by Jason Morris

We have written about identity theft in previous blogs, focusing primarily on red flag regulations.  Identity Theft lends itself to background screening due to the many identifiers used for the process.  End users of consumer reports need to be conscious of what they do with background check information when they are done using it.  Developing a document destruction program for your company is the best place to start.  In the following article found on yahoo.com, the author describes how valuable your identity is on the open black market.

The value of your stolen identity: About $120

Consumers who’ve had to invest months of time and gallons of antacid on resolving an identity theft problem may find cold comfort in the revelation that identities like theirs are painfully cheap when they’re traded online. The going rate for a “complete” identity (including name, address, passport, credit card info, driver’s license number, and even banking passwords): About 120 bucks.

In stark contrast to that pittance: The average identity theft-based fraud actually reaps over $21,000 for the perpetrator.

Why so cheap? Primarily it’s because there are so many stolen identities available, so crooks who are willing to take the risk on using someone else’s identity to drain bank accounts and run up bills have a vast number of IDs to choose from. In a perverse way that’s good news: Even if your account and identity information is compromised, there’s a good chance that you won’t actually be the victim of a financial crime because the ID may never be used.

More

by Nick Fishman

Yesterday, the FTC announced a 6 month delay in enforcing their “Red Flags” Identity Theft Guidelines.  In reading through the release, it was unclear as to how this would affect employers.  Well, we’ve been in touch with the FTC and we now know that this delay only pertains to Financial Institutions and Creditors.  Employers still must be in compliance with the these guidelines as they relate to developing and implementing a policy to handle “Red Flag” Address Discrepancy Notifications from National Consumer Reporting Agencies (primarily credit bureaus) when conducting background checks.

For more information about these guidelines, please refer to the articles listed below.

Users of Consumer Reports Have New Responsibilities as of November 1, 2008

employeescreenIQ Offers Free Webinar on New FTC Identity Theft Guidelines

FTC Enforcement Policy: Identity Theft Red Flags Rule

by Nick Fishman

The FTC has just announced that they were delaying enforcement of their “Red Flag” rules on Identity Theft until May 1, 2009.  However, it is important to note that these rules are different from the Address Discrepancy Rules we recently conducted a Webinar on with Seyfarth Shaw attorney, Pam Devata.

I just spoke with Pam and it is still her position that employers who are using credit reports should still comply with the November 1, 2008 deadline for having a written policy in place.

We’ll keep you posted as we learn more.

by Natalie Beck

iProfile.org, a free online CV, conducted an experiment during National Identity Fraud Protection Week (UK) which showed that job seekers are risking identity theft when sending their CV’s to potential employers.  iProfile placed an advertisement in the newspaper for a position with a fake company just to see how many applicants would forward their CV to the company without first checking that the company was legit.  If certain keywords from the advertisement were searched online, it would take them to a web page which stated that the company was fake.  According to Rick Bacon, CEO of iProfile, “We were shocked to find that 68% of people sent their CV into our fake job advert without doing any background checks first.”

According to this article:

“Typically, criminals need just three out of fifteen key pieces of information to commit identity fraud – the average CV received as part of the experiment contained eight pieces of information. 61 CVs (57%) included a date of birth, despite this no longer being a requirement due to age discrimination laws, and 98 (91.5%) included a full address. A further 20 (19%) put others at risk by providing full details of references. One even included the applicant’s passport number and national insurance details.”

If this experiment tells us anything, it’s that checking out the companies one is applying to is equally as important as companies checking out the applicants they are looking to hire.  It’s all about protecting oneself from a harm that could easily be avoided with a simple background check.  Also, it wouldn’t hurt to re-evaluate what information is included on the CV or resume.  I really can’t think of a good reason why any company would need your passport number…

Click here to read “iProfile.org warns job hunters to secure their CVs to protect against identity theft“

by Nick Fishman

According to the Identity Theft Task Force, federal identity theft convictions increased by 26% in 2007 over the previous year.  That is a staggering figure.  An article written by Wired News reports “as many as 1,534 people were convicted in 2006, and a year later, 1,943 were convicted nationwide on various identity theft violations. The report, however, said there are about 1.6 million complaints of identity theft on file with the Federal Trade Commission.”

It’s no wonder the FTC has now decided to enforce its “Red Flags” Guidelines for curbing identity theft which go into effect November 1, 2008.  These new regulations seems to be the best kept secret out there.  However, did you know that among those affected are companies that conduct background checks in their employees?  That’s a pretty big audience, right?  If you aren’t aware of how this affects you, check out our recent webinar which explains what the guidelines are and how to get in compliance.  The Webinar can be downloaded at http://university.employeescreen.com/white_papers

by Jason Morris

Marketwatch, one of the leading internet portals for financial information is reporting that less than one third of US Banks will be ready to meet the new “Red Flag” regulations in November.

With the November 1, 2008 compliance deadline looming, new research from TowerGroup finds that many US banks have mistakenly considered compliance with the “Red Flags Rules,” as they are known, merely an administrative exercise — and as a result, most will need to take rapid action to meet the more stringent regulatory demands.

Last month Attorney Pamela Devata wrote a guest article for employeescreen University to help prepare employers for this looming deadline.  The Fair and Accurate Credit Transactions Act of 2003 (FACTA) have specific directives for users of consumer information that are aimed at uncovering and preventing incidents of identity theft. These new regulations go into effect on November 1, 2008 and require the creation of a number of new policies and procedures for specified entities. Some of the regulations apply to all users of consumer reports, where others are specific to financial institutions and creditors.

According to Pam:

FACTA or the FACT Act as it is sometimes referred to went into effect in December 2003 and amended the federal Fair Credit Reporting Act (FCRA) in a number of ways. As it relates to identity theft prevention, FACTA instituted a procedure to help users of consumer reports combat identity theft by creating a notion of “red flags” when identity theft was suspected. In FACTA, a “Red Flag” is defined as a pattern, practice, or specific activity that indicates the possible existence of identity theft. A “user” of a consumer report includes entities such as employers who obtain consumer reports for the purpose of making employment (hiring, promotion, firing, etc.) decisions, as well as financial institutions, and granters of credit who use the information contained in consumer reports to issue credit cards, loans or mortgages, and other such activities.

The moral of this story?  We are ready, are you?

by Jason Morris

With  identity theft on the rise, identity verification is even a more important part of your employment screening process. All background screens should begin with a social security number trace.

Thieves Steal Tapes Holding 2.2M Billing Records

Courier violated protocol, taking data home instead of directly to off-site storage facility
By Brian Fonseca

June 11, 2008 (Computerworld) University of Utah officials this week acknowledged that a metal box of backup tapes containing billing records of some 2.2 million patients was stolen early this month from the car of a courier who left it in a parked car overnight outside his home.

The missing tapes were taken on June 2 from the car of an employee of Perpetual Storage Inc., an independent storage company hired by the university to transport its computer tapes to off-site facilities, said school officials. The tapes contained names, demographic information and Social Security numbers of patients of the University of Utah Hospitals & Clinics.

More

by Jason Morris

Something always bothered me about these commercials, I knew I smelled something fishy! Company CEO, Todd Davis dared consumers to steal his identity. Mr. Davis took this dare a step further, he put his Social Security Number out there for the public to see. It now appears Mr. Davis and his company are being sued in three states because his “lifelock” doesn’t work! To take it a step further, it has been found that Mr. Davis’ identity has been compromised so many times he has over 20 drivers licenses in various states.

I know what you are saying; Why is a background screening company writing about a story like this? Its simple, all the privacy legislation and identity theft news was kicked off a few years ago because of a data breach in our industry. There are now several areas of the FACT Act that require us to help consumers when they are victims of these crimes. Identity theft is a serious matter, consumers are out billions do dollars every year and services like this are not making consumers lives any easier!

The best thing you can do to ensure you are not a victim is check your credit report at least once if not twice yearly. The FTC has some great resources to further protect yourself. If you feel you are a victim, contact your attorney immediately.

ID-protection ads come back to bite pitchman

by Jason Morris

We often have this conversation with clients; Why should I search these alias names? Well as you can see from this article Identity Theft continues to be a problem.  This individual has 23 different alias names that he uses to rip off consumers!

Accused identity thief allegedly used at least 23 names to steal $291,139

by Nate Reens | The Grand Rapids Press  Thursday March 13, 2008, 6:01 AM

GRAND RAPIDS — There are many sides to Mamoudou Bathily, none of which federal agents can fully authenticate.

A citizen of Mali, a West African country, Bathily says he has a wife and child in Texas, but that he doesn’t know his offspring’s name. He told authorities he has another child in Minnesota, but he has been living in Grand Rapids with more than one woman.

 More