Monday, May 22, 2006
FLASH FLASH FLASH: Security Breach at VA compromises personal info for millions of veterans
A disc containing the personal records - including names, social security numbers, and birth dates, of about 25.6 million veterans was stolen from the home of a Veterans Administration analyst earlier this month.
That's a significant security breach - and a major windfall to cybercriminals and ID Theft professionals, if the criminals realize what they have. The fact that the VA is not revealing the date of the burglary, nor the location, nor the encryption used, suggests to me that there is little reason to believe the crooks know what they stole.
The VA is planning to notify every affected veteran as a precaution, but will not reimburse them for the cost of credit checks.
That shouldn't be a big deal. Everyone in the country is entitled to a free credit report every year under the current law.
If a pattern begins to emerge that suggests that veterans on this disc are becoming victims of identity theft, then we'll know pretty quickly.
Meanwhile, I strongly recommend every military member enroll in the "Active Duty Alert program.
Here's the straight dope, lifted directly from the Federal Trade Commission
When a business sees the alert on your credit report, it must verify your identity before issuing you credit. The business may try to contact you directly, but if you're on deployment, that may be impossible. As a result, the law allows you to use a personal representative to place or remove an alert. Active duty alerts on your report are effective for one year, unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.
To place an "active duty" alert, or to have it removed, call the toll-free fraud number of one of the three nationwide consumer reporting companies: Equifax, Experian, or Trans Union. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information.
Equifax: 1-800-525-6285; www.equifax.com
Experian: 1-888-EXPERIAN (397-3742); www.experian.com
TransUnion: 1-800-680-7289; www.transunion.com
Contact only one of the three companies to place an alert - the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.
When you place an active duty alert, your name will be removed from the nationwide consumer reporting companies' marketing lists for prescreened offers of credit and insurance for two years - unless you ask that your name be placed on the lists before then. Prescreened offers - sometimes called "preapproved" offers - are based on information in your credit report that indicates you meet certain criteria set by the offeror.
Yes, the FTC says you're supposed to be on active duty to place one of these alerts. Somehow I don't think anyone is going to prosecute you for fraud in this instance.
Update: David Rubinger of Equifax advises: "People can do better than that. Anybody, veteran or not, can put a fraud alert on their credit report, which accomlishes the same thing."
Rubinger also suggests enrolling in a credit monitoring system - a paid service, which generates an email every time someone makes a credit inquiry or otherwise touches your credit report. Basic service at Equifax starts at $49.95 per year, for a weekly email. A more expensive package - 99.95 per year - gets you a daily email. And the high-speed, low-drag 3 in 1 monitoring plan monitors all three major credit bureaus, and comes with $20,000 in no-deductible identity fraud protection - all for 129.95 per year, or 14.00 per month.
"This is the biggest [security breech event] that we know of, says Rubinger. In some cases, such as with Time Warner, the companies themselves have underwritten providing credit monitoring service for the affected employees. The VA says they will not provide assistance beyond notification.
That's a lot of liability to assume.
Splash, out
Jason
Monday, May 15, 2006
Credit Counselors Can't Pay Their Bills ...
No, it's not because the employees at the Consumer Credit Counseling Corporation are irresponsible spendthrifts. It's because the 2005 Bankruptcy Reform Act, which requires mandatory credit counseling before consumers can declare bankruptcy, is forcing thousands of people into credit counseling who are so deeply in financial crisis they can't even afford counseling!
Nice reporting from the excellent personal finance columnist, Liz Pulliam Weston:
Each pre-bankruptcy counseling session costs the agencies an average $50.96, Ensinger said, but the average amount collected is just $37.71. Losing $13.25 on each session is bad enough, but the agencies complain that a larger-than-expected number of applicants is forcing them to redirect resources to bankrupts that might otherwise be used to help consumers who still have a fighting chance to pay their debts.
The banks, legions of creditors hawking home equity loans in a rising rate environment, and the scads of shysters running payday loan and title loan shops created this mess.
One solution: Charge a $4 fee up front, cash, check, or money-order only, on all applications for consumer or business credit. These companies can collect up front or the company can pay the bill. That money can go to an industry-sponsored or quasi-government agency to cover the costs of credit counseling.
I would require the money up front before any credit accunt is activated other than zero-interest rollovers - via direct mail or the Internet (I'm talking to you, credit card industry!)
After all, if a consumer is in such trouble that he or she has to blink at $4, then the last thing he or she needs is another credit account.
Friday, May 12, 2006
Brokers beware: The erosion of the doctrine of bespeaks caution
Bespeaks Caution 101
Once upon a time, broker dealers and other sales organizations could take shelter behind cautionary statements and general disclosures of risk under a legal concept called The Doctrine of Bespeaks Caution.
Under this doctrine, unhappy customers could not collect damages from vendors for misstatement of facts, if the original statement—the product literature, or prospectus, or other communication with the buyer—contained cautionary language regarding possible risks. If the client is appraised of the risk, then the communication is said to ‘bespeak caution,’ and the buyer could not have been deceived. In other words, as Georgetown University Law School Professor Donald Langevoort, explains it, "It's not a fraud to mispredict the future, if you've given people adequate warning that the future is difficult to predict.''
Recent trends in securities caselaw, though, have significantly eroded this once powerful protection for registered reps. A recent 2nd Circuit case* held that misstatements going to the heart of an investment decision could not be covered under the ‘bespeaks caution’ doctrine, reversing the ruling of a lower court. Boilerplate risk disclosure language doesn’t cut it. As another Federal judge put it: “The doctrine of bespeaks caution provides no protection to someone who warns his hiking companion to walk slowly because there might be a ditch ahead when he knows with near certainty that the Grand Canyon lies one foot away.”
*P. Stolz Family Partnership L.P. v. Daum, 355 F.3d 92 (2nd Cir., 2004)
That's a significant security breach - and a major windfall to cybercriminals and ID Theft professionals, if the criminals realize what they have. The fact that the VA is not revealing the date of the burglary, nor the location, nor the encryption used, suggests to me that there is little reason to believe the crooks know what they stole.
The VA is planning to notify every affected veteran as a precaution, but will not reimburse them for the cost of credit checks.
That shouldn't be a big deal. Everyone in the country is entitled to a free credit report every year under the current law.
If a pattern begins to emerge that suggests that veterans on this disc are becoming victims of identity theft, then we'll know pretty quickly.
Meanwhile, I strongly recommend every military member enroll in the "Active Duty Alert program.
Here's the straight dope, lifted directly from the Federal Trade Commission
When a business sees the alert on your credit report, it must verify your identity before issuing you credit. The business may try to contact you directly, but if you're on deployment, that may be impossible. As a result, the law allows you to use a personal representative to place or remove an alert. Active duty alerts on your report are effective for one year, unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.
To place an "active duty" alert, or to have it removed, call the toll-free fraud number of one of the three nationwide consumer reporting companies: Equifax, Experian, or Trans Union. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information.
Equifax: 1-800-525-6285; www.equifax.com
Experian: 1-888-EXPERIAN (397-3742); www.experian.com
TransUnion: 1-800-680-7289; www.transunion.com
Contact only one of the three companies to place an alert - the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.
When you place an active duty alert, your name will be removed from the nationwide consumer reporting companies' marketing lists for prescreened offers of credit and insurance for two years - unless you ask that your name be placed on the lists before then. Prescreened offers - sometimes called "preapproved" offers - are based on information in your credit report that indicates you meet certain criteria set by the offeror.
Yes, the FTC says you're supposed to be on active duty to place one of these alerts. Somehow I don't think anyone is going to prosecute you for fraud in this instance.
Update: David Rubinger of Equifax advises: "People can do better than that. Anybody, veteran or not, can put a fraud alert on their credit report, which accomlishes the same thing."
Rubinger also suggests enrolling in a credit monitoring system - a paid service, which generates an email every time someone makes a credit inquiry or otherwise touches your credit report. Basic service at Equifax starts at $49.95 per year, for a weekly email. A more expensive package - 99.95 per year - gets you a daily email. And the high-speed, low-drag 3 in 1 monitoring plan monitors all three major credit bureaus, and comes with $20,000 in no-deductible identity fraud protection - all for 129.95 per year, or 14.00 per month.
"This is the biggest [security breech event] that we know of, says Rubinger. In some cases, such as with Time Warner, the companies themselves have underwritten providing credit monitoring service for the affected employees. The VA says they will not provide assistance beyond notification.
That's a lot of liability to assume.
Splash, out
Jason
No, it's not because the employees at the Consumer Credit Counseling Corporation are irresponsible spendthrifts. It's because the 2005 Bankruptcy Reform Act, which requires mandatory credit counseling before consumers can declare bankruptcy, is forcing thousands of people into credit counseling who are so deeply in financial crisis they can't even afford counseling!
Nice reporting from the excellent personal finance columnist, Liz Pulliam Weston:
The banks, legions of creditors hawking home equity loans in a rising rate environment, and the scads of shysters running payday loan and title loan shops created this mess.
One solution: Charge a $4 fee up front, cash, check, or money-order only, on all applications for consumer or business credit. These companies can collect up front or the company can pay the bill. That money can go to an industry-sponsored or quasi-government agency to cover the costs of credit counseling.
I would require the money up front before any credit accunt is activated other than zero-interest rollovers - via direct mail or the Internet (I'm talking to you, credit card industry!)
After all, if a consumer is in such trouble that he or she has to blink at $4, then the last thing he or she needs is another credit account.
Nice reporting from the excellent personal finance columnist, Liz Pulliam Weston:
Each pre-bankruptcy counseling session costs the agencies an average $50.96, Ensinger said, but the average amount collected is just $37.71. Losing $13.25 on each session is bad enough, but the agencies complain that a larger-than-expected number of applicants is forcing them to redirect resources to bankrupts that might otherwise be used to help consumers who still have a fighting chance to pay their debts.
The banks, legions of creditors hawking home equity loans in a rising rate environment, and the scads of shysters running payday loan and title loan shops created this mess.
One solution: Charge a $4 fee up front, cash, check, or money-order only, on all applications for consumer or business credit. These companies can collect up front or the company can pay the bill. That money can go to an industry-sponsored or quasi-government agency to cover the costs of credit counseling.
I would require the money up front before any credit accunt is activated other than zero-interest rollovers - via direct mail or the Internet (I'm talking to you, credit card industry!)
After all, if a consumer is in such trouble that he or she has to blink at $4, then the last thing he or she needs is another credit account.
Friday, May 12, 2006
Brokers beware: The erosion of the doctrine of bespeaks caution
Bespeaks Caution 101
Once upon a time, broker dealers and other sales organizations could take shelter behind cautionary statements and general disclosures of risk under a legal concept called The Doctrine of Bespeaks Caution.
Under this doctrine, unhappy customers could not collect damages from vendors for misstatement of facts, if the original statement—the product literature, or prospectus, or other communication with the buyer—contained cautionary language regarding possible risks. If the client is appraised of the risk, then the communication is said to ‘bespeak caution,’ and the buyer could not have been deceived. In other words, as Georgetown University Law School Professor Donald Langevoort, explains it, "It's not a fraud to mispredict the future, if you've given people adequate warning that the future is difficult to predict.''
Recent trends in securities caselaw, though, have significantly eroded this once powerful protection for registered reps. A recent 2nd Circuit case* held that misstatements going to the heart of an investment decision could not be covered under the ‘bespeaks caution’ doctrine, reversing the ruling of a lower court. Boilerplate risk disclosure language doesn’t cut it. As another Federal judge put it: “The doctrine of bespeaks caution provides no protection to someone who warns his hiking companion to walk slowly because there might be a ditch ahead when he knows with near certainty that the Grand Canyon lies one foot away.”
*P. Stolz Family Partnership L.P. v. Daum, 355 F.3d 92 (2nd Cir., 2004)
Once upon a time, broker dealers and other sales organizations could take shelter behind cautionary statements and general disclosures of risk under a legal concept called The Doctrine of Bespeaks Caution.
Under this doctrine, unhappy customers could not collect damages from vendors for misstatement of facts, if the original statement—the product literature, or prospectus, or other communication with the buyer—contained cautionary language regarding possible risks. If the client is appraised of the risk, then the communication is said to ‘bespeak caution,’ and the buyer could not have been deceived. In other words, as Georgetown University Law School Professor Donald Langevoort, explains it, "It's not a fraud to mispredict the future, if you've given people adequate warning that the future is difficult to predict.''
Recent trends in securities caselaw, though, have significantly eroded this once powerful protection for registered reps. A recent 2nd Circuit case* held that misstatements going to the heart of an investment decision could not be covered under the ‘bespeaks caution’ doctrine, reversing the ruling of a lower court. Boilerplate risk disclosure language doesn’t cut it. As another Federal judge put it: “The doctrine of bespeaks caution provides no protection to someone who warns his hiking companion to walk slowly because there might be a ditch ahead when he knows with near certainty that the Grand Canyon lies one foot away.”
*P. Stolz Family Partnership L.P. v. Daum, 355 F.3d 92 (2nd Cir., 2004)