Custom Search

December 31, 2009

PC World's identifies the top ten security nightmares from the past ten years

Interesting article from PC World about the Top Ten Computer Security Nightmares of the past decade.  Scary how far we've come in the past ten years.  Here's the article -

PC World has been around forever ... at least in terms of the computer age.  I remember my first computer.  It was actually my dad's.  Not sure the year, I was just a kid.  But he subscribed to PC World back then.  And they would print the BASIC code (BASIC was an early computer language) for a simple computer program.  My ten year old self would spend hours typing in every line of the program.  One small mistake and the program would not run properly.  All that work, just to make the screen flash different colors ... or to repeatedly print my name in alternating colors.  Those were good times.  Wish my Dad was here now to see what the computers he first turned me on to can do.

December 28, 2009

Countrywide settles class action lawsuit for mere "slap on the wrist"

What a crock.  Countrywide, who allowed a rogue employee to steal the personal information of over 17 million of its customers (me included), has achieved preliminary court approval for its settlement of a class action lawsuit filed against it.  The proposed settlement - Countrywide (now owned by Bank of America) - gives each of the potential victims a wopping settlement of ... drum roll please ... free credit monitoring!  Whoo whoo, go cash that voucher in quick, its worth sooooo much more than your good name!  Can you smell the sarcasm?!

What a joke of a settlement.  I for one will be opting out.  Don't know if I will sue separately yet or not, may even be past the statute of limitations, but I am definitely not going to accept free credit monitoring in settlement of anything.

Oh, the settlement does provide for up to $50,000 for anyone that can prove their identity was stolen as a result of Countrywide's data breach but, surprise surprise, no one's been able to meet Bank of America's burden of proof on that one yet.  Not that $50,000 is much for an identity theft victim.  I fairly routinely get multiples of that for my clients. 

Shirley Norton, a spokeswoman for Bank of America, said the settlement is “in the bank's best interest” to avoid additional legal expenses. "We look forward to moving ahead with the settlement,” Norton said.  I bet they are, given the favorable terms of the settlement for BOA.

Luckily, there is a fairness hearing set for July.  Maybe someone can step forward and convince U.S. District Judge Thomas Russell of Kentucky to stop this lunacy and reinstate the lawsuit so the injured consumers can get some real relief.

Red Flags Rule just can't seem to reach the checkered flag

In 2003, Congress passed amendments to the Fair Credit Reporting Act.  One of the changes was a requirement for business that met a certain definition to implement procedures to prevent identity theft.  The procedures were dubbed the "Red Flags Rule".  Congress gave the businesses that met the definition of creditor until November 2008 (yes, five whole years, longer than a term in office for the President) to create and implement the Red Flags Rules.  Shouldn't be too hard, just some common sense things to watch out for that might indicate that an identity thief is trying to pull a fast one. 

Apparently, the creditors sat on their hands for the first five years, because right at the deadline, the creditors started seeking an extension of the deadline to implement the Red Flags Rule.  And they got the extension.  And another one, and another one and (I think) another extension (quite frankly, I've lost count).  The latest Red Flags Rule implementation date was January 1, 2010.  That was the new date, until Congress just extended it yet again ... this time all the way to June 1, 2010.  So this law, seven years after it was enacted, has yet to take effect. 

The Red Flags Rule is supposed to get companies to train all their employees (not just their handful of "fraud specialists" who aren't even contacted until after the proverbial excrement hits the fan) on how to spot the warning signs of identity theft (i.e. the red flags that would tip off a person of normal intelligence).  From my 10 plus years of representing consumers in litigation against banks, credit card companies and the credit bureaus, I have learned one important, nearly universal fact ... the vast number of people that work for corporations check their common sense at the door when they report to work every morning.  Most corporate clones are paid the same no matter the quality of their work.  So most don't go out of their way to do a good job.  As said by the main character of the movie Office Space, they just simply work hard enough not to get fired. 

What's worse is that these corporate cronies follow the all mighty "policies and procedures" of their corporate employers, which are usually written by corporate higher ups with no idea how things are done at ground level.  I swear, I think if the corporate policy said to murder all customers who complained of a certain widget, the streets would be filled with blood.  I know the employees possess common sense, they just seem to leave it at home.  The bottom line is ... most corporate employees just don't care about what they are doing. 

This is why, time and time again, I see corporate employees ignore the obvious signs of identity theft, signs even my most under educated clients easily spot and, as a result, prolong the nightmare that is identity theft.  For this reason, the prevention procedures required by the Red Flags Rule are critical to consumers all across the nation.  Yet, these consumers, lacking the beneft of the lobbyists employed by the corporate sector, are repeatedly getting the shaft by the continued delay allowed by Congress.  Maybe by the time my 2 year old gets his first credit card, some measure of the Red Flags Rule might be implemented.  But, unlike my 2 year old when he's mad, I'm not holding my breath.

December 23, 2009

Department of Justice's nationwide effort nabs another identity thief

A Tennessee federal grand jury has indicted an alleged identity thief as a part of the Department of Justice's nationwide effort to identify and prosecute those responsible for mortgage and other fraud against lending institutions. 

Jerome Henderson, Jr. of Clarksville, Tennessee was indicted last week for aggravated identity theft, bank fraud and social security number misuse.  According to the indictment, from March 2005 to May 2007, Henderson submitted multiple fraudulent loan applications to various lenders and financial institutions for the purchase of property in the Nashville area.  The indictment further alleges that Henderson forged documents as part of his scheme, including false social security numbers, a forged Army Contractor Badge, forged W-2 forms, and other forged documents, which he attached to mortgage loan applications and submitted to lenders. In addition, Henderson created false bank statements that showed fictitious direct deposit amounts into accounts bearing his name, and containing a bogus physical address.

Henderson faces up to 32 years in prison and a $1,000,000 fine.

December 22, 2009

Identity theft victim charged with crime

Imagine finding out there is an arrest warrant with your name on it.  As if that's not bad enough, imagine that your name is on the arrest warrant not because you committed a crime but because you are a victim of one.

That's exactly what happened to Anna Greer of Bakersfield, California.  Apparently, a woman committed a crime and, when caught by the police, identified herself using Anna Greer's name and other personal identifiers.  Even though police were able to later determine that the suspect was not really Anna Greer, Anna Greer's name is now listed as an alias for the criminal in criminal databases.

So, even though the charges against "Greer" were dismissed, the felony charges still show up when a search of her name is performed.  In fact, that's how Greer learned of the warrant out for "her" arrest.  The online court records for Kern County, California show Greer as having once been charged for receiving stolen property and forgery.  Even though both charges were dismissed, both still make it look like Greer was at least charged with both crimes, even though it was in reality her identity thief that was charged.

After much hard work on her part, Greer's name is still tied to both crimes, but she now has a letter from the judge that states she is a victim of identity theft and "was not the person suspected of and charged with check forgery and receiving stolen property."  But online viewers do not see this letter.

This is a common problem when criminals are caught and give someone else's name or SSN to the police.  I once had a person come to me in Mississippi with this problem and, despite the sheriff that arrested the real perp writing letters on his behalf, even I could not get his name off the criminal database for Mississippi, since the criminal did give his name as an alias.

This is a huge problem, particularly when seeking employment.  When asked whether you have ever been charged with a felony, how do you respond?  If you respond truthfully by indicating no, then a search of the public records by your potential employer may make you appear to be a liar and criminal.  But explaining the error just opens up a whole can of worms for you and your potential employer.

Maybe Congress will one day enact some legislation to fix this problem.

December 21, 2009

Identity theft rocks the world of Rock & Roll

Even the world of rock and roll is not immune to identity theft.  And, no, I'm not talking about Elvis impersonators. 

Eric Valentine, a music producer who has worked with Maroon 5 and Queens of the Stone Age, has filed a lawsuit against one of his associates for allegedly impersonating him in an attempt to land recording jobs.

The lawsuit, filed in Los Angeles Superior Court on December 8, alleges that one Louis Adkinson has been using Valentine's name to sign deals with artists.  One such artist was Mark Ballas of Dancing with the Stars.

Adkinson's brother manages Valentine's L.A. studio.  The lawsuit claims that Adkinson broke into Valentine's office and stole a commemorative plaque regarding his work on the soundtrack of the movie Shrek.  He even had photos on his phone of himself holding up the commemorative plaque in Valetine's office, which he showed to potential victims such as Ballas.

Dionne Warwick's son, Damon Elliot, is alleged to have conspired with Adkinson "to misappropriate and trade off the good will of Valentine's name and use that name to steal from musicians and others who wanted to work with Valentine".

According to Ballas, Adkinson had him fooled for the first week or so, but the scheme unraveled when it became clear that Adkinson did not have any musical knowledge.  Said Ballas, "He didn't know a C chord.  He didn't know anything."

December 17, 2009

Yes, I'm vain.

Someone once told me that vain people like to google their own names.  Guess I'm ultra vain then, since I have a google alert set up to google my name for me.  (BTW, google alerts are great.  I  have alerts set up to e-mail me whenever new content appears on the web regarding Experian, Equifax, Trans Union, identity theft and the FCRA.  Pretty nifty.) 

The reason (other than vanity) I have a google alert for my name is that there is such a thing as social network identity theft, where someone steals your online identity (i.e. opens a facebook page under your name, etc.)  Supposedly, if someone tried to do this, my google alert would inform me and I could then take action. 

But what the google alert on my name did today was remind me of a great article by Kiplinger's magazine from 2004 about mixed files.  The article mentions me and my first of many mixed file cases against Equifax.  Here's the link to the article -

Now, you must excuse me.  I've got to get back to googling my name while looking in the mirror.

December 16, 2009

Colorado Supreme Court ruled that evidence of identity theft found during search of tax records office was illegal

In a 4 to 3 decision, the Colorado Supreme Court ruled that a prosecutor's search of 5,000 tax files while looking for evidence of identity theft by illegal immigrants was an invasion of privacy.  In so doing, the Colorado Supreme Court upheld a lower court's ruling.

Last year, a Weld County, Colorado district attorney served a search warrant on Amalia's Translation and Tax Service in Greeley, Colorado, which is located about 60 miles from Denver.  What prosecutors were after were any instances where illegal immigrants had used someone else's Social Security numbers on their tax returns.

Advocates of both privacy and immigrants called the search intrusive and, eventually, a lower court agreed.  But not before approximately 30 illegal immigrants had plead guilty to identity theft and turned over to authorities to be deported. 

"A taxpayer has a reasonable expectation of privacy in his or her tax returns and return information, even when that information is in the custody of a tax preparer," Justice Michael L. Bender wrote in the court's opinion.

Even Time's Person of the Year is vulnerable to identity theft

Remember me blogging earlier this year about the theft of the identity of Federal Reserve Chairman Ben Bernanke's wife?  Well, Time just named him their Person of the Year for 2009.  Here's a link to the article -,28804,1946375_1947251,00.html.  Sounds like he's deserving of the honor.

December 15, 2009

Explanation of 15 U.S.C. 1681g

This is part one of my explanation of 15 U.S.C. 1681g of the Fair Credit Reporting Act.

"Section 609.  Disclosures to consumers [15 U.S.C. 1681g]

(a)  Information on file; sources; report recipients.  Every consumer reporting agency shall, upon request, and subject to 610(a)(1) [Section 1681h], clearly and accurately disclose to the consumer:

(1)  All information in the consumer's file at the time of the request except that --

(A)  if the consumer to whom the file relates requests that the first 5 digits of the social security number (or similar identification number) of the consumer not be included in the disclosure and the consumer reporting agency has received appropriate proof of the identity of the requester, the consumer reporting agency shall so truncate such number in such disclosures; and

(B)  nothing in this paragraph shall be construed to require a consumer reporting agency to disclose to a consumer any information concerning credit scores or any other risk scores or predictors relating to the consumer."

[This is an important section for consumers as it requires the credit bureaus to disclose to you, the consumer, your entire credit file upon request.  This can become important in litigation, particularly in mixed file cases, because the credit bureau typically provides consumers a report that contains credit information that exactly matches the identifiers of the consumer, while the same credit bureau will provide credit reports to third parties utilizing a looser matching logic which often results in more credit information being provided to third parties than to the consumer.  Since the additional information is considered part of the consumer's credit file, the credit bureau violates this section when it fails to disclose the additional information to the consumer.

The other part of this section allows the credit bureau not to disclose information regarding its credit score model as well as the first 5 digits of the consumer's Social Security number if the consumer has opted to truncate the SSN.]

"(2)  The sources of the information; except that the sources of the information acquired solely for use in preparing an investigative consumer report and actually use for no other purpose need not be disclosed: Provided, That in the event an action is brought under this title, such sources shall be available to the plaintiff under appropriate discovery procedures in the court in which the action is brought."

[This section requires the credit bureaus to identify the sources of the credit information they report regarding consumers.  This is important so that consumers know the identity of the companies that are reporting information about them and, if needed, can use that information to dispute directly to the funisher of the credit information.]

"(3)(A)  Identification of each person (including each end-user identified under section 607(e)(1) [Section 1681e]) that procured a consumer report

(i)  for employment purposes, during the 2-year period preceding the date on which the request is made; or

(ii)  for any purpose, during the 1-year period preceding the date on which the request is made."

[This is the section that results in the inquiry section of the credit report.  Inquiries are records of who accesses a consumer's credit report and when.  I think all of the credit bureaus report inquiries for 2 years, but this section only requires them to report inquiries for 1 year, except for inquiries for employment purposes.]

"(B)  An identification of a person under subparagraph (A) shall include

(i)  the name of the person or, if applicable, the trade name (written in full) under which such person conducts business; and

(ii)  upon request of the consumer, the address and telephone number of the person."

[This section just defines what the credit bureaus must include to identify the company accessing the credit report.  This section also requires the credit bureaus to provide the address and telephone number of the companies making the inquiries upon request.]

"(C)  Subparagraph (A) does not apply if --

(i)  the end user is an agency or department of the United States Government that procures the report form the person for purposes of determining the eligibility of the consumer to whom the report relates to receive access or continued access to classified information (as defined in section 604(b)(4)(E)(i)); and

(ii)  the head of the agency or department makes a written finding as prescribed under section 604(b)(4)(A)."

[This section exempts from required disclosure the identity of the user accessing the credit report when the user is an agency or department of the U.S. government but only if the report is obtained to determine the consumer's eligibility for access or continued access to classified information.]

That's part one of my explanation of 1681g.  I will continue with part two in the near future.

Syracuse, New York attorney charged with identity theft

Prosecutors have charged New York attorney Bonnie Strunk with stealing the identity of her law partner's husband, which she allegedly used to open a fraudulent credit card account.  Strunk is also charged with felony tax fraud.

Strunk was initially charged in May with felony counts of third-degree grand larceny and first-degree identity theft involving allegations she used the name of Dr. Robert Seidenberg – the husband of her long-time law partner, Faith Seidenberg – to open a Capital One MasterCard account.  Strunk allegedly used the credit card to pay over $17,000 in veterinary bills from Georgia, Paypal accounts in California and airline tickets on JetBlue.

Now she has been charged for failing to file a 2008 tax return when she had a tax liability of over $11,000.  Strunk is allegedly attempting to negotiate a plea deal.

Identity thief no real "princess"

Memphian Princess Bland has been arrested for identity theft.  Shelby County, Tennessee authorities searched the north Memphis home of Princess Bland and found the names, Social Security numbers and even tax records of Bland's alleged victims from all over the United States.  Authorities claim that Bland was using these identities of 26 people to purchase items over the internet.

All 26 victims are over the age of 55 and did not know their identities had been stolen.  Bland allegedly used their identities to purchase over $17,000 worth of computers and computer accessories from computer manufacturer Dell.  Bland, however, made the mistake of using the same e-mail address on all the purchases, which tipped off Dell's fraud investigators.  Dell then contacted the appropriate authorities.

According to Memphis authorities, Bland was a supervisor of an unnamed company and used her position to obtain her victims' information. The company should be looked into for its hiring practices, as Bland was no "princess", as she had an extensive criminal history of identity theft and theft in general.  Had the company done its homework, 26 people would not have become victims. 

The first 6 victims investigated have not been from the Memphis area.  The authorities are still waiting on the list identifying the other 20 victims.

Authorities believe that Bland did not act alone and that she also used the victims' identities to open department store credit cards.  Bland's victims, if they read this, should contact an attorney in my line of work.  If you need help, please feel free to contact me at and I will do my best to assist you or find an attorney in your area that is also experienced in this type of case.

December 14, 2009

Don't be fooled by "free" credit report offers

As I have blogged about previously, there are a lot of companies that offer "free" credit reports ... that aren't really free.  There's always a catch.  You'll even from time to time see their ads pop up on this website.  I do my best to block them but, unfortunately like the multi headed hydra of mythology, as soon as I cut off one website, two more pop up to take their place.

The moral of the story is that there is only one place where you can go to get your truly free credit report.  That place is

Here is a link to an informative article that underscores what I just said and regarding efforts underway to eliminate the confusion about which credit reports are truly free and which have strings attached -  Happy reading.

Fake NFL player convicted of identity theft

Amadeus Harlan a.k.a. Johnny Harlan allegedly posed as a member of the NFL's Denver Broncos.  Now he'll trade his imaginary Broncos' uniform for real prison garb.  Harlan was convicted Thursday of identity theft and aggravated motor vehicle theft in Jefferson County, Colorado. 

According to prosecutors, the forty year old Harlan repeatedly posed as a professional football player for the purpose of gaining the trust of his victims, then stealing their identities to purchase expensive cars and obtain loans.  Harlan was also convicted of writing phony payroll checks to employees of his bogus business. 

Harlan is scheduled for sentencing on February 26, 2010 and faces up to 48 years in prison.

December 08, 2009

Good advice about keeping a good credit history

The article at this link is meant to advise military personnel about how to get and maintain a good credit rating, but it looks to me like good advice for any consumer.  Check it out here -

December 07, 2009

Identity thief allegedly uses Ohio man's identity since 2001

Phoenix, Arizona's Marcus Jones has been indicted for identity theft and forgery.  Jones was arrested after it was allegedly discovered that he had a business, credit cards and several vehicles in the name of an Ohio man.  According to authorities, Jones had been using the Ohio man's identity since at least 2001.

The Ohio man contacted authorities after experiencing legal, financial and tax complications as a result of the alleged theft of his identity by Jones.

Trans Union mixes multiple consumers' credit histories

Here's an all too familiar story about Trans Union merging two or more consumers' credit files together.  I have seen this way too much and have represented multiple consumers against the various credit bureaus as a result of the mixed file problem caused by the credit bureaus' loose matching logic. 

Here's a link to the article -  Ms. Martinez, if you happen to see this and need legal representation against Trans Union, please e-mail me at and I'll help you find one of the few competent attorneys that actually have experience in this type of case.  There are only a few of us out there.

What to do if your wallet is stolen ... and before your wallet is stolen

Pretty informative post on another blog about steps to take both before your wallet is stolen and after your wallet is stolen.  Check it out -

December 02, 2009

H1N1 identity theft e-mail phishing scam

As if the swine flu virus wasn't bad enough, now identity thieves are using it to their advantage.  Scammers are using e-mails offering a "Personal H1N1 Vaccination Profile".  The e-mail scam appears to come from the Center for Disease Control and actually uses a pretty good (but still fake) version of the U.S. Department of Health and Human Services logo. 

The e-mail tries to dupe the reader into clicking on a link to a separate site, ostensibly to set up a profile containing the reader's name, contact details, and personal medical history.  A screen shot of the picture is below:

The website has several links that all will download a file which probably contaisn some malicious code which would do Lord knows what to your computer.  The virus would probably include code to obtain your personal information from your computer.

Although the Web address in the e-mail link appears to be operated by (the agency's Web site), a hidden portion of the address indicates that the site is actually in Belgium.

Part 2 of explanation of 15 U.S.C. 1681e

For some reason this did not post yesterday as it was scheduled to do, so here it is:

This is part 2 of my explanation of 15 U.S.C. 1681e.  For part of the explanation, see here -

"(d)  Notice to Users and Furnishers of Information

(1)  Notice requirement.   A consumer reporting agency shall provide to any person

(A)  who regularly and in the ordinary course of business furnishes information to the agency with respect to any consumer; or

(B)  to whom a consumer report is provided by the agency;

a notice of such person's responsibilities under this title."

[This section requires the credit bureaus to provide a notice (the content of which is prescribed by the FTC per (d)(2)) regarding their responsibilities to two types of entities - furnishers and users.  Furnishers are the companies that furnish information to the credit bureaus for inclusion on consumers' credit reports (i.e. the banks, credit card companies, collection agencies, etc. whose accounts make up the consumers' credit histories).  Users are the companies that buy consumers' credit reports from the credit bureaus, assuming they have a permissible purpose to gain access to the report.  A company can be both a user and furnisher regarding a consumer, although not at the same time.)

"(2)  Content of notice.  The Federal Trade Commission shall prescribe the content of notices under paragraph (1), and a consumer reporting agency shall be in compliance with this subsection if it provides a notice under paragraph (1) that is substantially similar to the Federal Trade Commission prescription under this paragraph."

[This section defines what the credit bureaus must include in the notices to furnishers and users required by (d)(1) by simply saying that the FTC will prescribe the content and the credit bureaus' notices must be substantially similar to the FTC prescribed content.]

"(e)  Procurement of Consumer Report for Resale

(1)  Disclosure.  A person may not procure a consumer report for purposes of reselling the report (or any information in the report) unless the person discloses to the consumer reporting agency that originally furnishes the report

(A)  the identity of the end-user of the report (or information); and

(B)  each persmissible purpose under section 604 [Section 1681b] for which the report is furnished to the end-user of the report (or information)."

[This section applies to resellers of credit reports.  Before it can resell the report (or any information in the report), the company reselling the report must identify who the report is ultimately being sold to and provide each and every permissible purpose used in obtaining the credit report.  These disclosures are required to be made to the credit bureaus selling the report to the reseller, not to the consumer whose information is being sold.  Although I have seen on at least one credit bureaus' reports to consumers that they list the end user who ultimately gets the resold report as part of the inquiry.]

"(2)  Responsibilities of procurers for resale.  A person who procures a consumer report for purposes of reselling the report (or any information in the report) shall

(A)  establish and comply with reasonable procedures designed to ensure that the report (or information) is resold by the person only for a purpose for which the report may be furnished under section 604 [Section 1681b], including by requiring that each person to which the report (or information) is resold and that resells or provides the report (or information) to any other person

(i)  identifies each end user of the resold report (or information);

(ii)  certifies each purpose for which the report (or information) will be used; and

(iii)  certifies that the report (or information) will be used for no other purpose; and

(B)  before reselling the report, make reasonable efforts to verify the identifications and certifications made under subparagraph (A)."

[This section simply attempts to keep resold reports from being sold for impermissible purposes.  It requires the reseller to identify the ultimate end user of the credit report, certify each permissible purpose used to obtain the credit report and certify that the credit report won't be used for any other purpose (permissible or not).]

"(3)  Resale of consumer report to a federal agency or department.  Notwithstanding paragraph (1) or (2), a person who procures a consumer report for purposes of reselling the report (or any information in the report) shall not disclose the identity of the end-user of the report under paragraph (1) or (2) if -

(A)  the end user is an agency or department of the United States Government which procures the report from the person for purposes of determining the eligibility of the consumer concerned to receive access or continued access to classified information (as defined in section 604(b)(4)(E)(i)); and

(B)  the agency or department certifies in writing to the person reselling the report that nondisclosure is necessary to protect classified information or the safety of persons employed by or contracting with, or undergoing investigation for work or contracting with the agency or department."

[This section exempts from the end user disclosure requirements of (d)(1) and (2) where the end user is a U.S. agency or department and the report is used for determing whether the consumer should get or continue to have access to classified information and where the agency or department certifies that nondisclosure is required to protect any classified information or safety of employees of the agency or department.]

This concludes my explanation of 15 U.S.C. 1681e.

December 01, 2009

Good primer regarding preventing ID theft while shopping online

For those of you who like to shop online (i.e. my wife), here's a good article about how to prevent your identity from getting stolen while doing your online Christmas shopping this year:
Online shopping might be a convenient way to tackle your holiday gift list, but is your money really safe in cyber space? Experts offer some tips to safeguard your personal information.

"There's different shapes and forms that they can rob you," says Cesar Fazz, Security Manager for AEA Federal Credit Union. The recently-retired police lieutenant also knows scammers will do anything to steal your money.

"You've got to look at the address on there and look at the sites," says Faaz. Before you embark on cyber shopping, he suggests looking for a few security features.
"If you get on and they have an http address, if there's an 's' usually after that, that usually means it's a secure website." Look for the "s" when you access a web page asking you for personal information such as your credit card number.

Also watch out for a yellow lock icon.
"All that means is that the information is being sent from you, the buyer, to the website that that information is being encrypted and so forth," explains Faaz.

Those features are not fool-proof. Fazz says consumers need to first update all anti-virus software. That's because some viruses will install a program to record everything you type.
"It'll get a virus on your computer and then they're able to either see or record those keys that you're pushing like your password."

Finally forget email links. Manually type in the retailer's web address to avoid being routed to a scam site.
No measure will keep you absolutely safe from identity theft, so experts suggest you read your credit card statements to make sure you didn't become a victim without even knowing it.
 The original article can be found here, at Yuma, AZ's KSWT Channel 13's website -

Explanation of 15 U.S.C. 1681f of the Fair Credit Reporting Act

Below I continue my explanation of each section of the Fair Credit Reporting Act by explaining 15 U.S.C. 1681f.

"Section 608.  Disclosures to governmental agencies [15 U.S.C. Section 1681f]

Notwithstanding the provisions of section 604 [Section 1681b] of this title, a consumer reporting agency may furnish identifying information respecting any consumer, limited to his name, address, former addresses, places of employment, or former places of employment, to a governmental agency."

[This section simply indicates that a credit bureau may provide the personal identifiers of a consumer to a governmental agency, whether the governmental agency has a permissible purpose pursuant to 1681b or not.  Nice to know that big brother can find out where you live, work or used to work for whatever reason they want to.  Or for no reason at all.]

I will begin my explanation of 1681g in the near future.

November 25, 2009

Part 1 of explanation of 15 U.S.C. 1681e

Here's part one of my explanation of 15 U.S.C. 1681e.

"`Section 607.  Compliance procedures [15 U.S.C. 1681e]

(a)  Identity and purposes of credit users.  Every consumer reporting agency shall maintain reasonable procedures desinged to avoid violations of section 605 [Section 1681c] and to limit the furnishing of consumer reports to the purposes listed under section 604 [Section 1681b] of this title.  These  procedures shall require that prospective users of the information identify themselves, certify the purposes for which the information is sought, and certify that the information will be used for no other purpose.  Every consumer reporting agency shall make a reasonable effort to verify the identity of a new prospective user and the uses certified by such prospective user prior to furnishing such user a consumer report.  No consumer reporting agency may furnish a consumer report to any person if it has reasonable grounds for believing that the consumer report will not be used for a purpose listed in section 605 [section 1681b] of this title."

[This section requires the credit bureaus to have reasonable procedures to prevent impermissible accesses to consumers' credit reports.  Unfortunately, the CRAs procedures are not that good.  Other than the initial investigation of a new user before the CRA will start selling reports to it, the CRAs only require a "certification" that the user is getting the credit report for a permissible purpose.  The problem is that the user can "certify" any reason it wants that permissible whether its really the reason why its getting the credit report or not.  Only after the user gets caught will the CRA be on notice that the user is not on the up and up, which then causes the last sentence of 1681e(a) to kick in.]

"(b)  Accuracy of report.  Whenever a consumer reporting agency prepares a consumer report it shall follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates."

[This is by the far the most important section I have explained yet, at least to my practice.  Virtually every lawsuit I file against a credit bureau includes alleged violations of 1681e(b) (called "e(b)" claims for short).  My FCRA cases typically fall under two categories - those arising from identity theft and those arising from mixed files.  Identity theft cases almost always involve disputes by consumers of the inclusion of the fraudulently opened accounts which are then "investigated" by the credit bureau.  A significant number of the so called "investigations" are botched by the credit bureaus.  These botched investigations violate 1681i of the FCRA.  However, the botched investigations also arguably lead to violations of 1681e(b) when the CRA generates credit reports containing the disputed but not reasonably investigated accounts.

A clearer violation of 1681e(b) happens in mixed file cases.  In mixed file cases, the CRAs generate credit reports using their matching logic which does not use an exact match between the SSN on the account to the SSN of the consumer before putting the account on the consumer's credit report.  This results in accounts of someone with a similar name and SSN showing up on the consumer's credit report.  The argument is that utilizing a matching logic to create a credit report where the SSN is not even required to match is not a reasonable procedure to assure the maximum possible accuracy of the report.]

"(c)  Disclosure of consumer reports by users allowed.  A consumer reporting agency may not prohibit a user of a consumer report furnished by the agency on a consumer from disclosing the contents of the report to the consumer, if adverse action against the consumer has been taken by the user based in whole or in part on the report."

[Once upon a time, a consumer would ask his bank for a copy of his credit report and the bank would tell the consumer that it was not allowed by its contract with the CRA to give the consumer a copy of his credit report.  Now, a consumer asks his bank for a copy of his credit report and, guess what, the bank still tells the consumer that the CRA does not allow it to give the consumer the report.  While I am sure its not in writing anywhere, I would be willing to bet that CRAs still tell its users not to give out copies of the credit reports it obtains.  Regardless, at least the consumer can now tell the bank that what its saying is not true.]

I will continue my explanation of 15 U.S.C. 1681e with part (d) in part 2 of the explanation.

November 24, 2009

New telephone scam in the U.K.

Based upon my decade of practicing law with an emphasis on representing victims of identity theft, I always believed that identity thieves target those with good to excellent credit histories, since it was those types of credit histories that equate to an easier time getting approved for credit, whether applied for by the consumer or the identity thief.   A target rich environment, if you will.

But here's a scam that targets those in debt rather than those with credit lines available to be obtained.  The article is from

Fraudsters are targeting those struggling with debt.

They are tricking people into giving out personal details and money with scam telephone calls.

Crooks, posing as staff from the Government, Office of Fair Trading, High Street banks or claims-management companies, are calling and persuading people to give them as bank details, with the promise of repayment of debts.

Victims are asked to make an upfront payment after being told they are entitled to a repayment of bank charges or other debts.

Equifax, the ID fraud expert, is urging everyone to keep their personal details safe.

Neil Munroe from Equifax says: “Criminals are targeting those already in debt and they are very convincing and persuasive, calling victims repeatedly.

“Anyone who provides their details over the phone risks having their accounts emptied, leaving them even more in debt.”

Never give out personal details over the phone. Call the head office of the company concerned to find out if a call is genuine.
For the rest of the article, see

E-mails trying to get you to check your credit report due to "problems" is probably a scam

I have heard people complain about getting unsolicited e-mails from Equifax telling them there are problems with their credit report and advising them to buy their credit report.  This is either a scam by some perp trying to obtain your personal information or a ploy by Equifax to get you to sign up for a credit monitoring service you likely don't need.  Either way, its something to avoid.

If you want to check your credit report, try, which is the website that federal law required the credit bureaus to establish to provide one free credit report per credit bureau to each consumer per year.  Better yet, print out and mail in the pdf request form found at and get your credit reports for free without any arbitration clause taking away your right to a jury trial.  You see, redirects consumers to the websites of Experian, Equifax and Trans Union to complete the process of obtaining the free credit reports.  One or more of the bureaus' websites require the consumer to agree to an arbitration clause to access the credit report.  Sending in the pdf form, though, does not activate any such arbitration clause.

November 23, 2009

"The reports of my death are greatly exaggerated" ... by Experian

Few knew that the rest of Mark Twain's quote attributed the reports of his death to Experian, but Ann Howe found that out the hard way.  Experian decided to start informing any one who asked for Ann Howe of Seattle's credit report that she was no longer among the living.  Problem is, she was and is very much still alive.

Howe tried to refinance her home mortgage but was denied by her bank because Experian told her bank she was dead.  Apparently, her banker thought she was a ghost since she was sitting in front of him when Experian declared her dead, since the bank opted to believe Experian instead of the breathing, talking woman visiting their bank.

What's worse, it took Howe and her daughter months of faxes, notarized papers, phone calls and letters and still Experian would not believe Howe was alive, which meant the bank would not approve the refinance.

Fortunately, Experian finally agreed with Howe's doctors that she was indeed still alive.  Once Experian came to its senses, Howe's credit report was corrected and she was finally able to obtain her loan.

Identity theft ring in South Florida busted

Police have busted up an identity theft ring operating in south Florida.  A bank teller and five others - namely Janice Coachman of North Lauderdale, Latoya Robinson of Fort Lauderdale, Roberta Huha of Dania Beach, Jude Thompson of Lauderhill, Vincent Ware of North Lauderdale, and Curisha Bryant of West Park - were all arrested in a 3 county crack down of an identity theft in south Florida.  Four other suspects are still at large.

The 21 count federal indictment accused most of the defendants of using stolen credit cards, stealing identities, cashing forged checks as well as recruiting others to joing the ring.  Charges include aggravated identity theft and bank fraud.

According to the indictment, Curisha Bryant was a bank teller at a BankAtlantic branch, where she allegedly shared information from her customers' accounts with three of her co-defendants.

Fair Isaac loses antitrust lawsuit

A Minneapolis jury on Friday ruled against Fair Isaac and in favor of credit bureau Experian in an antitrust lawsuit filed by Fair Isaac against Experian.  Fair Isaac claimed that it had exclusive trademark rights to credit scores utilizing any score range that overlapped 300 to 850.  Fair Isaac claimed that Experian's VantageScore credit score violated its alleged trademark rights.  Unfortunately for Fair Isaac, the Minneapolis jury disagreed.

"Today's verdict is a victory for Experian and for American consumers," said Kerry Williams, group president of credit services and decision analytics at Experian. "By preventing FICO from further stifling competition in the marketplace, the jury's decision will increase consumer choice in credit scoring."

The jury also found that Fair Isaac committed fraud on the Patent and Trademark Office in obtaining its trademark registration.

VantageScore is the credit reporting industry's first credit score developed jointly by the three national credit reporting companies to deliver consistent, objective credit scores across their respective databases. VantageScore provides consumers and businesses with a highly predictive, consistent score that is easy to understand and apply. VantageScore utilizes a range from 501 to 990 that naturally aligns with well-known A, B, C, D and F grade intervals, and is used by four of the top five U.S. financial institutions and eight of the top 10 credit card issuers.

November 22, 2009

Toys for Tots scam results in arrest for identity theft

Marsha Lynn Foster of Dekalb County, Georgia has been charged with identity theft and theft by deception.  According to authorities, Foster posed as a representative of Toys for Tots and falsely solicited donations from local merchants in a fraudulent manner.  Police arrested Foster Saturday evening at her home near Decatur, Georgia.

Authorities have offered some helpful tips when approached by donation seekers:
Obtain the representatives credentials such as photo identification.
Obtain charity organization information such as a business card and other literature.
Do not give donation immediately. Take the time to contact the agency to verify they had a representative in your area.
Most charity organizations will provide a donation request on letterhead and they will not ask for CASH ONLY.

Most importantly, use your common sense.

November 18, 2009

Two Dallas women charged with stealing 147 identities

Police have arrested and charged Yolanda Burks and Beverly Crowder, both of Dallas, Texas, after they were found to possess the personal information of 147 Dallas and Tarrant county residents.  Police believe that the duo has used the personal information of others to obtain cell phones and utlility services for over two years.  Authorities believe that the pair may have obtained the personal information by stealing mail or other types of theft.

Authorities are attempting to contact the 147 potential victims.

November 17, 2009

Identity theft leads to murder

Christopher Helmlinger was murdered in September.  Berryville, Arkansas police believe Evin Davis, Jr. murdered Helmlinger in order to steal his identity.

Helmlinger was shot to death and buried in a shallow grave.  His body was found approximately two weeks after his family reported him missing when police received a tip about a mound of dirt with a shovel nearby.  Davis, who went by the alias Charles Hedstrom, was spotted near the mound of dirt.  The same night Helmlinger's body was found, Davis a.k.a. Hedstrom and his family left town. 

Davis a.k.a Hedstrom worked with Helmlinger at Tyson Foods and spent a lot of time together.  The police's investigation of the tip regarding Davis' proximity to the location of Helmlinger's body led police to learn that Hedstrom was really Davis and was wanted in Missouri for stealing a car. 

Davis' wife was apprehended when she showed up for her final pay check.  She refused to tell authorities where her husband was holed up, but he eventually turned himself in.  Davis is being held while a determination regarding his bond is pending.  His wife is being held on a $1 million bond.

November 16, 2009

Identity theft is actually "low tech" crime

Good article from explains how identity theft no longer requires criminal geniuses to commit:
The U.S. Census Bureau estimates a little more than one-third of households will refuse to mail out their census forms next year because of fear that sharing personal data could make them susceptible to identity theft.

This is no idle concern — almost 10 million people were victims of identity theft in 2008, a 22 percent rise from the year before. And despite the popular image of some Serbian teenager with superior computing skills hacking into a major mainframe and stealing thousands of pieces of sensitive personal data, then using them to buy flat panel TVs and Blackberries, the majority of identity theft — a whopping 43 percent — comes from such low-tech means as stolen wallets and documents. Only about 1-in-10 thefts are computer-originated.

Those final two figures, in fact, tend to confirm the findings of "Understanding Identity Theft: Offenders' Accounts of Their Lives and Crimes," a study published earlier this year in Criminal Justice Review. Conducted by Lynne M. Vieraitis of the University of Texas at Dallas, and Heith Copes of the University of Alabama at Birmingham, the study is based on interviews with 59 identity thieves incarcerated in federal prisons. The goal of the study was to determine the demographic characteristics of these criminals and how they commit their crimes.

"One of the things we found most surprising is it seems to be very democratic in terms of who's committing [identity crimes]," says Vieraitis. "There are people who are more like street offenders and those closer to the white-collar-type fraudster."

"What motivates all these offenders is money," adds Copes, "and that's where you see the distinction between street life and those living a middle-class lifestyle. The street-life types, these are the hardcore offenders. They live this life of the party, drugs, going out — this hedonistic lifestyle. And they use the money to support that lifestyle. It's a cash-intensive lifestyle. It encourages them to commit more crime, and the cycle continues. The middle class is trying to portray a middle-class lifestyle; they're trying to pay off houses and cars they can't afford."

In either case, the means of obtaining the information needed to pull off their crimes is decidedly low tech — as low tech as, in some cases, Dumpster diving. But the most common method of getting information is to buy it from someone, generally a person who works for a mortgage company, bank, car dealership or state agencies like law enforcement and the Department of Motor Vehicles.

"The most common method was getting it through legitimate access," says Copes. "Either that person worked at the place that had that information or they paid the person to get it. They use what's known as 'larceny sense' — a lot of them could just recognize people they could buy off."

Other methods included stealing mail from apartment houses or businesses like insurance companies — even stealing trash cans from banks. One thief put ads in newspapers seeking employees for a new company, had jobseekers fill out applications that included Social Security numbers, then used those to create false identities.

In all cases, offenders parlayed stolen IDs into cash by applying for credit cards (the most common method), opening bank accounts and depositing counterfeit checks, withdrawing money from existing accounts, applying for loans and public assistance.

One thief would apply for credit cards at places like Lowes or Home Depot, receive instant credit in a specific amount and then max out the card immediately. This felon would even take orders from people beforehand and discovered that gift cards were especially popular: "Gift cards were like money on the streets," she told the researchers. "People were buying them off me like hotcakes."

Yet if all this suggests identity thieves are necessarily smarter than the average felon — you know, like that brilliantly twisted teen Serb hacker — forget it.

"You don't have to have a high IQ," says Copes. "One of the skills is just good social skills. You may pose as someone and pull all their money out of an account, so you need to be able to interact with people, know which teller to talk to and know when a conversation is not going the right way."

So if identity theft isn't primarily a trade for brainiacs, how come it's the sophisticated computer types who seem to define the crime?

"The media has put out this image that it's Russian organized crime or groups using computers hacking into databases," says Vieraitis. "Those are the ones we hear about. I think it makes for a better story. Maybe we just don't focus enough resources on the mundane identity theft. I also think banks and credit card companies have gotten better at helping people out. And most of it is credit card fraud."

"It is a relatively unsophisticated type of crime," Copes adds.

Ringleader behind theft of Bernanke's wife's identity sentenced

Waldorf, Maryland's Clyde Austin Gray, Jr. was sentenced on Friday to 11 years in prison and to repay more than $1.4 million in restitution. Gray previously pled guilty to masterminding a nationwide identity theft ring, whose victims included the wife of Federal Reserve Chairman Ben Bernanke.

November 10, 2009

Tax return preparer charged wiht identity theft

Sharon Meyers-Washington, a Little Rock, Arkansas resident who worked part time as a tax preparer, has been charged with identity theft as a result of fraudulently using Social Security numbers to prepare false tax returns.  Ironically, Meyers-Washington is also an employee of the Social Security Administration. 

Meyers-Washington was a tax return preparer for Jackson Hewitt for tax years 2005 and 2006 and for JBL Refunds in 2007. 

Meyers-Washington was charged with 24 counts of aiding and assisting the preparation of false tax returns, 34 counts of fraudulently using Social Security numbers and one count of aggravated identity theft.

November 09, 2009

Identity Theft Program Backfires on Consumer

Straight from  Unfortunately this is all too common with these identity theft protection companies:

I heard about an identify theft program that protects you for only $110 a year and you can sleep at night with no worries of someone stealing your identity and maxing out your credit cards.

When I agreed to the program, I used my credit card for the yearly fee. But when I received my credit card statement, the company that I had signed onto had billed me twice, for $220.

This is the company that is supposed to protect me. I am supposed to get a credit for that and hopefully I will.

I can only hope this is all that will happen to me on this.
Too bad the person that posted this did not identify the company so others could avoid her fate.

November 08, 2009

Data breach victims four times more likely to be victims of identity theft

According to a recent study called "Data Breach Notifications: Victims Face Four Tmes Higher Risk of Fraud", those individuals whose information is exposed via a data breach are four times more likely to have their identity stolen than the average person.  The results of this study are contrary to the party line spewed by most companies that victims of their data breaches typically are not later victimized by fraudsters or identity thieves.  The study, conducted by Javelin Research, also underscores the need for stronger legislation to protect individuals from data breaches and require notification when data breaches occur.  As I posted earlier, the Senate Judiciary Committee has approved two such bills - S. 139 and S. 1490.

The study utilized multiple years of data including 2009 data breaches. The report also presents a timeline overview of the most recent and egregious data breaches in U.S. history, with recommendations for how individuals and companies can increase safety.

Possible new law on the horizon regarding data breaches?

On November 5, the Senate Judiciary Committee approved two bills regarding data security.  The first is Senator Feinstein's Data Breach Notification Act (S. 139).  The text of this proposed law can be found here - 

The Data Breach Notification Act would greatly expand the amount of data combinations that, if breached, would require notification.  Currently, most laws only require notification if a name is released in conjunction with a Social Security number, driver's license number or financial account number.  If S. 139 is passed as is, it would require notification if only the first and last name, address/phone number and date of birth are stolen or inadvertantly released.  The bill would also require notification of the Department of Justice and fines up to $1000 per day per victim up to $1,000,000.

The second bill approved by the Senate Judiciary Committee was Senator Leahy's Personal Data Privacy and Security Act (S. 1490), the text of which can be found here -

Senator Leahy's bill goes beyond Senator Feinstein's in that it is styled to be proactive to prevent data breaches, rather than reactive to data breaches that have already occurred.  Think "Red Flag Rules" but with the emphasis on protecting against data breaches of any kind, rather than just recognizing and preventing identity theft.  The bill would require companies maintaining information on 10,000 or more United States persons to implement a comprehensive personal data privacy and security program that includes administrative, technical and physical safeguards to prevent data breaches as well as requiring employee training and vulnerability testing of the safeguards. 

I will do my best to follow these two bills and update you on their status.

November 05, 2009

Identity thief gets 11 years

A California Federal Court sentenced Garden Grove, California man to eleven years in prison for masterminding two identity theft schemes that allowed him to steal personal information from hundreds of consumers.  He then stole their identities, using the consumers' identities to fraudulently obtain over $1.5 million from credit card accounts and home equity lines of credit.

In additon to his sentencing, Martin Quoc Pham was also ordered to pay restitution of nearly $538,000.  While Pham used the stolen identities to access legitimate home equity lines of credit with Chase Bank, I representing a plaintiff in a similar case involving Bank of America.  While the identity thief initially begins the consumers' nightmare, it is the banks that keep the problem going.  In my case, Bank of America made error after error, completely ignoring my client's proof of his innocence.

In another scheme, Pham used fraud credit cards to buy merchandise from Wal-Mart and Sam's Club stores. Pham and his cohorts were able to obtain over $300,000 in merchandise fraudulently.  Pham's three co-conspirators already pled guilty to the scheme.

November 04, 2009

Equifax buys Rapid Reporting Verification Company

Equifax has purchased Rapid Reporting Verification Company for a cool $72.5 million.  Amazing how Equifax can have that much to spend on a new company but can't fix its own matching logic.

Rapid Reporting Verification Company is a privately held national provider of IRS tax transcript information and social security number authentication services.  Equifax is allegedly buying Rapid Reporting to increase its ability to prevent and control fraud.  I'll let you know if I can tell a difference.

Crime almost paid ... to the tune of $1.1 million

A New York computer technician almost got away with a scheme that would have netted him $1.1 million.  The key word being "almost".

Adeniyi Adeyemi has been arrested and charged with stealing the identities of more than 150 Bank of New York employees and using their identities to open bank accounts and brokerage accounts to be used as dummy accounts to receive stolen funds.  Adeyemi then allegedly stole funds from the bank accounts of charities and other non-profit organizations, transferring the funds to the dummy accounts.  He later withdrew the funds from the dummy accounts and deposited into other accounts.  Most of the crime was perpretrated over the internet, since charities make their account information readily available in order to encourage donations, which also makes them easy targets for a computer hacking identity thief such as Adeyemi. 

The U.S. Secret Service investigated, finding dozens of credit reports of Bank of New York employees (i.e. Adeyemi's co-workers) on Adeyemi's computer.  Also, investigators also found notebooks containing hundreds of names, SSNs and other personal identifiers, as well as credit cards in the names of Bank of New York employees, in a storage locker rented by Adeyemi.

Sounds like the government's case is pretty solid.

November 03, 2009

FTC does it again - Red Flag Rules enforcement pushed back to 2010

For a fourth time, the FTC has postponed the effective date of the Red Flag Rules.  The most recent effective date was November 1, but its now pushed all the way back to June 1, 2010.  Also, various groups are still trying to wiggle their way out of having to comply with the Red Flag Rules.

The American Bar Association won such a result for law firms.  A D.C. federal judge ruled that law firms do not fall under the definition of a "creditor".  I posted on this over the weekend.  See my post here -

Veterinarians and CPAs are also trying to win exemptions from the new requirements.  But they don't have to sweat it too much until next June . . . if ever.

New York Times compares scores from different sites

The New York Times took the time to analyze and compare the different credit scores from each of the three credit bureaus and other websites where you can obtain your "credit score".  I use quotes because only some of the sites actually provide a score that is likely to be used by a lender.

For instance, the three credit bureaus each offer to sell consumers their credit scores.  But only Equifax uses a score that is actually based on a scoring model used by potential lenders.  Experian and Trans Union's scores are thus less useful to consumers than the score sold by Equifax. 

Also the congressionally required site uses a FICO score, which is used by lenders.  You can also get this score via FICO's website.  But the credit score offered by does not use a scoring model used by lenders.  The website is not mentioned in the article but also does not use a score based upon a scoring model used by lenders.

The full article is here -

Father and Son Guilty of Identity Theft

Like father, like son?  A Kansas judge sentenced a Kansas man and his son to prison for providing fake ids to workers at a Desoto, Kansas manufacturer.  The father, Benito M. Dominguez, was sentenced to four and a half years in prison while his son, Jose E. Dominguez, was sentenced to almost two years.

The father and son crime duo possessed the names and Social Security numbers of over 400 people, which they used for bogus SSN cards and resident alien documents.  Both pled guilty to single counts of aggravated identity theft and making false identification documents. 

Equifax drops a spot in Global 100

Equifax, Inc., is still in the Global 100, a list of the world's top technology firms, but has dropped a spot this year to 17.  Equifax, Inc. is the publicly traded parent company of Equifax Credit Information Services, the credit bureau I sue all the time for consumers whose information it reports incorrectly.

Not sure why a company whose computer "matching logic" routinely fails to match a person to his or her credit information is considered a top technology firm.  Whose number 16 on the list - MicroStone, the maker of Fred Flintstone's computer?

November 02, 2009

Life Insurance Agent Arrested for Identity Theft

Kerry Urban Hunter, an Inglewood, California life insurance agent, was arrested and charged with one count of identity theft and one count of grand theft, both of which are felonies.  Hunter allegedly received over $5,000 in advanced commissions from a duped life insurer after submitting 18 bogus insurance applications for nine different people.

Hunter's scheme was discovered when his company peformed its own investigation after after an inordinate amount of applications were cancelled due to the premium checks bouncing.

Hunter allegedly used his own checking account information on the applications but incorrect dates of birth and SSNs of the supposed applicants.  Police were able to locate one of the alleged applicants who did not know Hunter and did not intend to buy any life insurance from him.

Equifax buys another company

Equifax, Inc., the parent company of Equifax Credit Information Solutions (which is the credit bureau that I'm always suing for consumers), has acquired IXI Corporation, a company engaged in collecting, analyzing and delivering consumer wealth and asset data.  Equifax purchased IXI Corporation for $124 million (apparently I need to be holding out for more money for my clients). 

Just what we need, Equifax keeping up with more data.  Like they don't already have enough that they can't keep accurate!

Five steps to prevent identity theft

Five steps to prevent identity theft - straight from

1. Hang on to your credit card

Culprits who steal identities can get into your records in a blink. Devices as small as a cigarette lighter can be used to "skim" information from any card with a magnetic strip -- even while a sales associate is processing a legitimate transaction.

A re-encoded or cloned credit card is created with another person's name on the front, and the victim's personal info on the magnetic strip. Full service gas stations "have been notorious" for this type of ID theft, Suffolk Police Det. Thomas Gabriele says. Instead, pay by cash, or swipe your card at the self-service island and pump the gas yourself wherever possible.

2.  Get ID theft protection

If a new account is opened by a thief using your personal information, the delinquent payments will be reported to a credit bureau, damaging your credit.

Obtain a free report from the three major credit bureaus,, and (It's important to check all three because they may not all have the same information.) Once you are certain all of the credit information is correct, you can put security measures such as passwords in place.  [ok, I don't agree with this.  Instead, you should get your free credit report via via the written form you can fill out to request your credit reports.  This form (unlike the websites listed above) does not have any arbitration clauses that potentially take away your rights.]

3.  Watch the mail

Thieves may be after more than checks in your mailbox. They also can copy personal information from official correspondence. Install a locked security mailbox, opened with a key. If you are receiving checks, have them deposited directly into your bank account instead of sent to your home.

4.  Better to shred

Any piece of mail with an account number or a code could be used to invade your privacy. That includes a bank statement, medical bills -- even shopping catalogs with codes on the back. If it bears an account number or code, shred before trashing. An inexpensive crosscut paper shredder costs less than $50.

5.  Password diversity

Use different passwords for all your accounts and don't use ones that will tell thieves your personal information, such as your birth date.

If your password is breached, a thief can run rampant with it. For accounts that require passwords, create something new and unique. Write them down and file them in a safe place so they can be referenced when you need them.

October 31, 2009

Red Flag Rules do not include attorneys

As I have reported before, the FTC's Red Flag Rules regarding prevention of identity theft go into effect (allegedly) tomorrow, November 1.  The Red Flag Rules have been supposed to go into effect multiple times before, only to be delayed.  But since tomorrow is almost here, maybe they will indeed go into effect this time.

Another development is that Judge Reggie B. Walton of the United States District Court for the District of Columbia has ruled that the Red Flag Rules do not apply to law firms.  The D.C. Court agreed with the American Bar Association, finding that the Federal Trade Commission's interpretation of the Fair and Accurate Credit Transactions Act (FACTA - the amendment to the FCRA passed a few years ago) was overreaching and its application to lawyers and law firms unreasonable.

The decision turned on FACTA's definition of creditor.  Only creditors, as defined by FACTA, have to comply with the Red Flag Rules' requirements to attempt to prevent identity theft.  The Red Flag Rules require creditors to adopt written identity theft prevention procedures. 

The FTC argued that lawyers and law firms fall under the definition of "creditor" and thus have to comply with the Red Flag Rules.  Unfortunately for the FTC's argument, it was a stretch to call a law firm a creditor and Judge Walton agreed.  As a result, Judge Walton granted the ABA's motion for partial summary judgment.  This also means I don't have to write identity theft prevention procedures by tomorrow.

Where have I been?

Some of you may be wondering why there's been no posting activity for a while on this site.  Or maybe no one's noticed?  For any of who may have taken note of a lawyer that went quiet (that doesn't happen often), its because I had to prepare for another captive audience, namely a federal jury in a non-consumer related trial in the United States District Court for the Northern District of Mississippi.  Preparing for and trying a case always takes precedence over just about everything else, as it is one of the most time consuming, difficult things a lawyer does.  At least that's my take on it.  So that's why I've been so quiet.

Regular posting will begin again Monday.  And, as always, comments and questions are not only welcome but encouraged!

October 20, 2009

Another article about how to protect yourself from identity theft of Cleveland, Ohio has an article about ways consumers can protect themselves from identity theft.  Here's the advice from the article:
Last year, close to 10 million Americans were victims of identity theft. Generally, people who made more than $75,000 were more likely to be fraud victims. The fraud rate was highest among people 35 to 44 years old.
The president of Cleveland's Better Business Bureau, David Weiss, said one in every 23 Americans is a victim of fraud. NewsChannel5's Joy Benedict headed to Target to ask shoppers there if they had ever been a victim of identity theft. The third person she asked, said, "yes." She had her credit card number stolen and some purchases were made online in her name.
The BBB says that's the first step to protecting yourself, pay attention to your bills every month. Don't put your outgoing bills in your curb side mail box, because someone could take them. Either take your payment directly to the company, pay online, over the phone or take it to the post office for delivery.
Get your free credit report every year as well to check your credit history and make sure there is no unusual activity.
And one of the most important steps to take is shredding your financial statements.
As always, I'll add my own advice - if all of the above doesn't work, hire me.  :)

October 19, 2009

Arizon identity theft victim helps police catch identity thief while on vacation in France

An Arizona resident was on vacation in France when he was contacted by his bank about suspicious charges showing up on his account.  The unnamed Arizonan immediately contacted the Scottsdale, Arizona authorities and informed them that there were fraudulent charges being made with credit cards he had left at his Scottsdale apartment.  Additionally, the man told police that several delivery companies had contacted him about purchases that were to be delivered to his apartment that day.

Police checked his apartment at 1:30 a.m. and, while empty, it was clear that someone had been there and, since the identity thief had apparently scheduled deliveries to the apartment of his illegally purchased items for later that day, the police decided that the identity thief would likely return to the apartment.  The police kept the apartment under surveillance until 7:30 a.m., when detectives arrived to wait inside the apartment.

At approximately 8:00 a.m., Neil Freemore, the identity thief suspect, exited an adjacent apartment and walked into the victim's apartment, where the detectives took him into custody.  Sealing the deal, so to speak, Freemore had in his possession the victim's credit card when he arrived at the victim's apartment. 

Police executed a search warrant on the adjacent apartment and found items belonging to the victim, including clothing, electronics, and other personal items, as well as drug paraphernalia.  The drug paraphernalia led to the arrest of Freemore's roommate Jayne Ozlen on drug charges.  Freemore was charged with burglary, theft, fraudulent use of a credit card, identity theft and drug possession.

Retail theft databases - a different kind of consumer reporting agency

What if you are accused of stealing from your employer at a retail store?  Chances are, your alleged theft may hinder your later chances at landing a job.

When thinking of a consumer reporting agency, most people think of the big three credit bureaus - Experian, Equifax and Trans Union - and the credit histories they spit out about consumers.  But there are other types of consumer reports, such as reports regarding employees who allegedly steal. 

For instance, ChoicePoint, who at one time was part of Equifax, manages a collection of information called "Esteem" which is a workplace theft database.  To populate its database with information, ChoicePoint collects reports from over 75,000 retailers regarding employees who allegedly steal from their employers  Companies looking to hire new employees then buy reports regarding potential hires from ChoicePoint's Esteem database. 

ChoicePoint is not the only one in this line of business.  HireRight has compiled an employee-theft database to which 500 member companies contribute evidence of convictions, signed confessions, video surveillance or eyewitness statements regarding employee theft.

Also, the National Retail Mutual Association has collected more than 500,000 incidents of employee theft in its NRMA Retail Theft Database. NRMA obtains its information from client stores who have obtained a signed confession, a signed restitution agreement, a fully paid civil demand, a criminal conviction or other "documentary evidence."

What these companies don't take into account is that, sometimes, people plead guilty to things they did not do, because a conviction, no matter how wrongful, would impose a much worse sentence than the deal the defendant can get by pleading out.  Many innocent defendants plead guilty to get probation where demanding trial also means risking jail time. 

Just like the databases maintained by big three credit bureaus, the retail theft databases put consumers at risk of gross errors that could cost consumers a job and damage their reputations.  Luckily, the retail theft databases are also subject to the requirements of the Fair Credit Reporting Act.

Consumers suspecting that a company may be reporting incorrect information about them to potential employers should request a copy of any and all information about them in the possession of the retail theft database companies named above.  If an error is found, it should be disputed immediately and repeatedly until it is fixed or it becomes obvious that litigation is necessary to correct.  At that point, consumers should contact a consumer attorney such as myself for assistance.

My thoughts on Credit Karma's free credit score

A reader named Marie posted a comment yesterday in response to my post about's free credit scores - see  Marie wanted to know my thoughts on Credit Karma's free credit scores. 

After getting over the initial shock of one of my faithful readers actually asking a question (which is what I initially hoped this blog to receive a lot of), I reviewed Credit Karma's website as I had never heard of Credit Karma before Marie's comment.  I thought, perhaps, Credit Karma is a distant cousin of the mythical Credit Fairy, which I posted about here

As it turns out, Credit Karma is a lot like  It claims to provide free credit scores for those willing to register on its website.  It claims it pays for the costs of obtaining the credit scores by utilizing advertising dollars from selling ad space on its website. 

My initial thought was the same as, i.e. the site provides "a" score but not necessarily "the" score that your creditors receive.  That's because many large creditors utilize their own unique scoring models so there's no way to see that score before you apply (and maybe not even after you apply) to those creditors for credit.  Smaller creditors use standard scoring models, such as FICO.  Its possible that Credit Karma also uses a standard scoring model, but I searched their website up and down and could not find even a hint as to what scoring model they use.  Therefore, Credit Karma, like, is good for finding out generally how your credit score fares but don't count on it to be exact.  But, at least its free to find this out using Credit Karma or, whereas you'd have to pay the credit bureaus to get the same "almost" score.

One thing that did concern me about Credit Karma is how do they get your score without it being a hard inquiry on your credit report.  When you buy your score from one of the three credit bureaus, it does not impact your credit score because it does not count as an inquiry against your credit report.  However, when a third party accesses your credit report (i.e. to get the information needed to generate your credit score), it will show up as a hard inquiry and thus, potentially, negatively impact your credit score. 

Yet, Credit Karma claims the opposite.  Here's what they say on their FAQ page:
Will using Credit Karma lower my credit score?

No. Credit Karma is making the credit score request on your behalf. Inquires made on your behalf will not be shown to creditors and will not affect your credit score.
Maybe Credit Karma is some subsidiary of one of the three credit bureaus and that's how they accomplish getting your score without causing a hard inquiry.  Otherwise, I don't see how they do it and am a bit suspicious. 

Have any of you out there gotten your credit score via Credit Karma and then looked at your full report to see if a hard inquiry showed up?  Or have any of you used Credit Karma at all?  If so, I (and maybe Marie too) would be interested in hearing what you found.

October 17, 2009

Upcoming sentencing for illegal immigrant linked to thousands of fake ids

A Mexican citizen in Witchita, Kansas is scheduled for sentencing regarding one count of identity theft.  The 62 year old Jorge Alvarez Rivera, a.k.a. Daniel Salas, is scheduled for sentencing on January 11, 2010 for making a false claim of U.S. citizenship and identity theft, charges that he pleaded guilty to last month.

However, Rivera is also linked to thousands of U.S. birth certificates produced for illegal immigrants.  In fact, more than a decade ago, Rivera was found with more than 830 Kansas birth certificates hidden in the trunk of his vehicle after he was involved in an auto accident.  However, he was never prosecuted for this crime. 

Fortunately, he is finally being taken off the streets.

October 15, 2009

Skimmer devices show up in Minnesota

Here's an article from the about a rash of skimmer devices showing up that have local authorities worried about an identity theft outbreak.

Beware "the skimmer."

A small, nondescript device that reads and stores credit numbers has popped up in a pair of unrelated theft cases in the metro — one involving a fast-food chain in Eagan, the other involving a TCF Bank machine in Maplewood — giving law enforcement officials and the public yet another reason to concern themselves with identity theft.

"It's not a garden-variety tool, that's for sure," said Jason Korstange, director of corporate communications for TCF Bank. "Not a lot of people would understand how to use it."

The skimmer is so innocuous in its appearance, it can be affixed over the card slot on an ATM machine to make it look like a normal part of the contraption, as was the case recently in Maplewood, or it can be tucked away in a shop's backroom or under a retail counter, where crooked store clerks can use it to scan customers' cards without their knowledge.

"If you're the victim, it may take a while for you to discover, in the first place, that they're charging your card," Maplewood Police Chief David Kvam said. "But your card is not missing — you have it. ... They could be in another town, or even another state, before you become aware."

Police say they've arrested two men who used the boxy little machine to steal credit-card information from unsuspecting customers at a Wendy's hamburger shop in Eagan, where one of the suspects worked behind the drive-through window.
 The whole article can be found here -

Mississippi agencies come together to warn about identity theft

The Mississippi Attorney General's office, the Consumer Credit Counseling Service and Better Business Bureau are joining forces in Mississippi to warn and educate Mississippi consumers about identity theft.  Representatives of these companies will set up shop next week at Wal-Mart stores across Mississippi offering free tips about identity theft as part of the "Be Smart" campaign next week from October 19 through 24. 

Operation "Be Smart" is part of next week's National "Protect Your Identity" week.  The "Be Smart" campaign will focus on five key tips to prevent identity theft:
Shredding sensitive documents
Making wise decisions with personal information
Analyzing your credit report
Reporting identity theft
Taking precautions; knowing what safeguards are in place with your creditors.

October 14, 2009

What are they teaching our kids? Biloxi teacher charged with stealing another teacher's identity

From the Biloxi, Mississippi Sun Herald -
An assistant teacher at Nichols Elementary School has been charged with identity theft against another teacher, Biloxi police said.
Police Sgt. Donnie Dobbs said Kimberly Riley, 41, of D’Iberville was arrested Monday evening at her home on Dianne Drive.
Dobbs said a criminal investigation led to allegations Riley defrauded the victim in two ways.

Riley is accused of using the teacher’s personal information to open different credit cards and make assorted purchases until the accounts were closed.
She also allegedly used one of the victim’s credit card numbers to purchase cell phone services.
“Right now I can show about $2,000 but the money involved is estimated at $4,000,” Dobbs said.
“It started back in February. The victim later noticed some unusual charges on her credit reports and she contacted us.”
D’Iberville Police Department assisted in the investigation.

Riley was held at the Harrison County jail on $25,000 bond set by Justice Court Judge Albert Fountain.

More on social network identity theft

Interesting article about the reasons why identity thieves commit identity theft via social networking sites.  The whole article can be found at
Imagine you’re a small business or an individual and someone creates a Facebook , Twitter or any other social media profile and uses your name, picture or logo. Next they start to post blogs and send out links as you. They may be contacting your clients to get them to join in social media or they simply show up in search. Either way their intention is fraudulent. Having a presence online of someone else allows a scammer unlimited possibilities to do wrong and they may never get caught.

Also, traditional phishing where scammers would send a fake email purportedly coming from a trusted entity aren’t as successful as they used to be. Identity thieves are taking advantage of free use of social media and building a home base on legitimate sites. Once established, they look as legitimate as any other fan page or Twitter account. There are few, if any checks and balances preventing this.

There are so many reasons why this kind of social media identity theft occurs.

They may be seeking steal your clients or potential clients away by posing as you, but gradually revealing themselves and do a quick switcheroo hoping to not get discovered.

They could be squatting on your name or brand hoping to profit off of it by selling it back to you or preventing you from using it.

They could be criminal hackers posting infected links with the intention anyone click on them and download a virus that infects your PC or network giving them back door access.

They may be intentionally posing as you, even blogging as you for the purposes of damaging your name or brand. Anything they say to the world that is libelous, defamatory or just plain wrong makes you look bad or can get you sued and you have to prove otherwise.

They may be posing as you to harass someone you know or your clients to further damage you.

They could be doing it simply to harass you to get back at you, seeking revenge because you slighted them or sold them a defective product or service.

They may pose as a name or brand that has leverage like a celebrity or Fortune 500 that can open doors for them. Get them places where they couldn’t get on their own, a form of social engineering.

Your brand may sell products or services and the identity thieves pose as you and offer deals with links to spoofed websites hoping to extract credit cards numbers.

They may pose as any government entity such as the IRS, Social Security Administration, Medicare or any other agency for the sole purpose of extracting data and committing new account fraud

They may be obsessed or desire you or your brand and simply want to have a piece of you or be recognized as you. They can actually be or act as you when they are responding to messages and queries from those who think the scammer is you. Just like a stalker who hunts down their prey, they can’t get enough of you and by posing as you it gives them a little satisfaction and the attention they crave.

They could be spoofing you, as in a parody of you or your brand. They may have created a “tongue and cheek” site that may be obvious, it might be funny, but more than likely it’s not funny to you.

They could be posing as you to elicit contact from others for the purposes of a relationship, sexual or otherwise either in person or virtually. A young man was recently caught posing as an attractive girl in his school on Facebook. He contacted guys in his class posing as her and requested naked photos of them. When he revealed who he was and what he would do with the photos-or else- he began to extort sex from them.

Social media is just a baby. All of the above stems from real world examples from research over the past few years. Unfortunately this list is going to keep growing. Varieties of fraud that can occur via social media is only up to the imagination of the thief. Submit your own findings. Lets hear what other whacked out other social media identity thieves are doing.

History of the credit bureaus

Here's an interesting post about the history of the credit bureaus -

New FICO scoring model may do more harm than good


New changes to the FICO® credit scoring model, dubbed FICO® 08, were recently made available to all three major credit bureaus (Experian, Equifax and TransUnion). While some are touting these changes as a win for consumers, Lexington Law®, a consumer advocacy law firm, cautions that FICO® 08 may instead cause millions of credit scores to decline.
Used by lenders to assess credit risk, credit scores are derived through statistical analysis of the information in a credit report. The FICO® scoring model translates this data into a single 3-digit number ranging from 300-850. Lenders use this number to determine whether a borrower is likely to repay his or her debts.

This new scoring model has received positive publicity because it excludes minor missed payments from negatively affecting credit scores. The model docks fewer points from credit scores for charged-off accounts of less than $100 and for isolated 30-day late accounts.

Some, however, believe that FICO® 08's scoring model does little for consumers.

"The industry is hyping FICO® 08 as a great thing for consumers because of the way the new scoring model reports some late payments" says John Heath, directing attorney for Lexington Law Firm, "However, no one has blown the whistle about how few consumers will benefit from the new model and how small of a benefit those few will actually receive."

"After all, isolated late payments and small accounts don't represent the bulk of the negative items found in consumer credit reports; a large number of collection accounts are for far more than the $100 threshold FICO® 08 uses. Additionally, those few consumers who have these types of mildly delinquent accounts may not see any scoring increase, because the prior scoring model already considered that a collection account might be isolated and for only a small amount."

A potentially more significant change, that has incidentally already received some negative publicity, is the increased weight placed upon credit utilization: FICO® 08 is more sensitive to the percentage of available credit consumers are currently using. This change will likely affect millions of Americans who carry higher or even maxed-out credit card balances. Those Americans may experience immediate reductions in their credit scores.

Recent economic conditions, during which credit card companies have reduced credit limits or canceled cards outright, has compounded this problem for consumers. FICO® 08's increased emphasis upon credit utilization means that consumers whose credit limits were reduced are more likely to experience greater credit scores reductions than they would have seen under the previous scoring model. Simply put, with the new scoring model, lenders are far more likely to view consumers who have had their credit card limits reduced as greater lending risks.

"Credit utilization ratios have a place in the credit scoring model, but to place more emphasis on this factor in today's economy is problematic," added Heath. "With today's strict lending requirements, even some very creditworthy consumers must pay higher interest rates because of their credit scores, resulting in higher profits for credit card companies and other lenders. With FICO® 08, credit card companies have more power over consumer credit scores. They can lower their customers' credit scores by simply reducing their credit limits."

October 13, 2009

Free credit score at No, not really is getting a lot of buzz lately, particularly after being mentioned by Clark Howard as a place consumers can get their credit score for free.  While consumers can purportedly get a free credit score once every six months, the problem is that its not a credit score that actually used by lenders. 

In other words, is about as useful as say ... I don't know ... me telling you faithful readers what your credit scores are.  You right there, your score is 684.  You over there, your score is 575.  You in the red shirt, yours is 702.  Guess what, my credit scoring model is not used by lenders either, so its just as useless as's score. 

Don't take this to mean that I am suggesting buying your score from one of the credit bureaus like Experian, Equifax or Trans Union.  Oh, much to the contrary, that would be even worse.  Then you would be paying for a score that's also not used by lenders.  That's right, folks, lenders don't use the big three's credit scores either. 

Lenders typically do one of two things - they either set their own criteria for what's important to them, which means that particular lender's scoring model is unique.  Or lenders use one of the pre-made scoring models, such as Fair Isaac's scoring model.  So if you really want to get your credit score that could actually be a credit score that a lender might use, then you should buy your score from Fair Isaac by going to  The basic credit report (from Equifax or Trans Union) and FICO's scoring model costs $15.95.  The myfico website touts this score as one "lenders use".