by Jason Morris

With  identity theft on the rise, identity verification is even a more important part of your employment screening process. All background screens should begin with a social security number trace.

Thieves Steal Tapes Holding 2.2M Billing Records

Courier violated protocol, taking data home instead of directly to off-site storage facility
By Brian Fonseca

June 11, 2008 (Computerworld) University of Utah officials this week acknowledged that a metal box of backup tapes containing billing records of some 2.2 million patients was stolen early this month from the car of a courier who left it in a parked car overnight outside his home.

The missing tapes were taken on June 2 from the car of an employee of Perpetual Storage Inc., an independent storage company hired by the university to transport its computer tapes to off-site facilities, said school officials. The tapes contained names, demographic information and Social Security numbers of patients of the University of Utah Hospitals & Clinics.

More

by Jason Morris

Something always bothered me about these commercials, I knew I smelled something fishy! Company CEO, Todd Davis dared consumers to steal his identity. Mr. Davis took this dare a step further, he put his Social Security Number out there for the public to see. It now appears Mr. Davis and his company are being sued in three states because his “lifelock” doesn’t work! To take it a step further, it has been found that Mr. Davis’ identity has been compromised so many times he has over 20 drivers licenses in various states.

I know what you are saying; Why is a background screening company writing about a story like this? Its simple, all the privacy legislation and identity theft news was kicked off a few years ago because of a data breach in our industry. There are now several areas of the FACT Act that require us to help consumers when they are victims of these crimes. Identity theft is a serious matter, consumers are out billions do dollars every year and services like this are not making consumers lives any easier!

The best thing you can do to ensure you are not a victim is check your credit report at least once if not twice yearly. The FTC has some great resources to further protect yourself. If you feel you are a victim, contact your attorney immediately.

ID-protection ads come back to bite pitchman

by Nick Fishman

Warning! Crooks and thieves are getting more creative in finding ways to commit identity theft. See warning below issued from The Financial Industry Regulatory Authority (FINRA).

FINRA Warns Job Seekers About Online Classifieds Scams Aimed at Identity Theft, Financial Fraud

WASHINGTON–(BUSINESS WIRE)–The Financial Industry Regulatory Authority (FINRA) today warned investors about a new scam involving online job classifieds that fraudsters use to carry out identity theft and financial fraud.

In the Investor Alert Beware of Online Job Classifieds Used to Steal Your Identity, FINRA describes the latest variation of the identity theft tale. Stock traders, posing as employees of a made-up Latvian brokerage firm, appear to have stolen personal information from individuals who thought they were applying for a job through the popular classifieds website, Craigslist (www.craigslist.org).

“Investors should always be on their guard for identity theft tactics when conducting any activity on the Internet,” said John Gannon, FINRA’s Senior Vice President for Investor Education. “Investors should make sure that anyone who is asking for a Social Security number or other personal information is running a legitimate business before they decide whether to give out such sensitive information.”

According to a complaint filed by the Securities and Exchange Commission (SEC), these traders allegedly used the job applicants’ Social Security numbers, dates of birth and other information to open up online brokerage accounts. Applicants were told that the firm would need this information to conduct company “background checks” – because the firm would be entrusting them with the firm’s money. The traders appear to have communicated with their unwitting applicants only by email or fax.

After “hiring” several individuals, the firm allegedly sent funds to those individuals’ personal bank accounts using wire transfers from Russian bank accounts and a Western Union money order. The individuals were instructed to wire those funds from their bank accounts to specific account numbers – which corresponded to brokerage accounts opened with their personal information, without their knowledge.

In addition, the traders allegedly used stolen user IDs and passwords to gain unauthorized Internet access into existing brokerage accounts of unsuspecting victims. Using the new and existing brokerage accounts, the traders used sophisticated strategies to trade and manipulate the prices of a number of thinly traded stocks – at a handsome profit.

The FINRA Investor Alert issued today recommends that job seekers take the following steps to protect themselves from similar scams:

• Be suspicious of anyone asking for your personal information. According to Craigslist, many identity theft scams that have appeared on their website involve one or more of the following: an inquiry from someone far away, often in another country; use of Western Union, Money Gram, cashier’s check, money order, escrow service or similar instrument; and, a refusal by the other party to meet face-to-face before consummating a transaction.
• Know who you are doing business with. Independently verify whether a potential employer in the securities industry is legitimate before handing over any personal information. Today’s Investor Alert details a variety of online resources for verifying the authenticity of brokers and brokerage firms, investment advisers, insurance agents and insurance companies and non-U.S. financial institutions.
• Don’t Respond to Emails Requesting Personal Information. Legitimate companies will not ask you to provide or verify sensitive information through email. If your financial institution actually needs personal information from you or your statement, call the company yourself — using the number in your files or on your statement, not the one the email provides! Also, never click on links embedded in emails, no matter who the sender claims to be or if the address in the email looks right. These links may actually take you to a spoofed or fake website. You should always type in a web address yourself, directly in the web browser address bar.
• Ask questions. When an individual or entity asks for your Social Security Number, ask the following questions: Why do you need my SSN? Will you accept a different form of identification (such as a telephone number, driver’s license or passport)? If “no”, why not? How will you use my SSN? How do you protect my SSN and other information from being stolen or misused? What will happen if I don’t provide my SSN?
• Order a copy of your credit report. It’s a good idea to check your credit report every year. Look for accounts you did not open and any unexplained transactions.
• Review your account statements. This is your last line of defense. If you are victimized, the sooner you catch it, the better. Regularly review your online account information for unauthorized trades, cash withdrawals, or any other unrecognized activity. Do the same as soon as you receive each monthly or quarterly statement. Immediately report any suspicious activity to your brokerage firm.

Individuals who believe they’ve become a victim of identity theft should respond quickly. Valuable tips and step-by-step instructions are available on the Federal Trade Commission’s Identity Theft Website and on FINRA’s online Identity Theft Checklist. Individuals who become victims of a brokerage firm identity theft scam should contact FINRA’s Complaint Center, the Securities and Exchange Commission or their state securities regulator.

by Nick Fishman

This just in from our friends at Seyfarth Shaw: New York Employers Face Penalties if The Fail To Secure Employee Social Security Numbers. This law new law affects New York employers who collect Social Security Numbers on their job applicants and employees; in other words, every New York employer. Employers obviously need this information for a variety of reasons including its importance when conducting background checks. This article references a rather shocking stat: “In a 2006 survey conducted by the Identity Theft Resource Center (ITRC), a not-for-profit organization which provides information and support to identity theft victims, 12% of those surveyed reported that their personal information had been stolen at the workplace.”

We took this off the State of New York’s website:

Confidentiality of Social Security Numbers – General Business Law §399-DD
Places limits on the use and dissemination of Social Security Numbers (SSN) beginning January 1,
2008. The law prohibits the intentional communication of an individual’s SSN to the general public;
restricts businesses’ ability to print a SSN on mailings or on any card or tag required to access
products, services or benefits; prohibits businesses from requiring an individual to transmit his or her
unencrypted SSN over the Internet; and requires businesses possessing SSN to implement safeguards
and limit unnecessary employee access to the data.

According to Seyfarth Shaw, the New York Social Security New York Protection Law (NY Gen. Bus. § 399-dd) prohibits the following:

• Intentionally communicating an employee’s social security number to “the general public or otherwise make [it] available to the general public”;
• Printing an employee’s social security number on any card or tag required to access services or benefits provided by the employer;
• Requiring an employee to transmit his or her social security number over the Internet unless “the connection is secure or the social security account number is encrypted”;
• Requiring an employee to use his or her social security number to access an Internet web site unless “a password or unique personal identification number or other authentication device is also required to access the Internet website”;
• Printing an employee’s social security number on any materials to be mailed unless state or federal law requires that this information be on the document.

Seyfarth offers the following compliance tips:

• Have a written privacy policy (that includes disposal procedures that are consistent with accepted industry practice and satisfy legal requirements);
• Lock up and limit access to employee personal information;
• Conduct background checks on employees who will have access to personal information;
• Limit retention of personal information to only that which is essential;
• Train employees on privacy and document disposal policies;
• Encourage employees to report any possible security breaches;
• Avoid using or disclosing an employee’s social security number for any purpose other than that required by law or legitimate and necessary business purpose; and
• Take proper security precautions when terminating employees who have access to personal information (e.g., changing computer access codes).

Read the full article here . . .

I definitely can’t and won’t argue that this is a bad law. In fact, it’s probably good for both employers to have some direction on how to comply and for consumers to have this protection. However, those performing background checks in New York have had a lot on their plate lately with the increase in the OCA fee.

by Jason Morris

I found this on-line this weekend. This article has nothing to do with background checks but has a lot of great information about identity theft.

Facts about identity theft:

– In 2005, about 1.6 million households experienced theft of existing accounts other than a credit card, such as a banking account, and 1.1 million households discovered misuse of personal information, such as a Social Security number.

Read more

by Jason Morris

Just found a great informative article about identity theft. Linda Foley is quoted from the Identity Theft Resource Center. I have met Linda several times most recently at the National Association of Professional Background Screeners (NAPBS) Conference. While Linda is not an expert in Pre-employment Screening, she is in expert in identity theft and privacy. Kudos to Linda and all the great work she is doing.

Holiday Forecase: More e-scams

By Richard Burnett | Tribune Newspapers: The Orlando Sentinel November 26, 2007

ORLANDO - Just in time for “Cyber Monday” and the online holiday shopping rush: A new round of bogus e-mail, identity-theft experts say.

Have you won $2 million in a Christmas sweepstakes held by Coca-Cola in the United Kingdom? Can you make big bucks just by cashing checks for an Irish researcher, Chinese exporter or rich oil consultant in Dubai? Is there a problem with your account at Bank of America, JPMorgan Chase, eBay or PayPal?

No. But you might think so if you fall for some of the recent e-mail scams infesting the Internet.

More

by Nick Fishman

The FTC and the federal financial institution regulatory agencies have submitted their final rules and guidelines on how creditors and financial institutions must handle identity theft “red flags” and address discrepancies.

Highlights of the rules include the following measures that must be taken:

1. Identify relevant patterns, practices, and specific forms of activity that are “red flags” signaling possible identity theft and incorporate those red flags into the Program;
2. Detect red flags that have been incorporated into the Program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Ensure the Program is updated periodically to reflect changes in risks from identity theft.

These guidelines seem like things you would think most creditors and financial institutions would already be doing. Hopefully, these measures can help protect consumers.

Click here to view the entire FTC Release

by Jason Morris

I found this story very interesting and a great tie-in for background checks.

CHARLOTTE, Tenn. - A Dickson County woman wanted by police turned out to be the real victim.

Police arrested Brandi King for allegedly failing to appear in Maury County court on a shoplifting charge.

More