From The New Jersey State Attorney General
INTERNET FRAUD
COMMON SCAMS SPREAD
FAR AND FAST ONLINE
John
Kenneth Galbraith once observed that the man who is admired for the ingenuity of
his larceny is almost always rediscovering some earlier form of fraud.
Nearly
all of the fraudulent schemes found on World Wide Web sites and in e-mail
are simply revised versions of tried and true telemarketing or mail frauds that have been fooling the unwary and the gullible
greedy for centuries.
The
schemes involve high-pressure sales tactics, refusal to provide written information,
and unrealistic claims of potential profits or earnings. Perpetrators take advantage of the culture of benevolence and trust
on the Internet, as well as the multitude of opportunities presented by instant access to millions of potential victims. Thus,
the need to be vigilant and report wrongdoing is greater than ever.
The
National Consumers League (NCL) operates the National Fraud Information Center, which estimates that there are 14,000 illegal telemarketing operations bilking U.S. citizens of at least
$40 billion annually. Meanwhile, the proportion of fraudulent activity attributable
to online schemes is growing almost exponentially. For example, Internet Fraud Watch (IFW), also operated by the NCL, reported
that the number of Internet fraud complaints it received rose recently by 600 percent,
from 1280 in 1997 to 7,439 in 1998.
In
the first six months of 1999, IFW received over 8,000 complaints.
The
Internet has created a whole new set of opportunities for
defrauders
and problems for law enforcement. It is a powerful tool helping swindlers overcome
their two greatest challenges: identifying victims and contacting victims.
What
is striking is the size of the potential market and the relative ease, low
cost and speed with which a scam can flourish over the Internet. Victims may never have the opportunity to see or even speak
to the defrauder.
Eileen
Harrington, Associate Director for Marketing Practices of the Federal Trade Commissions Bureau of Consumer Protection, testified that
online defrauders benefit from the very characteristics that make e-commerce grow:
anonymity, the distance between the buyer and the seller, and the instantaneous nature of the transactions. She added, Fraudulent
operators on the Internet take advantage of the fact that this marketplace is still a confusing one to consumers. Ms. Harrington
emphasized the confounding speed of online scams.
I
think that with the Internet as the medium, everything happens more quickly. The business sets up more quickly. They change identities
more quickly. I mean, you can throw up a new Web site in an hour. It just has moved
things to kind of a warp speed. So you find that the life-span of one of these frauds
is much shorter than might have been the case where the frauds turned out to rent office space, get phone lines, [and] do
all of those sorts of things. We find more and more that these scams are operating out of homes.
Noting
that fraud over the Internet requires access to some form of payment system, just as every other kind of fraud does, Ms. Harrington urged
consumers to pay for their online purchases by credit card. She explained that consumers have important federal rights that
protect them from being held liable for unauthorized and fraudulent transactions if they pay by credit card.
Susan
Grant, Vice President for Public Policy of the National
Consumers League
(NCL) and Director of the NCLs National Fraud Information Center and Internet Fraud
Watch programs, testified as to why consumers must take extra care in cyberspace:
I think
that people sometimes get so excited about the novelty of
the Internet
that they lose sight of the same common sense that
they would use
if somebody knocked on their door in the middle of
the night offering
them something, and it was a stranger, or if
they got a telephone
call out of the blue from somebody that they
didnt know.
Theres
a lot of talk about community on the Internet as though
its one big happy
place with everybody dedicated to the pursuit
of knowledge
and sharing information with each other, but in
fact, just like
any community, there are bad guys lurking in the
alleyways. People
need to be cautious. Its no reason not to use
the Internet.
And actually, I think its ironic that, for instance, we see a
decreasing amount
of credit card use for payment compared to
things like checks
and money orders, and yet the credit card is
the safest way
to pay because of your legal dispute rights.
I think
that people may be so worried about giving their credit
card
information on the Net, even though with the encryption
programs that
are in place, its really, from what we can see,
relatively safe.
And theyre not sufficiently worried about who
it is that theyre
doing business with at the other end.
Online
auctions alone are expanding e-commerce rapidly. Gomez
Advisors estimates
that in 1999 online auctions connected 7.4 million buyers and sellers transferring goods worth $4.5 billion.
The.independent
firm, which rates Web sites for consumers, expects online auction sales volume to exceed $9 billion in 2000. According to IFW, online auction complaints led all others with 68 percent of the
Internet-related
fraud complaints it received in 1998. Auctions also
were first in
1997 with 26 percent.
During
the first six months of 1999, IFW received 5,287 auction complaints, surpassing the 5,236
it received in all of 1998. IFW reported that 93 percent of
payments in response to fraudulent Internet schemes were made offline by check or money order
sent to the defrauding company. By and large, consumers failed to follow the safest course, which is to pay by credit card
so that the charges can be disputed if there is a problem. Giving cash, a check or,
worse, a bank-account number can make it impossible to get a refund from online vendors.
Since
online auction sellers often lack proper equipment to take credit card payments,
IFW recommends that buyers use escrow services, which hold payment from the buyer and only pass the money along to the seller
after verification that the goods or services were satisfactory. Insurance is another safeguard that sometimes proves beneficial.
Once
online, consumers are bombarded with unsolicited commercial e-mail (known
as "spam") advertising everything from legitimate services to fraudulent investment schemes. Millions of messages can be sent
out in a very short period.
Although schemers
can easily purchase e-mail address lists from companies that do business online, they also can use harvester software to conduct worldwide searches of Usenet newsgroups, Internet directories and chat
rooms in a very short amount of time.
In this way,
they can collect thousands of e-mail addresses for individuals likely to be vulnerable to certain types of schemes.
Others
pirate names and e-mail addresses from membership directories of Internet
service providers.
Spammers also use software that generates e-mail addresses at random. Thus, people can get spam even if they have never made online purchases or entered chat rooms.
Web sites
abound offering both legitimate and fraudulent products and services. Since
buying online essentially is buying sight unseen, the honesty of the seller is paramount. This is particularly important in
the booming online auction business.
The rapid
growth of e-commerce has significantly transformed the
U.S. securities
industry. In 1998, about 14 percent of all securities
trades were conducted
online compared with virtually no such
transactions
in 1995.
However, this
understates the impact on the small investor because approximately 37 percent of all
individual trades are now online, up from 17 percent in 1997. Three million people had online trading accounts in March 1999, a number expected to reach 14 million by 2001.
Online investing is generally a positive development,
giving
investors
unprecedented access to company and investment information and individual trading services.
As
in other areas, however, the Internet has provided dishonest operators with an efficient medium to defraud investors. The
U.S. Securities and Exchange Commission reported a 330 percent increase in complaints regarding online investments in 1998.
Its
Office of Internet Enforcement receives between 200 and 300 complaints every day,
of which 70 percent allege Internet securities fraud. Many investors have not developed proper skepticism about the quality
some of the information they encounter online.
Robust education is even more important for cyberspace
consumers than it is for those buying in other marketplaces. The average consumer has difficulty distinguishing between legitimate
Web sites and those that are scams. Anyone can put up on the Web a reputable looking site.
Criminals
forge header information to mask their identities and locations. Some cyber-crooks use "throw away" accounts (easily created
and discarded free accounts) and forged headers to make it appear that testimonial e-mail and postings come from many different
people rather than from the crook himself.
COMMON FRAUDULENT SCHEMES
Common
fraudulent schemes found on the Internet and elsewhere
include:
_
Online Auction Frauds. Sellers may not deliver items, or their value may be inflated. Sometimes shills drive up the bids. In early 1998, the National Consumers League placed auction frauds at the top of its list of Internet scams and cautioned
consumers to investigate any auction site before placing a bid. The
FTC, which received approximately 10,000 complaints about Internet auction
fraud in 1999, has issued similar warnings.
Online
auction buyers can guard against fraud by placing payments in escrow accounts rather than sending them immediately to the
sellers. For details, see i-Escrow® at www.iescrow.com.
Alternatively,
using a charge card makes it easier to obtain a refund. Also, some auction sites, such as the popular eBay, sell fraud insurance.
Ebays Fraud Prevention Department takes complaints from its Community Watch program and proactively monitors and suspends
accounts. Transgressors are referred to government authorities.
_
General Merchandise Rip-offs. These involve sales of everything
from T-shirts to toys, calendars to collectibles. The goods are never
delivered, or they are not as advertised.
_
Bogus Sales of Hardware or Software. Purchased computer
products
may never be delivered, or they may not be as represented.
_
Shady Sales of Internet Services. There may be charges for
services
that were touted as free, failure to deliver on promised services and
false representations of services.
_
Work-at-Home Schemes. Two popular versions offer the chance
to
earn money by stuffing envelopes or assembling crafts at home. However,
nobody is paid for stuffing envelopes or craft assembly since promoters,
claiming the work does not meet their "quality standards," usually refuse
to buy the finished product.
_
Business Opportunity Scams. These promise significant income for a small investment of time and money in a business
often a franchise. Some are actually old-fashioned pyramid schemes
camouflaged
to look like something else.
_
Chain Letters, Pyramid Schemes and Ponzi Schemes. Any profits are made from recruiting others, not from sales of goods
or
services
to end-users.
_
Guaranteed Loans or Credit on Easy Terms. Some schemes offer home equity loans, even for those who lack equity in their
homes. Others offer guaranteed, unsecured credit cards, regardless of
the applicants credit history. The "loans" turn out to be lists of lending institutions, and the credit cards never arrive.
_
Credit Repair Frauds. Sometimes called file segregation,
these
schemes are pitched over the Internet and e-mail to consumers with poor
credit histories. They lure consumers into
breaking
the law by creating fake credit histories with substitutes for their genuine social security numbers. Consumers pay fees as
high as hundreds of dollars to the so-called credit repair companies. They are then instructed to apply to the IRS for a taxpayer
or employee identification number, which is then substituted for their nine-digit social security number. Thus, the credit
repair scams actually turn
gullible
consumers into criminals by advising them to use false identification numbers to apply for credit.
Scam
operators also offer to clean up credit histories for exorbitant prices. The reality is that consumers can obtain information
about their credit history and correct inaccuracies for free. If a credit report is accurate, it cannot be fixed. By federal
law, credit repair organizations must give customers a copy of the pamphlet "Consumer Credit.74 File Rights Under State and
Federal Law" before a contract is signed.
_
Advanced Fee Loans. These scams prey upon peoples
desperation
to obtain loans. Operators claim that for a fee they can find loans despite the victims poor credit history. They also claim
to be able to provide favorable interest rates or other advantageous terms. Upon paying the advance fee, however, the victim
never hears from the scammer again.
_
Employment Offers and Easy Money Schemes. Phony offers such as "Learn How to Make $4,000 in one day," or "Make unlimited
profits
exchanging money on world currency markets," appeal to
the
desire to get rich quickly.
_
Bulk E-Mail Scams. Victims are sold lists of e-mail addresses
and
software with the claim that this will enable them to make money by sending their own solicitations via bulk e-mail. However,
the lists are of poor quality; sending bulk e-mail violates the terms of service of most Internet service providers (ISPs);
virtually no legitimate businesses engage in bulk e-mailings; and several states have laws regulating the sending of bulk
e-mail.
_
Health and Diet Scams. These bogus cure-alls are just electronic snake oil.
_
Get Something Free Scams. Consumers pay membership fees to "qualify" to obtain free items, such as computers or long-distance
phone
cards. After paying the fees, they learn that they do not qualify until they recruit other "members."
_
Fraudulent Stock Offerings and Market Manipulation.In
investment
fraud, perpetrators...
(1) create a classy-looking but phony Web page, complete
with official-looking emblems, to lure investors;
(2) create enthusiastic endorsements from non-existent
customers; (3) send spam to potential investors with a hyperlink
to the phony Web site; and
(4) create phony online buzz about the investment in
bulletin boards linked to the Web page, discussion forums, chat rooms, and sham or bribed newsletters. In market manipulation
pump and dump schemes, individuals who own a companys securities spread positive but false information about the company to
increase investor
interest
and drive up the price of the securities.
The
individuals then sell their securities at a quick profit, while later investors face large losses when the price of the inflated
securities declines.
One new fraud involves impersonating legitimate brokerage-firm
Web sites. Investors believe they are sending money to the broker when, in fact, the address is a post-office box. When authorities
detect them, the perpetrators merely shut down the Web site and
impersonate
the same or another brokerage firm using a different Web address and another post office box.
_
Stock Day-Trading Abuses. Stock day trading sometimes
involves
false advertising or failure to ensure that people have enough money to trade. Ordinary people can gamble on short-term changes
in stock prices from firms trading floors or from home computers equipped with special software. It is very easy for day traders
to make mistakes and lose a lot of money, even though they are not defrauded. With huge returns commonplace in the stock market,
many people are no longer investing. They are gambling, which makes them more vulnerable to a con game.
_
Cable Descrambler Kits. For a small initial investment one can buy a kit enabling the receipt of cable television without
paying the subscription fees. However, the kits usually do not work, and stealing cable service is illegal.
_
Vacation Promotions (Prizes, Certificates, Clubs, Etc.).E-mail
informs
consumers that they have been selected to receive "luxury" vacations at bargain-basement prices. However, accommodations
are not deluxe and upgrades are expensive. If the seller can delay the
travel for 30 to 60 days, it is harder for a buyer to get a credit-card refund. Consumers need to find out if the seller is
a travel agent belonging to the American Society of Travel Agents, whose members subscribe to an ethics code and pledge to
help resolve complaints. Also, the U.S. Tour Operators Association and the National Tour Association have a restitution fund
to protect travelers against company bankruptcies.
_
Fake Scholarship Search Services. Consumers pay a fee for
guaranteed
assistance and merely receive a list of financial aid offices or nothing at all.
_
Page-Jacking. As many as 25 million of the roughly one billion
pages on the World Wide Web have been page-jacked.
Perpetrators
prepare a page that impersonates an innocent
commercial
or informational Web site and resubmit it to search
engines
with a false address. When Web users search for the
original
site, the sham site opens, often with pornographic material.
The page-jackers make money by selling ads, showing
clients that they receive a large number of page hits. Of course, the hits come from unwilling users. Users attempting to
back up the Web browser or shut it down are merely connected to more pornographic sites. Legitimate site owners have to ask
search engines to remove access to the phony sites, a process that may not occur expeditiously enough to forestall significant
losses of profit and reputation.
_
Sham Sweepstakes Prizes. The perpetrators demand payments
before
authorizing the release of prizes. Of course, the prizes never arrive.
_
Sound-Alike Charities. Schemers masquerade as legitimate
charities
to lure contributions from unsuspecting donors.
_
West African (Nigerian) Oil Profits Deposit Swindles. Phony
civil servants ask U.S. citizens for their bank account numbers so that they can assist in investing millions in oil revenues
in return for a percentage of the profits.
The
scheme dupes American investors out of $500 million a year, according to the U.S. Postal Inspection Service. The Service received
108,000 complaints nationally between 1997 and 1998.
_
Bogus Banks and Bank Instruments. Sham offshore banks,
operating
online, solicit deposits with offers of huge interest. They claim they can offer such interest because of low overhead. They
also claim they can protect customers from government prying.
_
Fraudulent Offshore Trusts. These are marketed over the
Internet
as a means to evade taxation.
_
Affinity Frauds. They target certain religious or ethnic groups.
_
Cyber-Smears. Perpetrators post false information or fake press releases about companies on the Internet.
CONTROL ORGANIZATIONS AND PROGRAMS
A
number of conditions have hampered effective control of online
fraud.
It is difficult to find reliable statistics on the extent of the problem. Bulwark investigative agencies have only recently
joined
in
the fight against online fraud. Coordination among those agencies
is
just getting started. Creation of a national strategic plan for the
control
of such fraud remains in its early stages.
A
national education campaign, called kNOw Fraud, was launched in November
1999 to warn the public about telemarketing fraud. More than 120 million over-sized postcards listing fraud-prevention tips
and contact numbers were mailed to U.S. households.
A Web site was established at www.consumer.gov/knowfraud/index.html
to
explain the program and provide prevention tips. Complainants may contact the programs toll-free hotline at 1-877-987-3728. Public libraries received 16,000 informational videos. Coordinating
the campaign are the U.S. Postal Inspection Service, the Federal Trade Commission, the Federal Bureau of Investigation, the
Department of Justice, the Securities and Exchange Commission, the National Association of Attorneys General, the American
Association of Retired Persons and the Council of Better Business Bureaus Foundation. Many of kNOw Frauds awareness tips also
will help people to avoid becoming victims of online fraud.
FEDERAL TRADE COMMISSION (FTC)
The
FTC has interpreted its enabling legislation as permitting it
to
regulate e-commerce. It has assumed that its regulations concerning such things as fair marketing practices and mandatory
disclosures apply to the Internet. Eileen Harrington, the FTCs Associate Director for Marketing Practices, testified that
the agency brought its first enforcement action against a fraudulent operator using the Internet in 1994. By the end of 1999,
the FTC had brought 107 such actions against 315 defendants. In February 2000, it published a report, entitled Going, Going, Gone,
highlighting its efforts to counter Internet auction fraud ...
(see www.ftc.gov/bcp/reports/int-auction.pdf).
The
FTC (www.ftc.gov) accepts reports of fraud at its Consumer
Response
Center over a toll-free Consumer Help Line, 1 877-FTC-HELP (382-4357).
Many
involve fraud over the Internet. In a joint project with the National Association of Attorneys General (NAAG), the Council
of Better Business Bureaus, the U.S. Postal Inspection Service, and
Canadian partners, Canshare and Phonebusters, the complaints
are entered into a database called Consumer Sentinel. Over 1,000 law enforcement personnel connected to the system via desktop
terminals search for repetitive schemes and offenders. Help Line counselors also provide information to the callers. As of
June 2000, the database, maintained by the FTC and available to more than 240 law enforcement agencies in the United States
and Canada, contained in excess of 250,000 consumer fraud complaints
filed with federal, state and local law enforcement agencies and private organizations.
Ms.
Harrington testified, One of the great benefits of the Internet for law enforcement is that we are more able than we have
been with any other medium to see what is going on as it happens and to use the technology to fight the fraud. At its Web
page, the FTC operates an online, real-time complaint form. When consumers fill it out, their complaints go directly into
the Consumer Sentinel database.
In addition, the FTC pioneered periodic, concentrated,
daylong
Surf
Days, searching the Internet for targeted fraudulent schemes in
partnership
with state and local agencies throughout the country. New. Jerseys Division of Consumer Affairs participates in these periodic
nationwide enforcement sweeps. Past targets have included bogus lotions and potions health claims, pyramid schemes and credit
repair frauds.
Scamming Web sites that have blocking programs to screen out anyone using a government computer are accessed by investigators
from their home computers.
In
February 2000, with the help of agencies in 28 countries, the
FTC,
assisted by the U.S. Securities and Exchange Commission and the U.S. Postal Inspection Service, targeted more than 1,600 suspect
Web sites throughout the world. Law enforcement officers from other federal agencies and 45 states, including New Jersey,
participated in the FTCs 21 st international sweep of companies touting get-rich-quick schemes over the Internet. The site operators
were warned that failure to cease operations or change their claims would lead to enforcement action.
The FTC has a list called the "Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk E-Mail.
Individuals
can forward their scam spam (unsolicited commercial e-mail, or UCE) to a special FTC e-mail address uce@ftc.gov. The FTC receives more than 1,000 such messages a day. It also issued a brochure
about UCE entitled Trouble @ the In-Box.
In
1998, the FTC published a booklet called Advertising &
Marketing on the Internet: Rules of the Road.
Ms.
Harrington testified that the FTC uses the Internet for consumer education. Mimicking fraudulent offers with portions of actual
scam pages, FTC staff creates teaser Web sites that look just like what the scam guys do, according to Ms. Harrington. If
consumers respond, they view a notice that begins as follows:
"If
you answered an ad like this, you could get scammed. Were the
Federal
Trade Commission. Here are some things that you need to
watch
out for if youre looking for a home-based business
opportunity
on the Internet."
The
site then directs the surfer to a series of links where consumers
can
learn how to protect themselves from fraud on the Internet.
On
February 2, 1999, the FTC and the attorneys general of several
states
announced a crackdown on credit repair fraud. In 1997, the FTC joined attorneys general in 12 states in Operation Trip-Up, an effort to curtail travel-scam artists. Various operators were forced to stop
offending activities and, in some cases, to repay consumers.
INTERNET FRAUD COMPLAINT CENTER
In
1999, the Federal Bureau of Investigation (FBI) launched the
Internet
Fraud Complaint Center (IFCC) in Morgantown, West Virginia.
It
may be reached through the FBIs Web site or www.ifccfbi.gov. Co-sponsored with
the National White Collar Crime Center, the IFCC collects computer crime complaints from the public at its Web site. It also
serves as a clearinghouse of online fraud complaints collected from a variety of organizations.
Approximately
80 percent of the complaints received do not meet the FBIs threshold guidelines for initiating an investigation. These are
forwarded to state and local law enforcement agencies. The National White Collar Crime Center, which receives some project
funding from the U.S. Department of Justice, provides analytical support and training to the local and state agencies. It
is developing a curriculum for Internet fraud investigations.
The
Complaint Centers 150 personnel will develop a national
Internet
fraud strategy, identify and track fraud, analyze crime trends, triage complaints, develop investigative packets, and forward
information
to the appropriate agencies.
When
a fraud has been referred to a particular agency, similar complaints will be referred to the same place. Within the FBI, a
group of senior intelligence research specialists conducts Internet fraud investigations.
INTERNET FRAUD COUNCIL
Established
in early 1999, the Internet Fraud Council (IFC)
(www.internetfraudcouncil.org) is a nonprofit organization of
corporations,
trade associations and academic institutions working
with
government and the media on preventing, interdicting and
prosecuting
fraud committed over the Internet. Based in Richmond,
Virginia,
the IFC is creating a clearinghouse of information regarding
the
variety of economic crime perpetrated on the Internet. It is studying
and quantifying incidents of Internet fraud and disseminating
the
information to its members and law enforcement agencies.
The
IFC plans to develop tools and best practices that can be used by its members to alleviate the threat of cyber-crime to their
respective organizations.
Three
privately funded anti-fraud groups support the IFC. They
are
the National Fraud Center (a fraud and risk management consulting firm established in 1982), the National White Collar Crime
Center, and the National Coalition for the Prevention of Economic Crime (NCPEC a non-profit research organization). The IFC,
which is a division of NCPEC, provides training to counter Internet fraud and forecasts fraudulent activity. It gathers statistics
and identifies trends in online fraud.
The
Council also has created a set of standards for companies
doing
business on the Internet. It offers a fraud-free seal of approval for such businesses..
INTERNET FRAUD WATCH
The
National Fraud Information Center (NFIC) was established in
1992
to combat telemarketing fraud. In 1996, the Internet Fraud Watch (IFW) was created to operate in tandem with the NFIC, expanding
the scope of fraud-fighting efforts to scams in cyberspace.
Both
are programs of the nonprofit National Consumers League (NCL), which was founded in 1899. The NCL also has an Elder Fraud
Project. The NFIC/IFW toll-free hotline is 1-800-876-7060 (Web site: www.fraud.org).
Trained
counselors help consumers identify the danger signs of fraud. The Alliance Against Fraud in Telemarketing, a coalition of
private
sector, government and nonprofit groups coordinated by the
NCL,
promotes public awareness about telemarketing and Internet fraud.
Susan
Grant, the Director of NFIC and IFW, testified that New Jerseys Division of Consumer Affairs is a long time member of the
Alliance.NFIC/IFW is the primary data source for the Federal Trade
Commission/National
Association of Attorneys General National Fraud Database (Consumer Sentinel), which, in turn makes information about frauds
available to law enforcement in the U.S. and Canada on a 24- hour basis. NFIC/IFW also relays complaints to law enforcement,
including those filed by consumers using online fraud reporting forms available through the NFIC.
BBBONLINE®
Established
in April 1997, BBBOnLine, Inc. is a wholly owned
subsidiary
of the Council of Better Business Bureaus, Inc. (CBBB). The BBBs contribute complaints about online fraud to the FTCs Consumer
Sentinel.
The
BBBOnLine Reliability program was designed to help build
confidence
in the electronic marketplace. Since its creation in April
1997,
more than 2,600 companies have applied for BBBOnLine and in excess of 2,300 have been accepted. Of these, more than 2,000
are current, active participants. To be accepted into the program, online businesses must comply with the following requirements:
_
Own an operational Web site;
_
Provide the BBB with information regarding company ownership
and
management and the street address and telephone number at
which
they do business, which will be verified by the BBB in a
visit
to the companys physical premises;
_
Be in business a minimum of one year;
_
Have a satisfactory complaint handling record with the BBB;
_
Agree to participate in the BBBs advertising self-regulation
program
and correct or withdraw online advertising when.81
challenged
by the BBB and found not to be substantiated or not
in
compliance with the BBBs childrens advertising
guidelines;
_
Respond promptly to all consumer complaints; and
_
Agree to arbitration, at the consumers request, for unresolved disputes involving consumer products or services advertised
or promoted online.
Approved
participants may place the BBBOnLine seal of approval on their Web sites. Each seal links to the BBBOnLine database so a
consumer
can click on the seal and confirm instantly that the seal
belongs
to a valid BBBOnLine participant. Online shoppers can access a BBBOnLine profile on the participant. Those seeking reliable
businesses of a particular type can search BBBOnLine Reliability at
www.bbbonline.org/businesses/reliability/index.html.
BBBOnLines
Web site, www.bbbonline.org, links to many BBB tips for avoiding
scams found on the Internet. It also links to other BBB services on the Web, such as online complaint filing, business and
charity report lookups and online safe shopping tips.
Russell
Bodoff, BBBOnlines Senior Vice President and Chief
Operating
Officer, testified that most of the problems his organization encounters in e-commerce involve misleading advertising rather
than fraud. He added:
Whats
interesting when we go back to the companies though, we
get
almost a hundred percent compliance in making changes to the
Web
site. So it makes us feel that what we really have I think its an opportunity to work together through our local Better Business
Bureau and the law enforcement organizations in any given state is an education process, and reaching out to as many businesses
as possible, because were finding the problem with smaller companies, and thats the excitement of the Internet. That is, the
small business [that] never before could afford to advertise in anything more than a local penny saver, now, through some
creativity, can put up a Web site that can make [it] look as good as Fortune 500 companies and can reach [its] audience, but
with a lack of sophistication.
So
business education I think is going to be extremely critical.
Its
going to help cut down problems in the future where consumers are going to be misled, not deliberately, but because the company
is just not comfortable. Because how many times do we see on the Internet companies claims of worlds largest selection or
worlds lowest prices. Well, in off-line media, the company is expected to have substantiation for any of that claim. And we
expect the same thing on the Internet, the traditional advertising law to apply. But this has been forgotten, and one of the
prime reasons is that a lot of the companies who are driving the Internet, Internet advertising and creation of commercial
Web sites, are a lot of new young startup companies who are not familiar with a lot of the traditional criteria. So we really
have to cite the education aspect.
SECURITIES AND EXCHANGE COMMISSION (SEC)
The
SEC has a new Office of Internet Enforcement that patrols
cyberspace
looking for business fraud, stock fraud and other crimes.
The
SEC has implemented a Cyberforce of more than 240 attorneys, accountants and analysts, called Cybercops,
specially trained to detect fraud while surfing the Internet. For example, in November 1998, thirty U.S. state regulators,
the British Columbia Securities Commission and the Ontario Securities Commission joined together for Investment Opportunity
Surf Day, searching the Internet for investment scams.
Online defrauders want to be found by potential victims.
This also affords the SEC Cyberforce opportunities to detect frauds as they are developing. In some instances, the Cybercops
can bring an
enforcement
action before any victim loses a penny. Thus, the Internet has become a powerful tool for law enforcement as well as scam
artists.
The
SEC asked Congress for $150 million for its enforcement and
investor
education programs for federal fiscal year 2001. The agency plans to create an automated surveillance system to search public
online forums, such as Web sites, message boards and chat rooms for telltale words or phrases indicating unscrupulous stock
promotions. SEC investigators currently do the job manually with computer search engines.
The
SECs Enforcement Complaint Center has an e-mail hotline,
enforcement@sec.gov, launched in June 1996. By early March 1999, it was receiving more than 300 fraud tips a day,
up from 15 a day two years earlier. The Centers toll-free telephone hotline is 1-800-SEC-0330.
The
SEC has established programs to educate investors about the
risks
associated with Internet securities fraud, such as posting
relevant
information on its Web site at www.sec.gov. The Office of
Investor
Education and Assistance can be reached online at
help@sec.gov. The SEC warns investors to read its "Cyberspace
Alert" before purchasing any investments touted on the Internet. The document can be accessed through the
Investor Assistance and Complaints link at the agencys Web site.
Investors
can, without charge, access company financial reports
that
must be filed with the SEC via the agencys Electronic Data.83
Gathering,
Analysis and Retrieval (EDGAR) system, located at its Web site.
If
a companys reports are not listed on EDGAR, investors may
find
out from the SEC (1-202-942-8090) whether the company filed a
stock
offering circular under Regulation A or a Form D notice.
The
SEC also lists its enforcement actions and trading suspensions on its Web site. According to John Reed Stark, Chief of the
Office of Internet Enforcement, the SEC has brought over 100 Internet fraud enforcement actions since 1995 (38 in 1998).
Geraldine
M. Walsh, Special Counsel to the Director of the SECs
Office
of Investor Education and Assistance, testified about how
enforcers
and consumers can take advantage of investment defrauders need to collect money eventually:
For
investment frauds, at some point, the scamsters want to collect money, and thats where were able to track them down.
We
do run into problems, though, of people just disappearing into
thin
air. [O]ne of the things that we caution investors to do,
this
is what our enforcers do, is when you see a Web site that
looks
like a scam, or if you see a Web site and youre going to
invest
based on that Web site, print it right then and there.
And
if your server doesnt give you the date and time that the
information
was printed, then write it down yourself, because in
two
days or in two hours or two minutes, that information may not
be
there.
So
there is that phenomenon of people just disappearing into thin
air.
But like I said, at some point these guys want money, and
thats
where were able to nab them.
NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION
Based
in Washington, D.C., NASAA represents state securities law
enforcers.
Investors can check its Web site (www.nasaa.org) for alerts regarding particular schemes or types of investments to avoid. State regulators or
consumers can check the Central Registration Depository (CRD) to determine if a broker promoting a particular stock, or the
brokers firm, is registered or has a disciplinary history.
NATIONAL ASSOCIATION OF SECURITIES DEALERS (NASD)
NASD
can give investors a partial disciplinary history of a broker or brokerage firm. Its toll-free public disclosure hotline is
1-800-289-9999, and its Web site is www.nasdr.com.
FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)
The
Division of Compliance and Consumer Affairs of the Federal
Deposit
Insurance Corporation (FDIC) operates a toll-free hotline at
1-800-934-3342.
Its Web site to report suspicious sites or to check
them
out using a consumer news link is www.fdic.gov.
The
FDIC has 20 examiners who surf the Net on a part-time basis
to
locate bank scams.
MAIL ABUSE PREVENTION SYSTEM
A
voluntary group of systems administrators from around the
world,
calling itself the Mail Abuse Prevention System, maintains a
Realtime Blackhole List of notorious spammers senders
of unsolicited e-mail.
Appearing
on the list, which started in 1997 and contains about 1,400 entries, marks generators of obvious junk e-mail as spammers.
Enough Internet service providers refuse to deliver e-mail produced by those on the list to separate them from about 40 percent
of the online world. By-and-large, this pleases the vast majority of Internet users since the overwhelming majority of spam
comes from pornography sites or individuals pitching get-rich-without-working schemes.
NEW JERSEY DIVISION OF CONSUMER AFFAIRS
The
New Jersey Division of Consumer Affairs
(www.state.nj.us/lps/ca/home.htm) has a specialized E-Commerce Investigative Unit, also known as cybercops, drawn
from the Divisions sub-units, including the Office of Consumer Protection, the New Jersey Bureau of Securities and the Office
of Professional Boards.
The
Unit was established in 1995 and is headed by a supervising
investigator.
Ten investigators work on a full-time basis to uncover
fraudulent
e-commerce, including, but not limited to, securities
fraud,
prescription legend drug fraud, deceptive cyber-practices in
the
sale of merchandise and unlawful offers of professional services
over
the Internet. The Divisions cyber-unit has expanded its
operations
to join with the Division of Gaming Enforcement to combat cyber-gaming, the Division of Civil Rights in fighting discriminatory
housing rentals and the Division of Criminal Justice in fighting the distribution of illegal drugs, including the date rape
drug, GHB.
In
March 1999, the Division implemented an online complaint form
that
can be completed and electronically mailed at the touch of a
button.
Prior to this, investors seeking to report suspicious
investment
offerings made on the Internet had to download the Bureaus complaint form, complete it by hand and mail it to the Bureau.
In
addition to inquiring at the SEC, investors should check with
New
Jerseys Bureau of Securities to see if it has additional
information.
The Bureau can check the Central Registration Depository (CRD) to determine whether the broker touting the stock, or the brokers
firm, has a disciplinary history. It can also find out
whether
the offering has been cleared for sale in New Jersey.
The
Bureaus surveillance efforts have led to the resolution of
registration
or regulatory transgressions without the need for formal
enforcement
action. During 1999, nearly 20 entities offering
investment
products or services on the Internet have registered or
modified
or deleted their Web sites in response to Bureau contacts.
In
April 1999, the Bureau assessed civil penalties for violating New
Jerseys
securities laws against an unregistered Internet investment
adviser
who misled 10 investors into making risky investments. He was ordered not to apply for registration as a broker-dealer, agent
or
investment
adviser in the state. Also, in October 1999, the Bureau
sued
a company offering unregistered shares of stock over the
Internet.
Allegedly, five defendants pocketed more than $850,000 in
net
proceeds from the sale of shares to state residents.
The
Cyberfraud Unit also works in other areas under the
jurisdiction
of the Division of Consumer Affairs. For example, on
February
16, 1999, investigators assigned to the Unit conducted the
Divisions
first Surf Day, identifying suspicious Web sites
involving
licensed professionals.
Many
were operating without proper licenses. Several had prior disciplinary histories or failed to list proper specialty designations
or permit numbers.
In
late 1999, the Division filed two civil cases under New Jerseys Consumer Fraud and Pharmacist Licensing laws involving illicit
sales of the drug Viagra over the Internet. In one case the
anti-impotence
drug allegedly was shipped in response to a request
over
the Internet in the name of an investigators dog. In the other
case
two men who were not pharmacists allegedly offered Viagra over the Internet and dispensed it when supplied with physician
prescriptions.
Allegedly, in neither case did the purveyor take note
of
any other medications the patient was taking and warn of
potentially
harmful interactions. Meanwhile, one recent federal
investigation
turned up 86 Internet sites offering Viagra without a
prescription.
In
March 2000, the Division filed a second round of complaints
against
eight unlicensed pharmacies, based in six cities outside of
New
Jersey, for allegedly selling medication over the Internet to New
Jersey
patients.
The
companies specifically were accused of failing to disclose to undercover investigators posing as online patients that they
were not licensed in New Jersey. Doctors working with the companies allegedly prescribed medication in virtual visits, although
they were not licensed to practice medicine in New Jersey.
The
visits required the patient to fill out a simple questionnaire
but
included no medical examination.
The
U.S. Food and Drug Administration estimates that there are in
excess
of 400 online pharmacies. According to the market research firm Cyber Dialogue, more than 200,000 people bought prescription
drugs online from July 1998 to July 1999.
The
drug mills in the profession hurt legitimate online pharmacies that work with reputable physicians and have a genuine concern
for patient safety. In December 1999, the National Association of Boards of Pharmacy (www.nabp.net) established a voluntary certification program
for Verified Internet Pharmacy Practice Sites meeting the requirements of 17 review criteria.
Certifications
have been awarded to FamilyMeds.com, Drugstore.com, Merck-Medco Rx Services and PlanetRx.com.
State
medical and pharmacy boards have expressed concerns to the FTC that their existing enforcement tools are not adequate to police
online sales of medication. In mid-1999, the FTC recommended that Congress consider whether legislation requiring disclosure
of identifying information about the location of prescription drug Web sites, online prescribing physicians and online pharmacies
is necessary to assist state law enforcement efforts.
In
December 1999, the President asked Congress to give the Food
and
Drug Administration (FDA) the power to review and certify hundreds of drug-dispensing Web sites. Under the proposal, fines
up to $500,000 could be levied for dispensing drugs without a valid prescription or operating without FDA certification. The
FDA also would have the power to subpoena the records of online pharmacy sites during investigations. $10 million for the
2001 budget would be available to hire FDA investigators and upgrade computer equipment for the online pharmacy program. The
FDA opened a consumer-advice Web page (www.fda.gov) to help patients ensure they are buying from legitimate stores instead of dangerous quacks.
Stressing
the importance of jurisdiction over the activities of
online
pharmacies, the New Jersey Division of Consumer Affairs has
called
for new legislation allowing it to license out-of-state
pharmacies
doing business with New Jersey residents over the Internet.
Additionally,
the Division formed a Telemedicine Task Force to study potential problems associated with the delivery of health care via
the Internet.
Telemedicine
is a health care providers use of electronic
communication
and information technologies to provide or support
clinical
care to a patient at a remote location. Physicians use the
Internet,
personal computers, satellites, video conferencing equipment and telephones in telemedicine applications. The Division is
developing proposed legislation based on the Task Forces.87 recommendations. The proposed legislation would create a limited
license that physicians outside the State would be required to possess to diagnose or treat in-state patients through the
use of electronic devices. Provisions also are being drafted that would allow physicians, including those who hold the new
limited license, to e-mail prescriptions for patients.
The
Division also brought a civil case in October 1999 against a
Monmouth
County woman who, using a variety of pseudonyms, offered to sell Beanie Babies and Furby plush toys over several online auction
sites. She allegedly never delivered after collecting money for the toys and for tickets to an August 1999 Bruce Springsteen
concert.
As
a result of its participation in a FTC-sponsored Surf Day,
the
Division brought an action against a Paterson-based credit-repair business operating via the Internet. The Division also has
issued warnings to nearly 20 dentists and chiropractors in connection with irregularities in their Internet advertising. In
addition, the Division published a notice in a trade newsletter, NJ Car, warning automobile retailers to follow proper
Internet advertising practices.
Moreover,
prompted by consumer complaints about online auctions, the Division has requested and received information from eBay, Inc.
in accordance with the latters policy to share information with law
enforcement.
In
the area of charitable fundraising, two previously unregistered charities have registered after investigators discovered that
they were soliciting donations via the Internet. After the Division contacted it, a Vermont organization, Volunteers for Peace,
added a disclaimer page to its Web site to make it clear that the charity was not soliciting in New Jersey, where it is not
registered.
In
the fall of 1999, desktop high-speed Internet connections were
installed
for investigators in the Office of Consumer Protection. This
has
enabled the Division to accelerate investigator training and to
expand
its focus from businesses that use the Internet as one of many tools to deceive to those that exist primarily to take advantage
of e-commerce as an end unto itself. The Division specifically intends to participate in training programs offered by the
National White Collar Crime Center. Moreover, efforts to educate the public about Internet fraud have been
incorporated into the Divisions consumer outreach program.
IDENTITY THEFT
AN ESPECIALLY EGREGIOUS FRAUD
Identity
theft undermines confidence in the integrity of commercial transactions and invades individual privacy. The Internet
provides to perpetrators low-cost, efficient methods for capturing the identities
of unsuspecting victims.
Sometimes
called true-name fraud or account takeover fraud,
identity
theft commonly refers to a host of frauds, thefts, forgeries,
false
statements and impersonations involving the use of another
persons
identifying information.
Identity
theft facilitated by the Internet will grow as electronic commerce grows, which it is doing exponentially. Cyber Dialogue,
a New York-based Internet research company, reported that by the third quarter of 1999, 19.2 million U.S. adults had used
their credit cards for online transactions, versus 9.2 million during all of 1998. The number of people worldwide buying goods
and services on the Internet should rise to 120 million in about three years.
Once
armed with an individuals personal information, identity
thieves
use it to open new accounts, take over old accounts, make
purchases
or commit offenses in that persons name. With a birth date and an address an identity thief can obtain a birth certificate
and progress to obtaining a passport, drivers license and credit, all in someone elses name.
While
impersonating another, a wrongdoer can take out loans,
lease
cars, buy merchandise, take trips, open bank accounts, cash
checks,
obtain credit cards, sign up for cellular telephone service,
rent
apartments, or acquire a home mortgage or equity loan. The
perpetrator
can saddle an innocent victim with a criminal arrest
record
or commit motor vehicle violations in the victims name.
Privacy
concerns and fear of credit card fraud discourage online
purchasing.
Nonetheless, most experts contend that consumers are at much greater risk using credit cards at stores, restaurants or gas
stations
than at secure Web sites. Encryption technology and Web site authentication procedures ensure the security of online transactions
to most consumers satisfaction. Indeed, the National Consumers Leagues Internet Fraud Watch has not received a single complaint
of someones credit card number being stolen while transmitted to a legitimate merchant over the Internet.
A
couple of recently exposed incidents have diminished the absolute confidence with which many consumers conduct e-commerce
via
credit
cards. In December 1999, an Eastern European hacker, using the alias Maxus, allegedly stole the numbers of about 300,000 credit
cards from the database of an Internet Web site, CD Universe.
When
the firm refused to pay a $100,000 extortion demand, about 25,000 numbers were sold on a Web site, which has since been taken
down.
In
December 1999, British hackers attempted to extort $10 million
from
VISA International after obtaining access to the companys
computer
system in July 1999. The firm maintained that the hackers
accessed
some corporate servers and obtained some marketing material but no credit card or transaction processing information. With
apparent confidence in its security system, VISA refused to pay the demand and contacted Scotland Yard and the FBI.
Neither
of these incidents involved a successful attack on data
in
transit from customers to vendors or transaction processors. Secure socket layer (SSL), the security protocol built into most
Web
browsers,
very effectively, if not perfectly, protects such data in
transit.
However, when companies store consumer credit information in areas that are connected to the Internet, they are asking for
trouble, unless they have installed state-of-the-art security measures.
Storing
credit card information in a database typically is done
as
a convenience to customers, but without proper safeguards, it may involve security risks. If credit card information is stored,
it
should
be encrypted using the latest technology.
Access
to the database should be severely restricted, and electronic keys should be changed frequently. Vendors also must make sure
that their own computer staffs do not abuse the credit card information. As an extra precaution, consumers may ask vendors
not to save their credit card numbers, or they may use a separate credit card for online purchases only and cancel it at the
first sign of vendor trouble.
Recent
technological advances also are making bank account debit
transactions
more secure. A Woodcliff Lake-based private network owned by several large banks has developed a CD-ROM the size of a card
to securely authorize withdrawal of funds from a checking account to pay for Internet purchases. Encrypted information from
the card is routed from the customers computer through the network to the online merchant. Once the information is confirmed,
including the personal identification number (PIN) entered by the customer, the money for the purchase is automatically debited
from the customers checking account. Because of the strength of the encryption, a cyber-thief would have to steal the actual
card, along with the customers PIN, in order to access his checking account. No financial data is actually typed into a keyboard
or sent to a merchants Web site and stored.
Banks
and credit card companies pick up the lions share of the
direct
financial tab for identity theft. Under the Fair Credit Billing
Act,
an individuals financial liability is limited to $50 if he promptly reports fraudulent use of a credit card to the credit-card
company.
For
similar protection, debit-card holders must notify their
banks
within two business days. If they wait longer, users are liable
for
as much as $500. Meanwhile, the corporate victims pass their
losses
on to consumers, who bear the costs indirectly in the form of
higher
prices and interest.
The
indirect financial and "human" costs of identity theft for the
individual victim are quite substantial. People whose identities
are
stolen must cope with reputations for substantial indebtedness,
ruined
credit histories, difficulty finding employment, and trouble
renting
or buying housing. For many victims, their only "fault" was
being
on a list or in a file that was stolen, or being duped into
giving
out information to the wrong people.
A
victim may not even know that her identity has been stolen until
she is dunned for a debt about which she knows nothing.
Meanwhile,
her credit reports, in the hands of national commercial
credit
bureaus that report creditworthiness to vendors and lenders,
may
contain errors for a number of years before they are fixed.
Unless
the credit reporting companies promptly correct the information in their files, the victim may have to continuously establish
the creditworthiness that other consumers take for granted.
Recent
federal legislation allows consumers to seek restitution
for
expenses from the criminal who carried out the identity fraud.
However,
actually obtaining such restitution might prove impossible if
the
criminal is not caught or if there is a long list of creditors seeking
similar restitution.
The
significant financial losses incurred by identity theft victims trying to restore equilibrium in their lives have prompted
at least one national property casualty insurer to offer identity fraud expense coverage, starting in 1999. Available to homeowner
and tenant
policyholders
for an additional premium of about $25 per year, the
coverage
reimburses victimized policyholders for up to $15,000 in
expenses
they incur as a result of identity fraud. Expenses covered
include
legal expenses, loan re-application fees, telephone and
certified
mailing charges, notary expenses and lost wages for time
taken
from work to deal with the fraud.
Although
the volume of identity fraud in the United States and New Jersey is
difficult to quantify, available information indicates that it is prolific,
and undoubtedly one of our fastest growing crimes. Loss prevention experts
believe 20 people have their identities stolen in New Jersey every day.
MasterCard International reported that identity theft accounted for
$1 billion in losses in 1998.
Officials
do not have comprehensive figures on how many identity
thefts
occur annually because it is not broken out as a separate crime in analyses of fraud schemes. The U.S. Secret Services national
tracking reveals that at least 1,000 Americans are victimized by identity theft every day and that the cost almost doubled
from about $442 million in 1995 to $745 million in 1997.
According
to the Public Interest Research Group (PIRG), up to 40,000 people are victimized
by identity theft every year.
Trans
Union LLC the only credit bureau to track identity theft
cases
reported that two-thirds of all consumer inquiries to its
Fraud
Victim Assistance Department involve identity theft, according
to
a 1998 General Accounting Office study. The number of cases
reported
to Trans Unions hotline jumped from 35,235 in 1992 to
522,922
in 1997, the GAO added. Another credit bureau, Equifax Credit Information Services, Inc., received 1,200 calls a day on its fraud lines in 1997, quadruple the number received in 1995. In 1996 and 1997, identity theft was the number one complaint at the Privacy
Rights
Clearinghouse, based in San Diego, California.
Meanwhile,
the Social Security Administration, which operates a
fraud
hotline at 1-800-269-0271, reported that it received 30,115
complaints
about the misuse of Social Security numbers in 1999, most involving identity theft. That was a tremendous surge from 11,013 such complaints received in 1998 and 7,868
in 1997.
It
is easy to understand why so many criminals, including organized rings,
have turned to identity theft in ever increasing numbers in modern times.
An identity thief runs up an average of $20,000 to $30,000 in bills
on each victim versus the average take from a more risky bank robbery
of just $2,500.
Retrieval
of identity information via the Internet is just the most recent of
many methods by which perpetrators compromise others identities.
According
to the U.S. Secret Service, organized groups account for 75 to 80 percent of identity fraud cases. Members of the
rings get jobs with housekeeping companies or security firms and then snoop for sensitive information in computers, file cabinets
and trash bins. In March 2000, for example, Union County authorities arrested 14 people connected to an organized crime group
whose main operation was identity theft.
Allegedly,
an auto dealership employee provided to the groups leader drivers license information for customers taking test drives or applying for financing. Using high-tech methods to reproduce official documents,
the group allegedly created hundreds of phony drivers licenses used to apply for credit cards and instant credit at electronic
and home improvement stores. In some cases, merchandise obtained by impersonators allegedly was sold sometimes over the Internet
to pay off their debts to at least one loan shark associated with the group.
The
Internet now affords perpetrators, whether operating individually or as members of organized rings, access to a vast amount
of information about individuals and businesses with just a few
keystrokes.
Until
1997, the Congressional Records Web site included the
Social Security numbers of military officers granted promotion
approval
by Congress. Using the data on the government Web site, a private site operator posted the numbers, along with those of many
prominent
public figures.
In
December 1999, the Newark Office of the Secret Service arrested three people for allegedly using the military officers
numbers to create hundreds of phony credit card accounts, including at least one
in the name of the former Chairman of the Joint Chiefs of Staff. Two Trenton residents pled guilty in U.S.
District Court in early 2000.
If
an identity thief wants someones Social Security number, he or she can
purchase it from one of a host of vendors selling personal
information
on the Internet. The ready availability of Social Security
numbers
in the public domain has enabled at least one Web site,
docusearch.com,
to offer to retrieve a persons Social Security number in one day for a $49 fee.
Many
legitimate companies obtain significant amounts of personal
information
about Internet users and their children in order to pass
it
on to marketers selling merchandise or services via e-mail or
advertising
banners. In return for permission to collect and distribute information
about purchasing preferences and household
demographics,
these companies offer incentives ranging from the
opportunity
to win scholarships in sweepstakes to cash payments for
each
e-mail received. If not careful, however, a person could respond
to
a phony offer and provide information that could be used for
identity
theft or other illicit purposes.
The
human element is the weakest link in the information security
chain.
Violators take advantage of human carelessness through high-tech and low-tech snooping. Traditional methods include sorting
through
discarded trash ("dumpster diving"), co-workers or cleaning
crews
rifling through workplace desk drawers, theft of U.S. mail,
bribing
bank employees, and soliciting information with false job
application
schemes. With these methods exposure is limited, however, by the physical process required to gather the information. Online,
on the other hand, aggregation of personal data can occur rapidly as the perpetrator surfs from source to source with a few
keystrokes and without ever having to leave home.
With
inexpensive but sophisticated "desktop publishing," criminals can quickly
create high-quality false identity documents or checks in someone elses
name. In the case of Internet transactions, the wrongdoer does not have
to present bogus identification documents, whose falsity sometimes can be detected by careful inspection.
Criminals
compromise real identities far more often than they
fabricate
new ones. Thieves can capitalize immediately on a businesss confidence in a longstanding relationship with a reliable customer.
The
defrauder does not have to cultivate a new relationship with the
corporate
victim.
It
is likely that the private sector will, in the long run, resort more and more to definitive methods for confirming consumer
identity: fingerprints, iris scans, face-recognition software, so-called
smart
cards, and the like.
IriScan, Inc. (www.iriscan.com) of Marlton, New Jersey, for example, has developed iris recognition
technology for automated biometric systems. Visionics, Inc. of Jersey
City, New Jersey, developed software called FaceIt whose uses include identification of customers at ATM machines via their
distinctive face prints. This helps people who lack bank accounts but wish to cash checks.
The
company reported that about 645,000 people have registered their face prints to cash checks and wire money at 500 Wells Fargo face recognition ATM machines in California, Texas, Arizona and Florida.
However,
organizations such as the Online Privacy Alliance (www.privacyalliance.org) and PIRG reject
such methods as
invasion
of privacy.
Law
enforcement officials and privacy activists believe that credit card
companies and banks already have substantial "know-how" to prevent a large portion of fraud and counterfeiting but are reluctant
to invest in the technology or assign the necessary resources.
When
a "customer" requests a change of address, for example, the company extending credit always should communicate with the customer
of record at the old address or telephone number in order to confirm the change.
Sometimes,
careless lenders even permit transactions on closed credit card accounts. Creditors and credit bureaus could implement a fraud
notification system that would use software to identify patterns of fraudulent use within the creditor or credit bureaus databases.
Once suspicious transactions were flagged, timely notification could be given to all interested parties, including the individual
victim.
Most
credit card issuers claim they already vigilantly monitor
customers
buying patterns and quickly flag questionable transactions.
Several
of the countrys largest credit card issuers are now building
a
database, with assistance from the Secret Service, in order to share information and identify common geographic locations
where credit card fraud occurs.
Although Post Office mail drops are essential for the
success
of
many schemes, including credit card and identity theft, in the past
there
was little scrutiny to determine if they were being used for
illegal
activity.
Effective April 24, 1999, new U.S. Postal Service regulations
imposed stricter requirements on private mailbox (PMB) customers and
commercial mail receiving agencies (CMRAs). The latter are private businesses that, through a written agreement, accept their
customers mail from the Postal Service, hold it for pick-up (private mailbox) or re-mail it to other addresses.
Under
the new regulations, CMRAs must register with the Postal
Service
to act as an agency to receive delivery of mail for others.
They
must ask those who rent PMBs from them to produce two forms of identification, one with a photograph. They may not deliver
mail to a box unless the customer has identified himself in a Form 1583 that is kept on file. The CMRAs are required to submit
quarterly alphabetized lists of their customers to the Postal Service. Their customers must use the designation PMB and the
relevant number in their mailing address. An address format change will let correspondents know they are dealing with the
holder of a private mailbox at a specific street address and not an occupant of a suite or apartment.
A
large share of the responsibility for identity theft rests with the
credit card issuing companies and vendors who extend credit too eagerly.
Pre-approved credit card applications abound in everyones
mail
and e-mail. John P. Lucich, President of Secure Data Technologies Corp. of Fairfield, New Jersey, testified that his seven-year-old
son recently received one.
Beth
M. Grossman, the Federal Trade Commissions Identity Theft Program Manager, testified that Department store chains constantly
seek customers who will open a chain credit account in return for a discount on a current purchase. She added that in their
zeal to grant credit instantly they do not check the customers credit report, which might contain a fraud alert. By failing
to check, they provide additional opportunities for identity thieves.
DEMONSTRATION OF ONLINE PITFALLS
Pretending
to sell products and services, fake Web sites entice
customers
with attractive looking deals.
They ask the unsuspecting victims for their names, addresses, credit card numbers and mothers maiden names. Sometimes the consumer will provide the information in connection with an application for credit
from a sham credit card site.
The sites operators e-mail the consumer that her application
has been denied and simultaneously provide her personal information to identity thieves.
John
Lucich testified how a defrauder could turn a credit card
with
a simple $1,000 credit limit into an illicit cash cow. Armed with
such
a card under a phony or stolen identity, the perpetrator applies
for
a credit card processing machine commonly advertised in magazines for use by home businesses.
The
defrauder then obtains a legitimate merchants credit card processing number and terminal ID number from discarded receipts
that he might find lying around a mall parking lot.
He
programs the numbers into the credit card processing device. Then, he makes purchase after purchase with the credit card.
However, he never exceeds the cards credit limit because he uses the processing terminal and the impersonated merchants numbers
to enter returned merchandise credits canceling the charges in the credit-card companys computer.
By
the time the credit-card company realizes what has happened, the perpetrator, enriched by material goods from several expensive
purchases, is long gone.
Mr.
Lucich pointed out that anybody can set up a Web site for
as
little as $15 and attempt to defraud people. Through online
financial
newsgroups, the scammer can find out the e-mail addresses of people interested in enhancing their credit. He then spams such
people with e-mail touting the easy availability of credit on his Web site.
Once lured there, they provide the information that allows the
perpetrator to steal their identities and leech their good credit
histories. In that way, the schemer can reach thousands or even millions of specifically targeted potential victims
with the click of a mouse.
It
would take months, a large staff and significant expense to reach such
an audience with traditional solicitation by telephone or so-called
snail mail.
Pretending to be a consumer, Mr. Lucich showed how a
phony Web site dupes unsuspecting credit seekers. In a search engine for the aviation industry, he pointed out a rotating
advertising banner
offering
a credit card with an especially low interest rate.
By clicking on the banner, the consumer could view a
Web site that usurped the logos of legitimate credit card providers, such as Visa and MasterCard, and displayed an application
form. The site also contained a reassuring, but fake, certification of security and an
offer
of a free credit report.
The application form asked for personal information,
such as date of birth, social security number and mothers maiden name, as well as numbers and expiration dates of existing
credit cards. When Mr. Lucich submitted the completed application, the screen displayed the message:
Currently our Web servers are overloaded. Please try again at a later time. Thank you for your patience. Although the
consumer believes that his completed form was never sent, a defrauder has now captured all his pertinent credit information.
The
FTCs Beth Grossman testified how even a vigilant credit card
company
can be duped by a thief armed with an individuals identifying information. The thief starts by telephoning the company to
change the address on the account. Armed with his victims personal information, the thief can answer all of the questions
asked by the companys representative to separate genuine customers from wrongdoers.
The thief knows the legitimate customers social security
number, date of birth and mothers maiden name. Once the company assigns a new address to the account, the thief can order
expensive items with impunity, collect them at various delivery addresses, and never have to fear timely interruption by authorities
tipped off by the victim. Discovery of the scheme occurs only when substantial monthly bills are not paid or bogus credits
from an impersonated vendor are discovered.
When
the true account holder is traced back to his original address, the impersonator and his purchases are long gone. Ms. Grossman
added, The frustration happens when people dont find out about this until its at the time they need credit. They go to get
a mortgage or student loan, and they find that their credit is all screwed up.
HOW TO AVOID BECOMING A VICTIM
A
simple guideline is to assume that no personal information is
absolutely
private or safe. Anthony F. Colgary, Assistant to the
Special
Agent in Charge of the U.S. Secret Services Newark Field
Office,
testified potential victims bear some responsibility to try
to
monitor [their] credit reports to see whats going on. He added:
No
credit can be gained in your name, whether its a credit card
or
anything else, unless someone passes a credit check on you.
You
need to constantly review that credit report and make sure that no one
has changed your address, no one has ordered goods or
services
or credit that you havent authorized .
People may protect themselves from identity theft by taking the following steps:
--Get a free copy of your credit report from each of the three
major credit bureaus every year.
--Check to be sure that everything, including addresses,
is accurate.
Under
the federal Fair Credit Reporting Act (amended by the Consumer Credit Reporting Reform Act of 1996), a consumer who has been
denied credit during the last 60 days may receive a free copy of his credit report. In New Jersey he is entitled to one free
copy
annually,
even if he has not been rejected for credit. The cost
is
about $8.00 for each additional report.
To
order credit reports from the three largest credit bureaus:
Contact Equifax, Inc. (1-800-997-2493) (or 1-800-685-1111)
(www.equifax.com);
Contact Trans Union LLC (1-800-916-8800)
(www.tuc.com); and
Contact Experian (www.experian.com) (1-888-397-3742)
(formerly TRW).
--Monitor your account activity throughout the year
by reading your periodic statements thoroughly.
--Tear up or shred any pre-approved credit offer, receipt
or other personal information that links your name to an account number.
--Do not leave your ATM or credit card receipts intact in the
trash.
If you decide not to proceed with a loan or purchase, take all unused
copies with information home with you.
--Destroy or delete social security numbers from any
documents before throwing them away.
--Credit card solicitations are generated from "pre-screened
lists" of credit reports provided by credit bureaus. If you do not want
to
receive these offers, contact each of the Big Three credit
bureaus to remove your name from pre-screened lists.
.
--If your credit card or other bills are more than two weeks late,
do
three things:
First, contact the Postal Service to see if someone has forwarded your mail to another address.
Second, contact your bank
to ask if the statement or card has been mailed.
Third, contact the businesses that send you bills.
--Do not pay your bills by putting them in your home
mailbox with
the
red flag up. Use the Post Office or a postal mailbox for bill
payments.
Protect your incoming mail with a locked mailbox or
Post
Office box.
--Protect your account information. Do not write your
personal
identification
number (PIN) on your ATM or debit card. Do not print or write your social
security number, credit card account numbers or driver's license number
on your checks or on the outside of envelopes when paying monthly bills.
Cover the pad when you are entering PIN numbers.
.
--Do not carry your social security card, passport or birth
certificate unless you need it that day. Take all but
one or two
credit
cards out of your wallet, and keep a list in a safe place at home of
your account information and customer service telephone numbers. Keep
tax records and other financial documents in a secure place.
--Memorize your social security number and all passwords and PIN numbers.
Do not use common identifiers, such as mothers maiden
names and birth dates, as passwords or PIN numbers.
.
--Never provide personal, credit card or other financial
information over the telephone or online, unless you
initiate the
contact.
In
a New Jersey case in January 2000, four students at Absegami High School
in Galloway Township allegedly purchased about $8,000 in merchandise,
delivered to unoccupied homes, using credit card numbers obtained by
tricking America Online and Earthlink subscribers. The teenagers allegedly
acquired passwords, addresses, telephone numbers and credit card numbers
of people in New Jersey and at least six other states by, in some cases, posing as online representatives of the service providers.
They
told the subscribers that their account information had been
lost
and should be provided again.
.
--Cancel, in writing, any credit cards that you do not intend to
use.
--If a creditor contacts you, do not provide information
about
your
account without contacting the creditor via a telephone number, address
or e-mail address indicated on your monthly statement.
--Do not put your genealogy online. It permits identity
thieves to
acquire
birth dates and maiden names.
--Check social security earnings and benefits statements once a year to make sure the earnings are recorded correctly.
--You may want to have your name, address and phone number deleted from marketers lists.
Write
to the Direct Marketing Associations Mail Preference Service (PO Box 9008, Farmingdale, NY 11735) and Telephone Preference
Service (PO Box 9015, Farmingdale, NY 11735).
ACTIONS VICTIMS MAY TAKE
Despite
precautions, growing numbers of individuals fall prey to
identity
theft. Early detection and reaction is essential to minimize
the
harm. It is important to quickly take the following actions:
--Immediately, make a complaint to your local police
department.
Obtain
a written copy of the police report for inclusion with
notification
letters. Contact the Federal Trade Commission to
report
the problem at 1-877-FTC-HELP.
--Immediately telephone the toll-free hotlines for the
fraud units
of
all three major credit bureaus and ask them to "flag" your account with
a Fraud Alert/Victim Impact statement. This tells creditors that you are a victim of identity fraud and asks them to contact you before opening any new accounts.
The major credit bureaus fraud unit telephone numbers are Equifax (1-800-525-6285), Experian (1-800-397-3742) and Trans
Union (1-800-680-7289).
Follow
up in writing, attaching a copy of the police report. The addresses are:
Equifax
P.O. Box 105069, Atlanta, GA 30348
Experian
Attn: Consumer Assistance Department,
CBA Information Services,
P.O. Box 677, Cherry Hill, NJ 08003
and
Trans Union
P.O. Box 6790, Fullerton, CA 92834.
--Order a copy of your credit report. The report is
free if you are
a
victim of identity theft or have been denied credit in the last 60 days.
Anytime you apply for a loan of any type, you are entitled to a copy
of the credit report that is provided for you.
--Immediately notify your banks and obtain new account numbers for all of your checking, savings and other accounts. Pick new PIN
numbers
for your ATM and debit cards. Close all of your credit
card
accounts and reopen them with new numbers.
--Immediately notify affected creditors by telephone
and follow up
with
written notification enclosing a copy of the police report.
--Immediately notify your local postmaster. Explain
that you
suspect
a false address is being used and would like help to find
out
the address. Also notify the U.S. Postal Inspection Service
(Web
site located at www.usps.gov/postalinspectors)of any
suspected
mail theft or use of impersonating addresses.
--Call the local field office of the U.S. Secret Service
to report
any
credit card fraud.
--Call the Division of Motor Vehicles to see if another
license was
issued
in your name. Put a fraud alert on your license. You may
want
to request a new number.
--Contact the Social Security Administrations Fraud
Hotline: 1-
800-269-0271.
Depending on the circumstances, you may want to
obtain
a new social security number from the Social Security
Administration.
You also may want to contact your local telephone, long
distance, water, gas and electric companies to alert them that someone may try to open accounts in your name.
--Maintain a log of all contacts with authorities regarding
the matter. Write down each persons name, title and phone number. You may need to re-contact them or refer to them in future correspondence.
--Do not allow yourself to be coerced by creditors into
paying
fraudulent
bills.
RECENT LAWS AND CONTROL PROGRAMS
Recently, special laws to contend with identity theft have passed at the federal level and in New Jersey.
Previously,
criminal.prosecutions were limited to fraud, theft, forgery and impersonation charges associated with the identity theft.
Victim loss thresholds of $40,000 or more limited the number of offenses brought to court.
NEW JERSEY LAW STRENGTHENED
Effective May 21, 1999, N.J.S.A. 2C:21-17,
concerning wrongful impersonation, was amended to specifically include identity theft in its provisions.
Before
the amendments became law, the offending conduct had to fit the elements of theft by false representation before it could
be prosecuted criminally. The amendments also allow authorities in New Jersey to prosecute those who make purchases in another state using identity information from a New Jersey resident.
Gerald
S. Flanagan, Legislative Director for New Jersey Public
Interest
Research Group (NJPIRG) Citizen Lobby, testified that an
effective state law was needed because the majority of consumer prosecutions take place on the state level.
|