The CFPB Consumer Complaints Database Does What It Was Designed To Do

In March 2012, the Consumer Financial Protection Bureau (CFPB) began accepting complaints from consumers about bank accounts, including checking, savings, CDs, and related financial products and services. Consumers were able to submit complaints about poor customer service experiences with banks and financial institutions.

Later during 2012, the CFPB began accepting complaints about student loans, credit cards, and credit reporting. In April 2013, the CFPB began accepting complaints about money transfers. In March 2013, the CFPB expanded the database to include mortgage complaints received since December 1, 2011. This expansion also included the addition of complaints about bank accounts private student loans, and other consumer loans received since March 1, 2012.

In March 2013, the CFPB went live with its Consumer Complaints Database. Some facts about it:

• Contains complaints submitted by more than 90,000 consumers
• Includes 450 companies
• Total complaints received - 131,500
• Complaints cover bank accounts, mortgages, student loans, credit cards, and related consumer loans
• Complaints about credit reporting (e.g., credit reports, credit reporting agencies) will be added later
• 48% of complaints were submited through the CFPB website
• 9% of complaints were submitted bia telephone
• 32% of complaints were received from other rgulators and agencies
• At February 28, 2013, the CFPB sent 109,200 complaints (83%) to companies for review and response. Companies have already responded to 104,100 (95%) of those complaints sent

A typical complaint includes:

"... he type of complaint, the date of submission, the consumer’s ZIP code, and the company that the complaint concerns. The database also includes information about the actions taken on a complaint by those companies – whether the company’s response was timely, how the company responded, and whether the consumer disputed the company’s response. A consumer’s identity and other personal information is not included in the data."

So, similar to reports provided the BBB, the CFPB also tracks the status of complaint resolutionl. The CFPB goes further and includes resolution amounts.

In its summary report, the CFPB listed complaints by financial product type:

The CFPB has received 30,600 credit card complaints. The analysis of credit card complaints received by type:

Credit Card Complaint Type	%
Billing Disputes	15%
Annual Percentage Rate (APR) or interest rate	10%
Identity Theft, Fraud, Embezzlement	8%
Credit Reporting	7%
Closing, Cancel Account	6%
Other	6%
Collection Practices	5%
Late Fee	4%
Credit Card Protection, Debt Protection	4%
Collection Debt Dispute	4%
Total: top 10 credit card complaint types	69%

Of the 30,600 credit card complaints received, the CFPB has forwarded 27,700 (84%) to financial institutions for review and response, and forwarded 10% to other regulatory agencies. 5% of credit card complaints are considered incomplete, and 1% are pending. Companies have already responded to 24,800 (96%) of the complaints forwarded. The CFPB also reported:

"Since December 2011, companies have also had the option of reporting the amount of monetary relief, if any. The median amount of relief reported was approximately $125 with $25 being the most common amount of relief for the approximately 5,300 credit card complaints where companies reported relief. Consumers have disputed approximately 4,200 company responses (18%) to credit card complaints."

The types of mortgage complaints received by the CFPB:

The types of bank account and service complaints received by the CFPB:

The types of student loan complaints received by the CFPB:

The types of consumer loan complaints received by the CFPB:

The types of credit reporting complaints received by the CFPB:

Also, BusinessWeek summed it up quite nicely the impacts of the CFPB Consumer Complaints Database upon responses by financial companies:

"Response times have sped up by 3& percent since the database came online... Steven Ramirez, CEO of data-mining consultancy Beyond the Arc, says his financial industry clients are asking him to find patterns in the CFPB data that show where they’re lagging."

Transparency and information are critical to a healthy, functioning marketplace. It helps everyone: both consumers and financial companies. It helpfs financial institutions improve their customer service, which can lower their costs by reducing account turnover and by retaining customers they'd otherwise lose.

With more information, consumers can make better informed decisions about the products and services they purchase. I like that there is now another option for consumers, besides filing a lawsuit or doing nothing. Consumers can now log complaints which the CFPB forwards to banks and financial institutions for review and resolution.

No business is ever too big to avoid responding to customer complaints. To use a sports analogy: while the playing field is still far from being level, the CFPB Consumer Complaints Database removes a lot of the tilt in the field.

Thanks to the CFPB and its staff for all of their excellent, hard work. Learn more about the CFPB Consumer Complaints Database.

Survey: Consumer Usage And Perceptions About Mobile Banking

Late last month, the Federal Reserve Board (FRB) released the results of its latest survey of mobile usage by consumers for online banking. Key findings:

• 87% of the U.S. adult population has mobile phones
• 52% of mobile phones are smartphones (Internet-enabled)
• 87% of smartphone users accessed their devices to access the Internet during the past week
• 28% of all mobile phone owners used their devices for mobile banking during the past 12 months, up from 21% in December 2011
• 48% of smartphone owners used their devices for mobile banking during the past 12 months, up from 42% in December 2011
• 10% of mobile phone users who don't perform mobile banking expect to do so within the next 12 months

The specific mobile banking tasks consumers said they perform:

• 87% check account balances
• 53% transferr money between accounts
• 21% deposit checks
• 24% of smartphone users made mobile payments during the past 12 months,
• 42% made an online bill payment, down from 47% in 2011
• 6% of smartphone users made a retail point-of-sale payment during the past 12 months, up from 1% in December 2011. 22% want to use their mobile devices for retail purchases

Perceptions about the technology:

• 54% of mobile phone users said the primary reason they do not use their device for mobile banking is that their banking needs were already being met without the use of mobile banking. This is down from 58% in 2011
• 38% said concerns about the security were the primary reason for not us mobile banking. This is down from 42% in 2011
• 49% said security was the second most common reason given for not using mobile banking. This is up from 48% in 2011
• More than a third of mobile phone users who do not use mobile payments don’t see any benefit
  from doing so, and find it easier to pay with another methods (e.g., cash, credit, debit, prepaid)

Other tasks respondents said they use their smartphones for:

• 42% comparison shop while in retail stores
• 32% scan a product’s barcode to find the best price for the item
• 64% percent of those who comparison shop have changed where they purchased the product based on the information found
• 44% browse product reviews or get product information while shopping at a retail store
• 70% of those who browse product reviews have changed the item purchased based on the information found
• 64% of mobile banking users checked their account balance before making a large purchase
  in the past 12 months. About half of them did not purchase an item as a result of their account balance or credit limit

Who uses mobile phones:

• 10% are unbanked (neither they nor their spouse have a checking, savings, or money market account)
• 10% are underbanked (have a bank account, but also use a payroll card, payday lender, check cashier, or auto title loan)
• 59% of the unbanked have access to a mobile phone, half of which are smartphones
• 90% of the underbanked have access to a mobile phone, 56% of which are smartphones
• 49% of the underbanked said they used mobile banking during the past 12 months

The terms "unbanked" and "underbanked" are labels used within the banking industry. The FRB defines mobile banking as using a mobile phone to access a bank account, credit card account, or other financial bank account. So, mobile banking includes using the mobile phone's web browse, text messaging, or application features.

The reasons unbanked consumers gave for why they don't have a checking, savings, or money market account:

How consumers said they use the money from payday loans:

The reasons consumers said for why they don't use mobile banking services:

The reasons consumers said for why they don't use mobile payments:

Consumers' perceptions of the security of mobile phones and mobile banking:

Regarding mobile payments, the report found:

"Despite the increasing availability of phones equipped with near field communication (NFC) chips for use with NFC-based payment services, retailers and consumers appear to be trending toward adoption of non-NFC-based payment services. Indeed, consumers making mobile payments were nearly twice as likely to have used a mobile app or barcode to make their payment as to have made a payment by waving or tapping their phone."

How consumers with checking, savings, or money market accounts do their banking:

• 85% of banked consumers said they had visited a branch and spoke with a teller in the past 12 months
• 74% said they used an ATM machine
• 74% said they used online banking
• 34% said they used telephone banking
• 29% said they used mobile banking

The report's authors concluded:

"The two factors limiting consumer adoption of mobile banking and payments are concerns about the security of the technology and a sense that they don’t offer any real benefits to the user over existing methods for banking or making payments. With regards to security, consumers have actually become more likely in the past year to report that they simply don’t know how safe it is to use mobile banking, suggesting that consumers need to be provided with reliable and accurate information on the level of security associated with the various means of accessing mobile banking. In terms of the value proposition to consumers, the significant number of mobile users who reported an interest in using their phones to receive discounts, coupons, and promotions or to track rewards and loyalty points suggests that tying these services to a mobile payment service would increase the attractiveness of mobile phones as a means of payment."

The FRB's Consumer Research Section sponsored the survey and developed the report. GfK (formerly Knowledge Networks), an online consumer research firm. administered the survey from November 16 to 27, 2012. Nearly 2,600 respondents ages 18 or older completed the survey. The FRB conducted its first mobile survey in December, 2011.

Download the FBR "March 2013 - Survey of Consumers' Use of Mobile Financial Services" report (Adobe PDF, 941 kbytes).

CBC Interactive Map Of Foreign Travel Advisories

I like to travel to different countries. So do many people. If you plan to travel to other countries, then you might find this resource helpful to avoid getting mugged, your identity information stolen, or worse during foreign travel.

The Canadian Broadcasting Corporation (CBC), based upon data from the Canada's Department of Foreign Affairs, produced an interactive map of travel advisories for consumers. The map highlights places to avoid and places to take extra security precautions.

In the United States, the Bureau of Consular Affairs within the State Department provides similar information with alerts and warnings for foreign travel.

9 Things Consumers Should Do About A Lost Or Stolen Tablet

Forbes recently published a fairly good article listing nine things consumers should do before and while travel to avoid having their tablet computer lost or stolen. Perhaps, you've already lost a tablet while rush during business travel. Maybe you left it in a taxi-cab or on an airplane.

hile the article was written with a focus for information technology professionals, the list of items includes good good security habits for consumers (or employees) who use a company-provided tablet or who use their personal tablet for business:

1. Password lock your tablet, especially when traveling
2. Use identification tags or stickers to make it easy for people, who find and want to return the tablet, to contact you (or your company)
3. When traveling, don't pack all of your gadgets iin one bag

Follow the link above to read the entire list. These tips help ensure that after a table loss or theft, a person can't use the tablet and access any sensitive information on it.

I consider the article "fairly good" because it unnecessarily focused on a single brand of tablet computers, when it easily could have been written more broadly to be relevant to all tablet users. The list of tips are not specific to any specific tablet brand.

5 Ways Retail Stores Spy On Their Shoppers

If you haven't read it, there is a good article at Consumer Reports which lists the ways retail stores spy on consumers while shopping. Not the online stores but the physical, brick-and-mortar store locations. Some of the ways stores spy on shoppers:

1. Spy cameras: armed with facial recognition software, these cameras record and track both your movements in the store, the items you look at, and for how long. Some stores use mannequins that contain spy cameras, to distribute cameras thought store areas. Stores often merge these recordings with data from your purchases: amount, payment method (e.g., cash, credit, debit), store sections (e.g., clothing, shoes, housewares, etc.), and items browsed (e.g., pants, dresses, cookware, etc.). Outside cameras record your auto data (e.g., license number, make, model) which is also merged with interior recordings.
2. Smart phone tracking: retailers record the geo-location data from your phone to map/track which departments you visit, in what order, and how long you stay in each department.
3. Interactive digital ads: many contain tiny cameras to record the shoppers that view the ads.
4. RFID technology: merchandise with radio frequency identification tags (RFID) can trigger nearby interactive digital ads, to then serve up targeted, personal ads based on the specific merchandise you are carrying
5. Product returns: many stores demand photo identification to process product returns. Stores claim that the reasons for this are to prevent fraud, but the data collection includes shoppers who do not commit fraud.

What is worse is that the stores do no disclose any warning to shoppers or parents, except that most states require stores to post product return policies visibly in stores.

What's your opinion of the tracking/spying?

The Top 5 Places You Should Never Use Your Smart Phone

Social Times recently listed the top five places consumers should not use their smart phone. The top two places:

1. Business meetings with clients
2. In-person job interviews

Gee, you'd think that people would know better. Places I would add to the list: 6) in school, especially during an exam; 7) during wakes and funeral services; and 8) your doctor's office (especially when they post signs telling patients to turn off their mobile devices). There's just too much sensitive equipment nearby.

Follow the above link to read the entire list. What places do you believe consumers should turn off their mobile devices?

Data Breach At Schnucks Supermarkets Affects Customers And Their Banks

St. Louis-based KSDK television reported a data breach at Schuncks supermarkets. The supermarket chain isn't yet sure exactly where (e.g., which stores) and how the breach occurred (e.g., in the store or with a debit/credit card processor). The breach occurred about a week ago.

Schnucks operates stores in Missouri, Illinos, Iowa, and Indiana. Customers have already seen unauthorized charges on their debit/credit cards. A representative from Montgomery Bank reported that about 600 of their accountholders have already filed fraud claims. Some customers wonder why the store has not posted alerts in its stores, so shoppers can use cash instead:

“They’re just letting people use their cards and not saying anything.”

Reportedly, the retailer has hired a forensics technology firm to assist it with a breach investigation. It sounds to me like the company' was caught unprepared and its post-breach response needs improvement. Customers need to be notified prompty to take appropriate action to avoid or minimize identity theft and fraud.

Facebook Becomes More Annoying

This morning, I decided to clean out my personal Facebook email folder. I use Facebook.com for two reasons: 1) connect with friends, family, and former co-workers; and 2) a business page for this blog to connect with readers. The Facebook mail I deleted was for #1.

If you use Facebook.com, it is important to manage your email inbox, since you probably have received Facebook email from both people you are connected to and business pages you have "liked." I found the process to delete old Facebook emails both time-consuming and difficult. Unlike traditional email software, the Facebook email interface forces members to delete one conversation at a time:

So, what should have taken at most 2 minutes, took almost 20 minutes. After deleting old conversations in my Facebook inbox, then I had to switch to the Facebook archive folder and repeat the deletion process:

I find this user interface unnecessarily difficult and time consuming. (Deleting Facebook email is even more tedious and time consuming if you delete items one message at a time. Who would choose that form of self torture?) Perhaps, making it difficult for you to delete your information is a key part of Facebook's "Big Data" strategy to retain as much of its members' content for as long as possible. Facebook frequently hides tasks in unlabeled drop-down menus, and/or in multiple locations you wouldn't expect.

Combine this with the new ads that appear directly in your Facebook News Feed (e.g., Facebook calls them "Suggested Pages," but an ad is an ad by any name -- and some users report this as spam!), and the service has become much more annoying. And, it seems that Facebook plans to deliver more ads in members' News Feeds in the future.

Of course, the folks at Facebook would love for you to use only Facebook email, and stop using traditional email. Last year, without asking Facebook switched the default email addresses in its members' profiles from your traditional email address to your new Facebook email address. Check your Facebook profile. I'll be you didn't notice that.

I switched back the default email address in my Facebook profile, since I still use traditional email. It is important to me to not use any single company's service for all of my online activities. To do that would be for me to give up my power as a consumer. No walled gardens for me. That's why I also use DuckDuckGo -- to escape from being trapped in the search engine filter bubble.

If you use Facebook email, what are your opinions of it? Share below.

Payment Processors: A New I've Been Mugged Topic

When consumers purchase a product or service with some form of plastic (e.g., credit cards, debit cards, prepaid cards) and their mobile device, usually several companies are involved in completing that transaction: getting the money to the retailer (online or brick-and-mortar). While many consumers may believe that only their bank is involved in processing the transaction, the reality is that more companies are often involved.

One type of company involved are payment processors, companies that process these financial transactions. Sometimes these payment processor companies experience data breaches where sensitive customer information is lost or stolen. With recent events in the banking industry, and the spread of prepaid debit cards, this new topic can help you more easily read about and understand what is happening within the banking and retail industries.

I have tagged this new topic retroactively to archived blog posts, so you read and understand the types of information available. See the new "Payment Processors" topic. I hope that you find it useful.

Google To Terminate Google Reader On July 1, 2013. How To Find A Replacement

On Wednesday of this week, Google announced that it will terminate Google Reader, a Cloud-based RSS feed reader application, on July 1, 2013. Google Reader stated in 2005.

For many consumers including readers of this blog, RSS feed readers are an efficient way to consume news content. Readers of this blog have several options. All blog posts are announced in an RSS feed. Plus, every post in this blog includes an RSS feed with comments by readers. This makes it easy to monitor replies to a comment you submitted.

If you are looking for RSS feed reader software alternatives, there are several. Some resources to help you find a replacement:

• Check Out These Google Reader Alternatives (Mashable)
• Four Alternatives To Google Reader (USA Today)
• Google Reader Is Shutting Down. Here Are The Best Alternatives (LifeHacker)
• 8 Google Reader Alternatives That Will Ease Your RSS Pain (Gizmodo UK)
• Many web browsers, including Firefox, have RSS feed reader features and add-on's
• Digg Will Build An RSS Reader

What replacement RSS feed reader did you choose?

The Companies Involved In Payment Transactions When Consumers Buy Items

When consumers pay for products and services, today they have a wide variety of options. To make these options work, a variety of companies are involved behind the scenes in the payment transactions: the companies money and information flow through after a consumer purchases something at the checkout register. Consumers may not realize the wide variety of different companies involved.

Companies involved in the payment transactions flow often have their onw privacy policy, and data collection of consumers' sensitive information -- driven by their agreement with the retailer or bank. And, each company involved may experience data breaches where consumers' sensitive information is exposed or stolen:

	Payment Method
Company Type	Cash	Credit Card	Debit Card	Retailer's Prepaid Card (1)	Bank Prepaid Card (2)	Prepaid Card: FSA (3)	Smart Phone
Brick-&-mortar retail store	No	Yes	Yes	Yes	Yes	Yes	Yes
Online retail website	n/a	Yes	Yes	Yes	Yes	Yes	n/a
Retailer's partners &/or affiliates (4)	n/a	Yes	Yes	Yes	Yes	Yes	Yes
Your bank	n/a	Yes	Yes	n/a	Yes	Yes	Yes
Retailer's bank	n/a	Yes	Yes	Yes	Yes	Yes	Yes
Payments Processor (5)	No	Yes	Yes	Yes	Yes (6)	Yes	Yes
Your Employer	n/a	n/a	n/a	n/a	Yes	Yes	Yes
Healthcare Vendor (7)	n/a	n/a	n/a	n/a	No	Yes	n/a
Wireless Provider	n/a	n/a	n/a	n/a	n/a	n/a	Yes
Mobile Device Manufacturer	n/a	n/a	n/a	n/a	n/a	n/a	Yes
Mobile Device Operating System Developer (8)	n/a	n/a	n/a	n/a	n/a	n/a	Yes
Mobile App Developer (8)	n/a	n/a	n/a	n/a	n/a	n/a	Yes
App Store	n/a	n/a	n/a	n/a	n/a	n/a	Yes

Footnotes:

1. Includes gift cards offered by retailers that are good only at that retailer's stores.
2. Includes general-purpose prepaid cards usually offered by banks
3. Includes prepaid cards used by employers to adminster healthcare Flexible Spending Accounts
4. Includes outsourced vendors that administer a retailer's email marketing programs, cloud-based storage services, customer relationship management databases, mobile marketing services, product fulfillment, and/or data mining services; plus companies that perform co-marketing campaigns
5. The bank and/or company that processes the debit/credit card transactions
6. Applies to employers that pay employees via a payroll debit cards
7. Some employers outsource the administration of their healthcare Flexible Spending Account (FSA) program to an external vendor, and issue participating employees a special prepaid card
8. The company that develops and maintains this software mobile devices

What do you think about the above chart?

The State Of Texas Made $2.1 Million In 2012 Selling Drivers Personal Information

The CBS television network affiliate in the Dallas/Ft. Worth area reported that the State of Texas made $2.1 million in 2012 by selling the personal information of Texas drivers. Who buys this information collected by the Texas Department of Motor Vehicles:

"CBS 11’s I-Team Investigator Mireya Villarreal discovered nearly 2,500 agencies or businesses purchased the DMV’s data in some form last year. On this list there are towing companies, collection agencies, insurance companies, hospitals, banks, schools, city governments, and even private investigators."

The Driver Privacy Protection Act (DPPA) limits who can buy this information and what they can do with it. The report also highlighted the situation that Texas drivers cannot opt out of these sales.

CBS 11 provided a spreadsheet file which listed the companies that purchased information about Texas drivers. I spent some time reviewing the spreadsheet file and found:

• What happens in Texas doesn't stay in Texas. Companies from 30 different states purchased the information about Texas drivers
• Information about Texas drivers is popular. About 2,450 companies purchased information from at least 12 different business types
• Expected the unexpected. Businesses that purchased driver data included some you'd expect (e.g., auto dealers, banks, finance companies, title services), but also some you might not expect. The list of business types included auto actions, auto dealers, banks/credit unions, city agencies, collection agencies, finance companies, private investigators, salvage yards, title services, universities and colleges, and wrecker services
• Other who? The "Other" business type seemed to include some interesting organization names from the legal, oil, healthcare, software, and telecommunications industries; plus federal government agencies and some high schools.

The report did not mention the number records each company purchased, the total number of records purchased, or who the largest purchasers were. Knowing this would have enabled a deeper analysis. Then, you could compute an implied value to an average Texas driver's record.

The best comparison I can make is that the State of Florida made about $63 million in 2010 by selling drivers information, with an average value per record of about $ .01. This makes one wonder if Texas government officials did a poor job of selling driver information, or Florida government officials did an exceptional job.

While I didn't see in the Texas list of purchasers the high-profile names of data brokers from the Florida sales, I assume that intermediaries were used.

After reading the Texas DMV webpage about the DPPA, I felt that this page could do a far better job of informing consumers what is really happening. Other states say little in their websites about the money they make from DPPA sales.

What do you think of your state making money by selling your personal information?

Chicago Transit Authority Riders To Use New Ventra Card Starting This Summer

Last month, the CBS television network affiliate in Chicago reported about a new fare card to be offered this summer in Chicago by the local public transit authority. The news report stated:

"... one of the companies behind the new card gets an F rating from the Better Business Bureau... It will be offered by Money Network, which is owned by First Data. Money Network currently has an F rating with the BBB."

Reportedly, the "F" rating was based on complaints by consumers since 2010. Chicago officials said that the new Ventra fare system will save the Chicago Transit Authority (CTA) about $50 million during its 12-year contract with Money Network.

The new Ventra fare card will be available for Chicago consumers during the summer of 2013. Consumers will have the option to use the Ventra card to pay for CTA fares, or to opt in and also use it as a prepaid debit card to pay for purchases at local retail stores. By 2014, the CTA will migrate fully from the current Chicago Card and Chicago Card Plus payment methods to the new Ventra system. In the future, consumers will also be able to pay using their smart phones.

I visited the Ventra Chicago website to learn more. The website provides some information about this new fare and prepaid card:

"Cards are issued by MetaBank™, Member FDIC, pursuant to license by MasterCard International Incorporated. MasterCard and the MasterCard Brand Mark are registered trademarks of MasterCard International Incorporated."

This means that both the CTA and its riders will be doing business with MetaBank. Consumers that activate the prepaid debit option on their Ventra card will definitely want to know what bank is used, especially if there are problems or need help. (What could go wrong with a prepaid card? Read parts 1 and 2 about a consumer's experience with a healthcare prepaid card.) Since Money Network is a Ventra vendor, it means that Money Network (e.g., First Data Corp.) will likely perform the payment transaction processing.

You never heard of MetaBank? There is a pretty useful summary of MetaBank at the GetDebit website:

After reading the Ventra Chicago website, I also expected to find the full terms and conditions (e.g., contract) that applies when consumers opt-in to use the prepaid debit option with their Ventra Chicago card. In my experience, details matter with any prepaid card. Often, prepaid cards contain minimums, limits, and/or several fees (e.g., to load money onto the prepaid card, or make cash withdrawals at certain bank ATM network machines). Additional fees may apply if you use the prepaid card at a different ATM network.

In January, this blog reviewed the new AAA card. Like the coming Ventra Chicago card, AAA members can use their new AAA card as an identification card for towing services and discounts, or opt in and activate the prepaid debit option to use the card to make purchases at retail stores. The new AAA prepaid card has a $25.00 minimum to load money onto it, and a maximum monthly limit of $2,500 (or a $10,000 max with direct deposit). With the new AAA prepaid card, each month only the first ATM cash withdrawal is free, and all other ATM withdrawals cost $2.00 each. And, you have to use it at American Express network ATM machines.

I wanted to see if there were similar conditions with the new Ventra Chicago card, but the website didn't say. This is the type of information informed consumers look for, since there are legal differences and rights consumers have with prepaid cards compared to both credit- and debit cards. Informed consumers want to know their rights and specific rules, especially about replacing the funds on lost/stolen Ventra cards. Hopefully, CTA officials will update the Ventra Chicago website soon with the appropriate detailed information, so Chicago-area consumers can make informed choices.

I visited the BBB website to see if its rating of Money Network had changed since last month. It had and is now rated B+:

You don't need to be a rock scientist to see that the Ventra Chicago business model is one that can be replicated with public transit systems in other cities across the country. As each system makes decisions about the payment methods they will use, transparency is critical. It is important for transit systems to provide consumers with as much choice, freedom, and privacy as possible with payment options, while minimizing fees and surcharges.

What else is going on here? As I see it, several things. First, banks are trying to capture more customers by targeting both consumers who don't have a bank account (called the "unbanked" in industry jargon), and consumers have a single bank account (e.g., checking or a savings but not both are called the "underbanked) with prepaid card pitches. Second, banking industry research has found that consumers who have used debit cards and were burned with multiple overdraft fees, now view prepaid cards as a way to avoid high overdraft fees. So, banks have targeted these consumers, too, with prepaid card pitches directly or through intermediaries (e.g., government, employers). These consumers often don't realize the limits, minimums, fees, and surcharges that often are included with prepaid cards.

Third, given current technologies it is fairly easy to make plastic identification cards perform the traditional functions plus act as a prepaid debit card. That's why you now see prepaid cards to receive government benefits, and with employer healthcare FSA programs. Fourth, it is no secret that banks perform huge data collection of consumers' purchases with all types of plastic in your wallet or purse: debit cards, credit cards, and prepaid cards. Banks analyze and sell your purchases with other businesses including data brokers. So, if you want privacy, keep using cash.

My advice to consumers is this: anytime a bank or company serves up a strong "convenience" pitch with a prepaid debit card, take the time to read closely the contractl details (e.g., often called the Terms and Conditions), the schedule of fees, and the privacy policy. Those documents will indicate what protections and rights you have (or don't have), and the costs. And, there are five things you should know about prepaid cards.

What is your opinion of Ventra Chicago? Of MetaBank? Of Money Network?

The Mugshot Industry. Accurate Information That Is Beneficial For Consumers?

Thursday night, ABC Nightline reported about problems consumers encountered with the mugshot industry -- websites that publish online photos of citizens arrested by law enforcement. While there have been very public, high-profile cases of celebrities' mugshots, the reality is that many consumers have been affected.

You've never heard of the mugshot industry? Neither had I until this Nightline report:

"Here's how it works, the sites legally download the latest mug shots from police web sites [that] published the faces of alleged lawbreakers on the Internet. And then often charge the accused of -- sometimes hundreds of dollars to pull all the photos..."

That's right. The sites charge consumers a fee, sometimes called a "take-down fee," to remove their mugshot photos. There are several problems with this. First, after paying one website to remove their mugshot photo, many consumers find that their mugshot photos re-appear on another website. Second, many sites don't consistently remove mugshot photos of consumers wrongfully arrested or found innocent by a court:

"... Sofia on Roddy says that was not her experience dealing with other companies she says she explained over and over again how she was the victim. And how the photos were preventing her from obtaining employment. And she provided these court document showing that prosecutors cleared her case. This was a wrongful arrests. And the case was dismissed by the state attorney's office. But her picture remains published..."

That does not sound good at all. According to ABC Nightline, there are 60 such mugshot websites. I searched online and easily found several within five minutes:

• Tampa Bay Mugshots (Florida)
• Busted! Mugshots
• Sarasota Mugshots (Florida)
• Springfield Mugshots (Missouri)
• Just Mugshots
• Shasta Mugshots (California)
• Gwinnett County Mugshots (Georgia)
• Mugshots Ocala (Florida)
• Mugshots Atlanta (Georgia)
• Go Upstate Mugshots (South Carolina)
• Cincy Mugshots (Ohio)
• Mugshots Gainsville (Florida)
• Who's Arrested

Some sites focus on a specific city or country, while others include several states and/or geographic areas. I am sure that some sites operate responsibly. Some are operated by newspapers. Why is this industry growing quickly? The ABC Nightline report interviewed one mugshot website operator, who admitted:

"Think of how many people have been arrested. Now put a small service fee on data -- of people and you can see why the industry is sort of taken off..."

Some consumers are fighting back. First, there is at least one blog about the mugshot industry. Increasing awareness among consumers is always good.

Second, in Florida legislators introduced a new bill (HB 677) to require mugshot website operators to automatically take down photos when consumers are found not guilty, or the charges were later dropped. That seems to be a very appropriate common-sense law.

Third, there is a class-action lawsuit in Ohio against several mugshot websites. According to Findlaw, the lawsuit claims:

"... these mugshot websites violate a person's right to publicity... to control how their own names and likenesses are used in the public domain, similar to how someone would own a copyright or patent... these mugshot websites may not publish such photos for the sole purpose of profiting off them, the lawsuit claims. The suit asserts that the websites' primary purpose for publishing these mugshot photos is so that those charged with a crime will pay money to remove their pictures."

The credit reporting industry is catching some most-deserved criticism about high error rates in credit reports. Plus, a couple federal laws govern and dictate a consistent process for consumers to report and challenge errors in credit reports. Accuracy seems important for the mugshot industry. HB 677 is a good start, but that is only one state. Issues with the mugshot industry are likely to continue until consumers pressure their elected officials for improved laws that better balance the privacy rights of consumers with the publishing rights of mugshot websites.

Watch the ABC News/Nightline report. And, learn more about the class-action lawsuit in Ohio.

What do you think of the mugshot industry? If you have been affected by, or paid a take-down fee to a mugshot website, what was your experience?

Disney Cruise Ship Child Care Staff Lose Young Child. Frantic Search Ensues

At his blog, Brent Csutoras shared a frightening story about how his child was lost during a Disney cruise while under the supervision of daycare staff. Brent wrote:

"In January, we decided to take our two children on a Disney Wonder cruise... While on board, we left our 3 year old son, in their child care facility, the Oceaneer Club (for children aged 3 to 12). We were happy to see they had a wrist band tracking system, which could identify where a child was on the ship at any time and alert staff if the band went outside the area he was supposed to be in. So you can imagine our fear, shock, outrage and panic when we came back after an evening with friends, to find our child missing from their child care facility."

And, what happened with that high-tech wristband tracking? It's similar technology to what Disney plans to use in its land-based theme parks. It failed to work:

"... the next step was to check the tracking band system, which would pinpoint my son’s location. We walked over to the computer and as they pulled it up, everyone got very quiet. The screen showed my son’s band as ‘UNREADABLE’!!!."

After searching frantically for about 45 minutes, Brent's child was found sleeping under a "tunnel of chairs" in the child care center.

This story is horrendous. I am a parent, plus my wife and I have sailed on about 19 cruises on several cruise lines: Carnival,Celebrity, Costa, Holland America, MSC, Norwegian, Princess, and Royal Caribbean. We've sailed the Caribbean (West, South, and East), the Hawaiian Islands, Bermuda, the Panama Canal, Alaska, and the Eastern Mediterranean. While we have not sailed yet on Disney, we are very familiar with the cruising vacation experience. I would classify Brent's experience on the Disney Wonder an epic customer-service failure:

• Clearly, the wristband technology, which should have worked, didn't and failed.
• Clearly, the lighting in the daycare space was insufficient
• Responsible cruise ship daycare staff should know where their children are, and not rely on wristbands to locate children. An on-board power failure could render that technology useless.
• While cruise ship staff emphasized that they had a process for lost/missing children, it was not apparent nor clearly explained to the parents.
• The ship seemed very reluctant to perform a public announcement. While they probably didn't want to alarm other passengers, the needs of a lost child outweigh that concern.

By law, cruise ships must perform safety drills before departing the embarkation port, or at sea soon after departure. This helps passengers what to do in case of an emergency.

Brent's story highlights the need for parents to apply the same level of importance to daycare services and safety, so they know what to do and where to go for their children during or after an emergency.

Disney's response, as Brent explained it, seems shortsighted and insufficient -- especially since the stranded Carnival Triumph cruise ship is fresh in many consumers' minds. After that mishap, some passengers have sued Carnival. Frankly, Disney's poor response to Brent and his family seems to risk losing future business:

"Considering I have two little boys, we would most certainly have booked other Disney vacations and cruises in the years to come. But this experience—the loss of my son, the poor response to the crisis aboard ship, and the uncaring, calculated corporate response afterward—has changed all that... Where is the Disney ‘magic’? For me, it’s been lost. Where is the customer service Disney is supposed to be known for? Nonexistent."

I suggest that Brent submit a cruise review to several cruising industry websites that consumers visit, such as Cruise Critic, Cruise411.com, and Cruise-Addicts.com. For parents who are considering a future cruise ship vacation with their children, I suggest that you:

1. Before booking a cruise, read the safety materials in the cruise lines' websites
2. After booking a cruise, read the safety materials in your cruise documents before your vacation. The cruise line or your travel agent will send these documents
3. After boarding the cruise ship, meet with the daycare staff and have them show a successful test of any wristband or other technology used to track young children
4. After boarding the cruise ship, review with daycare staff the safety procedures involving lost/missing young children before you drop them off at daycare, so you know what the process is and what to do during or after an emergency

In 2003, my wife and I sailed with our children, who were teenagers at that time. Before leaving on vacation, we reviewed with them the ship's safety rules, which we expected them to comply with 100%. Although rare, some adults have fallen overboard during cruises. A young woman wrote fake bomb-threat notes to divert a cruise ship so she could return home sooner to her boyfriend.

For cruise ship vacation, I think that this is a good rule of thumb: act and plan accordingly, because the knuckleheads you encounter on land you may also encounter at sea.

Asurion Expands Service Offering With Malware Protection For Smart Phones

Asurion, a provider of mobile device insurance services, announced yesterday that it will provide Walmart MobileCarePlus customers with free Asurion Mobile Security software. The Asurion security software is available in the respective app stores for Android and Blackberry smart phone users. According to the announcement:

"The Asurion Mobile Security solution regularly scans messages, pictures, installed applications and files on a customer's phone to identify and eliminate the latest viruses and malware, many of which can access private information and harm the mobile device itself. Safe browsing alerts users before visiting web sites which may compromise their phone's security and in the event a protected phone is misplaced, locate features can trigger an audible alarm, making recovery much easier... During the last two years, 48 percent of high school and college age students required a replacement device due to loss or damage."

For lost or stolen smart phones, the security service also includes a remote wipe feature to prevent thieves from accessing sensitive data and contacts on your smart phone.

This blog has warned mobile device users to add anti-malware software to their devices. Security software is available from a variety of vendors. If you are considering insurance for your mobile device, then read this first to help decide what's best for you.

The Words Organizations Use In Their Data Breach Notices

What words do organizations use frequently in breach notification letters and announcements? To better understand this, I used the Wordle tool to create word clouds from several actual, high-profile breach notifications during the past six months. The tool gives more prominence to words that appear more frequently.

Some breach notices were blog posts, some were press releases, some were web pages in a small website specifically about that data breach, and others were letters shared with state agencies, as required by law in some states. I wanted to see what words were frequently used and any variations.

A word cloud from the February 2013 breach notice by Twitter:

 

A word cloud from the February 2013 breach notice by GE Capital Retail Bank (Adobe PDF):

A word cloud from the February 2013 breach notice by Walgreens drug stores (Adobe PDF):

A word cloud from the January 2013 breach announcement by the Experian credit reporting agency (Adobe PDF):

A word cloud from the January 2013 breach announcement by Zaxby's restaurants:

A word cloud from the November 2012 breach notice by Pinnacle Foods:

A word cloud from the November 2012 breach notice by Nationwide Insurance:

Clearly, there is a lot of variety. Some words (e.g., information, report, credit, security) appear frequently within and across breach notices. Some breach notices feature the company name prominently while others don't. While the words may vary, basic information about the breach is presented pretty consistently: organization name, relevant dates, the types of individuals affected (e.g., members, employees, students), and what that organization calls the notice.

A lot of this is mandated by state breach notification laws. Depending upon local laws, the notification may be sent to affected individuals, a public notice, or both.

The content that varies seems to be the amount of detail disclosed about he cause of the data breach, and the resources for breach victims. The resources vary based on the type of data stolen. For example, when consumers' Social Security numbers have been stolen. the notices frequently mention the major credit reporting agencies. This is what I have seen frequently in both breach notices I have received and others I have read.

An exception seems to be the GE notice which only mentions a single credit reporting agency. Sometimes, the resources to help breach victims are in a separate document or website page. So, this will affect the words used in the actual breach notice.

Sadly, the credit reporting agencies experience data breaches, too. Since they specialize in information about individuals, you might think that they don't experience data breaches, but they do. The FTC has studied the accuracy of credit reports, and many people feel that credit reporting agencies should do a lot more to fix the errors in their consumer credit reports.

What do you think of data breach notices? How many breach notices have you received?

Michaels Stores Provide Policies And Class Action Notice On Sales Receipts

My wife and many of her friends like to quilt. They regularly visit retail stores and quilt shops for quilting supplies. This past weekend, my wife visited a Michaels store in Massachusetts. After paying (with cash) for her purchases, she received the following sales receipt:

The sales receipt mentions the store's coupon, exchanges, and returns policies, plus a recent class action lawsuit. The Michaels sales receipt says:

"Dear Valued Customer:

Our coupon policy is to accept one coupon per customer per day. Certain exclusions apply. Please review the exclusion on the coupon and speak with the manager on duty for any questions you may have. Thank You.

To return or exchange an item, customer is required to present a valid photo ID that will be swiped/recorded at the time of the return or exchange for return authorization purposes only. Receipt required within 60 days for refund on most products. Alternate rules apply to books, magazines, and technology and custom products. Returns without receipt will receive Store Return Card. Refunded amount will be the lowest sales price of the item within the last 90 days. Return polices are available at Michaels.com and in store."

One coupon per customer per day? That sounds very stingy and customer unfriendly, as if the store really doesn't want to accept any coupons. And, why use the sales receipt to deliver policy information? This seems customer unfriendly. I've seen promotions and contest information on sales receipts, but not detailed policy information. Simply, print the complete information on regular 8.5 x 11 inch sized paper which is more legible; and insert in each customer's bag. Plus, some customers prefer or require large-print notices.

If you compare the returns/exchanges language on the sales receipt to the store's online Return Policy for US residents (there is a separate Return Policy for Canadian residents), you will find that the online policy has additional language. Customers should not assume that the sales receipt mentions the entire return policy.

More importantly, I want to know why Michaels' return/exchange policy requires the scanning and retention of consumers' identification documents (e.g., driver's licenses, state-issued ID's, passports, and military ID's) even when customers have a receipt. This seems customer unfriendly. When a store requires a document like a driver's license to process a return or exchange, the store collects everything on that document: your address, Driver ID number, height, weight, hair and eye color, and birth date.

Does Michaels really need all of this information (e.g., my weight, eye and hair color) to process a return with a valid receipt? This data collection is legal when performed for fraud prevention. There seems to be nothing stopping retailers from using the data collected for other purposes, such as data mining and marketing.

If a consumer has a receipt, that should be all that is necessary. I did some brief checking and at least one' competitor, Jo-Ann Fabric & Craft Stores, does not require IDs for in-store product returns. Smaller local and mom-and-pop fabric/crafts stores probably have more customer-friendly policies, too.

The sales receipt does not mention a privacy policy. It should, since Michaels does have a privacy policy online at its website, with specific additions for residents of California, Nevada, Vermont, and Canada. However, that online privacy policy does not seem to mention its data retention and sharing polices with ID information collected via returns or exchanges.

Given its return/exchange policy, I want to know how long Michaels retains ID information and what other companies (by name) it shares that ID information with -- items a privacy policy typically state. Without a statement in its privacy policy, a retailer can do anything with that data collected. This ID information is very sensitive data. Customers need to know how long a store retains this information and who it is shared with. Otherwise, consumers cannot make an informed choice.

The sales receipt also says (links enabled):

"Michaels Data Breach Class Action (for more information, please go to www.michaelsdatasettlement.com)

Michaels has settled a lawsuit that allowed certain of its customer suffered damages as a result of a data breach at selected Michaels stores between January 1, 2011 and May 12, 2011. Michaels denies all of the claims."

Unfortunately, that last sentence is vague. It refers to claims alleged in the lawsuit and not claims submitted by data breach victims seeking reimbursement for damages. In May 2011, Michaels stores warned customers in Illinois, New Jersey, California, and 15 other states about the data breach. Criminals had reportedly tampered with in-store PIN pads in checkout lines (e.g., skimming) to steal debit and credit card data. Reportedly, 90 PIN pads were initially affected, but the retail chain later replaced about 7,200 PIN pads. About 94,000 consumer accounts were affected.

Browse the list of Michaels stores (Adobe PDF) affected by the data breach. The list included several stores in Massachusetts in Braintree, Burlington, Danvers, Everett, and Hanover. Customers can also visit the Consumer Notices page at the Michaels.com.

Skimming is a worldwide identity theft and fraud problem. Besides supermarkets and retail stores, criminals target bank ATM machines, gas station pumps, and contact-less (e.g., RFID) payment methods. Several states, including California and Washington, have already banned RFID skimming. Stolen debit card and PIN data gives thieves direct access to consumers' checking bank accounts.

The sales receipt also says:

"You are included in the class if you shopped in this Michaels store or in other selected Michaels stores during that period and your Payment Card was swiped on a PIN Pad terminal from which credit or debit card information was stolen. A complete list of affected Michaels stores can be found at www.michaelsdatasettlement.com. Customers whose credit or debit card information was stolen may receive monetary payment for documented unreimbursed monetary damages and/or credit monitoring services. To request such relief, you must submit a claim postmarked by May 25, 2013.

Unless you exclude yourself from the class by March 5, 2013, you will give up the right to ever sue Michaels about the legal claims the settlement resolves. If you stay in the class, you may object to the settlement by March 5, 2013.

The Court will hold a hearing on April 4, 2013, to consider whether to approve the settlement and payment of attorneys' fees and expenses. You may ask to appear and speak at the hearing."

The settlement agreement includes a $600,000 payment by Michaels stores, which could increase to $800,000 depending upon the volume of claims and reimbursements. If the entire $600,000 is not used, then the remainder will be donated to the Starlight Childrens Foundation, which works with seriously ill children.

I'm glad that my wife paid with cash. I hope that she buys her quilting supplies elsewhere in the future, and doesn't have to return or exchange any of her purchases made at Michaels stores.

Report: It Takes Months For Organizations To Detect And Resolve Data Breaches

I started writing this blog after a data breach at a former employer exposed my sensitive personal information. The consequence was that I had to take action due to a former employer's sloppiness.

Given that history, a new report by the Ponemon Institute, and sponosred by Solera Networks, caught my attention. The report included results from a study of data breaches in organizations to understand the differences between malicious and non-malicious data breaches, plus any lessons learned from the post-breach and forensic investigations.

Typically, after a data breach organizations' IT departments investigate independently or with the assistance of an outsourced technology consultant, the data breach. That investigation includes the cause of the breach, the specific computer systems and/or networks compromised, the number and types of records accessed (e.g., current employees, prior employees, contractors, students, etc.), and the specific data elements (e.g., names, street addresses, bank account numbers, Social Security numbers, e-mail passwords, etc.) accessed and/or stolen. By understanding what happened, organizations, in theory, can better secure their computers and networks from future data breaches.

The Ponemon study used the following definitions for data breach types:

"... we define a non-malicious breach as a system error, employee negligence or third-party snafu and a malicious breach is defined as one involving the theft of information assets by a criminal insider or [external hacker]..."

I found the results fascinating for several reasons. In my personal experience, my former employer's breach included data tapes shipped via a third-party vendor which never arrived at the off-site storage facility. This affected my privacy along with that of both current and other former employees.

First, the global results from the Ponemon report:

• 54% of IT professional respondents said (e.g., Strongly Agree or Agree) that the severity of data breaches has increased during the past 24 months
• 52% of respondents said (e.g., Strongly Agree or Agree) that the frequency of data breaches has increased during the past 24 months
• Only 44% of respondents said that their organization has the tools, personnel, and funding to quickly detect data breaches
• Only 43% of respondents said that their organization has the tools, personnel, and funding to prevent data breaches
• While 63% of respondents said that understanding the root causes of data breaches has increased data security in their organization, but only 40% said they have the tools, personnel, and funding to determine the root causes of data breaches
• On average, it took organizations 49 days to detect non-malicious data breaches, and 80 days -- almost 3 months -- to detect malicious breaches. For resolution, it took 83 and 123 days, respectively.
• Only 39% of respondents that experienced a malicious breach said that they were confident (e.g., Very Confident and Confident) that their organization determined the root cause of the breach

This is not good. It takes a long time to detect breaches, if at all, and a long time to fix them. The most frequent types of data breaches experienced during the past 24 months:

• 47% - Employee or contractor negligence
• 32% - System error or malfunctions
• 24% - External attacks
• 23% - Third party mistakes or negligence
• 14% - Malicious insiders

Where the data breach occurred within the organization varies:

Breach Location	Malicious Breaches	Non-Malicious Breaches
Within business unit	15%	27%
During transit or transmission to a third-party location	6%	22%
Off-site	30%	20%
Off-site data center	12%	12%
On-site data center	9%	9%
Unable to determine	28%	9%

When the breach was discovered:

When Discovered	Malicious Breaches	Non-Malicious Breaches
Immediately	2%	20%
Within one week	19%	19%
Within one month	29%	28%
Within 3 months	24%	16%
Within 6 months	6%	4%
Within 1 year	4%	2%
Within 2 years	2%	1%
Unable to determine	15%	10%

So, an astounding 15% of the time organizations were never able to determine when malicious data breaches were detected. That's about one out of every six breaches. How malcious breaches were discovered:

• 28% - Forensic tools and methods
• 19% - Loss preventiona tool such as DLP
• 15% - Notification by law enforcement
• 10% - Automated monitoring
• 9% - Accidental discovery
• 6% - Audit or assessment
• 3% - Legal filing or complaint
• 3% - Manual monitoring
• 3% - Notification by partner or third-party
• 3% - Consumer or customer complaint
• 3% - Unsure
• 1% - Other

Second, some country-specific results:

• 41% of survey respondents from the USA said (e.g., Strongly Agree and Agree) that their organization were ready with the tools, personnel, and funding to prevent data breaches. The average across all countries was about 44%. Organizations in Japan (56%) and Singapore (58%) led the way with prevention readiness.
• 42% of survey respondents from the USA said that their organization were ready with the tools, personnel, and funding to quickly detect data breaches. The average across all countries was about 44%. Again, organizations in Japan (55%) and Singapore (57%) led the way with detection readiness.
• 33% of survey respondents from the USA said that their organization's leaders view data security as a top priority. The average across all countries was about 37%. Again, organizations in Japan (51%) and Singapore (50%) led the way with senior management leadership.

The study included a survey of 3,529 Information Technology professionals in eight countries. 54% of survey participants report directly to the chief information officer (CIO) in their organization. Participants were selected from organizations that had at least one data breach during the past 24 months. The survey included organizations from both the public and private sectors.

Survey respondents by country:

• 659 - USA
• 566 - Japan
• 445 - Brazil
• 431 - United Kingdom
• 423 - Canada
• 395 - Australia
• 309 - Singapore
• 301 - United Arab Emirates
• 3,529 - Total

Third, survey respondents by industry:

• 18% - Financial Services
• 11% - Federal and central government
• 7% - Services
• 7% - Retail, Internet
• 6% - Professional services
• 5% - Industrial products and chemicals
• 4% - State, province and local government
• 4% - Communications
• 4% - Consumer products
• 4% - Entertainment and media
• 4% - Hospitality
• 3% - Defense contractor
• 3% - Retail, conventional
• 3% - Technology and software
• 2% - Energy and utilities
• 2% - Education and research
• 2% - Healthcare and medical devices
• 2% - Pharmaceuticals and biotech
• 1% Transportation
• 1% - Other
• 100% - Total

What is a consumer to take from the results in this report? As I see it:

1. Data breaches will continue to happen. The bad guys also read reports like this, and determine where the soft or easy targets are.
2. There is an opportunity for companies and senior executives in the USA to do much better and take a leadership role. Will they?
3. Outsourcing matters, since about 48% of malicious breaches happened off-site or during transit/transmission with a third party contractor or partner
4. Despite what senior-level executives say in speeches and press releases about valuing data security, the survey suggests otherwise. Many organizations don't have the necessary tools, personnel, and funding.
5. Despite what senior-level executives say in breach notification letters after a data breach, they often don't know what happened and won't for a long while, if they ever do. Too many never determine when and what happened.
6. Informed consumers realize the reality is that you have to protect your sensitive personal data. Don't rely on a employer or former employer to do it.
7. All of this applies to mobile app developers, app stores, online retailers, and related Internet companies since the study included those industries, too.

Access the complete "Post Breach Boom" Ponemon report here.

Fraudsters Target Police Chief With Check Scam

Wicked Local warned consumers about a check scam that targeted the Police Chief at Hingham, Massachusetts. Like many other check scams, the a package arrived snail mail -- in this case, UPS. The package included a letter and bogus $3,000.00 check which appeared to be from a legitimate business. The letter includes instructions to wire money, about $250, to cover supposed taxes and fees.

Police Chief Michael Peraino was suspicious and called the business first to verify the check. The receptionist at the business verified that the check was a fake, as the business had already received many phone calls from consumers.

Fraudsters attempt check scams like this because they receive real money wired to them from each victim long before the victim realizes that the bogus check they deposited in their bank account has bounced. Each victim is out the $250 they wired, the amount of the bogus check, and any bounced-check fees from their bank.

Check scams like this are a reminder for consumers to verify first any check you receive from an unknown organization or person.The Identity Theft Resource Center (ITRC) advises consumers to follow these steps to verify a suspected scam:

1. Contact the company involved directly, using a customer service number you find in the phone book or that you have used in the past.
2. If you were solicited online, contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. Or, contact your local State Attorney General's office.
3. Contact the Federal Trade Commission via phone (877-FTC HELP) or e-mail
4. Avoid scams that appear to use expensive out-of-country telephone numbers. If you are unsure about a telephone number's location, look the number or Area Code using this free decoder.

If you are unsure who the attorney general is in the state where you live, then browse this list. Readers of this blog are familiar with a similar check scam that targeted Craig's List website users.