JPS                

Providing Security Services, Fraud Investigations, Credit Card and Identity Theft Prevention and Incentive Travel and Meeting Planners,

Top

Take the time to Compare Credit Cards before you sign up. Many Credit Card Offers come with hidden fees and high Variable Rates. Look into your Credit Card choices wisely.

       FREEZING CREDIT IS BEST DEFENSE AGAINST IDENTITY THEFT

     TEN RECOMMENDATIONS FOR IDENTITY THEFT PROTECTION

        IDENTITY THEFT DECLINED 15.9 PERCENT IN 2007 FROM 2003

      IDENTITY THEFT AND WHAT YOU CAN DO TO PREVENT

      IDENTITY THEFT USING THE JURY DUTY SCAM

      IDENTITY THEFT: THE BUST-OUT SCHEME

       BEFORE TRANSFERRING A CREDIT CARD BALANCE

      TAKE STEPS TO PROTECT YOURSELF

    BEFORE TRANSFERRING A CREDIT CARD BALANCE

       MORTGAGE FRAUD INCREASES 800 PERCENT IN 2007

     THEFT OF PERSONAL DATA REACHES UNPRECEDENTED LEVEL IN 2007

     STATE LEGISLATORS FOCUS ON IDENTITY THEFT

     IDENTITY THEFT AND WHAT YOU CAN DO TO PREVENT

    STATES PUSH LEGISLATION TO COMBAT IDENTITY THEFT

    IDENTITY THEFT USING THE JURY DUTY SCAM

    IDENTITY THEFT: THE BUST-OUT SCHEME

IDENTITY THEFT LOSSES DECLINE BY 12 PERCENT IN 2006

FTC LISTS IDENTITY THEFT AS #1 FOR THE SIXTH STRAIGHT YEAR

IDENTITY THEFTS COSTS CONSUMERS $57 BILLION IN 2005

TWO INDICTED IN SEVEN MILLION DOLLAR-PLUS CREDIT CARD FRAUD

CREDIT CARDS’ IMPROVE E-SECURITY

MAN INDICTED FOR CREDIT CARD AND FALSE IDENTIFICATION FRAUD

MAN SENTENCED TO FOUR YEARS FOR ID THEFT

HOW TO AVOID BEING A VICTIM OF CHECK WASHING

CREDIT CARD OFFERS RESULT IN RECORD LOW RESPONSE RATES

IDENTITY THEFT CASES INCREASED 22 PERCENT TO 9.9 MILLION

In 2008, the number of identity theft cases increased 22 percent to 9.9 million, according to a study released Monday by Javelin Strategy & Research, but the cost per incident including unrecovered losses and legal fees fell 31 percent to $496. The increase in identity theft cases is likely due to the deteriorating economy with unemployment increasing to 7.6 percent. Women were 26 percent more likely to be victims of identity theft as they reported more cases of lost or stolen information during in-store purchases.
Online access accounted for only 11 percent of cases, according to the survey.

Despite the growing number of victims, the total fraud amount edged up just 7 percent to $48 billion over the previous year. That's because victims are uncovering cases faster and therefore reducing their losses and financial institutions are increasing their efforts to prevent thieves, according to the Javelin study. For instance, more banks now send change of address confirmations to the original address, thus preventing identity thieves from rerouting mail to different addresses and delaying victims' awareness that their accounts are being drained.

The Javelin study also found identity theft went undetected longer and cost twice as much when victims knew their attackers. So even if you're careful about protecting your information and monitor your financial accounts regularly, some types of ID theft aren't preventable. Fore example, someone could get your personal information by hacking into a retailer's database, for instance. More than 10 percent of victims knew their identity thieves. Despite the rise in cases, there are simple steps people can take to prevent becoming a victim.

Protect Your Personal Information. Do not provide sensitive financial information over the Internet or phone unless you initiated the interaction with a trusted entity.

ID THEFT HITS FEDERAL RESERVE CHAIRMAN BERNANKE

WASHINGTON - August 27, 2009

An elaborate identity theft scheme has reached the highest levels of the U.S. financial system, striking the personal bank account of Federal Reserve Chairman Ben Bernanke and his wife.

According to a D.C. police report, Anna Bernanke's purse was stolen last August from her chair at a Capitol Hill Starbucks. It contained her Social Security card, checkbook and IDs. From there, the Bernankes' checking account was swept up into a larger scheme first reported by Newsweek magazine Tuesday.

Court filings show defendant George L. Reid of Washington has confessed to depositing checks from the Bernankes' account. In a statement, Bernanke says identity theft affects millions of people each year and that his family was one of 500 separate instances traced back to a single crime ring.

IDENTITY FRAUD RING BUSTED IN NEW YORK

August 24 2009

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services. The eight-member ring stands accused of extracting customer information from the AT&T POS.com and T-Mobile iCAM databases using dealer access codes, according to a federal indictment unsealed Wednesday in Brooklyn, N.Y. federal court. The defendants were charged with conspiracy to commit mail fraud and wire fraud. Three of the accused – Gabe Beizem, 34; Marsha Montayne, 28; and Rohan Stewart, 34 – also were charged with aggravated identity theft.

Beizem and Stewart owned mobile phone dealerships in New York and Florida and were able to siphon customers' names and addresses from the databases, using the information to file false claims to replace “lost” or “stolen” cellphones, according to the indictment. When AT&T and T-Mobile shipped the replacements, FedEx and DHL drivers who had been recruited for the scams scanned the packages into their computerized tracking systems as “delivered,” though they actually diverted the packages to the conspirators.

During a four-year period, the defendants sold the devices to unsuspecting customers, and when charges were billed to existing AT&T and T-Mobile accounts, the companies just wrote them off, according to the indictment. The losses absorbed included the cost of the devices, insurance payments, shipping costs, along with wireless service and other calling charges.

“Identity theft can ruin customers' credit and seriously disrupt their lives,” Benton Campbell, U.S. attorney for the Eastern District of New York, said in a statement. “The type of fraud alleged in the indictment strikes at the very heart of our modern digital economy and imposes substantial costs on commercial businesses.”

If convicted of conspiracy to commit mail fraud and wire fraud, the defendants each face maximum sentences of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences for aggravated identity theft.

MEDICAL RECORDS TARGETED BY IDENTITY THIEVES

A thief made stole the prescription data from a Virginia Department of Health Professions (DHP) computer system and let a ransom note saying “In my possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," which the thief left in place of the actual Virginia DHP Prescription Monitoring Program Web page at the end of April. The theft and subsequent extortion attempt bear striking similarities to an incident involving Express Scripts last November. Thieves broke into a system that contained both patient information and prescription records, and then sent letters threatening to reveal customer data unless ransom demands were met.

Medical identity theft, like financial theft is all about the money. According to the World Privacy Forum nonprofit advocacy group, criminals can exploit stolen medical info to make hundreds of thousands of dollars' worth of false claims against an insurer or government program. Victims may get a bill for medical services they never received or end up with false information in their medical records. While existing provisions of financial fraud legislation can help shield someone from having to pay the sometimes outrageous sums associated with this type of identity theft, correcting a falsified record can be much more difficult.

According to a 2006 Federal Trade Commission report, 3 percent of identity-theft victims surveyed said "the thief had obtained medical treatment, services, or supplies using their personal information." That would mean as many as 250,000 medical identity theft victims a year, for the 8.3 million victims estimated for that year. If you receive a notice stating that your health records have been stolen, look for any indications of medical identity theft such as a notice of a benefits payout from your insurance company for treatment or goods you never received. The fraud might also show up in your credit report, in the form of a collection notice from a hospital for fake charges. Remember that false information in a medical record might lead to incorrect treatment and harm.

RUSSIAN INDICTED IN HUGH DATA THEFT

A federal grand jury on Monday indicted Albert Gonzalez and two unidentified Russian accomplices on charges related to huge data thefts at Heartland, Hannaford Brothers, 7-Eleven Inc. and three other retailers. Gonzalez, is alleged to have masterminded an international operation that stole a staggering 130 million credit and debit cards from those companies. Gonzalez and 10 other individuals were indicted in May 2008 on charges related to similar intrusions at numerous other retailers, including TJX Companies Inc. Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Court documents revealed out how Gonzalez and his accomplices used SQL injection attacks to break into Heartland's systems and those of the other companies. Once they gained access to a network, the attackers then planted sophisticated packet-sniffing tools and other malware to detect and steal sensitive payment card data flowing over the retailer's networks.

In SQL injection attacks, malicious hackers can take advantage of poorly coded Web application software to introduce malicious code into a company's systems and network. The vulnerability exists when a Web application fails to properly filter or validate the data a user might enter on a Web page such as when ordering something online. An attacker can take advantage of this input validation error to send a malformed SQL query to the underlying database to break into it, plant malicious code or access other systems on the network. Large Web applications have hundreds of places where users can input data, each of which can provide an SQL injection opportunity. The vulnerability is well understood and has made SQL injection the most common form of attack against Web sites these days. "We see SQL injection as the top attack technique on the Web," said Michael Petitti, chief marketing officer at Trustwave, a Chicago-based company that does security and compliance assessments for some of the largest retailers in the world. "Not only is it the most attempted, it is also the most successful" form of attack now employed by malicious hackers, he said.

The use of SQL injection attacks has gained popularity as companies have gotten better at shutting down other avenues for breaking into corporate systems and networks, said Matt Marshall, vice president of security engineering at Redspin Inc., which performs security assessments for businesses. "One of the few ports that are still allowed through the firewall is Web traffic through the Web server and is one of the few avenues of attacks that are still readily available" to hackers.

Those factors seem to have influenced Gonzalez' plans in attacking retailers. Initially, most of the attacks including the one at TJX took advantage of weak wireless access points. The success of those attacks and the high-profile nature of the retailers affected are likely to push more companies to deal with Web application security issues.

There are several measures companies can take to limit their exposure to SQL injection vulnerabilities such as a code review of all Web applications to identify input validation errors. Companies need to identify such coding flaws and ensure that a Web form only accepts legitimate input. Web application firewalls can also be useful in protecting against SQL injection attacks, though they must be tuned properly to automatically block malicious traffic while permitting legitimate traffic to get through.

SEATTLE MAN USED LIMEWIRE FOR IDENTITY THEFT

A Seattle man was sentenced to more than three years in prison for using the Limewire file-sharing service to lift personal information from computers across the U.S. The case highlights a type of identity theft that is probably more common than most people realize, said Kathryn Warma, assistant U.S. attorney in the Computer Hacking and Internet Crimes Unit of the U.S. Attorney's Office. Frederick Wood, typed words like "tax return" and "account" into the Limewire search box that allowed him to find and access computers on the Limewire network with shared folders that contained tax returns and bank account information. Wood also searched specifically for forms that parents fill out to apply for college financial aid for their children, which include exhaustive personal and financial information about the family. He used the information to open accounts, create identification cards and make purchases. Many of the victims are parents who don't realize that Limewire is on their home computer. Wood was initially apprehended while executing an even more low-tech crime, the Attorney's Office said.

He advertised an Apple computer for sale on Craigslist, and a Seattle resident responded to the ad and met Wood at a coffee shop to buy the computer. After paying for the computer with a check and leaving the coffee shop, the man discovered that there was no computer in the box, only a book and a vase. The victim helped police set up a similar deal with Wood, who was arrested when he handed over another computer box with no computer in it, this time to a police officer, the Attorney's Office said.

Police later searched a computer they found in Wood's car and discovered tax returns, bank statements and cancelled checks stolen from more than 120 people across the country. He had also used the information retrieved through Limewire to make forged checks. He used those checks to buy electronics gear, some of which he sold on Craigslist, said the Attorney's Office. Warma's advice to people who want to avoid becoming victims of this kind of identity theft was to "get Limewire off your computers." Even the added security features in the most recent version can be circumvented, she said. "I think it's a horrible idea for people to have peer-to-peer software on their computers unless they're a very sophisticated user," she said.

During the investigation the authorities discovered that Wood was an associate of Gregory Kopiloff, the first person in the U.S. to be indicted for using file-sharing programs to steal personal information. He was sentenced in early 2008 to more than four years in prison for fraud. Wood was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization to commit fraud, and aggravated identity theft. He was tried in the U.S. District Court for the Western District of Washington.

Over the past three years, more than 220 million private records have been lost or stolen, according to the San Diego-based Privacy Rights Clearinghouse. In 2007, 8 million to 15 million Americans had their identities stolen. The odds that it will happen to you are about one in five, according to surveys conducted by the Chubb Group.

Identity theft is a national epidemic, but some firms also see it as a marketing opportunity. In fact, some credit bureaus and banks that facilitated the spread of easy credit--and in the process unwittingly made identity theft a more profitable crime--now sell services to help you avoid having your identity pilfered. Federal law entitles you to a free annual report from each of the Big Three so I recommend you order one from a different credit bureau ever four months. You also qualify for a free copy if you've recently been denied credit or if you're an identity-theft victim.

For $5 to $20 per month, a credit-monitoring service will alert you whenever your report changes. If a thief opens new accounts in your name, you'll usually find out within a few days. Most monitoring services offer online credit reports, online credit scores (showing your chances of obtaining credit), and tools for managing and improving your credit rating. But a credit-monitoring service won't tell you if someone steals your credit card and runs up huge bills; for that you must check your monthly billing statements. Furthermore, if you receive an alert about a dubious inquiry, you'll have to identify it as bogus and contact the credit bureaus on your own.

By law, you can place a temporary fraud alert on your credit report, requiring lenders to verify your identity before issuing credit in your name. And if you tell one credit bureau to set up a fraud flag, it's obliged to notify the other two. But such alerts expire after 90 days. According to Javelin, the average out-of-pocket cost for identity theft victims in 2007 was $691, and the average loss for people who had false accounts opened in their names was $1066. Regardless, most victims of financial fraud don't pay anything out of pocket because the financial institutions typically bear the costs.

Establishing a security freeze prevents the credit bureaus from releasing your credit report to anyone, but unfreezing your report is a pain. Rather than relying on fraud alerts, a freeze can be an effective way to prevent identity theft and a lot cheaper than credit monitoring. With a freeze (which you can set up yourself for a small fee), credit bureaus won't release your report at all (not ideal if you need to obtain a mortgage, change cable providers, apply for a job, or do anything requiring a credit check). Freezes are free for identity-theft victims in most states. If after freezing your account you decide to change your cable plan or apply for a loan, you'll probably have to pay $10 per bureau to unfreeze your account for a specific creditor or a certain period of time. Even with a freeze in place, identity thieves can use your medical insurance, ruin your eBay reputation, or apply for jobs with your name.

ANSI PANEL TO STANDARDIZE IDENTITY THEFT TRACKING

Do you know the difference between 'identity theft' and 'identity fraud'? Even within the security industry, within the government, and within law enforcement, the terms are used interchangeably although they are in fact different.

Deciding what is defined as and counted as Identity fraud was the subject of a gathering of Identity fraud experts hosted by Javelin Strategy & Research for The Identity Theft Prevention and Identity Management Standards Panel (IDSP) sponsored the American National Standards Institute (ANSI). In attendance were representatives from Javelin, the Federal Trade Commission, the Department of Justice, the Department of Homeland Security, Kroll, Debix, Affinion, IDExperts, ID Analytics, Experian, Visa, and the non-profit ID Theft Resource Center.

FORMER JUDGE PLEADS GUILTY TO FEDERAL CHARGES

Associated Press - November 5, 2008

Chicago Tribune - October 1 2008

An Alsip woman was charged with three counts of felony identity theft after she used another woman's identification to buy about $11,000 worth of jewelry at several stores in Chicago Ridge Mall.

Sara Rehling, 23, was arrested on September 24, 2009. Investigators learned that Rehling reportedly came into possession of the victim's identification stemming from a car burglary in Chicago on September 16th. Rehling used the information to open three instant credit accounts at the stores before buying the jewelry, which she sold to a pawnshop for $1,000, police said. All stolen items were recovered and Chicago police are investigating the burglary.

While stolen wallets and Dumpster diving remain popular means of obtaining victims' information, the "most imminent threat" in identity theft is the growing number of companies that are transferring to wireless networks and are not encrypting the wireless transmission, making it easy for thieves to intercept information, said Jay Foley of Identity Theft Resource Center.

Others worry social networking sites are facilitating ID theft. Groups have formed on Facebook warning users not to put too much information on their profiles, such as exact birthdays and addresses, because thieves can use that information to pass themselves off as you.

Nishay Sanan, a Chicago defense attorney who represents people accused of identity theft, said a common method among his clients is to attach a "skimming" device to a credit card or ATM machine, collecting account data when a card is swiped. Perpetrators run the gamut, from restaurant employees to family members, but the motivation tends to be the same. "Usually it's just greed," Sanan said.

A new Federal law went into effect on November 1, 2008 designed to strengthen policies of financial institutions against identity theft. The new federal identity theft regulations requiring financial institutions and other creditors known as FACTA (Fair and Accurate Credit Transactions Act), the rules require covered entities to re-examine their ID theft prevention policies and implement new procedures and business practices. More specifically, FACTA requires a written ID theft prevention policy that includes polices that identify "patterns, practices or specific activities that could indicate identity theft," according to the FTC (Federal Trade Commission). Violators of the new rules can be subject to civil penalties of up to $2,500 per violation. Rules not only require a written ID theft policy that identifies patterns and practices that lead to identity but also a plan action when identity theft is detected.

The new regulations, also known as Red Flag rules have long been thought to only apply to financial institutions such as banks, savings and loans, mortgage lenders and credit unions, but include small and midsize businesses. While FACTS clearly targeting financial institutions, the rules also cover "any person or business" that arranges for customer credit. "A creditor includes anyone who regularly extends credit to their customers, but the definition is not limited to that and can be broader," said Frank Dorman, a spokesman for the FTC. The agency defines a creditor as "any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit."

A business alert issued by the FTC adds, "Accepting credit cards as a form of payment does not in and of itself make an entity a creditor." When asked if the Red Flag rules apply to SMBs, Steve Neville, Entrust's director of identity products and solutions, replied, "Technically not, but it is a devilishly detailed question." Neville said most companies that extend credit to customers are doing so through an intermediary such as GE Creditline. In that case, GE would assume responsibility for FACTA compliance. Companies that don't use intermediaries would be subject to the Red Flag rules. The FTC added the Red Flag rules to FACTA in January, 2008 and businesses are required to define policies for recognizing red flags in identity verification. Typical red flags include discrepancies in address histories, fraud alerts on consumer reports, and questionable use of Social Security numbers, credit freeze notifications and unusual patterns of customer activities. 

Once those definitions are in place, companies are then required to define appropriate courses of action to take.
The new Red Flag rules evolved over a long series of congressional hearings that sought to find the causes of identity theft, particularly phishing and pretexting, the practice of using false pretenses to obtain the telephone records of another person. Pretexting gained widespread notoriety in 2006 when Hewlett-Packard admitted it used pretexting to obtain the personal telephone records of board members and the media as part of its efforts to investigate boardroom leaks. In addition to HP, the hearings revealed many companies were being duped into turning over personally identifiable customer data. 

Awareness by consumers and creditors coupled with technological safeguards has helped curb cases of identity theft. The number of identity fraud victims in the United States was 8.1 million in 2007, a 3.6% decrease from the 8.4 million in 2006 and a 9.0 % decrease from 2005 according to Javelin Strategy & Research.
In addition, an amendment to the Consumer Fraud and Deceptive Business Practices Act will allow all consumers to block sales of information from their credit reports. Consumers 65 and older and victims of identity theft will be able to block information for free and others will pay a $10 fee.
The Mortgage Rescue Fraud Act will protect homeowners on the brink of foreclosure from fraudulent “rescue” schemes that trick them into selling their home for a fraction of its value.
An amendment to the state’s Identity Theft Law will extend the definition of the crime to include fraudulent use of personal identification numbers, passwords or user names which the AARP lobbied actively for these bills.

Return to the top of the page  

        TEN RECOMMENDATIONS FOR IDENTITY THEFT PROTECTION

ID theft affects millions of households and costs billions of dollars. According to a comprehensive survey conducted by the U.S. Department of Justice (DOJ), identity theft is affecting millions of households in the U.S each year and costing an estimated $6.4 billion per year.About 3 percent of all households in the U.S., totaling an estimated 3.6 million families, were hit by some sort of ID theft.

According to the DOJ's numbers, credit card misuse is the most common consequence of identity theft. It accounted for about half of the cases of identity theft that the survey tracked, Baum said. Of the other identity theft victims, about 25 percent had banking and other types of accounts used without permission, 15 percent had their personal information misused, and about 12 percent faced a combination of several types of ID theft.

The average loss from these crimes amounted to $1290, with two-thirds of respondents saying that the theft cost them money. Based on these numbers, the nationwide estimated loss during the six months of the study amounted to $3.2 billion, for an annualized total of $6.4 billion.

The young and the well-to-do appear to be more at risk for identity theft, according to the DOJ numbers. Households headed by people between 18 and 24 years of age and those with incomes of $75,000 or more were the most likely to experience identity theft. Households in urban and suburban areas were also more likely to be affected. Five percent of households earning more than $75,000 per year experienced this kind of crime.

You don't have to spend $180 to $240 a year to defend yourself from identity theft at the level of protection that a paid service offers. You can do almost everything the services do, for free. But following these steps will require time and effort.

1. Get a free copy of your credit report by visiting AnnualCreditReport.com. Don't be fooled by look-alike sites that promise free reports if you subscribe to their credit-monitoring services. Better yet, order by phone at 877/322-8228. You can order one free report annually from each of the three credit bureaus. I recommend that you order one every four months from a different credit bureau.
Review the report for unfamiliar information, such as accounts you don't remember opening.

2. Tell the bureaus to stop selling your information to credit services, by calling 888/567-8688 or visiting OptOutPrescreen.com. Doing so will reduce but not eliminate the number of preapproved credit card offers you receive.
|

3. Place a fraud alert on your credit report by calling one of the credit bureaus. (You can find contact information for all three bureaus by browsing to the Fight Identity Theft Web site.)

4. Put a recurring event in your online calendar to remind you to renew your fraud alert in 90 days.

5. Request a free public records report from ChoicePoint . You'll have to print a form and mail it, along with copies of your driver's license and proof of address. Scan the report for addresses and other details not related to you.

6. Take your name off other marketing lists by signing up for ProQuo.com's free service. In some instances, you may have to mail letters or navigate to a marketer's own site to complete your opt-out request.

7. Buy a mailbox that locks, or use a post office box. This will help prevent thieves from stealing your identity via paper mail.

8. Buy a crosscut paper shredder and shred bank statements, financial statements, medical bills, anything with confidential or identifying information and junk mail to stop dumpster-diving identity thieves.

9. Never click a link from an e-mail message to log in to your bank or to any other financial institution. Type the secure site's address into your browser, bookmark it, and use that link to access your accounts. Otherwise, you risk having your identity stolen by phishers.

10. If you believe that you are a victim of identity theft, contact the Identity Theft Resource Center. Volunteers there can walk you through the process of restoring your identity. Get educated about Identity Theft. Mari Frank's IdentityTheft.org, the Privacy Rights Clearinghouse, and the Federal Trade Commission maintain huge libraries of information on how to avoid being victimized, and what to do if it has already happened.

Return to the top of the page  

       FREEZING CREDIT IS BEST DEFENSE AGAINST IDENTITY THEFT

Initiating a credit freeze on yourself is your best defense against the worst types of identity theft. Freezes have been available in some states for years, and they became available to all Americans last year. They are by far the best way to prevent a thief from opening new credit accounts in your name. By initiating a credit freeze, you are denying everybody access to your credit files at each of the three credit reporting bureaus. The only way a potential creditor can look at your frozen report is if you provide a personal identification code.

This also severely limits your ability to get approved for a loan or credit card. A business that is denied access to your credit report is likely to reject a request to open the new credit account or service.  The two primary drawbacks of locking down your credit with a freeze are cost (which is minimal) and inconvenience. TransUnion is temporarily offering a free credit security freeze of your TransUnion file, if you request it online at annualcreditreport.transunion.com/fa/securityFreeze/landing.

This saves you the freeze fee, which is $3 to $10 for most people, depending on your state. Individual states dictate the maximum it can cost to place freezes with each of the three credit bureaus, TransUnion, Euqifax and Experian. You need to freeze your credit file with each bureau. If your state has a maximum fee of $10 to freeze a report, you would have to pay $30 to freeze all three of your reports. Then when you wanted to apply for credit, you would have to supply your secret code and pay another $10 to lift a freeze at whichever bureau the creditor uses. Then you would pay another $10 to refreeze the file.

There is no cost for identity-theft victims, and some states charge lower fees or none for people 65 and older. Find out the rules for your state at FinancialPrivacyNow.org.  You can now remove the credit freeze in less than 15 minutes, a process that used to take up to three business days. And you can do it all online or over the phone.

Because of the three-day rule included in state laws, freezing your credit used to mean you couldn't get on-the-spot credit. For example, you might not have been able to open a department store charge card to receive an immediate discount or sign up for a wireless phone plan in a store. But as of September 1, 2008 several states started requiring electronically requested lifts within 15 minutes. In January, 2009 six more states will require the 15-minute lift. As a result, all three credit bureaus will now lift a freeze within 15 minutes for all consumers.

To obtain an on-the-spot lift of your credit freeze, you would find out which credit bureau the creditor wants to check. Call that bureau, provide your PIN and a method of paying for the lift, such as a credit card. You'll also have to specify how long you want the freeze lifted or, in some states, you can specify a certain creditor. If the sales representative in front of you has Internet access, you could also lift the freeze by providing that information at the credit bureau's Web site.

Return to the top of the page  

       IDENTITY THEFT DECLINED 15.9 PERCENT IN 2007 FROM 2003

According to a Javelin Strategy & Research survey, as reported by the Privacy Rights Clearinghouse, the number of identity theft victims per year in the U.S. fell by 1.7 million  or 15.9 percent from 2003 (10.1 million) to 2007 (8.4 million); and the mean time required to undo the damage in each instance was down from 40 hours in 2006 to 25 in 2007. The number of victims and the amount defrauded is down and, most important, it takes less time to clean up the mess. The majority of financial losses in an identity theft are suffered by credit issuers and banks as victims are rarely held responsible for fraudulent debts incurred in their name, however victims often bear the responsibility of contacting their banks and credit issuers after an identity theft has occurred.

To prevent identity thieves from making you a victim, you should:

·        Do not provide personal information to people who contact you over the phone, through the mail, or by e-mail. Ask them how you can get in touch with them so you can investigate. You should check them with the Better Business Bureau or search the Internet for complaints.

·        Safeguard your Social Security number. This is probably the most important information about you so you should not carry the card with you, and, if possible, do not provide the number to anyone unless you must.

·        Keep sensitive documents in a secure place. Birth certificates, Social Security cards, tax returns, insurance policies, wills, etc. should go in a fireproof safe or at least a locked drawer at home, or in a safety deposit box in a vault.

·        Shred everything that has your name, address, and other personal information. Use a cross-cut shredder instead of a strip-cut shredder if possible, because cross-cutting creates fragments that are much harder to piece back together.

·        Protect your Personal Computer. Make sure you run a software firewall, antispyware, and antivirus software and make sure that you update these programs on a regular scheduled basis.

·        Protect your password. No tech or customer service rep should ever ask you what your password is. This is a dead giveaway that you're dealing with a potential identity thief or, at best, an incompetent support tech. Don't use a weak or obvious password like your birth date, or your child’s or pet’s name. Strong passwords incorporate capital and lowercase letters, numbers, and, if possible, non-alphanumeric characters.

·        Beware of phishing. Don't click links in unsolicited e-mail, and don't enter information on strange Web sites. Don't even enter information on familiar Web sites that have changed recently. Call the company and ask if they've redesigned their site. Always check a site's encryption before entering personal information by looking  for https:// in the address bar, along with an icon indicating that VeriSign or another independent party has certified the site as secure.

Return to the top of the page  

It is important to recognize that there is no way to entirely protect yourself from identity theft because there are several places that have your private information that you have little or no control such as your insurance company, doctors' offices, your employer, etc.

According to the Federal Trade Commission’s (FTC) recent national survey on identity theft, more than three million Americans had their personal information stolen and used to open fraudulent bank, credit card or utility accounts, or used to commit other types of financial crimes.

Most victims of identity theft normally do not know they have been victimized until:

They are contacted by a collection agency over past due accounts they don’t know about.

They receive credit cards for which they did not apply;

Significant charges show up on a credit card bill for purchases they never made;

They notice unexplained charges or withdrawals on their bank accounts;

They are denied credit for no apparent reason;

They fail to receive bills or other mail, which may signal an address change by the identity thief;

A lender tries to repossess a car they did not know they owned;

They are contacted by the police after a crime is committed in their name.

If you become a victim, it is extremely important that you act immediately to stop the thief’s further use of your identity. Report the crime to the police. Call your bank and credit card issuers. Contact the fraud unit of the three credit reporting companies. Request that a “fraud alert” be placed in your file, as well as a victim’s statement asking that creditors call you before opening any new accounts or changing your existing accounts.

COMMON WAYS ID THEFT HAPPENS:

Identity thieves use a variety of methods to steal your personal information, including:

1.    Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.

2.    Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.

3.    Changing Your Address. They divert your billing statements to another location (typically, a mail box) by completing a "change of address" form.

4.    Dumpster Diving. They rummage through trash looking for mail, including bills, bank and credit card statements; pre-approved credit offers; and new checks or tax information.

5.     They steal personnel records from their employers, or bribe employees who have access.

Safeguard your information from Identity thieves by.

Inspect and review your credit report three times a year. The law requires the major nationwide consumer reporting companies—Equifax, Experian, and TransUnion—to give you a free copy of your credit report each year. Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write: Annual Credit Report Request Service, P.O. Box 105281 , Atlanta , GA 30348-5281 .

Shredding financial documents and paperwork with personal information before you discard them.

Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.

Don't give out personal information on the phone, through the mail, or over the Internet unless you are sure that you know with who you are dealing.

Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer and keep these programs up-to-date. Don't use an obvious password like your birth date, your pets, children’s or mother's maiden name, or the last four digits of your Social Security number.

Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.

Identify suspicious activity by routinely monitoring your financial accounts and billing statements.  Be alert to signs that require immediate attention such as:

·       Bills that do not arrive as expected

·       Unexpected credit cards or account statements

·       Denials of credit for no apparent reason

·       Calls or letters about purchases you did not make

Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.

If you suspect that you are a victim of Identity theft, you should immediately:

1.      Place a "Fraud Alert" on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:

·       Equifax: 1-800-525-6285

·       Experian: 1-888-EXPERIAN (397-3742)

·       TransUnion: 1-800-680-7289

Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.

2.      Close accounts. Close any accounts that have been tampered with or established fraudulently. Request verification that the disputed account has been closed and the fraudulent debts discharged.

3.      Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.

4.      Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.

5.      File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.

6.      Keep copies of documents and records of your conversations about the theft.

7.      Report the theft to the Federal Trade Commission either online at: www.ftc.gov/idtheft or by phone at: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261 or by mail to: Identity Theft Clearinghouse, Federal Trade Commission, Washington , DC 20580

 Return to the top of the page  

       IDENTITY THEFT COSTS A RECORD $56.6 BILLION

Identity theft, the biggest source of U.S. consumer fraud costs a record $56.6 billion in cash, goods, and services. Two thirds of victims have no out-of-pocket expense (because banks and credit card companies seldom ask victims to cover any charges), for about 3 million victims, the average cost of repairing their credit was nearly $1,200 and for all victims the average time to set the record straight was 40 hours.
Fortunately, ID theft is declining after cases reported to the Federal Trade Commission (FTC) nearly tripled from 2001 through 2004, the number of identity fraud victims in the United States was 8.1 million in 2007, a 3.6% decrease from the 8.4 million in 2006 and a 9.0 % decrease from 2005 according to Javelin Strategy & Research. Awareness by consumers and creditors coupled with technological safeguards has helped curb cases of identity theft.

The most frequent source of information for ID thieves is you according to the Javelin survey, among victims who knew how their numbers were pilfered, 30 percent of frauds began with a lost or stolen wallet, checkbook, or credit card. So don't carry PIN codes for your plastic or your Social Security card. One in seven cases of ID theft traced to a source turns up a family member or other trusted associate the victim. Keep your checkbook, credit cards, and any important papers (such as mortgage, insurance, and investment records) under lock and key. Javelin found, frauds first noticed by victims were uncovered a month sooner than those financial institutions identified. Regularly checking credit card and bank statements, it's good to scan your credit history for inquiries on existing accounts and applications for new loans. You can get one free credit history annually from each of the three major bureaus (Experian, Equifax, and TransUnion) at www.annualcreditreport.com. By rotating your requests, you can receive a report every four months.

Households earning less than $50,000 are three times more likely to be victimized by fraud according to Javelin Strategy & Research. According to Frost & Sullivan, the amount of credit card fraud is projected to reach $15.5 billion, up from $7.5 billion in 2007. Deloitte says that 51% of external attacks on financial institutions were phishing followed by spyware at 48%. Recent laws in eight states let you freeze access to your credit file to keep anyone, legit or not from reviewing your standing or opening loans in your name. Freezes that used to be applied by credit bureaus only after ID thieves struck are available free by law to any citizen in Colorado and New Jersey. Consumers in California, Connecticut, Louisiana, Maine, Nevada, and North Carolina can stop credit tampering cold for a small fee, generally up to $10. And for another $5 or $10 the same eight states allow a credit thaw when you need a new loan. Freezes are also available by law to ID-theft victims in Illinois, Texas, Vermont, and Washington.

You should shred anything bearing sensitive information into a crosscut (or "confetti") shredder. This makes it virtually impossible for garbage divers to read your data or use credit card "convenience checks" and new offers. To make sure mail isn't diverted before it reaches the shredder, get your letters delivered to a secure location. A street-side mailbox is easily accessible by thieves. Police say these boxes are favored targets of ID thieves looking for checks to steal. A mail slot into the house is better and if this is not possible, consider renting a box at the local post office.

Spend less time sorting and shredding by opting out of solicitations for new credit cards, mortgages, or other loans. To eliminate future trash at its source, call the credit bureaus' dedicated line at 888-567-8688 from your home telephone or register at www.optoutprescreen.com. If you call, an automated voice-response system will request your name, telephone number, and Social Security number; don't worry, the credit bureau has it already as part of your credit history. You can opt out for five years or forever. (And if you haven't done so already, by all means register your phone numbers with the National Do Not Call Registry maintained by the FTC at 888-382-1222 or www.donotcall.gov. Unless they're from charities, political groups, surveys, or companies with which you have ties, telemarketers are barred from calling registered numbers. So you'll know any call you do get is suspect.) 
All it takes to empty your bank account is a signed check and a pan of acetone, the active ingredient in nail polish remover. The identity thief crook tapes over your signature front and back, and then soaks the check in acetone to wash away everything but the printer's ink and your signature. He then dries the check and carefully peels off the tape resulting in a blank check signed by you. In addition, thanks to "bounce protection" from banks, the scamster can even overdraw your account. You should use a uni-ball gel pen, the only one that resists washing. You can also use tamperproof checks. And keep phone numbers off your printed checks can also say less. them altogether. Order checks from your bank, not from independent vendors, and seek out security features such as paper that acetone stains.

Every home computer should have security virus, spyware and adware software that is updated regularly. You should be aware and resist the bait from con artists "phishing" for your private information via email. The unseen danger comes from "spyware," which sneaks onto your computer to track your actions online. One kind, known as adware, merely gauges your interests to help websites predict what advertising might grab your attention. A more sinister sort of spyware monitors your every keystroke and reports back to a waiting attacker. Spyware infiltrates your computer by hiding inside a downloaded program or by an email you open or Web link you click on. I recommend Ad-Aware, itself a free download, but one you can trust.

You can also get a second (and sometimes third) free email account from MSN's Hotmail, Yahoo!'s Mail, or Google's Gmail so you can segregate your online shopping from banking and private correspondence and don't use your name or a familiar word as part of any address. Scramble some letters and numbers instead. These measures will make it a lot harder for phishers to find you by chance and lure you to scam websites. To reduce the hazard posed by a pirated cash card, call your bank and request a per-day limit on ATM withdrawals from your accounts.

Return to the top of the page  

More than 93 million personal data records have been lost or stolen since February 2005. That's on top of the tens of millions of records bought and sold annually by credit issuers, insurers, government agencies, data brokers and, of course, identity thieves. Your private information is accessible to hackers and company insiders who can profit by selling it on an online black market that didn't even exist. Most "identity theft protection services" are a waste of money and even the best are limited in what they can do. Credit monitoring services, for example, can neither tell you if someone is using your Social Security number to get a driver's license nor prevent ID theft. They just alert you sometime after the crime occurs.  You're entitled to a free credit report once a year from each of the major credit bureaus. Order one every four months by going to annualcreditreport.com or calling 877-322-8228. You can get another set of free reports if you call any one of the major bureaus and request that it place a 90-day fraud alert on your file. The alert tells lenders that are checking your report that they must call you before they extend credit in your name. 

Check your credit-card statement every month. Use cash or a credit card, not a debit card, when practical. Neither cash nor a credit card leaves any trace of your bank account information. Call the three major credit bureaus' toll-free line (888-567-8688) to opt out of prescreened offers of credit and insurance. Leave your Social Security card at home, and don't offer your number to anyone unless it's for tax, employment or credit purposes. Shred financial documents you no longer need. Ignore phone or e-mail solicitations or "security checks" from institutions you do business with unless you initiated the exchange. Your bank isn't sending you an e-mail asking for your account number and the IRS is not contacting you about a refund by 
Hackers across the globe are working 24/7 to find ways to steal your passwords or take control of your bank accounts. Keep your computer virus software up to date as attackers are constantly searching for flaws in your operating system, especially if you run Windows. Update your most critical software regularly which you can do automatically. Check your settings (under Control Panel in Windows and System Preferences on Macs) to make sure automatic updates are on. You must have antivirus, anti-spyware and firewall software. If you have unencrypted Wi-Fi, anybody can hop on to your network and use your bandwidth or watch what you do or even break into your computer. To foil them, set your router to encrypt your data. You usually have two choices: WEP or WPA. Choose WPA as it's tougher to break.  Make sure your computer is set not to share files with a network, and avoid typing in passwords or sensitive data, especially if you're on an unsecured Web page (one that doesn't start "https").  Use different passwords for your sensitive accounts that combine letters and numbers and are not a name or anything someone who knows a bit about you could guess.  Personal information can linger on your hard drive even if you think you deleted them. Before you throw or give away an old computer, wipe your hard drive clean with software that meets Department of Defense standards for data destruction. Disk wipers go for about $30, or you can download the free Darik's Boot and Nuke at dban.sourceforge.net. 

The World Privacy Forum stated that there were 19,428 complaints filed with the Federal Trade Commission concerning medical ID theft and estimated that the number of victims of medical ID theft at between 250,000 to 500,000. The average cost to U.S. companies per compromised record in 2006 was $182 compared to $138 in 2005, representing a 31% increase in 2006. These costs include direct incremental costs, lost productivity and customer opportunity costs according to the Ponemon Institute. They indicated that the average cost per data breach in 2007 was $4.8 million. More than 90% of the data breaches in 2007 were in digital form.

Source: Ponemon Institute

Almost 30% of all reported breaches originated with external partners, consultants, outsourcers or contractors and 40% of publicly disclosed security breaches were caused by hackers or insider access, specifically targeting sensitive personal information according to AARP Public Policy Institute.  The FBI estimated that the annual U.S. business loss from computer related crimes was $67.2 billion in 2007. The Privacy Rights Clearinghouse revealed that 93.8 million personal records were reported lost or stolen

Homeowners facing mortgage foreclosure across the U.S. are being scammed by foreclosure “rescue” companies promising to save their house but that only take their money. The dismal forecasts for the housing and financial markets will result in an increase in consumers becoming victims to mortgage foreclosure scams. An estimated 1.8 million homeowners could lose their homes to foreclosure in the next two years. These people are desperately trying to save their home and unfortunately con artists are seeing their chance to make a fast buck off of troubled homeowners.

States with the highest foreclosure rates include Ohi0, Georgia and Colorado has been targeted by unscrupulous mortgage foreclosure rescue companies. Homeowners are either contacted directly by a mortgage foreclosure rescue company or came across a Web site while searching for help to stop foreclosure on their home. The companies claimed they would renegotiate the terms of their mortgages and stop foreclosure actions, or the homeowners would get their money back. Victims, who were desperate to keep their homes, pay as much as $1,500, however, in the end; these companies do very little work or often nothing at all. Most victims, not only lost their homes, but they also have not been able to get their guaranteed refunds from these companies.

In 2007, only two mortgage foreclosure rescue companies operated in the Charlotte area, but now the number has now jumped to 15 of which six have government actions against them including cease and desist requests, temporary restraining orders or consent judgments. There were 21 new companies offering mortgage foreclosure rescue opened in the Cleveland area in the past year. In the last 12 months, there were 322 complaints filed in the Clearwater , Florida area with the total amount of refunds requested by the complainants in the Clearwater area amounts to more than $600,000.

Homeowners facing mortgage foreclosure should:

If you feel you have been taken advantage of by an unethical mortgage foreclosure “rescue” company, file a complaint with your BBB at www.bbb.org.

  Return to the top of the page  

The Financial Crimes Enforcement Network fielded nearly 15,000 reports of suspicious mortgage-related activity in the first quarter of fiscal year ended December 31, 2008 and total over 60,000 annually. By comparison, the crimes network received a record 46,700 such reports in fiscal 2007, up from 35,600 in 2006. But the number of reports is probably only the tip of the fraud iceberg because only federally regulated institutions must file them; lenders are not required to do so and they make the bulk of all home loans.

Under one of the scams, builders, using inflating appraisals, would sell a $100,000 house for $120,000 and use the extra money to fund the buyers' down payments and closing costs. These incentives are not only built into the inflated purchase price, they also are not disclosed to the loan officer or the appraiser. There is an organized effort to conceal them" from lenders, which end up providing loans for more than the property is worth. There is a lot more involvement from real-estate agents since they are the ones shopping these loans to lenders.

Rescue scams aimed at owners facing foreclosure also have a new twist. Under the old ruse, troubled owners are tricked into signing their homes over with the promise that they will get them back when they get back on track. Owners are told to make their payments to the con man who will then forward them to the lender. But he collects money, and the house eventually goes into foreclosure. These days, the scam artists are selling the house to an unsuspecting buyer through another lender. This gives them "rent" from the original owner and a payoff from the sale of a house they took under false pretenses.

Then there's "puffing," a new wrinkle on flipping. Instead of buying a house on the cheap from a seller who wants out desperately and selling it an inflated price the next day, the "buyer" offers an inflated price while agreeing to kick back the difference at closing. Phony investment clubs also are on the rise in which investors are lured into joining with others to put their money into buying houses at distress-sale prices with the promise of big rewards when the houses are sold.
The few houses that are purchased are sold at inflated values to fictitious buyers. So now the thief not only has money from the unsuspecting investors, he also pockets the proceeds from the sale.

The FBI estimated that federal investigators are likely to uncover some $3 billion in mortgage losses. Previous government estimates have put losses at $1 billion to $2 billion. But analysts at Interthinx, the California fraud-detection company, recently called into question some $11 billion in loan applications—just from its own clients.

Reported mortgage fraud incidents rose 42 percent nationwide, with Illinois ranking 3^rd among the states reporting the highest number of cases. Florida ranked first, with properties accounting for nearly a quarter of all mortgage fraud incidents, according to the Mortgage Asset Research Institute. California ranked second, followed by a three-way tie for third among Illinois, Maryland and Michigan.

The most common mortgage fraud cases include misrepresenting income, employment history, and debt and assets. Maryland had 69 percent of its cases, an unusually high percentage that involved tax return and financial statement misrepresentation. Mortgage fraud has represented about $1 billion in losses over the past decade. The increase in reported incidents comes as lenders raise credit standards to curb rising foreclosures. In the past, the industry was too careless in qualifying risky borrowers during the real estate boom. Tightening credit standards by itself doesn't eliminate fraud," said Merle Sharick, national manager of business development for the mortgage institute. The mortgage business which was fueled by low interest rates and soaring home values attracted shady operators, resulting in billions of dollars in losses.
Today, the damage from the global mortgage meltdown has more than matched that of the savings-and-loan bailouts of the 1980s and early 1990s. Banks and brokerages have written down more than $300 billion of mortgage-backed securities and other risky investments in the past year due to a gross failure of regulation.

The FBI had about 1,000 agents deployed on banking fraud during the S&L fiasco of the 1980s and '90s, however in 2007; the number of agents pursuing mortgage fraud sank to around 100. The FBI says it now has about 200 agents working on mortgage fraud. Over the past three years, the FBI and other agencies have brought dozens of mortgage-fraud cases, but many have been relatively small, the size of two or three loans. The FBI says it has 21 open investigations into possible large-scale fraud related to the sub-prime meltdown. The FBI also is more actively working with other federal investigative agencies such as The Secret Service which has assigned more than 100 agents to examine mortgage fraud.

A Trojan horse virus called "Trojan.Silentbanker" is a program that performs "man-in-the-middle" attacks between users and more than 400 banks. Running on the user's computer, the Trojan monitors the use of Web sites, looking for banks it can manipulate. It reads data coming from the bank and instructions sent by the user, and modifies fields in user instructions such as the account destination of transfers.

The "Trojan.Silentbanker" virus can even attack sites that require two-factor authentication (generally in the form of one-time password tokens). Really, this isn't surprising or even all that impressive. Once a Trojan is in the position to intercept and modify form fields, it follows that it could do so with the one-time password, which is just another form field. This level of compromise requires a malware infection on your PC. Conventional phishing sites, which do not incorporate malware, can attempt to fool you, but they attack only one bank at a time. This particular Trojan has weaknesses, such as looking at specific addresses for updates that will help to limit it. Your best defense is to keep antivirus software up to date and not to run executables you get from strangers.

Medical identity theft is an increasing problem as between 300,000 and 500,000 people have their medical identities stolen each year. "This is the fastest-growing form of identity theft in America today," said James Quiggle, director of communications for the Coalition Against Insurance Fraud in Washington.

Most of the people responsible for are people working in the health-care sector including billing or housecleaning staff or clerical workers at large hospitals who have access to confidential patient information such as Social Security and health insurance policy numbers. Some health-care workers use the information themselves or give it to friends or associates to use fraudulently or they might sell the information to criminals, reportedly for $5 to $50 a name. Increasingly, large-scale criminal gangs are targeting medical identity theft as a profit making opportunity. Gangs employ crooked providers to bill insurers fraudulently for services never actually delivered, collecting millions of dollars in revenue. Less frequently, individuals steal someone's medical identity to get otherwise unaffordable care.

There are almost 50 million people considered uninsured today, so medical identity theft may become a growing problem as more people become desperate enough to turn to crime to find treatments that they can’t otherwise get or afford.
In many cases the crimes are not discovered until a collection agency begins calling. Often, the thief will arrange to have the insurers' billing documents sent to a false address, said Jay Foley, executive director of the Identity Theft Resource Center. It's common for thieves to create fraudulent driver's licenses and insurance cards, which are all most medical centers, ask for before they provide care. It is very easy to go on the Internet and come up with a sample of your health insurance card and then Photoshop the information you want on it?

Even if the victim does not end up paying the bill, he will have to deal with false information in his medical and health insurance records. Having someone else's information mixed in your medical record could compromise your own care. What if the test results or physical findings are those of someone else, but doctors use them when you have a medical emergency? Medical identity theft is just really beginning to create an awareness to health-care providers.

       IDENTITY THEFT DECLINES 11.2% TO $45.3 BILLION IN 2007

The study was based on phone interviews last fall with 5,075 people, including 445 who said they were fraud victims and was sponsored by Wells Fargo & Co, credit card network Visa Inc, and CheckFree, a maker of bill-paying software owned by Fiserv Inc.

Identity theft is often a crime of opportunity. To reduce your chances of becoming a victim of identity theft, we recommend the following:

1. Check financial statements promptly. Always review your monthly banking, brokerage, and credit-card statements for accuracy. Report problems immediately.
2. Watch your credit. DO NOT purchase credit reports as you can receive them free (once from each the three credit bureaus annually) by logging in at www.annualcreditreport.com. It is the only official site to provide free reports and it is safe to type in your Social Security number to the site. I recommend that you order your free copy every 4 months alternating the three credit bureaus. Examined your credit reports for errors and report errors promptly and in writing.
3. Opt Out. I strongly recommend that you Opt out of pre-approved credit card offers by calling the Credit Reporting Industry Pre-Screening Opt-Out Number at 888-567-8688 or on the web at OptOutPrescreen.com. Consider "opting out" of information sharing at your financial institutions. (Check your company's financial privacy notice, which is mailed annually and usually posted on company Web sites, to find out how.)
4. Safeguard your Information. Never disclose your Social Security number, birth date, or mother's maiden name unless you initiated the transaction. On paper documents, don't include such data unless required to do so on an official application for employment, financing, or insurance. (Ask employers and financial institutions to offer alternatives.) Never put such information on personal Web pages or publicly posted résumés or directories. Safeguard driver's license, passport and other government ID at all times. Lock desks, cabinets, and safes containing such information in your office and home. Don't carry ID that contains sensitive data like your Social Security number unless absolutely necessary.
5. Shred and destroy. Before throwing out files containing Social Security numbers, account numbers, and birth dates, shred them with a cross-cut shredder. Destroy CDs or floppy disks containing sensitive data by shredding, cutting, or breaking them. Use hard-drive shredding software or remove and destroy your hard drive before discarding a computer. Just deleting files isn't enough.
6. Guard mail. Consider using a locked mailbox or slot to receive mail at home. Deposit mail in postal mailboxes or in the post office to discourage mail theft.
7. Cordless Phones. Don't use cordless phones to conduct sensitive financial or medical business, because eavesdroppers on other phones and those using eavesdropping equipment may be able to overhear your conversations.
8. Verify Web sites. Check privacy and security policies of Web sites before making purchases, trading stocks, or banking online. A professional-looking Web site is no guarantee of security. Don't respond to unsolicited e-mail requests for personal information. Log off your browser after using public Internet-access computers in libraries, Internet cafes, etc. Don't pay bills, bank, or conduct other financial transactions on public computers. If you have a high-speed Internet connection at home, unplug the computer's cable or phone line when you are not using it to discourage hackers.
9. Utilize Fire Walls and Virus Protection. Install firewalls and virus-detection software on your home computers and set them up to automatically update the software to discourage hackers. Use hard-drive shredding software or remove and destroy hard drives before discarding a personal computer.
10. Protect your password. Consider password-protecting all your bank and brokerage accounts. Create passwords at least eight characters long. When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
11. Emails. Never directly respond to e-mail asking for personal information. If you doubt a message's authenticity, verify it by contacting the institution itself. Forward the fraudulent spam to the Federal Trade Commission at spam@uce.gov and the Anti-Phishing Working Group at reportphishing@antiphishing.org.
12. Avoid spoofed sites. By entering Web addresses directly into the browser yourself or by using bookmarks you create. A secure Web site gives you more assurance. To see whether a site is secure, look at the bottom of your browser's window for an icon of an unbroken key or a lock that's closed, golden, or glowing. Double-click on the lock to display the site's certificate, and make sure it matches the company you think you're connected to.

If you become a victim,

1. Report the crime immediately. Filing a report with your local police and keeping a copy yourself will make it easier to prove your case to creditors and merchants and may help you build a lawsuit if you have to sue to recover losses or clear your name later. In some states, you may have to report the incident in the jurisdiction where the fraud occurred, such as the location of the store where the thief charged merchandise to your account, even if that is not where you live.
2. File a complaint. The Federal Trade Commission investigates interstate and Internet fraud. Download a copy of an ID theft affidavit from the FTC's Web site to help you notify merchants, financial institutions and credit bureaus.
3. Contact credit-reporting agencies. Use the FTC ID-theft affidavit mentioned above to help you do this. Call TransUnion, 800-680-7289; Experian, 888-397-3742; and Equifax, 800-525-6285, to get addresses and instructions. Ask to have your account flagged with a fraud alert, which asks merchants not to grant new credit without your explicit approval. Keep copies of all your correspondence.
4. Notify banks, creditors, and utilities. Close accounts that have been used by thieves. Choose new passwords and PINs for all your accounts and don't use your mother's maiden name as a password. Notify merchants that issued credit or accepted bad checks in your name; use your police report or FTC affidavit as backup.

Identity theft, the fraudulent use of your name and identifying data by someone else to obtain credit, merchandise, or services claimed seven million victims in the U.S. last year, according to a recent survey by Privacy & American Business, a publication of the Center for Social & Legal Research, a nonpartisan think tank. Victims typically lose $800 and spend two years clearing their name. It is an equal-opportunity crime, affecting victims of all races, incomes, and ages. Overall, more than 33 million Americans, about 1 in 6 adults, say they have had their identities used by someone else sometime since 1990, and the Department of Justice says ID theft is the nation’s fastest-growing financial crime. Many victims don’t learn of the crime for several months because thieves often shield their actions by using a different address when they open new accounts in the victim’s name. Financial institutions and other businesses should use encryption and better systems to prevent and detect computer hackers and to control access by insiders, computer security and privacy experts say.

Identity fraud has become a major element in crimes ranging from international drug trafficking to terrorism; Al Qaeda operatives in Spain used stolen credit and telephone cards and false passports and travel documents to open bank accounts and pay for travel and communication abroad, an FBI agent testified before a congressional subcommittee last year. Identity theft is a problem largely because financial institutions, merchants, credit bureaus, and the government do not adequately safeguard vast databases and other records containing consumers’ sensitive information, making it relatively easy for thieves, often insiders to access these data. ID theft usually occurs not because of the carelessness of the individual consumer, but because of the carelessness or vulnerability of the organizations they deal with, including the government. All that ID thieves really need to open credit or bank accounts under your name or to drain your existing accounts are three pieces of information: your full name, Social Security number, and date of birth.

Every day, some 27,000 Americans have their identities stolen. In about a third of those cases, crooks use the information to open new accounts in their victim’s name. Thirty-six states and the District of Columbia have a new tool promoted by Consumers Union and other consumer groups to stymie thieves: security-freeze laws that allow consumers to protect their credit record from predators. A freeze essentially locks up the information needed to conduct a credit check, and creditors won’t open new accounts without that check. An imposter will be foiled, but you can lift the freeze using a PIN if you want to open new accounts. A security freeze provides much stronger protection than the fraud alert that is currently available under federal law. An alert placed on a credit file amounts to a caution flag that is supposed to trigger added scrutiny by creditors. Twenty-eight of the states that have security-freeze laws make this safeguard available to everyone, whether or not he or she has been a victim of ID theft. Most states that offer a security freeze make it free to identity-theft victims and some provide it at no charge to seniors. For those consumers who want the freeze but aren’t victims of ID theft, most state security-freeze laws allow each of the three major credit bureaus to charge $5 to $10 to initiate the protection or to lift the freeze.

Credit bureaus have a financial incentive to make it easy for potential creditors to check credit reports and make a lot of money from selling to consumers more expensive credit-monitoring services, which are unnecessary, especially when a security freeze is in place. Most states allow consumers to request this protection by e-mail or by phone, and require credit bureaus to lift the freeze within 15 minutes of a request.

Data leaks of all types have become so common that a 2008 study of breach victims by the Ponemon Institute found that 55 percent of victims had been notified of two or more breeches in the previous 24 months. You should consider taking these measures to guard against identity theft:

Visa and MasterCard now require merchants and big banks that issue their branded cards to use secure Internet technology. They’re using new identity verification and authentication systems for controlling transactions among customers, merchants, and banks. In addition, both now require member banks and merchants to encrypt personal data stored on their servers.

The IC3 (Internet Crime Complaint Center), a partnership between the FBI and the NW3C (National White Collar Crime Center) issued a report for the year 2006. It's brimming with interesting statistics, including the Top 10 IC3 Complaint Categories:

The cost of your stolen identity on the black market.

Return to the top of the page  

Too many people have access to the documents. Few managers should have access, and records should be kept under lock and key. Companies that are frequent targets for identity fraud, including cell-phone services, retailers that offer instant credit, and large banks, are investing heavily in systems designed to detect fraudulent credit applications. ID Analytics has designed one that assigns a score like a credit score to a credit application. A high score means the identity of the applicant is probably stolen or fake. The software has detected fraud in 7.5 percent of credit applications. Under another system, a Social Security number that doesn’t correspond to the birth year of the applicant might trigger a warning. But too many merchants still don’t check. Systems that monitor an organization’s connections to the Internet and that prevent and detect hacking are a must to deter ID thieves and virus attacks.

To address this growing problem of Identity Theft, Senators Patrick Leahy (D-VT) and Arlen Specter (R-PA) recently introduced a bill, the Identity Theft Enforcement and Restitution Act, that gives victims the chance to seek restitution of costs incurred if anyone is convicted. The bill also expands the power of law enforcement agencies to deal with cases of identity theft.

While it increases identity-theft penalties, the crime is so easy, and the risk of getting caught is so low, that this is only part of the solution. The real solution to identity theft is to impose duties on companies and government agencies to protect information. But data protection is only half the equation; consumers must be educated to avoid falling for phishing scams. One issue is that because of a shortage of resources in law enforcement, only about 10 percent of identity-theft cases are investigated. Unless you are a victim of some major cybercrime, you really are not going to be able to tap into this restitution.

California leads other states and the federal government with its identity-theft laws. Consumers Union’s West Coast Regional Office helped push for many of them. Many consumer-rights, privacy-rights, and law-enforcement advocates say they want to see other states copy the laws, which do the following:

• Require that consumers be notified of security breaches that could compromise their personal data, including Social Security numbers.

• Entitle fraud victims to a free credit report every month for a year after they notify credit-reporting agencies that they have been victims of fraud.

• Require individuals requesting birth or death records to provide proof of identity and to sign a form indicating the reason for the request.

• Allow customers to freeze their credit reports if they have been victims of fraud. This requires credit-reporting agencies to get permission from consumers before disseminating their credit reports to lenders. Also, state law requires credit issuers to honor fraud alerts on files and to deny new credit requests until the consumer is notified.

Texas enacted a similar credit-freeze law, which Consumers Union supported. Proponents say such laws go a long way toward preventing identity theft and helping victims to limit the damage. In addition, more than 20 bills concerning identity theft are pending in Congress.

• Require law-enforcement officials to take reports of identity theft in the jurisdiction where the victim resides.

• Limit the use of Social Security numbers.

State Security Freeze Laws

Identity theft is one of the fastest growing financial crimes. Nearly 10 million Americans fall victim each year. The Identity Theft Resource Center reported in 2005, on average, an ID theft victim of new account and other fraud spent 60 hours resolving problems brought on by ID theft, those victims of existing accounts spent an average of 15 hours resolving problems. A Federal Trade Commission study found that identity theft also costs U.S. businesses nearly $48 billion annually, and consumers an additional $5 billion per year.

A security freeze lets consumers stop thieves from getting credit in their names. A security freeze locks, or freezes, access to the consumer credit report and credit score. Without this information, a business will not issue new credit to a thief. When the consumer wants to get new credit, he or she uses a PIN to unlock access to the credit file. These states give consumers this important weapon to prevent identity theft:

Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Hawaii, Indiana, Illinois, Kansas, Kentucky, Louisiana, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, New York, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Vermont, Washington, West Virginia, Wisconsin, Wyoming

Arkansas
Applies to identity theft victims with a valid investigative report, an incident report, or a complaint with a law enforcement agency.
Fee of $10 to place, temporary lift or remove.
Effective as of January 1, 2008
For more information on statute (House Bill 2215): http://www.arkleg.state.ar.us/ftproot/bills/2007/public/HB2215.pdf
For instructions on how to place a security freeze in Arkansas, see: www.consumersunion.org/pdf/security/securityAR.pdf

California
Applies to all consumers
Effective as of Jan. 1, 2003, subsequently amended to cap fees on non-ID theft victims
No fee for victims to place the freeze, others pay up to $10 per freeze
Caps fee to lift freeze at $10 for temporary lifting for a time, $12 for temporary
lift for one creditor California Civil Code sections 1785.11.2-1785.11.6. see:
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=14008017861+0+0+0&WAISaction=retrieve
How to place your security freeze in California and a link to the
text of the California statute, see: http://www.privacyprotection.ca.gov/sheets/cis10securityfreeze.htm

Colorado
Applies to all consumers
Fees: No fee for first freeze; $10 to place a second freeze, $10 to lift, $12 for temporarily lift for one creditor
Effective as of July 1, 2006
Text of Colorado Revised Statutes 12-14.3-102 et seq, (SB 05-137): http://www.leg.state.co.us/Clics2005a/csl.nsf/fsbillcont3/349195C4D17F1A7787256F8E0001202B?Open&file=137_enr.pdf
For more information on the security freeze law in Colorado, see: http://www.ago.state.co.us/idtheft/securityfreeze.cfm
For instructions on how to place a security freeze in Colorado, see: www.consumersunion.org/pdf/security/securityCO.pdf

Connecticut
Applies to all consumers
Fees: $10 to place, lift, or lift temporarily, $12 to lift for one creditor
Effective as of Jan. 1, 2006
For more information on the security freeze law in Connecticut (Connecticut General Statutes § 36a-701), see: http://www.ct.gov/ag/cwp/view.asp?A=1949&Q=293270
For instructions on how to place a security freeze in Connecticut, see: www.consumersunion.org/pdf/security/securityCT.pdf

Delaware
Applies to all consumers.
$20 to place, free to temporarily lift for a period of time or specific creditor and to remove.
Effective as of September 28, 2006
For more information on the Substitute for SB 109, see: http://www.legis.state.de.us/LIS/lis143.nsf/EngrossmentsforLookup/SS+1+FOR+SB+109/$file/Engross.html?open
For instructions on how to place a security freeze in Delaware, see: www.consumersunion.org/pdf/security/securityDE.pdf

District of Columbia
Applies to all consumers $10 for an initial placement, free for victims of ID theft; no fees to remove permanently or temporarily.
Effective Date: July 1, 2007 For more information on DC Code §28-3861 through §28-3864, see: http://www.dccouncil.washington.dc.us/images/00001/20061218135957.pdf
For instructions on how to place a security freeze in Washington DC, see: www.consumersunion.org/pdf/security/securityDC.pdf

Florida
Applies to all consumers.
No fees for victims of identity theft (with investigative report) and seniors aged 65 years and older.
For all others, there is a $10 fee to place, temporarily lift or to remove a security freeze.
Effective as of July 1, 2006.
For more information on Florida Statute Section 501.005 et seq. (2006 HB 37), see: http://www.myfloridahouse.gov/Sections/Documents/loaddoc.aspx?FileName=_h0037er.doc&DocumentType=Bill&BillNumber=0037&Session=2006 For instructions on how to place a security freeze in Florida, see: www.consumersunion.org/pdf/security/securityFL.pdf

Hawaii
Applies to all consumers.
No fees permitted for ID theft victims. For others, $5 to place, temporary lift or remove the freeze.
Effective as of January 1, 2007 for victims only, for all consumers as of June 15, 2007.
For more on Title 26 Hawaii Revised Statutes Section 1 et seq. (HB 1612) see: http://www.capitol.hawaii.gov/sessioncurrent/bills/hb1612_.htm
For instructions on how to place a security freeze in Hawaii, see: www.consumersunion.org/pdf/security/securityHI.pdf

Indiana
Applies to all consumers
No fee to place, temporary lift or remove security freeze for all consumers.
Effective as of September 1, 2007.
For more information on SEA 403: http://www.in.gov/legislative/bills/2007/ES/ES0403.2.html
And for instructions on how to place a security freeze in Indiana, see: www.consumersunion.org/pdf/security/securityIN.pdf

Illinois
Applies to all consumers
Victims with police reports and seniors 65+ years old do not pay a $10 fee to place, remove, or temporarily remove.
Effective as of January 1, 2007
For more information on 815 ILCS 505/2MM: http://www.ilga.gov/legislation/ilcs/fulltext.asp?DocName=081505050K2MM
For instructions on how to place a security freeze in Illinois, see: www.consumersunion.org/pdf/security/securityIL.pdf

Kansas
Victims of ID theft only, with a police, investigative report or complaint filed with a law enforcement agency
No fees permitted
Effective as of Jan 1, 2007
For more information on S.B. 196: http://www.kslegislature.org/bills/2006/196.pdf
For instructions on how to place a security freeze in Kansas, see: www.consumersunion.org/pdf/security/securityKS.pdf

Kentucky
Applies to all consumers
Fees: No fees on ID theft victims who provide a police report.
Others pay up to $10 to place, remove, temporarily suspend, or have PIN reissued.
Effective as of July 11, 2006
Expires after 7 years from date of placement or upon consumer's request, if earlier
For more information on Chapter 367 Kentucky Revised Statutes Sections 1-3 (HB 54):
http://www.lrc.ky.gov/record/06RS/HB54.htm
For instructions on how to place a security freeze in Kentucky, see: www.consumersunion.org/pdf/security/securityKY.pdf

Louisiana
Applies to all consumers
No fees for ID theft victims or persons age 62 or older.
For others $10 to place, $8 to lift, no fee to remove the freeze.
Effective as of July 1, 2005
Louisiana Statutes Annotated § 9.3571(H) to (Y) , see: http://www.legis.state.la.us/leg_docs/04RS/CVT4/OUT/0000LW18.PDF
For instructions on how to use the security freeze in Louisiana, see: http://www.ag.state.la.us/calerts/alert0015.aspx

Maine
Applies to all consumers
No fees on ID theft victims who provide a police report.
Others pay up to $10 to place, remove, temporarily suspend, or have PIN reissued, and $12 to lift for a specific creditor.
Effective as of Feb. 1, 2006.
For more information on 10 MRSA §1313-C: http://janus.state.me.us/legis/LawMakerWeb/externalsiteframe.asp?ID=280015326&LD=581&Type=1&SessionID=6
For instructions on how to place a security freeze in Maine, see: www.consumersunion.org/pdf/security/securityME.pdf

Maryland
Applies to all consumers
No fees on ID theft victims who provide report of alleged identity fraud or with an identity theft passport.
Others pay $5 for each placement, temporary lift or removal.
Effective as of January 1, 2008.
For more information on SB 52: http://mlis.state.md.us/2007RS/bills/sb/sb0052e.pdf
For instructions on how to place a security freeze in Maryland, see: www.consumersunion.org/pdf/security/securityMD.pdf

Minnesota
Applies to all consumers.
Fees: No fees on ID theft victims who provide police report.
Others pay $5 to place, remove, temporarily suspend, lift for specific creditor.
Effective as of August 1, 2006 For more information on statute (Senate Bill
2002): http://www.revisor.leg.state.mn.us/bin/bldbill.php?bill=S2002.4.html&session=ls84
For instructions on how to place a security freeze in Minnesota, see: www.consumersunion.org/pdf/security/securityMN.pdf

Mississippi
Applies to identity theft victims with a police report, investigative report or complaint which the consumer has filed with a law enforcement agency.
Fee of $10 to place.
Effective as of July 1, 2007
For more information on statute (Senate Bill 3034): http://billstatus.ls.state.ms.us/documents/2007/html/SB/3000-3099/SB3034SG.htm
For instructions on how to place a security freeze in Mississippi, see: www.consumersunion.org/pdf/security/securityMS.pdf

Montana
Applies to all consumers.
No fee for victims, $3 for all others to place or lift the freeze and $5 replacement PIN.
Effective: July 1, 2007
Bill: SB 116. To see the text, go to: http://data.opi.mt.gov/bills/2007/billpdf/SB0116.pdf.
For instructions on how to place a security freeze in Montana, see: http://www.doj.mt.gov/consumer/consumer/securityfreeze.asp

Nebraska
Applies to all consumers.
No fee for ID theft victims, one time $15 fee for all others.
Effective: September 1, 2008
Bill: LB 674. To see the text, go to: http://uniweb.legislature.ne.gov/FloorDocs/Current/PDF/Slip/LB674.pdf.
For instructions on how to place a security freeze in Nebraska, see: www.consumersunion.org/pdf/security/securityNE.pdf

Nevada
Applies to all consumers
No fee for ID theft victims who submit a police report, for others $15 to place, $18 to lift, $20 to lift for one creditor
Effective as of October 1, 2005.
For more information on NRS 598C in easy to read bill form: http://www.consumersunion.org/pdf/security/NV_security_ freeze_law.pdf
For instructions on how to place a security freeze in Nevada, see: www.consumersunion.org/pdf/security/securityNV.pdf

New Hampshire
Applies to all consumers
No fee for ID theft victims who submit a copy of a police report, investigative report, or complaint to a law enforcement agency, for others $10 to place, temporarily lift or remove
Effective as of January 1, 2007
For more information on statute to be enacted as New Hampshire Revised Statutes
Annotated 359B:23 (SB334): http://www.consumersunion.org/pdf/security/NH_security_ freeze_law.pdf
For instructions on how to place a security freeze in New Hampshire, see: www.consumersunion.org/pdf/security/securityNH.pdf

New Jersey
Applies to all consumers
No fee for initial freeze. Up to $5 to remove, temporarily lift or have PIN reissued.
Consumers are also permitted to make such requests directly to consumer reporting agencies via secured electronic mail.
Effective as of January 1, 2006
Text of 56:11-44 et seq. in bill form: http://www.njleg.state.nj.us/2004/Bills/S2000/1914_R1.PDF
For information on how to place a security freeze in New Jersey, see: http://www.njdobi.org/creditfreeze.htm

New Mexico
Applies to all consumers.
Free for residents over 65 years of age, identity theft victims with copy of police or investigative report.
Effective July 1, 2007 Text of bill, SB 165: http://legis.state.nm.us/Sessions/07%20Regular/final/SB0165.pdf
For information on how to place a security freeze in New Mexico, see: www.consumersunion.org/pdf/security/securityNM.pdf

North Carolina
Applies to all consumers. No fees for ID theft victims with valid report/complaint with law enforcement agency.
For others, up to $10 to place, remove, or temporarily suspend.
Effective as of December 1, 2005
For more information on North Carolina General Statutes §75-63: http://www.ncga.state.nc.us/enactedlegislation/statutes/pdf/bysection/chapter_75/gs_75-63.pdf
For instructions on how to place your security freeze from the North Carolina Attorney General, go to: http://noscamnc.gov/yourself.html

North Dakota
Applies to all consumers.
No fees for ID theft victims with valid copy of a police report or police case number documenting the identity theft, investigative report, or complaint to law enforcement agency. For others, up to $5 to place or temporarily lift.
Effective as of June 1, 2007.
For more information on North Dakota: http://www.legis.nd.gov/assembly/60-2007/bill-text/HRDH0400.pdf
For instructions on how to place your security freeze in North Dakota, see: www.consumersunion.org/pdf/security/securityND.pdf

New York
Applies to all consumers.
Free to place first time for everyone. After first time, or to lift temporarily or remove there is a $5 fee except for victims who pay no fee.
Effective as of November 1, 2006
For more information on the law: http://www.consumersunion.org/campaigns/pdf/security/NYSecurityLaw.pdf
For instructions on how to place your security freeze in New York, see: www.consumersunion.org/pdf/security/securityNY.pdf

Oklahoma
Applies to all consumers, no fees for ID theft victims with investigative report
and no fees for seniors 65 years +.
Effective as of January 1, 2007
For more information on this Title 24 of Oklahoma Statutes Sections 149 and
150 (SB 1748): http://www.consumersunion.org/pdf/security/OK_security_ freeze_law.pdf
For instructions on how to place your security freeze in Oklahoma, see: www.consumersunion.org/pdf/security/securityOK.pdf

Pennsylvania
Applies to all consumers, $10 to place but no fees for ID
theft victims or seniors 65 years +. Freeze lasts 7 years.
Effective as of Jan. 1, 2007
For more information on SB 180, see: http://www.legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?syear=2005&sind=0&body=S&type=B&BN=0180
For instructions on how to place your security freeze in Pennsylvania, see: www.consumersunion.org/pdf/security/securityPA.pdf

Rhode Island
Applies to all consumers. No fees for ID theft victims or seniors 65 years +. For others, $10 to place, temporary lift and remove the freeze.
Effective as of Jan. 1, 2007
For more information about Rhode Island Statutes 6-48-1 et seq. (H7148), see:
http://www.rilin.state.ri.us/Billtext/BillText06/HouseText06/H7148Aaa.pdf
For instructions on how to place a security freeze in Rhode Island, see: www.consumersunion.org/pdf/security/securityRI.pdf

South Dakota
Applies to identity theft victims with a police report.
No fees, only freezes credit report, expires after 7 years from date of placement or upon consumer's request, if earlier
Effective as of July 1, 2006
Text of statute (SB 180): http://legis.state.sd.us/sessions/2006/bills/SB180enr.htm
For instructions on how to place the security freeze in South Dakota, see: www.consumersunion.org/pdf/security/securitySD.pdf

Tennessee
Applies to all consumers. No fees for ID theft victims. For others $7.50 to place, free to temporary lift, $5 to remove the freeze.
Effective Jan. 1, 2008
For more information about the Tennessee bill, HB 200, see: http://tennessee.gov/sos/acts/105/pub/pc0170.pdf
For instructions on how to place a security freeze in Tennessee, see: www.consumersunion.org/pdf/security/securityTN.pdf

Texas
Applies to identity theft victims with a police report. Applies to all consumers beginning September 1, 2007.
No fee for ID theft victims. For others, $10 placement fee, temporary lift for period of time and removal, $12 for temporary lift for specified creditor.
Effective as of September 1, 2003 for victims only, and September 1, 2007 for all consumers.
For more information on SB 222: http://www.capitol.state.tx.us/tlodocs/80R/billtext/pdf/SB00222F.pdf
For instructions on how to place your security freeze in Texas, see: www.consumersunion.org/pdf/security/securityTX.pdf

Utah
Applies to all consumers
Reasonable fees
Consumer can temporary lift or "thaw" freeze within 15 minutes of electronic request
Effective as of September 1, 2008
Text of statute (Utah Code Ann. §13-45-102, 13-45-201 et seq.) see bill version SB 71: http://www.le.state.ut.us/~2006/bills/sbillenr/sb0071.htm
For instructions on how to place a freeze in Utah beginning in Sept 2008, see: www.consumersunion.org/pdf/security/securityUT.pdf

Vermont
Applies to all consumers.
No fees for victims; $10 to place, $5 to lift temporarily or remove for all others
Effective as of July 1, 2006.
Vermont Statutes Annotated, Title 9, Sections 2480a to 2480n Click on Sections 2480a to j to view the text of the statute: http://www.leg.state.vt.us/statutes/sections.cfm?Title=09&Chapter=063
For instructions on how to place a security freeze in Vermont, see: http://www.atg.state.vt.us/display.php?smod=198.

Washington
Applies to identity theft victims, including persons who receive a notice of a security breach of computerized personal information.
Will apply to all consumers beginning July 1, 2008.
No fees for ID theft victims or persons over 65. $10 fee for others to place, remove, or lift the freeze when available to all consumers.
Effective as of July 24, 2005; for all consumers beginning July 1, 2008.
To be codified at Sec. 19.182 RCW. Text of statute: http://www.leg.wa.gov/pub/billinfo/2005-06/Htm/Bills/Session%20Law%202005/5418.SL.htm
For instructions on how to place your security freeze in Washington, www.consumersunion.org/pdf/security/securityWA.pdf
or http://www.atg.wa.gov/ConsumerIssues/ID-Privacy/SecurityFreeze.aspx

West Virginia
Applies to all consumers. No fee for victims, $5 for all others to place, remove or lift the freeze.
Effective: July 2, 2007 Bill: SB 428. To see the text, go to: http://www.legis.state.wv.us/Bill_Text_HTML/2007_SESSIONS/RS/BILLS/SB428%20SUB1%20enr.htm
For instructions on how to place a security freeze in West Virginia, see: www.consumersunion.org/pdf/security/securityWV.pdf

Wisconsin
Applies to all consumers
No fee for an "individual who submits evidence satisfactory to the CRAs that the individual made a report to a law enforcement agency.
Up to $10 for others to place, thaw or remove freeze. Passed March 16, 2006.
Effective as of January 1, 2007
Text of Section 138.25 Wisconsin Statutes (AB 912): http://www.legis.state.wi.us/2005/data/AB-912.pdf
For instructions on how to place a security freeze in Wisconsin, see: www.consumersunion.org/pdf/security/securityWI.pdf

Wyoming
Applies to all consumers. Free for ID theft victims.
For others, $10 to place, temporary lift and remove the freeze.
Effective July 1, 2007.
See link for text, scroll down to SF0053: http://legisweb.state.wy.us/2007/billindex/BillCrossRef.aspx?type=SF.
and has a fee of $10 per step, free for ID theft victims
For instructions on how to place a security freeze in Wyoming, see: www.consumersunion.org/pdf/security/securityWY.pdf

For more information on security freezes, see the Model State Clean Credit and Identity Theft Protection Act, http://www.consumersunion.org/pub/core_financial_services/001732.html

Return to the top of the page  

     "HOUSE OF CARDS" INVESTIGATION REVEALS ID THEFT RING IN NEW YORK

Thirty-eight people living in New York have been charged with stealing consumer data to create counterfeit credit cards that were then used to purchase high-priced computers and televisions, authorities said. The 16-month investigation into the ring, dubbed "The House of Cards" by police, discovered that the group was using credit and debit card numbers, stolen from an undisclosed major retailer.

Investigators traced the identity theft ring back to China, where police believe hackers were based when they stole the account numbers of tens of thousands of American consumers, according to the Queens County District Attorney's Office on Thursday. Many of the 38 people who were arrested lived in Queens or Brooklyn and were Chinese in origin. The individuals charged were part of a gang responsible for using equipment to manufacture counterfeit credit cards and driver's licenses. The quality of them fake cards and licenses were exceptional.

They purchased expensive goods, such as TVs, laptops, gaming consoles and jewelry from stores in New York, Texas and Arizona and then resold at a discount, over the Internet. Particularly unsettling is the fact that, in a number of cases, the defendants are charged with using bogus documents to purchase airline tickets and then using those documents as identification to board aircraft. Those arrested face up to 25 years in prison.

Return to the top of the page  

        IDENTITY  THEFT USING UNSECURED WI-FI AND PUBLIC COMPUTERS

A Colombian man pleaded guilty to a 16-count indictment involving an internet-based fraud scam intending to steal the personal information of more than 600 people. Mario Simbaqueba Bonilla, 40, admitted in U.S. District Court in Miami to illegally installing keystroke logging software on computers in hotel business centers and Internet lounges around the world. The software collected the personal information, including passwords and other personal identifying information that the victims used to access their bank, payroll, brokerage and other accounts online.

Bonilla used the data he intercepted from his victims to steal or divert money from victims' bank, payroll and mortgage accounts into other accounts he created in the names of other victims. Then using a complex series of electronic transactions designed to cover his trail, he transferred the stolen money to credit, cash or debit-card accounts and had the cards mailed to himself and others at commercial mailing addresses. He used computers in Colombia to targeted U.S. residents, including Defense Department personnel. According to the DOJ, Bonilla used the stolen money to buy expensive electronics and luxury travel accommodations in various countries including Hong Kong, Turks and Caicos, France, Jamaica, Italy, Chile and the United States.

Federal agents arrested Bonilla last August when he flew into the United States on an airline ticket purchased with stolen funds, had a laptop purchased with stolen funds in his possession that contained the names, passwords and other personal and financial information of more than 600 people. Bonilla used the unsecured, wireless, electronic transmissions of the hotel guests (unsecured wireless is often available in hotel lobbies) to also access or capture information.

Consumers should be wary of accessing bank accounts from shared public computers that could have keystroke loggers or other malware on them or accessing their accounts while using their own computers on unsecured Wi-Fi or other public networks. When you travel, think twice before entering personal or financial data on a public computer.

Return to the top of the page  

        BEFORE TRANSFERRING A CREDIT CARD BALANCE

Are you staring at that attractive advertisement for switching credit card companies by transferring your balance from one card to another? While many of these offers are truly great deals, balance transfers and card-switching is not something to jump into, eager as you may be. You need to do your homework first: Do enough research and investigating in order to determine whether it in fact is worth it or a good idea to make the transfer.

First, find out if it is in fact worth it. Generally speaking, these attractive advertisements and super credit card deals advertise very low introductory rates if you transfer your current balance from an existing credit card onto this new one. You can stumble upon these offers anywhere (online, in the mail, on a flyer or via a telephone call from credit card company salesperson) and you need to determine how great these deals really are, or if you’ll just end up paying much more in fees and interest in the long run.

Read the fine print. Read everything. Read it through several times so that you make sure you understand what it is saying. It may appear to be a bunch of financial jargon that you might not think is very important, but the truth is, this information is valuable and critical to your decision in whether or not you make the big switch. Call the credit card Company and ask any questions you might have. If the deal is solid and they want to make a sale, generally they should be able to help you out in any way.

What do you need to find out about the deal? Here is an example. Let’s say that the advertised introductory rate is 6% (a low rate) on credit card B if you transfer your balance from credit card A, where you currently rack up an APR of 18% (a standard rate). You come across another offer, showcasing credit card C with an introductory rate of 9%. At first glance you may think, "Well, let’s go with credit card B: it’s the obvious choice here." However, after reading the fine print, you discover credit card B’s special rate only last six months, and afterward the APR is 20%, whereas credit card C’s higher rate lasts for a year and the interest rate after that is 18%, the same as yours on credit card A.

In other words, you have to factor in a lot of variables when making the decision to switch your balance from one credit card to another. Besides comparing the introductory rates being offered, the length of the offer and what the regular interest rate is, you’ll also need to take into account balance transfer fees, annual fees, late fees and other fees, as well as whether the teaser rate applies to balance transfers only or also purchases, among other considerations.

Something else to keep in mind is that you may not actually qualify for the special rate being offered, depending on your credit history and credit rating. Before you make the big plunge, make sure you know exactly what you will be getting. There may also be other conditions. For example, some credit card companies may penalize you for one late payment and take you off the introductory rate onto their regular rate, which may be higher than your current card’s rate.

However, many credit cards with these introductory rates offer great deals for people interested in switching credit cards and transferring their balance over and can be more than worth it. The important thing to do your research read the fine print and ask questions to determine which credit card and deal is the right one for you.

Once you’ve selected the right credit card offer, the next step is to fill out the balance transfer application form completely and accurately. Next, make the minimum payment on your original credit card while you wait for the balance transfer to go through. When it has gone through, the new company should send you a notice, after which you’ll need to verify the transfer with your old company so they can send you a zero-balanced billing statement. Finally, cancel your old card since you don’t need it anymore.

Note: This article is courtesy of CreditorWeb.com, where you can compare balance transfer credit card offers and apply for credit cards online. "http://www.creditorweb.com/categories/balance-transfer-credit-cards.html"

You cannot protect yourself completely from Identity Theft because your personal and financial information is out of your control. Information including your social security number, address, and personal financial data is stored in several locations around the country such as banks, credit bureaus, retailers, hospitals and other places that have been known to let that information out of their control.

Consumers can take steps to protect themselves against internet scams which can be as simple as ignoring promises of great wealth from other countries such as the emails from Nigeria.

        MORTGAGE FRAUD INCREASES 800 PERCENT IN 2007

As home values skyrocketed earlier this decade, banks gave money to anybody and mortgage fraud increased eightfold, from 5,623 in 2002 to 46,717 this year, according to the Federal Bureau of Investigation. One of the most notable was an alleged three-year scam that used fabricated appraisals to defraud Lehman Brothers and another lender out of $142 million in loans.

The fraud based in Beverly Hills followed a simple plan of buying inexpensive houses in exclusive areas at market value, fabricate paperwork valuing them at two or three times as much, and then securing loans based on the inflated values. The masterminds were developers Mark Alan Abrams, 46, who had a record of multimillion-dollar civil fraud, and Charles Elliott Fitzgerald, 47, a bigamist who fled the country in 2003 and was later arrested in Samoa, according to interviews, federal prosecutors and a civil lawsuit filed by Lehman Brothers Bank. They allegedly were assisted by star real estate agents Joseph Babajian and Kyle Grasso. Abrams and Fitzgerald allegedly collected millions, spending some of the proceeds on private jet flights and vintage wines and much of the rest to buy more houses to keep the scam alive from 2000 to 2003. Five people, including Abrams, await sentencing after pleading guilty to bank fraud and other charges. Fitzgerald, Babajian, Grasso and two others pleaded not guilty and are slated for trial next year.

The median home price in Beverly Hills was $310,000 in 1992 and a decade later, at the height of Abrams' and Fitzgerald's alleged scam, it had increased to $1.16 million. Houses sold within days. Interest rates fell and lenders capitalized by writing anything-goes loans, some requiring no proof of borrowers' ability to repay them.

Abrams had gone into real estate that ended in a 1989-liquidation bankruptcy that listed 700 creditors with more than $30 million in claims. One creditor won a $2 million civil fraud judgment against Abrams in 1997, but recently said he had yet to be paid any of it. Fitzgerald and Abrams met in 1999 through Babajian, whose big-name clients have included TV personality Ryan Seacrest, boxer Oscar De La Hoya and British pop star Seal and based their companies in Beverly Hills.

They allegedly enlisted two appraisers to inflate houses' values, and an Americorp Funding broker to package fraudulent applications for 40 loans directly funded by Lehman, according to the bank's lawsuit. "In addition to the direct funded loans, Lehman also acquired an additional 44 loans from other lenders, which appear to show the same pattern," the lawsuit states. The two men used their own escrow companies to produce fake settlement documents and their own notary to validate them.. They relied on Babajian and Grasso to get title insurance for the homes' inflated values, the government claims, and rented some of the houses to help cover the payments. The appraisers valued the houses (in the $700,000 range) at around $2.5 million and records showing comparable sales prices for properties nearby.

On April 17, 2003, Lehman sued Abrams, Fitzgerald, Babajian, Grasso, appraisers, escrow officers and others for fraud after it reviewed documents obtained by a court-appointed receiver and discovered that they had been caught with 43 others totaling $80 million -- for $142 million in all, according to an amended complaint filed three months later.

The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend is not expected to turn around anytime soon as laptops disappear with sensitive information on a weekly basis and hackers sidestep security procedures.

And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the data just walks out the front door on a unsecured laptop. "More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.

The Identity Theft Resource Center reported that more than 79 million records were compromised in the United States in 2007, almost four times the nearly 20 million records reported in all of 2006.

The web site www.attrition.org estimates that more than 162 million records were compromised in 2007 in the U.S. and overseas combined including 49 million in the U.S. The biggest difference between the groups' record-loss counts is that 94 million records were exposed in a theft of credit card data at TJX Cos., owner of discount stores including T.J. Maxx and Marshalls. The breach accounts for more than half the records reported lost this year on both groups' lists. The Identity Theft Resource Center counts about 46 million (the number of records TJX acknowledged in March) were potentially compromised, whereas Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit that banks filed against TJX.

The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami which acted as an entry point that led the hackers to eventually break into TJX's central databases. TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security, and believes our security was comparable to many major retailers."

With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals.

Return to the top of the page  

State legislators have made protecting consumers from identity theft a priority, according to a new study by Aite Group, which revealed that there are more than 200 bills focusing on identity theft pending at the state level. Financial institutions must be prepared to act on individual state legislation to avoid costly fines. Many states are already putting laws in place to protect their citizens. These pending bills on identity theft fall into three categories according to the Aite study.

1. Fifty-eight percent address the issue of security freezes, in particular the rights of consumers to have their credit reports locked down in cases where identity theft is suspected or possible. The proposed bills would allow victims of identity theft to request that a security alert be placed on their credit reports.
2. Twenty-four percent of bills are broad measures that define identity theft, including a revision of the definition of "personal identifying information," as well as prevention methods and potential solutions.
3. Eighteen percent of bills focus on breach of information requirements and the response a financial institution must adhere to when personal information is mishandled.

In total, Aite reported that there are more than 1,300 bills currently pending before the 50 U.S. State legislatures covering a range of issues that could impact financial institutions. Other hot-issues beyond targeted include mortgage lending, payday lending and credit card operations.

On average, only one in 700 identity thieves is caught and brought to justice and with 9.9 million Americans having their identity stolen, there is little fear of repercussions.  Identity theft is often a crime of opportunity. To reduce your chances of becoming a victim of identity theft, we recommend the following:

1. Check financial statements promptly. Always review your monthly banking, brokerage, and credit-card statements for accuracy. Report problems immediately.
   
2. Watch your credit. DO NOT purchase credit reports as you can receive them free (once from each the three credit bureaus annually) by logging in at www.annualcreditreport.com. It is the only official site to provide free reports and it is safe to type in your Social Security number to the site. I recommend that you order your free copy every 4 months alternating the three credit bureaus. Examined your credit reports for errors and report errors promptly and in writing.  If you purchase a credit monitoring service, which I don't recommend that you do, make sure it monitors all three credit bureaus: Equifax, Experian and Trans Union. Ask them to notify you by phone, email or text message as soon as the breach occurs. Some companies  only send out monthly or quarterly statements.  The monitoring service should cost about $10 a month. Note: Check for credit information on your children as their identities can be stolen too. If you are considering ID theft insurance. make sure you READ THE FINE PRINT. Many people assume the insurance companies will replace stolen funds, but most only cover expenses associated with clearing up your credit such as legal expenses.
   
3. Opt Out. I strongly recommend that you Opt out of pre-approved credit card offers by calling the Credit Reporting Industry Pre-Screening Opt-Out Number at 888-567-8688 or on the web at OptOutPrescreen.com. Consider "opting out" of information sharing at your financial institutions. (Check your company's financial privacy notice, which is mailed annually and usually posted on company Web sites, to find out how.)
   
4. Safeguard your Information. Never disclose your Social Security number, birth date, or mother's maiden name unless you initiated the transaction. On paper documents, don't include such data unless required to do so on an official application for employment, financing, or insurance. (Ask employers and financial institutions to offer alternatives.) Never put such information on personal Web pages or publicly posted résumés or directories. Safeguard driver's license, passport and other government ID at all times. Lock desks, cabinets, and safes containing such information in your office and home. Don't carry ID that contains sensitive data like your Social Security number unless absolutely necessary.
   
5. Shred and destroy. Before throwing out files containing Social Security numbers, account numbers, and birth dates, shred them with a cross-cut shredder or one that reduces paper to confetti.  Destroy CDs or floppy disks containing sensitive data by shredding, cutting, or breaking them. Use hard-drive shredding software or remove and destroy your hard drive before discarding a computer. Just deleting files isn't enough.
   
6. Guard mail. Consider using a locked mailbox or slot to receive mail at home. Deposit mail in postal mailboxes or in the post office to discourage mail theft.
   
7. Cordless Phones. Don't use cordless phones to conduct sensitive financial or medical business, because eavesdroppers on other phones and those using eavesdropping equipment may be able to overhear your conversations.
   
8. Verify Web sites.  Check privacy and security policies of Web sites before making purchases, trading stocks, or banking online. A professional-looking Web site is no guarantee of security. Don't respond to unsolicited e-mail requests for personal information. Log off your browser after using public Internet-access computers in libraries, Internet cafes, etc. Don't pay bills, bank, or conduct other financial transactions on public computers. If you have a high-speed Internet connection at home, unplug the computer's cable or phone line when you are not using it to discourage hackers.
   
9. Utilize Fire Walls and Virus Protection. Install firewalls and virus-detection software on your home computers and set them up to automatically update the software to discourage hackers. Use hard-drive shredding software or remove and destroy hard drives before discarding a personal computer. I recommend that if you bank online, use a separate computer for music downloads and other online purchases.
   
10. Protect your password. Consider password-protecting all your bank and brokerage accounts. Create passwords at least eight characters long. When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
    
11. Avoid spoofed sites. By entering Web addresses directly into the browser yourself or by using bookmarks you create. A secure Web site gives you more assurance. To see whether a site is secure, look at the bottom of your browser's window for an icon of an unbroken key or a lock that's closed, golden, or glowing. Double-click on the lock to display the site's certificate, and make sure it matches the company you think you're connected to.  
    
12. Deceased family members.  If a family member dies, contact the three credit bureaus and have a "deceased" alert put on the report of the family member who died.  Inform the Social Security Administration by mailing a certified copy of the death certificate.

    If you become a victim,

1. Report the crime immediately. Filing a report with your local police and keeping a copy yourself will make it easier to prove your case to creditors and merchants and may help you build a lawsuit if you have to sue to recover losses or clear your name later. In some states, you may have to report the incident in the jurisdiction where the fraud occurred, such as the location of the store where the thief charged merchandise to your account, even if that is not where you live.
   
2. File a complaint. The Federal Trade Commission investigates interstate and Internet fraud. Download a copy of an ID theft affidavit from the FTC's Web site to help you notify merchants, financial institutions and credit bureaus.
   
3. Contact credit-reporting agencies. Use the FTC ID-theft affidavit mentioned above to help you do this. Call TransUnion, 800-680-7289; Experian, 888-397-3742; and Equifax, 800-525-6285, to get addresses and instructions. Ask to have your account flagged with a fraud alert, which asks merchants not to grant new credit without your explicit approval. Keep copies of all your correspondence.
   
4. Notify banks, creditors, and utilities. Close accounts that have been used by thieves. Choose new passwords and PINs for all your accounts and don't use your mother's maiden name as a password. Notify merchants that issued credit or accepted bad checks in your name; use your police report or FTC affidavit as backup.

Identity theft, the fraudulent use of your name and identifying data by someone else to obtain credit, merchandise, or services claimed seven million victims in the U.S. last year, according to a recent survey by Privacy & American Business, a publication of the Center for Social & Legal Research, a nonpartisan think tank. Victims typically lose $800 and spend two years clearing their name. It is an equal-opportunity crime, affecting victims of all races, incomes, and ages. Overall, more than 33 million Americans, about 1 in 6 adults, say they have had their identities used by someone else sometime since 1990, and the Department of Justice says ID theft is the nation’s fastest-growing financial crime. Many victims don’t learn of the crime for several months because thieves often shield their actions by using a different address when they open new accounts in the victim’s name. Financial institutions and other businesses should use encryption and better systems to prevent and detect computer hackers and to control access by insiders, computer security and privacy experts say.

Identity fraud has become a major element in crimes ranging from international drug trafficking to terrorism; Al Qaeda operatives in Spain used stolen credit and telephone cards and false passports and travel documents to open bank accounts and pay for travel and communication abroad, an FBI agent testified before a congressional subcommittee last year. Identity theft is a problem largely because financial institutions, merchants, credit bureaus, and the government do not adequately safeguard vast databases and other records containing consumers’ sensitive information, making it relatively easy for thieves, often insiders to access these data. ID theft usually occurs not because of the carelessness of the individual consumer, but because of the carelessness or vulnerability of the organizations they deal with, including the government. All that ID thieves really need to open credit or bank accounts under your name or to drain your existing accounts are three pieces of information: your full name, Social Security number, and date of birth.

Every day, some 27,000 Americans have their identities stolen. In about a third of those cases, crooks use the information to open new accounts in their victim’s name. Thirty-six states and the District of Columbia have a new tool promoted by Consumers Union and other consumer groups to stymie thieves: security-freeze laws that allow consumers to protect their credit record from predators. A freeze essentially locks up the information needed to conduct a credit check, and creditors won’t open new accounts without that check. An imposter will be foiled, but you can lift the freeze using a PIN if you want to open new accounts. A security freeze provides much stronger protection than the fraud alert that is currently available under federal law. An alert placed on a credit file amounts to a caution flag that is supposed to trigger added scrutiny by creditors. Twenty-eight of the states that have security-freeze laws make this safeguard available to everyone, whether or not he or she has been a victim of ID theft. Most states that offer a security freeze make it free to identity-theft victims and some provide it at no charge to seniors.
For those consumers who want the freeze but aren’t victims of ID theft, most state security-freeze laws allow each of the three major credit bureaus to charge $5 to $10 to initiate the protection or to lift the freeze.

Credit bureaus have a financial incentive to make it easy for potential creditors to check credit reports and make a lot of money from selling to consumers more expensive credit-monitoring services, which are unnecessary, especially when a security freeze is in place. Most states allow consumers to request this protection by e-mail or by phone, and require credit bureaus to lift the freeze within 15 minutes of a request.

Visa and MasterCard now require merchants and big banks that issue their branded cards to use secure Internet technology. They’re using new identity verification and authentication systems for controlling transactions among customers, merchants, and banks. In addition, both now require member banks and merchants to encrypt personal data stored on their servers.

The IC3 (Internet Crime Complaint Center), a partnership betweeen the FBI and the NW3C (National White Collar Crime Center) issued a report for the year 2006. It's brimming with interesting statistics, including the Top 10 IC3 Complaint Categories:

The cost of your stolen identity on the black market.

Return to the top of the page  

   STATES PUSH LEGISLATION TO COMBAT IDENTITY THEFT

Too many people have access to the documents. Few managers should have access, and records should be kept under lock and key. Companies that are frequent targets for identity fraud, including cell-phone services, retailers that offer instant credit, and large banks, are investing heavily in systems designed to detect fraudulent credit applications. ID Analytics has designed one that assigns a score like a credit score to a credit application. A high score means the identity of the applicant is probably stolen or fake. The software has detected fraud in 7.5 percent of credit applications. Under another system, a Social Security number that doesn’t correspond to the birth year of the applicant might trigger a warning. But too many merchants still don’t check. Systems that monitor an organization’s connections to the Internet and that prevent and detect hacking are a must to deter ID thieves and virus attacks.

California leads other states and the federal government with its identity-theft laws. Consumers Union’s West Coast Regional Office helped push for many of them. Many consumer-rights, privacy-rights, and law-enforcement advocates say they want to see other states copy the laws, which do the following:

• Require that consumers be notified of security breaches that could compromise their personal data, including Social Security numbers.

• Entitle fraud victims to a free credit report every month for a year after they notify credit-reporting agencies that they have been victims of fraud.

• Require individuals requesting birth or death records to provide proof of identity and to sign a form indicating the reason for the request.

• Allow customers to freeze their credit reports if they have been victims of fraud. This requires credit-reporting agencies to get permission from consumers before disseminating their credit reports to lenders. Also, state law requires credit issuers to honor fraud alerts on files and to deny new credit requests until the consumer is notified.

Texas enacted a similar credit-freeze law, which Consumers Union supported. Proponents say such laws go a long way toward preventing identity theft and helping victims to limit the damage. In addition, more than 20 bills concerning identity theft are pending in Congress.

• Require law-enforcement officials to take reports of identity theft in the jurisdiction where the victim resides.

• Limit the use of Social Security numbers.

State Security Freeze Laws

Identity theft is one of the fastest growing financial crimes. Nearly 10 million Americans fall victim each year. The Identity Theft Resource Center reported in 2005, on average, an ID theft victim of new account and other fraud spent 60 hours resolving problems brought on by ID theft, those victims of existing accounts spent an average of 15 hours resolving problems. A Federal Trade Commission study found that identity theft also costs U.S. businesses nearly $48 billion annually, and consumers an additional $5 billion per year.

A security freeze lets consumers stop thieves from getting credit in their names. A security freeze locks, or freezes, access to the consumer credit report and credit score. Without this information, a business will not issue new credit to a thief. When the consumer wants to get new credit, he or she uses a PIN to unlock access to the credit file. These states give consumers this important weapon to prevent identity theft:

Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Hawaii, Indiana, Illinois, Kansas, Kentucky, Louisiana, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, New York, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Vermont, Washington, West Virginia, Wisconsin, Wyoming

Arkansas
Applies to identity theft victims with a valid investigative report, an incident report, or a complaint with a law enforcement agency.
Fee of $10 to place, temporary lift or remove.
Effective as of January 1, 2008
For more information on statute (House Bill 2215): http://www.arkleg.state.ar.us/ftproot/bills/2007/public/HB2215.pdf
For instructions on how to place a security freeze in Arkansas, see: www.consumersunion.org/pdf/security/securityAR.pdf

California
Applies to all consumers Effective as of Jan. 1, 2003, subsequently amended to cap fees on non-ID theft victims
No fee for victims to place the freeze, others pay up to $10 per freeze
Caps fee to lift freeze at $10 for temporary lifting for a time, $12 for temporary
lift for one creditor California Civil Code sections 1785.11.2-1785.11.6. see:
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=14008017861+0+0+0&WAISaction=retrieve
How to place your security freeze in California and a link to the
text of the California statute, see: http://www.privacyprotection.ca.gov/sheets/cis10securityfreeze.htm

Colorado
Applies to all consumers
Fees: No fee for first freeze; $10 to place a second freeze, $10 to lift, $12 for temporarily lift for one creditor
Effective as of July 1, 2006
Text of Colorado Revised Statutes 12-14.3-102 et seq, (SB 05-137): http://www.leg.state.co.us/Clics2005a/csl.nsf/fsbillcont3/349195C4D17F1A7787256F8E0001202B?Open&file=137_enr.pdf
For more information on the security freeze law in Colorado, see: http://www.ago.state.co.us/idtheft/securityfreeze.cfm
For instructions on how to place a security freeze in Colorado, see: www.consumersunion.org/pdf/security/securityCO.pdf

Connecticut
Applies to all consumers
Fees: $10 to place, lift, or lift temporarily, $12 to lift for one creditor
Effective as of Jan. 1, 2006
For more information on the security freeze law in Connecticut (Connecticut General Statutes § 36a-701), see: http://www.ct.gov/ag/cwp/view.asp?A=1949&Q=293270
For instructions on how to place a security freeze in Connecticut, see: www.consumersunion.org/pdf/security/securityCT.pdf

Delaware
Applies to all consumers.
$20 to place, free to temporarily lift for a period of time or specific creditor and to remove.
Effective as of September 28, 2006
For more information on the Substitute for SB 109, see: http://www.legis.state.de.us/LIS/lis143.nsf/EngrossmentsforLookup/SS+1+FOR+SB+109/$file/Engross.html?open
For instructions on how to place a security freeze in Delaware, see: www.consumersunion.org/pdf/security/securityDE.pdf

District of Columbia
Applies to all consumers $10 for an initial placement, free for victims of ID theft; no fees to remove permanently or temporarily.
Effective Date: July 1, 2007 For more information on DC Code §28-3861 through §28-3864, see: http://www.dccouncil.washington.dc.us/images/00001/20061218135957.pdf
For instructions on how to place a security freeze in Washington DC, see: www.consumersunion.org/pdf/security/securityDC.pdf

Florida
Applies to all consumers.
No fees for victims of identity theft (with investigative report) and seniors aged 65 years and older.
For all others, there is a $10 fee to place, temporarily lift or to remove a security freeze.
Effective as of July 1, 2006.
For more information on Florida Statute Section 501.005 et seq. (2006 HB 37), see: http://www.myfloridahouse.gov/Sections/Documents/loaddoc.aspx?FileName=_h0037er.doc&DocumentType=Bill&BillNumber=0037&Session=2006 For instructions on how to place a security freeze in Florida, see: www.consumersunion.org/pdf/security/securityFL.pdf

Hawaii
Applies to all consumers.
No fees permitted for ID theft victims. For others, $5 to place, temporary lift or remove the freeze.
Effective as of January 1, 2007 for victims only, for all consumers as of June 15, 2007.
For more on Title 26 Hawaii Revised Statutes Section 1 et seq. (HB 1612) see: http://www.capitol.hawaii.gov/sessioncurrent/bills/hb1612_.htm
For instructions on how to place a security freeze in Hawaii, see: www.consumersunion.org/pdf/security/securityHI.pdf

Indiana
Applies to all consumers
No fee to place, temporary lift or remove security freeze for all consumers.
Effective as of September 1, 2007.
For more information on SEA 403: http://www.in.gov/legislative/bills/2007/ES/ES0403.2.html
And for instructions on how to place a security freeze in Indiana, see: www.consumersunion.org/pdf/security/securityIN.pdf

Illinois
Applies to all consumers
Victims with police reports and seniors 65+ years old do not pay a $10 fee to place, remove, or temporarily remove.
Effective as of January 1, 2007
For more information on 815 ILCS 505/2MM: http://www.ilga.gov/legislation/ilcs/fulltext.asp?DocName=081505050K2MM
For instructions on how to place a security freeze in Illinois, see: www.consumersunion.org/pdf/security/securityIL.pdf

Kansas
Victims of ID theft only, with a police, investigative report or complaint filed with a law enforcement agency
No fees permitted
Effective as of Jan 1, 2007
For more information on S.B. 196: http://www.kslegislature.org/bills/2006/196.pdf
For instructions on how to place a security freeze in Kansas, see: www.consumersunion.org/pdf/security/securityKS.pdf

Kentucky
Applies to all consumers
Fees: No fees on ID theft victims who provide a police report.
Others pay up to $10 to place, remove, temporarily suspend, or have PIN reissued.
Effective as of July 11, 2006
Expires after 7 years from date of placement or upon consumer's request, if earlier
For more information on Chapter 367 Kentucky Revised Statutes Sections 1-3 (HB 54):
http://www.lrc.ky.gov/record/06RS/HB54.htm
For instructions on how to place a security freeze in Kentucky, see: www.consumersunion.org/pdf/security/securityKY.pdf

Louisiana
Applies to all consumers
No fees for ID theft victims or persons age 62 or older.
For others $10 to place, $8 to lift, no fee to remove the freeze.
Effective as of July 1, 2005
Louisiana Statutes Annotated § 9.3571(H) to (Y) , see: http://www.legis.state.la.us/leg_docs/04RS/CVT4/OUT/0000LW18.PDF
For instructions on how to use the security freeze in Louisiana, see: http://www.ag.state.la.us/calerts/alert0015.aspx

Maine
Applies to all consumers
No fees on ID theft victims who provide a police report.
Others pay up to $10 to place, remove, temporarily suspend, or have PIN reissued, and $12 to lift for a specific creditor.
Effective as of Feb. 1, 2006.
For more information on 10 MRSA §1313-C: http://janus.state.me.us/legis/LawMakerWeb/externalsiteframe.asp?ID=280015326&LD=581&Type=1&SessionID=6
For instructions on how to place a security freeze in Maine, see: www.consumersunion.org/pdf/security/securityME.pdf

Maryland
Applies to all consumers
No fees on ID theft victims who provide report of alleged identity fraud or with an identity theft passport.
Others pay $5 for each placement, temporary lift or removal.
Effective as of January 1, 2008.
For more information on SB 52: http://mlis.state.md.us/2007RS/bills/sb/sb0052e.pdf
For instructions on how to place a security freeze in Maryland, see: www.consumersunion.org/pdf/security/securityMD.pdf

Minnesota
Applies to all consumers.
Fees: No fees on ID theft victims who provide police report.
Others pay $5 to place, remove, temporarily suspend, lift for specific creditor.
Effective as of August 1, 2006 For more information on statute (Senate Bill
2002): http://www.revisor.leg.state.mn.us/bin/bldbill.php?bill=S2002.4.html&session=ls84
For instructions on how to place a security freeze in Minnesota, see: www.consumersunion.org/pdf/security/securityMN.pdf

Mississippi
Applies to identity theft victims with a police report, investigative report or complaint which the consumer has filed with a law enforcement agency.
Fee of $10 to place.
Effective as of July 1, 2007
For more information on statute (Senate Bill 3034): http://billstatus.ls.state.ms.us/documents/2007/html/SB/3000-3099/SB3034SG.htm
For instructions on how to place a security freeze in Mississippi, see: www.consumersunion.org/pdf/security/securityMS.pdf

Montana
Applies to all consumers.
No fee for victims, $3 for all others to place or lift the freeze and $5 replacement PIN.
Effective: July 1, 2007
Bill: SB 116. To see the text, go to: http://data.opi.mt.gov/bills/2007/billpdf/SB0116.pdf.
For instructions on how to place a security freeze in Montana, see: http://www.doj.mt.gov/consumer/consumer/securityfreeze.asp

Nebraska
Applies to all consumers.
No fee for ID theft victims, one time $15 fee for all others.
Effective: September 1, 2008
Bill: LB 674. To see the text, go to: http://uniweb.legislature.ne.gov/FloorDocs/Current/PDF/Slip/LB674.pdf.
For instructions on how to place a security freeze in Nebraska, see: www.consumersunion.org/pdf/security/securityNE.pdf

Nevada
Applies to all consumers
No fee for ID theft victims who submit a police report, for others $15 to place, $18 to lift, $20 to lift for one creditor
Effective as of October 1, 2005.
For more information on NRS 598C in easy to read bill form: http://www.consumersunion.org/pdf/security/NV_security_ freeze_law.pdf
For instructions on how to place a security freeze in Nevada, see: www.consumersunion.org/pdf/security/securityNV.pdf

New Hampshire
Applies to all consumers
No fee for ID theft victims who submit a copy of a police report, investigative report, or complaint to a law enforcement agency, for others $10 to place, temporarily lift or remove
Effective as of January 1, 2007
For more information on statute to be enacted as New Hampshire Revised Statutes
Annotated 359B:23 (SB334): http://www.consumersunion.org/pdf/security/NH_security_ freeze_law.pdf
For instructions on how to place a security freeze in New Hampshire, see: www.consumersunion.org/pdf/security/securityNH.pdf

New Jersey
Applies to all consumers
No fee for initial freeze. Up to $5 to remove, temporarily lift or have PIN reissued.
Consumers are also permitted to make such requests directly to consumer reporting agencies via secured electronic mail.
Effective as of January 1, 2006
Text of 56:11-44 et seq. in bill form: http://www.njleg.state.nj.us/2004/Bills/S2000/1914_R1.PDF
For information on how to place a security freeze in New Jersey, see: http://www.njdobi.org/creditfreeze.htm

New Mexico
Applies to all consumers.
Free for residents over 65 years of age, identity theft victims with copy of police or investigative report.
Effective July 1, 2007 Text of bill, SB 165: http://legis.state.nm.us/Sessions/07%20Regular/final/SB0165.pdf
For information on how to place a security freeze in New Mexico, see: www.consumersunion.org/pdf/security/securityNM.pdf

North Carolina
Applies to all consumers. No fees for ID theft victims with valid report/complaint with law enforcement agency.
For others, up to $10 to place, remove, or temporarily suspend.
Effective as of December 1, 2005
For more information on North Carolina General Statutes §75-63: http://www.ncga.state.nc.us/enactedlegislation/statutes/pdf/bysection/chapter_75/gs_75-63.pdf
For instructions on how to place your security freeze from the North Carolina Attorney General, go to: http://noscamnc.gov/yourself.html

North Dakota
Applies to all consumers.
No fees for ID theft victims with valid copy of a police report or police case number documenting the identity theft, investigative report, or complaint to law enforcement agency. For others, up to $5 to place or temporarily lift.
Effective as of June 1, 2007.
For more information on North Dakota: http://www.legis.nd.gov/assembly/60-2007/bill-text/HRDH0400.pdf
For instructions on how to place your security freeze in North Dakota, see: www.consumersunion.org/pdf/security/securityND.pdf

New York
Applies to all consumers.
Free to place first time for everyone. After first time, or to lift temporarily or remove there is a $5 fee except for victims who pay no fee.
Effective as of November 1, 2006
For more information on the law: http://www.consumersunion.org/campaigns/pdf/security/NYSecurityLaw.pdf
For instructions on how to place your security freeze in New York, see: www.consumersunion.org/pdf/security/securityNY.pdf

Oklahoma
Applies to all consumers, no fees for ID theft victims with investigative report
and no fees for seniors 65 years +.
Effective as of January 1, 2007
For more information on this Title 24 of Oklahoma Statutes Sections 149 and
150 (SB 1748): http://www.consumersunion.org/pdf/security/OK_security_ freeze_law.pdf
For instructions on how to place your security freeze in Oklahoma, see: www.consumersunion.org/pdf/security/securityOK.pdf

Pennsylvania
Applies to all consumers, $10 to place but no fees for ID
theft victims or seniors 65 years +. Freeze lasts 7 years.
Effective as of Jan. 1, 2007
For more information on SB 180, see: http://www.legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?syear=2005&sind=0&body=S&type=B&BN=0180
For instructions on how to place your security freeze in Pennsylvania, see: www.consumersunion.org/pdf/security/securityPA.pdf

Rhode Island
Applies to all consumers. No fees for ID theft victims or seniors 65 years +. For others, $10 to place, temporary lift and remove the freeze.
Effective as of Jan. 1, 2007
For more information about Rhode Island Statutes 6-48-1 et seq. (H7148), see:
http://www.rilin.state.ri.us/Billtext/BillText06/HouseText06/H7148Aaa.pdf
For instructions on how to place a security freeze in Rhode Island, see: www.consumersunion.org/pdf/security/securityRI.pdf

South Dakota
Applies to identity theft victims with a police report.
No fees, only freezes credit report, expires after 7 years from date of placement or upon consumer's request, if earlier
Effective as of July 1, 2006
Text of statute (SB 180): http://legis.state.sd.us/sessions/2006/bills/SB180enr.htm
For instructions on how to place the security freeze in South Dakota, see: www.consumersunion.org/pdf/security/securitySD.pdf

Tennessee
Applies to all consumers. No fees for ID theft victims. For others $7.50 to place, free to temporary lift, $5 to remove the freeze.
Effective Jan. 1, 2008
For more information about the Tennessee bill, HB 200, see: http://tennessee.gov/sos/acts/105/pub/pc0170.pdf
For instructions on how to place a security freeze in Tennessee, see: www.consumersunion.org/pdf/security/securityTN.pdf

Texas
Applies to identity theft victims with a police report. Applies to all consumers beginning September 1, 2007.
No fee for ID theft victims. For others, $10 placement fee, temporary lift for period of time and removal, $12 for temporary lift for specified creditor.
Effective as of September 1, 2003 for victims only, and September 1, 2007 for all consumers.
For more information on SB 222: http://www.capitol.state.tx.us/tlodocs/80R/billtext/pdf/SB00222F.pdf
For instructions on how to place your security freeze in Texas, see: www.consumersunion.org/pdf/security/securityTX.pdf

Utah
Applies to all consumers
Reasonable fees
Consumer can temporary lift or "thaw" freeze within 15 minutes of electronic request
Effective as of September 1, 2008
Text of statute (Utah Code Ann. §13-45-102, 13-45-201 et seq.) see bill version SB 71: http://www.le.state.ut.us/~2006/bills/sbillenr/sb0071.htm
For instructions on how to place a freeze in Utah beginning in Sept 2008, see: www.consumersunion.org/pdf/security/securityUT.pdf

Vermont
Applies to all consumers.
No fees for victims; $10 to place, $5 to lift temporarily or remove for all others
Effective as of July 1, 2006.
Vermont Statutes Annotated, Title 9, Sections 2480a to 2480n Click on Sections 2480a to j to view the text of the statute: http://www.leg.state.vt.us/statutes/sections.cfm?Title=09&Chapter=063
For instructions on how to place a security freeze in Vermont, see: http://www.atg.state.vt.us/display.php?smod=198.

Washington
Applies to identity theft victims, including persons who receive a notice of a security breach of computerized personal information.
Will apply to all consumers beginning July 1, 2008.
No fees for ID theft victims or persons over 65. $10 fee for others to place, remove, or lift the freeze when available to all consumers.
Effective as of July 24, 2005; for all consumers beginning July 1, 2008.
To be codified at Sec. 19.182 RCW. Text of statute: http://www.leg.wa.gov/pub/billinfo/2005-06/Htm/Bills/Session%20Law%202005/5418.SL.htm
For instructions on how to place your security freeze in Washington, www.consumersunion.org/pdf/security/securityWA.pdf
or http://www.atg.wa.gov/ConsumerIssues/ID-Privacy/SecurityFreeze.aspx

West Virginia
Applies to all consumers. No fee for victims, $5 for all others to place, remove or lift the freeze.
Effective: July 2, 2007 Bill: SB 428. To see the text, go to: http://www.legis.state.wv.us/Bill_Text_HTML/2007_SESSIONS/RS/BILLS/SB428%20SUB1%20enr.htm
For instructions on how to place a security freeze in West Virginia, see: www.consumersunion.org/pdf/security/securityWV.pdf

Wisconsin
Applies to all consumers
No fee for an "individual who submits evidence satisfactory to the CRAs that the individual made a report to a law enforcement agency.
Up to $10 for others to place, thaw or remove freeze. Passed March 16, 2006.
Effective as of January 1, 2007
Text of Section 138.25 Wisconsin Statutes (AB 912): http://www.legis.state.wi.us/2005/data/AB-912.pdf
For instructions on how to place a security freeze in Wisconsin, see: www.consumersunion.org/pdf/security/securityWI.pdf

Wyoming
Applies to all consumers. Free for ID theft victims.
For others, $10 to place, temporary lift and remove the freeze.
Effective July 1, 2007.
See link for text, scroll down to SF0053: http://legisweb.state.wy.us/2007/billindex/BillCrossRef.aspx?type=SF.
and has a fee of $10 per step, free for ID theft victims
For instructions on how to place a security freeze in Wyoming, see: www.consumersunion.org/pdf/security/securityWY.pdf

For more information on security freezes, see the Model State Clean Credit and Identity Theft Protection Act, http://www.consumersunion.org/pub/core_financial_services/001732.html

Return to the top of the page  

The May 2006 report, "The Demographics of ID Fraud," published along with the "2006 Identity Fraud Survey Report" by Javelin Strategy & Research examined identity fraud relative to the demographics of its victims. The report identifies fraud victims by income, age, ethnicity and geography; demographic characteristics of identity fraud cases; and the types of accounts that are targeted for fraud. The report reveals that identity fraud affects households with the lowest incomes, young adults, and certain minorities (i.e., Hispanics and African-Americans) the most and who appear to be easier targets for fraud operators. Identity fraud, victimizing almost nine million in the past year, represents $56.6 billion in annual losses for financial institutions and retailers.

Hispanics and African-Americans aged 25-54 have a 56 percent higher chance of becoming victims of identity fraud compared to other consumers, representing 35 percent, or $20 billion, of total annual identity fraud losses. Households with earning over $150,000 are 50 percent more likely to be victimized than the average household, however their losses ($4,376 per victim or six percent ($3.6 billion) of total annual losses are among the lowest due to improved measures to protect the assets effectively reducing fraud losses for this demographic by at least 31 percent compared to the average loss for all victims. Losses from identity fraud have increased 22 percent over the past two years, averaging $6,383 per victim. High-wage earners experience a high rate of fraud, yet low-average fraud amount and short misuse and detection time because their efforts are more effectively protecting their assets. Low-wage earners experience a low rate of fraud, their average fraud amount is larger and the length of information misuse and detection time much longer than those of most other wage earners due to lack of awareness and insufficient monitoring of their account activity.

Identity theft for 77 percent of households earning less than $35,000 resulted from access to personal information primarily within their own control compared to 57 percent of households earning more than $100,000 resulted from access to personal information outside their own control. Consumers earning less than $35,000 shred 58 percent of documents while those that earn more than $35,000 shred 75 percent of documents. Generation X victims (ages 25-34) reported that 72 percent of their fraud cases originated from access under their own control as well as 68 percent of blacks. The youngest adults experience the second highest average fraud amount, at $8,248. Gen X (age 25-34) members are victimized at the highest rate, 5.4 percent, and experience 25 percent of the total fraud amount. Consumers aged 35-44 experience the highest average fraud amount, at $9,435 while senior victims of identity fraud are at half the average rate. Their fraud cases are quickly discovered and as a result, they experience the smallest average fraud amount, at $2,665. Consumers earning less than $50,000 shred documents at the rate of 61 percent, while those who earn more than $50,000 shred sensitive documents at the rate of 77 percent. Caucasians shred 72 percent their discarded sensitive documents, while African-Americans and Hispanics shred only 9 percent.

Hispanics reported the highest rate of victimization, at 65 percent by a friend or close associate and also prevalent among young adults (69 percent) and seniors (50 percent). African American victims experience twice as much new account fraud as other ethnicities and Hispanic victims’ experience double the fraud from new loan accounts, indicating the lack of credit monitoring. New loan (mortgage fraud) accounts increase with the age of the victim increases while fraudulent electronic fraud (e.g., telephone, eBay) accounts increases as the age of the victim decreases.

The 2006 Identity Fraud Survey Report indicated that 28 percent of the breached access points to consumer information resulted from employee malfeasance at 15 percent, fraudulent transaction processing at 7 percent, and data breaches at 6 percent. The losses from these breaches total $12.5 billion, or 22 percent, of the total annual fraud losses. Consumers account for 63 percent of breached access point occurrences, totaling $40.1 billion, or 70 percent of annual losses. While consumers are becoming educated on how to protect information outside their homes, securing documents inside the home and office is lacking as over 56% of annual losses (more than $32 billion) are caused by lost or stolen checks, cards, and wallets or by friendly fraud The Internet is increasingly becoming the primary vehicle for consumers to conduct their routine banking (36 percent) and their shopping (46 percent), and loans and other services (12 percent) and identity fraud from online activity remains virtually unchanged at 9 percent.

Households earning more than $100,000 are victimized 1.5 times more frequently than those earning less than $100,000. Yet on average, the higher-income fraud cases, at 35 days, are detected two months sooner than the fraud cases for households earning less than $100,000. As a result, the length of misuse is 60 percent shorter, the fraud amount is 25 percent lower, the consumer cost is 60 percent lower, and the resolution time is 55 percent quicker for the higher-income group than the average for their counterparts. Victims earning $75,000 to $99,999, totaling $12.5 billion incur the largest portion of identity fraud losses. Households earning over $150,000 represent a concentration of wealth and are natural targets for fraud operators. While they are victimized at a rate 50 percent higher than any other group, the total loss from this demographic is $3.6 billion, or 6 percent of the total. The average loss per victim is one of the lowest. While households earning less than $15,000 are victimized at almost half the rate of those earning over $150,000, total losses incurred from the lowest-income group are over 60 percent higher than that of the highest-income group.

The phone rings and the caller identifies himself as a jury coordinator. He says you failed to report for jury duty and that a warrant is out for your arrest. You say you never received a notice. To clear it up, the caller says he'll need some information for "verification purposes"…. your birth date, social security number, maybe even a credit card number. Communities in more than a dozen states have issued public warnings about cold calls from people claiming to be court officials seeking personal information. As a rule, court officers never ask for confidential information over the phone; they generally correspond with prospective jurors via mail.

They get you scared first and facing the unexpected threat of arrest, victims are caught off guard and are quick to part with some information to defuse the situation. The thief may offer a solution such as a fine, payable by credit card, that will clear up the problem. With enough information, these scammers can assume your identity and empty your bank accounts. The thief objective is to put people on the defensive, then reel them back in with the promise of a clean slate.

In recent months, communities in Florida, New York, Minnesota, Illinois, Colorado, Oregon, California, Virginia, Oklahoma, Arizona, and New Hampshire reported scams or posted warnings or press releases on their local websites.

Identity thieve are using the "bust-out" scheme to steal your business identity. The criminal rents space in the same building as your company and then applies for corporate credit cards using your firm's name. The application passes a credit check because the company name and address match, but the cards are delivered to the criminal's mailbox. He sells them on the street and is long gone before you discover your firm's identity has been stolen. This is one way sophisticated criminals steals business’s identities across the country. Identity thieves increasingly target businesses instead of individuals because many state statutes don't consider business identity theft a crime. That's because most of identity theft laws passed in the last decade apply only to individual consumers.

Business identity theft can often be prosecuted under other statutes, like mail fraud or wire fraud, businesses victimized lose many of the protections afforded to consumers under identity theft laws, like access to information about their credit. Some studies indicated that there were as many as 8.9 million individual victims nationwide last year and estimated annual losses approaching $50 billion. It's difficult to say how many businesses have been victims of identity theft. But the most sophisticated identity thieves increasingly are targeting businesses because business accounts generally have higher credit limits and make larger purchases than consumers, so large purchases by thieves are less likely to be questioned. For these thieve, it is far more cost-effective to target a business rather than a consumer. On July 19^th, 2007, the Justice Department requested Congress explicitly to include businesses and organizations in the federal identity theft statute.

Small businesses in particular are targeted because they may be less aware how to protect sensitive information. Business owners should protect themselves by keeping sensitive files under lock and key and by restricting access only to employees who need it. Unfortunately, if the loss is relatively small, under $10,000, law enforcement may be reluctant to investigate it and many U.S. attorneys have thresholds of $1 million at the federal level to prosecute.

Return to the top of the page  

Are you staring at that attractive advertisement for switching credit card companies by transferring your balance from one card to another? While many of these offers are truly great deals, balance transfers and card-switching is not something to jump into, eager as you may be. You need to do your homework first: Do enough research and investigating in order to determine whether it in fact is worth it or a good idea to make the transfer.

First, find out if it is in fact worth it. Generally speaking, these attractive advertisements and super credit card deals advertise very low introductory rates if you transfer your current balance from an existing credit card onto this new one. You can stumble upon these offers anywhere (online, in the mail, on a flyer or via a telephone call from credit card company salesperson) and you need to determine how great these deals really are, or if you’ll just end up paying much more in fees and interest in the long run.

Read the fine print. Read everything. Read it through several times so that you make sure you understand what it is saying. It may appear to be a bunch of financial jargon that you might not think is very important, but the truth is, this information is valuable and critical to your decision in whether or not you make the big switch. Call the credit card Company and ask any questions you might have. If the deal is solid and they want to make a sale, generally they should be able to help you out in any way.

What do you need to find out about the deal? Here is an example. Let’s say that the advertised introductory rate is 6% (a low rate) on credit card B if you transfer your balance from credit card A, where you currently rack up an APR of 18% (a standard rate). You come across another offer, showcasing credit card C with an introductory rate of 9%. At first glance you may think, "Well, let’s go with credit card B: it’s the obvious choice here." However, after reading the fine print, you discover credit card B’s special rate only last six months, and afterward the APR is 20%, whereas credit card C’s higher rate lasts for a year and the interest rate after that is 18%, the same as yours on credit card A.

In other words, you have to factor in a lot of variables when making the decision to switch your balance from one credit card to another. Besides comparing the introductory rates being offered, the length of the offer and what the regular interest rate is, you’ll also need to take into account balance transfer fees, annual fees, late fees and other fees, as well as whether the teaser rate applies to balance transfers only or also purchases, among other considerations.

Something else to keep in mind is that you may not actually qualify for the special rate being offered, depending on your credit history and credit rating. Before you make the big plunge, make sure you know exactly what you will be getting. There may also be other conditions. For example, some credit card companies may penalize you for one late payment and take you off the introductory rate onto their regular rate, which may be higher than your current card’s rate.

However, many credit cards with these introductory rates offer great deals for people interested in switching credit cards and transferring their balance over and can be more than worth it. The important thing to do your research read the fine print and ask questions to determine which credit card and deal is the right one for you.

Once you’ve selected the right credit card offer, the next step is to fill out the balance transfer application form completely and accurately. Next, make the minimum payment on your original credit card while you wait for the balance transfer to go through. When it has gone through, the new company should send you a notice, after which you’ll need to verify the transfer with your old company so they can send you a zero-balanced billing statement. Finally, cancel your old card since you don’t need it anymore.

Note: This article is courtesy of CreditorWeb.com, where you can compare balance transfer credit card offers and apply for credit cards online.

http://www.creditorweb.com/categories/balance-transfer

Dow Jones Newswires, Published February 2, 2007 - While identity theft remains a multibillion-dollar problem for businesses and individuals, incidents of this type of fraud dropped last year. U.S. identity-theft losses declined in 2006 by 12 percent from the previous year, $55.7 billion to $49.3 billion, according to the third annual survey by Javelin Strategy & Research, a research firm in specializing in financial services and payments. The survey, which involved 5,000 telephone interviews, estimated that the number of victims dropped for the fourth consecutive year, down about 500,000 to 8.4 million persons.

Researchers attributed the decline to better consumer education and awareness, as well as increased use of online banking and financial sites that allow individuals to monitor their accounts more frequently."Businesses are doing a lot more, law enforcement is doing more and so are consumers," said James Van Dyke, president of Javelin.

Tena Friery, research director at the Privacy Rights Clearinghouse, a non-profit consumer organization in San Diego, said she was surprised by the size of the decline, but she noted there is much greater public awareness about the problem. "We still have a long way to go," she said. "We really do stress that it's not all the consumer's fault."

According to the report, there was a significant reduction in fraudulent new-account openings, traditionally one of the most common types of identity theft. It occurs when a criminal uses a victim's personal data to open an account. The survey also found that it took on average less time and expense to resolve a fraud case than the previous year.

For the sixth year in a row, identity theft is the No. 1 source of complaints to the Federal Trade Commission. Over 255,500 people reported being victims of identity theft in 2005, up slightly from 247,000 in 2004. The Federal Trade Commission reports that identity theft cost consumers $5 billion and 300 million hours last year with 10 million people in the United States having their identities stolen last year.

Arizona, Nevada, and California reported the most cases of ID theft, adjusted for population. The top metro areas for ID theft reports were Phoenix-Mesa-Scottsdale, AZ (178 per 100,000 population), Las Vegas-Paradise, NV, (159 per 100,000), and Riverside-San Bernardino-Ontario, CA, (146 per 100,000). The most fraud victimized cities were the Washington DC area (190 per 100,000); the Tampa-St. Petersburg-Clearwater, FL area (187 per 100,000), and Seattle-Tacoma-Bellevue, WA (186 per 100,000). Credit card fraud was the most common type of reported identity fraud, followed by phone or utilities fraud, sweepstakes, and advance-fee loans. Other top consumer complaint list included Internet auction problems (70,000), foreign money offers and Shop-at-home/catalog sales. Over 686,000 consumers filed complaints with the FTC in 2005. The number of consumers victimized via wire transfer has tripled in the past two years and child ID theft cases have nearly doubled in that span. There was a steady rise of child ID theft victims. In 2003, 6,512 ID theft reports were filed on behalf of victims under 18 years old. In 2004, the number jumped to 9,595. Last year, the number was 11,601.

In response, a new DVD from the Treasury Department is now available. It aims to educate consumers on how to protect their identities. The DVD recommends that consumer check their credit history. All three major credit agencies offer free annual credit reports. Consumers should not leave information lying around, includes letters in their mailboxes. Credit statements should be shredded once they are looked over. To get the DVD, call (888) 878-3256.

In all, some 685,000-consumer complaints were filed with the agency last year, with victims reporting losses of $680 million. While the number of complaints increased only 5 percent from last year, the dollar losses appear to be rising rapidly. In 2005, 49 consumers reported losing $1 million or more during 2005, the FTC said, compared with 42 in 2004. Nearly 14,000 victims said they'd lost over $5,000 to a con artist, a sharp increase from just over 11,000 in the previous year. Average losses were $2,400 per victim; median losses were $350. In 2004, the average was $1,846 and the median was $263.

According to the Federal Trade Commission's 2005 report of complaints, the top ten ranked by percentage of total complaints. Last year's percentage is in parenthesis.

1. Identity theft 37% (39% in 2004)
2. Internet Auctions 12% (16%)
3. Foreign Money Offers 8% (6%)
4. Shop-at-Home/Catalog Sales 8% (8%)
5. Prizes/Sweepstakes and Lotteries 7% (5%)
6. Internet Services and Computer Complaints 5% (6%)
7. Business Opportunities and Work-at-Home Plans 2% (2%)
8. Advance-Fee Loans and Credit Protection 2% (3%)
9. Telephone Services 2% (2)
10. 10. Other 17% (12)

There were 430,000 non-identity theft crimes reported; about half of those involved the Internet. At the top of that list is auction fraud complaints. In 2004, auction fraud made up 16 percent of all complaints, or about 100,000 reports and in 2005 compared to 12 percent, or about 82,000.

The sharp increase in wire transfer payments should be noted because consumers generally have no protection or ability to get a refund, or to cancel the transaction when they wire money using a service like Western Union. In 2005, 15 percent compared to 6 percent in 2003 with losses totaling $86 million. "For the first time since we began tracking Internet fraud, wire transfer was the No. 1 method of payment," said Susan Grant, NFIC/IFW director. "The whole reason why scam artists try to convince people to wire money to them is because it's so hard to trace and track wire transfers." Victims told the FTC they'd lost $336 million on Internet-related scams last year.

The top 10 I.D. Theft States per Capita were:

1. Arizona
2. Nevada
3. California
4. Texas
5. Colorado
6. Florida
7. New York
8. Washington
9. Oregon
10. Illinois

The FTC study indicates a modest trend toward fewer reports of credit card fraud from 28 percent of all identity theft victims, to 26 percent. Two years ago, the figure was 32 percent. There was increase unauthorized electronic funds transfers (bank-to-bank wire transfers) from 4.8 percent in 2003 to 6.6 percent in 2004 to 7.9 percent in 2005. The jump was not as significant as last year, however when electronic transfers climbed from to 6.6 percent in 2004. Identity theft victims are still having trouble getting police reports with 40 percent of victims saying they reported the incident to a police department, and one-quarter of them said a report was not taken. In addition, 61 percent of victims did not report the crime to a police department. You SHOULD report Identity theft to police because many identity theft victim rights, such as those granted to victims by the Fair and Accurate Transaction Act of 2003, require a police report. These include the ability to file some credit bureau fraud alerts and to obtain applications filled out by imposters for investigative purposes.

Identity Theft has captured the attention of state legislators who have proposed several bills this session that would stiffen penalties for identity theft, add preventive measures and re-categorize this white-collar offense from a crime against property to a crime against people. The bill also would make identity theft a strike under the state's ``three-strikes law'' and allow for the seizure of a convicted thief's property. Other proposed identity-theft-related bills, would create a program that would allow banks and financial institutions to share information with law enforcement and require police reports be given to victims of identity theft.

In order to reduce your exposure to Identity Theft, I recommend that you:

1. Provide your Social Security number only when absolutely necessary; it's the key to your identity.
2. Shred documents containing personal information, bills, bank statements, credit card receipts, investment updates, etc.
3. Do not carry PIN numbers, birth certificates and passports unless absolutely necessary.
4. Don't give credit card numbers to unsolicited telemarketers.
5. Be very careful with what information you provide when filling out warranty cards, subscription forms, prize-drawing cards and Web-site registration forms.
6. Tell companies, especially your banks and credit card companies, not to sell your name. You might want to use the phrase: ``no third-party solicitations.''
7. Write the three major credit bureaus and ask to ``opt out'' of the pre-approved credit lists they sell to companies. Call 1-888-567-8688. Since the ``opt-out'' option may expire after two years, remind yourself to do it again.
8. Remove your name from marketer's unsolicited mailing and calling lists. Write to Direct Marketing Association's Mail Preference Service, P.O. Box 9008, Farmingdale, NY 11735.
9. Review your credit card and other credit statements each month and make sure you know exactly what you're being billed for.
10. Eliminate credit cards you rarely or never use. You must notify the card-issuing company in writing that you are canceling the card, even if it was never activated.
11. Contact your card issuer to find out if any of your cardholder information can be given to partners or affiliates (third parties) of the card issuer. If so, ask for the address to write to cancel this authorization.
12. If you believe your identity has been stolen and used by another to make purchases you didn't authorize, you need to act quickly to minimize the damage.
13. Go to http://www.atg.wa.gov/consumer/idprivacy/IDTheftWhatToDo.shtml  if you become a victim of identity theft.

Consumers in the United States lost $57 billion in 2005 to criminals who stole their identities according to a study by the Council of Better Business Bureaus and Javelin Strategy & Research. It revealed that identity theft cost U.S. consumers 4% more in 2005 than the $54.4 billion it cost in 2004. The average fraud rose to $6,383 from $5,885. The 8.9 million Americans who learned that criminals had stolen personal data and used it to commit fraud fell 4%, from 9.3 million in 2004 and 10.1 million in 2003. Data showed that people who were younger and had lower incomes were more vulnerable.

Unfortunately, it is not very difficult to commit identity fraud. There are several ways that the thieves commit identity theft such as Internet fraud, "phishing," a much-publicized practice where criminals send e-mails asking prospective victims to verify personal data through links to real-looking, but fake, web sites. In addition, victims lost data because their wallets, checkbooks, credit cards that were lost or stolen, victimized by family members, friends, acquaintances, or fellow employees, and stolen or misdirected mail.

In general, people whose incomes were less than $35,000 reported larger frauds, though people who earned $75,000 to $100,000 a year reported the biggest average fraud totaling $9,978. The median fraud totaled $750, unchanged from a year earlier. The survey found that "Generation X," which it defined as people aged 25 to 34, are more at risk than older people, perhaps because their "more active lifestyle" encourages fraud. The survey said a typical fraud costs $422 and takes 40 hours to fix. While fraud takes an average of 84 days to detect, 40% of cases are resolved within one week.

Consumers can protect themselves by closely monitoring their credit reports, personal accounts, and reviewing mail that contains financial statements. Putting fraud alerts on credit reports is an effective way to thwart future fraud. Monitoring your account activity is a crucial early discovery point for possible fraud.

        KEY CHAIN CREDIT CARDS ARE NOW APPEARING NATIONWIDE

Minicards, smaller versions of popular credit cards, are appearing nationwide. MasterCard International has launched the MasterCard SideCard in the U.S., following last year's introduction of Discover 2Go by Discover Financial Services and a minicard version of Visa from Bank of America Corporation. American Express Co. is testing Express Pay, a key chain fob that emits a radio signal that can be read by specially equipped terminals that charge the cardholder's account.

The Bank of America spokeswoman has issued over 13 million minicards (either Visa credit or debit Visa Check Cards) in the program's first year. Discover Financial Services said that the Discover 2Go is one of their most popular cards.

The credit-card companies are after the large cash and check purchases that still make the bulk of U.S. sales transactions. The minicards are currently available in several overseas markets, including Hong Kong and Mexico; encourage consumer use for small purchases at places such as grocery and convenience stores where cash is still primarily used. They may be small-ticket purchases, but consider that credit-card sales only make up 3% of U.S. total sales volume. MasterCard's market research also found the 18 to 39 age group showed the most interest in the minicards, and those consumers are more likely to use them in fast food and convenience stores, places where credit-card volume is traditionally low.

Until recently, identity theft seemed to be regarded by police and many financial institutions almost as a victimless crime. Identity theft (the fraudulent use of your name and identifying data by someone else to obtain credit, merchandise, or services) claimed seven million victims in the U.S. last year, according to a recent survey by Privacy & American Business, ten times as high as past estimates. The Federal Trade Commission reported that 9.9 million people were victims in 2002 costing them $5 billion and businesses and financial institutions $8 billion and 27 million victims since 1998. The United States is not alone as Canada, Japan, and the United Kingdom are also reporting wide spreading ID-theft. Overall, more than 33 million Americans, about 1 in 6 adults, say they have had their identities used by someone else sometime since 1990 and the Department of Justice says ID theft is the nation’s fastest-growing financial crime. Victims typically lose $800 and spend two years clearing their name. The FTC received 161,619 complaints about identity theft; double that of the previous year. Credit card fraud was the most common form of identity fraud accounting for 42 percent of the complaints followed by phone fraud at 22 percent and bank fraud at 17 percent. On average, thieves collected $10,200 worth of goods, money or services when opening a fraudulent account.

Identity fraud has become a major element in crimes ranging from international drug trafficking to terrorism; Al Qaeda operatives in Spain used stolen credit and telephone cards and false passports and travel documents to open bank accounts and pay for travel and communication abroad, an FBI agent testified before a congressional subcommittee last year.

Many victims don’t learn of the crime for a year or more, only after something goes terribly wrong, because thieves often shield their actions by using a different address when they open new accounts in the victim’s name. Typically, federal laws cap monetary losses to consumers, but even in routine cases, it takes victims two years on average to clear their names, according to the Privacy Rights Clearinghouse, a nonprofit advocacy group. The $4.2 billion that businesses will lose this year to the crime, a figure expected to mushroom to more than $8 billion by 2006, they recoup by charging you higher fees and prices. The current cost to business is $18,000 per incident, the FTC says. The largest single source of ID theft is “the corrupt individual on the inside,” says privacy expert Alan Westin, president and publisher of Privacy & American Business.

Identity theft is a problem largely because financial institutions, merchants, credit bureaus, and the government do not adequately safeguard vast databases and other records containing consumers’ sensitive information, making it relatively easy for thieves to access these data. Many institutions use Social Security numbers when other identifiers would suffice, fail to notify consumers when security breaches occur, and provide little help or recourse for consumers stuck cleaning up the mess. ID theft usually occurs not because of the carelessness of the individual consumer, but because of the carelessness or vulnerability of the organizations they deal with, including the government.

All that ID thieves really need to open credit or bank accounts under your name or to drain your existing accounts are three pieces of information: your full name, Social Security number, and date of birth. They can get by with less when financial institutions fail to check identifying information. The following are ways in which thieves can get information about you:

Visa, MasterCard, and American Express confirmed that an unknown hacker had accessed 8 million credit-card records, including 3.4 million Visa accounts and 2.2 million MasterCard accounts, from a merchant processor, Data Processors International.

We believe that financial institutions and other businesses should use encryption and better systems to prevent and detect computer hackers and to control access by insiders. Don’t use e-mail to send your Social Security number or other personal data. If you must, make sure that you use a secure Internet connection by checking your browser window for a secure-connection icon. We recommend against giving personal information to someone who has called or e-mailed you unsolicited. At least, independently confirm the legitimacy of the request by phoning or e-mailing the company. Systems that monitor an organization’s connections to the Internet and that prevent and detect hacking are a must to deter ID thieves and virus attacks.

Shred papers containing personal information and preapproved credit offers before discarding them. Businesses and governments also need to do a better job of disposing of old files. Only California, Georgia, Washington, and Wisconsin have laws requiring businesses to shred files. Homeowners and landlords can help prevent mail theft by replacing regular mailboxes with locked boxes. Businesses and individuals should use hard-drive shredding software or remove and destroy hard drives before discarding a personal computer.

Visa and MasterCard now require merchants and big banks that issue their branded cards to use secure Internet technology. They’re using new identity verification and authentication systems for controlling transactions among customers, merchants, and banks. In addition, both now require member banks and merchants to encrypt personal data stored on their servers.

Stricter laws with stiff sentences must be passed. California leads other states and the federal government with its identity-theft laws. More than 20 bills concerning identity theft are pending in Congress. Many consumer-rights, privacy-rights, and law-enforcement advocates say they want to see other states copy the laws, which do the following:

       RECOMMENDATIONS TO REDUCE YOUR EXPOSURE TO IDENTITY THEFT

We recommend that to reduce your exposure to identity theft that you do the following:

1. Check financial statements promptly. Always review your monthly banking, brokerage, and credit-card statements for accuracy. Report problems immediately.
   
2. Watch your credit. Order copies of your credit report every year from each of the three major credit reporting agencies. They are: Equifax, 800-685-1111, P.O. Box 105851, Atlanta, GA 30348; TransUnion, 800-888-4213, P.O. Box 1000, Chester, PA 19022; and Experian, 888-397-3742, P.O. Box 2002, Allen, TX 75013. Report errors promptly and in writing.
   
3. Never disclose your Social Security number, birth date, or mother’s maiden name unless you initiated the transaction. On paper documents, don’t include such data unless required to do so on an official application for employment, financing, or insurance. (Ask employers, schools, and financial institutions to offer alternatives.) Never put such information on personal Web pages or publicly posted résumés or directories.
   
4. Consider “opting out” of information-sharing at your financial institutions. (Check your company’s financial privacy notice, which is mailed annually and usually posted on company Web sites, to find out how.) Also opt out of pre-approved credit offers by calling the Credit Reporting Industry Pre-Screening Opt-Out Number at 888-567-8688.
   
5. Don’t carry ID that contains sensitive data like your Social Security number unless absolutely necessary.
   
6. Safeguard your driver’s license and other government ID at all times. Lock desks, cabinets, and safes containing such information in your office and home.
   
7. Shred and destroy. Before throwing out files containing Social Security numbers, account numbers, and birth dates, shred them with a cross-cut shredder. Destroy CDs or floppy disks containing sensitive data by shredding, cutting, or breaking them. Use hard-drive shredding software or remove and destroy your hard drive before discarding a computer. Just deleting files isn’t enough.
   
8. Guard mail. Consider using a locked mailbox or slot to receive mail at home. Deposit mail in postal mailboxes or in the post office to discourage mail theft.
   
9. Avoid Skimming. Try not to let waiters, sales clerks, or gas-station attendants disappear from view with your credit or debit card, to avoid “skimming.” Crooks can use a handheld card reader to copy the information from your card’s magnetic strip.
   
10. Avoid using private or strange-looking automated teller machines. They may be rigged to skim data off your card’s magnetic strip. Six-or seven-character PINs (personal identification numbers) are harder to crack than shorter ones, but you may not be able to use them at machines abroad.
    
11. Watch out for “shoulder surfers” when using pay phones or public Internet access. Use your free hand to shield the keypad. Don’t use cordless phones to conduct sensitive financial or medical business, because eavesdroppers on other phones and those using eavesdropping equipment may be able to overhear your conversations.
    
12. Firewalls and Virus Software. Install firewalls and virus-detection software on your home computers to discourage hackers.
    
13. Log off. Quit your browser and log off after using public Internet-access computers in libraries, Internet cafes, and the like. Don’t pay bills, bank, or conduct other financial transactions on public computers. If you have a high-speed Internet connection at home, unplug the computer’s cable or phone line when you are not using it to discourage hackers.
    
14. Deal only with reputable Web sites. Check privacy and security policies of Web sites before making purchases, trading stocks, or banking online. A professional-looking Web site is no guarantee of security. Don’t respond to unsolicited e-mail requests for personal information.
    
15. Consider password-protecting all your bank and brokerage accounts. Create passwords at least eight characters long.
    
16. Ask how your employer safeguards employee records. Request that Social Security numbers not be used as employee ID numbers.
    
17. ID theft insurance is typically not worth paying for and credit-monitoring services don’t prevent the crime.

If you become a victim, immediately report the crime. Filing a report with your local police and keeping a copy yourself will make it easier to prove your case to creditors and merchants and may help you build a lawsuit if you have to sue to recover losses or clear your name later. In some states, you may have to report the incident in the jurisdiction where the fraud occurred, such as the location of the store where the thief charged merchandise to your account, even if that is not where you live.

File a complaint. The Federal Trade Commission (877-ID-THEFT) investigates interstate and Internet fraud. Download a copy of an ID theft affidavit from the FTC’s Web site at www.consumer.gov/idtheft to help you notify merchants, financial institutions and credit bureaus. For fraud involving stolen mail, also file a complaint with postal officials at www.usps.com/postalinspectors/fraud/MailFraudComplaint.htm.

Alert credit-reporting agencies. Use the FTC ID-theft affidavit mentioned above to help you do this. Call TransUnion, 800-680-7289; Experian, 888-EXPERIAN; and Equifax, 800-525-6285, to get addresses and instructions. Ask to have your account flagged with a fraud alert, which asks merchants not to grant new credit without your explicit approval. Keep copies of all your correspondence.

Notify banks, creditors, and utilities. Close accounts that have been used by thieves. Choose new passwords and PINs for all your accounts and don’t use your mother’s maiden name as a password. Notify merchants that issued credit or accepted bad checks in your name; use your police report or FTC affidavit as backup.

Order your credit report each year. Get credit reports from all three credit bureaus, and study them closely. Some victims say that it took years to clear their credit files and that new credit was sometimes granted in their names without their permission even after fraud alerts were placed on their accounts.

Seek other help. To share your views about identity theft with your state or federal legislators, visit Consumers Union’s public-policy Web site at www.consumersunion.org. For other information, check out the nonprofit Identity Theft Resource Center at www.idtheftcenter.org and the Privacy Rights Clearinghouse at www.privacyrights.org.

  Return to the top of the page  

    FIFTEEN RECOMMENDATIONS TO PROTECT AGAINST IDENTITY AND CREDIT CARD THEFT

2. Monitor your credit report as it contains your Social Security Number, present and prior employers, a listing of all account numbers, including those that have been closed, and your overall credit score. After applying for a loan, credit card, rental or anything else that requires a credit report, request that your Social Security Number on the application be truncated or completely obliterated and your original credit report be shredded before your eyes or returned to you once a decision has been made. A lender or rental manager needs to retain only your name and credit score to justify a decision.
   

3. Shred all old bank and credit statements and "junk mail" credit card offers before putting them in the trash. Where possible, use a crosscut shredder.
   

4. Remove your name from the marketing lists of the three credit reporting bureaus to reduce the number of pre-approved credit offers you receive.
   

5. Add your name to the name-deletion lists of the Direct Marketing Association's Mail Preference Service and Telephone Preference Service used by banks and other marketers.
   

6. Do not carry extra credit cards or other important identity documents except when needed.
   

7. Photocopy both sides of your license and credit cards so you have all the account numbers, expiration dates and phone numbers if your wallet or purse is stolen.
   

8. Do not mail bill payments and checks from your home mailbox because they can be stolen and washed clean in chemicals. You should take them to the post office.
   

9. Do not print your Social Security Number on your checks
   

10. Order your Social Security Earnings and Benefits statement once a year to check for fraud.
    

11. Examine the charges on your credit card statements before paying them.
    

12. You should cancel all unused credit card accounts.
    

13. Never give your credit card number or personal information over the phone unless you have initiated the call and trust that business. Don't give a bank account number or Social Security number to any person or company you have doubts about. A company that has only a Web site or mailbox drop should raise suspicions.
    

14. Don't leave credit card receipts lying around.
    

15. Subscribe to a credit report monitoring service that will notify you whenever someone applies for credit in your name.

The Internet is replacing more traditional methods of scamming individuals, including the phone and mail. Of the complaints that weren't related to ID theft, half had some connection with the Internet. Consumers were contacted online, responded to Web ads or made a questionable transaction entirely on the Internet. Of the consumers who complained about fraud, only 23% were contacted by phone. Nearly 20% of suspected frauds were done through bank debits, according to the Federal Trade Commission.