Category Archives for "Effects of Identity Theft"

Who Needs to be PCI Compliant?

If you accept or process credit cards and have not yet completed your PCI DSS certification, along with your InfoSafe certification we’ll help you get PCI compliant, reach “Safe Harbor” status with the credit card companies, and get it all taken care of at one time.
NOTE: This additional certification is required by Visa, Mastercard, American Express and Discover for any organization that accepts credit cards. If you have already completed your PCI Certification with a qualified ASV or QSA vendor, and have your certificate of PCI DSS compliance, you do not need this additional certification with InfoSafe.

Who Must Be PCI Compliant

Any business who accepts, processes, transmits or stores credit/debit card information, including retail, mail or telephone order, and e-commerce. Fines and deadlines for non-compliance vary depending on the Acquiring Bank and credit card companies you accept.

Penalties and Fines
Up to $10,000 on first violation for not implementing required safeguards. Visa Fraud Control fines of up to $500,000 per incident for any merchant or service provider that is compromised and not compliant at the time of the incident. Fines and penalties vary depending on the acquiring bank and credit card companies you accept.
The security of cardholder data affects everybody.

Your PCI Compliance can easily be taken care in conjunction with your InfoSafe certification. We’ll help you get PCI compliant and reach “Safe Harbor” status with the major credit card companies who are enforcing the credit card security regulations. We get it all taken care of for you at one time – quickly and easily.

When you become InfoSafe Certified, you’ll already meet virtually all requirements for PCI Certification. You won’t have much to do – if anything. We work together with SecurityMetrics, our ASV/QSA certified PCI Compliance partner that ultimately provides you with your PCI Compliance validation and certificate.

To become certified PCI Compliant with credit card companies, in addition to other basic security measures InfoSafe gives you, you’ll need to complete either a full “Site Certification” or a “No Internet Site Certification” depending on whether or not you collect data or process transactions via the internet or on your website.

Don’t worry about details! Your Compliance Specialist with InfoSafe will walk you through the entire process and explain everything to you in easy-to-understand terms. It doesn’t get any easier!

Why PCI Security Matters
The last several years have seen unprecedented assaults on personal and financial data that customers have knowingly or unwittingly entrusted to retailers, e-commerce businesses, banks, service providers and credit card companies.

To help mitigate losses, the payment card industry (PCI) countered the criminal onslaught with its own security initiative that is broader in scope and more specific in its requirements than any measures federal or state government regulation might have imposed. The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive security standard that establishes common processes and precautions for handling, processing, storing and transmitting credit card data.

“The security benefits associated with maintaining PCI compliance are vital to the long-term success of all merchants who process card payments. This includes continual identification of threats and vulnerabilities that could potentially impact the organization. Most organizations never fully recover from data breaches because the loss is greater than the data itself.”
— Quick Service Restaurant (QSR) Magazine

Following PCI security standards is just good business. Such standards help ensure healthy and trustworthy payment card transactions for the hundreds of millions of people worldwide that use their cards every day.

Potential Liabilities:

  • Lost confidence, so customers go to other merchants
  • Diminished sales
  • Cost of reissuing new payment cards
  • Fraud losses
  • Higher subsequent costs of compliance
  • Legal costs, settlements and judgments
  • Fines and penalties
  • Termination of ability to accept payment cards
  • Lost jobs (CISO, CIO, CEO and dependent professional positions)
  • Going out of business

Benefits of PCI Compliance

PCI compliance provides merchants with “Safe Harbor” from fees and penalties associated with PCI non-compliance and card data compromise. By staying PCI compliant, you are relatively assured that you are following best security practices to prevent a serious security breach that would result in a serious loss of customer confidence in your business. Consumer confidence with credit/debit cards will help you maximize your sales and other revenue opportunities.

Being PCI compliant shows your customers that your business can be trusted with their credit/debit card information. With skyrocketing credit theft and fraud occurrences in today’s marketplace, preserving consumer confidence is critical.

How to become PCI Compliant

PCI Compliance is easy and can be completed in as few as three simple steps. Site Certification does not require any software installation, software configuration, training or costly maintenance. Compliance may only take a couple of hours to finish, or it may take longer if there are security holes in your computer network you need to close.

Once you have completed the validation process, your business is certified PCI DSS compliant. We’ll notify your merchant bank (credit card processor) that your business is certified compliant, and you’ll receive a printable certificate of compliance to prominently post at your place of business. If you pass the website scan, you’ll may place a PCI compliant certified logo on your site. When customers have confidence in your website, they’re secure in making purchases and ultimately this will help generate additional revenue.

Compliance Support
Our PCI Compliance Support Team with SecurityMetrics offers unlimited technical support, 24 hours a day, 7 days a week.

Annual Renewal: Your PCI certification must be renewed annually. Annual renewal of your PCI certification will guarantee you’re always up to date with current data security standards, and will help you avoid big fines and penalties for non-compliance. For your convenience, we’ll notify you via email or phone when it is time for renewal.

Get Started! Enroll in InfoSafe today.

Protecting yourself and your customers, saving time and money, and getting your business compliant with federal, state and industry regulations is simple and affordable with InfoSafe.

business Buttton

Real Businesses. Real Stories. Real Fraud.

Real businesses like yours become victims of business identity theft every day. The damages and consequences are breath-taking. Check out the stories and reports below, and hope it doesn’t happen to you!

Symantec Internet Security Threats 2015
Cyberattacks on businesses are increasing and, although it’s the data breaches at corporate giants like Target and Home Depot that make the news, small and medium-size organizations are more frequent victims. In 2014, 60 percent of all targeted attacks struck small and medium-size organizations, according to Symantec. The cost of cyberattacks is high, averaging $217 per record that was subject to theft, misuse or corruption, according to a 2015 Ponemon Institute study.

Tax Fraud
Fraudsters create over 100 fake W-2 forms

The owner of Seagate Foods, which operates Captain D’s seafood restaurants in metro Atlanta, notified authorities that someone apparently had gotten hold of his company’s taxpayer identification number, Roswell police said. The fraudsters created more than 100 fake W-2 forms to report in excess of $4 million in nonexistent salaries to state and federal agencies, authorities said. It likely was a scheme to collect fraudulent tax refunds, they said. In the end, Seagate was left owing more than $800,000 in payroll taxes.

http://www.ajc.com/news/news/local/id-theft-stings-captain-ds-franchisee/nQRqz/

Fraudulent Business Registrations
A Business Opens Up in another State

Greg Glazner owned a business in the 1980s, which he dissolved in 2009. Then a large retailer called him asking questions… According to Greg, “Somebody had gone into the Colorado Secretary of State’s website, reinstated the business then opened it up in another state, listing me as an officer of the company and proceeded to try to open credit accounts.”
http://archive.9news.com/money/story.aspx?storyid=157648

Fraudulent Asset Sale
Office Building Secretly Sold

A small business owner received a phone call about an unpaid electricity bill for one of his office buildings. The owner discovered he never received the bill because the building had been sold without his knowledge. A fraudster had falsified the company minutes, made himself the new CEO, and sold the building to an accomplice – walking off with the proceeds of the sale.
http://www.theglobeandmail.com/report-on-business/small-business/start/legal/identity-theft-strikes-small-businesses/article1433204/

Fraudulent Business Registrations
200+ Companies Fall Victim in Georgia

A man and his group of over 100 people are believed to have misused the identities of about 3,900 individuals and businesses to have orchestrated more than $5 million in fraudulent transactions. Another case involves an individual who is believed to have stolen and used the identities of 149 individuals and about 200 companies to make fraudulent transactions totaling more than $1.2 million. Both individuals took advantage of business registration system at the Georgia Secretary of State’s office to forge corporate identities and used them to obtain bank loans and lines of credit.
http://www.computerworld.com/article/2519493/data-privacy/corporate-id-theft-hits-georgia-businesses.html

Wire Transfer Fraud
$45,640 sent to Russia

Fraudsters struck JM Test Systems, an electronics calibration company. On Feb. 19, an unauthorized wire transfer of $45,640 was sent from JM Test’s account to a bank in Russia. The company’s bank subsequently provided the company with new credentials, but less than a week later, $51,550 of JM Test’s money was transferred to five money mules across the country. The company was able to recover only $7,200 of the stolen money.

Business Bank Account Hijacking
$1.2 Million Stolen in 30 Minutes

Cyber-crooks stole $1.2 million from Unique Industrial Product Co., a Texas plumbing equipment supply company. Attackers used malware planted on company computers to initiate 43 transfers out of the company’s account within 30 minutes.

http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html

Business Bank Account Hijacking
Banks Stop Only 22% of Fraudulent Money Transfers

56% of businesses experienced fraud in the past 12 months. Of those, 61% were victimized more than once. 75% percent of the business victims experienced online account takeover and/or online fraud.

In 78% of the reported fraud cases, banks failed to catch the fraud before funds were transferred out of the business’ account. Banks were able to keep money from leaving the bank in 22% of the cases and fully recover fraudulently transferred funds for only 10% of businesses.

Banks were unable to recover funds in 68% of cases. Banks took the losses in 37% of cases by reimbursing businesses for unrecovered funds; while businesses took losses in 60% of cases.

Type of Crime:– Wire Transfer Fraud
Full Article: Ponemon Institute – “2011 Business Banking Trust Study”

Fraudulent Customer Order
Seafood Company Ships $500k Order to Fraudster

A seafood company received an order for $500,000 worth of goods. After completing a credit check, the company shipped the order and billed the customer. The “real” business customer responded that it had never placed nor received the order – the business’ credit information and a different address had been supplied by a fraudster.
http://www.theglobeandmail.com/report-on-business/small-business/start/legal/identity-theft-strikes-small-businesses/article1433204/

Fraudulent Business Registrations
A 10-year-old Denver firm that buries communications lines was victimized
shortly after its annual registration was renewed in January. The owner learned of the theft when he contacted Dun & Bradstreet to ensure an address change was recorded properly. That’s when he learned of a new registered agent and address — an Aurora mail drop that was set up to forward everything to California. The thieves had changed key information about the company on Dun & Bradstreet’s database, including increasing the number of employees from 15 to 150, and increasing the company’s annual revenues by a factor of 10. “I asked Dun & Bradstreet how they checked the information, and they said the secretary of state. In just a few seconds, 10 years of hard work was going down the drain. I was terrified.”

http://www.denverpost.com/business/ci_16149416

Online Impersonation
Small Biz Owner Dragged Into “Job Seeker” ID Theft Scam

In Florida, a small business owner was flooded with calls from job seekers responding to a want ad on the company’s website. Only problem was, the company wasn’t hiring and had no ads posted. According to the Orlando Sentinel, What the firm eventually found was the Internet trail of a global identity-theft scheme that uses stolen corporate information to try to scam hundreds of thousands of job seekers. The complex con uses bogus websites, bulk e-mails, fake job applications, and bank fraud to steal people’s money and personal data.
http://www.itbusinessedge.com/cm/blogs/poremba/corporate-identity-theft-on-the-rise/?cs=43451

FBI Fraud Alert: Fraudulent Wire Transfers to China
Victims tend to be small-to-medium sized businesses and public institutions that have accounts at local community banks and credit unions, some of which use third-party service providers for online banking services. Unauthorized wire transfers range from $50,000 to $985,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. Domestic ACH and wire transfers ranging from $200 to $200,000 were also sent to money mules in the United States within minutes of conducting overseas transfers. In just 20 separate incidents, the actual losses to victimized companies totaled $11 million. http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf

business Buttton

How Does Identity Theft Happen So Easy?

In today’s digital age there are seemingly countless ways identity thieves and cyber-criminals can get personal information about you, steal your money, and use your identity and your credit record to commit fraud in your name. The risks are real, affecting millions of people every year.

This quick overview of how identity theft and cyber-crime happens today will help you understand how easily it could happen to you, and why you need to protect yourself and your family.

  • Data Breach
  • Friendly Fraud
  • Computer Hacking
  • Spyware / Keyloggers
  • Email Phishing
  • Phone Vishing
  • Text/Cell phone Phishing

  • Card Skimming
  • Change of Address
  • Stolen Wallet
  • Dumpster Diving
  • Mail Theft
  • Black Market Sales

Data Breaches

Businesses, government agencies and organizations of all types and sizes gather, store and share all kinds of personal information about their customers and employees. This is a virtual gold mine for thieves!

A “data breach” is any incident where customer or employee information is accidentally lost or exposed by a careless employee, or stolen by a hacker or thief. Stolen laptops, lost USB flash drives, un-shredded paperwork, improperly discarded computers, and hacker break-ins are among the most common ways files are lost or stolen. Another growing problem is “insiders” – employees or contractors gaining access to data and selling it to criminals.

With so many businesses and organizations doing a poor job of protecting personal information, and with criminals targeting businesses and organizations, there is a good chance your information will be exposed or stolen in a data breach – if it hasn’t already happened to you!

  • 47% of adults had their personal info exposed in data breaches in last 12 months (Javelin Strategy & Research)
  • In 2013, 1 in 4 Americans who received a data breach notice involving their personal information became victims of ID theft (Javelin Strategy & Research)

See lists of recently reported data breaches at the Privacy Rights Clearinghouse

Friendly Fraud

Identity theft cases often involve friends, family or other acquaintances. Common among these crimes is child ID theft, senior ID theft and ID theft through messy divorces. Young adults, college students are easy targets because of their age and inexperience and carefree trust of people they’ve just met. Thieves will use social networking, music downloads and sharing sites, and other shared interests to gain access to a victim’s personal information, passwords or account numbers.

Computer Hacking

Cyber-criminals are experts at breaking into or hi-jacking servers, computers and laptops. Hacker intrusion, including international organized crime rings and terrorist cells have become commonplace – and they now not only target home computers, but also small business computers, looking for financial information about vendors, employees or customers.

If a hacker gains access to a computer, they have access to everything, and probably no one would know they were there. How big of a threat is computer hacking and cyber-crime? Look at these stats:

  • Cyber-criminals capture and sell over $114 billion worth of stolen data each year – compared to only $43 million stolen in bank robberies in 2010! (MSN Money / FBI)
  • At last count, almost 4 million computers are now infected with the Zeus Trojan spyware program that steals online banking login information.

Spyware/Keyloggers

Spyware, viruses, worms, Trojan horses, rootkits and keyloggers are all common tools of the trade for cyber-criminals and ID thieves used to infect computers and capture specific information such as credit card numbers, online banking logins, passwords, Social Security numbers, and more. Captured information automatically transmits to the hacker and is later sold to identity thieves and underground brokers of stolen information.

Viruses are often carriers of these information-capturing tools. Unfortunately, you will likely never know your computer is infected with some of the newer more dangerous hacker tools. Anti-virus/anti-malware software generally does a good job detecting the more common viruses and spyware, but they do not catch everything, and cannot remove certain malware designed to imbed itself right into your computer’s operating system.

It’s best to frequently have trained security professionals do a full system diagnosis and manually find and remove specific hacker tools and infections that can result in identity theft or cyber-crime. Only The Identity Defenders provides services to do just that!

Email Phishing

Phishing attacks can be very sophisticated setups designed to do one thing – extract information from you. Derived from “fishing,” phishing emails are like bait set up by the criminal. In phishing, an legitimate-looking email appears to come from your bank, credit card company, utility, cell phone company, etc., but it actually is coming from a cyber-criminal intending to dupe you into giving them sensitive personal information. Links in a phishing email may immediately install spyware or keyloggers into your computer, and the websites look official, but actually belong to the thief. Phone numbers go to bogus phone centers. NOTICE: Legitimate emails from businesses where you have accounts do not ask for sensitive information via email.

Phone Vishing

Vishing, or “voice phishing” is when you get a call on your phone from someone who says they are from a trusted source, like your bank, credit card company, phone company, utility, etc. They’ll tell you there is a problem with your account, your card, or service – or that your account needs to be updated. They’ll ask you to verify your identity – but they’re not verifying anything, they are simply stealing your account information so they can steal your money. They may even leave a message if you don’t answer and direct you to call a bogus number where the fraudsters are waiting to get you to give them your information.

Text/Cell phone Phishing

Cell phones are increasingly being used in vishing scams – through SMS text messages. You may receive a random text message that appears to be from your bank, etc. – but again, it’s the thief looking for you to respond and give up your information. Vishing victims typically have large amounts of money or all their money withdrawn or wired out of their accounts within just 10 minutes of receiving a vishing phone call.

Your bank, credit card company or any other legitimate business will NEVER ask you to update your account or give up personal information via a text message to your cell phone.

Card Skimming

Skimmers are small electronic devices that thieves place over card slots at gas station pumps, ATM machines or even handheld credit card devices. With card skimmers, everything appears normal to you, but the thief collects your card number and other information from the magnetic stripe when your card is swiped. Now with the new RFID chips embedded in cards, a thief can obtain your information without ever touching a card. The captured information is used to create counterfeit cards or is added to Apple or Android wallet apps to purchase things in your name. This is a fast growing problem, costing consumers and businesses billions each year. You can get RFID protective envelopes and cards from The Identity Defenders.

Change of Address

One of the most used schemes by thieves today is an old school tactic to change the address where you receive mail. A thief simply completes a Change of Address form with the U.S. Postal Service to divert your bills and other personal information into their hands.

Stolen Wallet

Of course, thieves will take the cash and credit cards you have in your wallet. But today’s criminal is also looking for everything they can use to also steal your identity – like your driver’s license, membership cards, bank account numbers, insurance information, and more. Stolen wallets can not go high tech with RFID scanners that can obtain the information off the new chips embedded in credit cards from as far as 6-ft away.

When we learned that our children’s identity could be stolen, we couldn’t keep putting off getting the right protection for our ENTIRE family. iDefend has the most complete protection for us at the best price. We are grateful for iDefend!
Tony L , Pittsburgh, PA

Dumpster Diving

Long before the Internet age, thieves would go through dumpsters at office buildings, mortgage companies, medical clinics, schools, etc. looking for any form of identity information they can get their hands on. They’ll also dig through your personal trash to find old bills and mail like pre-approved credit offers to re-create your identity. Make sure you shred all important documents or mail that you have prior to throwing it away.

Mail Theft

While stealing mail is a federal crime, it’s also an easy way for criminals to steal your identity right from your mailbox, drop box, or mailbox panels. Though many mail thieves are typically looking for cash and valuables, identity thieves know your mail contains much more. Along with pre-approved credit offers, your bank statements, tax information, credit card, mortgage and loan statements are among the common things thieves can use to steal your identity.

Black Market Sales

When hackers and cyber-criminals get their hands large batches of stolen identities from a business or other organization through a data breach, they generally cash out on their crime by selling the stolen IDs on the underground online black market. These black markets for stolen IDs and credit cards are international, typically hosted on websites in countries outside the U.S., but frequented by hackers and thieves around the world who want to buy the stolen data and use it themselves, or to sell to other criminals locally.

family Buttton

So, How Does Identity Theft Affect Me?

What happens when an identity is stolen? What are thieves after?

…You see a huge drop in your bank account balance. The money is gone. You get a lien or judgment filed against you for something you’ve never heard of. You get a call from a debt collector for a delinquent loan you never took out. You get a notice for late payments from a cell phone company or credit card you never signed up for.

These are typical signs of identity theft. Unfortunately, these early warning signs are just the beginning of the devastating effects of identity theft.

Here’s what identity thieves and cyber-criminals want from you:

Your Money.

It’s the digital age. Today’s thieves can drain bank accounts, seize investments, sell property out from under you, scam you out of your money, and a host of other cyber-crimes – before anyone ever finds out. They’ll take every chance to rip you off, and because millions of people get hit every year, they know there’s little chance of getting caught. Interestingly, only 20% of identity theft has anything to do with credit cards anymore.

My iDefend service are the best I have ever had from any company over the last several years. My last experience with your computer techs was awesome! For the amount of money, the service, and the unlimited support I get, I feel like I am getting a real bargain.
Tim D , Longview, WA

Your Identity.

In addition to stealing money, identity theft can lead to ruined credit records, piles of fraudulent debt, false arrest and imprisonment, false medical records, and much more. With just your name, Social Security number and birth date, a thief can use you over and over to commit a long list of crimes in your name.

What are the effects, consequences of identity theft?
Why should you be concerned?

Catching the early warning signs of identity theft is critical. The longer the thief uses your identity, the harder it is to recover, and the more damage they will do to you. Victims of identity theft on average spend more than 500 hours and spend $6,000 or more to repair the damage. That’s more than 62 days of full-time effort to restore one’s name and credit over a period of a year or more!

Mental and emotional stress can be significant as well. Your good name and credit can take a big hit that takes years to fix. And debt collectors are only concerned with getting their money back – they don’t really care that your identity was stolen. Fighting identity theft is never easy, no matter how simple the crime.

The effect on family members or employees when their identity is stolen can be devastating.

sanpshotButtton

Protecting Yourself from Identity Fraud

Protecting yourself, your family or your business starts with understanding the new threats you face in today’s digital age.

Between the exploding numbers of business data breaches, home computer hacking, phishing, pharming and vishing scams, card skimming and a host of other threats, thieves have numerous ways to get their hands on your personal or business information to take advantage of you.

You, any of your family members including children or even your business may already have been compromised – and you probably wouldn’t know it.

Of course, there are those that suggest that you can simply do the work yourself.  You are entitled, by law, to get your credit report for free one time a year.  All you need to do is remember to pull your reports on Experian, TransUnion and Equifax at 4-month intervals.  And most credit card companies allow you to get alerts whenever a charge is made so you’d know when someone other than yourself is trying to use your credit cards.

The problem is, only a little more than 20 percent of identity theft has anything to do with opening accounts that would even be reported to the credit bureaus.   What if someone stole your identity and obtained a fraudulent drivers license?  What if that person went to the hospital and got medical services under your name?  What if a thief that has your identity commits a crime?  What happens when a fraudster steals the identity of your child days after birth and opens credit card accounts? All this could be accomplished and you would never be the wiser.

I was very impressed with my computer security tech. He made sure before we finished that my computer was protected and working to my satisfaction. To date, I have always had wonderful help from you guys… The best computer security company! I recommend to anyone who is looking for the best protection!!!
Tammi A , Fresno, CA

Are you really confident that your identity is safe?  Is it yours, and yours alone?

Let’s not forget your business.  It’s your passion.  You’ve risked your life savings to open a business to support you and your family.   Unlike your personal identity, your business’ identity does not have the same protections and services available to it.  Additionally, as a business owner, you have numerous state and federal laws to abide to when it comes to protecting the personal identifiable information that you collect on employees, vendors and customers.

I had no idea what to do about the “ScareWare” that had infected my computer and put my family at risk. I’d heard about this virus (or whatever it was), but without your security technical support, I would have had no one to call. Within a short period of time, my tech with you guys was able to solve and remedy the issue. What a relief!! His explanation of what had happened was clear and helpful and I couldn’t have been more pleased. I tell everyone to get this amazing service!
Sybil B , Scarsdale, NY

Like everyone else, criminals want more money with less work. Businesses routinely carry much larger bank account balances than average consumers, making them desirable and tempting targets for identity thieves and cyber criminals. From a criminal’s perspective, if you had a choice of stealing $500 to $1000 from an individual, or $10,000 to $100,000 (or more) from a business with roughly the same amount of effort, which would you choose? The answer is obvious, and the resulting shift from targeting consumers to targeting businesses presents dangerous new threats to businesses of every size.

passwordButtton