Tag Archives: cardholder

Identity Theft Services Explained

As thieves discover more and more ways to steal personal information, it is critical that people use identity theft protection services that involve a wide security sweep of all personal identifiable information and high-risk activity. The marketplace for identity theft protection now includes all kinds of monitoring services and features. Make the best choice by understanding each feature available, how they differ from each other and their capacity for sustaining protection.

Credit Monitoring

Credit monitoring is the process of reviewing a consumer’s credit activity with the credit bureau. It monitors the activity and changes to a credit report, including inquiries made by a creditor to request a copy of a report. Monitoring provides an alert system for potential fraudulent activity or accounts being established. Credit monitoring provides an alert system to activity affecting your credit report and credit score. Monitoring enables you to stay on top of fraudulent activity so that you can address the inaccuracies immediately. It also reduces the financial impact that identity theft can cause, by reporting the fraud earlier and reducing potential out-of-pocket losses.

Identity Monitoring

Identity monitoring looks at more than just credit information; it encompasses all personal identifiable information: name, birth date, address, email, phone number, Social Security number, etc. This could include monitoring the Internet, national databases, credit files, public records and more. If thieves have your personal identifiable information, it’s the perfect cover for their crimes because everything will point to you, not them. Even kids can become victims of identity theft: Each year, more than 140,000 identity theft cases involve children.

Social Security Number Monitoring

It’s exactly how it sounds – protection for one of the most important pieces of information that a person has. This type involves monitoring hundreds of millions of records for unauthorized use of a Social Security number (SSN). 70% of people are worried about the safety of their SSN. Monitoring an SSN is particularly important for children because thieves have plenty of time to use the child’s information for their own gain before the child finds out by applying for an account or a line of credit and is denied because of the thieves’ damage.

Data Sweeps

Unlike previous monitoring services that focus on particular data or activities, data sweeps encompass a plethora of touch points and personal information. Data sweeps monitor the Internet for instances of criminals using stolen phone numbers, addresses, birth dates and more. How many data points are included and how often the data sweeps occur vary from plan to plan. Data sweeps cover the information that consumers are worried about, like mailing addresses (50%) and phone numbers (60%). It can also help a person feel more secure about online presence because data sweeps can lead to removing exposed personal information on the web.

Credit Card Monitoring

The lending institutions that issue credit and debit cards will usually monitor transactions and notify cardholders of suspicious activity. Credit card monitoring, as offered through an identity monitoring service, will monitor the Internet for fraudulent activity involving credit card and debit account numbers, PIN numbers and other personal information in Internet hacker chat rooms and the dark web. Credit card monitoring looks at activity outside of the credit report and outside of activity monitored by the cardholder’s bank or issuing institution. As a result, it can detect fraud that may or may not make it to a credit report or be captured by the bank.

Recovery Assistance

Most services will not only keep you informed but help you resolve any suspicious activity. Features could include assistance from a credentialed professional. Some assistance features may only provide victims with next steps or resources, while others may actually take on some of the activities a victim must complete to rebuild his or her reputation. 47% of victims who spent 6-plus months fixing the issue(s) felt severe emotional distress vs. the 4% of victims who felt that way after resolving issues within 24 hours. Victims can limit the health and financial costs of recovery by using a protection plan that includes assistance from professionals who know how to get quick results.

Lost Purse or Wallet Assistance

Whether you misplace your wallet or it actually gets stolen, most identity theft protection services will help you contact the correct institutions and minimize the damage if a thief tries to use your stolen information. Despite the growing threat of malware and hacking, physical theft is still a problem, and 43% of physical theft happens at work.

Service Guarantee

Most companies have a service agreement that provides some sort of refund for customers if there’s a defect in the company’s service. New technological advances are made every day for security and thievery, so you need to make sure that a company will help you if its protection services can’t keep up with thieves’ new tricks.

Some identity theft protection services go above and beyond with the layers of security and assistance they offer, in addition to the commonly included products listed above. Some of those extra special features are:

Additional Databases

While most services monitor your personal identifiable information online or on credit reports, not all of them will monitor databases like criminal records and sex offender registries. Some companies charge extra for monitoring these additional databases. Thieves don’t just use your personal information to empty your bank account. Thieves will steal reputable citizens’ identities and use them as aliases when committing crimes.

Medical Fraud Assistance

Monitoring for medical fraud involves protecting insurance records from criminal use and assisting victims when a thief tampers with a victim’s medical history or racks up medical debt. The crime rate for medical identity theft increases by 32% each year, and more than $12.3 billion in out-of-pocket expenses were spent in the past year because of medical identity theft.

Tax Fraud Assistance

Products include giving victims an action plan and providing forms and contact information for working with the IRS. Services that actually do recovery work for victims must have certified tax specialists who are approved for working with the IRS on behalf of the victims. In 2014, the FTC’s 1.5 million fraud-related complaints revealed that consumers have paid a total of $1.7 billion because of fraud, and a third of those complaints were tax-related. Tax fraud could include IRS phishing schemes, phone scams and stealing taxpayers’ information to file phony tax returns and get their refunds.

Family Coverage

Protection plans may allow members to add family members to their plan; however, adding family members often comes with additional charges. When family members share accounts (e.g. bank, music, email), passwords, etc., everyone feels the consequences if one of them becomes a victim.

Other

Other pieces of your personal information that may or may not be included in the common types of monitoring: loan/lease information, driver’s license, computer security, bank account information, passports, etc. Thieves’ use of hacking, malware and social media have skyrocketed over the past few years. As fraudsters improve their tactics, they gain access to more and more information.

Each type of monitoring covers important information that could lead to serious damage if taken into the hands of a fraudster, and no one type covers everything. Likewise, each feature has importance, but they’re most effective when working together because they create sustainable, comprehensive coverage.

People need to make sure that their identity theft protection plan includes all the necessary data points with multiple types of monitoring, assistance and recovery features, so their information stays secure.

Social Security Numbers Are Dead

I am a senior citizen. While this distinction entitles me to a variety of perks like discounted movies and bus fare – as well as the occasional free doughnut (seriously) — it’s also a ticket to the identity theft lottery.

Turning 50 gets you an invitation to AARP, and turning 65 gets you a Medicare card. What’s this have to do with identity theft? Take a close look at a Medicare card. The identification number? It’s a combination of the cardholder’s Social Security number and one or two letters.

Health insurers no longer include Social Security numbers on the cards they issue to people. The concern was that using SSNs needlessly increased the risk of identity theft, which was, and continues to be, rising exponentially. When health insurers made the change, they stopped being co-conspirators in what has become a national epidemic.

According an article by reporter Robert Pear in the New York Times, private insurers under contract with Medicare are not permitted to use SSNs on insurance cards when providing medical or prescription drug benefits. But in a serious case of “Do as I say, not as I do,” Medicare has used Social Security numbers on more than 50 million benefit cards, heedless of the warnings of privacy advocates, consumer protection officials, federal auditors and investigators working on identity theft cases.

Section 501 of the Medicare Access and CHIP Reauthorization Act of 2015, a bipartisan provision written by Rep. Sam Johnson (R-TX) and Rep. Lloyd Doggett (D-TX), signed into law recently by President Obama, finally mandates the removal of Social Security numbers from our Medicare cards. (Well, let’s just say it begins the process — and, like all processes in Washington, let’s hope it actually gets done before my toddler is eligible for Medicare.) The new law is clear: Social Security numbers must not be “displayed, coded or embedded on the Medicare card.”

More than 4,500 of my fellow seniors enroll in Medicare every day. It is estimated that over the next 10 years, some 18 million more of us are projected to qualify, which will bring the total Medicare enrollment to 74 million by 2025.

What Lit the Fire?

After years of begging, cajoling and warning to no avail, what finally forced both parties in Washington to get off their butts and get it right?

Pear speculates that is wasn’t one thing but a set of circumstances starting with the nearly universal digitization of medical records and, of course, ending with a culture plagued by highly effective hackers. Consider that in just the first quarter of 2015 more than 91 million Social Security numbers were exposed to unauthorized persons in just two data compromises: Anthem and Premera.

What the new system will look like is still anyone’s guess. Here’s what we know, according to the New York Times article: SSNs will be replaced by a “randomly generated Medicare beneficiary identifier.” Additionally, Medicare officials have eight years to get the new system completely up and running—four years to issue cards to new beneficiaries and four more years to reissue cards to existing beneficiaries. It was unclear whether those two four-year items were to happen simultaneously, but since we’re talking about a government timeline there is an argument for erring on the side of forever.

Like all major government initiatives, this will be no small feat. But it is a critical one if we are to stop hearing the pitter-patter of scammer feet tap dancing on the finances of senior citizens.

Why did it take so long? Why does the IRS still require SSNs? Because we’re talking about the government.

The record speaks for itself:

  • 2004 – The Government Accountability Office warns we must reduce our dependence on Social Security numbers as individual identifiers.
  • 2007 – The White House Office of Management and Budget directs federal agencies to “eliminate the unnecessary collection and use of Social Security numbers” within two years.
  • 2008 – The inspector general of Social Security calls for the immediate removal of Social Security numbers from Medicare cards. The departments of Defense and Veterans Affairs launch major initiatives to delete Social Security numbers from their identification cards.

How about the Department of Health and Human Services, which supervises the Medicare program? Well, let’s just say that according to the Times, the GAO felt that HHS was moving—shall we say—glacially and that it really was all about money. (Forget the fact that identity theft costs America and Americans billions annually.)

The Medicare agency is no small operation. It pays close to 1 billion claims from 1.5 million healthcare providers every year. While I understand that the HHS has considerable budgetary and logistical issues when dealing with the identification quagmire, it is nothing compared with the expense and uproar caused by identity theft in the lives of the people HHS serves. That’s a long way of saying that this identification card “modification” is long overdue.

In the meantime, what can you do if you’re concerned that your Social Security number is in the wrong hands? Because the number can be used to perpetrate many types of crimes, not just credit-related, the problem can be difficult to track. But it’s still important to check your credit reports regularly for signs of fraud — like new accounts you didn’t authorize. You can get your free annual credit reports from AnnualCreditReport.com, and you can get a free credit report summary, updated every month on Credit.com, to watch for changes.

That said, we are not living in a “So it is written, so it is done” age. Congress has to sit on the HHS to get 100% compliance with the law as it was passed. And we have to sit on Congress. And while we are sitting on our favorite 535 federal lawmakers, perhaps they can ask the IRS what’s taking it so long to make some changes — including killing the SSN as identifier — so Americans can stop being such sitting ducks in the sights of miscreants.

‘Safer’ Credit Cards Already Vulnerable

A recent Gallup survey found that 69% of Americans worry “frequently” or “occasionally” about having a credit card compromised by computer hackers. It’s not shocking. Consumers are becoming more educated on the topic, and financial institutions are beginning to do more to combat fraud, including introducing new types of credit cards. One example of the latter is chip-and-PIN technology, which everyone from consumers to the president has hailed for its ability to help prevent fraud. But is it the panacea that it’s been made out to be?

Let’s take a closer look at exactly what this technology entails. Unlike cards that use a magnetic stripe containing a user’s account information, chip cards implement an embedded microprocessor that contains the cardholder’s information in a way that renders it invisible even if hackers grab payment data while it is in transit between merchants and banks. The technology also generates unique information that is difficult to fake. There is a cryptogram that allows banks to see if the data flow has been modified and a counter that registers each sequential time the card is used (sort of like the numbers on a check), so that a would-be fraudster would have to guess the exact historical and dynamic transaction number for a charge to be approved.

Already used in every other G20 country as a more secure payment method, chip-and-PIN cards can be found on the consumer side of a global payment system known as EMV (short for Europay, MasterCard and Visa). The system will be rolled out in the U.S. in 2015, and many of us in the banking and data-security industries believe that it will stanch the flow of money lost to hackers while simultaneously cutting down on credit- and debit-card fraud.

MasterCard, Visa and American Express have already begun sending out chip cards to their American cardholders. The technology is expensive—the rollout of chip cards in the U.S. will cost an estimated $8 billion—and this cost may balloon exponentially if the implementation of the new technology is done incorrectly, as a recent spate of fraudulent charges using chip-and-PIN-based technology shows.

This recent trend is one early sign that chip-and-PIN may not be the cure-all many consumers were hoping for, at least during the rollout phase. According to Brian Krebs, during the past week, “at least three U.S. financial institutions reported receiving tens of thousands of dollars in fraudulent credit- and debit-card transactions coming from Brazil and hitting card accounts stolen in recent retail heists, principally cards compromised as part of the breach at Home Depot.”

The curious part about this spate of credit- and debit-card fraud is that fraudsters used account information pilfered from old-school magnetic stripe cards skimmed in that attack and ran them as EMV purchases in what’s called a “replay” attack. “After capturing traffic from a real EMV-based chip card transaction, the thieves could insert stolen card data into the transaction stream, while modifying the merchant and acquirer bank account on the fly,” Krebs reported. It sounds confusing, but the bottom line is money was stolen.

As with many scams, this particular evolution in the world of hacking for dollars cannot succeed without human error, which is probably the biggest liability in the coming chip card rollout. Krebs spoke with Avivah Litan, a fraud analyst with Gartner, who said, “It appears with these attacks that the crooks aren’t breaking the EMV protocol but taking advantage of bad implementations of it.” In a similar attack on Canadian banks a few months ago, one bank suffered a large loss because it was not checking the cryptogram and counter data, essential parts of the protocol.

As with all solutions in the realm of data-security, there is no such thing as a sure thing. Whether the hackers banked a false sense of security at the institutional level, knowing that the protocols might be deemed an unnecessary expense, or the recent attacks are merely part of the chip card learning curve, this latest technology is only as good as its implementation.

So, despite the best efforts of those in the financial services industry, the truth is I can’t blame anyone for worrying a bit about credit card fraud. The good news is that in almost all cases, the consumers aren’t responsible when they’ve been hit with fraud. The banks take care of it (though it can be trickier with debit cards, because money has actually left your account). These days, though, the reality is that you are your own first line of defense against fraudulent charges. That means pulling your credit reports at least once each year at AnnualCreditReport.com, monitoring your credit scores regularly for any sudden and unexplained changes (you can do that for free using free online tools, including those at Credit.com), keeping a close eye on your bank and credit card accounts daily and signing up for transactional monitoring programs offered by your financial institutions.