We’re now located at www.mytruston.com/blog. If you read this blog by coming directly to this site, please update your bookmark or make a note of the new URL.

If you usually read this blog through a “feed reader” or a site like MyYahoo or Google home, you don’t need to change anything, it should move over seamlessly. If you typically read this via our email subscription service (Feedblitz), you also don’t need to do anything.

Plenty of exciting news coming. Check it all out on www.mytruston.com, our new corporate web site and blog (rolled into one).

Thanks,
Tom

Even though we all know what identity theft is, I thought I’d revisit some important definitions including federal law.

Federal Trade Commission (ftc.gov):
"Identity theft occurs when someone uses your personal information without your permission to commit fraud or other crimes."

U.S. Department of Justice, Criminal Division, Fraud Section (usdoj.gov):
"Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain."
 
Identity Theft and Assumption Deterrence Act of 1998, Title 18 Part 1 Chapter 47 US Code §1028(a)(7):
"Identity theft is a criminal offense. It occurs when a person knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit or to aid or abet any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable state or local law."

California Penal Code section 530.5:
"It is a felony in California to use the personal identifying information of another person without the authorization of that person for any unlawful purpose including to obtain credit, goods, services, or medical information."

Fair and Accurate Credit Transactions Act of 2003 (FACTA), Title 15 Chapter 41 Subchapter III US Code §1681a(q)(3):
The term “identity theft” means a fraud committed using the identifying information of another person, subject to such further definition as the [Federal Trade Commission] may prescribe, by regulation.

Pursuant to FACTA, the Federal Trade Commission (FTC) has recently proposed this more specific definition:
(a) The term “identity theft” means a fraud committed or attempted using the identifying information of another person without lawful authority.
(b) The term “identifying information” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any-
        (1) Name, social security number, date of birth, official State or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
        (2) Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
        (3) Unique electronic identification number, address, or routing code; or
        (4) Telecommunication identifying information or access device.

Nikon puts customer credit cards on web site. I “shutter” to think of the consquences (sorry, couldn’t resist). AP Wire reported this story.

Personal information on more than 3,200 subscribers of a magazine published by Nikon Inc. was available on a Web site before the breach was discovered, the imaging company said Thursday.

Details including names, addresses and credit card numbers for 3,235 people could be seen over a nine-hour period on a Web site for Nikon World magazine, but only nine new subscribers gained access to the information, the company said.

There was a break-in that resulted in stolen computers including a laptop. Apparently effects over 2,000 customers. Social security numbers and driver’s license numbers were involved. Read more at wfrv.com.

American Family Insurance is warning customers to be wary of identity theft after computer equipment was stolen in a burglary in Madison.

The break-in was back in July. American Family spokesman Steve Witmer says it took the company a while to determine the contents of the missing computer and assess the risk.

Of most concern is a stolen laptop. Witmer says it had customers' Social Security numbers and driver's license numbers.

Over 14,000 phishing websites were detected in July. And this represents over 154 “brands” (Paypal, banks, credit unions, etc.). Got this from Computerworld.

The number of phishing sites -- or fraudulent Web sites try to fool people into handing over sensitive personal information -- rose to 14,191 in July, an 18% increase over May, the previous all-time high, said the Anti-Phishing Working Group (APWG). The fraudulent sites mimicked a record 154 brands, up 20% over June and 12% over the previous high, also recorded in May, APWG said.

According to Symantec (via ZDNet), in March 2006, there were nearly 8 MILLION phishing emails sent every day.

Internet Crime Complaint Center (IC3) issued an alert today. There are millions of phishing emails sent every day. This one is notable because the scammers thought it would  be effective to pose as the FBI.

The FBI has been alerted to a fraudulent email which purports to be from the FBI and attempts to convince recipients to send money to secure prizes won in an international lottery.

The email contains Director Mueller's name and office address, and typically comes under the title, "FBI Internet Fraud Watch/Alert". The return email address may be listed as FBIfraudalert@hotmail.co.uk, or FBIfraudwatch@hotmail.co.uk

Here we have a case of reverse dumpster diving. The employees, smartly, jumped in the dumpter to pull out their sensitive HR files which had their SSNs. This is a perfect example of what I tell people every chance I get. Think about every doctor’s office, mortgage company, apartment rental company that you ever gave your social security number. Last year, five years ago, 20 years ago. Where the heck are those records? What happens when the doctor retires or company goes bankrupt? Or how about every day security. How can we posibly know if those records are kept locked and protected? We can’t.

More from TheIndyChannel.com:

Workers at a telemarketing company on Indianapolis' south side are concerned about identity theft after they said they found piles of personal information in a Dumpster. Several employees of Telesource said they climbed into the Dumpster to retrieve the documents.

Not sure I am surprised, but we should know how vulnerable we are—because so much of our sensitive data is spread around. ConsumerAffairs has got this story.

A report issued by the Government Accountability Office (GAO) reveals that privacy breaches have been rampant among state, national, and military health care agency contractors since 2004.

According to the GAO report, 40 percent of health insurance contractors and state Medicare/Medicaid offices experienced data breaches in the last two years.

This is a beaut. A prisoner runs an ID theft fraud ring on the inside. ConsumerAffairs.com has more.

An inmate at the Hiawatha Correctional Facility in Kinross, Michigan, was sentenced to 5 to 20 years in the Chippewa County Circuit Court by 50th Circuit Court Judge Nicholas Lambros, according to Michigan Attorney General Mike Cox.

Dale Morris, 42, was convicted of maintaining a sophisticated criminal enterprise that he orchestrated from his Michigan prison cell. Morris' scheme enlisted the help of two fellow Michigan inmates, Darius Moye and Richard Custer, their mothers, Mary Moye of Georgia and Linda Custer of Detroit, David Bullard of Inkster, and Sherry Drake of Detroit.

This isn’t exciting news. I thought it worth noting for those in the industry. CNET News.com reports…

American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organization to develop and maintain security standards for credit and debit card payments. It's the first time the five brands have agreed on a single, common framework.

The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide.