Data Facts Blog


A HReal HRisk HR can help HReduce | BCP Business Center

By Lesley Fair

Data Privacy DayToday is Data Privacy Day. You’ve educated your staff about limiting access to sensitive information, locking up confidential paperwork, and securing the network. But Latanya Sweeney, the FTC’s new Chief Technologist, just clued us in about a potential security vulnerability you, your HR team, and your web master can do something right now to correct.

It can happen on any site, but it’s common for universities, research institutions, non-profit organizations, and even tech companies to include links to the CVs of professors, scientists, executives, and other staff. For the most part, those resumes list scholarly publications and academic interests. But scroll through all that high-minded content and you may get to the down-and-dirty stuff identity thieves live for: dates of birth, home addresses, and even Social Security numbers.

On this topic – and a whole lot of others – when Latanya Sweeney talks, we listen. And here’s why. Yes, Latanya is an Ivy League Big Brain Academic. (And we mean that in the nice way, of course.) But she also has the tech credentials to speak geek with the very best of ‘em. And if that weren’t enough, for years she’s been a leading thinker about how privacy and technology policy affects consumers.

Here are some steps you can take immediately to help plug the potential gap Latanya is warning about:

HR professionals: Survey the faculty or management pages of your site and have your web master take down any CVs or resumes that include the kind of personal information ID thieves could exploit. Explain to your colleagues why it’s a risk they shouldn’t be taking. As new staff members are hired, implement a policy not to upload documents that include sensitive data. Executives and staff will appreciate that you’re looking out for them – and for the reputation of your institution or business.

Academics and professionals: If the CV or resume posted on your employer’s site or your personal homepage includes your Social Security number, date of birth, or other personal information, take the page down. If it’s a link to a .pdf, revise the document to get rid of the data crooks could exploit. Pass the word to your colleagues, mention it in your next staff meeting, or print this page and post it where they’ll see it.

Job applicants, graduate students, and others with an interest in promoting their credentials online: Be savvy about what you include on your CV, resume, or webpage. There’s just no reason for posting your Social Security number or date of birth where it’s accessible to some random web surfer. And your home address? These days, isn’t it more likely legitimate employers would contact you via email?

Those steps can reduce your risk from here on in, but what can you do if your personal information is already out there? Go to annualcreditreport.com and exercise your right to one free copy of your credit report from each of the three major national credit reporting companies. Stagger your requests and monitor your report once every four months.

A HReal HRisk HR can help HReduce | BCP Business Center.

Social Security Numbers and Mortgage Fraud

The social security card looks like an innocent little thing. However, its 9 digit number packs a powerful wallop during the mortgage process.  People who commit mortgage fraud often attempt to utilize other people’s socials to acquire mortgage loans.

According to Fannie Mae’s Fraud Finding Statistics , for the 2011 and 2012 mortgages where misrepresentations were discovered,   8% of the misrepresentations involved social security numbers. This, unfortunately, is an increase from 2010.

Mortgage fraud is a rampant practice in today’s real estate climate, with fake or stolen social security numbers often at the heart of the scams. Fraudsters have several ways of gaining access to a person’s social:

1: Purse or wallet snatching: a thief may utilize this very common practice to gain access to a consumer’s private information.

2: Phone scams: fraudsters call a person with a phony story. Examples of this are scammers telling the person he/she has won a great amount of money, or posing as the person’s bank or credit card companies. In these cases, thieves ask for identity verification in the form of a social security number.

3: Computer hacking: websites where private information is stored may be hacked in order to retrieve social security numbers.

Once fraudsters have secured a valid social security number, they can utilize it to open credit cards, get hired for jobs, AND obtain a mortgage.

Criminals who set their sites on mortgage fraud often set up complex networks and intricate scams to commit mortgage fraud. One person will steal the social security number, while another fraudulent person applies for the mortgage. A group working this way can rack up tens of thousands of dollars in cash without the consumer’s knowledge.

How can consumers protect themselves?

–          Leave it at home. Never carry your social security card in a purse or wallet. This practice will eliminate the possibility of a thief stealing it in a purse or wallet snatching incident.

–          Guard the number closely. Only give out the number on a call that you initiated.  Beware of anyone calling or emailing you asking for your social security number.

–          Report a theft immediately.  If you feel your social security number has been compromised, report it to the FTC, the 3 credit bureaus, and the Social Security Administration immediately. Doing damage control up front will save you big headaches down the road.

How can mortgage lenders protect themselves?

–          Closely check the credit report. Scour it thoroughly for any discrepancies in the applicant’s social security number.

–          Run a social security verification on every borrower. For added protection, this process makes certain the social matches the person trying to obtain the mortgage.

It’s a sad fact of life there are criminals out there who prey on honest people by fraudulently acquiring their social security number. However, by being vigilant (whether you are a consumer or a mortgage lender), these criminals can be thwarted and the incidences of mortgage fraud can be decreased.

~~Susan McCullah is the Product Development Director for Data Facts, a 23 year old Memphis-based company.  Data Facts provides mortgage product and banking solutions to lenders nationwide. Check our our website for a complete explanation of our services.

Identity Theft: The Newest Open Door to Thieves

ID theft continues to be a rampant and expensive crime in the U.S.  Purse-snatching, dumpster diving, and mail stealing are all ways that criminals steal your identity. These thieves can then use your credit cards, social security number, and other personal information to rack up charges, open new accounts, and even apply for jobs!

Identity theft and ways to combat it have been topics of many tv and printed articles. You have probably viewed or read some of these tips and even implemented a few of them into your habits. So you are protected, right?

Uh, probably not.

Unfortunately, these crooks are very creative, and constantly scheming up new ways to steal pieces of information about your identity. So, while you may have a locking mailbox, a shredder you use faithfully, and guard your social security number as closely as you would your little sister, you could be overlooking one thing: your cell phone.

In today’s “smart phone world” a person can manage their entire lives. Paying bills, banking, stock trading, and online shopping can all be conducted over your nifty little phone. This makes your phone a goldmine to identity thieves.

Ways the thieves can steal it:

 They steal your phone. Cell phones are evolving constantly, and the amount of storage available on them is growing by leaps and bounds. By stealing your phone, criminals can access your credit card numbers, banking applications, and email accounts. This can supply them with a plethora of information that they can use to steal your identity.

They tap into your Bluetooth connection: Thieves can access your Bluetooth connection, and connect their device with yours, pilfering pieces of information that are not secure on your cell phone.

They can eavesdrop on you. A crook with access to your phone can download software that allows them to listen to your phone conversations. From there, they can extract any information you talk about on your cell phone, and use this to gain access to your accounts, credit cards, etc.

They buy it from you: There are unscrupulous people cruising the internet for used cell phones on sites like Craigslist and Ebay. Their goal is to buy a cell phone that has not been completely cleared of important, sensitive information that they can use to steal your identity.

When it comes to Identity Theft, ignorance is definitely NOT bliss.  Being aware of these sneaky ways to steal your identity can put you in a better position to protect yourself. Here are some ways to make sure you are not vulnerable.

1: Lock down your cell phone with a strong password. Utilizing a number/letter password is the first step toward securing your phone from intruders. Make sure the password is not easily guessable, and set your phone to auto lock.

2: Don’t auto-save your banking passwords. Any applications that deal with sensitive information need to also have a strong password, and take the few extra seconds to type it in every time you access the app.

3: Always turn your Bluetooth off if you are not using it. This can greatly minimize an identity thieves’ ability to hack your phone.

4: Don’t leave it laying around. Keep your cell phone with you when you are out and about, and out of sight at work. This will guard against a person being able to download software that can tap into your conversations and emails.

5. Erase it before selling. When it’s time to get rid of your old phone, make certain all sensitive information is completely removed from the device.

Identity theft is largely a crime of opportunity. By decreasing your cell phone’s exposure to criminals’ access, you can effectively guard against becoming another statistic.

 

~~Susan McCullah is the Product Development Director for Data Facts, a 22 year old Memphis-based company that provides mortgage product and banking solutions to lenders nationwide. Check our our website for a complete explanation of our services.

Social Security Numbers; Times are A Changin’

Posted in Identity Theft,Uncategorized by datafactssolutions on September 12, 2011
Tags: ,

Social security numbers began being assigned in 1936 to track workers’ earnings so that proper benefits could be paid. These 9 digit numbers were created from a specific formula. This year, that formula is changing.
Social security numbers have always been comprised of 3 number sections; the 3 digit area number, followed by the 2 digit group number, and then a 4 digit serial number. The area number reflects the state in which the card was issued.
This sequence creation has begun to pose some problems.
1: Because the first 3 numbers indicate the state the number was issued (look at this chart to see the numbers by state), this limits the numbers of each state. Highly populated states may eventually run out of 9 digit numbers.
2: The SSN has been widely used for identification purposes for schools, businesses, etc. The current design allows identity thieves more of an opportunity to figure out a person’s number, and use it for fraudulent activities.
As a result, the Social Security Administration has decided to change the way SSN’s are assigned.
As of June 25, 2011, Social Security Numbers will be randomized.

The key differences will be;
The geographical significance of the first 3 numbers will be eliminated. The ‘area numbers’ will no longer be allocated from a specific state. This will extend the longevity of the 9 digit number system.
Previously unassigned area numbers will be introduced. Prior to June 25, 2011, social security numbers would have never included an area number above 772. Now the Social Security Administration allows for area numbers all the way into the 800’s. However, there are some area numbers that will never be allocated; 000, 666, and 900-999.
Never fear! You are not going to be reassigned a social security number or anything like that, this is simply for the people who receive Social Security numbers after June 25, 2011. AND the 9 digit design will remain in place.
Always remember: your social security number is a goldmine for identity thieves. Do not divulge your social security number unless absolutely necessary, and never carry your card in your wallet.

Why a Strong Password is Your Best Friend

Your best friend would always protect you and never let you down. The same should be said of your passwords.
In today’s world, the average person needs 28 passwords. You need passwords for your bank, email, social network, bills, and any online ordering accounts. THEN you really rack up the passwords for different logins at work. It can get mind boggling to remember all the passwords that you use in a day’s time.
It’s tempting to use the same password for all the sites and accounts that you must access. HOWEVER, this is setting you up to have your password STOLEN. And the consequences of having your only password hacked can be disastrous.
Think about just how much a password protects.
Online banking and brokerage accounts: your password stands between your money and a thief!
Email accounts: your password protects your emails from being hacked. If you have online bills and bank statement, the thief could gain access to your account information.
Online shopping: Your credit card number and other personal information are guarded by your password.
And these are only your Personal Accounts!
Here are some very important tips to utilize in the creation of your passwords.
1. Throw your password loyalty out the window: Studies show that 1/3 of Americans who use a computer use the same password for every site. If a thief gets your password and hacks into your email, he can then access any accounts that he finds. He could literally clean you out and rack up massive debt within a very short period of time. Using only 1 password for all of your accounts hands the thief an open invitation to all of your accounts and information.
2. Easier isn’t better. A good portion of people actually use their birth date, their kids’ names, or even 12345 as their passwords. These types of passwords take hackers only seconds to crack. Easy passwords leave your accounts open and waiting for thieves to take advantage. You may as well leave your money laying on the front porch.
3. Keep it in the noggin. Even if people have more than one password, they often write them down and leave them by the computer, under their keyboard, in their calendar, or store them in their smartphones. This basically gift wraps them for a thief. Once he scores the password list, its bye bye money and hello fraudulent charges.
4. Mix it up. Passwords that only contain letters are easy to observe or guess, especially if they are only lower case.
5. Get long-winded. Never use a password that is under 8 characters. A short password is more easily observed and guessed than a longer one.
6. Remember you didn’t marry it. Keeping the same password month after month allows a hacker all the time he needs to crack it.
The CONSEQUENCES of having your password hacked are too high to not take immediate action. Here’s what to do:
1: Make a list of all your emails, accounts, banks, and shopping websites that require you to have a password.
2: Make sure your main email address has a password different from any other account.
3: For the remainder of your accounts, have a minimum of 4  hard to crack but easy for you to remember passwords
4: Change your passwords every 3 months.
5. Don’t write the passwords down anywhere. If you are afraid you will forget them, scribble a hint that only you could decipher, and keep it in a safe place. (Do not store this in your wallet or near your computer).
Let’s create a good password.
A. Think of a word that is easy for you to remember, but is not closely tied to you personally (ie: not your spouse, child, or dog’s name). We will use Teague (the name of my Kindergarten teacher)
B. Add a capital letter in the middle of the word. We will use the G. So now we have TeaGue.
C. Randomly choose 3 numbers. Do NOT use the last 4 digits of your social, your birthdate, or your anniversary. We will use 206 (the date of the last Superbowl). Your weight is another easy to remember number.
D. Now choose a character. I will choose ! since I’m trying to make a point.
RESULT: one of my new passwords is TeaGue!206. This will be easy for me to remember, but difficult to guess. My hint to myself would be: Kindergarden!superbowl.

Passwords are the gateway to your money, credit cards, and personal information. Strong passwords, like best friends, keep your secrets secure.  Utilize these tips to make sure you will not become just another identity theft statistic.

~~Susan McCullah is the Product Development Director for Data Facts, a 22 year old Memphis-based company that provides mortgage product solutions to lenders nationwide.