Custom Search

February 15, 2011

New identity theft protection in Indiana causing problems

From an article by Joe Astrouski on -

TERRE HAUTE, Ind. (WTHI) - A new system at the Indiana Bureau of Motor Vehicles designed to prevent identity theft has left some unable to cash checks or fill prescriptions.

Under the system, when someone orders a driver’s license or identification card, he or she is given a temporary identification slip to use for driving and voting for ten business days.

In the meantime, the state checks the person’s documents and photograph.

“It gives us time to accurately check the documents that are being presented to us as well, as well as do some facial recognition,” said Graig Lubsen, a BMV spokesman.

That time proved expensive for Kevin Mulikins, when he tried cashing a paycheck with the temporary ID.

“They wouldn’t cash it,” he said. “When I went to Wal-Mart to get a prescription, they wouldn’t fill it because they said it wasn’t valid ID.”

Mulikins said he had to spend $50 at a check cashing center to get his check cashed.

Lubsen said the temporary slips are not considered valid identification since they have been issued before the state could confirm the holder’s identity.

He said businesses can decide whether to accept the temporary IDs.

“It’s up to each business whether they want to accept these as proof of identity,” Lubsen said.

That inconsistency, together with the temporary card’s use for voter identification, has Mulikins concerned.

“It says it’s valid for voter registration,” Lubsen said. “If it’s valid for voter registration, why isn’t it valid to cash a check or get a prescription?”

February 14, 2011 - a new CRA?

15 U.S.C. 1681a(d) defines a consumer report as "any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for (A) credit or insurance to be used primarily for personal, family, or household purposes; (B) employment purposes; or (C) any other purpose authorized under section 604 [§ 1681b]."

15 U.S.C. 1681f defines a consumer reporting agency as "any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports."

Based on these definitions, I think is a new CRA and thus subject to the provisions of the FCRA. 

What is, you ask?  According to their website, " is an online resource for building, managing, and researching professional reputation, using community-contributed, professional reviews. reviews help you get the inside scoop on other business professionals, providing candid assessments of coworkers, potential hires, business partners, and more. By contributing reviews, you can share your knowledge of other professionals, giving credit where credit is due, and valuable feedback where needed."

In other words, you supply the scoop on past and current co-workers, professionals you have had dealings with, etc. then assembles that data into a professional reputation about that particular person, so you can determine whether you want to do business with or work with that person.  Sounds like it falls squarely within the definition of consumer reporting agency to me.  Wonder if realizes that?

If is a CRA, that means they must comply with the requirements of the FCRA, including providing complete copies of your consumer report on request (and payment of a small fee) and investigating any disputes made by consumers regarding the contents of the consumer's consumer report.  Wonder if is set up to handle requests from consumers for copies of their credit reports and/or to investigate disputes made regarding errors in their reports?  Anybody know?  Anybody game to find out?

February 12, 2011

More on Google v. Bing

I recently posted about Bing's theft of Google's identity - see - so I thought I would also report on the below subject, even though it really has nothing to do with the FCRA (although it does involve Experian).  I just found it interesting and thought you might as well.

Recently, Experian's Hitwise, which allegedly tracks the performance of different search engines including Google and Bing, reported that Bing was more accurate than Google.  This sent shockwaves through the internet techie world.  But a closer examination reveals that Experian's Hitwise made a pretty big leap to get to this conclusion.  Instead of giving you my own thoughts, I'd rather point you to a post by Chris Richardson which I think is spot on - particularly in comparing Experian's methodology to Office Space's "Jump to Conclusion Mat".   Hilarious.

Chris Richardson's article can be found here -  Enjoy!

According to one study, volume of identity theft dropped last year ... or did it?

According to Bloomberg News, the cost of identity theft fraud dropped in 2010 by 34% to $37 billion, the lowest since 2003 when Javelin Strategy & Research began tracking such information.  Good news, right?

Well, not so fast.  Once again, the definition of identity theft that is used to make this calculation is broad, possibly skewing the results.  Javelin's definition apparently includes such things as account take over, which in essence is not identity theft but merely the use of someone else's account.  In an account take over situation, the criminal does not utilize the name, SSN or other personal identifiers of a victim to open a new account in the victim's name.  Instead, the perpetrator merely accesses an already existing account of the victim, making charges with the victim's already existing credit or debit card.  The cost caused by this type of fraud is much less than the cost of fixing a true name identity theft fraud.

This distinction is born out by the other data reported on by Bloomberg, namely that average out of pocket costs for all types of victims (both true identity theft and account takeover) rose in 2010 to $631, up from $387 in 2009.  Conversely, average out of pocket costs for new account fraud (i.e. what I call true identity theft or true name identity theft) rose from $787 in 2009 to $1,267 in 2010. 

This study also underscores another point that I have made to people in the past, namely that you are more at risk from account take over when you use your debit card than when you use your credit card.  Debit card users put at risk whatever amount of money that's in their respective checking accounts, while credit card users do not risk their money but instead risk the money of the credit card companies.  If you are going to bet, its better to bet with someone else's money, don't you think?

One last point ... I think it is also misleading to think of identity theft or account take over in only the terms of out of pocket loss.  In my 11 plus year experience representing identity theft victims, I can tell you that the out of pocket costs associated with identity theft pale in comparison to the true damage caused by the theft of an identity, from the damage to reputation, the cost of time lost dealing with the problem and the sheer mental anguish caused by losing control over one's finances and the sense of betrayal, mistrust and paranoia caused by identity theft.

Here's a link to Bloomberg's full article -

Can answering 2 simple questions on Facebook really give ID thieves the key to figuring out your SSN?

No.  Despite an article I just read on Cincinnati's  This is just not accurate, or at least not in the manner in which claims.

According to, truthfully answering the Facebook profile questions regarding where you were born and how old you are gives identity thieves enough information to reverse engineer your Social Security number.  While the answers to those questions might accidently help an identity thief guess your SSN, its not that much help and not for the reasons Fox19 claims.

The article claims that the first three numbers of your SSN are based on where you were born.  If that were true, then, yes, correctly providing the city and state where you were born would help ID thieves guess the first three digits of your SSN.

BUT ... the first three digits are not based on where you were born but instead are based on the zip code given on your SSN application.  So it could be in the state where you were born.  But in many, many instances, that's not so. 

For instance, I was born in Louisiana.  At the time that I was born, my parents and siblings lived in Arkansas.  However, we moved to Mississippi when I was four years old and, after moving to the Magnolia State, my parents applied for my SSN.  So the first three digits of my SSN match one of the various sets of 3 digit numbers for Mississippi, not Louisiana where I was born or Arkansas where my family was living when I was born.

Another example - my wife was born in Tennessee but her family lived at the time in Mississippi.  Apparently, her parents also applied for her SSN in Mississippi, because the first three numbers of her SSN also match one of the 3 digit Mississippi combinations, but not the same 3 digit combination that I have.

So its simply not as easy as knowing where you are born.

As for the second part of your SSN, called the grouping, correspond to when you applied for your SSN, which does not necessarily relate to when you were born.  For instance, my grouping would be approximately 4 years after I was born.  My daughter's SSN was also not requested when she was born but years later.  Some people get their kids' SSNs as soon as they are born only to lose them later and have to do it all over again.

So feel free to be honest on Facebook about where and when you were born, unless of course you don't want the internet knowing how old you really are.

A new low

Can you believe this?  A total of six identity thieves plead guilty recently to stealing the identity of more than 50 residents of Maryland, which resulted in the theft of more than $200,000.  The scheme involved defrauding banks in Maryland and five other states and the withdrawal of money from people's personal bank accounts.

Here's the shocking part.  The identity thieves followed funeral processions in order to rob cars parked at cemetaries of credit cards, driver's licenses and social security cards.  They aslo broke into cars parked outside churches, gyms, day care centers and parks.  How brazen and low down is that?  Imagine going to a loved one's funeral, already the victim of grief, only to be victimized again by unscrupulous identity thieves?!
The identity thieves used the information from the stolen cards to get information on personal accounts from banks. Prosecutors said one of the suspects worked at a bank and helped his friends get checks made out to the men in the scheme. The men would then visits the victims' banks and impersonate the people on the cards, sometimes putting on wigs, prosecutors said.


February 08, 2011

Site steals 250,000 Facebook profiles to raise awareness of online ID theft

Interesting way to raise awareness of the risks of online identity theft - article is by Michelle Castillo and can be found at

You might be signed up for's dating services and not only know it. Website creators Paolo Cirio and Alessandro Ludovico took information from 250,000 Facebook users and used it to create their project which uses facial recognition technology to categorize users into the kinds of people they look like they would be. Problem is they didn't ask permission first from the profile owners, but they claim since it's part of a "social experiment" it should be fine.

The site's not really a dating site. On Face to Facebook, the minds behind explain that the website was created to prove how virtual identity is increasingly unstable when you consider how easy identity theft is online and how companies can easily take advantage of this information, with or without Facebook's permission. On the Theory section of the website, they elaborate:

And it'll eventually mutate, from a plausible translation of real identities into virtual management, to something just for fun, with no assumed guarantee of trust, crumbling the whole market evaluation hysteria that surrounds the crowded, and much hyped, online social platforms.

Facebook isn't pleased with this use of their data, even though promises that they will remove anyone who wants their picture taken off the site. “Scraping people's information violates our terms,” Facebook's director of policy communications Barry Schnitt said to Wired. “We have taken, and will continue to take, aggressive legal action against organizations that violate these terms. We're investigating this site and will take appropriate action.”

February 07, 2011

Google sponsoring contest to strengthen Chrome against identity theft hacks

Google is sponsoring a $20,000 hacking contest for the purpose of testing the defenses of Chrome, its internet browser, against identity theft hackers.  This year's hacking contest is called "Pwn2own".  The first researcher who is able to exploit Chrome will receive a prize of $20,000.

Pwn2own participants will also attempt to exploit Windows 7 or the Mac OS X, as well as web browsers Internet Explorer, Firefox and Safari.  The first Pwn2own participant who is able to hack Internet Explorer, Firefox, and Safari will receive a prize of $15,000.

The purpose of Pwn2own is for Google to learn any weakness in Chrome's defenses before it can be  victimized by hackers and other individuals involved in identity theft crimes, which could cost Google millions.
The benefit of Pwn2own is that it gives Google the opportunity to identify Chrome’s weaknesses in dealing with hackers and indent theft offenders now rather than later.

February 05, 2011

New feature

Just added a new feature to the blog.  Its called a "flag counter" and its located on the right hand side of the blog.  Basically, it tracks the people who visit this site and sorts them by their country's flag.  Wish I had found this little gizmo earlier, as I have seen people from all over the world visit this site, which I always thought odd for a site dedicated to a law that has no effect outside the boundaries of the United States. 

So don't think there have only been folks from the U.S. visiting this site.  I predict within a week that there will be multiple countries identified on the flag counter.

February 04, 2011

Below are the contents of a letter I received yesterday from Elizabeth Warren, Assistant to the President and Special Advisor to the Secretary of the Treasurey on the Consumer Financial Protection Bureau (CFPB) that was created in the first portion of President Obama's term.  Apparently, they are hard at work getting the CFPB up and running.

Dear Colleague,

In July 2010, Congress created a new federal agency to protect American consumers. The Consumer Financial Protection Bureau will be a cop on the beat, working to make consumer financial markets work better for American families. As the first new consumer agency of the 21st century, we can communicate directly with the people we serve.

Today, that work is just beginning. We’re moving quickly—building a terrific team, finding office space, and unpacking a lot of boxes.

Things aren’t all in place yet, but we don’t want to delay reaching out to the people who care about this agency. We’re excited to announce the launch of our website,, for one very important reason – to start a conversation with you. With the launch of our site, we will be Open for Suggestions.

We hope you are eager to learn what this new agency will do and how it might affect you. In turn, we are definitely eager to hear what you have to say. Starting today, you can use the Internet to send us your best suggestions and questions for the bureau:

If you have a video camera, record a YouTube video and upload it as a response to our welcome video at

If you like Twitter, tweet your suggestion using the hashtag #CFPB. You can also follow us at

If you are on Facebook, you can “Like” us at, and post your suggestion on our wall.

If you want to use our website, you can post suggestions at

In the coming days and weeks, staff who are building this new agency will record direct video responses to some of the most frequent questions and most interesting suggestions. You’ll see the faces and meet the people who come to work every day to make a difference for the American people. We look forward to getting to know a little more about you, too. More is coming, so be sure to check back at throughout the coming weeks.

Open for Suggestions is just one way that we plan to keep our conversation going with you. Be funny! Be creative! Most of all, be real about what matters to you. This is a great chance to go into your community with a camera, laptop, or mobile phone, or just a pen and paper, and help others participate. Involve your friends, your family, your colleagues and classmates, your faith community, and anyone you know who might be counting on this agency for information and help.

If you aren’t ready with a specific comment, that’s OK. Just let us know you are there—and stay in touch.

We can’t do it without you.


Elizabeth Warren
Go to their new website and make your concerns heard.

February 03, 2011

Has Yahoo's Bing been stealing Google's identity?

Being a lifelong fan of both baseball and following politics, I often read the blog postings of Nate Silver, who started out as a baseball statistician but began using his analytic ability to predict the outcome of elections through analyzing various political polls.  His blog started out on its own but is now a part of the NY Times website.  He recently posted the following, which I found interesting and hope you do too:

I certainly do not have any expertise in Web search. I can claim some, however, in another area that is highly relevant to it: trying to optimize the performance of statistical algorithms.

In my case, the algorithms are designed to predict the outcome of elections. FiveThirtyEight’s algorithm to forecast U.S. House races, for instance, considers several different “ingredients”– like polls, fund-raising data, and demographic data — and mixes them together in such a way as to maximize the accuracy of the forecasts. Although there are a few nuances one needs to consider, for the most part this is based on which combination of ingredients would have produced the best forecasts in past elections.

Search is similar. The search engines are trying to predict the relevance of the results generated by each query. (How is relevance determined? Basically just by what a human being finds most relevant, which can be measured either through objective data, like how many clicks each link generates, or through testing that asks users for a subjective evaluation of the quality of different results.) There are different inputs that the search engines can consider to rank results — for instance, the text contained on each Web site, its traffic statistics, and the behavior of previous users of the search engine — and they can mix these in different ratios depending on what seems to do be doing the best job of maximizing performance.

A big controversy erupted Tuesday in search: Google accused Microsoft’s search engine, Bing, of cheating off of it. The rather clever way in which they determined this is by manually inserting nonsensical results in response to nonsensical queries. For instance, in response to the gibberish string of characters “uegosdeben1ogrande,” Google rigged its algorithm to return a link to a site selling hip-hop jewelery as the “best” response. This could not plausibly be arrived at unless another search engine were using Google’s results as one of their ingredients. But for several of these queries, lo and behold, Bing returned exactly the same results that Google did.

Microsoft has not really disputed the claim — instead, they’ve said that it’s not such a big deal. Yes, Google search results — which it obtains by tracking the behavior of people who use its Internet Explorer 8 toolbar, perhaps along with other means — are one of the inputs that Bing uses, Microsoft says. But it also uses more than 1,000 others. The reason that Google’s results appear verbatim in response to nonsense queries like “uegosdeben1ogrande” is because in such a case, only the Google results are “relevant”; the other 999 variables don’t shed any light on the problem.

Let me try to referee this dispute. I’m not going to weigh in on the legality or even necessarily the ethics of this — I’m just trying to consider what makes for better search.

Microsoft’s defense boils down to this: Google results are just one of the many ingredients that we use. For two reasons, this argument is not necessarily convincing.

First, not all of the inputs are necessarily equal. It could be, for instance, that the Google results are weighted so heavily that they are as important as the other 999 inputs combined.

And it may also be that an even larger fraction of what creates value for Bing users are Google’s results. Bing might consider hundreds of other variables, but these might produce little overall improvement in the quality of its search, or might actually detract from it. (Microsoft might or might not recognize this, since measuring relevance is tricky: it could be that features that they think are improving the relevance of their results actually aren’t helping very much.)

Second, it is problematic for Microsoft to describe Google results as just one of many “signals and features”. Google results are not any ordinary kind of input; instead, they are more of a finished (albeit ever-evolving) product, one which itself is made up of hundreds of different “signals and features”, which have already been combined together in such a way as to maximize performance in response to the exact same queries that Bing is getting.

Imagine that you opened an Italian restaurant across the street from Mario Batali’s Lupa. It would be one thing if you merely took inspiration from Lupa’s spaghetti carbonara — if you tried to use some of the same ingredients and some of the same techniques. Maybe you’d even go so far as to track down the butcher who sells Mr. Batali his pancetta. All of this would be in the spirit, most of us would think, of good ol’ American competition.

But this is more like, when a customer orders the carbonara, sending a runner across the street to order a plate of it at Lupa, reheating it, and then maybe adding some mushrooms or snow peas. The alterations you made to the dish, whether slight or substantial, might not be all that likely to make it better: it would be hard to improve on Mr. Batali’s carbonara (if peas really made the dish yummier, wouldn’t he already have included them in the recipe?), just as it would be hard to improve on Google’s search results.

There are certainly cases, of course, in which a finished product can made better. In the algorithms that we use to forecast U.S. House races, for instance, one of the inputs is the race ratings (such as “toss-up” or “leans Republican”) generated by outside agencies like Cook Political and CQ Politics. These, essentially, already constitute finished products, since these groups are already trying to weigh a number of different factors together to optimize them.

What we’ve found is that the ratings generated by these groups are very good, and that it would be hard to improve on them by using statistical inputs alone. (This is not the case for Senate or gubernatorial races, where the polling is much more abundant and much more reliable, but it is the case for House races.) However, a combination of these race ratings and statistical inputs (not necessarily weighted equally — the race ratings make up something like 20 percent of the FiveThirtyEight forecasts) does slightly better than either one taken alone.

There are undoubtedly many improvements that Microsoft has in fact made to search; there are a lot of very, very smart engineers there, after all, and I’m sure they have come across a few tricks that Google hasn’t. Also, there are some cases in which Microsoft has access to proprietary data that Google does not. For instance, because Microsoft makes software products, they probably have a good understanding of what things a user does when — as has been known to happen on occasion — Windows Vista crashes. They may therefore do better than Google in responding to queries for technical support, something which search engines are often quite poor at. Bing, also, runs a travel site (which is very good), whereas Google does not, so they might do better in responding to a query like “best fare JFK LAX“.

How much value Microsoft’s engineers are ultimately adding is hard to say. Both they and Google are extremely circumspect about revealing any detail about their algorithms. And in contrast to election forecasts — where it’s fairly straightforward to evaluate performance (who called more races right?) — it is hard to measure the efficacy of a set of search results.

Still, Google has spent many, many years trying to perfect search — probably an order of magnitude more man-hours than Microsoft has. To the extent that Bing’s results are competitive with Google’s across the broad spectrum of potential searches, one wonders how much this is because they are simply using Google’s data.

This article can be found at and Nate's blog can be found at  If you are a fan of politics, you should really check it out.

February 02, 2011

Experian credit reports to include positive rental payments

Potentially good news for renters - Experian credit reports are to include positive rental payments.  As far as I know, Experian is the first of the credit bureaus to take this big step.

In the past, only negative information about a renter's payment history was included on credit reports.  That meant that the segment of the population, which often included those trying to establish their credit history (i.e. college students or those just starting out), did not get the benefit to their credit history of their timely rent payments.  Only if their payments were late would the rental payments show up on a credit report.  Obviously, the late payments would damage the credit history of the renter whereas those renters who made their rent payments on time did not see those timely rental payments show up at all in their credit history.

No more.  Now Experian is going to include the positive rental payment history of many consumers on its credit reports.  Here's the details straight from Experian's website -

On-time rental payments now help boost credit scores

In the past, only negative rental payment data such as evictions and collections were reported to consumer reporting agencies. Therefore, your on-time rental payments never helped boost your credit scores, unlike credit card, mortgage or car payments that help raise credit scores when paid on time.

But this has changed now that Experian® will be including positive rental data in consumer credit reports. The addition of this data is a tremendous benefit to anyone who rents, especially those who are non-credit-active, cash-based consumers.

Key Benefits to Consumers

Establish or rebuild your credit — You can now make your continuous on-time rental payments count towards establishing or rebuilding your credit

Qualify for what you deserve — If you were previously unable to qualify for a lease or credit product due to a thin credit file you will now be able to demonstrate past rental payment history and qualify for what you deserve

How It Works

Experian RentBureau receives updated rental payment data every 24 hours from its national network of property management companies. In order for this data to be included in your credit file, your property management company must contribute its rental history data to Experian RentBureau.

Experian recognizes the value of having a good rental payment history. Please contact your property management company and ask them to contribute their data to Experian RentBureau.
If reported accurately, this development could help millions of consumers who otherwise have little or no credit history begin to build a credit history and become homeowners if they so desire.  Of course, if the rent payment history is reported inaccurately in an adverse manner, the damage done to a developing credit history could be disastrous.  Fortunately, the FCRA should help protect victims of rent payment reporting errors in the same manner as it helps rectify credit reporting errors of other kinds.

February 01, 2011

An interesting article about an identity theft ring based out of a federal prison, straight from

"The man who led an identity-theft ring that ran up a quarter-million dollars worth of charges from inside a federal prison was sentenced to more than 14 years in prison, Steven M Dettelbach, United States Attorney for the Northern District of Ohio, announced today. “The defendant thought he found a way to occupy his time in prison,” Dettelbach said. “With this prosecution and this sentence, he’ll have lots more time to learn to follow the rules.” Dimorio McDowell, age 34, of Atlanta, Georgia, previously pled guilty to aggravated identity theft and conspiracy to commit wire fraud and bank fraud. McDowell was an inmate at Fort Dix Federal Correctional Institution at the time of the scheme, which took place between August 2009 and April 2010.

United States District Judge Donald Nugent ordered McDowell’s 174-month sentence on this case begin in 2014, when he completes the current sentence that resulted in his incarceration at Fort Dix. McDowell was the ringleader who obtained personal information on people who had credit card accounts at various retailers, including Best Buy, Home Depot, JC. Penney, Lowe’s, Macy’s, Nordstrom’s, Saks Fifth Avenue, Sears and Staples, according to court documents. McDowell contacted the retailers and impersonated the true account holders, store employees, or corporate fraud investigators.
He used information about the account holders, such as name, address, or Social Security number during those calls to obtain additional information about them and adding co-conspirators names as authorized users of the accounts, thus taking over the accounts, according to court documents. After taking over the accounts, adding additional users to the accounts and opening new accounts, McDowell communicated with his co-conspirators, all of whom lived in the Cleveland area. McDowell continued to run his scheme from prison even after he was charged and after he pled guilty. He also posed as a deputy United States Marshal over the telephone and attempted to have prisoners moved, according to information presented during the sentencing hearing.
Overall, the ring purchased more than $254,000 worth of merchandise as part of their scheme, according to court documents. Also charged in the case are: Andre Reese, 37; Jeffery McClain, 39; Kevin McBride, 34; Michael Sailes, 51; Edwin Peavy, 52; Daniel Ashford, 37; James L Wiggins, 47, and Jay Williams, 27, all of Cleveland, Ohio. All have entered guilty plea to charges against them. This prosecution is the result of cooperation from a number of law enforcement agencies who identified the defendants, gathered the evidence and prepared the case for prosecution.
The investigative team included the Federal Bureau of Investigation’s Cleveland Division and Trenton Resident Agency, the United States Bureau of Prisons, the Postal Inspection Service, Bath Township Police Department, Stow Police Department, Mentor Police Department and other state and local law enforcement agencies. The case was prosecuted by Assistant United States Attorney Matthew B Kall. “This case is a stark reminder about the need to protect yourself from identity theft and fraud,” Dettelbach said. “I want to thank the FBI, the Bureau of Prisons and all our partners who made prosecuting this case possible.”