Can a national identification document prevent identity theft?

• Tweet

August 31st, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

In a word, no. A national ID card, on its own, will not prevent all forms of identity theft. In order for new account fraud to be entirely avoidable, a number of other factors would have to come into play, effectively establishing accountability through identity proofing. Effective identity proofing is also necessary in order to reliably prevent medical and criminal identity theft.

As you might have guessed, identity proofing simply means proving that individuals are who they say they are. Identity proofing often begins with personal questions, like the name of a first grade teacher or the make and model of a first vehicle, that only the actual person would be able to answer. Of course, this technique is not foolproof, and now that personal information is so readily available over the Internet, knowledge-based authentication is probably on its way to extinction. The next step is documentation, such as a copy of a utility bill or a mortgage statement. These types of identifying documents can be scavenged from the trash, but they are more effective proof when combines with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual's identity.

Identity scoring is another effective identity proofing method. An identity score is a system for tagging and verifying the legitimacy of an individual's public identity. Identity scores are being used to prevent fraud in business and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including components such as personal identifiers, public and government records, Internet data, corporate data, predicted behavior patterns based on empiric data, self-assessed behavior patterns, and credit records.

USA Today reports that in the four years since Congress enacted the Real ID Act, which was intended to make it more difficult to obtain a fraudulent driver's license, the act has languished due to opposition from several states. Real ID supporters say it will not only deter terrorism but also reduce identity theft, curb illegal immigration and reduce underage drinking, all by making the nation's identification-of-choice more secure. Homeland Security Secretary Janet Napolitano is proposing the repeal of the Real ID Act.

The Real ID Act has many provisions that are forms of identity proofing along with the potential for biometrics across the board. When Indiana checked its six million drivers against a Social Security database, it ended up invalidating 19,000 licenses that didn't match. When Indiana began using "facial recognition" technology to make its photos secure, the state caught a man who had 149 licenses with the same photo but different names.

Is Napolitano moving backwards or forwards? Do your research and decide for yourself.

Protect yourself from identity theft. Prevent new account fraud by getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Identity theft speaker Robert Siciliano discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Identity thieves target Ben Bernanke and his wife

• Tweet

August 31st, 2009 - Posted by Caitlin

Government officials recently revealed that Fed Chairman Ben Bernanke fell victim to identity theft last year. Mrs. Bernanke's purse, containing personal checks, four credit cards, and her ID, was stolen in a Starbucks. A few days later, the thief walked into a Bank of America branch and used one of the Bernankes' stolen checks to deposit $900 into a third party's account, then withdrew $9,000 from that person's account. Ben Bernanke quickly spotted the suspicious transaction and reported it to the bank, and as a result, the Bernankes were not liable for the missing funds. The thief, however, is still at large, and is believed to be part of a larger identity theft ring that continues to impersonate victims at various bank branches.

The thief who stole Anna Bernanke's purse withdrew only $900 at first, in order to avoid raising red flags. Fortunately, Ben Bernanke was monitoring his bank statements carefully and thus, noticed the unusual transaction immediately. Regularly checking your account activity online is one of the most crucial steps you can take to protect yourself from identity theft. If you'd like to take further steps to prevent and detect new account fraud, consider investing in an identity theft protection service.

LifeLock to stop setting fraud alerts on behalf of consumers; Launches LifeLock Identity Alerts

• Tweet

August 31st, 2009 - Posted by Joe

LifeLock announced in an email sent to subscribers today that the identity theft protection service will soon stop setting fraud alerts on behalf of consumers. This announcement comes after a judgement this May in a case brought by Experian in which the credit bureau challenged the legality of LifeLock's practice of setting fraud alerts on behalf of consumers.

LifeLock CEO Todd davis stated that the company had been anticipating the possibility of this outcome and have invested in developing a new system call LifeLock Identity Alerts. According to Davis, this new system:

• Uses more sophisticated and scientific algorithms to spot identity fraud
• Mines more data sources than the credit bureaus. These additional sources include data from many retailers, banks, mortgage lenders, utilities, and auto lenders
• Examines patterns over time across this network to help predict future identity risks and the vulnerability of members

Davis did not give a specific date on which fraud alerts would stop being set, although he did say that the transition would happen over the next few weeks and that LifeLock members would not experience any interruption in the protection of their identities.

We have not been able to review the new features of LifeLock Identity Alerts in detail as of yet, but have included the full text of the email message sent by Davis below. We will provide more information once we have more details on the new tools and timeline for transition.

**Important Message from LifeLock**

Dear Valued Member,

LifeLock is pleased to announce we are beginning implementation of a new and innovative identity protection system that provides you even better and broader protection. This new system, which replaces fraud alerts, is better because it offers you the benefit of real-time protection in some instances, and broader because it identifies identity risks beyond the scope of fraud alerts.

As you may know, as a result of litigation with the credit bureau, Experian, a Court has ruled that LifeLock must soon end the practice of setting fraud alerts on behalf of consumers. The placement of a fraud alert on a member's profile is just one of the many tools LifeLock uses to protect our members from the growing threat of identity theft. We have been planning for the possibility of this ruling by developing even better ways to help protect you, and are excited about the broader protection we will roll out in the coming weeks.

The new LifeLock Identity Alerts will notify you by email, postal mail, and/or phone anytime we detect your personal information being used to apply for many forms of credit cards, wireless services, retail credit, utilities, check orders/reorders, mortgage loans, auto loans, and non-credit related payday loans. If the application is fraudulent, our remediation team will take action to help restore your good name.

This system uses very powerful, forward-looking models to help predict fraud and identity risks before fraud occurs. For example, the system:

* Uses more sophisticated and scientific algorithms to spot identity fraud;
* Mines more data sources than the credit bureaus. These additional sources include data from many retailers, banks, mortgage lenders, utilities, and auto lenders; and
* Examines patterns over time across this network to help predict future identity risks and the vulnerability of members.

While this transition takes place in the coming weeks, you will notice no interruption to the around-the-clock protection you depend on from LifeLock.

In addition to this new identity protection system, LifeLock will continue to provide you with the full suite of other personal protection services you have come to know and trust – including WalletLockTM, eReconTM, TrueAddressTM, and of course our $1 Million Total Service Guarantee. If you become a victim of identity theft while a member of LifeLock because of a failure in our service, we will help you fix it, up to $1 million. (Restrictions apply. See LifeLock.com for details)

At LifeLock, we never take your trust in us lightly, and consider it an honor to protect your good name. We are confident you will share our excitement about this improved level of service and the increased peace of mind and protection it will provide you and all our members. If you ever have questions about your membership or this enhancement to your service, please send us an email at member.services@lifelock.com or call us at 1-800-LIFELOCK (543-3562), option #2.

We thank you for your business and your continued trust in LifeLock.

Sincerely,

Todd Davis

Todd Davis
CEO

Weight Watchers offers one month free

• Tweet

August 31st, 2009 - Posted by Caitlin

Weight Watchers already offers a discounted three month plan, but for a limited time, customers who sign up for this discounted plan will receive an additional fourth month of service for free. This is an unusually generous promotion, so if you're interested in subscribing to a diet service, you should seriously consider taking advantage of this unique savings opportunity. There is no promotional code necessary to capitalize on this offer. Simply click any Weight Watchers link on NextAdvisor.com.

As summer comes to a close and autumn approaches, it's time for a fresh start and a renewed focus on goals. To learn more about Weight Watchers or other diet programs, see our reviews and comparison chart.

Are online backup providers responsible for keeping customers' data unencrypted?

• Tweet

August 28th, 2009 - Posted by Kent

The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way. This question comes as a follow-up to a question asked earlier this week: If an online backup service provider is subpoenaed, would they have to hand over your data?

Q: As a data storage provider, if forced to turn over a clients data and it is encrypted, and me as a data storage provider that does not have any means to obtain my clients encryption code; I would just essentially be turning over jibberish. How does this play into the whole scenario?

A: Last week I noted that online backup providers must cooperate with search warrants, meaning they must hand over data, unencrypted to law enforcement if subpoenaed. I also noted that Carbonite requires that data not be encrypted, prompting a reader to ask if online backup service providers were required to screen for encrypted data.

I'm glad you asked because your question sent me back to the Terms of Service for a deeper read. It turns out that Carbonite only prevents you from using "the Carbonite Products or Services to decrypt data encrypted by others" as well as disallowing you to "permit others to Use the Carbonite Products or Services to access or decrypt data stored on servers provided by Carbonite…" Specifically this seems to refer to an unauthorized use of Carbonite's own encryption methods (which it uses to securely pull the files from your computer).

So, that entanglement is avoided, and I apologize for that misreading on my part (it seems obvious now). Still, it's important to note that these services are not routinely scanning your files for inappropriate content. That would actually make them liable for everything on their servers, a horrendous and unmanageable burden. Carbonite says it may decrypt your files if "it reasonably believes it must do so in order to comply with a law, subpoena, warrant, order, or regulation…" It may also due so for trouble shooting purposes.

If an online backup provider was subpoenaed, would it have to hand your data over?

• Tweet

August 27th, 2009 - Posted by Kent

The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.

Q: I have a question about online backup services. In both civil and criminal lawsuits, we have all heard or read about an individual's computer contents being used as evidence, and if the crime or individual is "newsworthy," the contents splashed all over the news.

A: That's a great question. First, I should say that I'm not a lawyer and this does not constitute legal advice, but I do spend a lot of time pouring through Terms of Service (TOS) agreements and have worked with legal departments at online service providers in the past. This morning I spent some time with the TOS's of several of our online backup providers.

My entirely non-legally binding findings are: Yes, if your online backup provider was subpoenaed to hand over your data, they would have to do it. Your online storage is, as you suspect, just like the drive on your computer when it comes to a search warrant. Furthermore, the backup service provider does not want to (and legally cannot) store data that they know to be in violation of the law. If the provider were to do anything to disguise your data (i.e, through encryption), they would be in breach of the law. In fact, at least one provider (Carbonite) expressly prohibits you from making your data unreadable, since it would prevent investigations.

In my professional experience, online service providers are sticklers for subpoenas, and will not hand over customer data without a proper court order. While they are required to help out law enforcement, there are consequences to violating a user's privacy (both in terms of public relations and litigation).

But, as you suggest, once that data does get turned over, the genie is out of the bottle. Still, the same would be true if you backed up your data on an external drive and it was discovered during a court-ordered search of your house.

For more on online backup services, check out our reviews and comparisons.

P2P file sharing makes identity theft easy

• Tweet

August 26th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Peer to peer file sharing is a great technology used to share data over peer networks. It's also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I've seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

The Register reports that a Washington state man has been sentenced to more than three years in federal prison after admitting to using file-sharing program LimeWire to steal tax returns and other sensitive documents. He searched LimeWire users' hard drives for files containing words such as "statement," "account," and "tax.pdf." He would then download tax returns, bank statements, and other sensitive documents and use them to steal identities.

I did a story with a Fox News reporter and a local family who had four kids, including a 15-year-old with an iPod full of music, but no money. I asked her dad where she got all her music and he replied, "I have no idea." He had no idea that his daughter had installed P2P software on the family computer and was sharing all their data with the world. The reporter asked much personal information I could find on the P2P network in five minutes. I responded, "Let's do it in one minute."

There are millions of PCs loaded with P2P software, and parents are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person's computer, so be smart and make sure you aren't opening a door to identity thieves.

• Don't install P2P software on your computer.
• If you aren't sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your "All Programs Menu" will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you've found.
• Set administrative privileges to prevent the installation of new software without your knowledge.
• If you must use P2P software, be sure that you don't share your hard drive's data. When you install and configure the software, don't let the P2P program select data for you.
• Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
• And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox.

[youtube]http://www.youtube.com/watch?v=fbMiMQwpwfA[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Vonage iPhone App Coming Soon?

• Tweet

August 26th, 2009 - Posted by Erik

Last week we told you about Vonage's new Vonage World plan, which gives you unlimited calling to anywhere in the U.S. and more than 60 other countries for the flat monthly fee of $24.99.  Not only have consumers seemed to love this plan so far, but so has the stock market, sending Vonage's shares up an astonishing 443% since the announcement based on today's closing price.

It seems that may not be all that investors are excited about.  Stock message boards are abuzz over a possible Vonage iPhone app which would enable iPhone customers to make VoIP calls on their iPhone using their Vonage World plan.  So instead of paying AT&T exorbitant rates to call overseas (not to mention in the U.S.), Vonage World customers connected to a WiFi network could simply dial whatever number they wanted on their iPhone and not pay a penny as long as they are Vonage World customers.  This could be in addition to using Vonage as your home phone service.  Details are still lacking so we don't actually know quite what the app will be for sure but Apple did confirm to Barrons that Vonage has submitted an iPhone app and Vonage subsequently confirmed that they made a minor change Apple had requested and resubmitted the app for approval.

So the app could be available any minute.  Then again, Google submitted an app for their Google Voice service that has been in limbo for months now and is now the subject of an FCC investigation, so it's hard to say how long this could take.  We'll update with a new post as soon as we hear something.  In the meantime, if this all soundns pretty exciting to you, you may want to sign up for Vonage World now so you're ready when the app comes out.  You can also call 1-888-692-8076 to sign up for Vonage World by phone.

Consumers still prefer DVDs over streaming video

• Tweet

August 26th, 2009 - Posted by Caitlin

It seems logical to assume that over time, the popularity of DVDs would fade in favor of streaming video. But for the present, DVDs are holding strong. A new survey found that the majority of consumers would rather rent DVDs than stream movies over the Internet. Only 6% of respondents considered the streaming feature important. The researchers continue to believe that "a large percentage of the DVD rental market will move to digital in the long term," but the survey indicates that physical rentals will maintain popularity for longer than previously expected. The survey also found that 20% of those without a Netflix subscription plan to get one before the end of the year.

If you are considering a DVD rental service or an online movie streaming option, check out our reviews and comparisons of Netflix, Blockbuster and other online options.

Supermarket chain brings in the big guns to prevent identity theft

• Tweet

August 26th, 2009 - Posted by Caitlin

Hannaford, a midsize supermarket chain, was one of the many corporations that fell victim to Albert Gonzalez's large and sophisticated hacking operation. Gonzalez's hack exposed millions of credit and debit card numbers, and Hannaford has responded by going above and beyond to protect customers from a similar breach in the future. For starters, the company has hired General Dynamics, a premier cyber security contractor for the Department of Defense, to upgrade its security infrastructure. Upgrades include a network monitoring service from IBM that provides instant alerts of "intrusive traffic," as well as the highest level of PIN number encryption available and new intrusion prevention systems. While Hannaford can't claim that the new security measures are infallable, using a debit or credit card at a Hanaford supermarket is certainly more secure than it was when Gonzalez's team hacked int o the network in 2007.

Hannaford's dedication to securing customers' sensitive data is admirable, and should be emulated by other corporations. But unfortunately, most retailers are less vigilent, and hackers are always working to find new chinks in the armor. Which is why, for the time being, identity theft protection is still a very wise and worthwhile investment.