Beware of no-limit credit cards. Despite the prestige and flexibility these cards offer, it’s possible the cards could result in a lower credit score. It seems odd, but someone who has the track record and wealth to qualify for such cards, and manages their credit well, could still get burned. It’s because part of your credit score is determined by the gap between the credit limit on your cards and how much you pay off (the credit utilization). The no-limit credit card company has to report something as the limit to the credit bureaus. If it reports some arbitrary “limit” to the credit bureaus which is low, and you are a big spender, they could be screwing you over. Because the gap between your limit and your balance could be very small.

What should the credit card companies use as the “credit limit” necessary to determine this gap? Probably the most customer friendly thing to do is report your highest-ever balance as your limit. But they don’t all do that as this article below describes. Also, the article I believe has a small error. It says that “Credit utilization accounts for 30 percent of your credit score.” Not entirely true. 30% of your credit score is determined by your indebtedness, of which credit utilization is ONE factor. Other factors which effect that 30% include money owed on all accounts, quantity of credit accounts, and how much your mortgage/installment loans are paid off.

Read more from Bankrate.com via MSN Money.

"Consumers who are thinking of opening one of these no-limit credit cards may want to think how deeply their scores will be affected," says Craig Watts, spokesman for Fair Isaac, the corporation that developed the well-known FICO score.

If you ever take a laptop with you while traveling by air, watch out for this scam.

The Federal Aviation Authority has warned about a common scam to steal laptops at airport security. Basically, what happens is that a team of scammers (probably 2 or 3) get between you and your laptop at the metal detector at airport security. They look for people carrying laptops. One of the scammers gets in front of the mark, while one or two more wait on the other side of security. After you put your laptop down to go through the conveyor, the scammer in front of you purposely sets of the metal detector and delays while your laptop goes through the detector.

Your laptop comes out the while you are still waiting way back behind the scammer who is still delaying, emptying pockets, and probably distracting security. A scammer on the other side grabs your laptop, makes off with it, and may hand it off to a third team member to make it harder to find.

Tip:  If you are traveling with a laptop or notebook computer, be very careful at security checkpoints. Wait as long as possible before putting your laptop onto the conveyor belt. And keep an eye on your laptop the entire time. If you are being delayed and can’t see your computer, don’t be afraid to speak up (politely) and tell a security person that you fear your laptop might be stolen and ask that they keep an eye on it.

Tags: laptop, steal, notebook, theft

I rarely post about phishing attacks here because there are so many of them. I tried to post summaries of weekly phishing attacks back in 2004 on my scamsafe.com blog and it quickly became pointless—there are hundreds or thousands of new scams every week sent via billions of emails. At this point just assume that every e-mail from any organization asking for personal information is a fraud.

But the FDIC today issued a consumer alert I thought worth posting. 

The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that has the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation" and the subject includes the phrase "IMPORTANT: Notification of Federal Deposit Insurance Corporation." The e-mail states that the FDIC received an application. It says, in part:

"…from your bank to ensure your Checking or Savings account against Fraud, phishing or Identity Theft. If u agree with the following, PLEASE ENROLL in the FDIC protection system."

The e-mail is fraudulent and was not sent by the FDIC. It is an attempt to obtain personal financial information from consumers.

Do you get paid via direct deposit through Paychex? If so, take a look at your paystub/statement. I looked at one recently and noticed that it shows the full checking account number! That puts the account holder at significant risk. All a fraudster needs is to find out or guess the name of your bank and they can pretty easily pull funds right from your checking account.

How is that possible? The ABA routing number for every bank is well known. So with the account number and routing number one can easily perpetrate a fraud on your account. Yes, it is that easy. What kind of fraud? Well, someone could simply order checks from a third party check service and write against your account. Even if you catch it, it’s a pain in the butt and causes serious repercussions for you with the check verification services. And what if you are traveling or busy and don’t see the fraudulent transactions? Consumer protection laws on your checking account are no where near as good as for your credit card. (And forget FDIC insurance. That only protects account holders from bank failure, not fraud.)

So, Paychex, why not put an “X” through all but the last 4 digits? I hear Paychex is a very good company. I hope they will consider redacting sensitive account numbers from direct deposit statements.

The take away for you: Don’t leave your direct deposit statement lying around! Shred it or keep it safe.

If you are a victim of identity theft you have a right to four (4) free credit reports in the year after you report the fraud. Federal law* gives you those rights. The consumer credit reporting agencies (CRA) don’t really want you to know that. I know people who work at the credit bureaus that aren’t even aware of these rights. Here’s how you get the four free credit reports.

1. Every victim gets a free credit report when reporting fraud. Call the CRA, report that you are a victim, place your initial 90–day fraud alert, and ask for your credit report (this is done using an automated voice response system or online).
2. Get a police report, fill out an FTC fraud affidavit, and send an appropriately worded letter to the CRAs. In the letter, request an extended 7–year fraud alert on your credit file. Once you do that, according to U.S. law, you have a right to two (2) free copies of your credit file disclosure (credit report) in the following 12 months (from each of the 3 CRA).
3. As part of the same Federal law, you have a right to one free credit report every 12 months, regardless of whether you are a victim or not. This is the “free annual credit report” you’ve no doubt heard about. And it is totally separate from the free reports you get as a victim.

So that’s four free reports in one year from each of the three CRA (so actually 12 total reports). That is far better than credit monitoring—and it is totally free. In other words, if you are a victim, paying for a credit monitoring service is expensive overkill.

Now all those laws and procedures are kind of a pain to understand and deal with. It requires sending letters with correct information and remembering all the specific time frames. All this confusion used to play right into the hands of the credit reporting agencies, by serving as a virtual obstacle to you taking advantage of your rights.

Well, don’t worry about it anymore. Because my company, Truston, is going to help you with all that. And all it will require is your email address to get started. Sign up here to get notified when we launch our service.

* The Federal law I refer to is Public Law 108–159, Fair and Accurate Credit Transactions Act of 2003. Which amended the Fair Credit Reporting Act. How do I know all this? I read these laws in my spare time. My misery is your pleasure .

If you are an identity theft victim, there may be times—believe it or not—when your bank should be uncooperative when you are reporting fraud. They should never provide you with sensitive account information after you report fraud, until they have confirmed you are the actual victim. Otherwise, they could be providing sensitive information to the imposter (not you). That is why you will (should) be asked to provide an FTC fraud affidavit and police report to the bank fraud investigator or security officer. They should verify this information and from that point forward assume you are the actual account holder. And they should tell you to place a PIN or password on your accounts. That goes for credit cards, savings accounts, and checking accounts. If they don’t mention the PIN/password, then you should demand it.

A well run bank should have clearly defined internal procedures and processes for dealing with consumer fraud.

Call the credit bureau directly—they just may offer you a big discount. I called Equifax today helping a victim report fraud and get an alert on their credit file. After I was done the procedure, I accidently hit “#” instead of “*” (* would have repeated the confirmation number for me). A person answered and they immediately launched into an up-sell pitch for credit monitoring. I rolled my eyes and i was going to hang up but I decided to listen. She immediately offered me one year of Equifax Credit Watch Gold (credit monitoring plus other stuff) for $99 instead of the published price of $130. That’s a 24% discount. So, although credit monitoring is pricy and overkill for most people, if you are going to order it, you might as well call and try to get a deal. This phone rep was obviously given an incentive to sign people up.

Updated 6/27/06

Are you a veteran or member of the U.S. military, including the reserve and National Guard? Wondering what to do after the computer theft/data breach at the Department of Veterans Affairs (aka VA or Veterans Administration)? Or are you concerned about some other incident that puts your personal information at risk?

To deal with data breach or potential identity theft:

Here’s what you do if you are a veteran or military service member, NOT on active duty.

Contact one of the three major credit reporting agencies, Equifax, Experian, or TransUnion, by telephone (see below). Use the fraud reporting toll-free number. You will reach an automated system for reporting fraud. You will be given the opportunity to place a temporary 90–day fraud alert on your credit file. A fraud alert is a notice to creditors checking your credit file that you are a victim of fraud. Also order a copy of your credit reports. They are free as a potential victim of ID theft. (This is in addition to your free annual credit report.) This first report gives you the opportunity to check for potentially fraudulent credit applications and verify that all the current information is correct. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information. Contact only one of the three companies to place an alert—the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.

Credit Reporting Agencies (report fraud—do not order report that costs money)

• Equifax: Call (800) 525-6285, P.O. Box 105069, Atlanta, GA 30348. www.equifax.com
• Experian: Call (888) EXPERIAN (888-397-3742). P.O. Box 9532, Allen, TX 75013. www.experian.com
• Trans Union: (800) 680-7289. P.O. Box 6790, Fullerton, CA 92834. www.transunion.com

Fraud alerts are advisory in nature only and that credit issuers are not required to honor them. The first fraud alert, the one you placed by phone, only stays in place 90 days. Identity theft victims with police reports may extend the time period to seven years. This is done with a formal letter by mail.

To learn more about identity theft and your credit rights under the FCRA (Fair Credit Reporting Act) and FACTA (Fair and Accurate Credit Transactions Act), visit www.ftc.gov/credit.

Here’s what you do if you are on “active duty”

First, to report ID theft or potential fraud:

Contact one of the three major credit reporting agencies, Equifax, Experian, or TransUnion, by telephone (see below). Use the fraud reporting toll-free number. You will reach an automated system for reporting fraud. You will be given the opportunity to place a temporary 90–day fraud alert on your credit file. A fraud alert is a notice to creditors checking your credit file that you are a victim of fraud. Also order a copy of your credit reports. They are free as a potential victim of ID theft. (This is in addition to your free annual credit report.) This first report gives you the opportunity to check for potentially fraudulent credit applications and verify that all the current information is correct. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information. Contact only one of the three companies to place an alert—the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.

Credit Reporting Agencies (report fraud—do not order report that costs money)

• Equifax: Call (800) 525-6285, P.O. Box 105069, Atlanta, GA 30348. www.equifax.com
• Experian: Call (888) EXPERIAN (888-397-3742). P.O. Box 9532, Allen, TX 75013. www.experian.com
• Trans Union: (800) 680-7289. P.O. Box 6790, Fullerton, CA 92834. www.transunion.com

Fraud alerts are advisory in nature only and that credit issuers are not required to honor them. The first fraud alert, the one you placed by phone, only stays in place 90 days. Identity theft victims with police reports may extend the time period to seven years. This is done with a formal letter by mail.

Second, place a special active duty alert on your credit file:

If you are a member of the military and away from your usual duty station, you may place a a free one-year "active duty alert" on your credit report to help minimize the risk of identity theft while you are deployed. When a business sees the alert on your credit report, it must verify your identity before issuing you credit. The business may try to contact you directly, but if you're on deployment, that may be impossible. As a result, the law allows you to use a personal representative to place or remove an alert. Active duty alerts on your report are effective for one year, unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.

To place an "active duty" alert, or to have it removed, call the toll-free fraud number of one of the three consumer credit reporting companies: Equifax, Experian, or TransUnion (see above). You will reach an automated system. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information. Contact only one of the three companies to place an alert—the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.

When you place an active duty alert, your name will be removed from the nationwide consumer reporting companies' marketing lists for prescreened offers of credit and insurance for two years - unless you ask that your name be placed on the lists before then. Prescreened offers, also called "pre-approved" offers, are based on information in your credit report that indicates you meet certain criteria set by the offeror.

To learn more about identity theft and your credit rights under the FCRA (Fair Credit Reporting Act) and FACTA (Fair and Accurate Credit Transactions Act), visit www.ftc.gov/credit.

I recently got a question from a reader. Someone told him that everyone should get a credit freeze. I emailed a response and I thought you might want to see my thoughts on this matter (slightly edited for this blog).

There are two things you can do to protect your credit file at the three bureaus. The least invasive is a victim or security alert. This is a statement added to your credit report asking issuers to check with you prior to issuing credit. Unfortunately there is no law that requires creditors to honor this request. I'm told it works about 50-70% of the time. The placement of a fraud alert is always free and you should place it at all three credit reporting agencies if you want to use it.

Some states have enacted laws allowing consumers to "freeze" their credit reports. It is not available in most states. How it works is that potential creditors, insurers, landlords and some employers doing credit file/background checks will be told that your report is unavailable when checking it. Some states are allowing the credit reporting agencies to charge victims for a freeze, some are not. There's typically a charge to enable a freeze if you are not a victim. And you need to freeze the reports with all three of the credit reporting agencies for it to be totally effective.

Everyone assumes that if a creditor is blocked from reading your credit file, they can't issue credit in your name. That's baloney--there's no law which says that. Now, most creditors won't issue credit in that case, they'd be foolish to. A credit freeze can also be costly and quite an inconvenience for some people.  Freezes are not good for people who apply for credit or change jobs frequently. You can put a thaw on your credit freeze and that cost and process for that differs in every state.  Each time you want to qualify for a loan, credit card, housing or a job, you will need to un-freeze the report. This may take about 3 days; in New Jersey it should take just 15 minutes.

A freeze is the very good form of credit file protection. It only protects you from identity theft when the fraudster is targeting your credit file to make changes or open new accounts in your name. It is not a 100% guarantee of anything.

There are exceptions. In these situations, your credit report can be seen even with a freeze enabled:
- Organizations with which you already have a relationship (usually for account maintenance, monitoring, credit line increases, etc.)
- A collection agency, for purposes of reviewing or collecting the account.
- For credit pre-screening as provided for by FCRA.

So my advice is that placing an alert on your file is a free and generally non-invasive way to provide some additional protection. Be sure to state several phone numbers where you can be reached, like a cell phone. A freeze is a more drastic step, which provides the best protection. It may not necessarily a good idea, unless you are a victim where I recommend it strongly. Freezes are available in California and about a dozen other states. Here's some good instructions on enabling the credit freeze in California: http://www.privacy.ca.gov/sheets/cis10securityfreeze.htm.

If you want instructions on placing a fraud alert or for enabling a credit freeze in your state, submit a comment and I’ll respond with the info.

Tags: credit+freeze, alert, credit

Which local, state or federal agency has primary jurisdiction to investigate financial fraud involving FDIC insured banks, credit cards and identity fraud? Put your guess in the comments. Correct answer to be posted this weekend.

Update: The correct answer is...the US Secret Service. Which was part of the Treasury Department until 2003. It's now part of Homeland Security. So kudos to both people that answered!

The USSS was formed originally in 1865 to deal with the problem of counterfeit currency. Then when President McKinley was assassinated, Congress directed the USSS to protect the President. Their responsibilites have been expanded several times since then.