Previous month:
October 2009
Next month:
December 2009

14 posts from November 2009

Frontline: "The Card Game"

Prior posts in this blog have covered the excesses by banks with consumer credit cards. Frontline's "The Credit Card game" program debuted yesterday. I highly recommend this excellent program:

"As credit card companies face rising public anger, new regulation from Washington and staggering new rates of default and bankruptcy, FRONTLINE correspondent Lowell Bergman investigates the future of the massive consumer loan industry and its impact on a fragile national economy. In The Card Game, a follow-up to the Secret History of the Credit Card and a joint project with The New York Times, Bergman and the Times talk to industry insiders, lobbyists, politicians and consumer advocates as they square off over attempts to reform the way the industry has done business for decades."

If you want to learn about the ways banks have rigged the financial system against consumers, watch this program. In an interview during the program, Nessa Feddis, a lobbyist from the American Bankers Association, made some totally irritating comments.

Check your local PBS station for more broadcast times, or watch the Frontline program "The Card Game" online.

Health Net May Have Violated Consumer Notification Laws After Its Data Breach

From the Boston Examiner:

"On Friday Attorney General Terry Goddard called on Health Net, a Connecticut-based insurance company, to immediately notify its Arizona policyholders whose personal, medical and financial information was either lost or stolen in a data breach that occurred six months ago. He said further that his Office will open an investigation to determine whether a state law requiring prompt notification was violated. Health Net notified the Arizona Department of Insurance on Wednesday that a hard drive containing personal data on some 316,000 present and former Arizona policyholders has been missing since May from the company's headquarters in Shelton, Conn. The company has yet to contact the affected policyholders about the breach, however, saying it plans to send letters to them soon."

Soon? The company already waited six months after the breach to notify State of Connecticut officials. To learn more, read this prior blog post.

Woman Denied Credit When Credit Bureau Tells Her She Is Dead

This past weekend, KOMO News 4 television in Seattle reported:

"All Ann Howe wanted was lower mortgage payments. The last thing she expected was more stress. Months earlier, she'd discovered her husband of 55 years had died in his sleep. Then, she says, a lump in her forehead was misdiagnosed. It turned out to be cancer. Days after cancer surgery, doctors discovered Howe needed open heart surgery. She almost died. When she finally regained her strength, she applied for a mortgage refinance loan to reduce her payments and help her budget... Two of the credit reporting agencies showed her credit rating was close to 800. But her Experian report had a problem... Howe's Experian credit report had her listed as deceased. One of her creditors had reported her as dead."

You can watch a video clip of the KOMO report online. Howe's story highlights three two critical facts of life:

  1. Credit bureaus make mistakes and include errors on consumers' credit reports. They are reluctant to advertise this fact, since they make money selling consumers' credit reports to potential lenders, whether those reports are accurate or not.
  2. The three major credit bureaus routinely ship consumers' sensitive personal data across country borders worldwide. Often, the updating of records is performed by outsourcing vendors. To learn more, read this 4-part series.
  3. It is your responsibility to check the accuracy of your Equifax, Experian, and TransUnion credit reports. Nobody else is going to do it for you. Errors can result in denied credit or higher interest rates.

I have personal experience with this. In 2004, I applied for an American Express card and was denied because I was listed as deceased by the Experian credit bureau.

After reviewing my Experian credit report, I found an error where the credit bureau co-mingled my information with my father's information. We are both named George, this error should not have happened. I was able to correct the problem by providing the credit bureau with a certified copy of my father's death certificate and highlighted the facts that we have different birth dates and Social Security numbers.

So, errors in credit reports happen more frequently than you'd expect. For your free annual credit reports, visit the official Web site today.

Anybody Can Buy And Operate an ATM Machine

This is wrong on so many levels.

Apparently, anybody can buy and operate an ATM machine. It's easier than you think. And, we consumers need to get smarter about recognizing an ATM machine that criminals have tampered with. Watch this video about how a security expert bought an ATM machine on Craig's List:

What do I do? I never use a standalone ATM machine, like those you find in casinos and convenience stores. I always use one of my bank's ATM machines that is located in a secure facility.

If you want to learn more, read this blog post on Information Security Resources. More importantly, write to your elected representatives in Congress and demand consumer protections with ATM regulations.

Health Net Breach Exposes 1.5 Million Consumers' Medical Records

This week, the Hartford Courant newspaper reported that an external hard drive at Health Net:

"... with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut... The insurance company informed the state attorney general's office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported... The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey, and New York..."

The State of Connecticut's Insurance Commissioner has required Health Net to provide its breach victims with credit monitoring service. Reportedly, breach victims will receive two years of free credit monitoring via the Debix service. Debix has not responded yet to inquiries about its services for Health Net.

While I don't write about every data breach in this blog, I do cover breaches that have a huge implications. And this breach definitely qualifies. Why?

  • The sensitive PHI data exposed (e.g., lost, stolen, or both) really facilitates medical identity fraud
  • Two years of free credit monitoring service is a great start for breach victims, but fraudsters don't magically stop their criminal activities after two years
  • It is unforgivable that Health net waited 6 months before informing state officials and consumers
  • This breach highlights the problem with employees regularly storing large amounts of sensitive consumer information on laptop computers
  • A breach like this makes one wonder what training, if any, Health net mandates and provides for its employees
  • None of the company's communications so far discuss its investigation into the breach and if a vendor or contractor was involved
  • The Health Net site does not contain any press releases about the breach or about the insurance company's breach response and assistance for its breach victims
  • Standard breach responses include the formation of a breach site to answer breach victims' questions, and to report on a status of the investigation. If there is a breach site, it hasn't been disclosed.

When I read about a breach incident like this, I get the clear impression that the company really didn't want to disclsoe anything about its data breach, and wouldn't have disclosed anything if it wasn't required to by law. That is not the actions of a trustworthy company acting with integrity.

Online Personal Finance Web Sites: a "Perception of Security?"

Last year, I wrote a very popular blog post about and data security. It seems that others are also looking at the security offered by personal finance Web sites.

In a blog post titled, "How Mint and other Web startups make users feel safe," the reputable Javelin Strategy & research firm said this:

"Though many consumers inherently trust bank security, the reality is that some will be willing to experiment with such sites because they believe there’s an acceptable trade-off between risk and reward. To get a feel for how Web startups tell their security stories, I examined the sites for Mint, Wesabe, Geezeo and Rudder, which suffered an embarrassing security mishap in May. And it turns out there’s a basic formula that involves creating a perception of security, minimizing the use of personal data, deputizing the customer with financial alerts and disclosure. But most interesting of all to me: Two of the sites spin their biggest functional weakness into a security strength. That weakness is that users of such sites can only monitor their money..."

Javelin Strategy advises its corporate and banking clients about how to make money online. I found the phrase "perception of security" most interesting, and this comment too:

"The challenge for Web startups is to create a perception of security.... as much as consumers are anxious about security, they can get over that hurdle if the benefits of the personal finance management tools are strong enough."

What does this say about today's Internet users and consumers? What does this say about how companies view today's Internet users? It suggests that we are a group of gullible sheep. As a group, we seem to be willing to overlook real security lapses and engage in a gamble that identity theft and fraud won't happen to me. That's not how I choose to do my online banking. I demand the best security available.

When You Should Close A Credit Card Account

In the comments section of a prior post about large interest rate increases by banks and credit card issuers, Vikki, a reader asked:

"Doesn't closing your credit cards bring down your credit score? This is the only reason why I haven't closed my cards... just paying them off and not really using them."

Vikki asked a great question, which I want to answer more completely. We all have felt "mugged" by the recent large interest rate increases, credit limit decreases, or both -- especially when you have an excellent payment history. The temptation -- or reaction -- is strong: to close the credit card account. Regardless, you don't want to make a bad situation worse by closing a credit card account and later learn that it was a mistake.

To learn more about credit scores, I spent some time reading the Web site, which is run by the Fair Isaac Corporation, the same company that ownes the FICO score formula. At the Web site, you can learn about the factors your credit score includes and the factors your credit score excludes.

The site also has a page about whether closing a credit card account will negatively affect your credit score. A decision to close a credit card account should consider:

  • The outstanding balance amounts on your credit cards
  • How much of those balances you can pay off now
  • The interest rates on your credit cards
  • Your "utilization rate" -- how much of the total available credit you use with your credit cards
  • The annual fees on your credit cards
  • If you will need credit in the near future
  • If you have several credit cards, which credit card account you want to close

Your utilization rate is important. It is one of the factors used to calculate your credit score. A high utilization rate will negatively affect your credit score. For example: closing a credit card with a $5,000 limit means you would have $5,000 less in available credit. If you have two credit cards each with a $5,000 credit limit and you owe $2,500 on your second card, then your utilization rate went from 25 to 50 percent. That would negatively affect your credit score.

Only you know whether or not you will need credit in the near future. If you plan to buy a house or a car soon, then you will probably need credit unless you can pay with cash. If you close a credit card account and that results in a lower credit score, then it could cost you more money on your new loan.

The MyFICO site has data tables that show the impact of a lower credit score. For example, if your credit score dropped 15 points -- say from 770 to 755 -- it could result in a higher interest rate and monthly payments on a 36-month auto loan. You can view data tables with credit scores and corresponding interest rates and monthly payments for auto loans, mortgages, and home equity loans.

Over at the Red Tape Chronicles blog, Bob Sullivan summed up the problem facing consumers:

"No one can say precisely how much closing a credit card account will hurt your credit score -- too many other dynamic factors go into calculating the number. Fair Isaac, which owns the credit score formula, says the impact can range from zero points to dozens of points..."

If you decide to stop using a credit card instead of closing that credit card account, then your decision could have negative consequences. Some consumers have reported that their bank or credit card issuer (e.g., HSBC, Citibank, American Express) has closed unused credit card accounts, often without notice. That credit card account auto-closed by your bank could drive up your credit utilization rate and negatively affect your credit score. So, check the fine print in your card agreement before you stop using a credit card.

After reading the MyFICO Web site, I remembered some credit decisions I made about 12 years ago, At that time, I had five credit cards with a combined outstanding balance of $18,000. For me, I had too much credit card debt and it had become unmanageable. I didn't need more credit and didn't want any more credit. 12 years ago, the Internet then wasn't the robust research source it is today. I met with a credit counseling agency to get some sound advice. What worked for me: I closed three credit card accounts, negotiated a lower interest rate on one card, halved the credit limit on one card, stopped paying off old credit card balances with new cards, stopped using my credit cards for cash advances, and paid off the highest interest rate card first. I didn't consider the negative impact on my credit score. I was focused on the benefits of living debt free with less stress.

In time, I was able to pay off all of that credit card debt. Today I have zero credit card debt and a credit score above 790. I had it easier than many people since the interest rates on my credit cards were not as high as the outrageous 29.9% today on some credit cards. Today, I pay off my credit card bills in full and on time each month to avoid finance fees. The two credit cards I have are manageable. If either of these cards raise their annual fee in the future, I will switch to another low-annual-fee card and close the offending card account.

Basically, the decision to close a credit card account depends upon your situation. The closed credit card account would be a reduction in credit that could have a big impact on your credit score and on your finances. Make the decision that best benefits you.

How To Negotiate Your Medical Bills

This is new. From Smart Planet reported recently:

"Spiraling bills and a nasty recession have led to the launch of Medical Cost Advocate, a FREE service that aims to negotiate for you and cut your medical bills. Of course it’s not actually free. It’s only free if they fail to get your costs cut. If they do, they get their cut, just like a lawyer who sues the guy whose truck ran you over."

Disclaimer: I have not used the Medical Cost Advocate service, so I cannot speak to its effectiveness.

I performed several Internet searches and the lack of coverage about Medical Cost Advocate by the mainstream news media was startling. A few bloggers have reported about the service.

I briefly looked at the Medical Cost Advocate (MCA) Web site. Consumers have to sign up and submit their medical bills. Obviously, this make me ask who really is behind the Web site and how well they protect patients' sensitive personal information. The MCA site has an eTrust seal, which is a good first step.

The interview with MCA's CEO starts at about 1 minute and 10 seconds into the video:

If anyone has used Medical Cost Advocate, please share your experience below.

Advice For Consumers About Holiday Shopping With Layaway Plans

Since banks and credit card companies have made it difficult to get and to keep credit, many consumers have turned to layway plans as a method to do their holiday shopping. If this situation describes you, then you should know that the U.S. Federal Trade Commission (FTC) issued an alert to consumers about layaway plans so you don't get "mugged" by a shady store or online retailer:

"... it’s important to ask questions about the layaway plan and the refund policy when considering the layaway option. The alert, “Layaway: Another Way to Buy,” also tells consumers to: check out the business offering the plan; get the merchant’s layaway policy in writing; and keep good records of payments."

To check out a business or retailer, visit the Attorney General’s Web site for your state (, the local consumer protection agency in your state, or the Better Business Bureau in your state. These resources can tell you if other consumers have already filed complaints about the retailer you are considering shopping at -- online or their physical store.

If you shop using layaway plans and encounter a problem, we'd love to hear about it. You can describe your situation below in a comment.

Federal Data Breach Legislation Makes It Way Slowly Through Congress

These two Federal bills are worth watching. From Government Information Security:

"The Personal Data Privacy and Security Act, or S. 1490, designates as fraud unauthorized access of sensitive personally identifiable information, which would lead to racketeering charges. The measure, sponsored by Committee Chairman Patrick Leahy (at left), D.-Vt., also would prohibit concealment of security breaches involved in fraud and prohibit the dismissal of a Chapter 7 bankruptcy case if the debtor is an identity-theft victim."

The second bill:

"The Data Breach Notification Act, or S. 139, would require federal agencies and businesses engaged in interstate commerce to notify American residents whose personal information is accessed when a security breach occurs. An exception: if notification would hinder national security or a law enforcement investigation. S. 139, sponsored by Sen. Dianne Feinstein, D.-Calif., also would require notice to the Secret Service if records of more than 10,000 individuals are obtained or if the database breached has information on more than 1 million people, is owned by the federal government, or involves national security or law enforcement."

How To Check Your Insurance Company's Complaint Record

Everyone has horror stories about insurance companies, whether its auto insurance, health insurance, homeowners, or property insurance. There's a good article at that has documented the leading ways insurance companies "mug" or abuse their customers:

"... the top complaint had to do with claims payments -- claims-handling delays (19.1%), followed by denial of claims (17.9%) and unsatisfactory settlement offers (15.0%). You should be concerned if a company you're considering has a lot of complaints in these areas. The next category of complaints revolves around underwriting -- the insurer's process of accepting or rejecting applicants and setting rates. Premium and rating accounted for 4.8% of the complaints, and policy cancellation for 4.2%. The type of insurance policyholders had the most complaints about was accident and health insurance (37.7%), followed closely by auto insurance (33.7%). There were fewer complaints about homeowners insurance (12.71%) and life insurance and annuities (10.4%)."

Maybe you are looking for a new insurance company, or just curious about your current provider. To check an insurance company's complaint record, visit the Consumer Information Source Web site produced by the National Association of Insurance Commissioners (NAIC). Then:

"Type in the name of the company, the state where you live and the type of insurance. (Under "statement type" and "business type," click on "property/casualty" for home and auto insurance or "life, accident and health.") The site then provides the insurer's national complaint statistics. Focus on the complaint ratio, which shows the ratio of the company's U.S. market share of complaints to the company's U.S. market share of premiums for a specific policy type... If the national median complaint ratio is 1.00 and the ratio for the company you're considering is 2.00, for example, that should be a red flag. Also look at the complaint trend report to see whether the company's complaints have been increasing or decreasing over time. If the insurer's complaint ratio is high, check its record at your state insurance department and find out whether any enforcement actions have been taken against the insurer."

To find your state government's insurance department, browse this NAIC Web page with a map of insurance commissioners by state. Both links are great resources, whether you are happy with your current insurance company or looking for a new one.

ChoicePoint Settles With The FTC About Its Data Breaches and Security Lapses

I'd written previously about my less than consumer friendly experiences with ChoiceTrust, a service from ChoicePoint, Inc.. Recently, the U.S. Federal Trace Commission (FTC) announced a settlement by ChoicePoint, Inc. after the company's past data breaches and data security lapses:

"In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention. The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also alleged that ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information."

Gee, that's extremely poor management. First, the company fails to implement every security feature it had already established. Second, its actions violated a previous court order about data security. How arrogant can a company act?

ChoicePoint's settlement included actions to:

"... strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information... This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000."

Was this fine sufficiently large enough? In my opinion, no.

Will ChoicePoint do the right thing and maintain adequate protections for the consumer data it stores and sells? Will it comply with applicable Red Flag rules by the FTC in 2010? Time will tell. I'm not holding my breath.

I'd love to be able to pull my C.L.U.E. insurance reports and records from Choicetrust, but we consumers don't have that option. Due to ChoicePoint's cozy relationship with the government, the company enjoys a near-oligopoly status regarding C.L.U.E. insurance reports. This is a good example of a "free market" sham. Same for the credit-reporting agencies.

At some point, this crap has to end.

Banks Consider Large Annual Fees For Credit Cardholders Who Pay Off Balances

Do you have flawless credit? Do you pay off your credit card balances in full and on time every month? Watch out, you could get "mugged" by your bank.

CBS TV 2 in New York reports that Bank of America and Citigroup are considering annual fees of $29 to $99 per year for credit cardholders who pay off their balances every month in full and on time:

"Bank of America started notifying customers that they will be charged a new annual fee of $29 to $99... Bank of America said in a statement: "At this point we're testing the fee on a very small number of accounts and haven't made any final decisions." Citigroup is also trying out an annual fee with some card holders, and analysts expect more banks to follow their lead. The banks are starting to charge fees to reliable customers in response to a slew of new credit card industry regulations that will limit when banks can hike interest rates."

Consumers who don't accept the higher annual fees must close their credit card account and shop around for a new credit card at another bank.

I find the arrogance of this astounding. If the bank is serious about testing consumer reaction, all they need to do is read the comments by readers on prior I've Been Mugged blog posts about the higher interest rates announced back in February. The banks must be desperate for revenue to cover poor decisions they made about bad debts and risky investments.

FTC Delays "Red Flag" Enforcement Again

Once again, at the request of members of Congress, the Federal Trade Commission (FTC) has delayed the enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors.

The prior enforcement date had been November 1, 2009. In May of 2009, the FTC changed the enforcement date from May 1, 2009 to August 1, 2009.

As part of the Fair and Accurate Credit Transactions Act, Congress directed the FTC and other agencies to develop regulations requiring financial institutions and creditor companies to address identity theft. The resulting regulations require these companies to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- commonly called "Red Flags" -- that could indicate identity theft.

The FTC regulations are pretty specific about the types of companies covered by these new identity-theft regulations:

"The Rule defines a “financial institution” as: 1) a state or national bank, 2) a state or federal savings and loan association, 3) a mutual savings bank, 4) a state or federal credit union, or 5) any other entity that directly or indirectly holds a “transaction account” belonging to a consumer. “Transaction accounts” are deposits or accounts from which a consumer can make payments or transfers to third parties. Banks, federally chartered credit unions, and savings and loans come under the jurisdiction of the federal bank regulatory agencies or the National Credit Union Administration and should check with them for guidance. The FTC’s jurisdiction extends to state chartered credit unions and other institutions that hold transaction accounts – for example, mutual funds that offer accounts with check writing or debit card privileges or other businesses that offer accounts where consumers can make payments or transfers to third parties. Under the Rule, the definition of “creditor” is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later. Examples of groups that may fall within this definition are utilities, health care providers, lawyers, accountants, and other professionals, and telecommunications companies. The definition also covers businesses or organizations that regularly grant loans, arrange for loans or the extension of credit, or make credit decisions. Examples include finance companies, mortgage brokers, and automobile dealers or retailers that offer financing... In addition, the definition includes anyone who regularly participates in the decision to extend, renew, or continue credit, including setting the terms of credit. For example, a third-party debt collector..."

In April of 2009, the FTC launched a Web site to help small and medium-sized businesses comply with the new Red Flag regulations. A U.S. District recently ruled that attorneys are exempt form the new regulations. A different set of regulations apply to hospitals and health care firms.

During the coming weeks and months I will explore the Red Flag rules more closely since the new enforcement data is an opportunity for consumers to demand more from companies that store and user their sensitive personal information. The opportunity is for consumers to be able to ask a company they are considering doing business with for a written statement of how that company protects their sensitive personal data.

Will the June 2010 date hold? Who knows. The FTC's pattern of delays suggests probably not. As this issue moves forward, the I've Been Mugged blog will report about it.