Post on 16-Dec-2015
transcript
3
IDENTITY THEFTA fraud committed or attempted using the identifying information of another person without authority.
16 C.F.R. § 603.2
4
Scope of the Problem
Scope of the Problem
Victims
27.3 million (2000-2005)
9.3 million (estimated 2005)
Under-reported (2005)
246,570 (filed with FTC)
7,600 (PA)
5
Scope of the ProblemScope of the Problem
Total fraud amount
$53.2 billion (2003)
$54.4 billion (2005)
Discovery of theft:52% by monitoring of accounts26% alerted by credit card
company/bank 8% alerted when turned down for
credit
6
Demographics Demographics
Average age of victim – 42 years old
Top locations: CA, NY, TX, FL
No relationship with suspect – 88%
Discovery of ID Theft – 15 months
7
TYPES OF FRAUD
TYPES OF FRAUD
Credit Card Use Phone or Utility Service Bank Accounts Employment Related Government Documents/ Benefits/
Loans Other
8
How Information is Obtained, Part 1
How Information is Obtained, Part 1
68.2% of stolen information was obtained off-line
• Stolen mail or wallets• Diverted/Forged change of address
forms• Credit reports• Employment records• From consumers by thieves posing
as legitimate businesses• Purchases from questionable sources
10
How Information is Obtained, Part 2
How Information is Obtained, Part 2
11.6% of personal information was obtained “online”
Spyware 5.2%Online Transaction 2.5%Virus/hacker 2.2%Phishing 1.7%
11
Phishing
A fraudulent reproduction of an official e-mail or website designed to fool recipients into divulging personal financial data such as bank account numbers.
Pending H.B. 2292 of 2005 – Criminal offense for a person or entity to misrepresent itself as a legitimate business in e-mail or on the Internet in an attempt to solicit private financial or personal information from consumers. 6/28/06
14
Skimming
Theft of credit or debit card numbers or access numbers through use of a data storage device.
15
Breaches Breaches 2/15/2005 ChoicePoint (Alpharetta, GA) 145,000
Bogus accounts established by ID thieves
2/25/2005 Bank of America (Charlotte, NC) 1,200,000Lost backup tape
3/10/2005 LexisNexis, (Dayton, OH) 32,000Passwords compromised
6/6/2005 CardSystems Hacking 40,000,000
5/2006 Dept. of Veterans Affairs 26,500,000Data stolen from employee’s home
16
How Information is Used:How Information is Used:
Open new credit card account Establish phone or utility
service Open bank account Loans
17
How Victims Learn of Identity Theft:
How Victims Learn of Identity Theft:
Denial of credit Contact by credit provider Contact by collection
agency Contact by police Arrest by police
18
Legal AuthorityLegal Authority
Identity Theft & Assumption Deterrence Act of 1998, 18 U.S.C.A. §1028
Pennsylvania Identity Theft 18 Pa. C.S.A. §4120 (criminal)42 Pa. C.S.A. §8315 (civil)
Possesses or uses identifying information of another person without the consent of that other person to further any unlawful purpose.
19
CRIMINAL- 18 Pa. C.S.A. §4120
CRIMINAL- 18 Pa. C.S.A. §4120
Possesses or uses, through any means, identifying information of another personwithout the consent of that other person to further any unlawful purpose.
Separate Offenses – each time person possesses or uses identifying information, but can aggregate to determine the grade of the offense.
Use of police report as prima facie evidence that ID information was used without person’s consent.
20
CriminalCriminalGrading First Offense
Misdemeanor 1st degree if less than $2,000.00 Felony Third Degree, if more than $2,000.00
Third or Subsequent Offense Felony of 2nd degree, regardless of value
Part of a Criminal Conspiracy Regardless of amount—F2
Enhancement for victim over 60 years or care-dependent
21
CIVIL- 42 Pa. C.S.A. §8315CIVIL- 42 Pa. C.S.A. §8315
Based on “ID Theft” as defined in criminal statute
Actual damages or $500, whichever is greater• Reasonable attorneys fees• Loss of money, reputation or property• Any additional relief the court deems necessary
22
Breach of Personal Identification Notification Act
73 P.S. §2301 et seq.
Breach of Personal Identification Notification Act
73 P.S. §2301 et seq.Any entity that maintains, stores or manages computerized data that included personal information shall provide notice of the breach of security to residents of the Commonwealth. Effective June 20, 2006
Covers “unencrypted and unredacted personal information”
Notice “without unreasonable delay” to consumers
Enforcement by the Office of the Attorney General under the Unfair Trade Practices and Consumer Protection Law
23
Notice to ConsumersNotice to Consumers
1. Written notice 2. Telephonic notice3. Email4. Substitute notice:
If cost of notice would exceed $100,000; or
Affected class is over 175,000; or Entity does not have sufficient
contact info
24
SOCIAL SECURITY NUMBERSSenate Bill 601 (Adopted 6/29/2006 ; Effective 180 days)
SOCIAL SECURITY NUMBERSSenate Bill 601 (Adopted 6/29/2006 ; Effective 180 days)
No person, entity, state agency or political subdivision will do any of the following:
Publicly post or display any person’s social security number
Print an individual’s social security number on any card required for the person to access products or services provided by the entity
Require an individual to transmit his social security number via the internet unless encrypted or the connection is secure
Require an individual to use his social security number to access an internet website unless a password or other authentication device is also required
Print an individual’s social security number on any materials mailed to the individual, unless required by State or Federal law
26
Requires merchants to truncate credit and debit card numbers on receipts for purchases.
Requires industry standards governing the “accuracy and integrity” of information furnished to credit reporting agencies.
Allows consumers to place fraud alerts on their credit files and block information caused by identity theft or fraud.
Entitles consumers to one free credit report annually. Begins September, 2005 for PA residents
Website: www.annualcreditreport.com
27
BUSINESSES – 15 U.S.C. §1681g(e)(6)
BUSINESSES – 15 U.S.C. §1681g(e)(6)
Provide transaction information to victim
Within 30 days of written request
No charge to consumers
Confirm requester is a victim Proof of identity Police report & completed affidavit
28
Business may decline to provide information where:
Business may decline to provide information where:
No “Good Faith Belief” of Identity
Based upon a misrepresentation of fact
Internet navigational data or similar info about a person’s visit to a website
Prohibited by law
29
DEBT COLLECTORS & CREDITORS –
15 U.S.C. §1681t(b)(5)(F)
DEBT COLLECTORS & CREDITORS –
15 U.S.C. §1681t(b)(5)(F)
Prohibited from selling or transferring “ID Theft debt”
Notify creditor and victim of a fraudulent debt or debt incurred as a result of ID Theft
30
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
Effective date – June 1, 2005
31
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Person”
Any person over which the FTC has jurisdiction, that for a business purpose, maintains or possesses consumer information
Lenders, consumer reporting agencies, record management, landlords, utility companies
32
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Consumer Information”
Any record about an individual, whether in paper, electronic, or other form, that is a consumer report or derived from a consumer report or a compilation of such records
Social Security Number, Driver’s License, Telephone Number
33
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Disposal”
Discarding or abandonment of consumer information
Sale, donation, or transfer of any medium including computer equipment, upon which consumer information is stored
34
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Reasonable Measures”
Information cannot be read or reconstructed after disposal
Shredding, burning, and pulverizing of documents
Destruction or erasure of electronic media
35
TIPS FOR ORGANIZING YOUR CASE
TIPS FOR ORGANIZING YOUR CASE
Follow up in writing with all contacts you made.
Keep copies of all correspondence/forms.
Write down the name, date and substance of any conversations.
Keep originals of supporting documentation.
Set up a filing system. Keep old files, even if you
believe your case is resolved.
36
Resolving Credit Card DisputesResolving Credit Card Disputes
Provide documentation to creditor (police report + ID Theft affidavit)
Insist on a letter from the creditor(closing the disputed account + discharging fraudulent debts)
Dispute in writing unauthorized charges on credit card within 60 days
37
EQUIFAX – 1-800-525-6285 EXPERIAN – 1-888-397-3742 TRANS UNION – 1-800-680-7289
3. Close accounts
4. Call the FTC’s ID Theft Clearinghouse 1.877.438.4338
www.ftc.gov/opa/2002/02/idtheft.htm
Remedial Actions by VictimsRemedial Actions by Victims
1. File Police Report2. Contact fraud departments of credit
bureaus
38
Protecting yourselfProtecting yourself Never provide personal or financial
information to those you don’t know, especially unsolicited telephone or Internet requests.
Check your monthly bills and statements for questionable charges.
Don’t have your bank pin number written down on something you carry in your wallet, purse or briefcase.
1-888-5-OPT-OUT (1-888-567-8688) To opt-out of
pre-approved credit offers