From: mea culpa (jerichoDIMENSIONAL.COM)
Date: Wed Sep 08 1999 - 17:48:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edentify2000aol.com

ELECTRONIC
IDENTITY FRAUD
NEWSLETTER

Volume 2, Issue 5
July 14, 1999

From: e-DENTIFICATION, Inc.
Voice: (717) 859-2430
Fax: (717) 627-5454
Email: Edent99aol.com
Web Site: www.e-dentification.com

John F. Ellingson, Madison, WI - editor
Principal in e-DENTIFICATION, Inc.
Email Address: ellingsone-dentification.com

IDENTITY FRAUD & PRIVACY CONCERNS

Electronic commerce, or ".com", has tremendous currency in the investment
community. It is spawning new business every day and capturing the
imagination of investors, shoppers, bankers, and thieves. Two recent studies
addressed the problem of credit card chargebacks (charges made on credit
cards that are disputed by the card holder). In the normal point-of-sale
world chargeback transactions are less than 1% of the volume. In the ".com
"world chargebacks are from 15% to 37% of the volume.

This is an indicator that there is something seriously wrong in the way we do
business on the Internet and has serious implications for identity fraud and
privacy concerns. Nearly every time you attempt to use a credit card to make
a purchase on the Internet you are assured you are using a "secure server."
There are secure sockets and digital certificates and there is weak and
strong encryption. Yet with all of these technologies credit card
transactions fail at rates that are more than an order of magnitude greater
than transactions conducted outside of ".com".

As the two stories reported in this newsletter indicate, personal information
about anyone and everyone is available to anyone who knows how and where to
ask for it. The security systems employed on the Internet are dependent on
that same information. This dependency cannot help but result in a seriously
flawed system.

I would suggest that the paradigm that Internet security is based upon is the
one of the postal service; and why not, we call our Internet communications
email? Let's take a minute and examine that paradigm. The mission of the
postal service is to deliver a package from sender to receiver as safely,
promptly and accurately as possible. As far as it goes, this is a good
paradigm. However, it does not go far enough. The postal service does nothing
to check the identity of the sender and with rare exceptions even inquires
about the identity of the recipient. The postal service delivers from place
to place -- not person to person.

The postal service delivers hate mail, birthday greetings, bills, junk mail
and the occasional bomb all with the same efficiency. So does the Internet.
Neither the security at the post office, nor the Internet concerns itself
with content or the identity certainty of those sending and receiving the
message. This is the heart of the problem. It is manifest in the very human
behavior of lying. People lie to one another. Because the Internet is largely
anonymous it promotes lying by making it easy. It is not surprising that the
proliferation of lying results in transactions that fail because they are
based on lies.

In the chargeback situation there may be two kinds of lies. The first kind is
someone who lies about their identity. They may be using a credit card that
doesn't belong to them and lie to say they are the person it belongs to. The
second lie is in some ways more insidious. This is the previous lie, but in
reverse. The person whose credit card was used is the person who made the
purchase, but because an identity is not verified at the time of purchase the
person can now deny making the purchase and avoid paying for it.

In a nonscientific survey conducted by a television station in Southern
California 61% of those asked indicated that they would steal services from a
utility or the phone company if they were sure they could get away with it.
It would seem they are getting away with it on the Internet.

Until we come up with a different paradigm that secures more than the
transmission of messages and can confirm identities on the Internet, the
".com" dream will continue to be tainted with a bit of a nightmare.

e-Dentification, Inc. assures identities and privacy on the Internet,
Securing Business, Securing You.

John F. Ellingson, Madison, WI - editor
Principal in e-DENTIFICATION, Inc.
Email Address: ellingsone-dentification.com

NEWS ITEM

INVESTIGATOR ARRESTS SPUR CONCERN

The Associated Press
AP-NY-07-06-99 0242EDT
By Steven K. Paulson

GOLDEN, Colo. (AP) - James and Regena Rapp were arrested and indited as the
result of a sting operation by the Colorado Bureau of Investigation. Their
company DBA "Dirty Deeds Done Cheap" and "Phantom Investigations", brokered
information to private investigators and media companies investigating their
competition.

The sting was set up to recover detailed personal information, bank and
telephone records and credit-card bills that James and Regena Rapp and their
employees lied and schemed to get, in the JonBenet Ramsey murder
investigation, for possible publication in the tabloids.

According to a Jefferson County grand jury indictment, the Rapps and their
employees telephoned companies to ask for copies of the Ramsey's personal
records, claiming to be the Ramseys. The copies were faxed to a phone number
that routed the documents to the Rapps, including court case file information.

In the sting, an agent set herself up as a target to see what company could
find out about her. "We thought we'd run it up the flagpole. She was
surprised by the details they found,'' Brown said. "It came back exactly what
her phone bill was and bank balance statement was.''

The Rapp's recent indictment for racketeering has again created concern over
the ease in which personal information may be obtained.

"It's a question of identity and privacy,'' said Tara Lemmey, president of
the Electronic Frontier Foundation, a nonprofit organization that tracks the
Internet and privacy issues. "In this case, it's a case of fraud. We already
have good fraud laws on the books. The larger question is, should people have
the right to get information on another person."

Lemmey said " that with the proliferation of computers and databases,
personal information given in confidence isn't always kept private…people
assume the information they provide will only be used for a driver's license
or to buy a dishwasher…they need to know that the information is now being
used for other things.''

Pam Russell, a spokeswoman for Jefferson County prosecutors, said "There are
certain things in our lives that are personal and private - our finances, who
we call, who we talk to…I can't even get this information without a warrant.''

NEWS ITEM

Minnesota Attorney General Hatch Sues U.S. Bank for Disclosing Customers

 ST. PAUL, Minn., June 8 /PRNewswire/ -- Minnesota Attorney General Mike
Hatch announced a lawsuit today against U.S. Bank for allegedly releasing
customers' private banking information to a telemarketing company in exchange
for a fee of $4 million plus commissions, some of which Hatch said were
generated through bogus, unauthorized charges by the telemarketing company.
Defendant US Bancorp (NYSE: USB) is a multistate bank holding company and the
parent of U.S. Bank. Hatch alleges that U.S. Bank violated the federal Fair
Credit Reporting Act and engaged in consumer fraud and deceptive advertising
by providing the telemarketing vendor with such private information as Social
Security numbers, account balances and transactions and credit limits.

"People are appropriately careful about protecting their Social Security
number, checking and credit card information," said Hatch. "When a bank
hands out this information to the highest bidder, it has to answer to its
customers and to the Attorney General's Office."

Specifically, U.S. Bank provided Member Works Inc. with the following
information for its customers: name, address, telephone numbers of the
primary and secondary customer, gender, marital status, homeownership status,
occupation, checking account number, credit card number, Social Security
number, birth date, account open date, average account balance, account
frequency information, credit limit, credit insurance status, year to date
finance charges, automated transactions authorized, credit card type and
brand, number of credit cards, cash advance amount, behavior score,
bankruptcy score, date of last payment, amount of last payment, date of last
statement, and statement balance.

Since November 1996 U.S. Bank has received over $4 million plus commissions
3/4 commissions equal to 22 percent of each sale Member Works made 3/4 from
the provision of its customers' private information to Member Works. Member
Works used the U.S. Bank customer data to sell memberships in a health
program that allowed members to get discounts on dental and health care
visits.

Hatch also alleges that in addition to providing confidential customer
information, U.S. Bank approved telemarketing scripts that contained
deceptive information. For example, if a customer asked a telemarketer if
U.S. Bank had given the customer's credit card or checking account number to
the telemarketer, the script instructed the telemarketer to answer "No, I
personally do not have your account number."

Hatch alleges that U.S. Bank violated federal law and banking rules by
allowing the telemarketing company to automatically withdraw payments from a
checking account without written authorization from the consumer.

Federal and state regulatory agencies require banks to publish privacy
policies telling consumers how their personal information will be used, who
has access to the information and if the bank intends to give its personal
information to non-affiliated third parties. U.S. Bank has a privacy policy
printed in its U.S. Bank Customer Agreement that says "We share your concerns
about the privacy of your personal information and strive to maintain its
confidentiality." Nothing in the bank's agreement reveals that personal,
confidential information is being sold to companies that are not affiliated
with U.S. Bank. Hatch also said at the press conference that none of U.S.
Bank's consumer brochures disclose to customers that their names and account
information could be sold to a third party.

Hatch is asking that the court prohibit the bank's exchange of customers'
personal information and order the bank to pay civil penalties to consumers.
Hatch also called upon Congress to enact legislation to protect consumers'
rights to financial privacy.

On Monday, U.S. Comptroller of the Currency John Hawke condemned practices
like those described above as "seamy," unfair and deceptive. (Wall Street
Journal, June 8, 1999.)

PRESS RELEASE

e-DENTIFICATION NAMES NEW CHIEF OPERATING OFFICER

Madison, Wisconsin...July 9,1999…John Ellingson, president and founder of
e-DENTIFICATION announced today, effective immediately the appointment of J.
Rick Ingram as Chief Operating Officer.

Mr. Ingram will be responsible for the day-to-day operations including
research, finance, investment banking, sales, administration and will chair
the Internal Operating Committee. "Rick Ingram is an outstanding manager who
as Chief Operating Officer brings many years of experience and expertise to
the company and can assist the company in reaching the next level of growth
with without compromising our focus on quality and service." said John
Ellingson, President and founder.

Prior to joining e-DENTIFICATION, Ingram was a 20 year veteran of the
software industry, formerly with Platinum Technology, in an Executive Sales
position specializing in Fortune 500 Companies, with Boole & Babbage in
Executive Operations dealing with Fortune 50 Outsourcers, and as a Senior
Sales Executive for Fischer International.

Email John Ellingson at: ellingsone-dentification.com
Email Rick Ingram at: ingrame-dentification.com

ABOUT THIS NEWSLETTER

Free...OK to Copy or Remail
Subscribe/Unsubscribe to:
Edent99 aol.com

ISN is sponsored by Security-Focus.COM

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]