Posts

Government risks Consumers’ Identities

Guess who may be compromising the security of your Social Security Number.

1PThe Social Security Administration!

Yep, that’s right. Did you know that 66 percent of the mail the SSA sends out contains someone’s Social Security number? This is what the inspector general of the SSA, Kimberly Byrd, says, and I believe it.

How many pieces of mail is this? Over 230,000,000. This situation is problematic.

  • The SSA claims it will cost over $19 million to reduce these mailings.
  • It also won’t happen anytime soon.
  • The SSA can’t even give a time estimation for when these mailings will be cut back, and Byrd says that security should trump convenience.
  • It is not known what percentage of the mail-outs reach their intended addresses, and this includes the not-so-uncommon problem of mail carriers delivering to the wrong address. Imagine that the wrong recipient is also an identity thief, and sees that Social Security number upon opening someone else’s mail…
  • Another reason many mail-outs may end up in the wrong hands is that the addresses are no longer accurate for the recipient.
  • And then of course there is mail theft. Or someone can easily change your mailing address. It’s maddening actually.
  • Though some mailings do require the SSN, others don’t, and many other entities, such as private businesses, have found a way around this sticky problem, though this doesn’t mean they’ve eliminated 100 percent of it.
  • Another plan to help reduce the number of SSNs flying around out there is the use of the Beneficiary Notice Control Number—used on a case-by-case basis, says the Social Security Administration.

Nevertheless, it’s maddening that the Administration has failed to yield a deadline range for these changes. Let’s face it, the SSN is responsible for the judicious handling of our Social Security numbers, and 230 million mailings—without verification that the addresses match the recipients—is hardly judicious.

Think of how often, over the past five years, you’ve accidentally received someone else’s mail. This is common and a gateway for crooks to steal somebody’s identity.

The Fix

  • The SSA should make deletion of SSNs from their correspondence a top priority—and once they do that, things will start falling more together.
  • Revisit the estimated cost it would take to implement the reduction of mail containing SSNs.
  • YOU need to getting a locking mailbox.
  • YOU need to get a credit freeze and invest in identity theft prevention. These two solutions make your SSN relatively less attractive to a thief.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

What are Consumer Reports?

You’ve heard the term “consumer report.” Many times, I’m sure. But do you really know what one is? If you’re nodding your head, would you be able to explain it to a Martian? If not, then you probably do not have a solid understanding of what one is.

12DBut lenders, landlords, creditors, employers and insurers certainly know what a consumer report is, because every time they’re about to deal with a new client, they put themselves at risk.

  • Is he in good health?
  • Will she stop paying her mortgage?
  • Will he total his car?
  • Will she be productive on the job?
  • And more questions abound.

An article on privacyrights.org explains that all sorts of businesses need to assess the risk of every new client. However, it would be quite unwieldy for businesses to sit every potential client down and run through a list of 100 questions, then wonder if the applicant is being truthful.

Enter the consumer report.

  • Credit report: Lenders can see the applicant’s financial status and bill payment habits.
  • Fair Credit Reporting Act: Encompasses entire financial status.
  • Miscellaneous companies are targeting consumer reports specifically for landlords, insurers and employers.

The article explains that the businesses that put together these targeted reports are called consumer reporting agencies. Consumer reports don’t just deal with finances and credit. Other types of reports come from nationwide specialty consumer reporting agencies. These other kinds of reports may detail one’s medical history, employment history, history of insurance claims and check writing history.

You are entitled to a free report every 12 months from a nationwide specialty consumer reporting agency.

  • Make your request to each specialty reporting agency; they act independently of each other.
  • Every agency has a toll-free number.
  • Some agencies allow faxed, mail-in or online requests. For online requests, the agency’s site must provide a FAQ or help page.
  • You are entitled to an update on your request’s status.
  • There is no deadline for the agency to honor your request.
  • The agencies gather information on people from a number of sources such as bankruptcy filings, driving records, credit history, public records of court cases and insurance companies.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Consumers smartening up to Privacy Issues

According to a recent report from Pew Research, many Americans take privacy seriously—as in the cyber kind, but also offline. 2P

  • 9% of survey respondents thought they had strong control over how much of their personal information was collected and shared.
  • 38% thought they had moderate control; 37% believed they had little control; 13% said they had zero control.
  • 25% used temporary e-mail addresses or usernames for some online activities.
  • 24% gave non-truthful information about themselves (e.g., when registering on a site to post comments, a single woman might indicate that she’s a married man; or a childless person might indicate that he has kids).
  • 59% cleared their browser and cookies.
  • 47% avoided giving out non-relevant information for online transactions.
  • 55% remained anonymous for some online activities.
  • 74% believe the government should have better limits to collecting people’s data.

Why don’t more people do things in the name of privacy like adjust the settings of their accounts or smartphone? For starters, some don’t want to hassle with “techy” things, while others don’t think it’ll make any difference. Some just aren’t worried all that much and have nothing to hide. Others don’t want to pay more money for more security. And some are clueless over how much of their data gets shared, such as those who blindly allow mobile apps “permissions.”

Some users also know that higher privacy, in general, comes with slower loading times and other inconveniences. People want efficient usability. Nevertheless, people are getting cranky.

For example, the U.S. Drug Enforcement Administration was surveilling Americans’ phone calls overseas. They’ve now been sued. Secondly, the Stop Online Piracy Act was on the brink of being shelved, but lawmakers put a stop to these plans.

The National Security Agency’s metadata program with bulk phone calls was recently deemed illegal after the American Civil Liberties Union brought a lawsuit to the U.S. federal appeals court.

And that’s just a sample. There are more lawsuits in the works in the name of Americans’ privacy rights.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Consumers sacrificing Privacy for Convenience

It’s hard to believe that, according to a recent poll from the Pew Research Center, most Americans aren’t too upset that the government can track their e-mails and phone calls. There’s too much of a blasé attitude, it seems, with people thinking, “I don’t care if I’m monitored; I have nothing to hide.”

2PThis blows it for those of us who actually DO mind that the government is snooping around in our communications, even if we’re as innocent as a butterfly.

Privacy experts believe that governmental monitoring of online activities is just such a fixed part of Americans’ lives that we’ve come to accept it. But privacy experts are pushing for an increased awareness of the importance of digital privacy, and this begins with the U.S. masses putting out some demands for privacy.

An article on arcamax.com points out that as long as Americans are sitting pretty with cheap and easy-to-use Internet experiences, nothing much will change. “People are very willing to sacrifice privacy for convenience,” states Aaron Deacon, as quoted in the article. He manages a group that explores issues pertaining to Internet use.

The article says that Pew’s research reveals that since the NSA revelation, 20 percent of Americans have become more privacy-conscious in a variety of easy ways like using a private web browser.

But most Americans shy away from the more complicated privacy protection methods. Furthermore, some people don’t even know of the extent of governmental monitoring.

Nevertheless, ease of use has made people complacent. Who wants to hassle around with encryption, decoding, coding, etc.? This stuff is great for techy people but not the average user.

The good news is that there is somewhat of a revolution geared towards making privacy methods less intimidating to Joe and Jane User. It just won’t happen overnight, but the market is “emerging,” says Deacon in the article.

Theoretically, if everyone turned techy overnight or privacy protection instantly became as easy as two plus two, this would make unhappy campers out of the businesses that flourish from tracking users’ online habits. The government wouldn’t be smiling, either, as it always wants to have fast access (e.g., “backdoor”) to electronic communications: the first communication choice of terrorists.

Thus far it seems that people have two choices: a fast, easy, cheap Internet experience that gives up privacy, or a techy, expensive, confusing experience that ensures privacy. The first choice is currently winning by miles.

Forewarned is forearmed. Pay attention. This is getting real.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Bank Account depleted, Company sues

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

4HBank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

  • Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
  • Stage phishing attacks to see how well everyone learned their security training
  • Retrain those who fell for the staged attacks
  • Make it a rule that more than one person is required to sign off on large transfers
  • Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Healthcare Providers Gaining Trust by Marketing Security

You’ve surely heard of “B2B” or business-to-business marketing. The new game plan is “B2C” – business to consumer marketing, particularly in the healthcare industry. The Affordable Care Act allows healthcare organizations to directly deal with consumers on a massive scale for the first time. However, this comes with some challenges, namely, how to effectively reach potential consumers and differentiate their organization from the competition.

3DOrganizations must take notice that potential enrollees aren’t just concerned about cost and coverage, but two less apparent concerns: privacy and security.

Consumers want reassurance that their data is protected. They can’t get all the data breach fiascos out of their mind. According to the TRUSTe 2014 U.S. Consumer Privacy Report, 92 percent of U.S. Internet users are worried about their online privacy. Of these, 47 percent are frequently worried.

So even though a potential enrollee may have complete faith in your service and reputation, they may be unnerved by the pathways of information exchange: the Internet, mobiles, wireless networks, computers. They know that their personal health data is out there in “space,” up for grabs.

If you want strong enrollment numbers and loyal customers, you must put the consumer’s concern for the protection of their personal health information at the top of the priority list. No way around this. If consumers don’t get assurance from you, they won’t stick around for it; they’ll take their business elsewhere.

So what will you do to put consumers’ apprehension at ease? One way to accomplish this is to facilitate a security and privacy program to ease consumer anxiety.

AllClear ID provides the following guidelines for healthcare insurers and providers:

  • Continue to use state-of-the-art IT techniques to secure cloud services, access points, databases and mobile devices; and to better monitor systems for breaches.
  • Improve security of corporate devices and employees’ personal mobile devices used for work.
  • Enhance employee training at all levels to decrease errors, improve device security and ensure HIPAA compliance. Also train employees around how to comfortably talk to customers about how their data will be protected.
  • Institute an identity protection program for enrollees to make them feel safe signing up with you and reduce the pain if there is a breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures