There are a couple of interesting identity theft news circulating on the Internet which I would like to bring up and briefly analyze. First, you probably heard by now that Global Payments Inc. experienced a massive data breach in early March 2012 which can potentially affect 10 million cardholders although the company did not report any numbers or case specifics. The company has notified the authorities but the impact is yet to be determined and communicated to the public. The company stock stopped trading today but not before it lost 9%. We will be hearing more details about the incident in the coming days and weeks. In a similar case, the Heartland Payment Systems Inc. also experienced a data breach which affected millions of cardholders in 2009 and cost around $150 million to address the incident.

The second identity theft news is that the identity of Paul Allen, the co-founder of Microsoft was stolen to commit debit card fraud. The fraud was detected by the Citibank fraud detection system as it intercepted suspicious transactions after fraud had occurred. This type of control is good to minimize fraud damages but not good enough to prevent fraud. We will discuss more about this a little bit later.

Apparently, the identity thief used social engineering to fool the Citibank call center employee to make an address change and called a few days later to report a lost debit card for which a replacement card was issued and sent to the thief’s address which he used to commit fraud before getting caught.

Address change fraud is one of the identity fraud red flags which is addressed by the Red Flags Rule for preventing fraud. This type of scheme also knows as social engineering which is meant to easily bypass system security controls takes advantage of employee weaknesses to get information, change information or make the employee take a desired action. First, this fraud scam would have been detected if the bank had identified this identity theft red flag as part of its identity theft prevention program and educated its employees to consider this type of scheme and perform better customer identity verification. Second, the Red Flags Rule specifically considers the short interval between a reported address change and a lost or stolen card an identity theft red flag which should be recognized as such, detected and mitigated through policies, procedures and employee training.

Customers can also help banks prevent and detect identity theft early on. For example, a couple of the most important things that consumers can do are to observe the frequency of their bank or credit account statements and notify the bank when they do not receive one on the scheduled date and also review their account statements to detect any unrecognized transactions and notify the banks even if they do not expect any activities on the account.

Until next time, be identity safe,
Henry Bagdasarian
Identity Management Institute


The grandfathering petition deadline for becoming a Certified Red Flag Specialist (CRFS) without taking the examination ends on 3/31/2012 after which point candidates must take the test. You still have time to fax or email in your applications this weekend. Please check the IMI website for updates.

Recent Blog Articles

Fraud Alerts Placing credit report fraud alerts is a great way stop ongoing or even suspected identity theft cases. Learn about credit report fraud alert benefits, limitations and placement process.

Identity Theft Prevention Program A comprehensive, well documented and fully executed identity theft prevention program is necessary to properly address all identity theft risks and comply with various identity theft laws.

Bad Business Reputation Identity theft and fraud can inflict bad business reputation on companies which fail to protect their customers against fraud and privacy violations due to negligence.

Credit Card Expiration There are very good reasons why credit cards expire and although it may be a hassle to constantly update credit card expiration dates, expired credit cards are less useful to thieves.

Tax Refund Scam A typical tax refund scam can happen during any tax season, however, during tough economic times or a special tax refund year, scammers may have an upper hand against their victims.