Web sites with information to help you become better armed against fraud:
National Fraud Information Center/Internet Fraud Watch, Division of the National Consumers League
Tips, examples and statistics debunking common frauds and schemes. Users can submit reports of scams to the Fraud Center for investigation.
National Consumers League, Washington, D.C.-based consumer advocacy group
Reports and guides on common consumer issues, including fraud and the technologies making business (and theft) fraud easier.
fbi.gov/majcases/fraud/ fraudschemes.htm
FBI Common Fraud Schemes
Federal listing details several ongoing scams, providing examples and tips to detect fraudulent solicitors.
Internet Crime Complaint Center, partnership between the FBI and the National White Collar Crime Center
Victims of Internet fraud can file official complaints, which are referred to authorities at federal, state, local and international levels.
Fighting Back Against Identity Theft.
Federal Trade Commission site instructs victims of identity theft on the steps to take after being scammed, from placing a fraud alert on credit reports to filing reports with local and federal authorities.
Who’s guarding your ID?
Retailers’ security breaches prod lawmakers to protect consumers
Associated Press
A shopper leaves a T.J. Maxx store in Framingham on Wednesday. TJX Cos., the parent company of T.J. Maxx, fell victim to a security breach by hackers who stole customer data. A string of ID thefts is spurring legislative action.
|
The Patriot Ledger
The clock ran out last year before an identity theft bill could be sent to the House or Senate floors for a vote.
But ID theft legislation will likely meet a much different fate this time around in the new two-year legislative session that began last month.
Recent publicized data breaches range in scope from a major hacker attack at TJX Cos. to more limited incidents, such as a theft of bank card numbers from keypads at two Stop & Shop stores in Rhode Island. But they have at least one thing in common: The headlines remind state legislative leaders of their failure so far to pass a measure aimed at shielding consumers from identity thieves.
ON BEACON HILL
Protecting consumers
Several proposals to protect consumers from identity theft are under consideration in the Legislature as politicians respond to the extensive media coverage of recent data breaches.
Notification requirement: State lawmakers will likely approve a measure requiring companies to notify people if their personal information has been compromised. More than 30 other states already have such a requirement on the books. What still needs to be resolved is the threshold where companies could be exempt from writing or calling each person and instead could provide mass notifications through the media and the Internet.
Security freeze: Legislators are also expected to approve a bill that would give consumers the right to block access to their credit histories. If a person gets a “security freeze,” it essentially prevents anyone from opening up a new credit account in that person’s name. At least 25 states allow for security freezes, but some states only allow them for victims of identity theft. The Legislature still needs to agree on how much it should cost to “freeze” and “unfreeze” your credit histories.
Reimbursement requirement: Rep. Michael Costello, D-Newburyport, recently filed a bill that would require companies whose systems are breached by hackers to reimburse banks for the costs associated with those breaches. The bill faces strong opposition from retailers in the state, and it could be set aside in order to pass a less controversial identity theft bill.
Sen. Michael Morrissey, D-Quincy, the Senate chairman of the Legislature’s consumer protection committee, said he met with top aides in Gov. Deval Patrick’s administration and Attorney General Martha Coakley’s office in recent weeks to solicit suggestions for a comprehensive ID theft bill. He said he expects to draft a bill that would reflect what he has learned within the next month.
Several bills under consideration in the Legislature would require that companies notify consumers if their personal data have been compromised and create a “security freeze” that would allow consumers to block access to their credit histories.
A controversial proposal was recently added to the mix following a request from the Massachusetts Bankers Association. That bill, which was filed by Costello, would require companies to reimburse banks for the costs of breaches to their databases, including paying for the expenses related to issuing new cards and consumer refunds.
Lawmakers in Washington are also weighing federal solutions, such as a proposed nationwide notification requirement.
But most state legislatures haven’t waited for action in Congress. More than 30 states passed identity theft bills since data brokerage ChoicePoint revealed in February 2005 that the personal information of nearly 145,000 people in one of its databases had been compromised.
The revelation came to light because the state of California had a notification requirement that forced Choice-
Point to inform residents of that state who were affected. But the Alpharetta, Ga.-based company eventually notified residents in other states as well because of pressure from state attorneys general.
In the two years after the ChoicePoint incident, the number of states with notification laws has risen from just one to at least 34, according to figures provided by the Massachusetts Public Interest Research Group.
MassPIRG also said at least 25 states now have some form of a “security freeze” allowing consumers to block access to their credit histories, with five states restricting such freezes to victims of identity theft. Such “freezes” essentially prevent someone from establishing credit in an identity theft victim’s name.
Morrissey recently filed a bill that included a security freeze and a notification requirement. But the Quincy Democrat said he is revamping the bill to make it more effective, and he plans to file the new one within a month. He said he plans to add measures that would increase the state attorney general’s regulatory abilities and stiffen penalties for wrongdoers.
There are still several issues that need to be resolved. For example, Morrissey’s initial bill would require consumers to pay $10 to a credit reporting agency for each security freeze. He said he’s seeking input to decide whether that fee is too high.
Morrissey’s initial bill also would allow companies with breaches that affect more than 100,000 Massachusetts residents to notify them through the media and the Internet, instead of individualized calls or letters.
Another bill filed by Costello, the Newburyport representative, and state Sen. Jarrett Barrios, D-Cambridge, would create a much higher threshold, setting the bar at 500,000 state residents.
Morrissey said he doesn’t plan to include the banker-backed measure that aims to put retailers on the hook for expenses related to data breaches.
“I’ll listen to their arguments,” Morrissey said of the measure’s supporters. “But I’m a big fan of trying to reduce controversy in a bill.
“If you muddy up the waters and make it much more complicated, then we’re not going to get anything done.”
The bankers’ proposal has already drawn fierce opposition from the Retailers Association of Massachusetts. Erin Trabucco, general counsel for the retailers group, said MasterCard and Visa already can assess fines as part of their contracts with retailers.
“Retailers are already paying in numerous ways for this type of fraud,” Trabucco said. “The problem isn’t that retailers aren’t trying to protect the information.”
Kevin Kiley, executive vice president of the Massachusetts Bankers Association, said his group asked Costello to back the measure after bankers had a tough time persuading Visa and MasterCard to adopt liability requirements in their contracts with retailers.
Kiley said the momentum for such a requirement began in 2004 when a massive breach of card data was discovered at Natick-based BJ’s Wholesale Club. He said several banks were unable to win lawsuits aimed at forcing BJ’s to help pay for the costs associated with the breach.
Kiley said most retailers still fall short of security rules set by Visa and MasterCard.
“Hopefully, this will act as a stick to (spur retailers) to bring in standards and encrypt the data so we can minimize the overall exposure,” Kiley said. “We just can’t continue to have systems exposed to these types of data breaches. It’s becoming commonplace.”
Jon Chesto may be reached at jchesto@ledger.com.