Previous month:
January 2012
Next month:
March 2012

21 posts from February 2012

FTC Releases Report Of Top Complaints Submitted By Consumers During 2011

Earlier this week, the U.S. Federal Trade Commission (FTC) released its annual report of the leading complaints filed by consumers. During 2011, identity theft (again) led the list of complaints. This is the 12th consecutive year that identity theft has led the list:

Type of Complaint or Scam
Number % Of Total
1. Identity Theft 279,156 15%
2. Debt Collection
180,928 10%
3. Prizes, Sweepstakes and Lotteries
4. Shop-at-Home and Catalog Sales
98,306 5%
5. Banks and Lenders
89,341 5%
6. Internet Services
7. Auto Related
77,435 4%
8. Imposter Scams
73,281 4%
9. Telephone and Mobile Services
70,024 4%
10. Advance-Fee Loans and Credit Protection/Repair
47,414 3%

Other notable findings:

  • Fraud: 990k of the 1.8 million complaints were fraud-related. 68% of consumers reported a fraud complaint where they paid an amount. The total amount paid was $1.5 billion, and the median amount paid was $537. 43% of consumers were contacted via email. The five states with the highest per-capita fraud reported were Colorado, Delaware, Maryland, Nevada, and Virginia.
  • Identity Theft: Government documents/benefits fraud (27%) was the most common form reported, followed by credit card fraud (14%), phone or utilities fraud (13%), bank fraud (9%), and employment fraud (8%). 45% of consumers reported they contacted local law enforcement. The five states with the highest per-capita identity theft were Florida, Georgia, California, Arizona, and Texas.
  • Countries: the top five countries were the USA (80%), Canada (4%), the United Kingdom (4%), Nigeria (2%), and Jamaica (2%).
  • Age: consumers that filed complaints during 2011 were ages 50-59 (23%), followed by ages 40-49 (20%), ages 30-39 (17%), ages 60-69 (15%), and ages 20-29 (15%).
  • Military: members from all four branches plus the Coast Guard reported complaints. For this group, identity theft ranked as the number one complaint, followed by Debt Collection. Mortgage Foreclosure Relief and Debt Management ranked as fourth for this group, compared to 13 for all consumers.

During 2011, consumers submitted about 1.8 million complaints, an increase of 24% over 2010. All complaints submitted by consumers are collected in the FTC Consumer Sentinel Network database, which contains 30 different categories of complaints. Download the 2011 FTC Consumer Sentinel Network Data Book (Adobe PDF).

Consumers Adapt Their Social Media Use Given Privacy Concerns

Pew Internet recently released the results of a second quarter 2011 survey about consumers' usage of social networking web sites and privacy. The survey found that consumers are adapting their usage of social networking web sites given privacy concerns:

  • 63% of survey respondents have deleted people from their “friends” lists, up from 56% in 2009,
  • 58% of users restrict access to their profiles on social networking websites. More women (67%) do this than men (48%),
  • 48% of users have had some difficulty managing their profile privacy settings on social networking web sites,
  • 44% have deleted comments made by others on their profile,
  • 37% have removed their names from photos that were tagged to identify them, and
  • 11% have posted content they regret.

It will be interesting to see how much further adaptation occurs in next year's survey results, since users will have had more time to use features, like the Timeline feature from Facebook. I have talked with consumers who use the Timeline feature to delete harmful archived status messages, since employers now use social networking web sites to screen job applicants, to determine credit worthiness, and to evaluate insurance worthiness.

Some consumers use the new Facebook Profile Preview feature to screen and reject their friends' attempts to tag them in status messages and photographs. That seems very wise since too many users (42% total) don't restrict access to their profiles.

Should companies use social networking websites for financial, insurance, and employment screening uses? That's debatable, but the reality is that companies use the data anyway for screening, and the social networking sites are happy to make more money. My advice: prune your profile of harmful archived posts, and don't post anything at a social networking web sites that you don't want read/shown in court.

Use Caution With Bill-To-Your-Cell-Phone Services

Lots of people like to try new services as they become available. It's generally a good idea as those new services can save time, effort, and/or money.

There is a good article at the Consumer Reports website which advises consumers to use caution when using bill-to-your-cellular-phone services. Perhaps, you have heard of the phrase: "digital wallet." There are several services available to pay with your cellular phone.

The magazine recently analyzed wireless carriers' contracts for bill-to-your-cell-phone services, and found:

"... consumer rights can vary widely between wireless carriers and the protections carriers claim to provide are often not spelled out in the contracts..."

The contracts outline consumers rights and responsibilities -- especially when bad things happen (e.g., bill problems, fraud). If the contracts aren't clear or complete, then you may encounter problems. The magazine used several secret shoppers to survey customer service representatives at:

"... Verizon, five from AT&T, and two each from Sprint and T-Mobile... Our test results show that, on average, cell carriers' customer service representatives are not aware of their company's policies."

Again, if the customer service representatives are unfamiliar with their employer's bill-to-your-cell-phone services, then you may encounter difficulty getting any bill problems resolved. Inspect your monthly bills closely for accurate charges.

How To Evaluate A Health Care Debit Card Plan From Your Employer

A blog post on Tuesday described Caren's experience with her United Healthcare Consumer Accounts Card, a specialized debit card her employer provided for Flexible Spending Account (FSA) expenses. That blog post highlighted what can go wrong with a health care debit card.

I wanted to take a closer look at the card agreement, and see what broader issues might apply in general. Today's blog post includes my findings about several items employees should be aware of when considering a health care debit card plan. I am not an attorney, so this is not legal advice -- just my observations and opinions as a consumer -- like you tyring to navigate a complex world. If you need legal advice, hire an attorney.

First, healthcare debit cards are similar to traditional debit cards, but with several important differences. Employees must understand how they work and when fees apply, just as you would with a traditional debit card with your bank checking account. So, it is important to closely read all appliable agreements, terms, or policies y to know your rights and responsibilities -- especially when bad things happen.

The introduction to the United Healthcare Consumer Accounts Card agreement (Adobe PDF; which is also available here) lists some important warnings:

"At the register or cashier: This is not a credit card, but you will need to choose “credit” when making purchases... At the pharmacy, supermarket or other retail store: Pay for eligible over-the-counter (OTC) supplies and materials. Please note: The card will be rejected if purchasing OTC medicines, even when prescribed..."

Select "credit" at the point-of-sale even though the card says "Debit" on its face? Prescribed OTC medicine will still be rejected? These exceptions sound like a recipe for employee confusion and rejected purchases. While the agreement states that it is a MasterCard Debit, I wonder if the bank tweaked a traditional credit-card payment solution for health care purchases and rushed it to market without removing all the bugs first.

What comes to mind is that old saying: never buy the first year of a new car production (and wait until the manufacturer gets all of the bugs out). Seems to apply to payment solutions, too.

Section #2 of the same agreement states:

"When you use the Card, you represent and warrant that you will not submit, and have not previously submitted, a claim for reimbursement for the same expenses under any other plan or program. You agree to save all invoices or receipts that are provided to you by merchants and service providers when you use the Card. You agree to provide a copy of any such receipt to us or United Healthcare, promptly on request. If you fail to submit a receipt when it is requested, under IRS rules, the amount in question may not be excluded from your gross income for federal tax purposes or may otherwise result in financial penalties to you. Your use of the Card is subject to the terms and conditions of the Plan, as well as the terms and conditions of this Agreement..."

So, employees must still save all purchase receipts. The health care debit card doesn't eliminate all paperwork. The last sentence in the above clause is important because it highlights the fact that several policies apply. It would be helpful if this agreement listed all applicable policies. My estimate is that at least five different policies apply:

  1. Consumer Accounts Card Agreement,
  2. United Healthcare HIPAA Privacy Policy,
  3. Any additional policies at,
  4. Employee handbook or manual,
  5. Optum Bank policy

Employees should not have to guess which policies apply. It would be best for employees if a single, consolidated policy applied, but unfortunately American business does not operate that way today.

Let's return to the Consumer Accounts Card agreement, which also states:

"You agree that you will only use the Card to pay for eligible expenses under the Plan... if you use the Card for anything other than an eligible expense, you will be liable for any taxes, penalties and other expenses payable under applicable law and any expenses we, United Healthcare or your employer may incur as a result of such impermissible use. Upon demand, you agree to reimburse us, United Healthcare or your employer, as the case may be, for any such use for non-eligible expenses..."

While employees may think that ineligible FSA expenses are automatically blocked at the point-of-sale, the agreement governs what really happens. The Consumer Accounts Card payment process may indeed block some ineligible purchases, but United Healthcare and the bank seem to have left themselves a convenient loophole where employees are still liable. It would be helpful if the agreement stated what those amounts of taxes, penalties, and other expenses could be. It seems risky to use a debit card when you don't know the exact amount of fees that might apply.

Second, employees should be aware of their responsibilities to avoid liability. The "Consumer Liability" portion of the agreement states:

"Tell us AT ONCE if you believe your Card has been lost or stolen. Telephoning is the best way of keeping your possible losses down. If you tell us within 4 business days, you can lose no more than $0 if someone used your Card without your permission. (If you believe your Card has been lost or stolen, and you tell us within 4 business days after you learn of the loss or theft, you can lose no more than $0 if someone used your Card without your permission.)"

This four-day time period seems unreasonably short. My bank allows 60 days from my statement to dispute a charge on that statement. Does United Healthcare expect employees to check their online FSA account every four days? The next portion of the agreement states what happens when employees provide notice after the four-day window:

"If you do NOT tell us within 4 business days after you learn of the loss or theft of your Card, and we can prove we could have stopped someone from using your Card without your permission if you had told us, you could lose as much as $50."

OptumHealth Financial Services logo Now, the liability sounds more like the liability with a traditional credit card: $50. What I find troubling about this clause is that it assumes traditional theft or loss. This blog has documented numerous examples of identity thieves plant skimming devices inside point-of-sale terminals at gas stations, supermarkets, and other retail stores to steal consumers' data to clone debit cards. Since employees are forced to use health care debit cards at retail stores, a more relevant agreement would provide tips about what to do if they believe their card has been cloned. Perhaps the site explains this, but I don't have a account.

The agreement also states (emphasis added by me):

"... if the statement you receive from the Plan administrator shows transfers that you did not make, tell us at once. If you do not tell us within 90 days after the statement was mailed to you, you could lose as much as $50 if we can prove that we could have stopped someone from taking the money if you had told us in time."

Again, that sounds like traditional credit card liability (e.g., $50), but at least the window for notice is longer at 90 days. Why lead with the four day clause? It seems unnecessary. In Caren's case, it seems that United Healthcare is enforcing the 90-day clause. What I find troublesome about the above clause is that it assumes paper statements sent via postal mail. In reality, employees' statements are available online. Nothing is sent via postal mail. So, why write the agreement assuming this? It sounds like the card agreement was rushed to market without all the bugs removed.

Another portion of the agreement states:

"ALL QUESTIONS ABOUT TRANSACTIONS MADE WITH YOUR CARD MUST BE DIRECTED TO THE BANK, AND NOT TO YOUR EMPLOYER OR PLAN ADMINISTRATOR. The Bank is responsible for issuing the Card and for resolving any errors in transactions made with your Card. The transactions will appear only on the statements provided to you by the Plan administrator."

It would be helpful if the agreement listed the bank's phone and postal address information. I couldn't find it in the agreement. The agreement lists United Healthcare's phone and postal address information. In my experience, well-written agreements provide both phone and postal address information with any instructions where consumers should give notice. Perhaps, the other policies provide this information, but I don't have a account.

SO, let's see if I got this correct. The agreement directs employees to contact United Healthcare for transfers the employee didn't make, but contact the bank about statement "errors."What's the difference? How are employees to tell? This sounds confusing.

It troubles me that the above clause mentions "errors" and doesn't mention "fraud." I would expect any bank to aggressively investigate suspected fraud. The fact that Optum Bank's flow of funds page still presents a 2008 copyright does not give me much confidence in the bank:

Optum Financial flow of funds image from website

If something this simple still says 2008, what else has this bank missed? Or, should consumers conclude that the Optum web site hasn't been updated in four years? Or is this flow-of-funds information that is four-years old and/or obsolete? I would expect more timely and current information from any bank -- especially one processing my extremely sensitive health care information.

The "Fees" section of the agreement states:

"OptumHealth Bank does not charge usage fees for this card."

No fees are good, because banks can apply a wide variety of fees to debit-card accounts.However, it means that employees should monitor any changes in the card agreement. Things might change with new fees introduced. So, employees should read any updates to the card agreements or policies with their health care debit cards.

Now, let's return to Caren's story. The fact that Caren never used the Medco online pharmacy should be a huge "red flag" to Optum Bank, Large HR Firm, and United Healthcare. It suggests that Caren's payment information was stolen. The payment data on Caren's Consumer Accounts Card could have been stolen via a skimming device, which identity thieves plant inside point-of-sale terminals at retail stores and gas stations -- not just at bank ATM machines.

If Caren's Consumer Accounts Card was not cloned via skimming device theft, then a couple other options are possible. The pharmacy may have re-submitted the purchases it originally rejected -- and if so, it should have notified Caren, and reimbursed her for the purchases she paid out-of-pocket. Caren could test this by using a different pharmacy. If the duplicate charges don't happen at the second pharmacy, then it is reasonable to assume a problem at the first pharmacy. If the duplicate charges continue, then it seems safe to assume that her debit payment data was stolen.

Insider identity theft is always a possibility. It's harder for employees to spot, but it does happen.

What should employees do if your employer offers a specialized debit card for healthcare expenses? I suggest the following steps:

  • Read all applicable policies to know your rights and responsibilities -- especially before registering for a FSA with your employer. Your employer may have negotiated a really good deal for its employees, or not. Don't blindly assume so; read the fine print in the agreement first. Part of evaluating if it's a good deal is looking for certain clauses in the agreement -- like the ones listed above. If you have difficulty reading contracts, get help from a trusted friend, family member, or attorney if you can afford one.
  • Use the Internet to find reviews written by employees about their health care debit card plan. Places I like to look include Consumer Reports, The Consumerist, and Epinions.
  • File a police report with local law enforcement. (In Caren's case, somebody spent money from her FSA account without her authorization. That is theft.) Insist on law enforcement accepting the report. Make several copies. Attached the police report to any complaints filed with your employer, the FSA healthcare administrator, and the bank,
  • Use a different pharmacy. If the duplicate charge problem stops, it is reasonable to assume a problem at the first pharmacy, and file a police report accordingly,
  • If you feel that you aren't getting the services promised by the bank which processes your health care debit card transactions, learn about how to file a complaint against your bank.
  • File a fraud complaint with the U.S. Federal Trade Commission (FTC) including any relevant documents (and non-action by employer, HR Firm, health care firm, and bank). This will help the FTC track any emerging theft trends with health care debit cards.
  • If there is no action by the employer, HR Firm, healthcare firm, and/or bank), write a letter to your federal or state elected officials asking for help. It's part of their jobs -- to help their constituents.

Is the United Healthcare Consumer Accounts Card a good deal? Only you can decide for yourself, as everyone's needs are different. Hopefully, I have highlighted the things consumers should look for in any health care card agreement, so you can make an informed decision.

If you use a specialized debit card for health care expenses, what has been your experience?

How Companies Analyze Your Spending And Habits

Two really good news article explain how companies analyze consumers spending and social networking activity. I highly recommend that you read both articles.

The Forbes magazine article, "How Target Figured Out a Teen Girl Was Pregnant Before Her Father Did," summarized very well the problematic behavior of many corporations and retailers. To get a jump on its competitors, Target extensively analyzed -- perhaps better than most retailers -- its customers' purchases and attached undisclosed demographic data to each customer's identification number to mathematically predict what customers might by.

The prediction formulas were so good, Target was able to mathematically deduce from past purchases that this teen girl was pregnant and send coupons to her home -- all before the teen told her parent of the pregnancy:

"What Target discovered fairly quickly is that it creeped people out that the company knew about their pregnancies in advance... So Target got sneakier about sending the coupons. The company can create personalized booklets..."

These personalized coupon books were an attempt to hide the fact that Target knew so much, and disguise that knowledge by presenting both coupons not related to pregnancy with coupons that were related:

"... we learned that some women react badly... Then we started mixing in all these ads for things we knew pregnant women would never buy, so the baby ads looked random... we found out that as long as a pregnant woman thinks she hasn’t been spied on, she’ll use the coupons. She just assumes that everyone else on her block got the same mailer..."

One of my friends called Target's behavior "untethered stupidity" to market pregancy products to a teenager. Yes, that was incredibly stupid, and was likely enabled by its rush to make money. Some of my friends were surprised at the content of the above Forbes article. I wasn't surprised because of the amount of personal information shared:

  • Consumers share on social networking websites the items (e.g., products, services, television/cable shows, music) products we like or prefer,
  • Banks regularly collect and resell both debit-card and credit-card purchases,
  • Consumers share on social networking websites a wide variety of sensitive personal data (e.g., birth date, children's names and ages, list of relatives). The full birth date makes it easy for data brokers and advertisers to distinguish several people with the same name,
  • Consumers share product preferences and travel vacation habits through loyalty program memberships,
  • State motor vehicle registries regularly sell drivers' data to companies and data brokers. That includes the car, from which marketers can deduce your wealth, favorite color, and when to pitch extended auto warranty service plans,
  • Data brokers like Spokeo and Acxiom compile consumers' demographic data from public records and social networking websites, which retailers can purchase,
  • Leaky entertainment, quiz, and gaming apps on social networking websites regularly collect consumers sensitive personal data,
  • Leaky smartphone apps regularly collect consumers' sensitive personal data, they often shouldn't. The lack of privacy policies with these apps mean the app developers are free to sell the personal data collected.

What might that undisclosed demographic data be? It's pretty easy to deduce or infer:

  • Name, address, age from the store loyalty program registration
  • Income from any store credit cards, loyalty program registrations, surveys, or average purchase history over time (e.g., wealthy people spend more, less wealthy purchase more with coupons)
  • Favorite colors from the colors of clothes purchased
  • Left-handed preference from types of products purchased
  • Personal preferences from any product comments at the retailer's web site or products "liked" at social networking websites (purchased from data brokers)
  • Type of vision from purchases (e.g., non-prescription sunglasses indicate good vision)
  • Health issues (e.g., eczema, dry skin, dandruff) from the types of lotions and shampoos purchased
  • Health issues (e.g., over-weight) by the size of clothes purchased or from retailers offering pharmacies and in-store clinics
  • Durable goods (e.g., dishwasher, washing machine, gas or electric oven) used at home from purchases
  • Auto and electronics owned from purchases, either the item or related accessories purchased
  • Approximate ages of children by types of toys purchased or from photographs at social networking websites
  • Where else you shop, based on GPS coordinates collected from any apps installed on your smartphone, or data purchased from mobile service providers
  • Retail stores that use facial recognition cameras can track your shopping patterns (e.g., when where, duration), even when you pay with cash and left your GPS-enabled cell phone at home, and supplement this with demographic data from photos you are tagged in at social networking websites
  • Any gaps in the above demographic data can easily be filled by data purchased from data brokers like Acxiom and/or ads run on social networking websites

The New York Times article, "How Companies Learn Your Secrets," includes a more detailed analysis, with how marketers look for "chunks" in consumers' behaviors to predict future purchases:

"This process, in which the brain converts a sequence of actions into an automatic routine, is called “chunking.” There are dozens, if not hundreds, of behavioral chunks we rely on every day. Some are simple: you automatically put toothpaste on your toothbrush before sticking it in your mouth..."

Some chunks are more complex; consider the series of behaviors women will perform to prepare for a pregnancy: purchase different clothes, lotions, and/or personal hygiene items. Now, think more broadly, because everyone's behaviors can be chunked. Not just women. The researchers found:

"... when some customers were going through a major life event, like graduating from college or getting a new job or moving to a new town, their shopping habits became flexible in ways that were both predictable and potential gold mines for retailers. The study found that when someone marries, he or she is more likely to start buying a new type of coffee. When a couple move into a new house, they’re more apt to purchase a different kind of cereal. When they divorce, there’s an increased chance they’ll start buying different brands of beer. Consumers going through major life events often don’t notice, or care, that their shopping habits have shifted, but retailers notice..."

And a baby definitely qualifies as a major life event.

Now, consider your past purchases. Advertisers value that so they can serve up different products at these major life events. Coombine this with your GPS location in the physical world, and it is a marketers dream: to know you shop every Saturday morning and then serve up ads on your smartphone before you arrive at the supermarket; or to serve up childrens toy and food ads before you shop for their birthday parties.

Maybe all of this doesn't bother you, or maybe it does. The bottom line: where you go in the world, what you purchase, and how much you consume are all pretty personal facts. Consumers should have control over when and with whom this personal data gets shared. If you choose to share everything, fine. Some of us feel and act differently.

A Debit Card Cautionary Tale

[Editor's Note: today's post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. Michelle helps others improve their use of technology in their personal or professional life. Today, she tackles what I believe will become a huge identity-theft problem. As employers lower their administrative costs by outsourcing payment systems that include debit-card transactions, the result is a more complicated, patchwork mix of companies where it is not easily clear who is responsible when bad things happen.]

By R. Michelle Green

At a business conference I attended, the topic turned to health care insurance administration. Some of the attendees now have new debit cards they didn’t ask for. Their employers gave them debit cards for their health care expenses (to access their Flexible Spending Accounts). Instead of having to submit receipts, employees offer the card at the point of sale. If s/he tries to charge more than allowed, or tries to charge things that are not acceptable, the card is rejected. Easily fits into the distributor’s payment systems (cash credit debit), no paperwork for the employee, less evaluative work for the FSA provider. Everyone wins, right?

Not everyone.

Meet Caren (not her real name, of course). She offered her new debit card -- her's is called a United Healthcare Consumer Accounts Card -- for prescription meds in January last year. However, the purchase was rejected by the pharmacy. She assumed it was a glitch, and paid for it herself. While this eventually happened every time, she doesn’t have medical charges every day, so it took a while to recognize that the card never worked. For reasons not relevant here, she did not pursue this with the provider until the fall, only to discover that all her money had been used up on health care charges she didn’t make.

She spoke with United Healthcare using the phone number on her Consumer Accounts Card. She submitted all her information in writing as they requested. They produced a sheet showing that her charges mostly matched (about 70%) identical charges paid 1-2 business days after hers. Though they did not accuse her of fraud, they did say the case was closed and did not merit an appeal. When she approached her human resources provider, he said, well at least she got the tax break. (!) She didn’t get a tax break, she got a salary reduction! She was deprived of access to her own money, set aside from her salary. The debit card agreement online says that she should call the bank operating the card, but that hasn’t proven productive either.

Had a second card been issued to someone else, we wondered? Not to her (or to the bank’s) knowledge. Did the drugstore have signatures on the other charges ostensibly hers? The other charges were mail order charges through Medco, so no receipts or signatures. She has no account with Medco. The pharmacy is not interested in pursuing this, they’ve been paid (perhaps twice!). Medco won’t address it, as she is not a client. The debit card provider only knows the money is spent. The FSA account holder is satisfied that it was spent for the right things. Only Caren is out of pocket and disadvantaged. Doubly so – this was so traumatic that she did not enroll in FSA this year. That makes her ineligible for the associated tax benefit in 2012.

Turns out our blog host is interested in the way financial systems are evolving, and found this issue particularly interesting. There are a lot more parties in the mix than you might at first think. Caren has an employer small enough that it purchases human resources expertise from a national firm. So there’s Caren, Small Firm, and Big HR Firm. Big HR Firm takes the money from her account and sends it somewhere based on their agreement with United Healthcare. Her debit card is managed by United Healthcare, and Optum Health Bank administers that card for them. Optum Health Bank has a subsidiary, Optum Financial, that handles the flow of money from the holding account to the point of sale. And what about the pharmacy: could their processes have been compromised as well?

I read a lot about fraud and scams, and wondered if this could be the tip of a software theft operation, selecting certain customers, and duplicating certain customers’ receipts, at just low enough rates that they are not perceived. (Good movie, eh? But Occam’s Razor says: not likely.) But who is the person with enough clout to investigate this, particularly if no one person or entity loses big bucks?

Today she tweeted that she had heard from Big HR Firm – there’s nothing they can do. So who’s responsible? Several corporations are in play; doesn’t each have a responsibility to Caren? Who can help her?

Foreclosure Abuse Widespread

Last week, the San Francisco Assessor-Recorder office released the results of an audit (Adobe PDF) of about 400 home that were foreclosed on during 2009, 2010, and 2011. The audit found that about 84% of the homes had at least one violation of California foreclosure laws.

The office began the audit last Fall with Aequitas, a mortgage investigation firm, after problems surfaced in mortgage records requested by homeowners facing foreclosure. Assessor-Recorder Phil Ting said,

“When it became clear that property records were severely undermined, a red flag was raised... Those records are supposed to be filed with this office and many were simply missing or had serious inconsistencies..."

It's difficult to impossible for a homeowner to fight foreclosure when mortgage records are inaccurate or incomplete. Ting emphasized the need for state legislation to guarantee compliance with California foreclosure laws by the mortgage industry.

The register of deeds in Guildford County, North Carolina, examined 6,100 mortgage documents last year, and found signature irregularities in 4,500 (xx%). Experts see this as a clear indicator of the illegal practice of "robosigning" documents.

Seems to me it is time to both fine companies and send bankers to prison nationwide. Only then will this madness stop. Demand action from your elected officials.

Apple Says Path And Other iPhone Apps Violated Policy

A prior blog post discussed how a developer found the Path iPhone app collecting his contact information without notice nor consent. The All Things D blog reported a reply by an Apple spokesperson:

"Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines... We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Twitter, Hipster, and other apps that collected users' contact information also are modifying their processes to stop collection. The statement by Apple still doesn't explain why Apple did not reject apps that violate its policy from being sold in its app store. Nor does Apple seem to address the consequences for these violators.

The "working to make this even better" sounds disingenuous. Either an app violated the policy, or it didn't. Either Apple checks apps for compliance or it doesn't. There is no inbetween. One cannot be a little pregnant.

At press time, the Apple Press Info website section did not mention the above statement.

Asurion Surveys Consumers About Their Smart Phones; Recycling Old Gadgets With Gazelle

Asurion, the provider of insurance services for mobile device users, announced on Tuesday the result of a recent survey of 3,000 smart phone users. Consumers are in love with their smart phones. Some survey results:

  • About 30 percent of survey participants believe their smart phone is more helpful than their significant other: more entertaining or never talks back
  • About half of survey respondents have sent racey text messages to their partners
  • About 20 percent of respondents would not end a date if the other person spent the entire time on their phone

The survey included smart phone users in the United States. To learn more about Asurion, read this blog post.

If you desk drawer at home is filling up with old cell phones and electronic gadgets, then this may be an option for you. Gazelle, an electronics recycling company, claims that it will pay cash for old gadgets: cell phones, digital cameras, MP3 players, GPS devices, calculators, tablets, and more.

I haven't used Gazelle, so I don't know if it pays well and provides good data security. I'll bet that some I've Been Mugged readers probably have already used Gazelle. If you have, share your experiences below.

Boston Transit Authority Seeks Public Feedback About Proposed Fare And Service Changes (Part Two)

Savin Hill Station on the Red Line. circa 2006 A prior blog post described a local community meeting held by officials from the MBTA, Boston's transit authority, to collect feedback from the public about which of two fare and service proposals to proceed with. At that meeting, I shared my views about the situation. Earlier this week, a local community meeting drew a large protest:

I have used the “T” subways for many years to commute from home to work in Boston. While living in the Waltham suburb, I used MBTA commuter rail, express buses, and local buses to commute to work. Other mass transit systems I have used:

  • While growing up and working in New York City: its MTA buses and subways,
  • During college, the bus system in Rochester (NY),
  • During graduate study, the elevated trains in Chicago (IL)
  • While vacationing in Germany, both the high-speed intra-city rail system and the subway in Cologne,
  • While temporarily working in London, its underground and bus systems, and
  • While vacationing in Los Angeles, its subway system.

So, I have had plenty of experience using a variety of mass transit systems. I like using mass transit and prefer it over autos.

I read the Information Booklet (Adobe PDF) the MBTA distributed with its two proposed scenarios. I have several concerns.

First, the brochure did not mention nor address the impact upon local small businesses, jobs, and employment. Most Boston residents use the "T" system to get to work or to school. Many use it to shop a businesses within the city. The local community meeting in Dorchester highlighted the fact that many residents (e.g., students, elders and retirees) don't have cars or an alternate means of transportation. They rely on the MBTA.

The large number of service terminations (e.g., bus routes, ferries, "E" line on weekends) spell a disaster for small and local businesses in those areas, who both hire residents as employees and depend upon those residents as customers.

Commuter rail service terminations after 10 pm will likely affect businesses that operate after 10:00 pm. Not just large businesses like the TD North Garden, but numerous small businesses. At the local community meeting I attended, numerous residents shared their feedback about how bus route terminations (e.g., 101 routes in scenario #2) will affect them. Students (e.g., youth) and residents on fixed incomes -- with no alternate transportation -- will be severly affected. Secondary and higher education are huge industries in the Boston metro area. The MBTA proposals don't and should mention how these industries would be affected by the fare increases and service terminations. When service terminations force students to walk to school, there are additional safety issues.

Consumers frequent businesses they can easily and reliably get to. All of the proposed terminations make it more difficult and unreliable for MBTA users -- employees and customers -- to use the MBTA.

It seems that either the MBTA has not considered the impacts upon local businesses and jobs, or does not wish to discuss them. This is odd because the MBTA developed an impact analysis (Adobe PDF) that projected declining air quality from greater auto usage due to service terminations. This is odd because the Big Dig project considered the needs of local businesses along its construction paths:

"But the state had a new task, one that would become a feature of big infrastructure projects nationwide: “mitigation.” Broadly speaking, mitigation was the state’s promise to alleviate the Big Dig’s impact on Boston, from interrupting business to harming the environment. Mitigation eventually accounted for about one-third of the Big Dig’s cost..."

The MBTA needs to do something similar, since it is integral to the health and efficient functioning of the city.

Will students continue to apply to secondary and higher education schools in the area, or will the fare increases and service terminations negatively affect applications? It would be huge disservice if the solution to the MBTA's fiscal mess happened at the expense of the community. There has to be balance.

Second, the MBTA documents did not present utilization rates of the bus routes scheduled for termination. These facts are critical toward evaluating the service cuts. Residents cannot provide informed feedback about the MBTA's proposals without inputs about utilization, the impacts upon employment, and upon jobs.

So, the MBTA has asked the public to "choose the better option," but has not provided all relevant data for the public to make informed choices. That is unfair.

Third, the $4.5 billion debt level and fare comparisons with other cities (Adobe PDF) suggests that a fare is warranted. However, this doesn't give the MBTA a free pass on transparency. I expect the MBTA to do a better job of being transparent about efforts to wring waste out of your system. The documents provided are insufficient.

I talked with MBTA employees (who requested anonymity), and they told me clearly that:

  • The MBTA rents a lot of properties it never uses or under utilizes. These properties should be sold or used to increase revenues.
  • Better utilization could include options such as power generation (e.g., wind turbines installed on building rooftops) to generate revenue or lower energy costs.
  • There are internal human resource programs that cost a lot and drive questionable results.
  • Many highways have "aopted a highway mile" programs. The MBTA has not seemed to consider innovative solutions such as this (e.g., 'adopt a station") or similar programs.

Frankly, I don't believe that the MBTA has wrung all of the waste out of its system. Rather, the MBTA seems to take the easy route: raise revenues by raising fares on customers, many of whom are poor and can least afford the proposed fare increases.

Fourth, your proposed fare increases and service terminations seem woefully short-sighted. What about a year from now? How does this solution avoid the situation where we have to revisit your fiscal concerns in a year or two. What about a long-term focus on being environmentally conscious? The proposed solutions don't address this.

The solution for the MBTA's fiscal mess needs to better balance long-term and short-term needs, fit with the city's need to remain competitive and efficient, and fit with the public's desire to use its mass transit system in environmentally friendly ways. My bottom line: the fiscal “cure” should not be worse than the debt “disease.” The surgery should not kill the patient.

New Features Available On I've Been Mugged

I am pleased to announce several new features available on this blog. Perhaps, you have already noticed them.

In the near right column, the "Greatest Hits: Facebook" module has been renamed to "Using Facebook Safely" to better reflect the focused blog posts content in this module. The far right column includes two new modules: "George's Picks" and "Popular Discussions."

The "George's Picks module includes investigative and controversial blog posts which I believe that you won't want to miss. Consider them gems with emerging issues. The "Popular Discussions" module includes blog posts with lots of comments activity.

To explore this blog and find discussions, you can use the tag cloud in the near right column. In the far right column, you can use either the "Recent Comments" or the "Recent Posts" modules.

Thanks for visiting I've Been Mugged. Tell your friends and come back soon!

Big Banks vs. Credit Unions

If you are unsure about whether or not to move your money from a big banks to a small, community bank and credit union, consider the statistics below from Consumer Reports:

Item / FeeBig BanksCredit Unions
Non-interest Checking (per month) $10.27 $6.00
Minimum Balance to Waive Fees $1,115.97 $500.00
Online Bill Payment (per month) $6.95 $0.00
Use Another Bank's ATM (per transaction)
$2.21 $1.07
ATM Surcharge (per transaction)
$2.96 $2.79
Overdraft (per transaction)
$34.48 $27.82
Insufficient Funds (per transaction)
$34.48 $27.82
Stop Payment (per transaction)
$31.09 $19.43

To learn more:

iPhone App Uploads Users' Entire iPhone Address Books

An I've Been Mugged reader alerted me about this. In his blog, Arun Thampi has documented technically how the Path iPhone app uploaded his entire iPhone address book and contact information to its servers without notifying customers nor gaining their permission. Arun's described his experience:

"I was thinking of implementing a Path Mac OS X app... I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path."

The comments section of the blog post includes a conversation between Arun and Dave Morin, CEO of Path. During the discussion, one user raises the relevant issues and questions:

"1. Why are you uploading the actual address book data, rather than (say) generating hashes of the user's email addresses locally, then uploading just those hashes... 2. Why wasn't this an opt-in situation to begin with? Isn't that against Apple's own T&Cs? 3. How can we have our contact information deleted from your servers, if we wish to do that?

It is good that Morin apologized on behalf of Path. He also wrote in the comment sectionr:

1. This is a good alternative solution which we'll look into. Thanks for the idea. 2. This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information... 3. As I mentioned in the previous answer, we are rolling out this functionality for 2.0.6. In the meantime, if you would like your data deleted from our servers please contact our service team at [email protected]..."

During the discussion, a user cites the relevant sections of the App Store's terms and conditions (Adobe PDF):

"I'd say that 17.1 and 17.2 of the approval guidelines specifically forbids what you are currently doing: 17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used. 17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected..."

The additional issues I see:

  • Almost all of the comments are by people who aren't lawyers. I am sure that a lawyer will weigh in on this soon.
  • The opt-out process Morin describe sounded cumbersome to me, as if it was created in haste after the fact. The system default never should have been to auto upload customers' entire phone books.
  • It's great that Thampi found this problem. However, one should not have to be a computer programmer or website developer in order to verify that smartphone apps don't violate either the app developer's policies or the app store's policies.
  • As social networking and app companies innovate, it is critical for the industry to figure out where the line is between users accepting data collection to enable convenience versus too much data collection. This makes it difficult to impossible to gain trust among users about the safety, security, and reliability of mobile device apps.
  • I look forward to reading Apple's response about why it didn't reject the Path iPhone app.

Both C/Net and Wired summarized well the situation. C/Net said:

"Apple, of course, has learned the hard way that it needs to be strict about how iOS apps use, share, and distribute users' private data..."

And Wired said:

In fact, Facebook was caught doing the exact same thing that Path is currently taking heat for, over two years ago."

Technical Support Phone Scam Poses As Microsoft Windows Affiliate Company

Yesterday, i received a telephone call from "Dean Thomas" (probably not his real name) who said he was from the "Technical & Maintenance Department of Windows." The phone number he gave was (209) 813-0133, which I assume was bogus, too.

Immediately, I recognized this phone scam as I had read about it previously in Consumer Reports:

"The scam has become so widespread that Microsoft has studied the problem in four countries, including the U.S. The study found that scammers stole an average of $875 from victims and caused $1,730 in damage to their computers."

Plus, I follow the Better Business Bureau on Twitter, which issued this alert months ago. I decided to listen to the scammer's pitch so I could report about it on this blog.

Basically, the scam artists pretend to be from a reputable company that is seriously interested in protecting you from virus software that can damage your computer. The first part of the pitch is an attempt to gain your confidence -- that they have received error messages already from my computer. After gaining your trust, they will ask you to visit a website, not with your web browser, but the "Run Software" dialog box. Doing so would give them access and control over your computer -- and the freedom to steal any files with passwords and bank accoount sign-in credentials.

With his heavy Southern Asia accent, "Dean" asked me to browse various system registry files (e.g., the Event Viewer, the Command level interface) on my computer, in a bogus attempt to convince me that my computer is already infected with malware. At one point during the call, "Dean" asked me to verify the CLSID number of my computer. Of course, I refused -- all the while acting like a dumb computer user so I had enough time to perform several searches to confirm the scam.

One way to recognize these phone scams is that they never ask you if you alraedy have anti-virus software installed on your computer. "Dean" never asked and I never volunteered an answer.

"Dean" soon became frustrated and transferred me to his supervisor, who said he was from a company called, "Software Network Communications For Windows." Another sign that this was a scam: the company name kept changing. This new jerk wanted me to open the Run Software dialog box on my computer and enter the "" website address. I asked him why the website address was different if he was from Windows. He answered that he was with an affiliate company.

Of course, I wasn't believing any of this nonsense -- nor should you. Of course, I didn't enter anything into the Run Software dialog box - nor should you. I told the jerk that I needed to know more about his company before visiting any website. Then, he hung up.

Later, I reported this phone fraud to the U.S. Federal Trade Commission (FTC) -- which you should too, if you receive such a phone call.

To learn more and avoid these technical support phone scams, read this Consumer Reports article, and this Microsoft alert. Other consumers have received technical support scam phone calls. Here is one that is both entertaining and serious:

Data Breach At Motorola Mobility Affects Refurbished XOOM Tablets

Motorola Mobility admitted Friday in a press release that it failed to erase the sensitive personal information of original owners on refurbished tablets. The breach included about 100 Motorola XOOM WiFi tablets from a batch of 6,200. The tablets were resold by during October through December 2011.

Motorola did not specify the types of sensitive personal information exposed, but it likely include any personal information the original tablet owners stored on their devices:

"It is possible that users might have stored photographs and documents. They may have also stored user names and passwords for email and social media accounts, as well as other password-protected sites and applications."

Ya think so? Duh! Obviously, affected consumers should change their passwords at any online bank, financial, and social networking websites; especially if you stored your passwords on your Motorola tablet. Purchasers of the affected refurbished tablets should return their devices to Motorla to ensure that the memory of each device is cleared. If you purchased a refurbished Motorola XOOM Wi-Fi tablets from between October and December 2011, you should visit or call Motorola Mobility Customer Support (1-800-734-5870 and select Option 1) to determine if your tablet is affected.

For consumers who purchased and then returned a Motorola XOOM Wi-Fi tablet to, Best Buy, BJ’s Wholesale, eBay, Office Max, Radio Shack, Sam’s Club, or Staples and a few other independent retailers between March and October 2011, Motorola offers a free two-year membership with Experian’s ProtectMyID Alert credit monitoring service. The company also directed original tablet owners to contact Experian at 1-866-926-9803 to register for their complimentary credit monitoring service.

At press time, refurbished XOOM tablets were selling for about $349 on

This breach is troublesome. While breaches often happen, the company should have adequately wiped all sensitive personal data from refurbished tablets. That the company failed to do so makes one wonder if any malware was transmitted to purchasers of refurbished tablets -- or of any other Motorola mobile devices.

If you were affected by this data breach, share your experience below.

Paid And Fake Product Reviews: More Deceptive Advertising

This blog has covered plenty of instances of deceptive marketing tactics by companies. The New York Times reported about a new tactic where companies pay their customers to write glowing reviews of its products. The higher the customer review rating, the more the company paid each customer.

In this case, did the right thing, which all online retailers must do in these instances:

"Amazon, sent a copy of the VIP letter by The New York Times, said its guidelines prohibited compensation for customer reviews. A few days later, it deleted all the reviews for the case, which itself was listed as unavailable. Then it took down the product page itself."

Of course, the companies involved do not advertise the fact that they pay their customers to write fake or glowing customer reviews or products/services. Some customers have admitted in their reviews receiving payments, but many don't.

The related issues are numerous:

  1. Paid reviews threaten the credibility of the Internet
  2. Is this marketing tactic honest? Of course not. It undermines the reliability and credibility of customer-submitted product reviews. I expect the U.S. Federal Trade Commission (FTC) to investigate and take punitive actions.
  3. Are these paid consumer-written product reviews honest? No.
  4. Should reviewers disclose these payment arrangements? Yes. If you are paid to write a review, definitely disclose both the payment arrangement and your relationship with the company, so readers can evaluate the reliability and honest of your reviews.
  5. Online retailers need clear policies about reviews, which should be clearly and prominently explained in their website terms and conditions. Actions taken against violators should be swift, as did.
  6. Yes, it is difficult to uncover paid reviews. Online retailers should explore methods to verify product/service reviews. If not, consumers can and should take their business elsewhere

And yes, that old saying still apples: caveat emptor (buyer beware).

Boston Transit Authority Seeks Public Feedback About Proposed Fare And Service Changes

I live and work in Boston. Like many cities in America, Boston's mass transit system faces financial obstacles. In January, the Massachusetts Bay Transit Authority (MBTA) proposed several changes to close its projected operating deficits.

The proposed changes included two scenarios. One scenario includes larger average fare increases with fewer service cuts. the second scenario includes smaller average fare increases with many more service cuts:

 Scenario 1Scenario 2
Fare Increase 43% 35%
LinkPass $80 $78
Bus Services Eliminated 23 weekday routes 101 weekday routes
Services eliminated late night & weekend commuter rail; weekend "E" line; Mattapan line; Ferry
Parking rates increase 28% 20%
Ridership impacts 34-49 million annual trips = 9 - 13% 53-64 million annual trips = 14 - 17%

The current Linkpass fare is about $59. The information brochure (Adobe PDF) about the proposed fare and service changes is available at the MBTA website. The MBTA estimates a $161 million budget deficit in fiscal year 2013. It has a $5.2 billion debt load, which equates $450 million in debt payments each year. Those debt payments equal fare revenues.

In some instances, fares would increase more than 100%. The MBTA compared its fares to transit systems in other American cities (Adobe PDF). The MBTA also prepared an impact analysis document, which concluded that the service cuts will result in poorer air quality.

To collect feedback from the public about which scenario is best, the MBTA is conducting a series of meetings around Boston and in the suburb communities it serves. I attended a Thursday, February 2 session at the Dorchester House Multi-Service Center in Boston's Dorchester community. About 250 residents attended. It was good to see a strong turnout at a midday 1:00 pm session. No apathy here!

Residents speak February 2 at the MBTA community meeting at the Dorchester House about proposed changes
Caption: residents speak at the February 2 MBTA meeting at the Dorchester House

An MBTA official briefly presented its public presentation about the proposed changes (Adobe PDF). Most of the two-hour meeting was reserved for residents to speak. A variety of residents spoke: working adults, teenagers, college students, elders, they physically challenged, and retirees. During the session, I saw about 50 residents speak.

A common theme voiced by residents was that the fare increases under both scenarios were steep; many couldn't afford them. Many residents don't have a car, or alternate travel means, and rely on MBTA travel services. Students and retirees have limited incomes, if any, and both the fare increases and service cuts (e.g., buses) would greatly affect them.

MBTA officials handed out a printed statement from Boston Mayor Thomas Menino, which read in part:

"The MBTA provides absolutely critical services to Boston residents, commuters, and visitors. As a transportation hub and economic engine of the region, Boston is uniquely affected by the state of our public transit system... Many administrations have simply passed the buck onto the next administration -- and now the MBTA must find a way to operate with an enormous structural deficit. However, riders should not be forced to shoulder the entire weight of the debt..."

I did not see any reporters from the news media. Several activist groups attended the meeting, spoke, and handed out flyers. The groups included the Coalition to Fund Our Communities, Transportation For Massachusetts, Socialist Equality Party, and Global Exchange. So, there are plenty of ways for residents to get involved and have your voices heard. Contact your elected Massachusetts state representatives today!

The MBTA has scheduled upcoming community meetings for:

  • Monday, February 6: Lowell
  • Tuesday, February 7: Lynn
  • Wednesday, February 8:, Boston (West End) and Hingham
  • Monday, February 13: Boston
  • Tuesday, February 14: Framingham
  • Wednesday, February 15: Quincy
  • Thursday, February 16: Malden
  • Tuesday, February 28: Somerville
  • Wednesday, February 29: Cambridge
  • Thursday, March 1: Waltham
  • Tuesday, March 6: Brockton

Visit the MBTA website for exact meeting locations.

Javelin Research Reports Results About Bank Transfer Day

Finally, some firm statistics are being released about the results of Bank Transfer Day, when consumers moved their money from big banks to credit unions and local community banks. Based on extensive research, Javelin Strategy & Research estimated that 5.6 million U.S. adults moved their money during a 90 day period. Some details:

  • 11% (610,000 of the 5.6 million) mentioned Bank Transfer Day as the reason they moved their money
  • 26% said that high banking fees were the reason they moved their money

Javelin concluded that both Bank Transfer Day and the Occupy Movement had a measurable impact when compared to research results from prior years. So, a true grassroots movement can have an impact.

Previously, CUNA revised downward its estimates of Bank Transfer Day results due to a flawed methodology. CUNA did not change its estimate of more than 40,000 new credit union accounts opened by consumers on November 5, Bank Transfer Day.

Javelin designed the online research questionnaire and surveyed 5,878 consumers during December 2011. The survey process included:

"... targeted respondents based on representative proportions of gender, age, income, and ethnicity, and data was weighted to U.S. census proportions. The survey is based on a set of questions that were first fielded in 2003, and are now deployed on a twice-annual basis."

Javelin has research identity theft and fraud, with reports covering 2008 and 2010, plus trends in corporate data breaches. I have found Javelin's work reliable, but still await more results about Bank Transfer Day. It would be great to know the average bank account balance transferred, since the big banks seem to have focused on getting consumers to consolidate their accounts (e.g., checking, savings, and investments). The big banks are probably willing to lose consumers with smaller balances.

In a recent conversation with banking industry analysts, the Bank of America CEO reported a 20 percent increase in account closures during the fourth quarter of 2011.