When Will the Madness End?

For a fourth time, the FTC postponed the Red Flag compliance deadline for non banking regulated companies. The original deadline was to be November 1st, 2008. It was set to go live on November 1st, 2009 and now they have pushed it back to June, 2010.

http://www.networkworld.com/news/2009/110209-layer8-ftc-red-flags.html

This new compliance requires non banking institutions that could be exposed to identity theft to put in new procedures to detect and mitigate identity theft. For example, health care. Medical identity theft is growing as people are using stolen identities to receive medical services in a victim's name. You can see that it might be a good idea to have health care providers to makes sure that doesn't happen.

Dear Mr. Elliott, we see that you owe us $25,000 for a liposcution treatment that you received in Los Angeles". Huh?

According to the press release, the 4th delay was caused by members of congress saying that the new compliance is not well understood and we should not punish companies. Huh?

Since when did making sure that companies that receive confidential identity data use it wisely become unfair. In the credit card world, for anyone receiving credit card information - they must be PCI compliant. They must have standards in place to make sure that do everything possible to minimize credit card numbers from being compromised.

However, when it comes to a persons identity, we once more say that this isn't as important. Ironic. If your credit card is compromised, the consumer has a $50 liability and that's the extent of the damage. If your identity is stolen, you may have years and thousands of dollars expended before you can clean it up, if ever.

Priorities? In the meantime, identity theft rose again in 2008 and all expectations are that they will rise again in 2009.

A.E>>>

Fox Guarding the Hen House?

This is the last topic I thought I would be writing about, but in the past few weeks it has caught my interest in a big way.

A few weeks ago, a colleague of mine that works for a regional high speed internet provider called me to ask if ID Insight maintained information about which households in the country have high speed internet access? When I asked why, I didn't realize how this would lead me on an odyssey canvassing the government, the Obama Stimulus package and a lot of bickering.

The Broadband Stimulus Package is a $7.2 Billion grant program that is part of the American Recovery and Reinvestment Act. Remember: Cash for Clunkers? Ya - that one. Anyway - the Broadband stimulus is intended to bring high speed internet to the hinterlands of rural America.

The way the grant works is generally as follows. If you apply and receive a grant, the government will subsdize 80% of the costs to bring high speed to a particular area. So, if you are a regional operator and it would normally cost you $5 million to lay down the fiber, cable, etc... now it will only cost $1 million. Obviously, this can be very lucrative for the carriers and enable high speed to areas where it may have previously not been possible.

Here's the kicker. To receive a grant, the applicant must demonstrate that an area is under-served. Here's the second kicker. The data does not exist. So how do you get the data? Enter Connected Nation. This non-profit was formed to obtain the data and information needed. They do this by working directly with the carriers to obtain their subscriber lists and develop these broadband maps.

Sounds logical on the surface - right? However, when you do a deeper dive, you find the following. Connected Nation was formed and is managed by the biggest telcos in the world. You know 'em - AT&T, Comcast, Verizon, etc....

So here's the rub. Many smaller and regional telco's are vying for the grant monies, but they don't have all the data. When they apply, the big telco's are now protesting those grants saying that the area is "served". They then hold up Connected Nation as their proof. The regional carriers are left to try to disprove. Their motive is to not allow competition where they don't want it.

The regional carriers and municipalities are furious. And they should be. Why should the major carriers be able to control who goes where and stifle competition? Connected Nation lobbied for this data requirement, and then turned around and lobbied for a separate grant of $350 million to collect the data themselves. Wow!

This saga will continue to play out in the weeks and months to come. Attached is a recent report issued on Connected Nation.

http://www.ntia.doc.gov/broadbandgrants/comments/61BC.pdf

Also - we have a little secret. We have already compiled the data, and it was not collected through the major carriers. It cost us just a trifle less than the $350 million that the government just set aside. Shhhhh. Don't tell anyone.

Why I Depise PowerPoint

It seems like we live in a PowerPoint world these days. As a provider of financial services solutions, my day is filled with meeting after meeting and presentation after presentation. The vast majority of these meetings are over the phone - especially for those 'first' appointments.

And of course, the medium of choice is our old friend PPT. Couple that with WebEx - and you've got yourself a meeting! It is from there that it is all downhill. After spending hours and sometimes days crafting this masterpiece - the meeting kicks off and jumps right to the AGENDA. From there, you jump into the next slide, the next and so on.

All the while, your audience is on the other end and you have no earthly idea what is happening. Are they sleeping, are they listening or are they busy catching up on their last week of emails. I don't know. I do try to periodically check in and ask if there are any questions. Sometimes that gives you a clue, when there is about a 10 second pause, and then: "Sorry - I had you on mute." Or even better yet, when they put you on hold and they have some lovely music playing in the background.

When they are engaged and asking questions, it is more often than not that these questions lead me to jump past slides or abandon the carefully crafted deck all together.

Because of this - I avoid PPT at all costs. Sometimes it is the necessary evil - especially when you have a large audience and you have information that needs to be on the printed page. However, more often that not, the carefully crafted deck is useless and a complete waste of time.

Especially when you are on a first appointment and your job is not to present your latest gadget, but to listen and discover. I can't solve a problem if I don't know what the problem is or they do not understand yet what their problem might be.

To me, PPT has become a crutch for verbal vomiting and self adulation and comes at the expense of valuable dialogue. I will be speaking at a conference in October, and of course the first thing they did was send me instructions about when and how to upload my PPT. I wonder what they are going to think when I say "I don't have one".

Here's a recent blog on the best and worst of PowerPoint.

http://news.bbc.co.uk/2/hi/uk_news/magazine/8213901.stm

Latest Threat

Last week we came across another fraud activity that I thought I would share. I was speaking at a conference last week and there was some discussion about one of the latest threats related to altering of a person's credit report. Not exactly new, but renewed.

The scam is as follows. The credit bureaus, by law, have to remove delinquent information from a consumer's credit report within 4 days of receipt of a valid affidavit of identity theft from law enforcement. Once the bureau has the form and the accounts that should be 'sanitized', they then have 4 days to remove.

Makes sense if, indeed, there was identity theft present. However, this is not always the case. The bureaus are finding that many of these affidavits are counterfeit or fictitious. In fact, they went on to describe that they are getting hit particularly hard in the Southern California area and that many suspected reports tend to all have Armenian surnames.

They then went on to describe how there are a bunch of credit repair companies charging hundreds and thousands of dollars to clear a consumer credit report. This is how they are clearing.

Flash forward 24 hours. As I boarded my plane back to Minnesota - I brought up a data study for a prospect - hoping to see if we could help them identify a particular fraud ring they were seeing. At first - the frauds that we analyzed did not seem to out of the ordinary. However, at second glance, we realized that they were all Armenina surnames out of..... you guessed it - Souther California.

This one is pretty scary. Scary - because they all tended to be verified, have good credit, no real fraud characteristics, etc.... Once that credit report has been 'sanitized', they are free to resume roaming and take everyone to the cleaners.

I am sure that once they steal their next batch of money, they just return to their 'buddy', re-sanitize and do it again.

Are our credit granting systems under attack? Is this a pre-cursor of things to come?

A.E>>>

Broadband Stimulus Data

Over the past few weeks, we have been bombarded with requests for broadband connectivity and internet usage data. Turns out that as part of the Obama Administration's American Recovery and Reinvestment Act that $7.2 billion in Federal grant monies have been set aside to help bring high speed internet to communities without access.

For those that receive a grant, these companies and communities receive $0.80 on the dollar for all expense to provide the access. Pretty good incentive if you asked me.

However, for companies and communities to apply for the grant, they must have data and maps that shows the current connectivity and usage. That's the dilemma. That data does not exist. Why? Because only the carriers have this data and they treat as highly confidential. However - a requirement it remains.

As such, many communities and carriers have not been able to apply for these substantial grants. That is until now. We recently announced the development of the first national database of internet connectivity and usage down to the Census level geography needed.

By accessing our proprietary databases of internet users, we were able to combine with our analytics to produce the data and maps needed.

Pretty exciting stuff. Who would have thunk that a company focused on ID Theft and fraud would be creating a database to enable a computer in every home and classroom. Should be interesting watching this all play out.

A.E>>>

Data Breach Blahhhh!

I just got done reading my latest article regarding data breaches.

http://www.smartmoney.com/spending/budgeting/dingbat-data-leaks/

In this article, like many others, the author discusses how data is lost, that most breaches are accidental in nature, and the fact that 50% of laptops that are misplaced have personal identifying data.

This focus on data breaches and better protections is doing little or nothing to reduce the rapid increase in identity theft. In fact - it is diverting our focus from what is the much more important issue "What can I do with the data".

If we add up all the breaches and data losses, I would imagine each of our individual ID's are out there in cyber land many times over. That is not the issue - the issue is what can I do with the data.

For example - If I simply need to present that data to open a new credit card account and they open - then this is the problem. If I can use the data to create a fictitous Driver's License which then is used in a routine traffic stop, then this is the problem. If I can use someone's data to receive medical service in the victim's name, then this is the problem.

The point is - the data is out there. While it is good practice to do all we can to secure data, it is not going to address the problem. We need to be spending our time, energies and monies on developing secure systems that do not allow someone with a print out of your personal data to take you to the cleaners.

A.E>>>

The Next Criminal Hero

For years, Americans have held a deep fixation with criminals, many times transforming them into heros. Every generation seems to have their criminal heros. We can go back to the 20's and 30's with Bonnie & Clyde, Baby Face Nelson, Al Capone, etc... Then the 60's brought us our first white collar crime hero - Frank Abignail, who was the subject of the movie "Catch Me if you can".

Of course, the 70's brought us the trio of The Godfather movies, and made the Corleone's America's favorite crime family. This was followed up with copy cat John Gotti.

Then in the 80's and 90's, Kevin Mitnick (The original computer hacker)was convicted and became the posterchild for young hackers everywhere. Much like Abignail, Mitnick turned his criminal activity into a gold mine by going on the road and telling everyone how he did it.

Now - we have our next posterchild - Albert Gonzalez who was recently arrested for the Heartland Data Systems breach. What makes this even more entertaining is that he was also arrested in the TJX data breach a few years earlier in 2003. Rather than throw him in the slammer, he instead became an informant for the Secret Service. A few short years later, he has achieved his goal of international fame and worship.

For those not in the banking industry, his compromise of Heartland created major havoc for banks everywhere. If you received a new credit or debit card in the past few months, it is likely due to the breach at Heartland. Banks were forced to investigate which cards were compromised and had to re-issue millions of cards. Thus far, this has cost Heartland over $32 MM in fines and losses.

So the next time, you get a fee increase from your bank, you might want to thank Albert. This may alter our collective opinion regarding his hero status.

In the meantime, Albert will go spend a few years behind bars thinking about his crime. More likely, he will be writing his business plan for becoming the next in a line of criminals who turned their misfortunate into a gold mine.

A.E>>>