The United States Government Accountability Office (GAO) has issued a report titled ‘TAXES AND IDENTITY THEFT – Status of IRS Initiatives to Help Victimized Taxpayers’ that reveals a huge jump in the number of tax-related identity theft incidents identified by Internal Revenue Service (IRS). Primarily refund or employment fraud attempts, the IRS identified 248,357 tax-related identity theft incidents in 2010, nearly five times the amount of such incidents reported in 2008. Continue reading
It may be hard for most parents to imagine that their children could have homes in foreclosure or huge bills in collection before they are even old enough to apply for student loans for college, but a new report released by Carnegie Mellon University’s CyLab – “Child Identity Theft: New Evidence Indicates Identity Thieves are Targeting Children for Unused Social Security Numbers” – reveals that one in ten 10 children scanned for the report had someone else using their Social Security number (SSN) to commit identity theft and fraud. Continue reading
A list of top consumer complaints received in 2010 by the Federal Trade Commission (FTC), the nation’s consumer protection agency, showed that identity theft was the number one consumer complaint category for the 11th year in a row, with 250,854 – or 19 percent – of the 1,339,265 complaints received by the FTC related to identity theft. Continue reading
By Thomas Ahearn, Employment Screening Resources (ESR) News Editor
According to a press release from the Bureau of Justice Statistics (BJS), an estimated 11.7 million people were victims of identity theft during the two years prior to being surveyed in 2008, and the financial losses due to the identity theft totaled more than $17 billion.
The findings are based on the 2008 Identity Theft Supplement (ITS) to the National Crime Victimization Survey (NCVS). The ITS surveyed over 56,000 persons age 16 or older in the U.S. about the types of identity theft experienced in a two-year period.
In the survey, “identity theft” was defined as the attempted or successful misuse of an existing account, such as a debit or credit account, misuse of personal information to open a new account, or misuse of personal information for other fraudulent purposes.
Other key findings of the survey include (figures are estimates):
- 6.2 million victims experienced the unauthorized use or attempted use of an existing credit card account, the most prevalent type of identity theft.
- 4.4 million victims reported the misuse or attempted misuse of a banking account, such as a debit, checking, or savings account.
- 1.7 million victims experienced the fraudulent misuse of their information to open a new account, and
- 618,900 victims reported the misuse of their information to commit other crimes, such as fraudulently obtaining medical care or government benefits or providing false information to law enforcement during a crime or traffic stop.
- 16 percent of all victims experienced multiple types of identity theft during the two-year period.
- 23 percent of all victims suffered an out-of-pocket financial loss due to the victimization, with the average out-of-pocket financial loss being $1,870.
- 40 percent of victims had some idea about how their identifying information was obtained.
Following publication, the report – Victims of Identity Theft, 2008 (NCJ 231680) – can be found at http://bjs.ojp.usdoj.gov.
The story serves as a reminder of why the Personally Identifiable Information (PII) of consumers used in background checks must be protected from threats like identity theft. As reported previously on ESR News, identity theft remains a threat not only to individual consumers but also employers and businesses as well since much identity theft occurs in the workplace as evidenced by the following stories:
- Background Check Information Allegedly Stolen at Fingerprint Center for Identity Theft
- New Security Survey Finds Nearly One-Third of Healthcare Organizations Had At Least One Known Case of Medical Identity Theft
- New Poll Shows Two Out of Three Americans Feel At Risk for Identity Theft
- FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule To December 31, 2010
Since much identity theft occurs at the workplace, employers should know what steps they can take to prevent identity theft. To help protect the personal information of consumers used in background checks from identity theft, the National Association of Professional Background Screeners (NAPBS®) created the Background Screening Agency Accreditation Program (BSAAP) to be a widely recognized “seal” of approval representing a background screening organization’s commitment to excellence, accountability, and high professional standards. The Background Screening Credentialing Council (BSCC) oversees the application process and ensures that background screening organizations seeking accreditation meet or exceed a measurable standard of competence, including protection of consumer information against identity theft.
Employment Screening Resources (ESR) – a leading provider of background checks – has successfully proved compliance with the stringent standards of the BSAAP and is now formally recognized as NAPBS BSCC Accredited. To help prevent identity theft, background screening reports from ESR never carry a full Social Security number (SSN) or Date of Birth (DOB).
To learn more about accreditation, read ‘Background Screening Credentialing Council Recognizes Accredited Companies’ at:
For more information on identity theft, visit the Employment Screening Resources (ESR) Resource Center Applicant Resources page at http://www.esrcheck.com/Applicant-Resources.php.
Founded in 1996 in the San Francisco Bay area, Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. Employment Screening Resources is accredited by The National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). ESR was the third U.S. background check firm to be Safe Harbor’Certified for data privacy protection. To learn more about ESR’s Leadership, Resources, and Solutions, visit http://www.ESRcheck.com or contact Jared Callahan, ESR Director of Client Relations, at 415.898.0044 or jcallahan@ESRcheck.com.
According to a report by KXXV-TV ABC News Channel 25 in central Texas, four women in the Waco, TX area were arrested on accusations they stole background check information from fingerprint applications. The women were indicted by a federal grand jury on one count of conspiracy to commit identity theft. Some of the women were also charged with aggravated identity theft. If convicted, they face up to 15 years in federal prison.
KXXV-TV reports that one of the women worked at a fingerprint center in Waco from March 2008 to July 2008 and allegedly stole thousands of background check applications that contained personal information such as social security numbers and birth dates when she left the company. The four women then allegedly used the stolen background check information to commit identity theft by obtaining credit cards, opening accounts, and purchasing items.
The story serves as a reminder of why the Personally Identifiable Information (PII) of consumers used in background checks must be protected from not only outside intrusions such as hackers and ‘phishers’ but also from potential internal threats like employee theft.
To help protect the personal information of consumers used in background checks and ensure data privacy and security, the National Association of Professional Background Screeners (NAPBS®) created the Background Screening Agency Accreditation Program (BSAAP) to be a widely recognized “seal” of approval representing a background screening organization’s commitment to excellence, accountability, and high professional standards. The NAPBS Background Screening Credentialing Council (BSCC) oversees the application process and ensures that background screening organizations seeking accreditation meet or exceed a measurable standard of competence.
To become NAPBS accredited, a background screening organization must pass a rigorous onsite audit of its policies and procedures as they relate to six critical areas of the BSAAP: Consumer Protection; Legal Compliance; Client Education; Product Standards; Service Standards; and General Business Practices. The BSAAP includes individual standards for the protection of consumer information such as:
- Written Information Security Policy (WISP)
- Clean Desk Policy
- Anti-Browsing Policy
- Document Destruction
- Intrusion, Detection & Response
- Stored Data Security
- Password Protocol
- Electronic Access Control
- Consumer Credentialing
- Employee Certification
- Worker Training
- Visitor & Physical Security
Employment Screening Resources (ESR) – a leading provider of background checks – has successfully proved compliance with the stringent standards of the BSAAP and is now formally recognized as BSCC Accredited. To learn more about accreditation, read the press release ‘Background Screening Credentialing Council Recognizes Accredited Companies’ at:
Founded in 1996 in the San Francisco Bay area, Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. Employment Screening Resources is accredited by The National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). ESR was the third U.S. background check firm to be ‘Safe Harbor’ Certified for data privacy protection. To learn more, visit http://www.ESRcheck.com or contact Jared Callahan, ESR Director of Client Relations, at 415.898.0044 or jcallahan@ESRcheck.com.
By Thomas Ahearn, ESR News Blog
A new survey released in November on security at healthcare organizations has revealed that nearly one-third of respondents said their healthcare organization had at least one known case of medical identity theft, and that some cases the medical identity theft may never be reported.
According to the 3rd Annual Healthcare Information and Management Systems Society (HIMSS) Security Survey, sponsored by Intel, while approximately two-thirds of respondents reported that their healthcare organization had policies and procedures in place addressing security breaches, almost one-third of respondents (31 percent) reported that their healthcare organization had at least one known case of medical identity theft.
Overall, the HIMSS Survey – which interviewed 272 Information Technology (IT) and security professionals at hospitals and medical practices – found that medical practices lagged behind hospitals in nearly every measure of healthcare IT implementation and security. For example:
- Only 17 percent of respondents working for a medical practice were likely to report a security breach such as medical identity theft at their healthcare organization compared to 38 percent of respondents working for a hospital organization.
- One-third of medical practices reported they did not conduct a risk analysis.
For the survey, ‘medical identity theft’ was identified as “the use of an individual’s identity-specific information such as name, date of birth, social security number, insurance information, etc. without the individuals’ knowledge or consent to obtain medical services or goods. It may also extend to cases where an individual’s beneficiary information is used to submit false claims in such a manner that an individual’s medical record or insurance standing is corrupted, potentially impacting patient care.”
The 3rd Annual HIMSS Security Survey, sponsored by Intel and supported by the Medical Group Management Association (MGMA), reports the opinions of IT and security professionals from U.S. healthcare provider organizations on issues surrounding the tools and policies in place to secure electronic patient data at healthcare organizations from security breaches such as medical identity theft.
For more information about identity theft, read the Employment Screening Resources (ESR) News Blog stories tagged ‘identity theft’ at http://www.esrcheck.com/wordpress/tag/identity-theft/.
Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. ESR is recognized as Background Screening Credentialing Council (BSCC) Accredited by the National Association of Professional Background Screeners (NAPBS®) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit http://www.ESRcheck.com.
By Thomas Ahearn, ESR News Blog
A September 2010 web poll from the National Foundation for Credit Counseling (NFCC) testing the attitudes of Americans toward identity theft revealed that 66 percent – or two out of three people – of more than 1,300 respondents felt at risk for identity theft.
In an October NFCC press release, a spokesperson for the NFCC stated that in recent years “identity theft has claimed more than 10 million victims per year, and has been the top complaint to the Federal Trade Commission for the last five years in a row.”
According to the press release, the actual survey question – “Q: I don’t think I’m at risk of being a victim of identity theft because…” – and multiple choice results from the poll are as follows:
- A. Identity theft is on the decline = 1%
- B. My credit card company has systems in place that protect me = 9%
- C. I don’t carry my Social Security card in my wallet = 10%
- D. I never open emails from unknown sources = 15%
- E. I do think I am at risk of ID theft = 66%
The NFCC’s September Financial Literacy Opinion Index was conducted via the homepage of the NFCC Web site at http://www.debtadvice.org/ from September 1 to September 30, 2010 and answered by 1,352 individuals.
To help meet the need of identity theft protection education, the NFCC – the nation’s largest and longest serving national nonprofit credit counseling organization – and the Council of Better Business Bureaus (CBBB) joined together to host Protect Your Identity Week (PYIW) from October 17 to October 23, 2010 (http://www.protectyouridnow.org/).
The 2010 Identity Fraud Survey Report by Javelin Strategy & Research found that the number of identity theft and fraud victims in the United States increased 12 percent to affect 11.1 million adults in 2009, while the total annual fraud amount in the country increased by 12.5 percent to $54 billion.
To read more posts from the Employment Screening Resources (ESR) News Blog tagged ‘Identity Theft,” visit http://www.esrcheck.com/wordpress/tag/identity-theft/.
Employment Screening Resources (ESR) literally wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. ESR is recognized as Background Screening Credentialing Council (BSCC) Accredited by the National Association of Professional Background Screeners (NAPBS®) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit http://www.ESRcheck.com.
By Thomas Ahearn, ESR News Blog
A recent Wall Street Journal (WSJ) investigation (see WSJ article ‘Facebook in Privacy Breach’) has found many of the most popular “apps” (applications) on the world’s most popular social networking site, Facebook.com, have been transmitting Personally Identifiable Information (PII) of tens of millions of users – such as names and names of friends – to advertising and Internet tracking companies.
After a WSJ investigation showed that personal IDs were being transmitted to third parties via “apps” – pieces of software that let Facebook’s more than 500 million users play games or share common interests with one another – a Facebook spokesman said the social networking site would take steps to “dramatically limit” the exposure of the PII of users. The WSJ found that all of the 10 most popular apps on Facebook were transmitting PII.
According to the WSJ investigation, the information transmitted – the unique “Facebook ID” number assigned to every user on the site –is a public part of any Facebook profile that anyone can use to look up names of users even if they have set their Facebook information to be private. For those profiles set to share information with “everyone,” the Facebook ID reveals data including age, residence, job occupation, and photos.
As defined on Wikipedia.com, “Personally Identifiable Information (PII), as used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.”
In addition, Personally Identifiable Information “has become much more important as information technology and the Internet have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to plan a person’s murder or robbery, among other crimes. As a response to these threats, many web site privacy policies specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII.”
According to Wikipedia, the following are often used for the express purpose of distinguishing individual identity, and thus are clearly PII under the definition used by the U.S. Office of Management and Budget:
- Full name (if not common)
- National identification number
- IP address (in some cases)
- Vehicle registration plate
- Driver’s license number
- Face, fingerprints, or handwriting
- Credit card number
- Digital identity
- Genetic information
The following are less often used to distinguish individual identity, because they are traits shared by many people. However, they are potentially PII, because they may be combined with other personal information to identify an individual.
- First or last name, if common
- Country, state, or city of residence
- Age, especially if non-specific
- Gender or race
- Name of the school they attend or workplace
- Grades, salary, or job position
- Criminal record
For more information about PII, please visit Employment Screening Resources (ESR) News Blog for posts tagged ‘personally identifiable information’ at: http://www.ESRcheck.com/wordpress/tag/personally-identifiable-information/
By Thomas Ahearn, ESR News Staff Writer
Ever wonder if the customer service call center at the other end of your phone is located in the U.S., or what foreign country it is located in if outside of the U.S.?
Newly proposed legislation would make companies inform customers when their calls are being transferred outside the United States and charge companies for those transferred calls in an effort to maintain call center jobs currently in the United States and provide a reason for companies that have already outsourced call center jobs to bring them back.
According to a press release on Senator Charles E. Schumer’s (D-NY) website, the new legislation would require companies that transfer calls to foreign call centers to disclose to the caller that their call is being transferred to a particular country. The disclosure requirement would also force companies to annually certify to the Federal Trade Commission (FTC) that they are fully complying with this requirement or otherwise be subject to civil penalties that the FTC would prescribe.
In addition, since 800 numbers are often transferred overseas without the caller’s knowledge, the bill would impose a $0.25 excise tax on any customer service call placed inside the United States which is then transferred to an agent in a foreign location, with the fee being assessed on the company that transferred the call.
While the bill’s major aim would be to reduce the outsourcing of U.S. jobs, another benefit could be greater protection against identity theft, since the personally identifying information (PII) of American consumers — such as names, birth dates, addresses, social security numbers, and financial information — would not be offshored as often to call centers in foreign countries beyond the reach of U.S. identity theft and privacy laws.
Employment Screening Resources (ESR) — a member of Concerned CRAs, a group of Consumer Reporting Agencies (CRA) concerned that certain data practices place the personal information of consumers at risk — does not outsource domestic background screening services outside of the U.S. in order to protect the PII contained in background screening reports. ESR believes that sending such personal information offshore places both applicants and employersÂ at risk and should be avoided when possible. If PII is sent to countries outside the U.S., applicants and employersÂ should be made aware of this practice.
By Thomas Ahearn, ESR Staff Writer
The Federal Trade Commission (FTC) has further delaying enforcement of the Red Flags Rule for identity theft scheduled to begin on June 1, 2010 to December 31, 2010.
According to a FTC news release, the delay of the Red Flags Rule for identity theft to the end of the year would give Congress time to consider legislation that would resolve any questions as to which entities are covered by the Red Flags Rule and remove the need for further enforcement delays. As currently written, the Red Flags Rule — which was developed under the Fair and Accurate Credit Transactions Act (FACTA) — requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or activities — called “red flags” — that may indicate identity theft.
With identity theft on the rise — a recent survey found the number of identity theft and fraud victims in the U.S. increased 12 percent to affect over 11 million adults in 2009 — the FTC’s Red Flags Rule addresses the need for businesses extending credit to customers to develop and implement written identity theft prevention programs. In addition, according to a “Facts For Businesses” page on the FTC website, the Red Flags Rule may apply to groups that might not typically use the words “financial institutions” and “creditors” with “covered accounts” to describe themselves.
- The Red Flags Rule defines a “financial institution” as banks, savings and loan associations, mutual savings banks, credit unions, or any person, directly or indirectly, holding a transaction account belonging to a consumer.
- The Red Flags Rule definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies may fall within this definition. Creditors also include those who regularly grant loans, arrange for loans, or extend credit.
- The Red Flags Rule defines that term “covered accounts” as 1.) A consumer account primarily designed to permit multiple payments or transactions such as credit card accounts, mortgage/auto loans, and cell phone, utility, and checking and savings accounts; and 2.) Any account for which there is a foreseeable risk to customers or to the financial institution or creditor from identity theft.
Beginning December 31, 2010, the Red Flags Rule would require the entities described above to develop, implement, and administer Identity Theft Prevention Programs that include four basic elements — Indentify, Detect, Prevent, and Update — to address the threat of identity theft:
- An Identity Theft Prevention Program must include reasonable policies and procedures to identify the “red flags” of identity theft, the patterns, practices, or activities that may indicate the possibility of identity theft.
- An Identity Theft Prevention Program must be designed to detect the red flags identified, and have procedures in place to help in the detection of red flags.
- An Identity Theft Prevention Program must spell out the appropriate response to take when red flags are detected to prevent and mitigate identity theft.
- An Identity Theft Prevention Program should go through a periodic update to reflect new risks from identity theft since this crime is an ever-changing threat.