Blog

Password security is important and knowing the different types of identity theft is great, but what are the best ways to prevent identity theft? Many believe that PCI compliance does not affect them because they are not a payment processor or don’t run a gateway. This is a common mistake and can cost online businesses a lot of money. This doesn’t mean you need to be paranoid about being a company that is going to be the victim of identity theft. Use common sense and ask yourself if strangers are able to access your personal information.

Here are some tips to help prevent identity theft:

Continue reading "Online Network Security Must Haves – Part 3"

Part one of this series talked about identity thieves wanting your password, and we discussed ways to protect against having your passwords compromised. Securing your password seems to be only 25 percent of the battle these days. Many network security breaches, like the Heartland Breach, occurred from within. So it is important to be PCI Compliant internally and know who is working for you.

I wish there were a specific set of characteristics I could post to detect an identity thief, but unfortunately they are as broad as the criminal population itself.  I like to divide attacks by criminals into two categories: internal attacks and external attacks.

Internal attacks are usually traced back to disgruntled, dishonest, and/or careless employees. Some common characteristics of an internal attack are:

Continue reading "Online & Network Security Must Haves – Part 2"

The word “hacker” is often associated with the terms crime and fraud. However, hackers can be a good defense against online fraud, such as the “white hat” hackers that work to prevent fraud and fight identity theft. Unfortunately, white hat hackers aren’t as common as criminal hackers. 

It is important to first understand what different types of identity theft occur, and then you can find out how to get protection.

The easiest item for a criminal or hacker to obtain is your password. Some common mistakes made when setting up passwords is using names of kids, birthdates, or hometowns. Spelling your child’s name backwards is another frequent mistake. I have even seen people write their passwords on a sticky note, in a notebook or in your PDA. Do not give office assistants your passwords. Remember passwords are used in more than 90 percent of all online network security practices. People use passwords for online banking, shopping, stock trading, and network logons. It is imperative to create a strong password. 

Continue reading "Online & Network Security Must Haves – Part 1"

The Federal Trade Commission announced that “creditors” will not have to worry about fines associated with non compliance with Red Flag Rules until May 1^st 2009. A creditor is defined as any entity that extends, renews, or continues credit and any entity that regularly arranges for the extension, renewal, or continuation of credit. For example, mortgage brokers, utility companies and automobile dealers are classified as creditors.

This decision to extend is said to be largely due to complaints from creditors that they were unaware of the existence of the new regulation and some say they only found out after the deadline had passed. This deadline according to the official press release only applies to organizations that are not under the jurisdiction of any of the other regulatory agencies other than the Federal Trade Commission. FACTA requires financial institutions and creditors to implement a written identity theft prevention program that should help detect identity theft, hopefully before any damage is done. If identity theft is not detected, the regulation calls for the financial institution or the creditor to reduce the risk to the consumer and the organization.

Continue reading "Red Flag Compliance Deadline Extended"

Although Red Flag Rules were created to protect against identity theft, are some types of businesses more affected then others? In previous blogs I wrote about how merchants are not getting a fair shake when it comes to these rules, and many law suits have been filed against merchants. Different industries face government fines because they say some of the rules are difficult to follow.

For example, car dealerships fear they will not be able to comply. Since car dealers extend auto financing, they are considered creditors. Dealerships argue that it is very difficult to detect suspicious or unusual activity, and most of their staff is not trained to look for these types of things. According to Andrew Koblenz, the National Automobile Dealers Association’s general counsel, “We want to fight identity theft, and dealers have a tremendous self-interest in not selling a car to an identity thief, but the real world impact is that it would burden dealers.” Auto dealers speculate it could add as much as five hours to the loan application process.

The healthcare industry also falls into the category of creditor. If a hospital offers payment plans so patients can pay in installments, the hospital would be considered a creditor as well. Non-profit organizations and government entities that defer payment for goods or services are also considered a creditor. For the healthcare industry, the Federal Trade Commission is responsible for interpreting and enforcing the Red Flag Rules.

Continue reading "The Red Flag Deadline is Approaching"

In previous posts I’ve talked about identity theft and ways to prevent fraud, but are our banks doing enough to protect its customers? Recently thousands of consumers’ personal information was stolen from Wells Fargo. MicroBilt which is the self proclaimed “single source industry leader in risk management information” notified Wells Fargo of the breach caused by a stolen employee code. Wells Fargo declined to comment on what alerted MicroBilt. So how did Wells Fargo make this up to their customers? They offered them a one-year free subscription to their identity theft protection service. I feel this service should already be free and mandatory to all customers and not only to those who may have had their identity stolen.

In similar news, thieves made off with ATM PIN Codes and account numbers from Citibank ATMs. Does this mean that Citibank ATM PIN numbers were not encrypted like they were supposed to be? The bank has about 5,700 ATMs, owned and operated by Cardtronics Inc and Fiserv Inc, inside 7-Eleven stores across the United States. How were these hackers able to access the system? Citibank has refused to comment much like Wells Fargo.

Continue reading "Do the Big Banks Do Enough To Keep Identity Safe?"

FACTA (Fair and Accurate Credit Transactions Act of 2003) allows consumers to be able to obtain a free credit report once every twelve months from each credit reporting agency. More importantly, the act was created to help reduce identity theft. With the state of our current economy, credit card and identity theft is on the rise. This is affecting not only consumers but merchants alike.

On November 1^st 2008 FACTA has a deadline in place called the Identity Theft Red Flags Rule. Red Flags are indicators of a possible risk of identity theft. Red Flag rules listed in Section 114 of FACTA explains each rule and how to develop ID theft prevention programs. These rules apply to any business, bank, or issuer that offers credit or any type of finance option. Many financial institutions are not taking the deadline seriously since the first Office of Thrift Supervision audits will not occur until February of 2009. Merchants all together have become savvier and typically try to comply and report any red flags, but some may not know who to report these red flags to.

Although we all want our credit card information to be secure, it seems that merchants are not getting a fair shake when it comes to FACTA. Many class action lawsuits have been filed against a number of retailers. Recently, there was a class action law suit filed seeking willful damages based on printing of credit card expiration dates on receipts. The merchant was seeking $100 to $1000 for each violation. This applies to both paper and electronic receipts. Most mom and pop merchants would expect that their card processor would ensure that they are up to code. This is not always the case. Merchants should review the FACTA rules regardless of their size. The Supreme Court is currently reviewing willfulness and “reckless disregard” and expects to have a decision this quarter.