Identity theft is the information age’s new crime. A criminal collects enough personal data on the victim to impersonate him to banks, credit card companies and other financial institutions. Then he racks up debt in the victim’s name, collects the cash and disappears. The victim is left holding the bag.
While some of the losses are absorbed by financial institutions--credit card companies in particular--the credit-rating damage is borne by the victim. It can take years for the victim to completely clear his name.
So far, we’ve seen several “solutions” to this problem: forcing companies to disclose when they lose personal information, forcing companies to secure personal information, forcing financial institutions to enhance their authentication procedures. Unfortunately, these won’t help.
To see why, we need to start with the basics. The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. Someone’s identity is the one thing about a person that cannot be stolen.
The real crime here is fraud--more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin.
A criminal impersonates a victim online and steals money from his account. He impersonates a victim in order to deceive financial institutions into granting credit to the criminal in the victim’s name. He impersonates a victim to the post office and gets the victim's address changed. He impersonates a victim in order to fool the police into arresting the wrong man. No one’s identity is stolen; instead, identity information is being misused to commit fraud.
Such crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud.
This is what you read about in the news: personal information stolen from companies, banks, universities, government databases.
But data privacy is about more than just fraud. Whether it is the books we take out of the library, the Web sites we visit or the contents of our text messages, most of us have personal data on third-party computers that we don't want made public. The posting of Paris Hilton's phone book on the Internet is a celebrity example of this.
The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn’t take much personal information to apply for a credit card in someone else's name. It’s not that hard to conduct fraudulent bank transactions in someone else’s name.
And it’s surprisingly easy to get an identification card in someone else’s name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.
Proposed fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second. If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.
Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial institutions. That means that any solution can't involve the account holders.
That leaves only one reasonable answer: financial institutions need to be liable for the cost of fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.
They should not be able to demand that the user must keep his password secure or his machine virus-free. They should not be able to require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards. Those aren’t reasonable requirements for most users. The bank must be responsible, regardless of what the user does.
If you think this won’t work, look at credit cards. Credit card companies like American Express (nyse: AXP - news - people ) are generally liable for all but the first $50 of fraudulent transactions. They’re not hurting for business; and they’re not drowning in fraud either.
They’ve developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. They’ve pushed most of the actual costs onto the merchants. And almost no security centers around are trying to authenticate the cardholder.
That’s an important lesson. Identity theft solutions focus much too much on authenticating the person. Whether it's two-factor authentication--ID cards, biometrics, or whatever--there’s a widespread myth that authenticating the person is the way to prevent these crimes.
But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the transaction, not the person, is the way to proceed.
Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone or Internet, where no one verifies the signature or even that you have possession of the card.
Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.
This same sort of thinking needs to be applied to other areas where criminals use impersonation to commit fraud. I don’t know what the final solutions will look like, but I do know that once financial institutions are liable for losses due to these types of fraud, they will find solutions.
Maybe there will be a daily withdrawal limit, like there is on ATMs. Maybe large transactions will be delayed for a period of time, or will require a call-back from the bank or brokerage company. Maybe people will no longer be able to open a credit card account by simply filling in a bunch of information on a form.
Likely the solution will be a combination of solutions that reduces fraudulent transactions to a manageable level, but we'll never know until the financial institutions have the financial incentive to put them in place.
Right now, the economic incentives result in financial institutions that are so eager to allow transactions--new credit cards, cash transfers, whatever--that they're not paying enough attention to fraudulent transactions. They've pushed the costs for fraud onto the merchants.
But if they're liable for losses and damages to legitimate users, they'll pay more attention. And they'll mitigate the risks. Security technologies can work wonders in preventing identity theft, once the economic incentives to apply them are there.
By focusing on the fraudulent use of personal data, I do not mean to minimize the harm caused by other misuse of third-party data and violations of privacy. I believe that the U.S. would be well-served by a comprehensive Data Protection Act such as exists in the European Union. However, I do not believe that a law of this type would significantly reduce the risk of fraudulent impersonation.
To mitigate that risk, we need to concentrate on detecting and preventing fraudulent transactions. We need to make the entity, which is in the best position to mitigate the risk, responsible for that risk. And that means making the financial institutions liable for fraudulent transactions.
Doing anything less simply won't work.
Wednesday, February 07, 2007
Credit Card Companies Watchful after Retailer's Customer Data Breach
anks and credit card companies scrambled to tell their customers in the United States and overseas to watch for fraudulent activity after TJX Cos., parent of retailers Marshalls and T.J. Maxx, disclosed thefts of customer data from its computer system.
TJX said hackers had broken into a system that handles credit and debit card transactions, as well as checks and merchandise returns for customers in the U.S. and Puerto Rico. Customer accounts from the U.K. and Ireland may be affected, it said.
TJX officials refused to say how many customers were affected, but The Wall Street Journal reported Thursday that more than 40 million cards may be affected.
-- advertisement --
St. Bernard - Click Here.
Spokeswoman Sherry Lang said TJX has identified a "limited number" of credit and debit card holders whose information was stolen from its computer system, adding that the number was "substantially less than millions."
A smaller number of customer names with driver's license information was stolen from the system, she said.
Visa USA said in a statement it has provided the affected accounts to banks that issue its cards so they can take steps to protect consumers. The company said it is assessing all credit card transactions in real time to help banks distinguish fraudulent transactions from legitimate ones.
Bank of America and American Express also said they are monitoring their credit cards for unusual activity. Christine Elliott, a spokeswoman for American Express, said the company has not seen any fraudulent purchases.
Visa and other credit card companies pointed out that consumers are not responsible for fraudulent purchases.
Lang said the company believes the breach happened in May but involves credit card information dating back to 2003. The break-in was discovered in mid-December but was kept confidential until Wednesday at the request of law enforcement officials.
TJX has not been informed of any fraudulent purchases at this point, Lang said. The company posted advice on checking credit records on its Web site. The company said it has hired General Dynamics Corp. and IBM Corp. to upgrade its security system.
Mike Cook, a co-founder of ID Analytics, a San Diego-based company that detects and prevents identity fraud, said only a small percentage of accounts involved in a data breach end up misused.
"If you are a consumer and you're part of the TJX breach, you are hoping it's 10 million people because the chance of your name being misused goes down considerably depending on the size of the data breach," Cook said.
TJX said hackers had broken into a system that handles credit and debit card transactions, as well as checks and merchandise returns for customers in the U.S. and Puerto Rico. Customer accounts from the U.K. and Ireland may be affected, it said.
TJX officials refused to say how many customers were affected, but The Wall Street Journal reported Thursday that more than 40 million cards may be affected.
-- advertisement --
St. Bernard - Click Here.
Spokeswoman Sherry Lang said TJX has identified a "limited number" of credit and debit card holders whose information was stolen from its computer system, adding that the number was "substantially less than millions."
A smaller number of customer names with driver's license information was stolen from the system, she said.
Visa USA said in a statement it has provided the affected accounts to banks that issue its cards so they can take steps to protect consumers. The company said it is assessing all credit card transactions in real time to help banks distinguish fraudulent transactions from legitimate ones.
Bank of America and American Express also said they are monitoring their credit cards for unusual activity. Christine Elliott, a spokeswoman for American Express, said the company has not seen any fraudulent purchases.
Visa and other credit card companies pointed out that consumers are not responsible for fraudulent purchases.
Lang said the company believes the breach happened in May but involves credit card information dating back to 2003. The break-in was discovered in mid-December but was kept confidential until Wednesday at the request of law enforcement officials.
TJX has not been informed of any fraudulent purchases at this point, Lang said. The company posted advice on checking credit records on its Web site. The company said it has hired General Dynamics Corp. and IBM Corp. to upgrade its security system.
Mike Cook, a co-founder of ID Analytics, a San Diego-based company that detects and prevents identity fraud, said only a small percentage of accounts involved in a data breach end up misused.
"If you are a consumer and you're part of the TJX breach, you are hoping it's 10 million people because the chance of your name being misused goes down considerably depending on the size of the data breach," Cook said.
Protect yourself from ID theft
There's a way for you to protect yourself from fraud and identity theft while improving your credit card score at the same time.
The Better Business Bureau says it's much easier than you might think.
From email and spam to phone calls from telemarketers and junk mail, they can all be summed up with one word - annoying.
"Spam is a bother, a phone call is a bother,” said Tom Bartholomy, President of the Better Business Bureau in Charlotte.
A website from the Consumer Credit Reporting Industry allows people to keep unwanted credit cards out of their mailbox.
He says an increasing number of consumers are turning to things like the Do-Not-Call Registry and spam blockers. When it comes to junk mail, there's one particular piece of mail you need to watch out for, and that’s credit card offers.
“That's what they're looking for,” he continued. “Those types of opportunities to say ‘Oh look, Jane Smith got this credit card offer, I can just fill it out, change the address, have the card sent to the scammer.’ Boom, you're a victim of credit card fraud."
Even if the cards haven't been activated, they can still lead to fraud or identity theft. There's an easy way to protect yourself. OptOutPrescreen.com allows people to keep unwanted credit cards out of their mailbox.
“This is one of the biggest consumer secrets that's out there right now,” Batholomy added.
"OptOutPrescreen.com has been a great tool that we've used to increase their credit score by as much as 50 points within five days,” said Heather Goodall, an account executive at the First National Bank of Arizona. She says she tells all her customers to opt out of getting credit card offers.
"I don't know of any other tool that you can use and potentially increase your credit score potentially that much in such a short period of time,” she continued.
Bartholomy said, "That's a win, win, win all the way around."
The Better Business Bureau says, unfortunately, there's little people can do to cut down on junk mail. If you'd like to stop getting credit card solicitations, visit OptOutPrescreen.com.
The Better Business Bureau says it's much easier than you might think.
From email and spam to phone calls from telemarketers and junk mail, they can all be summed up with one word - annoying.
"Spam is a bother, a phone call is a bother,” said Tom Bartholomy, President of the Better Business Bureau in Charlotte.
A website from the Consumer Credit Reporting Industry allows people to keep unwanted credit cards out of their mailbox.
He says an increasing number of consumers are turning to things like the Do-Not-Call Registry and spam blockers. When it comes to junk mail, there's one particular piece of mail you need to watch out for, and that’s credit card offers.
“That's what they're looking for,” he continued. “Those types of opportunities to say ‘Oh look, Jane Smith got this credit card offer, I can just fill it out, change the address, have the card sent to the scammer.’ Boom, you're a victim of credit card fraud."
Even if the cards haven't been activated, they can still lead to fraud or identity theft. There's an easy way to protect yourself. OptOutPrescreen.com allows people to keep unwanted credit cards out of their mailbox.
“This is one of the biggest consumer secrets that's out there right now,” Batholomy added.
"OptOutPrescreen.com has been a great tool that we've used to increase their credit score by as much as 50 points within five days,” said Heather Goodall, an account executive at the First National Bank of Arizona. She says she tells all her customers to opt out of getting credit card offers.
"I don't know of any other tool that you can use and potentially increase your credit score potentially that much in such a short period of time,” she continued.
Bartholomy said, "That's a win, win, win all the way around."
The Better Business Bureau says, unfortunately, there's little people can do to cut down on junk mail. If you'd like to stop getting credit card solicitations, visit OptOutPrescreen.com.
South Africa: Card Fraud Suspect Wins Bail
A Bulgarian woman has been released on bail while her Cape Town fiancé awaits formal charges of fraud involving close on R1 million.
Antoinette Pitkova, 25, and Mario de Oliveria were arrested at their Table View home late last year. They appeared before Magistrate Mogamad Esau in the Cape Town Magistrate's Court yesterday.
Pitkova had been denied bail in her last court appearance, despite her attorney's appeal for medical treatment.
He said she displayed suicidal tendencies and had chest pains.
The State alleges that the couple manufactured illegal credit cards at their home.
State advocate Zama Matayi said the State no longer opposed bail. He proposed a bail amount of R10 000 and suggested strict bail conditions.
Defence attorney George Catsicadellis, the third attorney to go on record for both accused since their arrest on December 28, read out Pitkova's affidavit and confirmed the recommended bail and conditions.
The accused were arrested during a raid in which police seized about R200 000 of electronic equipment used in the manufacture of credit cards.
The equipment included a skimming device used to read, write and encode credit cards and an embossing machine to imprint the details of the alleged cardholder.
Police also seized 100 blank plastic cards ready for production, five computers and two unlicensed firearms.
Esau set bail at R10 000 on condition that Pitkova handed over her two passports and any other travel documents to the investigating officer, that she reported to the Table View police station every second day, and that she stayed away from the country's border posts.
A smiling Pitkova seemed in good spirits, unlike her crying and disorientation in her previous court appearances.
Matayi requested a postponement. Catsicadellis confirmed the request for the charge sheet and asked that the postponement be marked for a bail application.
Matayi said the case was still being investigated and that alleged offences so far involved more than R500 000.
Esau remanded De Oliveria and postponed the case to next Tuesday for a provisional charge sheet and a bail application hearing.
Antoinette Pitkova, 25, and Mario de Oliveria were arrested at their Table View home late last year. They appeared before Magistrate Mogamad Esau in the Cape Town Magistrate's Court yesterday.
Pitkova had been denied bail in her last court appearance, despite her attorney's appeal for medical treatment.
He said she displayed suicidal tendencies and had chest pains.
The State alleges that the couple manufactured illegal credit cards at their home.
State advocate Zama Matayi said the State no longer opposed bail. He proposed a bail amount of R10 000 and suggested strict bail conditions.
Defence attorney George Catsicadellis, the third attorney to go on record for both accused since their arrest on December 28, read out Pitkova's affidavit and confirmed the recommended bail and conditions.
The accused were arrested during a raid in which police seized about R200 000 of electronic equipment used in the manufacture of credit cards.
The equipment included a skimming device used to read, write and encode credit cards and an embossing machine to imprint the details of the alleged cardholder.
Police also seized 100 blank plastic cards ready for production, five computers and two unlicensed firearms.
Esau set bail at R10 000 on condition that Pitkova handed over her two passports and any other travel documents to the investigating officer, that she reported to the Table View police station every second day, and that she stayed away from the country's border posts.
A smiling Pitkova seemed in good spirits, unlike her crying and disorientation in her previous court appearances.
Matayi requested a postponement. Catsicadellis confirmed the request for the charge sheet and asked that the postponement be marked for a bail application.
Matayi said the case was still being investigated and that alleged offences so far involved more than R500 000.
Esau remanded De Oliveria and postponed the case to next Tuesday for a provisional charge sheet and a bail application hearing.
Rs 13.5-cr credit card scam busted
Amid concerns over rising credit card fraud cases across the country, the Mumbai police has unearthed a massive Rs 13.5 crore online air ticket scam, sending shockwaves among credit card users across the country.
According to Mumbai police sources, the Economic Offences Wing of its crime branch on Wednesday busted the Rs 13.5-crore credit card racket that cheated Kingfisher Airlines by fraudulently booking more than 15,000 tickets on the Internet using credit card numbers. The police have arrested one person, Ahmed Sheikh, in this connection.
The police claim the gang had floated a travel agency, called KGN Aviation, and used to book airline tickets online using credit card numbers obtained from hotels, shopping malls, restaurants and other retail outlets.
The scam came to light after the airlines lodged a complaint with the EOW December 21 last year, regarding the massive scale on which online tickets were being booked fraudulently. Most of the credit cards used for the transactions were from the ICICI Bank.
"Consumers, whose credit card numbers the gang had got hold of, were stunned after receiving bills of transactions which they never made. As a result, they began complaining to the bank. The complaints swelled between July and November last year," news agency IANS quoted a senior EOW official as saying.
"Suspecting fraud, the bank asked the customers not to pay the money they had not actually spent on the tickets and instead charged the amount of Rs 135 million back to Kingfisher Airlines."
"It was then that the airlines lodged a complaint with us, saying 15,255 tickets were fraudulently booked through the net and in each case the gang had used a different credit card number," the EOW official told IANS.
"After receiving complaints from Kingfisher Airlines, we began our investigations and stumbled upon KGN Aviation. The gang had intercepted details of all the 15,225 credit cards from accomplices in various hotels, restaurants, malls and retails outlets," he said.
"They knew the credit card numbers, expiry dates and customer verification value (CVV) numbers — the additional three digits printed on the signature strip on the back of the card," the official said.
"The modus operandi of the gang was to log on to the websites of leading private airlines that issued email confirmations of bookings. The gang used the details to book tickets online and take printouts of the email confirmations which could be exchanged with boarding passes or tickets," he added.
The members of the gang would then hang around at international air transport association (IATA) offices, restaurants and bars and befriend frequent as well as first time flyers, by offering them tickets at a much cheaper rate than offered by travel agents, the official said.
"Though, we have arrested Sheikh, we are on the lookout for Sameer Kasam Sheikh, the mastermind of the scam, and also trying to locate the computers from which the gang operated. Several cyber cafes are also under the scanner, from where the gang is believed to have operated. More arrests are likely to be made soon," he said.
According to Mumbai police sources, the Economic Offences Wing of its crime branch on Wednesday busted the Rs 13.5-crore credit card racket that cheated Kingfisher Airlines by fraudulently booking more than 15,000 tickets on the Internet using credit card numbers. The police have arrested one person, Ahmed Sheikh, in this connection.
The police claim the gang had floated a travel agency, called KGN Aviation, and used to book airline tickets online using credit card numbers obtained from hotels, shopping malls, restaurants and other retail outlets.
The scam came to light after the airlines lodged a complaint with the EOW December 21 last year, regarding the massive scale on which online tickets were being booked fraudulently. Most of the credit cards used for the transactions were from the ICICI Bank.
"Consumers, whose credit card numbers the gang had got hold of, were stunned after receiving bills of transactions which they never made. As a result, they began complaining to the bank. The complaints swelled between July and November last year," news agency IANS quoted a senior EOW official as saying.
"Suspecting fraud, the bank asked the customers not to pay the money they had not actually spent on the tickets and instead charged the amount of Rs 135 million back to Kingfisher Airlines."
"It was then that the airlines lodged a complaint with us, saying 15,255 tickets were fraudulently booked through the net and in each case the gang had used a different credit card number," the EOW official told IANS.
"After receiving complaints from Kingfisher Airlines, we began our investigations and stumbled upon KGN Aviation. The gang had intercepted details of all the 15,225 credit cards from accomplices in various hotels, restaurants, malls and retails outlets," he said.
"They knew the credit card numbers, expiry dates and customer verification value (CVV) numbers — the additional three digits printed on the signature strip on the back of the card," the official said.
"The modus operandi of the gang was to log on to the websites of leading private airlines that issued email confirmations of bookings. The gang used the details to book tickets online and take printouts of the email confirmations which could be exchanged with boarding passes or tickets," he added.
The members of the gang would then hang around at international air transport association (IATA) offices, restaurants and bars and befriend frequent as well as first time flyers, by offering them tickets at a much cheaper rate than offered by travel agents, the official said.
"Though, we have arrested Sheikh, we are on the lookout for Sameer Kasam Sheikh, the mastermind of the scam, and also trying to locate the computers from which the gang operated. Several cyber cafes are also under the scanner, from where the gang is believed to have operated. More arrests are likely to be made soon," he said.
Bank card users get fraud warning
Central Kentucky consumers who have used a credit card or debit card when shopping at T.J. Maxx, Marshall's or HomeGoods will want to watch their bank or credit card statements carefully.
And some of them may want to watch the mail for a new debit card.
TJX, a Massachusetts-based company that operates T.J. Maxx, Marshall's, HomeGoods and several other retail chains in the United States and abroad, announced last week that an "unauthorized intruder" had hacked into the system that the company uses for credit and debit card transactions, checks and merchandise returns.
Because of the possibility of fraud, TJX notified the credit card companies of individuals whose credit and debit card information might have been compromised, and the credit firms have since been notifying financial institutions of their customers' situations.
Banks and credit unions decide whether to issue new cards to those customers or to keep an eye on their accounts for fraudulent transactions.
At JP Morgan Chase, "we constantly are monitoring and are involved in the fraud prevention," said spokeswoman Nancy Norris.
The company is not automatically issuing new cards to individuals whose account numbers might have been stolen, she said.
"We continuously monitor accounts for any suspicious behavior and notify cardmembers immediately if something unusual is detected," Chase said in a statement.
About 200 debit cards issued by the Lexington Postal Credit Union have been compromised and are being replaced, said Sharon Moore, president of the organization.
The likelihood that those debit cards would be used to make fraudulent purchases is slim, she said. But to be safe, the credit union is immediately blocking affected cards and ordering new ones for those customers.
"The risk is probably really low, but we don't want to play with that risk," Moore said.
After blocking the cards, Moore said, the credit union has been notifying the customers of the situation.
However, some customers who use their cards frequently have been learning of the issue the hard way Ð as they try to use their card and it is declined.
When the University of Kentucky Federal Credit Union was notified of compromised accounts, it flagged the accounts and ordered new debit cards for the customers, said interim CEO Greg Baker.
In the meantime, rather than blocking all transactions to those cards, Baker said the UK credit union has been lowering the limits on the charges that can be applied while still allowing the customer to use the card.
Baker declined to say how many credit union members have been affected, but he said none have been the victims of fraudulent purchases.
TJX has not said how many people's information might have been stolen nationwide.
The company said the stolen customer data included information from 2003 transactions, as well as information from mid-May 2006 through December, when the breach was discovered.
Avivah Litan, a data security analyst for Garter Inc., said it could be difficult for the company to determine the scope of the breach because the thieves had a lot of time to sell and circulate the information before the hacking was discovered.
Some of the customer data has been used to make fraudulent debit card and credit card purchases in Florida, Georgia, and Louisiana, and in Hong Kong and Sweden, according to the Massachusetts Bankers Association.
"We expect that this is going to continue and the fraud may widen," said Bruce Spitzer, spokesman for the Massachusetts group.
He said the cost to banks of reissuing hundreds of thousands of cards alone will be "enormous."
This kind of information breach is not uncommon in today's technology-driven economy.
But Heather Clary, spokeswoman for the Better Business Bureau of Central and Eastern Kentucky, said consumers can use technology to their advantage.
Rather than having to wait for a monthly statement, consumers now have the ability to catch fraud more quickly by checking their bank and credit card accounts online frequently.
"Diligence is the key," she said.
Clary also said consumers who notice something suspicious on their statements should notify their financial institutions immediately.
"Don't delay if you see something that's unauthorized," she said.
Credit card companies have noted that consumers are not responsible for fraudulent purchases, but it's easier to correct such situations when they're caught quickly.
Consumers should also protect against fraud by taking advantage of free annual credit reports, which are available at 1-877-322-8228 or at www. annualcreditreport.com.
Although major thefts of information like this one get lots of attention, Norris, of JP Morgan Chase, said most fraud "is still done the old fashioned way" Ð by thieves who steal cards, sift through the trash for account numbers or peek over consumers' shoulders to see their card numbers.
"You're more at risk if you aren't personally protecting your number," she said.
And some of them may want to watch the mail for a new debit card.
TJX, a Massachusetts-based company that operates T.J. Maxx, Marshall's, HomeGoods and several other retail chains in the United States and abroad, announced last week that an "unauthorized intruder" had hacked into the system that the company uses for credit and debit card transactions, checks and merchandise returns.
Because of the possibility of fraud, TJX notified the credit card companies of individuals whose credit and debit card information might have been compromised, and the credit firms have since been notifying financial institutions of their customers' situations.
Banks and credit unions decide whether to issue new cards to those customers or to keep an eye on their accounts for fraudulent transactions.
At JP Morgan Chase, "we constantly are monitoring and are involved in the fraud prevention," said spokeswoman Nancy Norris.
The company is not automatically issuing new cards to individuals whose account numbers might have been stolen, she said.
"We continuously monitor accounts for any suspicious behavior and notify cardmembers immediately if something unusual is detected," Chase said in a statement.
About 200 debit cards issued by the Lexington Postal Credit Union have been compromised and are being replaced, said Sharon Moore, president of the organization.
The likelihood that those debit cards would be used to make fraudulent purchases is slim, she said. But to be safe, the credit union is immediately blocking affected cards and ordering new ones for those customers.
"The risk is probably really low, but we don't want to play with that risk," Moore said.
After blocking the cards, Moore said, the credit union has been notifying the customers of the situation.
However, some customers who use their cards frequently have been learning of the issue the hard way Ð as they try to use their card and it is declined.
When the University of Kentucky Federal Credit Union was notified of compromised accounts, it flagged the accounts and ordered new debit cards for the customers, said interim CEO Greg Baker.
In the meantime, rather than blocking all transactions to those cards, Baker said the UK credit union has been lowering the limits on the charges that can be applied while still allowing the customer to use the card.
Baker declined to say how many credit union members have been affected, but he said none have been the victims of fraudulent purchases.
TJX has not said how many people's information might have been stolen nationwide.
The company said the stolen customer data included information from 2003 transactions, as well as information from mid-May 2006 through December, when the breach was discovered.
Avivah Litan, a data security analyst for Garter Inc., said it could be difficult for the company to determine the scope of the breach because the thieves had a lot of time to sell and circulate the information before the hacking was discovered.
Some of the customer data has been used to make fraudulent debit card and credit card purchases in Florida, Georgia, and Louisiana, and in Hong Kong and Sweden, according to the Massachusetts Bankers Association.
"We expect that this is going to continue and the fraud may widen," said Bruce Spitzer, spokesman for the Massachusetts group.
He said the cost to banks of reissuing hundreds of thousands of cards alone will be "enormous."
This kind of information breach is not uncommon in today's technology-driven economy.
But Heather Clary, spokeswoman for the Better Business Bureau of Central and Eastern Kentucky, said consumers can use technology to their advantage.
Rather than having to wait for a monthly statement, consumers now have the ability to catch fraud more quickly by checking their bank and credit card accounts online frequently.
"Diligence is the key," she said.
Clary also said consumers who notice something suspicious on their statements should notify their financial institutions immediately.
"Don't delay if you see something that's unauthorized," she said.
Credit card companies have noted that consumers are not responsible for fraudulent purchases, but it's easier to correct such situations when they're caught quickly.
Consumers should also protect against fraud by taking advantage of free annual credit reports, which are available at 1-877-322-8228 or at www. annualcreditreport.com.
Although major thefts of information like this one get lots of attention, Norris, of JP Morgan Chase, said most fraud "is still done the old fashioned way" Ð by thieves who steal cards, sift through the trash for account numbers or peek over consumers' shoulders to see their card numbers.
"You're more at risk if you aren't personally protecting your number," she said.
Canadian banks say no signs of credit card fraud victims after Winners breach
Several Canadian banks said Thursday they have had no reports of credit card fraud after a security breach at the parent company of Winners and HomeSense.
Officials at Royal Bank, Bank of Montreal, and TD Bank all told CBC News that they have seen no cases of fraud stemming from the breach at Massachusetts-based TJX Cos. Visa officials in Canada also said they have not seen cases of abuse from the case.
In an interview with CBC News, RBC spokeswoman Beja Rodeck encouraged customers to examine their accounts for any signs of credit card fraud. She added that customers will not be held responsible in cases of fraudulent use of their cards.
Customer information stolen from TJX has been used to make fraudulent debit and credit card purchases, the Massachusetts Bankers Association confirmed Wednesday. The fraudulent purchases were made in Florida, Georgia and Louisiana, as well as in Hong Kong and Sweden, the association said.
While the association made no mention of Canada, the Globe and Mail, quoting financial sources, reported Thursday that thousands of Canadians are indeed among the fraud victims.
Last week, TJX said hackers stole customer information from its computer systems.
Continue Article
<A TARGET="_blank" HREF="http://ad.doubleclick.net/click%3Bh=v8/34f2/3/0/%2a/g%3B71726569%3B0-0%3B0%3B11710857%3B4307-300/250%3B19898344/19916238/1%3B%3B%7Esscs%3D%3fhttp://clk.atdmt.com/OMT/go/cbcngint0030000042omt/direct/01/"><IMG SRC="http://m1.2mdn.net/1036098/qtw_en1_jan19_300x250_en.gif" BORDER=0></A>
The company has refused to say how many customers had their data stolen or accessed by a computer hacker, but the Globe and Mail reported it could be two million Visa credit card accounts in Canada and roughly 20 million worldwide.
The Massachusetts Bankers Association said it has heard from 60 of its 205 member banks and is expecting the number of fraud cases to grow.
TJX has not commented on these latest reports.
The company is considering offering free credit card monitoring to customers whose cards have been exposed.
A customer alert notification remains on the company's website — including on the Winners and HomeSense sites in Canada — advising people to find out whether they have been victims of fraud.
Officials at Royal Bank, Bank of Montreal, and TD Bank all told CBC News that they have seen no cases of fraud stemming from the breach at Massachusetts-based TJX Cos. Visa officials in Canada also said they have not seen cases of abuse from the case.
In an interview with CBC News, RBC spokeswoman Beja Rodeck encouraged customers to examine their accounts for any signs of credit card fraud. She added that customers will not be held responsible in cases of fraudulent use of their cards.
Customer information stolen from TJX has been used to make fraudulent debit and credit card purchases, the Massachusetts Bankers Association confirmed Wednesday. The fraudulent purchases were made in Florida, Georgia and Louisiana, as well as in Hong Kong and Sweden, the association said.
While the association made no mention of Canada, the Globe and Mail, quoting financial sources, reported Thursday that thousands of Canadians are indeed among the fraud victims.
Last week, TJX said hackers stole customer information from its computer systems.
Continue Article
<A TARGET="_blank" HREF="http://ad.doubleclick.net/click%3Bh=v8/34f2/3/0/%2a/g%3B71726569%3B0-0%3B0%3B11710857%3B4307-300/250%3B19898344/19916238/1%3B%3B%7Esscs%3D%3fhttp://clk.atdmt.com/OMT/go/cbcngint0030000042omt/direct/01/"><IMG SRC="http://m1.2mdn.net/1036098/qtw_en1_jan19_300x250_en.gif" BORDER=0></A>
The company has refused to say how many customers had their data stolen or accessed by a computer hacker, but the Globe and Mail reported it could be two million Visa credit card accounts in Canada and roughly 20 million worldwide.
The Massachusetts Bankers Association said it has heard from 60 of its 205 member banks and is expecting the number of fraud cases to grow.
TJX has not commented on these latest reports.
The company is considering offering free credit card monitoring to customers whose cards have been exposed.
A customer alert notification remains on the company's website — including on the Winners and HomeSense sites in Canada — advising people to find out whether they have been victims of fraud.
Credit card fears widen
Anne Marie Jean of Brockton wasn't scared away from shopping at A.J. Wright in Brockton this week, but since reports that credit and debit card numbers were stolen from its parent company, TJX Companies, she'll think twice about using anything but cash.
“I would be worried,” she said of using her card, even though she has done so in the past.
Local bankers are worried, too. Local banks and credit unions are reissuing thousands of cards to their customers who may have been affected, but the scope of the data theft is still unclear. Framingham-based TJX Companies, the parent company of U.S. stores T.J. Maxx, HomeGoods, Marshalls, A.J.Wright and Bob's Stores, reported Jan. 17 that computer hackers gained access to an undetermined number of credit card and debit card numbers in a security breach in December — possibly committed by a high-tech, international organized crime ring.
Hackers may have data associated with purchases made in 2003, and between May and December in 2006, according to a statement from the company.
The company has determined that transactions at Bob's Stores were not involved in the security breach, according to an advertisement in today's paper.
Last week, evidence of the stolen data began to appear on the bank statements of innocent consumers. According to news reports on TheBostonChannel.com, Paula O'Rourke, of Holbrook was a victim of credit card fraud in December after shopping at HomeGoods in Florida.
She believes the fraudulent purchases stem from the use of her card there.
Meanwhile, bank and credit union workers scrambled to protect their customers.
“We have a whole team of people working on this,” said Jim Blake, president and CEO of Brockton-based HarborOne Credit Union.
While the company is still investigating the records of Bob's Stores purchases, customers who made purchases at any of its other American stores may have had their credit card or debit card information stolen, said a TJX customer service representative.
While the card numbers weren't associated with names or addresses, some of them have been used to make fraudulent purchases in Florida, Georgia, Louisiana, and abroad in Hong Kong and Sweden.
“That says to me that this information has been sold,” said Blake. “These are not people operating out of a basement in a building. They are highly trained — some at U.S. universities — working for organized crime units around the world, mostly outside of the U.S.”
In addition to using the numbers to make purchases, thieves are also mining sources for data associated with those numbers to steal entire financial identities, Blake said.
“You could wake up one day with a $300,000 mortgage on a house in Florida, but no house,” he said.
To protect members of HarborOne Credit union, 9,000 new cards will be issued to some of its 97,000 members. Rather than wait for a report of fraudulent activity, the credit union will issue new cards to any account identified by Visa or Mastercard as associated with the TJX security breach, Blake said. The processing and replacement cards will cost the credit union $100,000, he added.
Security breaches occur on nearly a monthly basis, Blake said, but this is the largest to date.
Randolph Savings Bank will issue 1,500 new cards to its affected members, said Tom Trummey, senior vice president and chief operating officer. The compromised accounts represent a small percentage of the 12,000 cards issued by that bank, he said.
But Trummey himself had to get a new card, since he had used his Randolph Savings Bank debit card to holiday shop at area T.J.Maxx and Marshalls stores, and his account was compromised.
But he hasn't been scared away from making electronic purchases, he said. Neither was Andrea Beaumont of Taunton, who was shopping at T.J. Maxx in Taunton Friday. “I just figure I'll be lucky, I guess.”
Many consumers continue to try their luck, and rightly so, said John Hurst, president of the Retailers Association of Massachusetts. “People shouldn't feel they should pay for everything with cash. Making electronic purchases can be safer than carrying around a lot of cash, and you are protected,” he said.
Consumers are “held harmless” for fraudulent purchases, he said. “They're not going to charge you for criminal activity on your account. Report it immediately, and you'll be OK,” he said.
Some consumers forego the conscientious approach, but still aren't worried. Sarah Seavey, of Norton, was shopping with her card Friday at T.J. Maxx in Taunton, but she doesn't think the number would do thieves any good. “There no money in the account anyway,” she said.
Officials at Bristol County Savings Bank in Taunton declined to be interviewed for this story.
“I would be worried,” she said of using her card, even though she has done so in the past.
Local bankers are worried, too. Local banks and credit unions are reissuing thousands of cards to their customers who may have been affected, but the scope of the data theft is still unclear. Framingham-based TJX Companies, the parent company of U.S. stores T.J. Maxx, HomeGoods, Marshalls, A.J.Wright and Bob's Stores, reported Jan. 17 that computer hackers gained access to an undetermined number of credit card and debit card numbers in a security breach in December — possibly committed by a high-tech, international organized crime ring.
Hackers may have data associated with purchases made in 2003, and between May and December in 2006, according to a statement from the company.
The company has determined that transactions at Bob's Stores were not involved in the security breach, according to an advertisement in today's paper.
Last week, evidence of the stolen data began to appear on the bank statements of innocent consumers. According to news reports on TheBostonChannel.com, Paula O'Rourke, of Holbrook was a victim of credit card fraud in December after shopping at HomeGoods in Florida.
She believes the fraudulent purchases stem from the use of her card there.
Meanwhile, bank and credit union workers scrambled to protect their customers.
“We have a whole team of people working on this,” said Jim Blake, president and CEO of Brockton-based HarborOne Credit Union.
While the company is still investigating the records of Bob's Stores purchases, customers who made purchases at any of its other American stores may have had their credit card or debit card information stolen, said a TJX customer service representative.
While the card numbers weren't associated with names or addresses, some of them have been used to make fraudulent purchases in Florida, Georgia, Louisiana, and abroad in Hong Kong and Sweden.
“That says to me that this information has been sold,” said Blake. “These are not people operating out of a basement in a building. They are highly trained — some at U.S. universities — working for organized crime units around the world, mostly outside of the U.S.”
In addition to using the numbers to make purchases, thieves are also mining sources for data associated with those numbers to steal entire financial identities, Blake said.
“You could wake up one day with a $300,000 mortgage on a house in Florida, but no house,” he said.
To protect members of HarborOne Credit union, 9,000 new cards will be issued to some of its 97,000 members. Rather than wait for a report of fraudulent activity, the credit union will issue new cards to any account identified by Visa or Mastercard as associated with the TJX security breach, Blake said. The processing and replacement cards will cost the credit union $100,000, he added.
Security breaches occur on nearly a monthly basis, Blake said, but this is the largest to date.
Randolph Savings Bank will issue 1,500 new cards to its affected members, said Tom Trummey, senior vice president and chief operating officer. The compromised accounts represent a small percentage of the 12,000 cards issued by that bank, he said.
But Trummey himself had to get a new card, since he had used his Randolph Savings Bank debit card to holiday shop at area T.J.Maxx and Marshalls stores, and his account was compromised.
But he hasn't been scared away from making electronic purchases, he said. Neither was Andrea Beaumont of Taunton, who was shopping at T.J. Maxx in Taunton Friday. “I just figure I'll be lucky, I guess.”
Many consumers continue to try their luck, and rightly so, said John Hurst, president of the Retailers Association of Massachusetts. “People shouldn't feel they should pay for everything with cash. Making electronic purchases can be safer than carrying around a lot of cash, and you are protected,” he said.
Consumers are “held harmless” for fraudulent purchases, he said. “They're not going to charge you for criminal activity on your account. Report it immediately, and you'll be OK,” he said.
Some consumers forego the conscientious approach, but still aren't worried. Sarah Seavey, of Norton, was shopping with her card Friday at T.J. Maxx in Taunton, but she doesn't think the number would do thieves any good. “There no money in the account anyway,” she said.
Officials at Bristol County Savings Bank in Taunton declined to be interviewed for this story.
Credit card fraud could be stopped
In the future, identity thieves and Internet hackers may find themselves out of a job - or at least that's what one Calgary scientist is hoping.
Wolfgang Tittel, from the University of Calgary's Centre for Information Security and Cryptography, is working on a way to secure personal information to stop those trying to gain unauthorized access.
His approach marries quantum information science with encryption technology. The offspring of these - he hopes - will be a system that moves data on light particles so fast, it essentially teleports it from one end to another.
Tamper-proof info
To achieve this ultra-secure state, Dr Tittel is using fibre optics to send data on photons. The fibre optics would act as superhighways for bits of information. Hypothetically, this data would move so fast that any attempt by a hacker to obtain private information would interrupt the flow and alter the encryption in such a way that it would show it has been tampered with.
A fundamental law in quantum physics holds that it is impossible for a hacker to access a key without changing it: In this application, security codes would be carried in bundles with a particular configuration. If the bundles were disrupted during transmission, they re-configure and the information scrambles.
Today and tomorrow
At the moment, there is no way to tell whether a key has been accessed. Some technologies are capable of scrambling the information for short periods of time, but they still leave questions as to whether it was copied.
But Dr. Tittel is working to change that in the next several years. While he notes that initial uses will likely be the military, he projects that one day, everything from Internet banking to medical records will be hacker-proof.
Wolfgang Tittel, from the University of Calgary's Centre for Information Security and Cryptography, is working on a way to secure personal information to stop those trying to gain unauthorized access.
His approach marries quantum information science with encryption technology. The offspring of these - he hopes - will be a system that moves data on light particles so fast, it essentially teleports it from one end to another.
Tamper-proof info
To achieve this ultra-secure state, Dr Tittel is using fibre optics to send data on photons. The fibre optics would act as superhighways for bits of information. Hypothetically, this data would move so fast that any attempt by a hacker to obtain private information would interrupt the flow and alter the encryption in such a way that it would show it has been tampered with.
A fundamental law in quantum physics holds that it is impossible for a hacker to access a key without changing it: In this application, security codes would be carried in bundles with a particular configuration. If the bundles were disrupted during transmission, they re-configure and the information scrambles.
Today and tomorrow
At the moment, there is no way to tell whether a key has been accessed. Some technologies are capable of scrambling the information for short periods of time, but they still leave questions as to whether it was copied.
But Dr. Tittel is working to change that in the next several years. While he notes that initial uses will likely be the military, he projects that one day, everything from Internet banking to medical records will be hacker-proof.
Tuesday, February 06, 2007
Three held after credit card fraud hits city
POLICE have arrested three men in connection with a credit card fraud that has been sweeping the city.
An extensive investigation into the scam was launched after police received 42 complaints from the public about dodgy transactions appearing on their statements.
MMostMost of the victims had never visited the countries where the transactions took place.
Money had gone from unsuspecting victim's accounts and payments had been made from all over the world, including right across Europe and as far away as Malaysia.
Money had gone from unsuspecting victim's accounts and payments had been made from all over the world, including right across Europe and as far away as Malaysia.
Officers noticed all the victims had used their cards in the Texaco garage, Eastern Road, Portsmouth.
It is thought a card-skimming scam may have been in operation, where fraudsters tamper with credit card machines to copy card details. They then use these to make fake transactions and payments.
At 8am today officers from Fratton CID arrested three men, all from Portsmouth, aged 30, 37 and 39.
They are being held in custody in Portsmouth on suspicion of conspiracy to commit theft.
Detective Constable Jon Knox said: 'There is an ongoing investigation into irregular transactions on people's credit cards. There was a large operation this morning and as a result three people have been arrested.
'The proprietor of the Texaco has been fully co-operative.
'He had aided police in this investigation and he is
not a suspect,' he said.
Anyone with information about the fraud is asked to call police on 0845 045 4545
An extensive investigation into the scam was launched after police received 42 complaints from the public about dodgy transactions appearing on their statements.
MMostMost of the victims had never visited the countries where the transactions took place.
Money had gone from unsuspecting victim's accounts and payments had been made from all over the world, including right across Europe and as far away as Malaysia.
Money had gone from unsuspecting victim's accounts and payments had been made from all over the world, including right across Europe and as far away as Malaysia.
Officers noticed all the victims had used their cards in the Texaco garage, Eastern Road, Portsmouth.
It is thought a card-skimming scam may have been in operation, where fraudsters tamper with credit card machines to copy card details. They then use these to make fake transactions and payments.
At 8am today officers from Fratton CID arrested three men, all from Portsmouth, aged 30, 37 and 39.
They are being held in custody in Portsmouth on suspicion of conspiracy to commit theft.
Detective Constable Jon Knox said: 'There is an ongoing investigation into irregular transactions on people's credit cards. There was a large operation this morning and as a result three people have been arrested.
'The proprietor of the Texaco has been fully co-operative.
'He had aided police in this investigation and he is
not a suspect,' he said.
Anyone with information about the fraud is asked to call police on 0845 045 4545
Chip-based cards may cut into fraud
Credit and debit cards embedded with computer chips have virtually wiped out the kind of security breaches that compromised millions of cards used at Winners and HomeSense stores in Canada, industry officials say. But it will be another three years before the cards are widely available in Canada.
Some Royal Bank Avion cards have embedded chips, but few merchants are equipped to take advantage of the feature. The cards are for the convenience of international travellers.
The first major rollout in Canada of chip-based cards will begin later this year as consumers' existing cards begin expiring, according to Visa Canada. Some Canadian retailers already have the kind of readers required to use the cards, but it will take until 2010 to replace all the millions of cards and card readers in use across Canada.
"It's really a large-scale investment on the part of the payments industry," said Kirkland Morris, assistant vice-president of strategic policy and programs at the Interac Association of Canada.
Interac, which represents debit-card issuers in Canada, along with Visa and MasterCard in Canada are participating in a pilot project this fall in Kitchener-Waterloo to test the cards, as well as the readers and network required for processing.
Countries in Europe and Asia that have adopted chip cards, also called smart cards, say the cost of card fraud has been cut by as much as 80 per cent. "We're really excited about what this is going to do for us," said Gord Jamieson, director of risk management and security for Visa Canada.
Card fraud in Canada is a multi-billion-dollar problem that's growing every year, partly because fraud artists have moved to countries that don't yet have chip technology, Jamieson said. Last year, credit- and debit-card fraud added up to more than $360 million, with credit cards bearing the brunt of the cost and counterfeit cards accounting for most of the crime.
No one is guaranteeing smart cards will end the kind of fraud that occurred after hackers broke into computer at Winners parent TJX Cos. Inc., putting millions of cards at risk.
"We never say chips are impossible to crack," said William Giles, vice-president of advance payments for MasterCard Worldwide. "We're making it so the economics aren't there. If it takes you 20 years to do it, or costs $20,000 to do it, the economics aren't there. You may hear about labs that do attacks on chip cards. They're not economically viable attacks."
The fallout from the security breach at TJX continued last week as bankers in the company's home state of Massachusetts confirmed that a handful of the compromised cards had been used for fraudulent activity. In Canada, the banks say they are monitoring any exposed credit card account numbers but have not seen any suspect transactions so far.
"If we do, we're going to contact those customers right away," said Kelly Hechler, a spokesperson for the Toronto Dominion Bank.
Current security features limit credit-card fraud by making the cards difficult to replicate, said Visa's Jamieson. As well, banks and other card issuers have systems to issue alerts about unusual activity. In addition, Visa's Zero Liability policy means cardholders are protected from the cost of any fraud that occurs on their accounts.
Still, the TJX incident has prompted renewed calls from consumers for tougher protective security measures. The card industry says consumers will get that with the new chip-based cards.
The industry is also implementing two other features to curb fraud. For the first time in Canada, a consumer will have to punch in a personal identification number, or PIN, instead of a signature, to use a credit card. Merchants will also be required to meet tougher standards for the collection and storage of card data.
Though PINs don't eliminate fraud, they do make it more difficult, MasterCard's Giles said.
That security feature saved Canadian debit-card users from being compromised in the TJX breach, because the cards are useless without the PIN, Interac spokesperson Tina Romano said. "Debit cards in Canada were not affected," she said.
That's not the case in the United States, where some debit cards require only a signature.
The payment-card industry is already pressing retailers to meet higher security standards.
"We prohibit the storage of what we call full track data, which is everything that's on the magnetic stripe, including the account information, the expiry date and the CVV," a special security code, said Visa's Jamieson. "Obviously, not everybody adheres to that."
He said 94 per cent of Visa's top merchants in Canada are in the process of ensuring they measure up.
To the consumer, making a purchase with a chip-based credit card will seem fairly familiar. Much like with a debit-card purchase today, the consumer will put a card into a reader. But instead of swiping the card through the reader, the owner will leave the card in place throughout the transaction while punching in the PIN and confirming the purchase.
Behind the scenes, the transaction will look quite different, because the reader can now obtain much of the information it needs directly from the card, including the authenticity of the PIN, instead of retrieving it over the network from the cardholder's financial institution.
As well, the banks can continually upgrade and change the "public and private keys" used to encrypt the cardholders' data.
The cards could also reduce the risk of shopping online, the industry said, if consumers installed card readers at home to communicate with merchants' sites and require PINs before registering payments.
Security isn't the only reason the card industry can't wait to get smart cards into consumers' hands. The cards also open up a whole new window of marketing and promotion opportunities. Smart cards can be loaded, for example, with all the customers' loyalty-program information. Chip cards can be programmed to make small "contactless" payments – over wireless networks that don't require PINs – at such places as fast-food restaurants and transit stations where speed is of the essence.
So, if chip-card technology is so attractive, why is it taking so long to get to Canada, which is known for having a banking industry among the most automated in the world?
Europe got an early start with France adopting its own proprietary system in the 1980s. As fraudulent activity began migrating, France's neighbours had to follow its example to protect themselves.
But an international standard wasn't set up until 1996, said MasterCard's Giles. The fact that the U.S. shows few signs of adopting chip technology anytime soon is also a factor.
"We can't ignore the fact that we share a border with the U.S.," he said. He hopes Canada's decision to forge ahead will help spur on the U.S.
Meanwhile, Visa's Jamieson said, the number of people likely to be defrauded from the TJX security breach will probably be very small compared with the number the company said were compromised. TJX has said the hackers got access to cards used over a long period, including all of 2003 and from last May to December. That could encompass millions of transactions, observers have said.
But those cards and the networks used for processing are loaded with security features that make the cards difficult to replicate and use, he said.
Some Royal Bank Avion cards have embedded chips, but few merchants are equipped to take advantage of the feature. The cards are for the convenience of international travellers.
The first major rollout in Canada of chip-based cards will begin later this year as consumers' existing cards begin expiring, according to Visa Canada. Some Canadian retailers already have the kind of readers required to use the cards, but it will take until 2010 to replace all the millions of cards and card readers in use across Canada.
"It's really a large-scale investment on the part of the payments industry," said Kirkland Morris, assistant vice-president of strategic policy and programs at the Interac Association of Canada.
Interac, which represents debit-card issuers in Canada, along with Visa and MasterCard in Canada are participating in a pilot project this fall in Kitchener-Waterloo to test the cards, as well as the readers and network required for processing.
Countries in Europe and Asia that have adopted chip cards, also called smart cards, say the cost of card fraud has been cut by as much as 80 per cent. "We're really excited about what this is going to do for us," said Gord Jamieson, director of risk management and security for Visa Canada.
Card fraud in Canada is a multi-billion-dollar problem that's growing every year, partly because fraud artists have moved to countries that don't yet have chip technology, Jamieson said. Last year, credit- and debit-card fraud added up to more than $360 million, with credit cards bearing the brunt of the cost and counterfeit cards accounting for most of the crime.
No one is guaranteeing smart cards will end the kind of fraud that occurred after hackers broke into computer at Winners parent TJX Cos. Inc., putting millions of cards at risk.
"We never say chips are impossible to crack," said William Giles, vice-president of advance payments for MasterCard Worldwide. "We're making it so the economics aren't there. If it takes you 20 years to do it, or costs $20,000 to do it, the economics aren't there. You may hear about labs that do attacks on chip cards. They're not economically viable attacks."
The fallout from the security breach at TJX continued last week as bankers in the company's home state of Massachusetts confirmed that a handful of the compromised cards had been used for fraudulent activity. In Canada, the banks say they are monitoring any exposed credit card account numbers but have not seen any suspect transactions so far.
"If we do, we're going to contact those customers right away," said Kelly Hechler, a spokesperson for the Toronto Dominion Bank.
Current security features limit credit-card fraud by making the cards difficult to replicate, said Visa's Jamieson. As well, banks and other card issuers have systems to issue alerts about unusual activity. In addition, Visa's Zero Liability policy means cardholders are protected from the cost of any fraud that occurs on their accounts.
Still, the TJX incident has prompted renewed calls from consumers for tougher protective security measures. The card industry says consumers will get that with the new chip-based cards.
The industry is also implementing two other features to curb fraud. For the first time in Canada, a consumer will have to punch in a personal identification number, or PIN, instead of a signature, to use a credit card. Merchants will also be required to meet tougher standards for the collection and storage of card data.
Though PINs don't eliminate fraud, they do make it more difficult, MasterCard's Giles said.
That security feature saved Canadian debit-card users from being compromised in the TJX breach, because the cards are useless without the PIN, Interac spokesperson Tina Romano said. "Debit cards in Canada were not affected," she said.
That's not the case in the United States, where some debit cards require only a signature.
The payment-card industry is already pressing retailers to meet higher security standards.
"We prohibit the storage of what we call full track data, which is everything that's on the magnetic stripe, including the account information, the expiry date and the CVV," a special security code, said Visa's Jamieson. "Obviously, not everybody adheres to that."
He said 94 per cent of Visa's top merchants in Canada are in the process of ensuring they measure up.
To the consumer, making a purchase with a chip-based credit card will seem fairly familiar. Much like with a debit-card purchase today, the consumer will put a card into a reader. But instead of swiping the card through the reader, the owner will leave the card in place throughout the transaction while punching in the PIN and confirming the purchase.
Behind the scenes, the transaction will look quite different, because the reader can now obtain much of the information it needs directly from the card, including the authenticity of the PIN, instead of retrieving it over the network from the cardholder's financial institution.
As well, the banks can continually upgrade and change the "public and private keys" used to encrypt the cardholders' data.
The cards could also reduce the risk of shopping online, the industry said, if consumers installed card readers at home to communicate with merchants' sites and require PINs before registering payments.
Security isn't the only reason the card industry can't wait to get smart cards into consumers' hands. The cards also open up a whole new window of marketing and promotion opportunities. Smart cards can be loaded, for example, with all the customers' loyalty-program information. Chip cards can be programmed to make small "contactless" payments – over wireless networks that don't require PINs – at such places as fast-food restaurants and transit stations where speed is of the essence.
So, if chip-card technology is so attractive, why is it taking so long to get to Canada, which is known for having a banking industry among the most automated in the world?
Europe got an early start with France adopting its own proprietary system in the 1980s. As fraudulent activity began migrating, France's neighbours had to follow its example to protect themselves.
But an international standard wasn't set up until 1996, said MasterCard's Giles. The fact that the U.S. shows few signs of adopting chip technology anytime soon is also a factor.
"We can't ignore the fact that we share a border with the U.S.," he said. He hopes Canada's decision to forge ahead will help spur on the U.S.
Meanwhile, Visa's Jamieson said, the number of people likely to be defrauded from the TJX security breach will probably be very small compared with the number the company said were compromised. TJX has said the hackers got access to cards used over a long period, including all of 2003 and from last May to December. That could encompass millions of transactions, observers have said.
But those cards and the networks used for processing are loaded with security features that make the cards difficult to replicate and use, he said.
Man allegedly stole $20,000 in electronics through credit card fraud
A Bermuda Dunes man is in jail after police found $20,000 worth of property in his home that he bought with fake credit cards, authorities reported today.
Officers from the La Quinta Police Department responded to an in-progress credit card fraud that occurred Sunday at the La Quinta Circuit City store, according to a news release from the Riverside County Sheriff's Department. Officers determined that a suspect fled prior to the their arrival. Investigators from the Indio Sheriff's Station Investigation Bureau were called and assumed the investigation.
They were able to identify the suspect, Marc Rossworn, 43, from Bermuda Dunes, the release said.
During a consensual search of his residence, all of the property that was bought through the use of fraudulent credit cards was recovered. Additional electronic equipment that was purchased in the City of Palm Desert also was recovered.
The value of the property that was recovered was estimated at $ 20,000.
Investigators arrested and booked Rossworn at the Indio Jail for commercial burglary, receiving stolen property, use of fraudulent credit cards and conspiracy.
His bail was set at $25,000.
Officers from the La Quinta Police Department responded to an in-progress credit card fraud that occurred Sunday at the La Quinta Circuit City store, according to a news release from the Riverside County Sheriff's Department. Officers determined that a suspect fled prior to the their arrival. Investigators from the Indio Sheriff's Station Investigation Bureau were called and assumed the investigation.
They were able to identify the suspect, Marc Rossworn, 43, from Bermuda Dunes, the release said.
During a consensual search of his residence, all of the property that was bought through the use of fraudulent credit cards was recovered. Additional electronic equipment that was purchased in the City of Palm Desert also was recovered.
The value of the property that was recovered was estimated at $ 20,000.
Investigators arrested and booked Rossworn at the Indio Jail for commercial burglary, receiving stolen property, use of fraudulent credit cards and conspiracy.
His bail was set at $25,000.
While most people worry about their credit card information falling into the wrong hands, there is a more ominous problem out there: Identity. Your identity is a collection of information that your doctor, insurance company, bank, credit card companies, employer and others have on file. These companies and people will have your social security number, your address and your date of birth. One misstep by any of these entities and you could be in big trouble.
Once a crook gets your identity, they will usually want to add a new address to your credit. This way they can get the bills for their new credit cards sent to them and not you. They can use your identity and sign up for credit cards without you even knowing it. This was done once to me when they purchased a cell phone in my name. Later they opened up credit card accounts and started charging.
There are several things you should do if your identity has been compromised. You should contact your credit card companies and let them know what happened. They may want to issue you a new credit card with a new number and PIN (Personal Identification Number).
Identity Guard
You will also want to contact the three credit reporting bureaus and place a fraud alert on your credit file. The three companies are Experian, Equifax and Transunion. This will make it hard for the crooks to sign-up for new credit cards with your name on them.
There are two types of alerts to consider. The first is an “Initial Alert” which stays on your credit record for 90 days. You can renew the alert as many times as you want with a simple phone call. Usually when you notify one credit reporting agency they will notify the other two. This will make it nearly impossible for the crooks to open new accounts. I chose to use the “Initial Alert” and called in to extend it several times.
The next alert is called an “Extended Alert”. This will stay on file with the credit reporting agencies for seven years. The “Extended Alert” will allow you to get a copy of your credit report twice. The “Extended Alert” will also remove your name from the pre-screened credit offers marketing lists for a period of five years. Martin Sumner in an article titled “Coping with ID Theft” recommends the seven year “Extended Alert” if your identity has been compromised.
It is a good idea for people to get some sort of credit monitoring service. This type of service will notify you when someone has placed a new address on your account or added a new credit card or loan to your ID. They usually offer free credit reports yearly as well. There are many services available, so you will want to compare prices and features before you decide.
Once a crook gets your identity, they will usually want to add a new address to your credit. This way they can get the bills for their new credit cards sent to them and not you. They can use your identity and sign up for credit cards without you even knowing it. This was done once to me when they purchased a cell phone in my name. Later they opened up credit card accounts and started charging.
There are several things you should do if your identity has been compromised. You should contact your credit card companies and let them know what happened. They may want to issue you a new credit card with a new number and PIN (Personal Identification Number).
Identity Guard
You will also want to contact the three credit reporting bureaus and place a fraud alert on your credit file. The three companies are Experian, Equifax and Transunion. This will make it hard for the crooks to sign-up for new credit cards with your name on them.
There are two types of alerts to consider. The first is an “Initial Alert” which stays on your credit record for 90 days. You can renew the alert as many times as you want with a simple phone call. Usually when you notify one credit reporting agency they will notify the other two. This will make it nearly impossible for the crooks to open new accounts. I chose to use the “Initial Alert” and called in to extend it several times.
The next alert is called an “Extended Alert”. This will stay on file with the credit reporting agencies for seven years. The “Extended Alert” will allow you to get a copy of your credit report twice. The “Extended Alert” will also remove your name from the pre-screened credit offers marketing lists for a period of five years. Martin Sumner in an article titled “Coping with ID Theft” recommends the seven year “Extended Alert” if your identity has been compromised.
It is a good idea for people to get some sort of credit monitoring service. This type of service will notify you when someone has placed a new address on your account or added a new credit card or loan to your ID. They usually offer free credit reports yearly as well. There are many services available, so you will want to compare prices and features before you decide.
Don’t Let Selling Internationally Scare You
Matt Alper launched Copshoes.com three years ago from his living room in San Antonio, Texas. His idea was to sell specialized shoes and boots to police, firemen and security personnel. Now, three years later, he’s moved into his own warehouse, he has 11 employees and 10 percent of his total sales come from outside of the U.S.
“We’ve learned many lessons about selling internationally,” said Alper. “The two primary issues are credit-card fraud and shipping. Any U.S.-based ecommerce business that sells internationally deals with them. It’s not just us.”
Credit Card Pro Offers Fraud Prevention Steps
John Waldron is co-owner of e-onlinedata, inc., a credit-card merchant-account provider. e-onlinedata assists thousands of ecommerce merchants with domestic and overseas credit-card transactions, and he offers the following advice for merchants who wish accept credit-card payments from international customers.
1. Ask customer for fax verification. For suspect orders or large orders, ask the customer to fax the front and back of his credit card as well as a form of identification. This is better than a phone call.
2. Call your credit-card processor. Your credit-card processor has a staff to assist you with questionable orders. Rely on their expertise.
3. Analyze the order, and be skeptical. Why would a customer purchase, for example, 10 routers? Likewise, why would an overseas customer request overnight shipping?
4. Overseas banks are different. Many overseas banks don’t support the card-code verification system, and they can’t verify billing addresses. Be aware, therefore, that these fraud-prevention steps may not help you with cards that have been issued from such banks.
5. Do a BIN look-up. The first six digits of a credit card are called the bank identification number, or BIN. They tell you which bank has issued the credit card. Go to http://all-nettools.com/toolbox,financial, and enter these six digits. If the issuing bank is located in a country that is different from where the order is originating, you should investigate further.
6. Purchase fraud-detection tools. Many credit-card banks and payment gateways offer effective fraud detection tools that are incredibly inexpensive. Use these tools.
Credit-card Fraud Issues
Credit-card fraud occurs when a thief steals a credit-card number (or, purchases a stolen credit-card number) and uses that number to buy legitimate goods and services from an unsuspecting merchant. The merchant will not get paid for the merchandise, but he’ll have to pay the credit card fees and he’ll lose the merchandise because he’s shipped it to the thief. This type of fraud happens every day, and everyone agrees ecommerce merchants selling products internationally are especially vulnerable. That’s because many developing and Third-World countries do not and cannot properly police these thieves and, moreover, the market for buying and selling stolen credit-card numbers is largely outside of U.S. boundaries.
U.S.-based ecommerce merchants who sell products internationally quickly learn these lessons and take appropriate precautions. Ben Boxall is president of VR3 Wholesale, a Los Angeles-based importer, wholesaler and retailer of aftermarket automotive products. Boxall’s company sells its products through several ecommerce sites (vr-3.com, vr3wholesale.com and roadmasterusa.com) it owns and operates.
“We export roughly 1,200 orders a week outside of the U.S.,” says Boxall. “And we’ve learned many credit-card fraud precautions. For one, there are certain countries that we simply will not ship orders to because we’ve received too many fraudulent cards from them. These countries include Latvia, Nigeria, Czech Republic and many others.”
“Second, we individually review each order over $250. We call every customer who placed that order unless it’s a repeat customer who’s previously been approved by us. For our company, we’ve found that fraudulent orders are generally greater than $250 each.”
Boxall continues, “We have other checks, too. We never ship to a post office box. We always compare the credit card billing address to the shipping address. And, we have what I call our ‘too-good-to-be-true rule.’ That is, if an order arrives that’s too good or simply doesn’t look right, we’ll refund the credit-card charge and reject the order. That probably cost us some legitimate business, but it also prevents us from losing money from stolen credit cards.”
AdvertisementStarCom (NetSol)
Copshoes.com’s Alper will not ship to Venezuela, Indonesia or Nigeria, among other countries. “I once shipped goods to Indonesia that were, as it turns out, purchased with a stolen credit card,” says Alper. “I got so angry that I called the Indonesian embassy in Washington, D.C. It was unbelievable. They told me they couldn’t help because the Indonesian national broke no Indonesian law since it was a stolen American card. So I learned a lesson there.”
Alper agrees with Boxall that an experienced merchant can frequently detect fraudulent orders. Alper says that sudden orders from a single country will raise concerns, as will large purchase amounts and orders with multiple quantities of the same product.
Shipping Hurdles
But credit-card fraud is not the only concern for merchants who sell internationally. How to ship the products, many experienced merchants say, is the other primary issue.
Mark Romero is co-owner of Siamese Dream, a California-based retailer of clothing and gift items. Romero launched the business in 1998 as a brick-and-mortar operation, and he created Siamese-dream.com, its ecommerce site, in 1999. The business has five employees in addition to Romero, and roughly 7 percent of overall sales are outside of the U.S.
“We’ve shipped products to 19 different countries,” says Romero. “We’ve found that sending these via the United States Postal Service works best. It’s far cheaper for us than using, say, UPS or FedEx. And, we’ve found the shipments seem to clear the overseas customs process better using USPS than the other carriers.”
Many merchants agree USPS is less expensive for smaller international packages than private carriers such as UPS and FedEx. But, these merchants say, there are drawbacks. For one, merchants cannot track an international package using USPS, but they can track it using private carriers. Second, the USPS coordinates its international shipments with the postal services of recipient countries and, depending on the country, the local postal service may be unreliable.
“You learn,” says Copshoes.com’s Alper, “which countries have good postal services and which do not. Canada, England, Greece and others are quite good. But China’s postal service, for example, is terrible.”
“Lots of international customers don’t understand how expensive shipping can be,” said Romero. “It can be a material portion of the purchase and we are careful to find the least expensive shipping option for them.”
Alper has installed a shipping calculator on his site to assist his international customers determine the shipping cost. He uses the USPS for his international shipments. “The USPS is by far the cheapest, but the lack of tracking can be a problem. Also, if a package is lost, you are frequently dealing with local, overseas postal services. That can be a real hassle.”
VR3’s Boxall agrees that, for smaller packages, the USPS is the cheapest. But for cartons and pallets of goods, Boxall says that he uses UPS. “The UPS provides very helpful information for international shipments,” said Boxall. “I’d encourage merchants to visit both the UPS website and the USPS site. They have lots of advice to help with overseas shipments.”
Boxall also relies on his order-management software to help manage international shipments. Says Boxall, “We use Interapptive’s ShipWorks software to manage all of our orders, including international ones. It’s incredibly helpful. It sorts between domestic and international orders and it automatically prints shipping labels and customs forms — saves us tons of time.”
For ecommerce merchants who ship with the USPS, Boxall offers this advice. “You can negotiate volume discounts with the postal service for certain types of shipments. Many folks don’t realize that. Also, we use boxes and forms supplied by the postal service, which reduces our costs. Because of our volume, the postal service has even agreed to customize boxes for us with our VR3 logo for no additional cost. “
All three merchants have learned valuable lessons about international sales in addition to credit-card fraud and shipping matters. “Toll free numbers don’t work overseas,” says Copshoes.com’s Alper. “Selling products in local currencies can increase your profit margin,” says VR3’s Boxall. “Make sure the customer realizes he’s responsible for import tariffs and customs’ fees,” says Siamese Dream’s Romero.
The three merchants also agree that, in the end, the extra effort is worth it. “It’s far too big of a market to ignore,” said Matt Alper. “It’s profitable business for us, international customers tend to be repeat buyers, and it’s a segment of our business that we hope to grow.”
“We’ve learned many lessons about selling internationally,” said Alper. “The two primary issues are credit-card fraud and shipping. Any U.S.-based ecommerce business that sells internationally deals with them. It’s not just us.”
Credit Card Pro Offers Fraud Prevention Steps
John Waldron is co-owner of e-onlinedata, inc., a credit-card merchant-account provider. e-onlinedata assists thousands of ecommerce merchants with domestic and overseas credit-card transactions, and he offers the following advice for merchants who wish accept credit-card payments from international customers.
1. Ask customer for fax verification. For suspect orders or large orders, ask the customer to fax the front and back of his credit card as well as a form of identification. This is better than a phone call.
2. Call your credit-card processor. Your credit-card processor has a staff to assist you with questionable orders. Rely on their expertise.
3. Analyze the order, and be skeptical. Why would a customer purchase, for example, 10 routers? Likewise, why would an overseas customer request overnight shipping?
4. Overseas banks are different. Many overseas banks don’t support the card-code verification system, and they can’t verify billing addresses. Be aware, therefore, that these fraud-prevention steps may not help you with cards that have been issued from such banks.
5. Do a BIN look-up. The first six digits of a credit card are called the bank identification number, or BIN. They tell you which bank has issued the credit card. Go to http://all-nettools.com/toolbox,financial, and enter these six digits. If the issuing bank is located in a country that is different from where the order is originating, you should investigate further.
6. Purchase fraud-detection tools. Many credit-card banks and payment gateways offer effective fraud detection tools that are incredibly inexpensive. Use these tools.
Credit-card Fraud Issues
Credit-card fraud occurs when a thief steals a credit-card number (or, purchases a stolen credit-card number) and uses that number to buy legitimate goods and services from an unsuspecting merchant. The merchant will not get paid for the merchandise, but he’ll have to pay the credit card fees and he’ll lose the merchandise because he’s shipped it to the thief. This type of fraud happens every day, and everyone agrees ecommerce merchants selling products internationally are especially vulnerable. That’s because many developing and Third-World countries do not and cannot properly police these thieves and, moreover, the market for buying and selling stolen credit-card numbers is largely outside of U.S. boundaries.
U.S.-based ecommerce merchants who sell products internationally quickly learn these lessons and take appropriate precautions. Ben Boxall is president of VR3 Wholesale, a Los Angeles-based importer, wholesaler and retailer of aftermarket automotive products. Boxall’s company sells its products through several ecommerce sites (vr-3.com, vr3wholesale.com and roadmasterusa.com) it owns and operates.
“We export roughly 1,200 orders a week outside of the U.S.,” says Boxall. “And we’ve learned many credit-card fraud precautions. For one, there are certain countries that we simply will not ship orders to because we’ve received too many fraudulent cards from them. These countries include Latvia, Nigeria, Czech Republic and many others.”
“Second, we individually review each order over $250. We call every customer who placed that order unless it’s a repeat customer who’s previously been approved by us. For our company, we’ve found that fraudulent orders are generally greater than $250 each.”
Boxall continues, “We have other checks, too. We never ship to a post office box. We always compare the credit card billing address to the shipping address. And, we have what I call our ‘too-good-to-be-true rule.’ That is, if an order arrives that’s too good or simply doesn’t look right, we’ll refund the credit-card charge and reject the order. That probably cost us some legitimate business, but it also prevents us from losing money from stolen credit cards.”
AdvertisementStarCom (NetSol)
Copshoes.com’s Alper will not ship to Venezuela, Indonesia or Nigeria, among other countries. “I once shipped goods to Indonesia that were, as it turns out, purchased with a stolen credit card,” says Alper. “I got so angry that I called the Indonesian embassy in Washington, D.C. It was unbelievable. They told me they couldn’t help because the Indonesian national broke no Indonesian law since it was a stolen American card. So I learned a lesson there.”
Alper agrees with Boxall that an experienced merchant can frequently detect fraudulent orders. Alper says that sudden orders from a single country will raise concerns, as will large purchase amounts and orders with multiple quantities of the same product.
Shipping Hurdles
But credit-card fraud is not the only concern for merchants who sell internationally. How to ship the products, many experienced merchants say, is the other primary issue.
Mark Romero is co-owner of Siamese Dream, a California-based retailer of clothing and gift items. Romero launched the business in 1998 as a brick-and-mortar operation, and he created Siamese-dream.com, its ecommerce site, in 1999. The business has five employees in addition to Romero, and roughly 7 percent of overall sales are outside of the U.S.
“We’ve shipped products to 19 different countries,” says Romero. “We’ve found that sending these via the United States Postal Service works best. It’s far cheaper for us than using, say, UPS or FedEx. And, we’ve found the shipments seem to clear the overseas customs process better using USPS than the other carriers.”
Many merchants agree USPS is less expensive for smaller international packages than private carriers such as UPS and FedEx. But, these merchants say, there are drawbacks. For one, merchants cannot track an international package using USPS, but they can track it using private carriers. Second, the USPS coordinates its international shipments with the postal services of recipient countries and, depending on the country, the local postal service may be unreliable.
“You learn,” says Copshoes.com’s Alper, “which countries have good postal services and which do not. Canada, England, Greece and others are quite good. But China’s postal service, for example, is terrible.”
“Lots of international customers don’t understand how expensive shipping can be,” said Romero. “It can be a material portion of the purchase and we are careful to find the least expensive shipping option for them.”
Alper has installed a shipping calculator on his site to assist his international customers determine the shipping cost. He uses the USPS for his international shipments. “The USPS is by far the cheapest, but the lack of tracking can be a problem. Also, if a package is lost, you are frequently dealing with local, overseas postal services. That can be a real hassle.”
VR3’s Boxall agrees that, for smaller packages, the USPS is the cheapest. But for cartons and pallets of goods, Boxall says that he uses UPS. “The UPS provides very helpful information for international shipments,” said Boxall. “I’d encourage merchants to visit both the UPS website and the USPS site. They have lots of advice to help with overseas shipments.”
Boxall also relies on his order-management software to help manage international shipments. Says Boxall, “We use Interapptive’s ShipWorks software to manage all of our orders, including international ones. It’s incredibly helpful. It sorts between domestic and international orders and it automatically prints shipping labels and customs forms — saves us tons of time.”
For ecommerce merchants who ship with the USPS, Boxall offers this advice. “You can negotiate volume discounts with the postal service for certain types of shipments. Many folks don’t realize that. Also, we use boxes and forms supplied by the postal service, which reduces our costs. Because of our volume, the postal service has even agreed to customize boxes for us with our VR3 logo for no additional cost. “
All three merchants have learned valuable lessons about international sales in addition to credit-card fraud and shipping matters. “Toll free numbers don’t work overseas,” says Copshoes.com’s Alper. “Selling products in local currencies can increase your profit margin,” says VR3’s Boxall. “Make sure the customer realizes he’s responsible for import tariffs and customs’ fees,” says Siamese Dream’s Romero.
The three merchants also agree that, in the end, the extra effort is worth it. “It’s far too big of a market to ignore,” said Matt Alper. “It’s profitable business for us, international customers tend to be repeat buyers, and it’s a segment of our business that we hope to grow.”
Credit scam hits Adams couple
Pamela Ginter is pretty vigilant about reviewing her bank statement when it arrives in the mail. But last month she was busy with the holidays and a new grandchild's arrival.
"The bank business got put off a couple weeks," the Mount Pleasant Township resident said.
But when she finally got around to looking at her statement, she noticed something odd: three transactions she didn't recognize.
"My first thought was, 'what on earth did my husband buy?'" she said. "Then I realized that É this wasn't right, we had never made these charges."
The Ginters are victims in part of a nationwide debit and credit card fraud case, according to Pennsylvania State Police in Gettysburg.
In Ginter's case, charges of $74.95, $69.95 and $14.95 appeared on her bank statement from a company called "LEANRX," according to police. The charges are for "LEANRX," "XtremeBurn" and "DreamSmile." Ginter said she learned online that the products are diet pills.
An Internet search for the company name leads to several consumer affairs Web sites containing complaints about fraudulent charges.
Trooper Scott Denisch said that hundreds of people in nearly every state have received the same fake charges, in the same time frame, with the same amounts and company names as Ginter.
Police aren't sure how the company is obtaining people's account numbers, Denisch said. Phone numbers for the business lead nowhere, he said.
Internet crimes are "logistically hard to follow up on and prosecute," he said. Police advise possible victims of such fraud to contact the Pennsylvania attorney general's office, because more complaints will likely speed action, he said.
Ginter called her bank when she found the transactions and the bank advised her to call police. No one is sure how the company got her account number, she said.
"I do quite a bit of Internet shopping," she said. But she's "so paranoid" about doing that so she's extra careful to only use secure Web sites.
Online shoppers should make sure they're only making transactions through a server they're confident in, Denisch said, and consumers should also check their bank statements regularly to watch for false charges.
Ginter said the experience hasn't scared her away from online shopping.
"I will be even more vigilant about checking the bank statement. That's the best defense," she said. "If anyone really wants this information, they're going to get it. É The convenience of using the Internet, for me, outweighs the risks."
"The bank business got put off a couple weeks," the Mount Pleasant Township resident said.
But when she finally got around to looking at her statement, she noticed something odd: three transactions she didn't recognize.
"My first thought was, 'what on earth did my husband buy?'" she said. "Then I realized that É this wasn't right, we had never made these charges."
The Ginters are victims in part of a nationwide debit and credit card fraud case, according to Pennsylvania State Police in Gettysburg.
In Ginter's case, charges of $74.95, $69.95 and $14.95 appeared on her bank statement from a company called "LEANRX," according to police. The charges are for "LEANRX," "XtremeBurn" and "DreamSmile." Ginter said she learned online that the products are diet pills.
An Internet search for the company name leads to several consumer affairs Web sites containing complaints about fraudulent charges.
Trooper Scott Denisch said that hundreds of people in nearly every state have received the same fake charges, in the same time frame, with the same amounts and company names as Ginter.
Police aren't sure how the company is obtaining people's account numbers, Denisch said. Phone numbers for the business lead nowhere, he said.
Internet crimes are "logistically hard to follow up on and prosecute," he said. Police advise possible victims of such fraud to contact the Pennsylvania attorney general's office, because more complaints will likely speed action, he said.
Ginter called her bank when she found the transactions and the bank advised her to call police. No one is sure how the company got her account number, she said.
"I do quite a bit of Internet shopping," she said. But she's "so paranoid" about doing that so she's extra careful to only use secure Web sites.
Online shoppers should make sure they're only making transactions through a server they're confident in, Denisch said, and consumers should also check their bank statements regularly to watch for false charges.
Ginter said the experience hasn't scared her away from online shopping.
"I will be even more vigilant about checking the bank statement. That's the best defense," she said. "If anyone really wants this information, they're going to get it. É The convenience of using the Internet, for me, outweighs the risks."
How to...Prevent IDTheft
• Don't leave mail in your residential mailbox.
• Don't store personal information or account numbers on computers with modems.
• Don't carry your Social Security number, other personal information or account numbers in your wallet or purse.
• Take ATM, credit card and other receipts with you, and either save them in a safe place or destroy them.
• Shred documents that could contain personal information.
• Don't give any part of your Social Security number or personal account numbers over the phone, through the mail or over the Internet unless you know who you are dealing with.
• Never click on links sent in unsolicited e-mails.
• Don't use obvious passwords like your birth date, your mother's maiden name or the last four digits of your Social Security number.
• Never put your account number on an envelope or a postcard.
• Keep a record of your credit card numbers, their expiration dates and the telephone numbers of each company for reporting losses.
• Open billing statements promptly and compare them with your receipts. Report any mistakes in writing immediately.
DETECT ID THEFT
Be alert to signs of suspicious activity, such as:
• Bills that do not arrive as expected
• Bills and other accounts that have purchases you did not make
• Unexpected credit cards or account statements
• Denials of credit for no apparent reason
• Calls or letters about purchases you did not make
Inspect your credit report.
The law requires the three major national consumer reporting companies -- Equifax, Experian and TransUnion -- to give you a copy of your credit report each year if you ask for it.
IF YOU SUSPECT IDENTITY THEFT
• File a police report immediately.
• Cancel credit cards and get new cards with new account numbers. (Federal and state law limit your responsibility to the first $50.)
• Report missing cards to the three major credit reporting services.
• Place a "fraud alert" on your credit reports and review them carefully. Placing a fraud alert entitles you to free copies of your report. A call to one of the companies is sufficient.
• Call the security or fraud departments of each credit card company where an account was opened or changed without your approval. Follow in writing with copies of supporting documents.
• Ask for verification that the disputed account has been closed and the fraudulent debits discharged.
• Keep copies of documents and records of your conversations about the theft.
• Report the loss to your bank. Cancel checking and savings accounts and open new ones. Stop payment on all outstanding checks.
• Get a new ATM card, account number, PIN and online password.
• Call your utilities, including the phone company. Inform them someone may try to get new service using your identification.
• Report a missing driver's license to the Kansas Division of Motor Vehicles and get a new driver's license.
• Report the theft to the Federal Trade Commission to help law enforcement officials across the country investigate. Contact the FTC at 877-ID-THEFT (438-4338), online at ftc.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580.
• Don't store personal information or account numbers on computers with modems.
• Don't carry your Social Security number, other personal information or account numbers in your wallet or purse.
• Take ATM, credit card and other receipts with you, and either save them in a safe place or destroy them.
• Shred documents that could contain personal information.
• Don't give any part of your Social Security number or personal account numbers over the phone, through the mail or over the Internet unless you know who you are dealing with.
• Never click on links sent in unsolicited e-mails.
• Don't use obvious passwords like your birth date, your mother's maiden name or the last four digits of your Social Security number.
• Never put your account number on an envelope or a postcard.
• Keep a record of your credit card numbers, their expiration dates and the telephone numbers of each company for reporting losses.
• Open billing statements promptly and compare them with your receipts. Report any mistakes in writing immediately.
DETECT ID THEFT
Be alert to signs of suspicious activity, such as:
• Bills that do not arrive as expected
• Bills and other accounts that have purchases you did not make
• Unexpected credit cards or account statements
• Denials of credit for no apparent reason
• Calls or letters about purchases you did not make
Inspect your credit report.
The law requires the three major national consumer reporting companies -- Equifax, Experian and TransUnion -- to give you a copy of your credit report each year if you ask for it.
IF YOU SUSPECT IDENTITY THEFT
• File a police report immediately.
• Cancel credit cards and get new cards with new account numbers. (Federal and state law limit your responsibility to the first $50.)
• Report missing cards to the three major credit reporting services.
• Place a "fraud alert" on your credit reports and review them carefully. Placing a fraud alert entitles you to free copies of your report. A call to one of the companies is sufficient.
• Call the security or fraud departments of each credit card company where an account was opened or changed without your approval. Follow in writing with copies of supporting documents.
• Ask for verification that the disputed account has been closed and the fraudulent debits discharged.
• Keep copies of documents and records of your conversations about the theft.
• Report the loss to your bank. Cancel checking and savings accounts and open new ones. Stop payment on all outstanding checks.
• Get a new ATM card, account number, PIN and online password.
• Call your utilities, including the phone company. Inform them someone may try to get new service using your identification.
• Report a missing driver's license to the Kansas Division of Motor Vehicles and get a new driver's license.
• Report the theft to the Federal Trade Commission to help law enforcement officials across the country investigate. Contact the FTC at 877-ID-THEFT (438-4338), online at ftc.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580.
Mesa No. 3 for ID theft rate; Employment fraud high
Arizona has the highest rate of identity theft in the nation and Mesa is one of the top cities in the state for identity theft, according to Arizona Attorney General Terry Goddard.
In the Federal Trade Commission’s annual report released Jan. 25 detailing identity theft in 2005, Arizona had the most victims per 100,000 than any other state with 9,320 cases. Mesa ranked No. 3 in the top 5 cities for identity theft in Arizona in 2005 with 745 victims. Gilbert did not rank in the top cities, but Chandler made No. 5 with 342 victims.
The FTC found 34 percent of Arizona’s 9,320 reported identity theft cases were employment related fraud. The second highest, 23 percent, of the cases were categorized as “other identity theft” and the third highest was credit card fraud at 18 percent. “Other identity theft” includes: evasion of legal sanctions; internet/e-mail; medical; apartment/house rented; insurance; property rental fraud; bankruptcy; child support; magazines; and securities and other investments.
Sgt. Mike Goulet of Mesa Police Department’s Document Crimes Unit said the department does not keep statistics on identity theft specifically, but he informally tracks the crimes.
“I would say I’m getting 50-60 cases per month,” Sgt. Goulet said.
He noted that figure includes cases where the crime is in Mesa, as well as cases where the victim is in Mesa, but their identity is being used in other states.
The U.S. Department of Justice’s definition of identity theft is when someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.
While the Mesa Police Department has not determined trends in Mesa’s identity theft cases, Sgt. Goulet said he has seen a lot of cases originating from vehicle burglaries.
“People leave personal items in vehicles, such as briefcases and purses. There’s so much information about everyone out there. Don’t leave anything in your vehicle like that,” Sgt. Goulet said.
Sgt. Goulet sees employment-related and Internet fraud frequently as well. While credit card fraud was almost 10 percent lower than the national average in Arizona in the FTC’s annual report, the state’s employment-related fraud was nearly three times higher than the national average.
“Social Security numbers are used by somebody getting employment. I see that occurring all over,” Sgt. Goulet said. “Some cases we also get occur over the Internet. Individuals are contacted by someone they think is their bank and they reveal passwords and pin numbers. People should never do that.”
Vickie Owen, crime prevention specialist with the Gilbert Police Department, said stolen computers are also a way thieves steal identities.
“I tell people to use the metal plumber’s tape to secure their computers to the floor. This makes them harder to take and acts as a deterrent,” Officer Owen said.
She also said encryption programs help protect sensitive information on the computer.
According to Officer Owen, the biggest identity theft issues in Gilbert are mail theft and credit card fraud.
“Those are always in the forefront here,” Officer Owen said. “With credit card slips, some places still have the full credit card numbers on the receipts. You don’t want to throw those away. Shred them.”
Officer Owen said the same goes with Social Security numbers on business documents.
Gilbert Police Department frequently works with the Country Attorney’s Office to offer presentations on identity theft. Officer Owen said the County Attorney Office’s upcoming East Valley Neighborhood Summit at 7:30 a.m. Saturday, March 10 at Mesa’s Word of Grace Church, 655 E. University Drive, will feature a presentation on ID theft. People can register online at www.mcaoconference.com or by calling 602-506-5754.
The Federal Trade Commission estimates as many as 9 million Americans have their identities stolen each year.
According to the U.S. Department of Justice, most people do not realize how easily criminals can obtain personal information without having to break into someone’s home. Listening in on telephone conversations in public places; looking over one’s shoulder when making purchases or withdrawing money; “dumpster diving” for statements with a person’s name, address and telephone number; and using e-mail or the Internet to obtain information are some of the most common ways identity thieves obtain information.
Sgt. Goulet recommends avoiding check fraud by using post office drop boxes when mailing checks.
Identity Theft was officially recognized as a federal offense in 1998, when Congress passed the Identity Theft and Assumption Deterrence Act. This act essentially states that identity theft crimes carry a maximum term of 15 years in prison, plus fines.
In the Federal Trade Commission’s annual report released Jan. 25 detailing identity theft in 2005, Arizona had the most victims per 100,000 than any other state with 9,320 cases. Mesa ranked No. 3 in the top 5 cities for identity theft in Arizona in 2005 with 745 victims. Gilbert did not rank in the top cities, but Chandler made No. 5 with 342 victims.
The FTC found 34 percent of Arizona’s 9,320 reported identity theft cases were employment related fraud. The second highest, 23 percent, of the cases were categorized as “other identity theft” and the third highest was credit card fraud at 18 percent. “Other identity theft” includes: evasion of legal sanctions; internet/e-mail; medical; apartment/house rented; insurance; property rental fraud; bankruptcy; child support; magazines; and securities and other investments.
Sgt. Mike Goulet of Mesa Police Department’s Document Crimes Unit said the department does not keep statistics on identity theft specifically, but he informally tracks the crimes.
“I would say I’m getting 50-60 cases per month,” Sgt. Goulet said.
He noted that figure includes cases where the crime is in Mesa, as well as cases where the victim is in Mesa, but their identity is being used in other states.
The U.S. Department of Justice’s definition of identity theft is when someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.
While the Mesa Police Department has not determined trends in Mesa’s identity theft cases, Sgt. Goulet said he has seen a lot of cases originating from vehicle burglaries.
“People leave personal items in vehicles, such as briefcases and purses. There’s so much information about everyone out there. Don’t leave anything in your vehicle like that,” Sgt. Goulet said.
Sgt. Goulet sees employment-related and Internet fraud frequently as well. While credit card fraud was almost 10 percent lower than the national average in Arizona in the FTC’s annual report, the state’s employment-related fraud was nearly three times higher than the national average.
“Social Security numbers are used by somebody getting employment. I see that occurring all over,” Sgt. Goulet said. “Some cases we also get occur over the Internet. Individuals are contacted by someone they think is their bank and they reveal passwords and pin numbers. People should never do that.”
Vickie Owen, crime prevention specialist with the Gilbert Police Department, said stolen computers are also a way thieves steal identities.
“I tell people to use the metal plumber’s tape to secure their computers to the floor. This makes them harder to take and acts as a deterrent,” Officer Owen said.
She also said encryption programs help protect sensitive information on the computer.
According to Officer Owen, the biggest identity theft issues in Gilbert are mail theft and credit card fraud.
“Those are always in the forefront here,” Officer Owen said. “With credit card slips, some places still have the full credit card numbers on the receipts. You don’t want to throw those away. Shred them.”
Officer Owen said the same goes with Social Security numbers on business documents.
Gilbert Police Department frequently works with the Country Attorney’s Office to offer presentations on identity theft. Officer Owen said the County Attorney Office’s upcoming East Valley Neighborhood Summit at 7:30 a.m. Saturday, March 10 at Mesa’s Word of Grace Church, 655 E. University Drive, will feature a presentation on ID theft. People can register online at www.mcaoconference.com or by calling 602-506-5754.
The Federal Trade Commission estimates as many as 9 million Americans have their identities stolen each year.
According to the U.S. Department of Justice, most people do not realize how easily criminals can obtain personal information without having to break into someone’s home. Listening in on telephone conversations in public places; looking over one’s shoulder when making purchases or withdrawing money; “dumpster diving” for statements with a person’s name, address and telephone number; and using e-mail or the Internet to obtain information are some of the most common ways identity thieves obtain information.
Sgt. Goulet recommends avoiding check fraud by using post office drop boxes when mailing checks.
Identity Theft was officially recognized as a federal offense in 1998, when Congress passed the Identity Theft and Assumption Deterrence Act. This act essentially states that identity theft crimes carry a maximum term of 15 years in prison, plus fines.
Thief takes judge’s card for a joyride
Police charged a Fort Wayne woman Monday with racking up nearly $2,000 worth of charges on an Allen Superior Court judge’s stolen credit card.
Barbara Ann Evans, 39, of the 3000 block of Woodrow Avenue, is charged with two counts of forgery, two counts of credit card fraud, three counts of receiving stolen property and one count of check fraud.
According to court documents, Evans is accused of running up charges using the stolen credit cards and checks of Allen Superior Court Judge Kenneth Scheibenberger and his wife, Susan.
Susan Scheibenberger, who works as a home health care nurse, was working at a patient’s home Dec. 17 when family members and their friends distracted her while they took her car keys and stole her wallet out of her purse in her car, Kenneth Scheibenberger said.
They returned her keys as if she had just misplaced them, and Susan Scheibenberger didn’t notice until later that her wallet had been stolen, he said.
Police said Evans purchased $1,178.51 worth of merchandise that same day using Kenneth Scheibenberger’s Macy’s credit card, according to court documents.
Kenneth Scheibenberger said the thief also spent $200 at a gas station and about $500 at a J.C. Penney.
That same day, the Scheibenbergers told police someone had tried to cash one of Susan Scheibenberger’s checks at a Pizza Hut, even presenting Susan Scheibenberger’s driver’s license. The manger refused to accept the check, but kept the driver’s license and later returned it to Susan Scheibenberger.
As police showed the Pizza Hut manager photos from Macy’s, another employee identified Evans.
Evans tried to pass a fake payroll check using Susan Scheibenberger’s check card at White Swan Supermarket on Jan. 14, according to court documents. The store’s managers told police they recognized the check as a fake and denied the transaction.
Evans was arrested Friday on unrelated charges of forgery and receiving stolen property after police said she tried to cash a stolen check.
She has prior convictions for forgery and receiving stolen property.
Barbara Ann Evans, 39, of the 3000 block of Woodrow Avenue, is charged with two counts of forgery, two counts of credit card fraud, three counts of receiving stolen property and one count of check fraud.
According to court documents, Evans is accused of running up charges using the stolen credit cards and checks of Allen Superior Court Judge Kenneth Scheibenberger and his wife, Susan.
Susan Scheibenberger, who works as a home health care nurse, was working at a patient’s home Dec. 17 when family members and their friends distracted her while they took her car keys and stole her wallet out of her purse in her car, Kenneth Scheibenberger said.
They returned her keys as if she had just misplaced them, and Susan Scheibenberger didn’t notice until later that her wallet had been stolen, he said.
Police said Evans purchased $1,178.51 worth of merchandise that same day using Kenneth Scheibenberger’s Macy’s credit card, according to court documents.
Kenneth Scheibenberger said the thief also spent $200 at a gas station and about $500 at a J.C. Penney.
That same day, the Scheibenbergers told police someone had tried to cash one of Susan Scheibenberger’s checks at a Pizza Hut, even presenting Susan Scheibenberger’s driver’s license. The manger refused to accept the check, but kept the driver’s license and later returned it to Susan Scheibenberger.
As police showed the Pizza Hut manager photos from Macy’s, another employee identified Evans.
Evans tried to pass a fake payroll check using Susan Scheibenberger’s check card at White Swan Supermarket on Jan. 14, according to court documents. The store’s managers told police they recognized the check as a fake and denied the transaction.
Evans was arrested Friday on unrelated charges of forgery and receiving stolen property after police said she tried to cash a stolen check.
She has prior convictions for forgery and receiving stolen property.
Woman arraigned on credit card fraud
A local woman was arraigned on Monday in Bennington District Court on charges she fraudulently used a credit card belonging to Hoosick Falls, N.Y., Mayor Laura Reynolds.
Charlotte Rogers, 61, of Rich Lane, North Bennington, pleaded not guilty to two counts of fraudulent credit card use greater than $50, and seven counts of fraudulent credit card use less than $50. According to an affidavit filed by Bennington Police Department Officer David Rowland, the department was contacted by the Hoosick Falls Police Department regarding the use of a stolen credit card. According to police, Reynolds had reported that her purse and wallet were stolen from a restaurant in Hoosick Falls.
Although the card was stolen in Hoosick Falls, the card was being used in Bennington stores, including Hannaford, CVS, Kmart and Wal-mart. The total amount of the charges was around $391.
One of the store employees allegedly identified Rogers as the customer for those transactions. According to police, when they entered Rogers' residence, they found the missing wallet with the credit cards inside.
Reynolds praised the work of the police. "The Hoosick Falls
Advertisement
Click Here!
police worked very well with the Bennington police," Reynolds said. "They did a great job."
Reynolds recommended that those who find themselves in a similar situation go to the police, because the police may be able to track the usage of the credit card and find those responsible.
Charlotte Rogers, 61, of Rich Lane, North Bennington, pleaded not guilty to two counts of fraudulent credit card use greater than $50, and seven counts of fraudulent credit card use less than $50. According to an affidavit filed by Bennington Police Department Officer David Rowland, the department was contacted by the Hoosick Falls Police Department regarding the use of a stolen credit card. According to police, Reynolds had reported that her purse and wallet were stolen from a restaurant in Hoosick Falls.
Although the card was stolen in Hoosick Falls, the card was being used in Bennington stores, including Hannaford, CVS, Kmart and Wal-mart. The total amount of the charges was around $391.
One of the store employees allegedly identified Rogers as the customer for those transactions. According to police, when they entered Rogers' residence, they found the missing wallet with the credit cards inside.
Reynolds praised the work of the police. "The Hoosick Falls
Advertisement
Click Here!
police worked very well with the Bennington police," Reynolds said. "They did a great job."
Reynolds recommended that those who find themselves in a similar situation go to the police, because the police may be able to track the usage of the credit card and find those responsible.
Phone Scam Offering Great Rates On Visa Card Targets P.E.Islanders
City Police are advising the public to be on guard against a possible fraud attempt by someone claiming to be a representative of credit card giant Visa.
Constable Gary Clow said Tuesday at least one city resident has received a call from the party in question.
"This person called from the 712 area code in Iowa, said they were from Visa and proceeded to offer the recipient of the call a lower interest rate on their Visa card," Clow said. "They then proceeded to ask for personal banking information."
Clow said police contacted Visa and officials of the credit card company said Visa does not solicit personal banking information over the telephone.
"This is clearly a scam," Clow said.
"Somebody just wants access to your personal information. Anyone who gets a call like this should refuse to provide that information, hang up and call police."
Constable Gary Clow said Tuesday at least one city resident has received a call from the party in question.
"This person called from the 712 area code in Iowa, said they were from Visa and proceeded to offer the recipient of the call a lower interest rate on their Visa card," Clow said. "They then proceeded to ask for personal banking information."
Clow said police contacted Visa and officials of the credit card company said Visa does not solicit personal banking information over the telephone.
"This is clearly a scam," Clow said.
"Somebody just wants access to your personal information. Anyone who gets a call like this should refuse to provide that information, hang up and call police."
Subscribe to:
Posts (Atom)