Previous month:
September 2015
Next month:
November 2015

17 posts from October 2015

Editor's Picks: Cruise Vacations

Considering a cruise ship vacation? Unsure which cruise line is best? Received an offer in the mail> You may find the resources below helpful:

  1. Considering A Cruise Ship Vacation? What Consumers Need To Know
  2. 8 Tips About Cruise Ship Vacations And Cruise Ship Maintenance
  3. Free Cruise Vacation Offer: Legit or Scam?
  4. Cruise Review: Sept. 13 - 27 Viking River Cruise From Amsterdam to Budapest
  5. Massachusetts Attorney General Announced Settlement WIth Travel Company For Pressure Sales And Over-Priced Vacations
  6. Traveling Abroad? New T.S.A. Rules For Inbound Flights To The U.S.A.
  7. 10 Ways To Avoid Identity Theft During Vacation Travel
  8. 7 Tips To Avoid A Rejected Credit Card During Vacation Travel
  9. Traveling Outside The Country? Before You Leave, Notify Your Credit Card Issuer So Your Purchases Aren't Denied
  10. Disney Cruise Ship Child Care Staff Lose Young Child. Frantic Search Ensues

Update: FTC Complaint Against Weight-Loss Marketer For Allegedly Using "Gag Clauses"

Roca Labs Inc. logo After the U.S. Federal Trade Commission (FTC) filed a complaint against it for allegedly using gag clauses to silence negative online reviews by customers, Roca Labs, the weight-loss marketer, has responded. MediaPost's Daily Online Examiner reported:

"The company, which sells weight-loss products, argues in court papers filed earlier this month that the FTC lacks the power "to dictate the terms of private contracts between private parties." The company adds: "The FTC’s intention to ban all manner of anti disparagement clauses is overkill and appears to be a knee-jerk reaction to a particular practice of Roca Labs. ...The regulation of public comment through on-line reviews is a complicated and multi-faceted problem that must balance the rights of consumers and businesses in the ever-changing landscape of internet commerce." Roca filed its papers in response to the FTC's request for an injunction..."

Last Thursday, U.S. District Court Judge Mary Scriven in Florida issued an order granting the FTC's preliminary injunction to stop Roca labs from silencing customers' online reviews. Yelp and other review sites sided with the FTC in a friend-of-court brief.Some reviewers posted information about the FTC complaint on the Roca Labs page within the Yelp site.

For review sites to be trustworthy, they must include positive, negative, and neutral reviews of products and services. What are your opinions of gag clauses?


The Ethical Dilemmas Of Self-Driving Cars

There have been plenty of articles in the news media about self-driving cars. What hasn't been discussed so much are the ethical dilemmas. What are the ethical dilemmas? The M.I.T. Technology review explored the topic:

"Here is the nature of the dilemma. Imagine that in the not-too-distant future, you own a self-driving car. One day, while you are driving along, an unfortunate set of events causes the car to head toward a crowd of 10 people crossing the road. It cannot stop in time but it can avoid killing 10 people by steering into a wall. However, this collision would kill you, the owner and occupant. What should it do?”

If one programs self-driving cars to always minimize the loss of life, then in this scenario the owner is sacrificed. Will consumers buy self-driving cars knowing this? Would you?

Researchers posed this and similar ethical dilemmas to workers at Amazon Mechanical Turk, a crowd-sourcing marketplace for developing human intelligence in computers. The researchers found that while people wanted self-driving cars programmed to minimize the loss of life:

"This utilitarian approach is certainly laudable but the participants were willing to go only so far. [Participants] were not as confident that autonomous vehicles would be programmed that way in reality – and for good reason. They actually wished others to cruise in utilitarian autonomous vehicle more than they wanted to buy a utilitarian autonomous vehicle themselves”

So, few people want to sacrifice themselves. They want others to do it, but not themselves.

There are plenty of ethical dilemmas with self-driving cars:

"Is it acceptable for an autonomous vehicle to avoid a motorcycle by swerving into a wall, considering that the probability of survival is greater for the passenger of the card than for the rider of the motorcycle? Should different decisions be made when children are on board, since they both have a longer time ahead of them than adults, and had less agency in being in the car in the first place? If a manufacturer offers different versions of its moral algorithm, and a buyer knowingly chooses one of them, is the buyer to blame for the harmful consequences of the algorithm’s decisions?”

You can probably think of more dilemmas. I know I can. Should self-driving car manufacturers offer different algorithms so each driver can use the algorithm they want? Or should all cars have the same algorithm? If the approach is differing algorithms, how will this affect insurance rates? If you drive from one country to another, must drivers adjust their car's algorithm for each country?

Last, I prefer the term, "self-driving" to describe the new technology. While some technology sites and news organizations have used the term "driverless," the term "self-driving" is a more accurate description, and it places the responsibility where it should be. Something is driving the car, and not a person.

And, there may be hybrid applications in the future, where a driver operates the vehicle remotely, as drone operators do today. So, there will always be drivers: somebody or something.

Read the MIT Technology Review article titled, "Why Self-Driving Cars Must Be Programmed To Kill." Share below your opinions about how self-driving cars should be programmed.


How The Teenager Hacked The CIA Director's Email Account

Central Intelligence Agency logo You've probably heard about it, or read some of the initial news reports. The New York Post broke the story about a teenager hacking into the e-mail account of John Brennan, Director of the Central Intelligence Agency (CIA). The methods the hacker used are a good example of pretexting: when a criminal pretends to be somebody they aren't in order to acquire sensitive information about the target(s).

Wired provided a detailed report about the incident, which I've distilled into seven steps:

  1. The hacker did a reverse number lookup of Brennan's mobile phone number. Several websites provide this feature. From that, the hacker learned that Verizon was Brennan's provider of phone services.
  2. Pretending to be a Verizon technician, the teenage hacker and his accomplices, called Verizon asking for details about Brennan's account. The Verizon phone rep asked for their Vcode, a unique number assigned to each Verizon technician. The hacker provided a fake Vcode which somehow passed Verizon's security. From that, the hacker learned Brennan’s account number, four-digit PIN, the backup mobile number on Brennan's account, Brennan’s AOL email address, and the last four digits on Brennan's bank card.
  3. The hacker accessed Brennan's AOL e-mail account on October 12, and read several e-mail messages including messages forwarded from his work e-mail account. From that, the hacker learned Brennan's secure White House e-mail address, his security clearance application, topics discussed by Brennan and other intelligence officials, and work-related documents attached to several e-mail messages. One attachment included a spreadsheet with names and Social Security numbers of several persons, including intelligence officials.
  4. The hackers posted photos of several documents online via a Twitter account they had set up. The hackers accessed Brennan's account for at least three days.
  5. On October 16, the hacker posted via Twitter that Brennan had deleted his AOL e-mail account supposedly because the hackers had accessed it.
  6. Brennan reset the password on his AOL account, which the hackers accessed again. This suggests that they called AOL customer service pretending to be Brennan and reset the password on his account so they could access it. Reportedly, the dueling password resets happened three times.
  7. The hackers called Brennan's mobile phone number and told him his account had been hacked. After asking them what they wanted, the hackers reportedly answered, "We just want Palestine to be free and for you to stop killing innocent people."

What should consumers make of this incident? First, the incident provides a window into the hassles and inconveniences when your e-mail account is hacked and taken over by a criminal. The hackers could have sent out spam messages from Brennan's account to his friends, family, and coworkers. Second, the incident highlights the necessity of not using the same password on multiple accounts. When consumers do this, it makes it easy for criminals to access several of your online and financial accounts. Hackers will try the same stolen password at other online accounts to see where else they access.

Third, the incident is a reminder for consumers never to disclose sensitive personal and financial information over the phone. Why? Simply, the caller's identity is unknown and unverified. We consumers frequently receive calls from identity thieves from fake computer support vendors or bogus cardholder services.

Verizon logo Fourth, Verizon should improve its security processes. A fake Vcode should not allow access to customers' sensitive information. There should be consequences for Verizon for this breach. Fifth, the hackers' techniques provide a tiny view of the activities spies and counter-intelligence agencies perform, and why these entities want to hack into government agencies' websites, such as the Office of Personnel Management breach earlier this year.

Sixth, adding your mobile phone number to your social networking and e-mail accounts is not a data security cure-all. Smart hackers will target your mobile phone number so that they receive any notifications  you've set up about changes to your account.

Seventh and perhaps most troubling, the Brennan and Clinton e-mail incidents suggest that many government officials highly value convenience (just as consumers do), by forwarding work-related e-mails and documents from secure work systems to less secure commercial systems. You could argue that this desire for convenience is a security weakness. Fifth, you can bet that spies will try to take advantage of this weakness by replicating pretexting attacks on other high-value executive targets, in both the public and private sectors. If a teenager can do it, then so can an experienced spy.

What are your opinions of the hacking incident? Of Verizon's role?


Recording Ourselves To Death

Deaths from sharks versus selfies

This is not a joke. Related reading:


Why Boston Lacks Both Fiber And Broadband Internet Competition

In response to residents' complaints about high cable prices, the Boston City Council held a hearing on Wednesday, October 14, seeking more service options for its residents and businesses. Councilor Matt O'Malley sponsored the matter (Docket Number 1430) on September 2, 2015, a resolution requiring regulators to encourage service providers to offer fiber television and Internet services. All 12 council members co-signed the resolution. Council Chairman Tim McCarthy led the hearing, and representatives from Verizon, a provider of high-speed fiber and mobile services, testified during the session.

Verizon logo The hearing highlights the current state of Boston's broadband infrastructure, the lack of competition, the major reasons why, and the uncertainty of the corporate marketplace. Boston residents want improved Internet services, and currently have only a single option for high-speed Internet services: cable providers (e.g., Comcast or RCN) offering television, Internet, and phone services.

Earlier this year, the Federal Communication Commission (FCC) increased its benchmark of minimum broadband speeds to 25 megabits download and 3 megabits upload. So, Digital Subscriber Line (DSL) Internet services, which many Boston residents use and which typically offer 3 megabits per second download speeds, no longer meet the FCC broadband speed benchmark.

Councilor O'Malley explained:

"... one of the most prevalent questions was, 'my cable bill is too high. How can we have more access?' We hear it all the time, no matter which neighborhoods we visit... this is an issue we deal with each and every day. This is something we deal with several times each day. It's an issue we can 't answer why we don't have more options, specifically Verizon FiOS in the City of Boston..."

O'Malley stated that he and his council members understand that the issue isn't about only choice, but also about economic growth and supporting residents' lives with quality, state-of-the-art services:

... fiber optic services, commonly known as Verizon FiOS, is the most reliable and best way to transmit data to businesses and residents. It would allow Boston to remain competitive in the business, education, and science, and technology sectors. Broadband Internet access is no longer a luxury. It is a necessity... residents and businesses in Boston neighborhoods do not have access to some of the same services that residents in more affluent neighborhoods do, and this practice deepens the digital divide. Competition from fiber optic technology could drive down the cost for consumers..."

Jascha Franklin-Hodge, the Chief Information Officer for Boston's Department of Innovation and Technology, testified:

"... the issue is incredibly important... Mayor Walsh and I believe that broadband is essential for Boston's long-term health and prosperity... connectivity at home is essential to avoiding the 'homework gap'... Broadband connects residents to job opportunities, training, and education programs... broadband is essential to life in the 20th century, just as electricity and the telephone were in the 20th... the state of Boston's broadband infrastructure is poor. The cost of broadband is too high for many to afford, and in many neighborhoods, the services and Internet speeds residents and businesses need simply aren't available... In most cases, our largest cable provider faces no competition in broadband service, giving them a de facto monopoly... Verizon offers Internet and telephone services in a small section of north Dorchester. This is a remnant of an early FiOS build-out that never expanded beyond this one neighborhood. Verizon has begun to provide FiOS to a handful of newer buildings in the Seaport district. The have not expressed any commitment to expand to the rest of the city..."

The City isn't waiting. Franklin-Hodge explained the city's lobbying and partnership efforts to bring broadband to more residents and businesses. Yet, these activities are not enough since the city still needs competitive broadband.

"We would welcome Verizon FiOS services in the city. Because of Verizon's status as utility, they have legal and financial advantages to build in Boston. Verizon has a substantial base of existing infrastructure and qualified personnel that would support a build-out... The Mayor's administration has an open invitation to Verizon and any other broadband provider to build here. We pledge to streamline the process and remove the red tape..."

Franklin-Hodge emphasized the city's priority for an equitable broadband build-out, and not for a provider to "cherry pick" by providing broadband only to affluent neighborhoods or businesses -- which would intensify the digital divide.

"The City of Boston cannot force Verizon to provide FiOS service here, nor can we force Comcast to lower prices, or get Google to build a new network here..."

Peter Bowman, Verizon's Vice President of Government Affairs, emphasized the company's strategy to focus on wireless and not wired lines:

"... During the past five years, Verizon has invested over $155 million in our networks here in the City of Boston. We've run more than 7,000 miles of fiber in Boston... we serve over 2,400 buildings today with fiber... Boston was one of the first East Coast test beds when we rolled out Verizon 4G LTE... in Massachusetts since 2000, our landline business has shrunk from 4 million access lines to less than 2 million... responding to huge changes in consumer behavior and demand in the past decade, Verizon has invested over $4 billion in its wireless network in New England... while we appreciate your interest in establishing more video and broadband competition within the city, Verizon does not have current plans to extend the FiOS network beyond those municipalities where we already have a television franchise. We continue to be focused to build out where we already have contractual obligations..."

Council members voiced their residents' frustrations at seeing repeated Verizon FiOS advertisements on television while being unable to get the service. The panel discussed leasing city-owned fiber conduits, and other cities (e.g., Baltimore) were Verizon didn't build out FiOS citywide. There was discussion about why Verizon is building out FiOS in some cities: Philadelphia, New York, and Washington, DC. Bowen mentioned only that those build-outs were part of Verizon's initial plan.

The panelists mentioned the estimated cost to build out fiber services citywide in Boston at more than $500 million. Bowman did not mention nor describe the cost-benefit analysis by Verizon. Surely, the company performed one since this is how well-run businesses operate. Nor did the Verizon representatives share a list of specific streets with Verizon FiOS already installed. If the cost-benefit analysis was truly tilted against a build-out, then one would assume that Bowman would have mentioned it in detail. Perhaps, other issues are at work.

After Bowman asserted that Verizon never planned to build out FiOS citywide, Councilor Michael Flaherty shared a different account of history:

"... Peter Bowman said that -- I think your statement was that Verizon was not pushing for FiOS several years ago. I wanted to dispute that... I led an effort in the council to block the telecom tax that the previous administration was pushing to thwart your compny's efforts, and the efforts of hard working men and women in I.B. Local 2222. So, you made a statement that you were not pursuing FiOS. I want to dispute that. I said you guys were in fact pushing for FiOS here. You talked about the aging infrastructure. Not you specifically, but your company was pushing for FiOS; pushing and complaining about the aging infrastructure. We here in the Council were working with Verizon as well as the hard working men and women to make FiOS a reality. the previous administration couldn't get out of their own way to block that. they did it for a number of reasons -- political retribution to 2222 and they couldn't get their answers around it. The primary problem was the telecom tax, which this body blocked. As we know, the telecom tax would have been tens of millions that would have been passed along to consumers. We stood with the residents and tax payers to block it. When it didn't happen, the previous administration increased their efforts to thwart any opportunity to put in FiOS... Those are the facts. I had a front row seat to the discussions..."

So, who to blame? The city or Verizon? To me, there is enough blame for both. There's a new city administration in place. Bury the hatchets. It's long overdue, and time to move forward.

So far, the telecommunications giant made a business decision to provide only wireless (and not fiber wireline) high-speed Internet services citywide in Boston, despite a clear, unified interest by local government, consumers, and businesses. Consider yourself one of the lucky few, if your business or residence already has Verizon FiOS. The situation highlights the fact that, in order to maximize profits for shareholders, corporate providers will always cherry-pick and provide services to a limited, affluent few, and not to everyone.

I am happy that I attended this hearing. There didn't seem to be any local news media coverage. The poor acoustics of the council's meeting room made it difficult at times to hear the speakers, so it is great that the video is available online afterwards. And, I would have missed Flaherty's explanation if I hadn't attended.

Maybe another provider will step in. Maybe not. During the question-and answer portion of the hearing, Franklin-Hodge mentioned one available option: municipal broadband. This worldwide study found that municipal broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Thankfully, Massachusetts is not one of the 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. That municipal broadband network could be formed as a traditional corporation, private-public partnership, or a B-corporation. It's time to get going and upgrade the city's broadband infrastructure.

Does this situation bother you? I hope that it does. If so, contact your elected officials today and tell them you want fiber broadband now; municipal broadband, too

If the FCC isn't going to act, then maybe the Justice Department will investigate and stop what appears to be gentleman's agreements by the large, corporate telecommunications providers not to compete, to keep broadband prices high.

Boston strong? No so much with broadband Internet access. What are your opinions?


October 15 Is Credit Union Day

Thursday October 15th is Credit Union Day. It has been celebrated since 1948 on the third Thursday of October. The World Council of Credit Unions explains:

"The day is recognized to reflect upon the credit union movement's history and to promote its achievements. It is a day to honor those who have dedicated their lives to the movement, recognize the hard work of those working in the credit union industry and show members our appreciation.

The ultimate goal is to raise awareness about the great work that credit unions are doing around the world and give members the opportunity to get more involved. Credit unions and associations throughout the world celebrate the day with fundraisers, open houses, contests, picnics and parades."

If you are a member of a credit union, then you are probably familiar with the many benefits beyond both fewer and lower banking fees, compared to the big banks. After a big bank raised its banking prices, I moved my money to a credit union.

To learn more, read this primer. To find and visit a nearby credit union, use this online search tool.


American Adults Who Don't Use The Internet. Who They Are And Why

A few weeks ago, the Pew Research Center released the results of survey about adults in the United States that don't use the Internet. You're probably thinking: everyone uses the Internet. Right? Afterall, 64 percent of Americans have smartphones and 19 percent of them use their phones to go online.

Actually, a substantial chunk of the population doesn't go online. The Pew Research Center survey described American adults who don't use the Internet.

Overall, in 2015 about 15 percent of American adults don't use the Internet. Across the years, things have gotten better. The comparable figure in 2000 was 48 percent, and 24 percent in 2010. However, in 2015 equal portions of men (15 percent) and women (15 percent) don't use the Internet. The numbers vary more by race, age, income, and residence:

U.S. Adults% Don't Use The Internet
White
Black
Hispanic
Asian
14
20
18
5
Less than $30K
$30K - $49.9K
$50K - $74.9K
$75K or more
25
14
5
3
18 - 29
30 - 49
50 - 64
65 or older
3
6
19
39
Less than high school
High school
Some college
College graduates
33
23
9
4
Urban
Suburban
Rural
13
13
24

The 2015 findings are based upon three surveys of 5,005 adults in the United States. In 2013, Pew Research Center surveyed American adults who don't use the Internet:

Reason For Not Using The Internet% Adults
Not interested 21
Don't have a computer 13
Too difficult or frustrating 10
Don't know how / don't have the skills 8
Too old to learn 8
Don't have access 7
Too expensive 6
Don't need it / don't want it 6
Consider it a waste of time 4
Physically unable (e.g., poor eyesight, disabled) 4
Too busy / don't have the time 3
Worried about privacy / spam / spyware / hackers 3

Of these adults that don't use the Internet:

  • 44 percent have asked a friend or family member to look up something online for them,
  • 23 percent live in households were somebody else in that household uses the Internet, and
  • 14 percent used the Internet previously and stopped.

What to make of this? I look at the people who said Internet access is too expensive or they don't have access. While overall our country appears strong, there are areas of the country were citizens lack one or several services we all take for granted. There are Internet deserts, broadband deserts, banking deserts, public library deserts, and food deserts.


CFPB Considers Proposal to Ban Some Arbitration Clauses

Logo for Consumer Financial Protection Bureau On Wednesday, the Consumer Financial Protection Bureau (CFPN) announced a proposal to ban arbitration clauses which many companies use to prevent consumers from joining class-action lawsuits. In its announcement, the CFPB explained the problem:

"Many contracts for consumer financial products and services include arbitration clauses. These clauses typically state that either the company or the consumer can require disputes about that product to be resolved by privately appointed individuals (arbitrators), rather than through the court system. Where such a clause exists, either side can generally block lawsuits from proceeding in court. These clauses also typically bar consumers from bringing group claims through the arbitration process. There are arbitration clauses in all kinds of consumer financial products, from bank accounts to private student loans. They affect tens of millions of consumers. As a result, no matter how many consumers are injured by the same conduct, consumers must resolve their claims individually against the company, which few consumers do."

The Dodd-Frank Wall Street Reform and Consumer Protection Act, passed by Congress, required the CFPB to study the use of arbitration clauses in consumer financial markets and provide remedies. The CFPB released the results of its study in March 2015:

"... arbitration clauses restrict consumers’ relief for disputes with financial service providers by allowing companies to block group lawsuits... very few consumers individually seek relief through arbitration or the federal courts, while millions of consumers are eligible for relief each year through group settlements. According to the study, more than 75 percent of consumers surveyed in the credit card market did not know whether they were subject to an arbitration clause in their contract. Fewer than 7 percent of those consumers covered by arbitration clauses realized that the clauses restricted their ability to sue in court."

The proposal would not ban arbitration clauses, but limit and monitor their use instead:

"... the clauses would have to say explicitly that they do not apply to cases filed as class actions unless and until the class certification is denied by the court or the class claims are dismissed in court. The proposals under consideration would also require that companies that choose to use arbitration clauses for individual disputes submit to the CFPB the arbitration claims filed and awards issued. This will allow the Bureau to monitor consumer finance arbitrations to ensure that the process is fair for consumers. The Bureau is also considering publishing the claims and awards on its website so the public can monitor them."

This is really good because the playing field is heavily tilted against consumers. A friend (who asked to remain anonymous) experienced a very lengthy arbitration process with a big bank that stretched out for more than 12 years. The process should have been resolved a lot faster, and the bank still refused to pay after the arbiter's decision. That's one way companies abuse consumers, knowing that most consumers have limited financial resources and legal options.

Readers of this blog are familiar with the problem. I discussed it during a 2014 review of the Vanilla Visa Prepaid Card, which includes arbitration in its terms. Bankrate published in 2004:

"Binding arbitration, a little noticed clause in many agreements and contracts, strips consumers of their fundamental rights, including the right to sue individually or join a class-action suit if they have a problem with a company. Under binding arbitration, a consumer can be forced to pay thousands of dollars upfront to pursue a complaint, travel thousands of miles to a location of the company's choosing for the hearing, argue their case before an arbitrator who depends on the company for future business and surrender such basic legal weapons as the right to discovery and the right to appeal a decision... Labeled by the National Consumer Law Center as "astonishingly unfair and undemocratic," these clauses affect millions of consumers across the country. Corporations insert them into employment and home building contracts, in agreements for credit cards, computer software and hardware purchases, and many types of loans."

And, arbitration can cost more than a traditional court trial:

"Consumers' costs for arbitration vary widely and depend on the arbitration company, the type of dispute and the cost of the proposed remedy. The American Arbitration Association offers a streamlined process for consumer disputes that limits costs, but limits your rights too. While the American Arbitration Association is an umbrella group for arbitration companies, not all arbitration companies follow its suggested rules. Under these consumer rules, there is a filing fee of $125 if your dispute is under $10,000 and $350 if it is over that amount... However, in exchange for the low filing fees and streamlined process, you must give up some of your rights... There is no contingency in arbitration. Also, these costs don't include costs for an attorney if you want one..."

According to the National Association of Consumer Advocates (NACA):

"One of the alleged benefits of arbitration is that it costs less than litigation, but frequently this is not true for consumers and employees. Forced arbitration frequently costs more than taking a case to court and can cost thousands of dollars. Individuals often have to pay a large fee simply to initiate the arbitration process. If they are able to get an in-person hearing, individuals sometimes have to travel thousands of miles on their own dime to attend the arbitration. In the end, the loser (usually the individual) often pays the company’s legal fees."

The benefits of the CFPB arbitration proposal:

  1. Consumers get their day in court. With current arbitration clauses, consumers don't.
  2. A deterrent against wrongdoing and bad actors. The CFPB proposal encourages companies to comply with the law to avoid lawsuits.
  3. Increased transparency. Arbitration processes and results shouldn't be secret. CFPB monitoring would help consumers determine whether or not they're getting a good deal in arbitration.

So, the CFPB proposal to ban arbitration clauses is very good and welcomed news for consumers. You probably already use a service that includes arbitration clauses. The Public Citizen website lists the banks, retail stores, entertainment, online shopping, telecommunications, consumer electronics, software, nursing homes, and health care companies that include binding arbitration clauses in their contracts with customers.

If this bothers you (and I hope that it does), you can take action at the NACA website. And, tell your elected officials you support the CFPB's arbitration proposal. What are your opinions of the CFPB arbitration proposal?


Update: Target Breach Settlements And Pending Court Action

Target Bullseye logo Tying some loose ends: Target settled with Visa in August to resolve claims from the retailer's massive 2013 data breach in which 110 million consumers' records were stolen, including 40 million credit- and debit-card numbers. The value of that settlement was up to $67 million, depending upon how many card issuers worldwide accept that deal. A $19 million settlement with MasterCard fell through.

In March, the retailer agreed to pay $10 million to settle lawsuits by consumers. While the July 31, 2015 deadline has passed for affected shoppers to submit claims, the Target Settlement website listed the next important date is a November 10, 2015 hearing for the Court to approve the settlement. Payments to consumers will happen after the Court approves the settlement.


FTC Sues Weight-Loss Marketer For Alleged Use Of "Gag Clauses," Threats, And Lawsuits To Prevent Negative Reviews By Customers

Roca Labs Inc. logo The U.S. Federal Trade Commission (FTC) filed a complaint in Federal court against a weight-loss marketer alleging:

"...  that Roca Labs, Inc.; Roca Labs Nutraceutical USA, Inc.; and their principals have sued and threatened to sue consumers who shared their negative experiences online or complained to the Better Business Bureau, stating that the consumers violated the non-disparagement provisions of the “Terms and Conditions” they supposedly agreed to when they bought the products. The FTC alleges that these gag clause provisions, and the defendants’ related warnings, threats, and lawsuits, harm consumers by unfairly barring purchasers from sharing truthful, negative comments about the defendants and their products."

Roca labs Inc. is based in Sarasota, Florida. The complaint named both Don Juravin, President of Roca Labs Nutraceutical USA (RLNU) and owner of Roca Labs Inc. (RLI), and George C. Whiting, President, Secretary, treasurer, and Director at RLI, as a co-defendants. The websites operated by the defendants include RocaLabs.com, Mini-Gastric-Bypass.me, and GastricBypassNoSurgery.com.

I was curious what an alleged "gag clause" contains. The complaint listed one:

"You agree that regardless of your personal experience with RL, you will not disparage RL and/or any of its employees, products or services. This means that you will not speak, publish, cause to be published, print, review, blog, or otherwise write negatively about RL, or its products or employees in any way. This encompasses all forms of media, including and especially the internet. This paragraph is to protect RL and its current and future customers from the harm of libelous or slanderous content in any form, and thus, your acceptance of the [Terms] prohibits you from taking any action that negatively impacts RL, its reputation, products, services, management, or employees. We make it clear that RL and its Regimen may not be for everyone, and in that regard, the foregoing clause is meant to prevent “one person from ruining it for everyone.” Should any customer violate this provision, as determined by RL in its sole discretion, you will be provided with seventy-two (72) hours to retract the content in question. If the content remains, RL would be obliged to seek all legal remedies to protect its name, products, current customers, and future customers.

If you breach this Agreement, as determined by RL in its sole discretion, all discounts will be waived and you agree to pay the full price for your product. In addition, we retain all legal rights and remedies against the breaching customer for breach of contract and any other appropriate causes of action."

Wow! This is a stark reminder for consumers to read the terms and conditions policy at websites before purchasing online. And, it's always good to be aware of companies that allegedly uses monetary threats, lawsuits, and "gag clauses" to squash consumers from using their First Amendment rights. Some physicians have tried to squash patients' rights with a "mutual agreement to maintain privacy" document.

Download the complaint (Adobe PDF): FTC v. Roca Labs Inc. et. al.


Experian Data Breach Affects 15 Million T-Mobile Customers, And Highlights Privacy Concerns

Experian logo Experian, one of the three major credit-reporting agencies in the United States, announced last week a data breach at affected at least 15 million T-Mobile customers. Unauthorized persons accessed an Experian server which contained personal information about consumer who had applied for T-Mobile USA services between September 1 and September 16, 2015.

Experian discovered the breach on September 15, 2015. The information accessed and stolen included names, addresses, Social Security Numbers, birth dates, identification numbers (e.g., driver's license, military ID, passport number, etc.), and additional data related to T-Mobile's credit-check process. The credit reporting agency also said:

"Experian’s consumer credit database was not accessed in this incident, and no payment card or banking information was obtained."

Thank heavens for little favors. Thankfully, at least one Experian employee had the good sense to segregate its database of T-Mobile customers from its database of everyone else. Otherwise, the hackers would have accessed and stolen sensitive personal information for 250 million persons. And, the "no payment card or banking information was obtained," is like saying bank thieves stole everything but not the one-, five-, and ten-dollar bills. This is bad folks, and Experian should not issue statements in a failed attempt to perfume-a-pig. The pig still stinks.

Experian has notified and is working with both federal and international law enforcement agencies. The post-breach investigation is ongoing. The company is notifying affected persons and will offer two years of free credit monitoring and identity resolution services. Some security experts are skeptical, and questioned whether Experian deployed the data-breach-detection services of 41st Parameter, a wholly owned subsidiary.

John Legere, the t-Mobile Chief Executive, said in a statement:

"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian..."

Understandable and justified anger. No doubt, lawsuits will result.

This is not good. The data elements stolen are sufficient for criminals to apply for fraudulent loans, create fraudulent identification cards, and effectively approach the family, friends, coworkers, and classmates by impersonating breach victims.

This is not the first data breach at Experian. In February 2014, hackers used a client's login credentials to access an undisclosed number of consumers' records. The data stolen included consumer credit reports, names, addresses, Social Security Numbers, birth dates, and additional information commonly found in credit reports. In May 2012, Experian announced a breach where hackers accessed an undisclosed number of consumers' records between October 19, 2011 and February 13, 2012. A breach in 2009 affected Maryland residents, and a lawsuit was filed in July 2015 against Experian for allegedly selling consumer information to a criminal posing as a data broker. That criminal allegedly resold data to other identity thieves.

Some critics demand stronger consequences. Fight for the Future's Jeff Lyon said:

"Experian CEO Brian Cassin has put the profits of his company above the well-being of his customers and our nation's cybersecurity. Why should Experian bother fixing their security when they can just lobby their way out of the messes they make?"... This type of thinking is putting millions of people at risk. Cassin should resign..."

I agree. Cassin should resign. Lyon's comments allude to the Cybersecurity Information Sharing Act (CISA) of 2013, which is making its way through Congress. Privacy advocates argue that the bill fails to provide adequate data security protections and instead promotes data sharing of consumers' information with the federal government to facilitate surveillance. Some argue that the bill will actually hurt privacy.

I agree. It's poor legislation. Now, back to Experian. The credit reporting agency's track record of breaches is troubling. Paying post-breach related costs (e.g., free credit monitoring), again, is not enough of an incentive to change executives' behavior. Companies won't change until there are direct consequences for executives. Experian executives know better. It is in the business of collecting, archiving, and protecting consumers' sensitive personal and financial information.

What are your opinions?


Charts: Gun vs. Terrorism Deaths, Comparisons By State

In a news conference yesterday after the latest shooting at a school, President Obama challenged the news media to report facts comparing gun versus terrorism deaths in the USA. Vox published an interactive chart comparing deaths:

Chart comparing gun versus terrorism deaths in the USA. Click to view larger image

And, there's plenty more. Vox provided several charts and statistics about gun violence and gun ownership in the United States:

"America's unique problem with gun violence: American has six times as many firearm homicides as Canada, and 15 times as many as Germany... America has 4.4 percent of the world's population, but almost half of the civilian-owned guns around the world... There is a mass shooting almost every day in America... States with more guns have more gun deaths... States with tighter gun control laws have fewer gun-related deaths... In states with more guns, more police officers are also killed on duty..."

The chart comparing gun ownership and gun-related deaths by state:

Chart comparing gun ownership versus gun deaths by state. Click to view larger image

To learn more, browse the charts Vox has assembled.


Today is The Date Banks Set To Transition To New Chip Cards. Are We There Yet?

Today, October 1, 2015 is the date banks and card issuers set to transition to the new EMV chip cards. The transition was to reduce card fraud. EMV is the name of the technology jointly developed by Europay, MasterCard, and Visa. Was the transition completed? The American Banker reported:

"Most credit cards (about 70%) will have chips on them. But most of these cards will be chip-and-signature cards, not chip-and-PIN... Many small merchants won't be ready. Depending on which study you believe, somewhere between 20% and 30% of merchants have purchased and deployed the EMV-capable point-of-sale terminals and software they will need to handle EMV chip cards. Big-box stores like Target that have suffered data breaches have done this work. But most small stores and restaurants have not. New EMV equipment is expensive and sometimes difficult to implement, and many seem unaware of the dangers of not adapting."

So, the transition is incomplete. In Europe, the United Kingdom transitioned to chip-and-PIN in 2006, and saw store-related card fraud drop 70 percent. The PIN is a short number the cardholder enters at the terminal to authorize their purchase. Chip-and-signature refers to new chip cards when the cardholder signs at the terminal to authorize their purchase.

It' is troubling that many retailers in the USA haven't upgraded to the new terminals. The result: consumers will encounter a frustrating mix of stores with and without the new chip card terminals. Cardholders will have to insert their chip cards at stores with the new terminals, and swipe the swipe the magnetic stripe on the back of their chip cards at stores without the new terminals.

The new chip cards contain both a chip that encrypts and stores your sensitive payment information, plus the obsolete magnetic stripe on the back of the card, which fraudsters have used to clone cards. Some experts have criticized this approach, arguing that the less-secure magnetic stripes should have been eliminated. The counter argument:

"Duplicating the chip on a chip card is difficult if not impossible [for ciminals]. Most new cards are being issued with both a magnetic stripe and a chip and the new EMV terminals accept both the chip and the stripe. So theoretically [criminals] could duplicate just the magnetic stripe on the chip card, create a new magnetic stripe card and try to use that. However, if an EMV card is swiped on an EMV-compliant merchant terminal, the system will reject the transaction and force the consumer to insert the chip."

Time will tell which experts are correct. Some cite two statistics. First, 37 percent of total card fraud is from criminals using cloned cards in stores. Second, the bulk of card fraud is online:

"Online card fraud is expected to rise. So-called "card not present" fraud — where someone uses a card but does not physically present the card (this could be over the phone, over a fax machine, on a mobile device or a computer, but most people equate "card not present" with using a card on a website) — represents the bulk of card fraud in the U.S.: 45%, according to Aite Group. The analyst group expects online card fraud to more than double from $3.1 billion in 2015 to $6.4 billion in 2018."

To help consumers, the Consumer Financial Protection Bureau (CFPB) provides easy answers about the new chip cards. The CFPB is a great resource for consumers to learn about their rights and to get help. The CFPB enforces rules that financial institutions must follow when marketing financial products to consumers. For unresolved problems with credit/debit/prepaid cards, student loans, debt collection agencies, or other financial products, you can submit online a complaint to the CFPB for assistance.

Discover notified its credit card customers in July about the transition. Its notice provided helpful images of the new terminals, the new chip card, and how cardholders insert chip cards into the new terminals. As I wrote then, before traveling in Europe, Discover cardholders should set up a PIN number, since Europe requires chip-and-pin authorizations.

What are your opinions of the new chip cards? Of the partial transition? If you have experienced problems with a new chip card, please share below.