Government data breaches, in which personal information is accidentally released or stolen, are growing. This year, ineptitude on the part of federal, state and local governments was responsible for nearly half of all personal records lost in data breaches, according to statistics kept by the Identity Theft Resource Center. The rest happened in businesses, especially in the banking and medical communities.

In the spring of 2011, the Texas comptroller’s office announced that, for about a year, it had inadvertently exposed Social Security numbers and other data about 3.5 million Texans on a state website accessible to the public. The breach, probably the largest in Texas history, included names and addresses, and sometimes birth dates and driver’s license information. That’s enough for any ID thief to wipe some out financially.

The Texas attorney general’s office and the FBI launched a criminal investigation. Several employees in the comptroller’s office were fired.

In June 2011, 4,900 current and former workers at the state Department of Assistive and Rehabilitative Services were told that their personal information was exposed.

“Government has to be more careful,” Yacio says.

Ridiculous picture courtesy of identitytheftprotection.net

She knows. As readers of the Dave Lieber Watchdog column in the Fort Worth Star-Telegram first learned, after Yacio switched the bank account to which her retirement check was to be directly deposited, she got a call from her credit union telling her that it had received a letter from TRS to confirm the change. But her personal information, the credit union told her, was clearly visible through the TRS envelope.

TRS had used a window-style envelope. Yacio’s name, address and account number were visible through the front window. Anyone who handled the letter could use that information to steal from her.

Yacio flipped out. She contacted the state comptroller’s office, which directed her to TRS. She also complained to state Sen. Wendy Davis, D-Fort Worth. A staffer contacted TRS on her behalf, too.

“Window envelopes are a bad idea when sending sensitive information, as some things show that we don’t want others to see,” the former principal scolds. “People are getting sloppier and sloppier in protecting our personal information. And we wonder why identity theft has increased. The state needs to be more careful. Period!”

Her plan was to push the issue: “I rightly raised a ruckus,” she says. “People need not sit back and accept what is being done.”

She told TRS leaders on the phone, “Guys, you’ve got to quit using window envelopes. Window envelopes are very dangerous with this kind of information.”

TRS officials did something she did not expect: They listened to her.

TRS spokeswoman Rhonda Price told Watchdog Nation: “We can confirm that we have changed our procedures.” Letters with personal information to banks and credit unions “will now be mailed utilizing mailing labels so that the content of the envelope cannot be seen.

“Our longer-term solution will be to have the sensitive information taken off [the letters], but that will require programming changes. We believe our interim solution will resolve the issue until the programming changes can be made.”

Yacio praises TRS for its quick recovery.

Jay Foley, executive director of the Identity Theft Resource Center, says breaches caused by government are worse than those caused by private businesses.

“As a consumer, I chose which businesses I will share my personal information with. I don’t have that luxury with government.

“If I want a driver’s license, I have to give my Social Security number. I pay taxes, and I have to use my Social Security number. If I want unemployment, I have to give my Social Security number.

“Government for a long time has allowed the Social Security number to be the de facto piece of identifying information about each of us. The downside is that government has never really learned how to control the information.”

That’s why Yacio’s battle cry is noteworthy. When any vulnerability is found in the protection of personal data, raise a ruckus.

# # #

Dave Lieber shows Americans how to fight back against corporate deceptions in his wonderful book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong.

The book focuses sharply on how to protect against identity theft and defend yourself if you’ve fallen victim to this. Are you tired of losing time, money and aggravation to all the assaults on our wallets? Learn how to fight back with ease — and win. Get the book here.

Read The Watchdog Nation manifesto here!

U.S. Chief Postal Inspector

The recipient: Guy Cottrell

From: Watchdog Nation

The sender: Newspaper columnist Dave Lieber

Dear Chief Inspector:

I write on behalf of thousands of people whose mail has been stolen from blue postal collection boxes in North Texas. My city, Fort Worth, leads the nation in mailbox thefts, according to records I obtained through the Freedom of Information Act.

Sir, an incident last month shows how the crime-reporting system, such as it is, is faulty — and how innocent people are unnecessarily hurt because of a lack of information. You’re the leader of the U.S. Postal Inspection Service. You can easily fix this.

As readers of the Fort Worth Star-Telegram // Dave Lieber Watchdog column already know, for more than two years, I have publicly shared information about mailbox thefts in the region, mostly because authorities refuse to do so. The postal inspectors who work for you say they cannot release date-and-place details of mail thefts from public boxes, at the request of the U.S. attorney’s office. Providing such information, they say, would jeopardize their criminal investigations.

Others, including me, believe that people have a right to know when something as important as their mail may have been stolen so they can work quickly to prevent identity theft.

- – - – - – - – - – - – - – - – - – - – - – - -

More Watchdog Nation News:

Watchdog Nation Partners with Mike Holmes

America meets Watchdog Nation/Listen to Fun Radio Interview

Watchdog Nation Debuts New e-Book and Multi-CD Audio Book

- – - – - – - – - – - – - – - – - – - – - – - -

Case in point: a June 3 incident at the Trinity River post office on Oak Park Lane in Fort Worth.

A reader tipped me that the two outdoor blue boxes were missing. Where did they go?

When I called the post office, an employee who answered the phone told me that nothing had happened.

Then I called the U.S. Postal Service, and spokesman Sam Bolen told me that the mailboxes were defaced and taken out for repainting.

“We have nothing to indicate mail was stolen from these collection boxes,” Bolen said.

Well, I do.

Watchdog Nation took this photo in late 2009 of a mailbox break-in outside the Haltom City, Texas post office.

After I reported the conflicting statements by postal employees, I heard from two people who placed mail in Trinity River post office collection boxes June 3. They say their mail never arrived.

Both told me that they, like me, had tried to learn what happened and couldn’t get a straight answer.

Elaine Stoltz says checks she mailed were stolen from the box. She figured it out when the checks didn’t arrive at their destinations. Then someone walked into her bank with a temporary driver’s license in her name and withdrew $1,500 from her bank account. Stoltz believes that the thief used information from the stolen mail. Her bank covered the loss.

A Fort Worth man told me that his mailed checks also never arrived. Then someone used a fake check with his name to buy $290 worth of merchandise from Walmart.

The man said that when he called the postal inspector’s office to complain, an employee “tells me on the phone that as far as they could determine, no mail was missing.”

I must ask: How do they know? (Apparently, they don’t.)

That same man then stopped a mail carrier on his route. When asked, the carrier said, “We’re really not supposed to talk about it, but something did happen.”

Chief Inspector Cottrell, the solution is one that is used in other parts of the country. I’ve found that in other areas, authorities do release details of mailbox thefts. This helps victims begin cleaning up identity theft problems sooner rather than later.

Please change the policy in North Texas. Allow all public mailbox thefts to be reported. Be more forthcoming.

There’s no doubt that the postal inspectors in our region are good at what they do. In fiscal 2010, the Fort Worth office reported 195 arrests and 192 convictions related to mail and identity theft. That’s among the best in the nation, but then again, they have a lot to work with.

Tarrant County had 60 thefts in 2009 and more than 80 last year (and those don’t include thefts from private mailboxes).

Certainly, we have a special problem here and things are getting worse before they get better.

Thank you,

Dave Lieber

On behalf of Watchdog Nation

# # #

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation.

Are you tired of fighting the bank, the credit card company, the electric company and the phone company? They can be worse than scammers the way they treat customers. A popular book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, shows you how to fight back — and win! The book is available at WatchdogNation.com as a hardcover, CD audio book, e-book and hey, what else do you need? The author is The Watchdog columnist for the Fort Worth Star-Telegram. Visit our store. Now revised and expanded, the book won two national book awards for social change. Twitter @DaveLieber

Visit Watchdog Nation Headquarters

Like Watchdog Nation on Facebook

Watch Watchdog Nation on YouTube

Twitter @DaveLieber

Crimes occur but information is scarce

Yet the U.S. Postal Service and the U.S. Postal Inspection service don’t easily release the information about mailbox break-ins to the public. Rarely, do you see these break-ins listed in police crime reports. The only way to get the information is through the U.S. Freedom of Information Act.

As readers of the Fort Worth Star-Telegram Dave Lieber Watchdog column first learned, the problem of thefts from blue U.S. Postal Service collection boxes apparently hasn’t gotten any better in the past year. Watchdog Nation took a sample of its home Fort Worth postal district.

Mostly unreported crimes

A year ago, the Fort Worth postal district reported 60 mailbox thefts in 13 months. But in the past 11 months, there have been more than 80 incidents in the district, which includes Amarillo, Lubbock, Abilene and Decatur, too.

Most of the thefts are in Fort Worth and Arlington. (See the 3-page government release here.)

Fort Worth boxes were hit almost 40 times, with the crimes scattered throughout the city.

Arlington had 28 reported incidents. One blue collection box at 300 E. South St. was apparently hit eight times.

Other cities hit: Amarillo with five, Abilene with three, River Oaks and Euless with two each, and one each in Haslet, Haltom City, Watauga, Grand Prairie, Lubbock and Decatur.

Watchdog Nation took this photo in late 2009 of a mailbox break-in outside the Haltom City, Texas post office.

Watchdog Nation methodology

I asked for a list of all reported incidents of theft, vandalism and tampering involving the blue collection boxes in the last 11 months of 2010.

The Postal Inspection Service cautioned me about the data it sent me:

“These reports are the raw, unverified data provided by USPS employees. Some of the entries provided contain duplicate reports of possible thefts or vandalism, as well as unverified dates of possible thefts or vandalism.” (I eliminated the obvious duplicates.)

I asked for vandalism and tampering crimes, too, because it’s often hard to prove any mail was stolen, but a good indicator is whether a mailbox was vandalized or tampered with.

The data matches anecdotal evidence gleaned from readers in recent months. An Arlington man notified the Star-Telegram in December that mailbox break-ins in his city were “rampant.” A Fort Worth man contacted me in November about thefts at a collection box at the post office near South Hulen Street at 4450 Oak Park Lane (the list includes two incidents there in October).

- – - – - – - – - – - – - – - – - – - – - – - -

More Watchdog Nation News:

Watchdog Nation Partners with Mike Holmes

America meets Watchdog Nation/Listen to Fun Radio Interview

Watchdog Nation Debuts New e-Book and Multi-CD Audio Book

- – - – - – - – - – - – - – - – - – - – - – - -

How bad is the problem?

John Breyault of the National Consumer League suggests that before you mail anything, you check the condition of a mailbox. “Is it in good repair? Is the lock on it secure? Does it look like it’s been tampered with somehow?”

He also offers an excellent idea: Check periodically with your residential carrier about mailbox thefts in your area.

A mailbox security expert tells me that along with thefts from mailboxes at homes, thefts at collection boxes remain a major problem nationwide.

Background

“It’s basically a crime that’s not being prosecuted because there’s too much of it to deal with,” says Michael Johnston, owner of USMailboxes. “The way I see it and experience it, it has increased tremendously in the last few years. It started out as a way for thieves to get drug money. Now the recession has made it worse.”

Ten years ago, Johnston was hired by the post office to strengthen the blue collection boxes in his home state of Oregon. “We went around and put those security bars on to help make it harder to break into without a key,” he said. “We also put a heavier lock that was harder to pick. And they put special locking nuts on the bolts in the ground so they couldn’t easily be taken off.

“I don’t know how to make them stronger. I don’t think they know either. The biggest problem up here now is they throw a chain around it and yank it out of the ground.”

The blue collection boxes are especially popular, he says, because they contain more mail, especially bill payments containing individual checks. Thieves can use the name, address, account and bank routing numbers on the checks for identity theft.

“The post office would like to remove the blue boxes,” Johnston says. “They would like to take them all off the streets and make people go to the post office or use their own mailbox to send mail out.”

What should you do?

If that’s true, the post office won’t state that publicly. In a statement to The Watchdog this week, Postal Inspection Service spokesman Michael J. Romano writes, “The Postal Service employs crime prevention countermeasures for collection box thefts, but for obvious reasons, this information is law enforcement sensitive and is not released to the public.

“We maintain that the U.S. mail is a very safe and secure way of conducting commerce with close to 600 million pieces of mail and packages successfully delivered daily.”

Still, the post office warns, “When possible, customers should avoid placing mail in a blue collection box after the last posted collection time or on a day mail is not scheduled to be picked up. If they must deposit mail during that time, they should use the lobby drop inside a post office.”

The boxes do not provide this information to consumers. But probably they should with signs. If the boxes are not completely safe, the people using them should know. Mail inside is a sitting target. That’s what the numbers show.

File your own request

If you want to file a freedom of information act request, here’s how you do it:

CHIEF POSTAL INSPECTOR
US POSTAL SERVICE
475 L’ENFANT PLAZA SW RM 3100
WASHINGTON DC 20260-2100

[Date]

FOIA REQUEST

Dear FOIA Officer:

Pursuant to the federal Freedom of Information Act, 5 U.S.C. § 552, I request access to and copies of a listing of all reported incidents of:

- theft of mail from…

- vandalism of mailbox…

- tampering with ….

the blue collection mailboxes located outside all post offices, stations, substations, etc. in the [YOUR DISTRICT] from [GIVE DATES] to the date of this letter, Dec. 31, 2010.

I agree to pay reasonable duplication fees for the processing of this request, but ask that you first alert me to the charges so I may know before any work is done. You may call me about this at xxx-xxx-xxxx or e-mail to xxxxx@xxxxx.xxx.

If my request is denied in whole or part, I ask that you justify all deletions by reference to specific exemptions of the act. I will also expect you to release all segregable portions of otherwise exempt material. I, of course, reserve the right to appeal your decision to withhold any information or to deny a waiver of fees.

I look forward to your reply within 20 business days, as the statute requires.  Thank you for your assistance.

Sincerely,

# # #

Visit Watchdog Nation Headquarters

Like Watchdog Nation on Facebook

Watch Watchdog Nation on YouTube

Twitter @DaveLieber

# # #

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is available in hardcover, as a CD audio book, ebook and hey, what else do you need. Visit our store. Now revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

That’s how I try to operate my life — free and fast. And I bet you do, too.

Sometimes, though, that can clutter things up.

Do you shred your documents that contain your personal information before throwing them away? I’ve bought three different shredders from office supply stores — and returned them all. They stink.

Instead, I’ve been waiting for a free, local shredding service to take my receipts, bank statements and paper bills and ground them into pulp. Unfortunately, it can cost a homeowner around $100 for such a service to come to your door or for you to bring it to them.

That’s not Watchdog Nation’s way. We want it done free and in just seconds.

My last big shredding was in June 2007 in Addison, Texas. I remember because I attended an anti-fraud conference that day. Free shredding was one of the lures.

In the past three years, I accumulated more than a hundred pounds of paper. I had boxes stacked in the attic marked “To Be Shredded.” Trash bags were piled high in a spare bedroom.

Then yesterday, they all vanished.

I’ve kept searching the Internet and asking about free shredding. Then I heard about Legend Bank in Fort Worth, Texas that was staging a “Free Shred Day.” I’m not a customer, but the event was open to everybody. I told a lot of my friends and many of them showed up, too.

Legend Bank is getting a reputation for offering checking that pays 4 percent in monthly interest if certain conditions are followed. The shred day was a great way to get people to visit the bank.

Mike Monroe, executive vice president and regional president, also passed along shredding guidelines to his customers — a story by Steven Hastert at www.shrednations.com. You can read it here.

Watchdog Nation hopes you are shredding your documents for free and in seconds. No need to wait three years as I did.

Mike Monroe of Legend Bank (left), Dave Lieber (center) and Michael Morris of instantshredding.com -- and the star of the show, all the stuff of Dave's about to get destroyed.

No need for me to repeat the latest identity theft stats here. You know the drill. Suffice it to say that I have written stories in my newspaper about dumpster divers who pull the unshredded stuff out and resell it to drug rings that also engage in identity theft. That’s incentive enough for me to do it right.

Three years of Watchdog Nation founder Dave Lieber's personal documents waiting to be shredded. Almost filled up a large trash cart.

We advise you to search the Internet regularly for “free shredding” and the name of your community. These events are almost always held on Saturdays. Often, the sponsors are private businesses, law enforcement authorities and neighborhood associations. You can even call your local shredding companies (easy to find on the Internet) and ask if they are scheduled to offer a free service with any community sponsors in the coming months.

###

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new 2010 edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is out. Revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

By Dave Lieber

Nobody advertises more than LifeLock.com.

You hear their ads on the Rush Limbaugh radio show, done by Rush himself.

You know company founder Todd Davis’ Social Security number (457-55-5462) because he broadcasts it everywhere to show he’s not worried about someone stealing it (even though a Fort Worth man did just that a few years ago here).

But some of that advertising might have gone a little too far, according to legal documents filed in a settlement announced March 9 by Texas Attorney General Greg Abbott and 34 other states.

Under the terms of the agreement, LifeLock Inc. “agreed to more accurately describe its ID theft protection services.” The company also agreed to pay $11 million in restitution to eligible customers.

As part of a joint investigation by the Federal Trade Commission and the states, LifeLock “unlawfully exaggerated its range of services and ability to prevent ID theft.”LifeLock is NOT allowed to state that its products:

- provide “complete protection” against ID theft

- prevent unauthrorized changes to customers’ address information

- constantly monitors activity on its customers’ credit reports

- ensure a customer will always receive a phone call from a creditor before a new account is opened.

Watchdog Bytes contacted LifeLock after the settlement was announced. Spokeswoman Cortney Lanik released this statement from Davis:

“LifeLock is pleased with this agreement, which works to set advertising standards for the entire identity theft protection industry. As FTC Chairman Jon Leibowitz stated … the FTC has ensured that LifeLock has a legitimate business model going forward with honest advertising.  Notably, as part of its just-concluded investigation, the FTC reviewed both the LifeLock service and LifeLock’s current advertising to confirm that LifeLock is in compliance with all applicable legal requirements. We will abide by the terms of this consent decree because we intend to continue to be true to our core mission — to help protect you, your family and your friends from identity theft.

“We welcome federal and state efforts to regulate our industry because, at the end of the day, doing so helps to protect consumers from the risks of identity theft. Because of LifeLock’s marketing efforts, many more Americans now know of the risks of identity theft and the need to take effective action to protect themselves. LifeLock is committed to developing and applying the most advanced technologies available to help protect consumers from the consequences of identity theft. We will continue to work very closely with federal and state regulators on regulatory and best practices to protect individual consumers.

“Nothing changes as a result of this settlement because it was based on activities from over two years ago. We agreed to settle this matter in order to quickly put this behind us so we can get back to doing what we do best – helping to protect our members from identity theft.”

Some of LifeLock’s advertising claims were “unlawfully exaggerated” according to a legal settlement in which the company agrees to pay $11 million in restitution. Hey, if you can’t trust your ID theft protection company to be straight with you, who can you trust?

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new 2010 edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is out. Revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

Or do you?

WatchdogNation.com wants everyone to learn some new Facebook terms that don’t necessarily show up in the company’s amazing corporate history.

Compromised account.

Account takeover.

Account hijack.

Definition: term used to describe when an unknown scamster gains control of your account, often resulting in a fairly believable plea to your friends for money to rescue you from disaster.

That’s my definition. Feel free to rewrite in the comments.

Let me show you how it works. This research first appeared in the September 20, 2009 Fort Worth Star-Telegram, the best paper in Texas, in the Dave Lieber column.

* * *

While on Facebook recently, Gary Rifkin received an instant message from his friend Karen Cortell Reisman.

“Hey Kar, how’s it going?” he typed back.

“Not too good at the moment,” she answered.

“What’s going on?” he asked.

“I’m in a deep mess as we speak and I need your financial assistance,” she answered.

She explained that she was in London “and we got mugged at gunpoint.”

“Oh my God,” Rifkin said. “Are you okay?”

“Yes. Cash, credit card and phone got stolen. It was a brutal experience.”

“How are you going to get home?” he asked.

“That is the main problem now. I need your financial assistance.”

“How much do you need?” he asked.

“All I need is $1,300.”

“Where should I send it?”

The address was in London.

“Hang in there,” he advised, a transcript of the conversation shows.

Rifkin never sent the money. He knew he wasn’t talking to his friend but someone pretending to be her. He knew his friend was at home in Dallas.

Reisman, meanwhile, started getting frantic phone calls from friends asking, “Are you OK?”

As she told me later, “It was stunning to see how fast this grew over the course of one day.”

She calls the whole experience “the day I got hijacked on Facebook.”

Reisman uses Facebook as part of her speaking and coaching business. But she couldn’t get into her account because her password no longer worked. She tried to call Facebook’s corporate office in Palo Alto, Calif., but she couldn’t find the phone number. (Note: 650-543-4800)

She found the help page on Facebook that led to a contact form that put her in touch with the security team.

When Facebook e-mailed her a new password, she worried that it, too, was a hoax. But it wasn’t. She got her Facebook page back.

None of her friends sent money, but most called to see whether she was OK. “I was so touched by the concern of so many people,” she said.

In Facebook lingo, her account was compromised, company spokesman Simon Axten said.

Reisman has no idea how it happened. In all probability, Axten said, scammers learned her password through phishing.

That’s when a user goes to a fraudulent Web site that looks like the real thing. The person enters his or her login information, and then the crooks have what they need.

I can see how this happens. Sometimes I get an e-mail on an account that Facebook doesn’t know about. The e-mail asks me to look at Facebook photos. But I’d have to log in to Facebook. I ignore it.

The Facebook spokesman says scammers re-create e-mails that look like ones Facebook sends out. They might say that a friend has commented on your link or that you were tagged in a photo.

“We advise people to be careful when they’re clicking on e-mails, and especially links,” Axten said. “And when they do click on a link, check the URL [Web address]. If it’s not www.Facebook.com and it’s something else, most likely it’s a phishing site. Be careful.”

He suggests that when a friend claims to be in trouble, test the friend’s identity by asking key questions (“Where did we have lunch together last week?”).

The number of accounts compromised is very low, Axten said, considering that Facebook has 300 million worldwide.

“But obviously the consequences are pretty severe if someone ends up sending money. That’s a significant loss. As a result, we’re taking it very seriously, as we do any security threats.”

How?

Facebook monitors users who start sending out lots of messages or making “wall” posts. Facebook may block or disable the account until the mystery can be solved, he said.

Passwords should be complex, with a variety of letters and numbers.

Reisman changed all her passwords after her experience – for Facebook and for her bank, e-mail, other social media sites and credit cards.

Previously, she said, “I used the same password for everything because life is short and I can’t remember everything.”

Now she keeps a separate list of passwords.

Facebook isn’t as much fun for her now.

“It’s left a bit of a bad taste in my mouth,” she said. “But Facebook came through, in my opinion, because they really did react to the problem in a fairly quick manner.”

Do you use the same password for multiple accounts? Or simple passwords, easy to figure out, like the name of your dog?

Remember that the best password is a combination of letters, numbers and punctuation marks. Always be careful when entering it into any e-mail that is sent to you.

And please feel free to share your detailed stories about similar problems – along with suggestions about how we can protect ourselves in the comments below.

* * *

Learn more about protecting yourself in the national-award winning book about social change, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong. Visit www.WatchdogNation.com.

Facebook Protection TIPS

- Be suspicious of friends who ask for money. Test their identity. Ask others who know them to verify any questionable situations that arise.

- If you see something suspicious on a friend’s account, go to the help link on the lower-right corner of a Facebook page and report it to the Help Center.

- Learn about security tips at www.facebook.com/security.

- Choose a strong password and don’t use it for other Web accounts.

- Use an up-to-date Web browser that offers anti-phishing features.

- Run anti-virus software on your computer.

- Reset your Facebook password if you suspect that your account has been compromised.

- Become a fan of Facebook at www.facebook.com/facebook to get the latest security announcements.

Source: Facebook

I got rejected for a new credit card.

Not because of my credit score. Instead, I was rejected because I hadn’t bought anything on credit since 2003.

Only that’s not true.

As I first reported in the Aug. 7 Fort Worth Star-Telegram,  a credit card company told me to take a hike because I had “insufficient credit history.” The company learned this from Equifax, one of the three major credit bureaus.

When I protested that I have a mortgage, have made regular car payments and pay regularly on other credit accounts, the company told me to take it up with Equifax.

So I ordered my credit report from Equifax and braced myself. As a victim of identity theft in December, I’m not surprised by anything.

Sure enough, the Equifax report showed that I had stopped engaging in any financial activity whatsoever after 2003. Ridiculous.

Mine is what a credit report must look like for someone who dies, goes to prison, or swears off credit forever and now lives under a bridge somewhere.

Whatever the problem, until it was fixed, I couldn’t open a new credit line with any borrower who relies on Equifax for information. (The two other major credit bureaus, TransUnion and Experian, did have accurate information about me.)

I’m not alone.

Consumer groups say credit reports are rife with inaccuracies, and these mistakes are hard to correct.

“When consumers have a problem with credit reporting agencies, good luck getting it fixed,” said Ira Reingold of the National Association of Consumer Advocates.

The reason, according to a report by the National Consumer Law Center: “Workers [for credit bureaus] don’t examine documents, contact consumers by phone or e-mail, or exercise any form of human discretion in resolving disputes.”

The law requires credit bureaus to provide the maximum level of accuracy for consumers, but that doesn’t always happen, Reingold says. Consumers sometimes have to sue the bureaus to clean up their reports.

What is the accuracy rate? Nobody knows. The leader of the trade association for credit bureaus, the Consumer Data Industry Association, told Congress two years ago that the industry has about a 2 percent error rate.

The National Consumer Law Center says the inaccuracy rate could be as high as 25 percent.

Bad information hurts people. Credit reports are widely used to check a consumer’s eligibility for credit, employment, insurance and rental housing. Errors in a consumer’s report can result in a denial of those benefits or higher costs, the Federal Trade Commission says.

A new FTC rule, announced last month, will require companies that provide information to credit bureaus to investigate complaints about incorrect information. The rule goes into effect in July 2010. Until then, credit bureaus are supposed to investigate.

A pilot study conducted by the federal government showed that most consumers who found errors were able to get them fixed, says Rebecca Kuehn, assistant director for the FTC’s Division of Privacy and Identity Protection.

The FTC is going to sponsor another study and, ultimately, make recommendations to Congress about how to ensure greater accuracy, she told me.

Rather than contact Equifax myself, I decided to test the identity theft protection service I had hired after my ID theft problem last year. Debix.com promises to restore your credit in the event of any problems. The Austin-based company charges $9.95 a month and has 400,000 customers.

“We’ve never seen anything like this before,” Debix Vice President Julie Ferguson said of my case. Paul Rendsland, a licensed private investigator with Debix, was assigned to my case. He collected my paperwork and sent it to Equifax. But the problem wasn’t resolved immediately, so Debix stepped it up.

“We have a good relationship with all three credit bureaus,” Ferguson said. “So we called one of the executives at Equifax and asked them to call you.”

Dinah Watson of Equifax’s consumer affairs office called me and said she fixed the problem. When I asked her what happened, she explained that I had used my full middle name on some credit applications and only my middle initial on others. Equifax, she said, split my credit history into multiple files and didn’t provide all of them to the credit card company. She made it sound like it was my fault.

That sounded peculiar. What about my Social Security number? And my address? My date of birth?

“That’s not a good explanation,” Atlanta lawyer Steven H. Koval said when I told him about it. Koval sued Equifax on behalf of a client who spent two years unsuccessfully trying to correct her credit report.

Jennifer Costello, an Equifax spokeswoman, later told me that customers should contact the credit bureau and work to resolve problems. Equifax is sending me a credit report and my credit score as a consolation.

When that report arrives, I’m going to hunt for more errors.

Action plan

Order a free credit report each year from annualcreditreport.com.

When errors are found, request an investigation by the credit bureau in writing – not by phone or online. Send along documentation by certified mail, return receipt requested.

Notify the company that furnished the incorrect information as well.

If unsuccessful, consider hiring a lawyer who specializes in credit report errors. Go to www.naca.net to find them.

Learn your rights by reading the Fair Credit Reporting Act.

Only I have never been to Pearland, and I don’t write checks at Wal-Mart.

My first thought: scam.

I asked for her company name, and she told me. When I asked for her name and her employee ID number, she refused, saying, “You’ll get a letter.” She hung up.

I did an Internet search for the company name — TRS Recovery — and the words Wal-Mart and bounced check.

A slew of comments came up.

One person reported a similar situation: bounced check in a Wal-Mart he never visited, and he doesn’t write checks.

His bank representative, he wrote, looked up TRS on the Internet and discovered that the company “is a fraud!” He complained that letters from the company “looked very real” and worried about people who have been “scammed by this company.” He added that he intended to file a police report against the company and also a complaint with the Federal Trade Commission.

After reading that and similar comments on another Web site, I thought that was all there was to it, and I could return to prepping for our New Year’s Eve celebration.

But a voice in my head asked, “What would The Watchdog do next?”

An unexpected twist

Next I checked the company’s Better Business Bureau report online.

What I found was unexpected and further proof that a lot of people write a lot of nonsense in blog postings. A scam? Hardly.

Turns out TRS Recovery is an affiliate of TeleCheck, which operates an electronic check verification system for retailers.

The BBB report shows 677 complaints against the company. Half are for billing and collection issues. But another statistic is one not found in a scam company. Of those 677 complaints, the number resolved is also 677. A company that cleans up its messes.

The free report listed company officials with phone numbers. I picked the top name on the list and called her – Denise Hossler, director of compliance.

New Year’s Eve. I figured I’d never get anyone. But Hossler picked up her phone.

She offered to help, and no, I didn’t tell her I’m The Watchdog. I wanted to see how she treated customers. I got lucky. This is someone who cares. When I complimented her on the perfect BBB record, she said that was her personal goal for the year.

Hossler looked up my file, and we figured out what happened.

Someone had bought $279 worth of merchandise at a Wal-Mart in Pearland last month using a fake check with my name and address. The check purported to be from a Harlingen credit union.

I was the victim of identity theft.

Happy New Year.

A victim again.

What did Yogi Berra supposedly say? Deja vu all over again.

Thirteen years ago, I tried to pay at a Wal-Mart in North Richland Hills, and the store declined my check. Turns out someone had written a check at a Montgomery Ward store in my name. Later, I learned another check was written at a toy store.

Took two days to clean things up. For two weeks, I wasn’t permitted to write checks. A state trooper told me that my driver’s license number was probably “pulled out of the air” by a con man.

Very few people become the victim of ID theft twice, says Linda Foley of the Identity Theft Resource Center. “You’ve been hit twice.”

Better that than lightning.

According to one study, Americans have a 1 in 37 chance of becoming an ID theft victim.

In Texas, a new legislative study shows that although half of all Texas ID theft victims lose no money, they spend between four and 130 hours fixing problems related to the theft. For those who do lose money, losses average $500.

Texas has laws to protect people in my situation. A debt collection company can’t hold me responsible for a debt I didn’t incur. Lenders can’t penalize me if I apply for loans or credit.

But what concerns me is the ease with which someone can pull this off. Fake checks — called synthesized checks — can be printed on a home computer.

I wondered about Wal-Mart’s procedures for verifying checks. Wal-Mart spokeswoman Ashley Hardie told me that check writers at Wal-Mart stores are randomly checked for additional information such as a driver’s license or a phone number when a cashier is prompted to ask for more information by the TeleCheck system. But this means that not all customers’ checks are verified.

Mike Prusinski, a spokesman for LifeLock, which provides loss protection for consumers, said big retailers that don’t demand more rigorous check verification are a major contributor to identity theft.

“If Wal-Mart and all the other places, instead of doing it randomly, did it all the time,” ID thieves would face tougher obstacles, he said.

Foley, of the ID Theft Resource Center, says, “Thieves know which companies don’t check things carefully and which ones do. They’re not stupid. This is their profession.”

Next, I’ll show you how I’m digging out of this hole.

PART TWO: WHEN IDENTITY THEFT HAPPENS, KNOW HOW TO FIGHT BACK

A few hours before the end of 2008, I found out that I was the victim of identity theft. I got a call from a collection agency seeking payment for a $279 check in my name payable to a Wal-Mart store in Pearland.

Only I didn’t write the check and I’ve never been to Pearland. This is the second time this has happened to me in 13 years.

I didn’t let it ruin my fun. I wasn’t angry or upset. I didn’t panic. I figured that whatever happens, I can deal with it. Then I tried to make as many calls as I could to learn what happened and do what I was supposed to do before the clock struck midnight.

It doesn’t take long to lay the groundwork to protect yourself when something like this happens. I kept a diary of my experience, and I’ll share it so you’ll know what to do if this happens to you.

1. I check out the collection agency – TRS Recovery – on the Internet. I discover that others have received similar calls. Several write that the TRS/Wal-Mart/bounced check story is a scam and that the company is taking money from innocent victims. But that turns out not to be true.

2. At the Better Business Bureau Web site, I learn that TRS is an affiliate of TeleCheck, a large check-processing company. The company has a perfect BBB record. 667 complaints. All of them resolved.

3. The BBB report lists phone numbers for company officials. I call the first one on the list — the director of compliance. Even though it is New Year’s Eve day, Denise Hossler answers her phone. She walks me through the facts, and I learn that this is a case of identity theft.

4. At her urging, I call workers at TRS’ fraud unit to register a dispute. I get a reference number. They tell me to get a Federal Trade Commission ID theft affidavit form from www.ftc.gov, fill it out and fax it to them to wipe the slate clean.

5. After downloading the affidavit from the FTC Web site, I complete it and take it to a notary. Notary public Stephanie Silva hears what has happened and says of ID thieves, “If they spent as much time doing honest work, they’d be millionaires.”

6. I call the FTC ID theft hot line (1-877-438-4338) to register for a national list of victims. I get another reference number.

7. The credit union where the check supposedly originated tells me the account with my name doesn’t exist. Someone used the credit union’s name but printed the check on his or her own. The credit union e-mails me a letter stating that.

8. The FTC affidavit is faxed to the debt collectors, along with the required proof of address (my Fort Worth water bill). But I receive no verification that it arrives. So I call back and ask for the mailing address so I can send it certified, return-receipt requested. They say that’s not necessary. I do it anyway.

9. When I call the Wal-Mart store to report the theft, I’m placed on hold. Eventually, I hang up. Later, Wal-Mart’s media relations department puts me in touch with a Wal-Mart risk-assessment employee, who takes a formal report. (A Wal-Mart spokeswoman says that ID theft victims should report incidents to the store involved.)

10. I call the Brazoria County Sheriff’s Department, which covers that Wal-Mart, to file a complaint, but I’m told to contact my hometown police department. Fort Worth police take my complaint and give me a police report number, which I’m told is the most important reference number of all. I’ll file an open-records request with the city to get a copy of the actual report.

11. I call LifeLock (phone: 1-877-Lifelock), a company that provides me with limited ID theft protection for $10 a month. A representative tells me that if I lose any money, LifeLock will cover it and that if I ever have a problem clearing my credit report, the company will work on that, too.

12. At the Identity Theft Resource Center’s Web site (www.idtheftcenter.org), I read informative articles about ID theft. Then I call the center’s Victim Assistance Center (1-858-693-7935) and talk to an adviser. She reminds me that this is not going to ruin my life, hurt my credit score or take money out of my pocket.

Most people, she says, “are very upset. They don’t know what to do. They’ve never had this situation happen to them. They ask, “How dare anyone do this to me?”

13. I call Linda Foley, a leader at the ID Theft Center, to ask more questions. She recommends that I call the three major credit bureaus and put a fraud alert on my credit to prevent anyone from opening a line in my name. Anyone can get an alert for 90 days before renewing, but as an ID theft victim, I can get it for seven years. She also suggests that I ask the bureaus for a security freeze so no one can access my credit report without my permission. (TransUnion, 800-680-7289; Equifax, 800-525-6285; Experian, 888-397-3742).

Foley predicts that as credit tightens, thieves will turn to check fraud. Unlike a credit card account, which can be closed, a check writer can keep writing fake checks. Every time a fake check pops up somewhere with my name, I’ll have to answer it by sending that FTC affidavit to the merchant as my explanation.

When does this end for the thousands like me who endure this? Probably when stores put in check-processing systems that can show cashiers a photo of the rightful holder of a checking account, Foley says.

No photo match? Then no purchase.

Meanwhile, I’ll keep you posted.