Mike Rothman's book on being an effective CSO

Mike Rothman (CSO type and blogger) is now a published author in his own write.

What I like about his blog (in Security Incite) is that it takes a balanced approach to computer security (protecting information). His blog considers the technological, as well as, the social aspects of protecting information.

In my opinion, he takes a balanced (holistic) approach to increasingly important issues surrounding protecting information.

In Mike's own words (from Security Incite):

It is with great pleasure that I announce the availability of The Pragmatic CSO: 12 Steps to Being a Security Master. It's been an interesting process and I learned a lot. I'm sure you will be pleased with the outcome.

With protecting information becoming a huge issue, the fact that Mike approaches the problem via a learning process says a lot. Issues with protecting information change (sometimes daily).

This book is well worth a look at not just by CSO types, but it might be a valuable tool for anyone, who considers information a valuable asset.

Link to information on Mike's new book, here.

What a santuary city (Los Angeles) thinks of BofA and their no SSN credit-card product

Just read an interesting article from the Los Angeles Business, which indicates that 74 percent of the respondents in an informal poll are against Bank of America's "no SSN needed" credit-card product.

Pretty interesting since in Los Angeles, even the LAPD (Los Angeles Police Department) can't ask if someone is there legally, or not.

A lot of people seem to be upset that this financial product will help enable illegal immigration and make it (easier) to commit identity theft and credit card fraud.

Criminals and a lot of illegal aliens are already using other people's social security numbers. Obtaining a fake SSN is no problem in Los Angeles, or just about any other area in the United States.

A lot of illegal aliens pay for the credit they get with other people's identities. After they assume and probably (pay for) a good identity, it isn't prudent to invite negative attention.

So far as illegal immigration, Bank of America isn't the only company enabling illegal immigration. In fact, they are merely going after a market segment, that has no problem finding employment.

Even if fraud does go up, I doubt Bank of America is planning to lose any money off this product. High interest rates and a hefty fee structure can cover a lot of fraud write-off.

With that thought in mind, is Bank of America taking advantage of the very people, they claim to be helping?

Just this week, Congressional hearings were held about credit card companies taking unfair advantage of the public with the interest rates and fees, they already have in place.

USA today has an interesting editorial about the hearings entitled "When interest rates hit 32%, there ought to be a law."

So far as the fraud aspect, there are many who think part of the problem is that the industry has been issuing credit, somewhat irresponsibly. This makes it pretty easy to commit credit-card fraud.

Another big story this week is the Visa summit, where the payment card industry is meeting to discuss fraud issues. Perhaps, high interest rates and hidden fees aren't covering fraud losses as well as they used to?

Recently, merchants and credit issuers have been arguing about who should be responsible for eating the costs in data-breaches. All is not well within the industry, itself.

I'm not sure how much all these events tie in together, but maybe someone should start listening to the honest customers?

After all, when all is said and done, honest customers end up paying for all the fraud, as well as, the salaries of those selling these financial products.

Maybe what we really need to do is figure out why credit card fraud and identity theft is so easy to commit. Hopefully, the Visa summit will be a forum that will inspire some good ideas (and commitments) that can be put into practical use.

Interesting comments from readers (potential customers) courtesy of the Los Angeles Business, here.

Nigerian (419) fraud is a worldwide problem

Nigerian (419) fraud is showing an alarming increase in India (900 percent) in one year. Pramit Pal Chaudhuri of the Hindustan Times is reporting:

The world's most widespread financial fraud, the Nigerian 419 scam, is finding new pastures in Asia. India is the third fastest growing market with the defrauders' earnings from Indians increasing nine-fold in one year, says a report by the Dutch firm Ultrascan Advanced Global Investigations.

Almost every cellphone and email user has been solicited by a 419 con man. The best-known ploy is a message claiming there are unclaimed fortunes in banks that can be accessed if someone puts up a little money upfront.

Pramit quoted some interesting figures in his article suggesting the worldwide bill for this type of fraud is $3.88 billion.

Pramit's (interesting) story, here.

Pramit cites intelligence from the Dutch firm Ultrascan Advanced Global Investigations. They have a lot of interesting facts about Nigerian fraud, here.

In October (2005), I did a post exploring how some rationalize this activity in Nigeria:

419 From the Other Side of the Fence

The post references a Nigerian pop singer (Osofia) and a song he did about the infamous scam:

"I go chop your dollar"

Perhaps, Osofia should update his song to include all the other currencies being chopped?

FBI alerts the public about a growing trend in mortgage fraud

According to the FBI, mortgage fraud is a growing issue. To back this up, they are saying:

Mortgage Fraud Suspicious Activity Reports (SARs) referred to law enforcement by financial institutions increased from 17,127 SARs in Fiscal Year 2004 to 35,617 SARs in Fiscal Year 2006, reflecting estimated losses of $946 million. FBI Mortgage Fraud investigations have focused on large-scale frauds perpetrated by organized crime and industry insiders, including attorneys, brokers, appraisers, and realtors. Since September 2002, the number and types of investigations have increased from 436 to 1,036. Of these current cases, 51% involve expected losses in excess of $1 million, and 57% involve our federally insured financial institutions as victims.

Full alert (courtesy of the FBI), here.

Here is a file, with a poster about mortgage fraud (also courtesy of the FBI), here.

If you know about any mortgage fraud, or other crime that the FBI investigates - report it online, here.

Mortgage fraud doesn't only hurt financial institutions, the words identity theft and mortgage fraud are frequently showing up in the same cases.

Here is a post, I wrote in January about this growing phenomenon.