Truston Identity Theft Blog
May 21, 2012 by Tom Fragala
We are proud to announce that Truston now reaches over 1,000,000 subscribers through our customers. These clients include hundreds of banks, credit unions & direct marketers including American Express, BBVA/Compass, Fifth Third Bank, Pentagon FCU & Affinion.
May 7, 2012 by Tom Fragala
The threat landscape on the Web is becoming more perilous. Security software maker Symantec, in its annual "Internet Security Threat Report" released April 30 found that even as the number of vulnerabilities in 2011 fell by 20 percent over the previous year, the number of malicious attacks grew 81 percent.
The trend is similar to what Hewlett-Packard saw. In its "Top Cyber-Security Risks Report," announced April 19, HP officials also found that the number of vulnerabilities last year fell by 20 percent, but that the risks involved in those vulnerabilities grew. HP also found that the number of cyber-attacks more than doubled in the second half of 2011. And small and midsized businesses (SMBs) are in the thick of it. More than half of the targeted attacks seen in 2011 were aimed at organizations with fewer than 2,500 employees, and almost 18 percent targeted companies with fewer than 250 employees. The Internet has been a boon for SMBs, making it easier than ever before to do business. But it also raises the threats to smaller companies and their IT departments.
The biggest risk is seeing their intellectual property, customers’ information or financial transaction data fall into the wrong hands. SMBs need to protect themselves, and Symantec has some ideas how.
May 7, 2012 by Tom Fragala
May 3, 2012 by Tom Fragala
Hackers stole 187 million personal identities last year, with the average yield per data breach amounting to 1.1 million identities, Symantec said. Identity theft gleaned from lost or stolen PCs or mobile devices exposed 18.5 million identities in 2011.
Malicious cyber-attacks increased 81 percent during 2011 in comparison with the prior year, and criminals devoted less attention to spam and other well-known methods of exploiting security holes in preference for specifically targeted attacks, according to a new report from Symantec.
The number of targeted attacks using social engineering and customized malware to gain unauthorized access to sensitive information grew from 77 per day to 82 per day by the end of 2011, Symantec said. Furthermore, hackers began targeting companies and government organizations of all sizes.
May 3, 2012 by Tom Fragala
In Texas, increasing incidents of corporate account takeover, often perpetrated by phishing schemes used to commit ACH and wire fraud, have raised concern.
"Crime is changing so rapidly, with technology advancements and globalization," says FBI Special Agent Steve Dillon, who works in the Houston division. "There's a blurring between the types of crime we see going on, and that's why collaboration is so important. We are very interested in further collaboration with other entities."
Four Anti-Fraud Tips
Among the recommendations offered during the seminar, SWACHA and the FBI highlight four steps every institution should make priorities...
Sep 8, 2011 by Tom Fragala
A new California law, Senate Bill 24, introduced by Sen. Joe Simitian, D-Palo Alto, requires organizations experiencing a data breach provide more detailed information to those affected. The law, which affects notification of breaches involving financial, healthcare and other personal information, goes into effect Jan. 1, 2012.
This new law updates AB 700, or SB 1386, adopted in 2003, which requires organizations to notify individuals after a breach of personal information. The landmark law - one of the first state breach notification laws in the nation - didn't indicate what information needed to be included in the notification. But it required breaches to be reported to individuals affected "in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement ... or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system."
The new law requires organizations that experience a breach to provide more detailed information to breach victims. The law requires that breach notifications:
+ Be written in plain language;
+ Include the name and contact information of the agency breached;
+ Provide a list of the personal information reasonably believed to have been subject to the breach;
+ Spell out the date of the breach, the estimated date of the breach or the date range within which the breach occurred;
+ Specify whether the notification was delayed as a result of a law enforcement investigation;
+ Offer a general description of the breach incident;
+ Provide toll-free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a Social Security number or a driver's license or California identification card number;
+ Include information about what the organization has done to protect individuals whose information was breached;
+ Outline steps individuals may take to protect himself or herself.
Aug 22, 2011 by Tom Fragala
As I'm sure our readers are aware, Truston hasn't been in the direct to consumer (B2C) space for years, as our plan all along was to be a "back end" white label identity theft provider (B2B).
So it is interesting for us to watch the goings on in the the consumer ID theft protection area. Of course, a large portion of this market is banks and credit unions that offer their own branded services. All of those financial institutions, however, use a third-party provider to deliver a private label solution; they don't build it themselves. The biggest players in this arena are CSIDentity, Affinion, Intersections and the three credit reporting companies. Truston offers it's technology through some of these companies, who in turn sell it to banks and credit unions. Our proprietary myTruston product is in use at over 250 banks and credit unions, including American Express, FifthThird Bank and Pentagon FCU.
Some of the B2C companies are looking for a more stable revenue stream by moving into the B2B market and offering ID theft services for (1) data breaches and (2) employee benefits.
We've also seen pure white-label companies like Intersections, grab a significant portion of the B2C space with their Identity Guard product. So two of the largest companies have both reached in opposite directions to grow revenue. It's a potentially lucrative strategy, although not without risk. It can be challenging to straddle two very different sectors and B2C customers might be unhappy with their provider being a competitor (aka channel conflict.)
May 26, 2011 by Tom Fragala
The far-reaching fraud serves as a cautionary tale for all consumers who entrust virtually their entire financial lives to major companies.
A BofA employee apparently leaked confidential information about his and hundreds of other customers' accounts to scammers, resulting in more than $10 million in losses.
According to the Secret Service, 95 suspects have been arrested so far in connection with the case, which is only now coming to light as BofA finally informs customers that their accounts were compromised.
Read more at LA Times
May 16, 2011 by Tom Fragala
We've been saying this for years.
For the roughly 185 million U.S. consumers with debit cards, the recent security breach at arts-and-crafts retailer Michaels Stores offers yet another cause for concern. The reports allege that the thieves did more than simply steal debit-card information from stores in 20 states they used it to take money from customers' bank accounts.
This isn't the first time debit-card information has been stolen, but these kinds of crimes are becoming more common and more serious. The Michaels thefts follow a similar case last summer at Aldi Inc. grocery stores that reportedly led to customer reports of debit-card fraud. Year-to-date, debit and credit cards make up 20% of all consumer data breaches, up from 11% during the same period last year, according to the Identity Theft Resource Center. Debit-card fraud losses incurred by banks hit a record $788 million in 2008, according to the latest estimates from the American Bankers Association, due mostly to stolen and counterfeit debit cards. "This is going to get worse you're going to see more bad guys out there looking for debit card information," says Jay Foley, executive director at the ITRC.
May 12, 2011 by Tom Fragala
The White House today unveiled a cyber-security proposal that it hopes Congress will use as a framework for legislation.
Among other things, the plan includes national data breach reporting, increased penalties for computer crimes, rules that would allow the private sector to commiserate with the Department of Homeland Security on cyber-security issues, and cyber-security audits for critical infrastructure providers.
More from PC Magazine
Mar 10, 2011 by Tom Fragala
A new web site has been launched by the U.S. Postal Service. Loaded with free videos, it's goal is to help people protect themselves against identify theft and especially con artists and criminal scams. It features information on identity theft, work-at-home scams, Internet fraud, foreign lottery schemes.
Visit the U.S. Postal Inspector site here.
Mar 3, 2011 by Tom Fragala
Cord Blood Registry (CBR) suffered a data breach in December 2010 of apparently all its customer data including SSN, credit card and driver's licenses--effecting over 300,000 people. Customers were informed of the breach on February 14 2011.
Jan 21, 2011 by Tom Fragala
According to the California Credit law blog:
Experian has announced it will be reporting "positive" rental data from its RentBureau® division into the traditional credit files. Experian states this will help the 50 million underbanked consumers, such as college students and recent immigrants, to build credit with on-time rental payments. Query what happens when someone falls behind in their rent. Will that be a ding on their credit?
Jan 11, 2011 by Tom Fragala
This story shows how twisted ID theft can become:
Mario Miramontes figured during the traffic stop that he could conceal his arrest warrant by giving the police officer the name of his cousin – a 25-year-old husband and father who he believed had no scrapes with the law. After all, he had used the name before when in a legal bind.
But Miramontes' plan backfired badly when it turned out the cousin also had a warrant – on charges that he had fondled an underage relative. Still, Miramontes, 22, of Dallas, felt that the error would be discovered when his fingerprints were run at the jail. His parole violation would result in some time behind bars and then he would be released.
It didn't happen that way. Instead, Miramontes spent 13 months in the Dallas County Jail without access to a lawyer or court hearing for almost the entire time before the mistake was discovered. He is now suing the county, Sheriff Lupe Valdez and District Attorney Craig Watkins for ignoring his repeated pleas for help after the 2007 arrest.
More from Dallas Morning News
Mar 29, 2010 by Tom Fragala
The FTC recently testified before Congress and stated that starting July 1st, consumers will have a right to dispute credit reports directly with the creditor, also called a "furnisher" because they furnish the data to the credit reporting companies. Two examples of a creditor are a credit card company or mortgage lender.
In the past, the FTC only required consumer credit reporting companies (Experian, Equifax and TransUnion) to handle credit report disputes (they would in turn communicate with the furnisher directly).
This is a substantial change, at least on paper, to one of the biggest areas of consumer credit problems and identity theft. How it will work in practice, and whether it will improve things for consumers, remains to be seen.
Furnisher Rules: These rules call on companies that furnish information to consumer reporting agencies to improve the accuracy of information they provide. They also give consumers the right to dispute errors in their credit reports directly with the furnishers of the information, in addition to disputing errors with consumer reporting agencies. The rules take effect July 1, 2010.