Archive for the ‘ID Theft’ Category

3.3 million identities stolen – this time from the Educational Credit Management Corp, the folks who guarantee many federal student loans. Names, addresses, Social Security numbers and other personal data on borrowers were taken. It’s not as big as the 45 million credit and debit card numbers stolen from TJ Maxx but it’s arguably more sensitive information.

According to ECMC, the stolen information was on a portable media device. In the words of their spokesman Paul Kelash, “It was simple, old-fashioned theft. It was not a hacker incident.” More proof that the simple threats are still the most serious. The company does use key-card control of their physical facility but has not yet released how the theft was accomplished. It’s rarely hard to tailgate into a building then walk out with a thumbdrive.

Notices have not gone out yet so we don’t know if it’s just current loan holders or if the breach included information on closed accounts as well. ECMC is the designated guarantor for loans in Oregon, Virginia and Connecticut which I interpret to mean that you may be at risk if you got your loans through schools in those states. But the way those documents get shared around, any of us with loans could be at risk.

If you haven’t checked your credit report lately, this is a good excuse to do so. You are eligible for a free copy of your credit report every 12 months. Be sure to go to the official site (not the deceptive site with the goofy adds and “free” in the domain name). And remember that you can check just one of the three credit reports, saving the other two for 4 and 8 months later respectively.

In the past few days, both Bank of America and CitiCorp have announced that they are doing away with overdraft fees for debit cards. No longer will you be charged $35 in penalties for a $2 cup of coffee. Instead, the bank will simply reject the transaction if you are trying to make a purchase without enough money in your account.

This is how debit cards originally worked. There was no built-in overdraft protection – you either had enough money in the account or you did not. If not, there was no harm – the transaction just didn’t go through and you pulled out a credit card instead. It might be a little embarrassing in front of the clerk but it kept you from spending money you didn’t have.

That changed when banks realized that they could earn a lot of money on the overdraft fees. Almost overnight, overdraft went from an uncommon option that you could add to the account to a default that was almost impossible to unbundle from the account. Congress reeled in banks’ ability to collect many of those fees and at least these two banks have realized that it’s not worth the trouble to try to nickle-and-dime customers for what’s left. Easier just to reject the transaction and let the customer use a different card.

I think this is an excellent trend. It reestablishes the difference between a credit card and a debit card, giving each a distinct purpose. If you want convenience and deferred payment, carry a credit card. If you don’t trust yourself not to overspend, carry a debit card. Debit cards can be good for young people and others who are struggling to learn financial discipline.

That said, I have two concerns. First, where will the banks turn to replace this revenue stream? They made a lot of money on those fees. We can expect the rules to change (again) as banks adapt and find new ways to make money. We’re all going to have to watch the rules for our accounts very carefully as the banks adjust to the new regulations.

Second, debit cards still carry a far higher risk when they are stolen. Lose your credit card and you are only liable for the first $50 (assuming that you notify your bank in time, etc). Lose your debit card and the thief can empty your account of whatever balance you have in there. Before this change, I was absolute in my recommendation that there was no longer a good reason to carry a debit card. Maybe carry an ATM-only card but nothing else. Now… Well, the financial discipline imposed by these new (or newly old) debit cards might just be right for some people. Those same people will be most badly hurt if/when the debit card is stolen. What used to be a simple decision is now more complicated. If you do decide to carry a debit card, remember the risks.

Studies continue to show that most identity theft is committed using paper-based information. And while much of that is based on papers stolen from your kitchen counter (usually by someone you know well), a fair portion is the result of mail theft or tampering. Here are some steps to protect your physical mail.

  • Don’t leave outgoing mail in an unsecured mailbox – especially checks (which have your bank number and signature on them). Take the extra time to detour to the post office drop box.
  • Or even better, pay your bills online through your bank’s secure website.
  • Sign up for direct deposit and for electronic deposit of as many incoming checks as you can. Don’t advertise when you’ve got a check coming. An insurance company I know recently had a check forgery case based on a single claim check stolen from the victim’s mailbox.
  • Keep your eyes open for changes in patterns. If you haven’t received a bill on time, one possibility is that an ID thief changed the address and is using your account to establish his/her false identity.
  • If you’re expecting a package, track it’s progress on the carrier’s website. Make sure that it doesn’t sit unattended any longer than necessary.
  • Think about signing up for electronic statements instead of getting them through the mail. It’s cheaper the company (and ultimately for the consumer), it reduces the volume of paper to manage and, as long as your computer security is good, it can be as safe or slightly safer than paper statements.
  • If you’re going out of town, put a hold on your mail.
  • If you live in a high-crime area, consider a post office box.

The Ohio Department of Insurance has confirmed an on-going scam targeting insurance policyholders. According to the ODI, the scam is currently targeted primarily at auto policies. In this scam, the caller alleges that “there was a problem with your insurance payment” and asks for confidential information such as bank account numbers, birthdates, SSNs, etc. The call often includes a threat that “your coverage will lapse” if the customer does not comply.

You can read the full ODI press release at

Insurance companies do sometimes ask for confidential information such as SSNs and birthdates in the normal course of business. However, it would be highly unusual for the insurance carrier to contact the customer directly or to do so other than in writing. If you receive a call that strikes you as suspicious, hang up and call the number printed on your last policy statement. If the call was legitimate, the customer service representative will be able to look up your account and confirm it.

Be very cautious about handing out your personal information to anyone you do not know well. Ohio customers who have already received one of these fraudulent calls, are asked to report it to the ODI at 1-800-686-1527.

Lastly, if you believe that you may have given up your confidential information to a fraudulent caller, you should check your credit report and consider putting a fraud alert on your account. For more on how to check your credit report, you can follow this link to the archive of tips on this topic.

As the holidays get closer, many of us will turn to online shopping. Done right, online shopping is about as safe as catalog shopping – and much more convenient. If you don’t take basic precautions, though, you could lose your shirt. Take the time to learn about the kinds of scams and cons that are used online.

The Federal Trade Commission hosts a terrific site with lots of content on identifying and deflecting these kinds of scams. If you haven’t already been out to visit, I strongly recommend the site. It has some excellent overview material on security at the personal and small business level. The site also has a set of games covering a variety of topics like spyware, online auctioneering, peer-to-peer, phishing and spam. Test your knowledge of internet security and safe shopping. It’s well worth the time to visit the site.

The site’s material comes from a number of public and private sources but is all released for public use. If you run your own personal website, you can post their games, videos and handouts to your own site and help spread the word. (Instructions are here.)

This tip has inspired me to create a more permanent set of links to some of the better games and awareness quizzes that I’ve run across. I’ll try to get them posted in a permanent sidebar on the blog but in the meantime, here are a few good links.