate mail is being designated as "spam" and placed in "bulk folders."

I find myself having to review my "bulk folder," daily.

Symantec is reporting a new "sneaky" spam tactic being seen out there. Legitimate newsletters and advertising from well known organizations, such as Walmart and ESPN are having ads for Viagra (example) inserted into their publications and sent out as if they are affiliated with the product.

In essence, the spammers are "hijacking" legitimate publications.

As reported in the Symantec Security Response blog by Kelly Conley:

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

Kelly's full post, here.

Symantec's researchers have noted these "faux" (fake) images inserted on legitimate pages, or when the page is accessed - a "pop in" spam message appears moments later. They've also noted that the spammers seem to be able to control how many messages are sent out. No more than one a day is sent to any particular e-mail address -- and a different legitimate newsletter, or retailer is used each time.

According to the researchers, the motivation behind this is to (probably) make the reader more likely to read the message (believe it's credible). This method is possibly also used to in an attempt to trick a lot of the spam filters out there.

The good news is that - according to Kelly - Symantec's filters appear to be catching almost all of this.

A lot of us laugh at spammers and their "seemingly ridiculous" advertising, but the sad truth is, they wouldn't be sending it out if unless some people were falling for it. And that person might be one of your grandparents, or "younger relatives."

Even worse, the products they are "hawking" are questionable and in some instances, dangerous. In addition to this, spam is also used as a means to hook "victims" into all the various Internet scams that I frequently write about.

Symantec covers this issue "online fraud" (and others) on their blog, here.

Screenshot (below) of Kohl's ad being hijacked to sell drugs

Wednesday, January 24, 2007

Small Businesses are often the victims of financial misdeeds

Large businesses often employ dedicated experts to protect their assets. Unfortunately, smaller business can't afford these resources, and therefore are more vulnerable to fraud losses.

And it's easier for these larger businesses to write-off their fraud losses. The sad truth is that - if not managed properly - fraud losses can put a smaller business "out of business."

The Association of Certified Fraud Examiners noted in the 2006 report to the nation that small businesses seem to suffer "disproportionate fraud losses," when compared to larger organizations.

I did a previous post, which links to the report, here.

I read an interesting article by Lena West (CEO of xynoMedia Technology) that offers some practical advice to small businesses.

Ms. West writes:

It is officially open-season on small businesses. Hackers, phishers, spammers and fraudsters often use small businesses as target practice before going after the big guys, though it's news that often doesn't make it in the headlines. No one really knows the true impact of online security breaches, as only 20 percent of businesses reported computer intrusions to legal authorities, according to the FBI and Computer Security Institute. And every online merchant knows the threat of bogus credit card purchases is one that never goes away.
Full story from, here.

The story points on how to deal with and protect yourself from everything from data-breaches to credit/debit card chargebacks.

Since in my opinion (awareness is the best and most effective fraud tool) - this article is great information for anyone, who owns a smaller business.

Tuesday, January 23, 2007

People are getting tired of having their personal and financial information stolen

Are people beginning to get sick and tired of discovering that their personal and financial information has been exposed?

Employees at Xerox are picketing their office in Oregon because it took four months for anyone to be notified that a Human Resource's Manager lost a laptop with their personal information on it.

Many of the employees (rightfully feel) that an offer of "free credit monitoring services" is coming four months too late, and are wondering why their information was stored on a laptop?

KOIN 6 News story, here.

With the news that TJX has potentially exposed millions in several countries by having their systems hacked, we are likely to see more and more people speak out!

Of course, we could ask Martha Coakley, who was just sworn in as the Attorney General in state of Massachusetts. Ms. Coakley recently discovered someone was trying to use her credit card to buy a Dell. Her comment was that the chances of catching the crook "are slim to none, since even if they could link it to a person, jurisdictional issues would likely hamper an effort to prosecute."

Boston Herald story, here.

Maybe the problem is that there aren't sufficient laws to protect people's (personal and financial) information, or go after the people - who steal it?

Monday, January 22, 2007

McAfee reports on worldwide identity theft trends

Although, identity theft has become a global issue, there are very few studies that put the trends together from a global perspective.

Since identity theft can travel thousands of miles with the click of a mouse (or with the use of automated software), we could learn a lot by studying the problem as a whole.

McAfee has just released a white paper, which does this.

From the McAfee site:

According to the report, the number of keyloggers - malicious software code that tracks typing activity to capture passwords and other private information - has increased by 250 percent between January 2004 and May 2006. Additional findings show that the number of phishing alerts tracked by the Anti-Phishing Working Group has multiplied 100-fold over the same period of time. The report also provides practical guidelines that minimize the risk of identity theft to help readers protect themselves and prevent this increasingly common crime.

The study shows that identity theft exacts a high toll on national economies around the world. According to the Federal Trade Commission, the annual cost for consumers and businesses in the United States alone reaches $50 billion annually(1). In the United Kingdom, the Home Office has calculated the cost of identity theft to the British economy at $3.2 billion during the last three years(2) and some estimates from the Australian Centre for Policing Research place the cost of identity theft at $3 billion each year(3).

The conclusion of their report is:

We must first admit that every one of us—individuals and businesses—are threatened and potentially vulnerable to identity theft; this is not something that happens only to others. Despite the seriousness of current incidents and the
increasing threat, some basic principles allow us to significantly reduce the risk. Awareness is the best defense. Through awareness, we develop our senses to spot identity theft and to protect personal and corporate information, while maintaining the benefits of information technology.

Not only covered in the report are technological means in which identities are stolen and used, but it also covers known cases, such as "dumpster diving, mail theft and employee theft."

It also shows how victims are denied credit, identification and even labeled as "terrorists" because their identity had been assumed, and used for "illicit" purposes.

The paper is substantiated by referencing a lot of (worldwide) government and private studies.

The paper also has a lot of relevant tips for both individuals and organizations on how to avoid becoming a victim.

All in all - a very "interesting" read.

McAfee White Paper, here.

Sunday, January 21, 2007

Does eBay now see fraud protection as an important part of their continued profitability?

There has been a lot written about fraud on auction sites, particularly eBay. Perhaps, with all the competition going after their "extremely profitable business model," they are reconsidering the importance of preventing fraud on their site?

Mark Raby of the TG Daily writes:

During a webcasted conference with some of the online auction site's top sellers, eBay's North America president Bill Cobb expressed concern over the rise of people who don't ship out items or list counterfeit merchandise as real, along with people who have found more clever ways of manipulating the system.

Cobb said that one key target that could more easily be monitored is the selling of fraudulent and pirated merchandise, which is not always easily caught or reported by the buyers, or the wording in the auction is deceptive so that the victim has no means of restitution.

Top-end products, like cars and jewelry, will also be on Ebay's watch list as it puts new measures into place to ensure that both the buyers and sellers are legitimate. With around two billion new items put up for sale every year, it has historically been difficult and financially unmanageable to have a comprehensive anti-fraud program for the site.
TG Daily story, here.

Although - as always - "money talks," it's great to see some forward motion on this issue, which has left too many people "holding the bag."

Here is a previous post, I wrote about competition forcing more "fraud protection" in the auction world:

Will competition make it harder to write off fraud costs on auction sites?

Has a lot of money been lost because of fraud, waste and abuse in Iraq?

There is no doubt that the war in Iraq has cost the taxpayer's a lot of money. Many brave young and women have even paid a greater price.

Jim Fry (Voice of America) is reporting:

"Government auditors told Congress Thursday that waste and fraud in the reconstruction of Iraq have been rampant. They predict they will uncover losses in the billions of dollars. Key Democrats on the House Armed Services Committee demanded an accounting within two months."

Voice of America story, here.

There are going to be some, who claim that this is political posturing for for the "upcoming" presidential elections, but there is no doubt - we need to take a hard look at what's been going on.

If fraud has been a problem in Iraq - and hard evidence is brought forward - the guilty should punished, severely. After all, many of our nation's finest (the brave men and women I referred to above) have paid with their "blood" for justice in Iraq.

They deserve some (justice), also!

Should this turn out to be "political posturing," the voters (who by now should be getting tired of special interest/pork barrel politics) should make their voices be heard on election day.

I will be one of the people, who vote every election, watching the results of this, carefully!