Web sites with information to help you become better armed against fraud:
National Fraud Information Center/Internet Fraud Watch, Division of the National Consumers League
Tips, examples and statistics debunking common frauds and schemes. Users can submit reports of scams to the Fraud Center for investigation.
National Consumers League, Washington, D.C.-based consumer advocacy group
Reports and guides on common consumer issues, including fraud and the technologies making business (and theft) fraud easier.
fbi.gov/majcases/fraud/ fraudschemes.htm
FBI Common Fraud Schemes
Federal listing details several ongoing scams, providing examples and tips to detect fraudulent solicitors.
Internet Crime Complaint Center, partnership between the FBI and the National White Collar Crime Center
Victims of Internet fraud can file official complaints, which are referred to authorities at federal, state, local and international levels.
Fighting Back Against Identity Theft.
Federal Trade Commission site instructs victims of identity theft on the steps to take after being scammed, from placing a fraud alert on credit reports to filing reports with local and federal authorities.
Banks shore up ID security
Thanks to government regulation,
lenders lead retailers in assessing fraud risk
The Patriot Ledger
User names and passwords are no longer enough for Eastern Bank’s online customers. In response to growing concern about private data theft, the bank is starting this week to require customers to not only enter user names and passwords at their Web site, but also a “pass phrase” that matches an image they have selected.
“This is going to take it to another level of safety without too much customer inconvenience,” said Marc DeCastro, vice president of
e-commerce at the Boston-based bank. “The traditional login and password really isn't enough.”
The new system is designed to counter fraudulent Web sites designed to look like Eastern’s and trick customers into entering their account information. These bogus Web sites are just one of the ways thieves are trying to capture personal data in an age of increasing e-commerce.
While they may be tightening their systems, banks have always had their guard up on data security because their systems are regulated and rated by the federal government.
The retail industry is not yet similarly regulated, but recent breaches at familiar chains such as TJX Cos. and Stop & Shop have brought the problem to the forefront and spawned meetings about how to increase protection against data theft.
“The key here, and it’s a tough key, is to stay one step ahead,” said Jon Hurst, president of the Retailers Association of Massachusetts. “These are very sophisticated criminals. This is the new organized crime target.”
Retailers have hired hacking firms to troubleshoot their systems, encrypted their customers’ data so it can’t be easily read and issued detailed explanations on their Web sites of how customers can protect themselves.
“No one is more concerned about fixing this than retailing,” Hurst said. “Billions of dollars in theft are coming right off our shelves.”
Canton-based clothing retailer Casual Male, for example, is like many retailers in that it uses Secure Sockets Layer protocol to encrypt its Web site’s ordering pages. Dennis Hernreich, Casual Male’s chief operating officer, said it’s critical for retailers to make data as difficult to discern as possible so that a thief has a tough time decoding the information.
“It’s what you store and how you store it,” Hernreich said. “And if you do have a breach, what could the breaching party extract from (a store’s) files? Customer information touches virtually every system you have. You have to go into all facets of your system to secure the information contained within them.”
The focus on customer data security has meant an evolution for jobs like Christine McGowan’s.
McGowan, who heads information security at Rockland Trust, held a strategy meeting with her co-workers after the TJX episode came to light. She said assessing the risk of a breach is an increasingly important part of her job.
“It’s really identifying and understanding where all your customer information is through your entire organization,” McGowan said.
She said her company runs through a risk assessment with every department in the bank and rates them based on whether they have information, whether it is exposed externally or internally and how many people have access to the data.
Even a Rockland Trust employee who wants to access customer data from a remote location must have a user name, password, a separate numeric code and access to a database that changes pass codes every 30 seconds.
Enter the wrong information too many times, and the computer shuts down.
More can be done, and emerging technologies may lead the way.
Biometrics, the measurement of physical characteristics to verify identity (retina and thumbprint scans), shows promise. But the technology has not yet become applicable for use by the general population.
“Until they start selling keyboards with thumb scanners, you’re not going to see a lot of that,” said Lloyd Hamm Jr., chief administrative officer at Eastern Bank.
Hurst said another retail change that would help with security is a switch from signature-based credit card transactions to PIN-based transactions, which are considered more secure because finding out a personal identification number is harder than forging a signature.
“We’ve got to have a real discussion about whether we really need to change the system,” Hurst said.
The restaurant industry, a sector that thrives on credit cards, is increasingly looking for new technology to ensure that diners’ cards are secure.
Lisa Wilson, managing vice president of Maryland-based Action Systems, which manufactures table-side credit card swipers, said restaurants in general need to encrypt more customers’ data.
“If it’s not encrypted, you do need to simply purge it,” she said. “It’s no longer appropriate to be storing that type of data.”
Jack Encarnacao may be reached at jencarnacao@ledger.com.