- Email: [email protected]
Lifelock accepts settlement
NEWS “How about they have to prove that Netflix data is more invasive than data collected by other sites and entities such as grocery stores, banks, restaurants and websites?”
Lifelock accepts settlement
I
dentity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services.
LifeLock will pay $11m to the Federal Trade Commission, along with $1m to a group of 35 state attorneys general. The payment will settle charges that it used false claims to promote its identity theft protection services. According to an FTC statement on the LifeLock case, LifeLock was wrong to guarantee that its customers would never be subject to identity theft. The fraud alerts that it put on customers’ credit files only protected against certain forms of identity theft, the Commission alleged. Account misuse, which the FTC said was the most common type of identity theft, was not protected against. 17% of identity theft incidents comprised new account fraud according to an FTC survey released in 2007. The FTC alleged that the service failed to protect against medical or employment identity theft. Claims that customers would receive a telephone call from a potential creditor before a new account was opened were false, the FTC said, as were claims that LifeLock could prevent unauthorised changes to customers’ address information. “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” commented FTC chairman Jon Leibowitz. The FTC said that LifeLock’s data was not encrypted, and that the company falsely claimed that only authorised employees would have access to the information, on a need-to-know basis. LifeLock put a positive spin on the situation. “LifeLock is pleased with this agreement, which, for the very
March 2010
first time, works to set advertising guidelines for the entire industry,” said LifeLock chairman and CEO Todd Davis. “We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft.” Under the settlement, Davis was personally barred from making the same misrepresentations as LifeLock had previously, along with its cofounder Robert J. Maynard Jr, the FTC said.
Online crime effects getting worse 5
L
awsuits from online crime more than doubled between 2008 and 2009, according to the latest figures released by the Internet Crime Complaint Center (IC3). The organization also received 22.3% more complaints about Internet crime in 2009, indicating that the average money lost in a single fraud case has increased.
According to the Internet Crime Complaint Center Center (IC3), which is a joint venture between the FBI and the national White Collar Crime Center, $559.7 million was lost in 2009 due to online crime. Scams that purport to use the FBI’s name were the most frequently reported, at 16.6%. The second most reported incident was nondelivery of merchandise or payment. Figures show that 11.9% of online fraud reports fell into this category. The increase in dollar losses in the past year represent a marked spike in the average rise over the last nine years. Losses rose relatively steadily from 2001 through 2008, with the only decrease coming in 2004. But the 2009 figures amount to more than the previous two years combined. Of the cases reported to law enforcement by the Internet Crime Complaint Center, almost one in five were the result of goods not being delivered online, or payments not being made. Identity theft ranked second, at 14.1% of referrals, with credit and debit card fraud coming in third. Continued on page 20...
Editorial Have you ever noticed how sometimes, reality and statistics don’t tally up? According to the UK Cards Association, card fraud figures are dropping as more people use online banking fraud to steal money from unsuspecting customers. A combination of chip and pin, and more sophisticated fraud systems within banks, are dropping numbers drastically, the Assocation said. Even card fraud in foreign places, where chip and pin hasn’t yet been implemented, is plummeting. That must be nice. But on my planet, things don’t look that rosy. I’m based in Canada, and had my UK card skimmed in a dodgy ATM in early February. later that month, I noticed unauthorised withdrawals showing up in my UK account. I posted something about it on Twitter and Facebook. Suddenly, friends and colleagues started replying to my posts. Yes, it had happened to them too, just weeks previously. They too had experienced the same rigmarole with their banks as I had, getting my £1200 refunded. So too did the business owner who contacted me earlier this year, who was adamant that she took good care of her card and PIN number before having £10,000 withdrawn from banks across London. I saw the withdrawal statements. I listened to her and her fiance on the phone for hours, and believed them when they said that they were telling the truth about not withdrawing the money themselves. Last week, one of the journalists that I was on a trip with when I learned about my own card fraud mailed me to say that he, too, had seen unauthorised withdrawals on his account. The problem is rampant, and it doesn’t seem to be going away, which is why David Birch’s article “Buyer Beware?” in this edition of Computer Fraud and Security is so important. There is a canker at the heart of the financial industry, and try as they might to say that card fraud is a falling problem, I'm not buying it. The anecdotal story on the street is entirely different.
Computer Fraud & Security
3
Lifelock accepts settlement
I
dentity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services.
LifeLock will pay $11m to the Federal Trade Commission, along with $1m to a group of 35 state attorneys general. The payment will settle charges that it used false claims to promote its identity theft protection services. According to an FTC statement on the LifeLock case, LifeLock was wrong to guarantee that its customers would never be subject to identity theft. The fraud alerts that it put on customers’ credit files only protected against certain forms of identity theft, the Commission alleged. Account misuse, which the FTC said was the most common type of identity theft, was not protected against. 17% of identity theft incidents comprised new account fraud according to an FTC survey released in 2007. The FTC alleged that the service failed to protect against medical or employment identity theft. Claims that customers would receive a telephone call from a potential creditor before a new account was opened were false, the FTC said, as were claims that LifeLock could prevent unauthorised changes to customers’ address information. “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” commented FTC chairman Jon Leibowitz. The FTC said that LifeLock’s data was not encrypted, and that the company falsely claimed that only authorised employees would have access to the information, on a need-to-know basis. LifeLock put a positive spin on the situation. “LifeLock is pleased with this agreement, which, for the very
March 2010
first time, works to set advertising guidelines for the entire industry,” said LifeLock chairman and CEO Todd Davis. “We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft.” Under the settlement, Davis was personally barred from making the same misrepresentations as LifeLock had previously, along with its cofounder Robert J. Maynard Jr, the FTC said.
Online crime effects getting worse 5
L
awsuits from online crime more than doubled between 2008 and 2009, according to the latest figures released by the Internet Crime Complaint Center (IC3). The organization also received 22.3% more complaints about Internet crime in 2009, indicating that the average money lost in a single fraud case has increased.
According to the Internet Crime Complaint Center Center (IC3), which is a joint venture between the FBI and the national White Collar Crime Center, $559.7 million was lost in 2009 due to online crime. Scams that purport to use the FBI’s name were the most frequently reported, at 16.6%. The second most reported incident was nondelivery of merchandise or payment. Figures show that 11.9% of online fraud reports fell into this category. The increase in dollar losses in the past year represent a marked spike in the average rise over the last nine years. Losses rose relatively steadily from 2001 through 2008, with the only decrease coming in 2004. But the 2009 figures amount to more than the previous two years combined. Of the cases reported to law enforcement by the Internet Crime Complaint Center, almost one in five were the result of goods not being delivered online, or payments not being made. Identity theft ranked second, at 14.1% of referrals, with credit and debit card fraud coming in third. Continued on page 20...
Editorial Have you ever noticed how sometimes, reality and statistics don’t tally up? According to the UK Cards Association, card fraud figures are dropping as more people use online banking fraud to steal money from unsuspecting customers. A combination of chip and pin, and more sophisticated fraud systems within banks, are dropping numbers drastically, the Assocation said. Even card fraud in foreign places, where chip and pin hasn’t yet been implemented, is plummeting. That must be nice. But on my planet, things don’t look that rosy. I’m based in Canada, and had my UK card skimmed in a dodgy ATM in early February. later that month, I noticed unauthorised withdrawals showing up in my UK account. I posted something about it on Twitter and Facebook. Suddenly, friends and colleagues started replying to my posts. Yes, it had happened to them too, just weeks previously. They too had experienced the same rigmarole with their banks as I had, getting my £1200 refunded. So too did the business owner who contacted me earlier this year, who was adamant that she took good care of her card and PIN number before having £10,000 withdrawn from banks across London. I saw the withdrawal statements. I listened to her and her fiance on the phone for hours, and believed them when they said that they were telling the truth about not withdrawing the money themselves. Last week, one of the journalists that I was on a trip with when I learned about my own card fraud mailed me to say that he, too, had seen unauthorised withdrawals on his account. The problem is rampant, and it doesn’t seem to be going away, which is why David Birch’s article “Buyer Beware?” in this edition of Computer Fraud and Security is so important. There is a canker at the heart of the financial industry, and try as they might to say that card fraud is a falling problem, I'm not buying it. The anecdotal story on the street is entirely different.
Computer Fraud & Security
3