Data Brokers: What Are They; How to Get Control of Your Name

Data brokers have lots of personal information about you; here’s what you can do about that.

8DEver hear of the term “data broker”?  What do you think that is? Think about that for a moment. Yep, you got it: An entity that goes after your data and sells it to another entity.

The entity that gets the data, the broker, is called a consumer data company. They snatch huge amounts of data from individuals all over the planet and sell it. And who wants your personal information? Your information is of significant value to marketers, companies doing background checks and in some cases, your government.

They want to know what you like to buy, what you’re most likely to buy, if you want to lose weight, build muscle, what kind of cars you like, where you vacation, what you eat, where you shop for clothes, what kind of disease you have, whether or not you’ve been assaulted or if you have committed a crime…all so they can get a solid picture of who you are.

You now know about data brokers: a whole new industry that reflects our evolving technology. Lawmakers have taken notice of this flourishing industry, trying to get companies to give some control to consumers over what becomes of their data.

At least one data broker makes it possible for you to see how much data is out there about you and to possibly edit and update it. But that’s not enough.

Just how much do data broker companies even know about people?

They build you up from the inside out; starting with skeletal information (name, address, age, race) and padding the meat on from there: education level, medical conditions, income, life events, (buying a home, getting divorced), driving record, law suits against you, credit scores and more. One credit reporting agency even sells lists of the names of people expecting babies and who has newborns. They even sell lists of people who make charitable donations and read romance novels. Data brokers can even get ahold of your income information.

This doesn’t mean that any one data broker knows everything about you. It’s just that a heck of a lot of personal information about you is potentially scattered all over the place. Data brokering is legal: a multi-billion dollar industry involving trillions of transactions every day. But this doesn’t mean the consumer is without rights or power. You can, indeed, do some reclaiming of your name from the data brokering industry.

How do you get control and manage your name?

Sit and wait: As mentioned, lawmakers are putting the heat on data companies to make it possible for consumers to have some control over all of this. The FTC recommended in a 2012 report that the data mining industry establish a website that reveals names of U.S. data brokers plus other relevant information.

  • Got to Data brokers have not responded, so someone else did: a site that tells consumers who the data brokers are and their opt-out links.
  • Browse “Incognito”: with Googles Chrome browser you can open a “New Incognito Window” once opened, you’ve gone incognito. Pages you view in incognito tabs won’t stick around in your browser’s history, cookie store, or search history after you’ve closed all of your incognito tabs. Any files you download or bookmarks you create will be kept.
  • However, you aren’t invisible. Going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.
  • Use a VPN: For the ultimate in masking your webcrumbs use Hotspot Shield VPN which acts as a proxy and covers up your IP address and protects your devices and data from Wifi hackers at the same time.
  • Plugins: Browsers Chrome and Firefox offer a plethora of addons to mask your browser. DoNotTrackMe is a good one.
  • Behave: Yes, just be good, don’t commit any crimes, because you can’t erase bad behavior from government records.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Feds Catch Carder



“Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet. “Dumps” is a term for the batches stolen credit card data they buy and sell.

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud.

It’s in the retailer’s best interest to put online fraud prevention measures in place to thwart credit card fraud use on their sites. This not only helps them keep their chargebacks and fees low, but it also protects their brand reputation with their loyal customers.  But how can retailers detect when fraudsters are stealing from their websites in the first place?

Before verifying identity and credit information, first make sure that the computer, tablet or smartphone connecting to the site is not a known fraudulent device – one used to steal from your business in the past, or from other online businesses.

Would you like to know if the device is acting suspicious such as masking its IP address or constantly changing its characteristics between transactions?  Is it opening an excessive number of new accounts, or are new countries suddenly accessing your customer’s existing accounts?

There are many indicators of risk and companies like Oregon-based iovation Inc. helps online businesses set up fraud and risk rules in advance so that as transactions come in, the rules run and all checks in a fraction of a second. This device identification service can stop the transaction right then and there.

Carders are just one piece of the cybercrime puzzle.  Having a defense-in-depth approach to fraud prevention is essential.  And sharing fraud intelligence with other businesses can only help you catch more fraud, and meanwhile, take more business with confidence.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Identity Theft Ring Targeted Banks

In what is considered “the largest identity theft takedown in U.S. history,” 111 individuals were indicted for “stealing the personal credit information of thousands of unwitting American and European consumers and costing individuals, financial institutions and retail businesses more than $13 million in losses over a 16-month period.”

The five different identity theft and forgery rings involved in these crimes targeted banks using a variety of techniques. From inside jobs to robberies and credit card fraud, this criminal network, based in Queens, New York but with ties to Europe, Asia, Africa, and the Middle East, was organized and profitable.

The criminals’ primary focus was on credit cards. Many of the defendants are accused of using stolen credit card numbers to purchase “tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry,” not to mention staying at five-star hotels Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.”

“Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years,” explained Queens district attorney Richard Brown.

Police Commissioner Kelly commented, “These weren’t holdups at gunpoint, but the impact on victims was the same. They were robbed. We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credit cards and their vulnerability to identity theft have grown along with the Internet.”

More financial institutions could protect their clients and themselves by incorporating device identification upfront in their fraud detection processes to keep scammers out, as the recent FFIEC guidelines suggest. Oregon-based iovation Inc. offers the world’s most advanced device identification service, which is already in use at many major financial institutions offering commercial and retail banking as well as credit issuance.  The device recognition service, called ReputationManager 360, is used alongside other risk-based authentication tools for a layered defense against organized crime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)