/home/jeremyd1/public_html/thegeekprofessor/graphics/courses/gid/ID_check.jpg not found!

When I worked for retail stores, part of my job was to convince customers to buy things on credit under terms that were carefully designed to cost you as much as possible. It was a bad deal even when you agreed to it, but it's even worse if some thief gets the goods while you get the debt

That's why I was always careful to look at ID cards and watch for signs of fraud. Like that one time I thought something wasn't right so I went to the back room to call the customer's home phone number. Guess who was at home right then and NOT at our store applying for credit?

Because of my effort, I stopped more instances of fraud and identity theft than every other store employee combined… which is frightening if you think about it. Why was I so much better? Was it because the fraudsters always came to me? Did I have some special talent for spotting issues? I don't think so. In almost every case, it was simply a matter of making an effort.

In my days of commission sales, you can bet it hurt to spend an hour helping a customer only to have to put a careful of high-profit stuff back on the shelves. Even as an hourly employee, turning away a sale was likely to bring down the wrath of management. You might think you could just explain the situation or show them the fakes, but I quite literally handed a manager a "credit card" that had been printed so recently the ink was still tacky. He handed it back and said, "looks fine to me!" ring it up!

What this has to do with fraud alerts

Imagination: Stop right there, criminal scum!

(Image is in the Public Domain)

Fraud alerts are supposed to work like this:

• You place the alert.
• Any new credit applications in your name are flagged.
• SWAT teams and angels and angel SWAT teams descend from the heavens upon any criminal who dares to try anything funny with your identity.

Reality: Code 10? I should check their identity more carefully, but meh...

(Image is in the Public Domain)

Here's how it actually works:

• The person running the credit sees the "alert" when they put in the application.
• They're bored, apathetic, under pressure from management, or not trained well enough so they push the application through.
• The thief walks out with cash and prizes

Of courses, this assumes they even notice the fraud alert at all. When I worked retail, it was a tiny flag near the bottom of the screen and easy to miss. But let's be really generous and say that all of this works exactly as intended. Thieves are scumbags, not idiots. Obviously they'll wait until after 90 days to use any identity they got from a data breach.

A fraud alert might be a little better than nothing at all, but it relies random strangers to have both the training/desire to protect you AND thieves that aren't smart enough to wait out the preposterously tiny fraud alert period. Fraud alerts are a joke and a fraud.

What's a 50% data loss for a whole country?

(Image is in the Public Domain)

They had it, they shouldn't have, now they lost it. Same story all over.

The funniest part of this is that they're trying to convince their public that it's a good idea to have a national ID card containing even more data and that they'll be responsible with that data.

Said someone from an anti-ID card group:

"It's inevitably good news for our campaign because it proves to people that this government, and indeed any government, cannot be trusted with this amount of information. For 25 million people this is a catastrophe but it is just a small herald of the national ID scheme which would mean a potential catastrophe for 60 million of us."

(Image is in the Public Domain)

It isn't bad enough that Countrywide was engaging in questionable loan practices , but now they've lost the data on millions of customers as well.

And, as usual, the completely worthless response:

The company nevertheless promised to provide two years of free credit monitoring to affected individuals through the ConsumerInfo.com division of the Experian credit bureau.

*Sigh*

Data breaches are about negligence; every time

(Image is in the Public Domain)

Details of how to access the information - which included home addresses, place of employment and credit card details - were sold through an underground network operated by the Russian mafia.

And, again, if these companies would stop holding our credit card numbers far past the date that we used them, we wouldn't be having this problem.

Update

Best Western is contradicting the story saying that it's exaggerated. More importantly this:

Most importantly, whereas the reporter asserted the recent compromise of data for past guests from as far back as 2007, Best Western purges all online reservations promptly upon guest departure.

If this is true, then how did they lose anything? Did they? The details are unclear.

(Image is in the Public Domain)

In case you didn't already know, state offices posting "public" records online for anyone in the world to see is a huge and persistent problem.

(Image is in the Public Domain)

Data breaches are common, but shouldn't be. They could easily stem the flow by putting better security in place, taking personal data offline, stop sending employees home with laptops that have personal data on them, and, above all stop storing our data once you no longer have need of it (you can't lose my credit card number if you don't have it).

Anyway, class action suits don't often work so one man decided to take a company to small claims court instead (and won!). A $700 settlement might not seem like much, but as he says:

...it was likely more than most consumers who filed class-action lawsuits ever received (after attorney fees are paid) and it would be received much more quickly.

Keep data safe? Pshaw.

(Image is in the Public Domain)

Georgetown U lost a hard drive full of personal data on students and staff. Of course, if they get a credit freeze, they won't have as much to worry about.

Darn those hackers... so clever.

(Image used under: Creative Commons 2.0 [SRC])

This is so, so stupid. It's not weak security, its that you data-abused us for all our customer data that we didn't want you to keep anyway. If you hadn't stored all the data on us, you couldn't have lost it.

In addition to pilfering over 45 million—and possibly as many as 200 million—credit card and debit card numbers, the hackers were also able to obtain other personal data from over 450,000 customers. This included driver's license numbers and Social Security numbers.

I already know they don't need to store our credit cards, but licenses and SSNs?

Better late than never...">

Many

(Image is in the Public Domain)

Not a bad start at all. Granted, I think we should be able to block data brokers from having our information, but we have to begin somewhere.

(article found at Slashdot.)

No security, no accountability. TJ Maxx

(Image is in the Public Domain)

So today my wife received a letter from our bank saying that her card was included in the data breach. They were very pleasant and helpful (as credit unions tend to be), but one thing caught my attention:

If at any time you suspect you may be a victim of fraud or identity theft, you may place a fraud alert on your credit file with one of the three major credit-reporting [companies]. A fraud alert will require any company or creditor to contact you to authorize any new accounts or loans.

For the record, fraud alerts are required, but can be ignored. The problem is that it's the issuing company's responsibility to check for the fraud alert and act accordingly. Since it hurts their business to do so, it's far more likely that they will "miss" the flag (especially when they're on commission). That means that it may help and it may not.