Identity Theft Blog by Truston
A new shredder to prevent data breaches
Sep 11, 2008 by Tom Fragala
CSO magazine has an article and very cool video about a company that literally shreds hard drives, like you would shred paper (although the shredder is just a bit more beefy).
The heart of Corporate Destruction Solutions is a blue beast of a machine that sits on the back of a small white truck James drives from one customer to the next.
After recording the hard drive serial number, he drops the small metal slabs into a slot atop the machine, and from a TV monitor he can watch the drives falling between steel grinders. Sparks erupt from the hard drives as they're torn to pieces. At the end of the process, all one can see on the monitor is smoke and tiny fragments of metal. The machine spits the remains into a bucket, and the shrapnel is then sent off for recycling
Video. Watch for the sparks and smoke.
Delinquent debt on your credit report
Aug 29, 2008 by Tom Fragala
How long do delinquent debts remain on credit reports in the U.S.? Seven years. How long do Chapter 7 bankruptcies remain on credit reports? Ten years.
Does paying off a delinquent account require the derogatory marks to be removed from your credit report? No. If the debt is in collection, it's may be possible to negotiate with the debt collection company to have black marks removed. I'd recommend negotiating for that up front, as part of your deal to close out the debt. It's doubtful that the original creditor would ever listen to your request if they already sold your debt to the collector. If debt is not in collection, then negotiate with your creditor to have the derogatory data removed as part of your payment deal. In all cases, I'd expect it will be quite difficult to accomplish, however.
Will delinquent debt reduce your credit score? Yes, it will definitely cut your credit score. 35% of your credit score is computed using your "payment history" which includes amount of delinquent debt, length of time past due or in collection, number of items delinquent, and how recent.
Truston Receives 2008 Shaping Info Security Award
Aug 21, 2008 by Tom Fragala
We announced today that the Info Security Products Guide has honored us with the Shaping Info Security 2008 award. This prestigious industry award recognizes individuals from around the world that have made the most positive impact on the security market.
Read the press release and the ISPG award page.
Article on identity theft points to Truston
Aug 11, 2008 by Tom Fragala
An article about identity theft in the South Florida Sun-Sentinel lists myTruston as one of the ID theft protection products worth checking out.
3 problems with debit cards vs. credit cards
Jul 27, 2008 by Tom Fragala
Using a debit card for purchases has some inherent problems, so you should at least be aware of them. (When we talk about debit cards here we mean check cards or ATM cards with a credit card network logo on them like Mastercard or Visa.) You may want to avoid using them for purchases or having one at all. The underlying reason is that buying something on your debit card pulls money right from your checking or savings account. This can lead to these problems.
1. Card blocking. Some retailers, including gas stations, hotels and rental car companies, will block a card in advance of the transaction clearing. Some will block using a default value for every purchase. If you buy $10 worth of gas, your checking account might have $75 blocked. Several days may pass until it is unblocked. So if your balance is low, you might end up bouncing checks or causing costly overdrafts--and you'd have no idea why.
2. Fraud results in no fund access. When your debit card is used fraudulently, it's your money that has been pulled, not your card issuer's. With credit card fraud, the criminals are playing with the card issuer's money. Your maximum liability for credit card fraud is only $50 by Federal law—this is governed by the Fair Credit Billing Act. Debit cards are governed under a different federal law: the Electronic Funds Transfer Act (Reg E). If you don't report debit card fraud within 2 days, your liability could be $500.If not reported within 60 days it could be as high as 100% of the fraud! To make matters worse, no matter what the situation, if you're fighting to recover from debit card fraud, the bank is holding your funds in the meantime. That's your money--and your bank balance is that much lower. You might be bouncing checks all over the place or be unable to pay bills on time, when you did nothing wrong.*
3. Fees. Banks earn substantial fees on debit card transactions. Some consumer advocates are up in arms about this. Apparently, when you use your debit card with a PIN, some banks charge you a special point of sale fee. And when you use it as a credit card, they charge merchants a lot--even though there's much lower risk than credit cards.
Some experts like Javelin argue that survey data shows that debit cards are not riskier than credit cards. That may be true, but point #2 goes beyond analyzing pure fraud data--even if you get your money back eventually, you can still get hosed. Regardless, you should be aware of these risks and make your own decision.
If you are seriously concerned about debit cards, then you have the choice of having an ATM-only card (but I've heard of some banks charging you a fee to make it ATM only!). When opening an account, ask for an ATM card only with no credit card logos.
* Note: Both Mastercard and Visa have a zero-dollar fraud liability policy and they do apply that voluntarily to debit cards with their logo. But the criminals still are using your money, not the bank's.
5 Steps To (NOT) Take If Your Identity Is Stolen
Jul 19, 2008 by Tom Fragala
The other day, the Consumerist blog published a piece entitled 5 Steps To Take If Your Identity Is Stolen. Unfortunately, three of the steps are misleading and I felt should be addressed because they are common myths. I submitted a comment there but it seemingly was rejected and never appeared, so I am posting my thoughts here.
First and foremost, to attempt to create a 5 step list for all identity theft will never, ever work. Because the correct procedures for recovering from existing credit card fraud, or new credit card fraud, or ATM/debit card fraud, or other types of fraud are all very different. I'll address the specific steps in the blog post that are inappropriate here. The real world example they used for the 5 steps was a woman who had a credit card stolen with unauthorized charges.
Step 1: Place a fraud alert on your credit files and monitor your credit reports regularly.
In the example they used, credit card fraud on an existing account, placing a fraud alert is not a best practice--it simply is irrelevant when dealing with account takeover. If someone steals your credit card, then they can't open a new credit account in your name, so a fraud alert won't help. Now, setting fraud alert doesn't necessarily hurt, but it is useless in this situation--and may give a false sense of security (fraud alerts might only be useful in the case of new credit account fraud).
Step 3: File a complaint with the Federal Trade Commission (FTC) .
Sorry, this is a waste of time and certainly never a priority. I see this suggestion on so many lists, I think because the writers just lift their ideas from other lists and perpetuate the myth this is helpful to a victim. The FTC does not investigate identity theft, and has no jurisdiction or budget to do so (and never has). The FTC simply uses the data you provide to compile an annual report (the 2006 report was issued in November 2007). So feel free to be a good citizen and report it, but to imply it is an essential step for victims is wrong.
Step 4: Contact your local police or the police in that community where the identity theft took place and lodge a complaint.
Look, it doesn't hurt to get a police report but this is a time consuming, inconvenient step and usually not necessary for existing credit card fraud (again, this was the example they used). If you contact your credit card company in a timely way, dispute the fraud and they agree to wipe off the charges, then there is no need to get a police report. Why waste someone's time with that when it is pointless?
I do appreciate that they made an honest attempt to help people. I just would hate for people to read the steps and be misled or think they are performing best practices.
Vote for Truston's Identity Theft Service
Jul 8, 2008 by Tom Fragala
Truston's myTruston identity theft service has been nominated for a 2008 Best Products & Services Award. The awards will be given after compiling votes from the public (that's you!). Voting begins July 8 and ends July 22.
So please vote for us today, by clicking the button (or this URL).
After clicking the button, you will be taken to a voting page. Where it says "Select a Vendor" please click the list and scroll down to "Truston". Wait a moment and then click "Select a Product" (there is only one), "Select a Category" (again, just one), and "Select a Region" (worldwide is only option). Then fill in a few personal details. We have been assured that your personal information will not be sold or shared.
Thank you for voting!
New CA Law Expands ID Theft Protections
Jul 3, 2008 by Tom Fragala
Gov. Arnold Schwarzenegger signed new California identity theft legislation on July 2nd. The compact legislation, SB 612, amends Section 786 of the Penal Code. It was backed by the Privacy Rights Clearinghouse and California District Attorneys Association. According to the Consumer Federation of California it will:
...expand these provisions to include unauthorized retention and transfer of personal identifying information. It would also add the county in which the victim resided at the time the offense was committed to the jurisdictions in which a criminal action may be brought for commission of these crimes.
See the full text of the law here, and its history here.
Privacy-friendly Search Engines
Jun 30, 2008 by Tom Fragala
Most of the leading search engines like Google, MSN, and Yahoo keep your search data for a long time; Google 18 months and Yahoo 13 months. There is an alternative for the privacy-conscious called Ixquick, which is based in Holland. It actually pulls search results from the other major search engines, but deletes search queries after just 48 hours. Ask.com (formerly AskJeeves) has a privacy feature called AskEraser which will deleted your search activity from their system on demand.
Info from Privacy Rights Clearinghouse.
My Two Hours With Bill Gates
Jun 27, 2008 by Tom Fragala
This is a story of how I once spent two hours sitting with Bill Gates and his wife Melinda. Since Bill retired today as a full-time employee at Microsoft, I thought I would finally recount it here. It was not a Microsoft event. There were no PR people or other staff around. I simply had a unique opportunity to observe Bill and Melinda by themselves.
This took place around the time Microsoft's anti-trust problems were just erupting. In hindsight, what I observed that day has even more significance.
It was a splendid day in May 1998. I was in San Diego to attend the graduation of a friend from University of San Diego. The event took place outdoors. There were three sections of seats in front of a stage, a large one in the middle, and two smaller on either side. I was sitting in the smaller section stage right, in the second row. The first row was empty and had a small "VIP" sign on it.
Sitting in the sunshine waiting for the festivities to begin, I saw to my left a man and woman walking towards the front row. I immediately noticed the man was Bill Gates, CEO of Microsoft. Having been employed by Microsoft in Ireland a few years prior, and working in the tech space for years, I was pretty excited. Stepping towards their chairs, Bill sat down immediately in front of me. He was so close I could tap him on the shoulder without moving in my seat. It was just the two of them, no one else sat in the VIP row with them.
Prior to their arrival, I was frankly expecting the next couple of hours to be quite boring. But now I was delighted to have the chance to observe an industry titan, the world's richest man (or, close to it, in those days) and his wife. It felt like an exclusive opportunity--no one seemed to know he was there except me. I leaned over and whispered to someone near me "that's Bill Gates" but the blank stare told me he had no idea who it was. I looked around and no one else appeared to care either.
Bill was wearing a decent business suit, not flashy (Bill Gates ain't a flashy guy), and carrying a huge book. Melinda was resplendent wearing a flowery dress and one of those classic summer hats (think Pretty Woman at the polo match). When I saw her I thought "Hey, ole Bill did pretty well for himself!"
Something about Bill caught my eye--he had rather bad case of dandruff. Little white specks were all over his shoulders. Also, his glasses were a wreck. The plastic sheath that goes over the ears was hopelessly tattered. On both ears, plastic was hanging off in several long pieces. I couldn't help but think, "The guy's a billionaire and he doesn't have decent pair of glasses."
Immediately after sitting down, Bill opened the massive book and started reading. He read non-stop, barely moving, except perhaps to cross his legs, and never lifting his head. He didn't speak a single word the entire ceremony. He just stayed buried in that book. After maybe 15 minutes, I started to wonder what the hell this book was that would keep him so glued. I craned my neck to see the title to no avail. A few times I pretended to drop my program, so I could have a reason to peer up to see the book title. But damn! the book had no dust cover. The title was only on the spine, which I couldn't see. Leave it to Bill Gates to dispense with something as inefficient as a dust cover.
Ever since they had arrived, Bill hadn't moved. A half-hour passed, and then another, with Bill hunched over the tome. And I continued to fail in my quest to discover the title.
Meanwhile, Melinda was the perfect lady. Sitting upright, she paid rapt attention to the proceedings, always politely clapping at the right time. She seemed genuinely interested in what was being said. She was as classy as could be and had an air of intelligence (she was high school valedictorian and has an MBA from Duke). I bet that afterwards she could have given a detailed, enthusiastic summary of the entire graduation.
Bill continued his reading undisturbed for maybe 90 minutes, then something uproarious happened. It was while diplomas were being handed out. Streams of students had lined their way up to the stage. I noticed that one of the students returning from the stage changed his course and came walking towards us. Clearly this was the guy the Gates were here for. Melinda rose to greet the young man. Melinda fired a glance at Bill but he remained engrossed in his book. Realizing he wasn't moving, she bent down, cocked her arm and gave Bill an almighty whack in the ribs. Bill leaped up, dazed and startled, and while I laughed out loud, he and Melinda shook the student's hands.
Before jumping up, Bill had put the book down on the ground. It was leaning against his chair leg. Seeing my chance, I quickly bent down and observed the title:
TITAN: THE LIFE OF JOHN D. ROCKEFELLER, SR, by Ron Chernow.
Although I did find it somewhat ironic, at the time, that he was reading about Rockefeller, I didn’t realize until much later how remarkable it was that he was reading that book at that time. Rockefeller founded Standard Oil and became the world's richest man--just like Bill. And Standard Oil was convicted in Federal Court of being an illegal monopoly--just like Microsoft*. In fact, the case against Microsoft by the U.S. began in May 1998. So here we had the founder and CEO of Microsoft reading a book about the founder and CEO of Standard Oil, just a few months before his deposition to the Justice Department in August 1998.
And read this excerpt from a New York Times book review published in, get this, May 1998:
''Titan'' has an eerie timeliness. Today's Standard Oil, Microsoft, is under investigation by the Justice Department for its alleged monopolistic practices in the software industry. One strategy the company has pursued, as detailed in The New Republic, amounts to emulation by Bill Gates of Rockefeller's unparalleled instrument of competitive cruelty: ''Microsoft,'' the journalist David Shenk writes, ''was able to establish MS-DOS and subsequently Windows as the standard PC operating system by exacting a royalty for every PC sold regardless of whether its operating system was installed.'' In words echoing those of the Cleveland refiner crushed by Standard Oil, Andrew Shapiro, a fellow at the Harvard Law School's Center for Internet and Society, told Shenk, ''The basic model in the industry today is to be bought by Microsoft or to go out of business.'' The 20th century is ending as the the 19th century did, with the representative corporation of the age seeking to escape the untamable risks of competitive capitalism.
"Eerie timeliness"? I'll say.
Now, what did I take away from my two hours? Well, in some ways, Bill Gates was certainly still a geek. It was clear he has an incredible ability to deeply focus. Of course, there was the serendipity of him reading a book about Rockefeller at that time. But my final, and most profound, take away is that William H. Gates III, billionaire and CEO of the world's largest software company had, indeed, married "up." Good for him. •
* The conviction was overturned on appeal and Microsoft later settled the case with the DOJ.
Tom Fragala is the CEO and founder of Truston. Truston is dedicated to protecting people from identity theft and improving their credit without requiring their personal information. The company has a white-label partner-ready online platform for membership marketing companies, identity theft service providers, banks, and credit card companies. Truston's consumer direct service was awarded 4 stars from PC Magazine in 2007 and its Software-as-a-Service platform won a 2008 Product Innovation Award from Network Products Guide. Truston also received a 2008 Hot Company award, was named one of the 2008 10 Companies to Watch by the Pacific Coast Business Times and identified as an industry leader by Javelin Strategy & Research in their December 2007 identity theft market report.
Filed under: Truston
Tags: bill gates, identity theft, microsoft, mytruston, retire, retirement, truston
HR Outsourcer Colt Has Data Stolen, Leaves Victims Cold
Jun 24, 2008 by Tom Fragala
According to PC World, a human resources outsourcing firm called Colt Express Outsourcing, suffered a data breach when thieves stole a number of computers from their offices. Incredibly, Colt did not have an alarm security system (they installed one four days after the theft).
Because Colt handles health benefits, the data stolen was highly sensitive--names, addresses, SSN's, birth dates, and employment information. The mother load. There were a number of employers effected by the theft, including CNET Networks.
Not only was there no alarm system, it appears that victims are being offered no ID theft protection services by Colt Express. In fact, it seems the company is simply shutting down. I suppose the employers themselves are left to decide if they should provide ID theft restoration help to those effected. According to PC World,
Four days after the break-in, Colt Express installed an alarm system, and the company is "looking into what additional steps may be taken to provide enhanced security," Colt wrote in his letter.
Customers looking for free credit-monitoring services from Colt Express should not get their hopes up, however...Colt is now in the process of going out of business.
Strangely, HR outsourcing giant Ceridian announced it had planned to acquire Colt in February 2008. It must be that the acquisition never happened. If it did happen, why isn't Ceridian stepping forward to help? The Colt web site is down, with just the cryptic statement "home page will be reconstructed - June 2008".
I found more from PogoWasRight. An excerpt of the notification letter sent from Colt Express CEO Samuel G. Colt III to CNET Networks:
By this letter and enclosures, we are providing you with all of the information we believe you need, and that we are able to give you. We do not have the resources, financial and otherwise, to assist you further. Towards the end of last year, our customer base was reduced to an unsustainable level. colt has been in the process of going out of business, while at the same time providing time for remaining customers to find alternative solutions. Those decisions are now final.
So it seems this is the deal: Colt, after their own computers were stolen from an office with no security system, is going out of business, leaving customers and thousands of victims with no resources to assist with identity theft protection.
Truston Wins 2008 Product Innovation Award
Jun 17, 2008 by Tom Fragala
I am pleased to announce that Truston received a 2008 Product Innovation Award from Network Products Guide for our myTruston Software-as-a-Service (SaaS) platform.
The Network Products Guide said, in giving the award,
“Truston's innovative SaaS platform offers an organized approach to getting a stolen identity back and keeping it safe.
myTruston is the only ID theft product that does not require sensitive data, is the only SaaS product in the space, supports virtually all fraud types, has unlimited content extensibility, is built on a patent-pending task management engine and allows for seamless integration with partner's web sites.”
Other recognition we have received includes 4 Stars from PC Magazine, a 2008 Hot Company award, being named one of the 2008 10 Companies to Watch by the Pacific Coast Business Times and identified as an industry leader by Javelin Strategy & Research. See all our awards.
Read the press release.
Alaska Law Loaded with Identity Theft Protections
Jun 13, 2008 by Tom Fragala
Alaska has a new identity theft law with protections including privacy of SSN's, credit freezes and data breach disclosures.
Alaska’s HB 65 restricts the request, collection, sale, and sharing of Social Security numbers by both private parties and government agencies. The new law contains limited exceptions for specific purposes such as for insurance, medical services, fraud prevention, law enforcement, or when the use of Social Security numbers is required by law.
HB 65 also gives consumers the right to freeze or lock access to their credit files against anyone trying to open up a new account for credit or services in their name.
Alaska’s new law, which passed with bipartisan support, contains other protections aimed at reducing identity theft, including a requirement that businesses notify consumers of data security breaches, a new court procedure to enable victims of identity theft to remove criminal charges from their records that stem from the conduct of the identify thief, and rules for how sensitive information must be treated when it is discarded.
Read more at ConsumersUnion.
Protect your vehicle from identity thieves
Jun 7, 2008 by Tom Fragala
Your automobile is a target of thieves--that is obvious. Of course, thieves will steal the car itself or valuable items inside, like your cell phone or iPod. That is bad enough. But the information inside your car--not just the car or the items themselves--can be of great value to identity thieves.
Your wallet or purse has everything from credit cards to insurance cards. You may have a laptop, PDA or sensitive papers like a checkbook or financial statement--these are treasure troves of sensitive data. But even if your car is free of all these things, think about what is in your glove compartment. Your insurance card and the car's ownership papers/title can also prove valuable. These have your insurance company, policy number, name, home address and more. Armed with that information a motivated thief could pull mail from your mailbox to build a larger personal profile or get auto insurance in your name.
A friend of mine parked his car in a driveway obscured by hedges and plants, on a quiet, safe street in a relatively low-crime town. He left his wallet and bag in the car, and sure enough, they were stolen that very evening. You never can be sure when a thief is sniffing around so don't take any chances.
Take away: always lock your vehicle, even if you are parked in a "safe" location or leaving for just a minute. And leave nothing of any value visible in your car.
Can you opt-out from credit reporting?
May 30, 2008 by Tom Fragala
Have you ever thought about this: Is it possible to opt-out from having your personal data sent to, and compiled by, the consumer reporting companies (including the "credit bureaus")?
No. There is no law that provides you an opportunity to opt-out of information reporting or sharing with consumer reporting agencies. This includes Experian, TransUnion, Equifax, Choicepoint or other consumer credit or specialty reporting agencies.
What about a credit or security freeze? That is not an opt-out. Creditors, banks and insurance companies with an allowable purpose are still able to share information with credit bureaus and information gatherers. A freeze, in states where it's available, does prevent many (but not all) entities from pulling your credit report.