- Количество слайдов: 135
1 Identity Theft Deter-Detect-Defend C. E. Solutions Tracy Young ALHC, HIA, CLU 913 -980 -2348 www. continuingedsolutions. com
2 Identity Theft • Review and study this course at your leisure. • Once the course is completed, enter the exam through the Class. Marker link at the end of the exam. ▫ You must receive a score of 70% or better to pass. ▫ You may retake the test at no additional cost as needed. • The Insurance Department requires that all exams be taken in the presence of an approved disinterested 3 rd party monitor. • Course Certificate will be faxed and sent electronically to the insurance department when notification of a passing score and an affidavit signed by the person monitoring the test is received.
3 C. E. Solutions The material presented in this course is for educational and informational purposes only. It should not be used to provide guidance to your customers or clients in lieu of competent, certified, legal advice. The parties involved in the development of this course shall not be liable for any inappropriate use of this information beyond the purpose stated above. As a student, you should understand that it is your responsibility to adhere to the laws and regulations pertaining to any aspect of this course and the materials presented within.
4 PRESENTATION OVERVIEW • What is identity theft? – 30 min. • Where can you learn more? – 15 min. • How does identity theft happen? – 30 min. • Identity Theft Insurance – 30 min. • What does it cost? - 15 min. ▫ Coverage • What can you do? – 30 min. ▫ Deter (protect yourself!) ▫ Detect ▫ Defend ▫ Limits ▫ Deductibles ▫ What to consider • How Businesses can Protect our Information – 30 min.
Different laws determine your legal remedies based on the type of fraud you have suffered. • State laws protect you against fraud committed by a thief using paper documents, like stolen or counterfeit checks. • Federal law comes into play if the thief uses an electronic fund transfer or mail. Many transactions may seem to be processed electronically but are still considered “paper transactions. ” What can you do? • While dealing with problems resulting from identity theft can be time-consuming and frustrating, most victims can resolve their cases by being assertive, organized, and knowledgeable about their legal rights. • Some laws require you to notify companies within specific time periods. ▫ Don’t delay in contacting any companies to deal with these problems, and ask for supervisors if you need more help than you’re getting. 5
Different laws determine your legal remedies based on the type of fraud you have suffered. • State laws protect you against fraud committed by a thief using paper documents, like stolen or counterfeit checks. • Federal law comes into play if the thief uses an electronic fund transfer or mail. Many transactions may seem to be processed electronically but are still considered “paper transactions. ” What can you do? • Most victims can get their cases resolved by being vigilant, assertive and organized. ▫ Don’t procrastinate on contacting companies to address the problems. ▫ Don’t be afraid to go up the chain of command or make complaints, if necessary. • Keep organized files. • You may want to contact an attorney or contact Legal Services in your state or your local bar association for help in finding an attorney. 6
7 What can you do? • Different laws determine your legal remedies based on the type of fraud you have suffered. ▫ State laws protect you against fraud committed by a thief using paper documents, like stolen or counterfeit checks. ▫ Federal law comes into play if the thief uses an electronic fund transfer or mail. Many transactions may seem to be processed electronically but are still considered “paper transactions. ”
8 What does it cost? • Identity theft costs a record $56. 6 billion in cash, goods, and services. Two thirds of victims have no out-of-pocket expense (because bank and credit card companies seldom ask victims to cover any charges). For about 3 million victims, the average cost of repairing their credit was nearly $1, 200 and for all victims the average time to set the record straight was 30 -40 hours. • 38 -48% of victims find out about the identity theft within 3 months of it starting. 9 -18% of victims take 4 years or longer to discover that they are victims of identity theft.
9 How do they do it? • New schemes like “phishing” or old -fashioned “dumpster diving”. • Some thieves use a simple electronic device to capture the information (sometimes from their car while you pay for gas at the pump).
10 “Spear Phishing” • An article from the K. C. Star, dated 4/5/11 … “Fraud email warnings spreading”. “Companies behind such brands as Chase, Citi and Best Buy said over the weekend that hackers may have learned their email addresses because of a security breach at a Dallas-based company called Epsilon that manages email communications.
11 “Spear Phishing” • “The hacker takes the email addresses and sends emails to random people, purporting to be from a large bank and asking them to log in at a site that looks like the bank’s site. Instead, the fraudulent site captures their login information and uses it to access the real account. ” • The data breach makes “phishing” attacks more efficient, by allowing the fraudster to target people who actually have an account with the bank!
12 “Spear Phishing” • “David Jevans, chairman and founder of the non-profit Anti-Phishing Working Group, said criminals have been moving away from indiscriminate phishing toward ‘spear phishing, ’ which relies on having more intimate knowledge of the victims. ” • Protect yourself from this type of crime. Do not give any information out that is requested on the phone or computer, without first confirming with the real business.
13 New Credit Card Scam to watch for… • Caller: ‘This is (name), and I’m calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Devise for $497. 99 from a Marketing company based in …” • When you say ‘No’, the caller continues …
14 New Credit Card Scam to watch for… • Caller: ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives your address), is that correct? ’ • You say ‘yes’. The caller continues …
15 New Credit Card Scam to watch for… • Caller: ‘I will be starting a Fraud investigation. If you have any questions, you should call the 1800 number listed on the back of your card and ask for Security. You will need to refer to this Control Number. (The caller then gives you a 6 digit number) Do you need me to read it again? ’ • Here’s the IMPORTANT part on how the scam works…
16 New Credit Card Scam to watch for… • Caller: ‘I need to verify you are in possession of your card’. He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers that verify you are the possessor of the card. These are numbers you sometimes use to make Internet purchases to prove you have the card. ’ The caller will ask you to read the 3 numbers to him.
17 New Credit Card Scam to watch for… • After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions? ’ • After you say ‘No’, the caller thanks you and states ‘Don’t hesitate to call back if you do, and hangs up.
18 How do they do it? • Stolen checks … All it takes to empty your bank account is a signed check and a pan of acetone, the active ingredient in nail polish remover. ▫ The identity thief crook tapes over your signature front and back, and then soaks the check in acetone to wash away everything but the printer’s ink and your signature. ▫ He then dries the check and carefully peels off the tape resulting in a blank check signed by you! ▫ In addition, thanks to “bounce protection” from banks, the scamster can even overdraw your account.
19 New Credit Card Scam to watch for… • You actually say very little, and they never ask for your card number … But … all they need is that 3 digit number. They already had your card number and expiration date! • VISA or Master card will never ask for anything on the card as they already know the information.
20 How do they do it? • Social Security numbers – a California man, Jerry Van Le, age 30, was arrested in an ID theft ring. He has been accused of using stolen SS numbers to buy a new home, vehicles and electronics and then selling the information to others in a multimillion-dollar id theft ring. ▫ He stole numbers from about 25 children, immigrants and others who had not yet established credit through his work as a mortgage broker. ▫ He sold the numbers nationwide for between $3, 500 and $6, 00 each to about 2, 400 individuals over the last 18 months. ▫ It was a $100 million ring.
21 How do they do it? • Bankruptcy Fraud – If you believe someone has filed for bankruptcy in your name, write to the U. S. Trustee in the region where the bankruptcy was filed or check www. usdoj. gov/ust. Write a letter describing the situation and provide proof of your identity. ▫ The U. S. Trustee will make a criminal referral to law enforcement authorities. ▫ You also may want to file a complaint with the U. S. Attorney &/or the FBI in the city where the bankruptcy was filed. ▫ You may need to hire an attorney to help convince the bankruptcy court that the filing is fraudulent.
22 How do they do it? • Passport Fraud – if you’ve lost your passport, or believe it was stolen or is being used fraudulently, contact the U. S. Department of State (USDS) through www. travel. state. gov/passport_173 8. html.
23 How do they do it? • Student Loans Fraud – Contact the school or program that opened the student loan to close the loan. ▫ Report the fraudulent loan to the U. S. Dept. of Education at 1 -800 -MIS-USED; www. ed. gov/about/offices/list/oig/hotline. ht ml? src=rt; or write Office of Inspector General, U. S. Dept. of Education, 400 Maryland Ave. , SW, Washington, DC 20202 -1510.
24 How do they do it? • Tax Fraud – Be alert to possible tax-related id theft if the IRS sent you a notice that: ▫ States that more than one tax return was filed for your, or ▫ Indicates you received wages from an employer you don’t know. • If the thief files the tax return before you do, the IRS will assume you already filed and received your refund.
25 How do they do it? • If a person used your SS number to get a job, that person’s employer would report income earned to the IRS using your number, making it appear that you did not report all of your income on your tax return. • If you receive a notice, please respond immediately to it. If you have been in contact with the IRS (800829 -0433 or www. irs. gov) or if you have not been able to resolve the matter, contact the IRS Identity Protection Specialized Unit at 800 -908 -4490 ▫ The IRS Taxpayer Advocate can also help with unresolved issues in ID theft at www. irs. gov/advocate/ or 877 -777 -4778.
26 Medical Identity Theft • Medical Identity Theft – is the fastest-growing form of identity theft. As many as 500, 000 Americans have been victimized by medical identity theft. Many people may not even know it. Medical ID theft takes a wide variety of forms. • Who does this sort of thing? - According to the Smart Card Alliance, three types of people commit ID theft: ▫ Someone who is close to the victim and knows their habits and movements ▫ Amateurs who look for unsuspecting subjects and moments and… ▫ Professionals who work by themselves or as part of an organized group.
27 Medical Identity Theft • The scams – Illegal and bogus treatment, buying addictive drugs, obtaining free treatment … • Someone steals another person’s health data to get free medical treatment using the victim’s insurance coverage. With health care costs soaring and around 50 million people now uninsured, taking an innocent stranger’s health policy is an evergrowing threat.
28 Medical Identity Theft • The scams –A Palm Coast, FL woman named Linda Weaver was fraudulently billed for amputation of her right foot. The fraud became quite clear when she walked into the hospital on two perfectly healthy feet. • The thief’s data could end up on your permanent medical records. A California woman nearly died after being given the wrong antibiotic. Her card had been stolen and they had used the victim’s insurance card to get treatment, which became a part of her record.
29 Medical Identity Theft • The scams –A victim’s credit also can be ruined. Identity thieves typically disappear after receiving treatment on someone’s health policy. They leave unpaid hospital bills that are reported to the credit bureaus. Straightening out inaccurate credit records can take years. In the meantime, you may pay more for mortgage costs or car loans, or insurance. Your job may even be jeopardized. • An Arizona man’s records were stolen, and now his medical records show he has HIV and diabetes, even though he has neither condition. Among other things, this could easily affect his future ability to obtain health insurance.
30 Medical Identity Theft • The scams –Anndorie Sachs, received a disturbing call from a hospital that her newborn child had tested positive for drugs. Social services came to her door and nearly took her children away, thinking she was an addict. But she hadn’t given birth in years. A pregnant woman had used her stolen insurance card information to cover her own childbirth expenses. • The fastest-spreading trend involves fraud rings that are working like an assembly line operation. These rings steal lists with sensitive medical data of hundreds or even thousands of patients and mass-produce insurance claims that can steal millions of dollars in a relatively short time.
31 Medical Identity Theft • The scams - Theft rings make bogus insurance claims for medical treatment, for tests, and for unneeded medical equipment such as power wheelchairs. When the claims are smaller – they may fly under the insurer’s radar. • Police arrested 38 people in Miami-Dade last year. They had allegedly stolen medical ID numbers and billed Medicare $142 million for wheelchairs, walkers and other medical supplies. • Two Ukrainian brothers in Milpitas, CA bought a clinic, staffed it with fake doctors, and lured hundreds of seniors with free checkups and food. The suspected gang members photocopied the Medicaid and Medicare cards, and billed the health programs more than 9 million.
32 Medical Identity Theft • The scams –Sometimes the information is received from an “inside job” at medical facilities. Sometimes fraud rings place their own operatives inside medical facilities to gain access to the records. They are often low-paid workers that can make $50 per name sold to the fraud ring. • Thieves may hack into medical databases or break into medical facilities. • A receptionist in Weston, FL was arrested for selling more than 1, 000 medical IDs that later were used to bill $2. 8 million in fraudulent insurance claims.
33 Medical Identity Theft • The price you pay … Ruined credit, loss of health coverage (if your coverage is maxed out), inaccurate records, legal troubles, higher health premiums … • What can you do to protect yourself? • Carefully review your explanation of benefits from your health insurer to be certain your policy is being charged only for medical treatments you received. • Ask your health provider or insurance company for a copy of your medical records and review them closely.
34 Medical Identity Theft • Check your credit reports twice a year to see if unpaid medical bills have affected your rating. If you find a problem, place a fraud alert on your report. • Avoid clinics that advertise free exams and gifts; they may want to copy and steal your health insurance info. • Protect your insurance card as carefully as your credit cards. If it’s lost or stolen, contact your health insurer immediately and get a new number.
35 Medical Identity Theft • Correct your medical records as soon as you discover inaccuracies. ▫ But that is easier said than done. ▫ Medical records are rapidly becoming digitized. They can easily spread all over the nation. ▫ Tracking down where your records are housed can take years, if you’re lucky. ▫ Federal law does not require medical providers to erase or correct inaccurate information. • You should file a police report and notify the FTC at their toll free hotline – 1 -877 -IDTHEFT(438 -4338).
36 Medical Identity Theft • You have rights under federal law that can assist you in correcting inaccurate medical records – www. hss. gov/ocr/hipaa. Your rights include: ▫ The right to request copies of your current medical files from each health care provider. ▫ The right to have your medical records amended to remove inaccurate or incomplete information. ▫ The right to an accounting of disclosures – a record of who has been given access to your medical records. This is very important in tracking down where inaccurate information may have been sent. ▫ The right to file a complaint with the Office of Civil Rights at the federal Department of Health & Human Services if a health care provider does not comply with these rights. In addition, many hospitals have ombudsmen or patient advocates who may be able to help you obtain medical records or provide access to information.
37 But, it’s getting better … • Fortunately, ID theft is declining after cases reported to the FTC nearly tripled from 2001 through 2004. ▫ The number of identity fraud victims in the U. S. was 8. 1 million in 2007, a 3. 6% decrease from the 8. 4 million in 2006, and a 9. 0% decrease from 2005. • Awareness by consumers and creditors coupled with technological safeguards has helped curb cases of identity theft.
38 What does it cost you? • Time! Victims spend hours repairing damage done by ID theft. How much depends on the severity of the crime – for example a lost credit card versus the use of your social security number to become your “evil twin. ” • Money – 40% of business costs for individual cases of identity theft exceed $15, 000. The Aberdeen Group has estimated that $221 billion a year is lost by businesses worldwide due to identity theft. ▫ Victims lose an average of $1, 820 to $14, 340 in wages in dealing with their cases. ▫ Victims spend an average of $851 to $1378 in expenses related to their case.
39 What does it cost you? • Practical and Emotional Costs of ID Theft. ▫ 47% of victims have trouble getting credit or a loan as a result of ID theft. ▫ 19% of victims have higher credit rates and 16% have higher insurance rates because of ID theft. ▫ 11% of victims say ID theft has a negative impact on their abilities to get jobs. ▫ 70% of victims have trouble getting rid of (or never get rid of) negative information in their records
40 What does it cost you? • Practical and Emotional Costs of ID Theft. ▫ 40% of victims experience stress in their family lives as a result of displaced anger and frustration over the ID theft. ▫ 45% of victims feel denial or disbelief. ▫ 85% of victims feel anger and rage. ▫ 45% of victims feel defiled by the ID thief. ▫ 42% of victims feel an inability to trust people because of the ID theft. ▫ 60% of victims feel unprotected by the police.
41 ID Theft Issues … • Uses of Victim Information – • 66% of victims’ personal information is used to open a new credit account in their name. ▫ 28% of victims’ personal information is used to purchase cell phone service. ▫ 12% of victims end up having warrants issued in their name for financial crimes committed by the ID thief!
42 ID Theft Issues … • Imposter Characteristics and Relationships to Victim - ▫ 43% of victims believe they know the person who stole their identity. ▫ 14 -25% of victims believe the imposter is someone who is in a business that holds their personally identifying information. ▫ The most common reported perpetrator in cases where a child’s identity is stolen … is the child’s parent! ▫ 16% of identity theft victims are also victims of domestic harassment / abuse by the same perpetrator. These victims believe that the ID theft is used as another way for the abuser to continue and demonstrate his harassment and control.
43 ID Theft Issues … • Responsiveness to Victims ▫ Overall, police department seem to be the most responsive to victims of ID theft, with 58% taking down a report on the victim’s first request. ▫ 1/3 of victims have to send dispute information repeatedly to credit reporting agencies. ▫ Only 1/5 of victims find it easy to reach someone in a credit reporting agency after receiving their credit report. ▫ 20% of victims will have the misinformation and errors removed from their credit report after their first request for the credit reporting agency to do so.
44 WHAT CAN YOU DO? DETER n Deter identity thieves by safeguarding your information DETECT n Detect suspicious activity by routinely monitoring your financial accounts and billing statements DEFEND n Defend against identity theft as soon as you suspect a problem
45 DETER identity thieves by safeguarding your information. n. Store information in secure locations n. Protect your Social Security number n. Protect Bank Accounts & Checkbook n. Shred anything bearing sensitive information n. Credit Cards
46 Deter … Protect Yourself • Store information in secure locations ▫ Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house. ▫ Share your personal information only with those family members who have a legitimate need for it. ▫ Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.
47 Deter … Protect Yourself • Store information in secure locations ▫ Ask about information security procedures in your workplace or at businesses, doctor’s offices or other institutions that collect your personally identifying information. ▫ Find out who has access to your personal information and verify that it is handled securely. ▫ Ask about the disposal procedures for those records as well. ▫ Find out if your information will be shared with anyone else. If so, ask how your information can be kept confidential.
48 Deter – Protect Yourself • Protect your Social Security number. ▫ Don’t carry your Social Security card in your wallet or write your SS# on a check. 36% of Americans age 18 -49 and 43% of Americans age 50 and older carry their SS card in their wallet). ▫ Give your SS# only when absolutely necessary, and ask to use other types of identifiers. If a company uses your SS for an identification number, you can request it use a different number.
49 Deter – Protect Yourself • Protect your Social Security number. ▫ Your employer and financial institutions will need your Social Security number for wage and tax reporting purposes. Other businesses may ask you for your SS number to do a credit check if you are applying for insurance, a loan, renting an apartment or signing up for utilities. ▫ Some businesses may want your SS number for general record keeping. If someone asks for your SS number, ask: Why do you need my SS number? How will my SS number be used? How do you protect my SS number from being stolen? What will happen if I don’t give you my SS number?
50 Deter – Protect Yourself • 2/26/09 – a Supreme Court gave a hearing to using ID theft laws against illegal workers who used fake ID cards. • Because there about 1 billion combinations to any nine digit number (like those used for SS) … and of those, about 400 million have been used • When an illegal immigrant, Flores-Figueroa was found using a fake ID card, he was found not guilty and did not have to serve the 2 -year jail penalty. The penalty is for “knowingly transfer, possess or use … a means of identification of another person” …and he argued that he “didn’t know he actually had the ID of another person”! ▫ If you have specific information of Social Security number misuse that involves the buying or selling of SS cards, may be related to terrorist activity, or is designed to obtain SS benefits, contact the Social Security Administration (SSA) Office of the Inspector General – www. socialsecurity. gov/oig or 800 -269 -0271. . . or write: SSA Fraud Hotline, P. O. Box 17768, Baltimore, MD 21235.
51 Bank Accounts & Checkbook ▫ If your insured has had a break-in to their home, have them go through all of their checks to make sure none are missing. They won’t necessarily take the top stack. ▫ Shield your hand when using ATM machines – and typing in your PIN. Always take your receipt!
52 Bank Accounts & Checkbook ▫ According to the Javelin survey, 30% of frauds began with a lost or stolen wallet, checkbook or credit card. ***Homework assignment – take your cards out of your wallet and copy both sides of them. Keep copy in a safe location. *** Don’t carry PIN codes or your SS card. 1 in 7 cases if ID theft traced to a source turns up a family member or other trusted associate of the victim.
53 Bank Accounts & Checkbook ▫ You should use a uni-ball gel pen, the only one that resists washing. ▫ Keep phone numbers off your printed checks. ▫ Order checks from your bank, not from independent vendors, and seek out security features such as paper that acetone stains. To reduce the hazard posed by a pirated cash card, call your bank and request a per-day limit on ATM withdrawals from your accounts.
54 Bank Accounts & Checkbook ▫ Fraudulent electronic Fund Transfers involving ATM or debit card – limits your liability for unauthorized transfers. You have 60 days from the date your bank account statement is sent to you to report in writing any money withdrawn from your account without your permission. This includes when the card is “skimmed” – that is, when a thief captures your account number and PIN without your card having been lot or stolen. If you report the loss or theft within 2 business days of discovery, your losses are limited to $50. If you report the loss or theft after 2 business days, but within 60 days that the transaction appears on your statement, you could lose up to $500 of what the thief withdraws.
55 Bank Accounts & Checkbook ▫ If a thief steals your checks or counterfeits checks from your existing bank account, stop payment, close the account, and ask your bank to notify Chex Systems, Inc. or the check verification service with which they do business. That way retailers can be notified not to accept these checks. While no federal law limits your losses if someone uses your checks with a forged signature, state laws may protect you. Most states hold the bank responsible for losses from such transactions (if you take reasonable care of your account).
56 Shredding … • Shred anything bearing sensitive information into a crosscut (or “confetti”) shredder … not one like this photo! Treat your trash and mail carefully. ▫ Always shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you’re discarding, and credit offers you get in the mail. ▫ This make it virtually impossible for garbage divers to read your data or use credit card “convenience checks” and new offers.
57 Credit Card Safety • Credit Cards – Guard your credit card when making purchases. ▫ Don’t leave them on the counter or put them in your shopping bag (or pocket) where they can easily fall out or get stolen. ▫ Crooks use cell phones with cameras to snap a quick picture of your credit card number to use later. ▫ Regularly check your credit card and bank statements. ▫ According to Frost & Sullivan, the amount of credit card fraud is projected to reach $15. 5 billion.
58 DETER identity thieves by safeguarding your information. n. Mail n. Junk Mail n Phones n. Don’t give out personal information n. Home Computer n. Don’t use obvious passwords n Scan your credit history
59 Mail • Mail – make sure mail isn’t diverted before it reaches the shredder … get your letters delivered to a secure location. ▫ If an identity thief has stolen your mail to get new credit cards, bank or credit card statements, pre-screened credit offers, or tax information, or has falsified changeof-address forms or obtained your personal information through a fraud conducted by mail, report it to your local postal inspector. The U. S. Postal Inspection Service (USPIS) is the law enforcement that investigates cases of ID theft at: www. usps. gov/websites/depart/inspect. ▫ Deposit your outgoing mail containing personally identifying information in post office collection boxes or at your local post office, rather than in an unsecured mailbox. (A street-side mailbox is easily accessible by thieves. )
60 Mail • Mail –Promptly remove mail from your mailbox. If you’re planning to be away from home and can’t pick up your mail, contact the U. S. Postal Service at 1 -800 -275 -8777 or online at www. usps. gov, to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it. ▫ Police say these mail boxes are favored targets of ID thieves looking for checks to steal. ▫ A mail slot into the house is better and if this is not possible, consider renting a box at the local post office.
61 Junk Mail • Junk Mail – Eliminate future trash at its source, call the credit bureaus’ dedicated line at 888 -567 -8688 from your home telephone or register at www. optoutprescreen. com. ▫ If you call, an automated voiceresponse system will request your name, telephone number and SS#. Don’t worry, the credit bureau has it already as part of your credit history. ▫ You can opt out for 5 years or forever.
62 Phones • Phones – Register your phone numbers with the National Do Not Call Registry maintained by the FTC at 888 -382 -1222 or www. donotcall. gov. ▫ Unless they’re from charities, political groups, surveys, or companies with which you have ties, telemarketers are barred from calling registered numbers. If an ID thief has established phone service in your name, is making unauthorized calls that seem to come from and are billed to your cellular phone, or is using your calling card and PIN, contact your service provider immediately to cancel the account &/or calling card. Open new accounts and choose new PINs. If you have problems getting fraudulent phone charges removed from your account or getting an unauthorized account closed, contact: ▫ For local service – your state Public Utility Commission. ▫ For cellular phones & long distance, the Federal Communications Commission (FCC) at www. fcc. gov.
63 Home Computer • Home Computer – have a security virus, spyware and adware software that is updated regularly. ▫ The Internet can give you access to information, entertainment, financial offers, and countless other services but at the same time, it can leave you vulnerable to online scammers, identity thieves and more. For practical tips to help you be on guard against Internet fraud, secure your computer, and protect your personal information, visit www. onguardonline. gov. ▫ Select intricate passwords … Place passwords on your credit card, bank, and phone accounts. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits of your Social Security number or your phone number, a series of consecutive numbers, or a single word that would appear in a dictionary.
64 New Password scheme … • From the K. C. Star, April 5, 2011 • “Scheme exploited ‘human vulnerability’ of those who rely on the same password at multiple sites. • A master computer hacker preyed on human nature to steal hundreds of thousands of dollars from unwary Internet users in Kansas City. Sael Mustafa took advantage of a common mistake many people make – using the same user name and password on multiple online accounts – to reap huge rewards at the expense of hundreds of victims.
65 New Password scheme … • From the K. C. Star, April 5, 2011 • “…Prosecutors are seeking a 15 -year sentence for Mustafa, who they allege played a significant role in the criminal enterprise that victimized more than 250 people and resulted in the stealing and attempted stealing of more than $700, 000. • This all began in Gladstone … when police were contacted by security officials from Hy-Vee about suspicious gift-card purchases.
66 New Password scheme … • From the K. C. Star, April 5, 2011 • “…Gladstone police contacted U. S. postal inspectors, who interviewed people who said their credit card information had been used to make purchases they didn’t authorize. • Mustafa and two others, identified in court documents as unindicted co-conspirators, were found living in a Gladstone home …
67 New Password scheme … • From the K. C. Star, April 5, 2011 • “…One of the co-conspirators testified Monday that she met Mustafa online in 2006 and he introduced her to the computer hacking scheme. The woman said she made several trips to visit him in Jordan using tickets he obtained fraudulently. • Mustafa moved into her Gladstone home in January 2009…
68 New Password scheme … • From the K. C. Star, April 5, 2011 • “Mustafa hacked into websites of several businesses, including that of the Capital Grille restaurant chain. He accessed email addresses, passwords and password reminder questions such as ‘What is your mother’s maiden name? ’ • Mustafa then logged onto the websites of major credit card companies and began testing whether the stolen information matched customer information on those sites …
69 New Password scheme … • From the K. C. Star, April 5, 2011 • “… ‘Alarmingly, this worked repeatedly. ’ the detective on the case said. • Once access to credit card accounts was gained, it was used to buy gift cards and airline tickets and to make bank wire transfers to accounts in the U. S. and overseas. • Law enforcement officials say consumers can minimize their vulnerability to such schemes by taking common sense steps to protect their online information.
70 New Password scheme … • From the K. C. Star, April 5, 2011 • “…people should be vigilant about changing passwords on a regular basis. They should also use ‘strong passwords’ that include a mix of letters, numbers and punctuation marks, not just something like 123456. ” • Using the same password may be easier for you, but it also makes it easier for others!
71 Home Computer ▫ One kind, known as adware, merely gauges your interests to help websites predict what advertising might grab your attention. A more sinister sort of spyware monitors your every keystroke and reports back to a waiting attacker. ▫ Spyware infiltrates your computer by hiding inside a downloaded program or by an email you open or Web link you click on. Ad-Aware is a free download that can be trusted. ▫ Open a second (or third) free email account from MSN’s Hotmail, Yahoo!’s Mail, or Google’s Gmail so you can segregate your online shopping from banking and private correspondence and don’t use your name or a familiar word as part of an address. Scramble some letters and numbers instead. This will make it harder for phishers to find you by chance and lure you to scam websites.
72 Home Computer • Verify a source before sharing information ▫ Don't give out personal information on the phone, through the mail, or on the Internet unless you've initiated the contact and are sure you know who you're dealing with. ▫ Identity thieves are clever, and may pose as representatives of banks, Internet service providers (ISPs), and even government agencies to get people to reveal their Social Security number, mother's maiden name, account numbers, and other identifying information. ▫ Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization's website by typing its URL in the address line, rather than cutting and pasting it. Many companies post scam alerts when their name is used improperly. Or call customer service using the number listed on your account statement or in the telephone book.
73 Credit History • Credit History - Scan your credit history for inquiries on existing accounts and applications for new loans. Credit reports contain information about you, including what accounts you have and how you pay your bills. ▫ Under the FCRA (Federal Credit Reporting Act), both the consumer reporting company and the information provider (the business that sent the information to the consumer reporting company) are responsible for correcting fraudulent information.
74 Credit History • Credit History - Consumer reporting companies will block fraudulent information from appearing on your credit report if you send them a copy of an Identity Theft Report and a letter (sent certified mail with return receipt … keep copies of police report, etc. ) telling them what information is fraudulent. Information Providers must stop reporting fraudulent information to the consumer reporting companies and may not collect the debt that relates to the fraudulent account, or sell that debt to anyone else who would try to collect it. ▫ You can get one free credit history annually from each of the three major bureaus (Experian, Equifax, and Trans. Union) at www. annualcreditreport. com or 877 -322 -8228, or Annual Credit Report Request Service, P. O. Box 105281, Atlanta, GA 30348 -5281. .
75 Credit History ▫ By rotating your requests, you can receive a report every four months. ▫ Recent laws in 8 states let you freeze access to your credit file to keep anyone, legit or not from reviewing your standing or opening loans in your name. Freezes that used to be applied by credit bureaus only after ID thieves struck are available free by law to any citizen in Colorado and New Jersey. California, Connecticut, Louisiana, Maine, Nevada and N. Carolina can stop credit tampering cold for a small fee, generally up to $10. For an additional $5 or $10 those states allow a credit thaw when you need a new loan. Freezes are also available by law to ID-theft victims in Illinois, Texas, Vermont and Washington. 3
76 Credit History ▫ While a credit freeze can help keep an identity thief from opening most new accounts in your name, it’s not a solution to all types of identity theft. It will not protect you, for example, from an identity thief who uses your existing credit cards or other accounts. There also new accounts, such as telephone, wireless, and bank accounts, which an ID thief could open without a credit check. In addition, some creditors might open an account without first getting your credit report. And, if there’s identity theft already going on when you place the credit freeze, the freeze itself won’t be able to stop it. While a credit freeze may not protect you in these kinds of cases, it can protect you from the vast majority of identity theft that involves opening a new line of credit.
77 Credit History ▫ A fraud alert is another tool for people who’ve had their ID stolen – or who suspect it may have been stolen. With a fraud alert in place, businesses may still check your credit report. Depending on whether you place an initial 90 -day fraud alert or an extended fraud alert, potential creditors must either contact you or use what the law refers to as “reasonable policies and procedures” to verify your identity before issuing credit in your name. However, the steps potential creditors take to verify your identity may not always alert them that the applicant is not you.
78 DETECT suspicious activity by routinely monitoring your financial accounts and billing statements. n Be alert q Mail or bills that don’t arrive q Denials of credit for no reason n Inspect your credit report q Law entitles you to one free report a year from each nationwide credit reporting agencies if you ask for it – q. Online: www. annualcreditreport. com; by phone: 1 -877 -322 -8228; or by mail: Annual Credit Report Request Service, P. O. Box 105281, Atlanta, GA 30348 -5281 n Inspect your financial statements q Look for charges you didn’t make
79 Detect … • What are the signs of identity theft? • Stay alert for the signs of identity theft, like: • Accounts you didn't open and debts on your accounts that you can't explain. • Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
80 Detect … • What are the signs of identity theft? • Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks. • Receiving credit cards that you didn't apply for. • Being denied credit, or being offered less favorable credit terms, like a high interest rate, for no apparent reason. • Getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.
81 Detect … • How do you find out if your identity was stolen? • Unfortunately, many consumers learn they their identity has been stolen after some damage has been done. • You may find out when bill collection agencies contact you for overdue debts you never incurred. • You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan. • You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.
82 Detect … • Once you get your reports, review them carefully. • Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain. • Check that information, like your Social Security number, address(es), name or initials, and employers are correct. • If you find fraudulent or inaccurate information, get it removed. See “Correcting Fraudulent Information” in Credit Reports to learn how. • Continue to check your credit reports periodically, especially for the first year after you discover the identity theft, to make sure no new fraudulent activity has occurred.
83 Detect … • Under federal law, you're also entitled to a free report if a company takes adverse action against you, such as denying your application for credit, insurance or employment, and you request your report within 60 days of receiving notice of the action. The notice will give you the name, address, and phone number of the consumer reporting company that supplied the information about you. You're also entitled to one free report a year if you're unemployed and plan to look for a job within 60 days; you're on welfare; or your report is inaccurate because of fraud. Otherwise, a consumer reporting company may charge you up to $9. 50 for any other copies of your report.
84 Detect … • To buy a copy of your report, contact: ▫ Equifax: 800 -685 -1111; www. equifax. com ▫ Experian: 888 -EXPERIAN (888 -3973742); www. experian. com ▫ Trans. Union: 800 -916 -8800; www. transunion. com ▫ Or for all three – www. annualcreditreport. com
85 DEFEND against identity theft as soon as you suspect a problem. n Place a “Fraud Alert” on your credit reports by calling any one of the three nationwide credit reporting companies: q Equifax: 1 -800 -525 -6285 q Experian: 1 -888 -397 -3742 q Trans. Union: 1 -800 -680 -7289 q Review reports carefully, looking for fraudulent activity n Close accounts that have been tampered with or opened fraudulently n. File a complaint with the Federal Trade Commission 1 -877 -IDTHEFT n. File a police report n. Identity Theft Report
86 Defend • Fraud alerts can help prevent an identity thief from opening any more accounts in your name. • Contact the toll-free fraud number of any of the three consumer reporting companies below to place a fraud alert on your credit report. • You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. • If you do not receive a confirmation from a company, you should contact that company directly to place a fraud alert.
87 Defend • Once you place the fraud alert (An initial fraud alert stays on your credit report for at least 90 days. An extended fraud alert stays on your credit report for seven years) in your file, you're entitled to order one free copy of your credit report from each of the three consumer reporting companies, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports.
88 Defend With an extended fraud alert, potential creditors must actually contact you, or meet with you in person, before they issue you credit. • When you place an extended alert on your credit report, you're entitled to two free credit reports within twelve months from each of the three nationwide consumer reporting companies. • In addition, the consumer reporting companies will remove your name from marketing lists for prescreened credit offers for five years unless you ask them to put your name back on the list before then. • Once you get your credit reports, review them carefully.
89 Defend • Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain. • Check that information, like your Social Security number, address(es), name or initials, and employers are correct. • If you find fraudulent or inaccurate information, get it removed. • When you correct your credit report, use an Identity Theft Report with a cover letter explaining your request, to get the fastest and most complete results. • Continue to check your credit reports periodically, especially for the first year after you discover the identity theft, to make sure no new fraudulent activity has occurred.
90 Defend • The 3 consumer reporting companies have toll-free numbers for placing an initial 90 -day fraud alert; a call to one company is sufficient. • It entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain.
91 Defend To close your accounts, call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents. • Use the ID Theft Affidavit at ftc. gov/idtheft to support your written statement. • Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.
92 Defend • Call and speak with someone in the security or fraud department of each company. • Follow up in writing, and include copies (NOT originals) of supporting documents. • It's important to notify credit card companies and banks in writing. • Send your letters by certified mail, return receipt requested, so you can document what the company received and when. Keep a file of your correspondence and enclosures.
93 Defend When you open new accounts, use new Personal Identification Numbers (PINs) and passwords. • Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers. • If the identity thief has made charges or debits on your accounts, or has fraudulently opened accounts, ask the company for the forms to dispute those transactions: • For charges and debits on existing accounts, ask the representative to send you the company's fraud dispute forms. • If the company doesn't have special forms, use the sample letter to dispute the fraudulent charges or debits. In either case, write to the company at the address given for "billing inquiries, " NOT the address for sending your payments.
94 Defend • For new unauthorized accounts, you can either file a dispute directly with the company or file a report with the police and provide a copy, called an “Identity Theft Report, ” to the company. • If you want to file a dispute directly with the company, and do not want to file a report with the police, ask if the company accepts the FTC’s ID Theft Affidavit. If it does not, ask the representative to send you the company's fraud dispute forms. • However, filing a report with the police and then providing the company with an Identity Theft Report will give you greater protection. • For example, if the company has already reported these unauthorized accounts or debts on your credit report, an Identity Theft Report will require them to stop reporting that fraudulent information. • Use the cover letter to explain to the company the rights you have by using the Identity Theft Report. More information about getting and using an Identity Theft Report can be found here.
95 Defend • Once you have resolved your identity theft dispute with the company, ask for a letter stating that the company has closed the disputed accounts and has discharged the fraudulent debts. This letter is your best proof if errors relating to this account reappear on your credit report or you are contacted again about the fraudulent debt. • Debt Collectors - you can stop a debt collector from contacting you by writing a letter to the collection agency telling them to stop. Include copies of documents that support your position, including a copy (NOT original) of your police report, etc. • If you tell the debt collector that you are a victim of identity theft & it is collecting the debt for another company, they must tell that company that you may be a victim of id theft.
96 Defend • Investment Fraud - If you believe that an ID thief has tampered with your securities investments or a brokerage account, immediately report it to your broker or account manager. If you believe your broker is part of the fraud, report it to the U. S. Securities & Exchange Commission’s (SEC) Office of Investor Education and Assistance … www. sec. gov/complaint. shtml%20 or%20202 -942 -7040 or write to: SEC Office of Investor Education & Assistance, 450 Fifth St. , NW, Washington, DC 20549 -0213. • You can also contact the securities regulatory agency in your state. A list of these regulators can be found at: www. nasaa. org/quicklinks/contactyourregulator. cfm or the NASD at: www. complaint. nasd. com
97 Defend • The FTC is the federal consumer protection agency that helps law enforcement officials in their investigations. You can file a complaint with the FTC using the online complaint form; or call the FTC's Identity Theft Hotline, toll-free: 1 -877 -ID-THEFT (438 -4338); TTY: 1 -866 -653 -4261; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. • Be sure to call the Hotline to update your complaint if you have any additional information or problems. • By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them.
98 Defend • The FTC can refer victims' complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces. • Additionally, you can provide a printed copy of your online Complaint form to the police to incorporate into their police report. • The printed FTC ID Theft Complaint, in conjunction with the police report, can constitute an Identity Theft Report and entitle you to certain protections. • This Identity Theft Report can be used to (1) permanently block fraudulent information from appearing on your credit report; (2) ensure that debts do not reappear on your credit report; (3) prevent a company from continuing to collect debts that result from identity theft; and (4) place an extended fraud alert on your credit report.
99 Defend • File a report with your local police or the police in the community where the identity theft took place. • Call your local police department and tell them that you want to file a report about your identity theft. • Ask them if you can file the report in person. If you cannot, ask if you can file a report over the Internet or telephone. • If the police are reluctant to take your report, ask to file a "Miscellaneous Incident" report, or try another jurisdiction, like your state police. • You also can check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. • Check the Blue Pages of your telephone directory for the phone number or check www. naag. org for a list of state Attorneys General.
100 Defend • When you go to your local police department to file your report, bring a printed copy of your FTC ID Theft Complaint form, your cover letter, and your supporting documentation. • The cover letter explains why a police report and an ID Theft Complaint are so important to victims. • Ask the officer to attach or incorporate the ID Theft Complaint into their police report. Tell them that you need a copy of the Identity Theft Report (the police report with your ID Theft Complaint attached or incorporated) to dispute the fraudulent accounts and debts created by the identity thief. (In some jurisdictions the officer will not be able to give you a copy of the official police report, but should be able to sign your Complaint and write the police report number in the “Law Enforcement Report” section. )
101 Defend • If there is a wrongful criminal violation attributed to your name, contact the police or sheriff’s department that originally arrested the person using your identity and file an impersonation report. • Ask the police department to take a full set of your fingerprints, photograph you, and make copies of your photo identification documents like your drivers license, etc. • You may need to hire a criminal defense attorney to help you clear your name. • Contact your state Department of Motor Vehicles (DMV) to find out if your driver’s license is being used by the identity thief. Ask that your files be flagged for possible fraud.
102 Defend • The law enforcement agency should then recall any warrants and issue a “clearance letter” or “certificate of release” if you were arrested/booked. • Ask them to file the record of your innocence with the district attorney’s office. • Ask that the “key name” or “primary name” in the file be changed from your name to the imposter’s name (or to “John Doe” if their true identity is not known.
103 Defend • What is an Identity Theft Report? • An Identity Theft Report is a police report with more than the usual amount of detail. The Identity Theft Report includes enough detail about the crime for the credit reporting companies and the businesses involved to verify that you are a victim—and to know which accounts and inaccurate information came from identity theft. • Normal police reports often don’t have many details about the accounts that were opened or misused by identity thieves. • The printed copy of your ID Theft Complaint Form can provide additional details for the police report. The police are not legally required to use the FTC’s ID Theft Complaint Form as part of their report. • Your police department may have another way to incorporate the details of your crime. In these cases, the police report by itself may serve as an Identity Theft Report.
104 Defend • What is an Identity Theft Report? • When you file your Identity Theft Report, the credit reporting companies will permanently block fraudulent information from appearing on your credit report. • Filing an Identity Theft Report with the credit reporting companies or with the companies where thief used your information should ensure that these debts do not reappear on your credit report. • An Identity Theft Report can prevent a company from continuing to try to collect debts that result from identity theft, or sell those debts to others for collection. • It also allows you to place an extended fraud alert on your credit report. The credit reporting companies may decline your Identity Theft Report if it does not contain enough detail for them to verify that you are a victim of identity theft. • In that case, the credit reporting companies have certain timeframes for responding to your Identity Theft Report with requests for additional information.
105 Defend • Should I apply for a new Social Security number? • Under certain circumstances, the Social Security Administration may issue you a new Social Security number - at your request - if, after trying to resolve the problems brought on by identity theft, you continue to experience problems. • Consider this option carefully. A new Social Security number may not resolve your identity theft problems, and may actually create new problems.
106 Defend • Should I apply for a new Social Security number? • For example, a new Social Security number does not necessarily ensure a new credit record because credit bureaus may combine the credit records from your old Social Security number with those from your new Social Security number. • Even when the old credit information is not associated with your new Social Security number, the absence of any credit history under your new Social Security number may make it more difficult for you to get credit. • And finally, there's no guarantee that a new Social Security number wouldn't also be misused by an identity thief. 4
107 Credit Monitoring Services • There a variety of commercial services that, for a fee, will monitor your credit reports for activity and alert you to changes to your accounts. • Prices and services vary widely. Many of the services only monitor one of the three major consumer reporting companies. • If you're considering signing up for a service, make sure you understand what you're getting before you buy. • Also check out the company with your local Better Business Bureau, consumer protection agency and state Attorney General to see if they have any complaints on file.
108 How can you protect yourself against ID Theft? n. Identity Theft Insurance n. Know what the policy limits are n. Average $10, 000 -$25, 000 n. Is there a deductible? n. Most do not – but some do! n. What is the cost? n$0 - $65 n. Not intended to cover direct monetary loss
109 Identity Theft Insurance • Recovery Assistance (3 rd party claims management) ▫ Fraud specialists are provided to walk the victim through the process of restoring their identity. Filing reports Handling documents Handling phone calls Retrieval-Replacement-Recreation of documents Communication with agencies Follow-up service
110 Identity Theft Insurance Usually provides … • Credit alerts • Credit freezing • Phone bills • Lost wage recovery ($ limitation) • Loan reapplication fees • Notary costs • Mailing costs • Pre-approved legal fees. • Continued Fraud monitoring for a year
111 Identity Theft Insurance • At California’s Second Annual Identity Theft Summit, CA Gov. Arnold Schwarzenegger said: “Identity theft is one of the fastest growing crimes in the country … It can happen to anybody … it doesn’t matter how big you are, how little you are, how famous you are, how unknown you are …” • On average, victims of ID theft spend an average of $1, 200 in out-of-pocket expenses and 175 hours reversing the damage caused by identity thieves.
112 Identity Theft Insurance • Some Homeowners Insurance companies cover identity theft as a part of their insurance policy, either as a separate policy or an endorsement, but the policy deductible may apply. • The Insurance Information Institute - average cost of adding this endorsement to your homeowners or renters insurance policy costs between $25 and $50 annually. ▫ Some companies offer it as a part of their insurance policy. • Is the insurance worth it? ▫ If the deductible is high, maybe not.
113 Identity Theft Insurance American Express offers coverage free of charge for cardholders and will even help you determine the steps you need to take to clean up the mess after your identity has been stolen. • Although identity theft insurance won't deter identity thieves, it can, in certain circumstances, minimize losses if an identity theft occurs. • As with any product or service, as you consider whether to buy, be sure you understand what you'd be getting. • As you evaluate insurance products and services, you may also consider checking out the insurer with your local Better Business Bureau, consumer protection agency and state Attorney General.
114 Protecting Personal Information – a Guide for Business … is a useful guide available at: www. ftc. gov/infosecurity
115 How Businesses Can Protect Our Information • Designate Someone to coordinate an information security program. • Identify & Assess the risks to customer information in each relevant area of the company’s operation. • Design & Implement a safeguards program. • Select Service Providers that can maintain appropriate safeguards. • Evaluate & Adjust the program in light of relevant circumstances.
116 How Businesses Can Protect Our Information For Employees - • Check References & do background checks before hiring employees who will have access to customer information. • Have employees Sign an Agreement to follow your company’s confidentiality & security standards for handling customer information. • Limit Access to customer information to employees who have a business reason to see it. • Control Access to sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis. • Lock Employee Computers using password-activated screen savers. • Develop Policies for appropriate use & protection of laptops, PDAs, cell phones, or other mobile devices.
117 Facts for Businesses • Facts for Business • Many companies collect personal information from their customers, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. • The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information.
118 Facts for Businesses • Facts for Business • But safeguarding customer information isn’t just the law. It also makes good business sense. When you show customers you care about the security of their personal information, you increase their confidence in your company. The Rule is available at www. ftc. gov/privacyinitiatives/safeguards_lr. ht ml.
119 How Businesses Can Protect Our Information • Lock Rooms & file cabinets where records are kept. • Keep Passwords secure. • Encrypt sensitive customer information when it is transmitted electronically via public networks. • Refer Calls or other requests for customer information to designated individuals who have been trained in how your company safeguards personal data.
120 How Businesses Can Protect Our Information • Report Suspicious Attempts to obtain customer information to designated personnel. • Regularly Remind all employees of your company’s policy — and the legal requirement — to keep customer information secure and confidential. • Develop Policies for employees who telecommute. • Imposing Disciplinary Measures for security policy violations. • Preventing Terminated Employees from accessing customer information by immediately deactivating their passwords & user names - taking other appropriate measures. Information Systems. • Store Sensitive Customer Information securely. Make sure only authorized employees have access.
121 How Businesses Can Protect Our Information • Ensure Storage Areas are protected against destruction or damage from physical hazards, like fire or floods. • Store Records in a room or cabinet that is locked when unattended. • Ensure The Computer with customer information is accessible only with a “strong” password & is kept in a physically-secure area. • Avoid Storing sensitive customer data on a computer with an Internet connection. • Maintain Secure Backup records and keep archived data secure by storing it off-line and in a physically-secure area.
122 How Businesses Can Protect Our Information • Maintain Careful Inventory of your company’s computers & any other equipment on which customer information may be stored. • Ensure Secure Transmission of customer information. • Encrypt Data if you must transmit sensitive data by email over the Internet.
123 How Businesses Can Protect Our Information • Dispose of Customer Information in a secure way & consistent with the FTC’s Disposal Rule, www. ftc. gov/os/2004/11/041118 disposalfrn. pdf. ▫ Consider hiring a records retention manager. ▫ Burn, pulverize, or shred papers containing customer information. ▫ Destroy or erase data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing customer information. ▫ Detect & Manage System Failures. ▫ Effective security management requires your company to deter, detect, and defend against security breaches.
124 How Businesses Can Protect Our Information • Monitor Websites of your software vendors & read relevant industry publications for news about emerging threats and available defenses. • Maintain Up-to-Date Programs & controls to prevent unauthorized access to customer information. • Check Software Vendors regularly to get & install patches that resolve software vulnerabilities. • Use Anti-Virus & anti-spyware software that updates automatically. • Ensure Ports not used for your business are closed.
125 How Businesses Can Protect Our Information • Maintain Up-to-Date Firewalls, particularly if you use a broadband Internet connection or allow employees to connect to your network from home or other off-site locations. • Pass Along Information & instructions to employees regarding any new security risks or possible breaches. • Use Appropriate Oversight or audit procedures to detect the improper disclosure or theft of customer information. • Keep Logs of activity on your network & monitor them for signs of unauthorized access to customer information. • Use an Up-to-Date Intrusion Detection system to alert you of attacks. • Monitor In- and Out-Bound Transfers of information for indications of a compromise.
126 How Businesses Can Protect Our Information • Insert Dummy Account into each of your customer lists & monitor the account to detect any unauthorized contacts or charges. • Take Steps to preserve the security, confidentiality, & integrity of customer information in the event of a breach. • Take Immediate Action to secure any information that has or may have been compromised. • Preserve & Review files or programs that may reveal how the breach occurred.
127 How Businesses Can Protect Our Information • Bring in Security Professionals to help assess the breach as soon as possible. • Notify Consumers if their personal information is subject to a breach that poses a significant risk of identity theft or related harm; • Notify Law Enforcement if the breach may involve criminal activity or there is evidence that the breach has resulted in identity theft or related harm. • Notify Credit Bureaus & other businesses that may be affected by the breach. ▫ See Information Compromise and the Risk of Identity Theft: Guidance for Your Business at www. ftc. gov/bcp/edu/pubs/business/idtheft/bus 59. htm; and • Check Applicable State Law to see if breach notification is required.
128 WHERE CAN YOU LEARN MORE? 1. Coalition Against Insurance Fraud … www. insurancefraud. org 2. “Combating Medical Identity Theft” by Maria Houghton, Melrose www. saukherald. com 2 -24 -09 3. “Identity Theft Costs a Record $56. 6 billion”. Identity Theft Daily Staff – 2 -24 -09 4. LA Times article “Supreme Court Questions Use of ID Theft Law Against Illegal Workers” written 2 -26 -09 by David G. Savage. 5. FTC ID Theft Website … http: //ftc. gov/bcp/edu/microsites/idtheft/ 6. NAIC Website on ID Theft Insurance … www. naic. org
129 Helpful Tools: • • FBI Internet Fraud Complaint Center http: //www. ifccfbi. gov Against Junk Mail … 888 -567 -8688 or www. optoutprescreen. com. U. S. Postal Inspection Service (USPIS) - www. usps. gov/websites/depart/inspect. Against Unsolicited Phone Calls … FTC at 888 -3821222 or www. donotcall. gov
130 Helpful Tools: • • Free Spyware download … “Ad-Aware” Free Credit History … www. annualcreditreport. com … 877 -322 -8228, or Annual Credit Report Request Service, P. O. Box 105281, Atlanta, GA 30348 -5281. ▫ Trans. Union: 1 -800 -680 -7289; www. transunion. com; Fraud Victim Assistance Division, P. O. Box 6790, Fullerton, CA 92834 -6790 ▫ Equifax: 1 -800 -525 -6285; www. equifax. com; P. O. Box 740241, Atlanta, GA 30374 -0241 ▫ Experian: 1 -888 -EXPERIAN (397 -3742); www. experian. com P. O. Box 9532, Allen, TX 75013
131 Helpful Tools: • • • FTC for Reporting ID Theft Fraud … 1 -877 IDTHEFT(438 -4338) … or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Put mail on hold for vacation … U. S. Postal Service at 1 -800 -275 -8777 or online at www. usps. gov. Guard against Internet fraud … www. onguardonline. gov.
132 Helpful Tools: • • Find your State Attorney General’s office … www. naag. org If checks are stolen, contact: ▫ Tele. Check at www. telecheck. com or 1 -800 -7109898 or 1 -800 -927 -0188 or Certegy, Inc (previously Equifax Check Systems) at www. certigy. com or 1 -800 -437 -5120. U. S. Dept. Of Justice http: //www. usdoj. gov/criminal/fraud/idtheft. html Privacy Rights Clearinghouse (PRC) 619 -2983396 www. privacyrights. org
133 Helpful Tools: • • • To find out if the ID thief has been passing bad checks in your name, call: SCAN at 1 -800 -262 -7771. If you have trouble opening a new checking account … contact consumer reports specifically related to checking accounts: www. chexhelp. com or 1 -800 -428 -9623; Chex Systems, Inc. Attn: Consumer Relations, 7805 Hudson Rd. , Suite 100, Woodbury, MO 55125. Bankruptcy Fraud - contact … www. usdoj. gov/ust. Investment Fraud - contact … www. sec. gov/complaint. shtml%20 or%20202 -942 -7040 or write to: SEC Office of Investor Education & Assistance, 450 Fifth St. , NW, Washington, DC 20549 -0213. Medical Identity Theft - www. hhs. gov/ocr/hipaa.
134 Helpful Tools: • • • Cellular phones & long distance fraud - email questions to [email protected] gov or report fraud to www. fcc. gov, 1 -888 -CALLFCC or write: Federal Communications Commission, Consumer Information Bureau, 445 12 th St. , SW, Room 5 A 863, Washington, DC 20554. Passport Fraud - U. S. Department of State (USDS) www. travel. state. gov/passport_1738. html. Social Security Number Misuse - www. socialsecurity. gov/oig, or 800 -269 -0271 or write: SSA Fraud Hotline, P. O. Box 17768, Baltimore, MD 21235. Tax Fraud help - IRS at 800 -829 -0433 or www. irs. gov IRS Identity Protection Specialized Unit at 800 -908 -4490. Also the IRS Taxpayer Advocate at www. irs. gov/advocate/ or 877 -777 -4778.
Thank you! 135 • At this time, you may enter the Class. Marker website at http: //www. classmarker. com/online-test/start/? quiz=bkg 519 f 7 ee 3 b 11 b 3 • • • For password type: ces 2010 Click on Enter. Provide the details requested on the following page. Click on “Start Test”. There is no time limit, however if you leave the test for some time, it may require you to begin again. It will show you (and I as the provider) your test results. Upon completion of the test, call me at 913 -980 -2348, and I will have you fax your signed affidavit to me. My FAX number is 816 -987 -0461. Upon receipt, I will fax your certificate to you and file the results with the Insurance Department!