46 posts categorized "Insurance" Feed

Police Officer Charged with Insurance Fraud

[Editor's Note: I am happy to feature a post by guest author Arkady Bukh. He leads the law firm of Bukh & Associates, PLLC which specializes in criminal law, family law, and several areas of civil law. He is a frequent contributor on CNN, Wired, Forbes, Huffington Post, and several other sites. Today's post is about insurance fraud.]

By Arkady Bukh, Esq.

Occasionally, insurance claims are more fiction that reality.

Adjusters know that not every case is as it seems. Some are complex and others bizarre — if not downright creative. Sometimes it appears that the protected have no remorse when it comes to submitting claims that no sane and rational person would think about.

Insurance fraud claims probably require the greatest ingenuity. According to the Insurance Information Institute, fraud losses are over $30 billion a year. Add-on costs for health care fraud, $77 billion to $359 billion, and the damages add up quickly.

Insurance fraud falls into two types: hard and soft.

Hard fraud typically means someone deliberately creates a bogus claim application. Soft fraud is more of a crime of chance — padding a legitimate claim, changing a home location so that the insurance premiums are lower — that sort of thing.

Regardless if it’s hard or soft fraud, it’s all illegal and accounts for 5% to 20% of insurers’ claims costs.

The good news is that roughly 95% of insurers use antifraud technology that makes it easier to catch the crooks.

The best technology though doesn't stop some individuals from filing claims that shouldn’t have been filed.

Sometimes though the crooks’ stupidity trips them up. Here are two examples:

The Golfer

In a discussion on Quora.com, the online Q&A forum, one case of insurance fraud stands out.

An executive for a publicly traded corporation was big on golfing. As most serious amateurs, he was also big on the new clubs and all the gadgetry that golfers like to purchase.

The executive filed a multi-million dollar lawsuit for disability, claiming that he had fallen and hurt his back while on a business trip out of town.

Several private investigator firms, hired by our fraudster’s employer, were unable to gather information to disprove the disability claim.

Then, a creative Private Investigator came along and figured he could trap the alleged swindler using his love of golf against him.

Running a fake ad in the local newspaper, the PI announced that a new golf club manufacturer was opening up and would be giving away brand-new sets of clubs in exchange for a testimonial.

The VP saw the ad, made the call, and the PI came to the suspect’s house to measure him for his new clubs.

There was just one catch. The PI wanted to take some photographs of the VP using the clubs to go along with the testimonial.

The VP obliged, swung the clubs while the PI snapped away, and the rest of the story can be figured out quickly enough.

The Cop

Perpetrators of workers’ compensation fraud can be found in any job. Law enforcement officers aren’t immune.

Jaime Robinson, a veteran Pasadena police officer, found her undoing during the 2014 craze — ALS’s Ice Bucket Challenge.

Robinson was away from work on a disability claim when someone with a camera captured her on video showing her pouring a bucket of ice water on a fellow cop.

The five-gallon bucket, weighing in at 42 pounds, wasn’t too much for her to lift despite receiving over $116,000 for the past year in disability payments.

Charged with four counts of insurance fraud, Robinson faces a maximum of six years and four months in prison if she’s convicted.


Fraudulent Insurance Claims Affect Mobile Device Users

The Best Techie blog published a very interesting post about how easy it is for criminals to file fraudulent insurance claims for mobile devices. The problem isn't just the ease that the fraud is committed, but also that consumers probably aren't aware of fraud claims submitted against their accounts until they file a valid insurance claim:

"If you use one of the major carriers in the U.S. such as AT&T, Verizon, T-Mobile, and/or Sprint the insurance you buy comes from a company called Asurion Insurance Services, Inc... : it appears Asurion’s claim system is very easy to defraud... The only real deterrent in the claim system is that you need to sign an affidavit and provide a photo ID but if high school students can get fake IDs, I’d imagine for a fraudster obtaining a fake ID to scan is laughably easy..."

The I've Been Mugged blog has reported about Asurion. When evaluating mobile insurance offers, it is wise for consumers to do the math first. You'll want to decide if you want malware protection, and if the one- or two-year total of monthly insurance premiums exceeds the cost of your mobile device.

According to the Best Techie report, the fraudster used a combination of the victim's name and valid phone number with a different residential address. You'd think that Asurion would have easily spotted that and contacted their customer at their current address to confirm the claim and the new address.

Consumers pay good money for mobile device insurance, and deserve better protection against insurance fraud. What are your opinions?


Considering A Cruise Ship Vacation? What Consumers Need To Know

It's the middle of Winter, and you are probably tired of the cold, the snow, or both. At this time of year, many people consider warm weather vacations.Last week, a friend asked about cruise ship vacations:

"Do you have a travel agent you use for cruises? A group of us who are turning 60 this year are thinking of taking a cruise to celebrate. Maybe a repositioning cruise. Are there suites for 5 people? Any advice is most welcome."

Cruise ship vacations are popular. A cruise is a good way to sample several destination ports, and return to the ports you like for a longer, land-based visit. You can board a cruise ship near where you live, or sail from a popular travel destination.

According to the industry group Cruise Lines International Association (CLIA), about 20 million consumers went on cruise ship vacations globally during 2012.There are about 60 cruise lines with 400 total ships. The industry generated about 356,000 jobs paying $17.4 billion in wages to American workers.

It's not just more people cruising. Experienced cruise customers also book cruise itineraries with longer durations. The CLIA surveyed travel agents and 37 percent reported an increase in books of longer cruises (e.g., 14 to 100 days duration). If you have the time and money, several cruise lines offer itineraries of 30 days or longer.

I was happy to answer my friend's questions. Nobody wants to overpay or have their wallet "mugged" during a vacation. My wife and I have sailed on 22 cruise ship vacations to many parts of the world. For several years, i ran a cruise group of interracial couples and families. At a major creative advertising agency, I worked on web projects for a cruise line client. Interesting publications include the book, "Devils On The Deep Blue Sea," a history of the cruise industry, and industry magazines such as Porthole and Cruise Travel. So, I know the industry well and feel pretty qualified to give advice and answer my friend's questions.

1. Your interests. Decide what type of vacation you and your group like. Some people like as much beach time as possible. Others like golf. Others like Eco-tours. Others like active sports, such as hiking, bicycling, surfing, snorkeling, and scuba diving. Some like motorized excursions including off-road vehicles. Pick a cruise line and itinerary that fits your interests. Royal Caribbean focuses upon active sports.

2. Themed cruises. If you group has a specific interest, there is often an itinerary for that. So you can find singles cruises, NASCAR cruises, cruises for nudists, gay/lesbian cruises, and so forth. Carnival has the best night clubs and discos. It also has the best Las Vegas style shows. Celebrity Cruises is known for having the best food. Disney focuses upon families with children. All ships in Royal Caribbean's fleet feature rock-climbing walls. Some include specialize pools you can surf in. A good place to start looking for theme cruises is www.cruisecritic.com. Other places to look include Cruise Addicts and Cruise 411.

3. Cruise lines. Just like land-based hotels, there are entry/discount, mid-range, and luxury cruise lines. Entry/discount: Carnival, Royal Caribbean, Disney, Costa, and Norwegian. Mid-range: Holland America, Princess, Celebrity, and MSC. Luxury: Crystal, Cunard, Seabourn, Silversea, Windstar, Viking, and Avalon. The entry/discount cruise lines focus upon people under 40. The mid-range cruise lines focus on people 55+. The luxury cruise lines tend to have smaller ships with 150 or 200 passengers. The entry/discount cruise lines tend to have larger ships, with as many as four or five thousand passengers.

The primary language spoken varies by cruise line. For example, when we sailed on Costa and MSC in the Mediterranean, we noticed that the primary language spoken on board was Italian. We do not speak Italian and felt we had a poor experience on board these two cruise lines.

4. River or ocean cruises? My friend and her group seemed interested in ocean cruises. There are also river cruises. The two types are ENTIRELY different. Rive cruises are all about the shore excursions: you get off the ship every day, Usually, the shore excursions and tips are included in one cruise price. Viking River Cruises and Avalon Waterways focus on river cruises. Some destination ports are only acessible via river cruises.

5. Departure ports. When selecting an itinerary, some people start with the departure port because that is often a city you may want to explore its land-based attractions, restaurants, and sights. Then, you can get good and juiced before you board the cruise ship. When traveling in Winter, it is always wise to arrive at the departure city 2 days before the ship sails, in case your flight is delayed by bad weather. Departure ports we have sailed from: Amsterdam, Boston, Ft. Lauderdale, Honolulu, Los Angeles, Miami, New Orleans, San Juan (Puerto Rico), Seattle, and Venice (Italy).

6. How the industry works: pay their minimum deposit. Buy travel insurance at that time, too. The full amount is typically due 90 days before the ship sails. You will probably set up an account through the cruise line’s website to indicate in your profiles any preferences (e.g., non smoking, diets, physical limitations, etc.). After you have paid for your cruise, then you can select (and pay for) the optional shore excursions in each destination port.

Similar to airlines, all of the major cruise lines have rewards programs for frequent travels. Some consumers book travel with a single cruise line to generate as many rewards points as quickly as possible. Some pick itineraries based upon where they want to go, and then look for cruise lines sailing there.

Some consumers wait until the last minute and book whatever empty cabins are available. This is a good strategy for consumers (e.g., retirees) with flexible schedules who can travel on a moment's notice. It's a good way to get a cabin cheap, but you may not get the cabin location you want on a ship. This strategy works well if you live reasonably close to the departure port. If not, what you saved on a low-priced cruise may be eaten up by higher, last-minute, air fares.

7. Selecting your cabin: there is no single correct way. After selecting a ship or itinerary, some people select a cabin type: inside, outside, balcony, suite. Others pick a specific cabin on a ship they already know. All of the cruise lines have websites that present deck plans. My advice: no matter what type of cabin, you do NOT want a cabin underneath the disco, dining room, or lido deck pool... unless you like hearing footsteps overhead.

8. Use a travel agent? Some in your group will likely ask: are travel agents necessary? While you can do it all yourself and book your cruise through a cruise line’s website, you may want more service or have questions. Travel agents are there to answer your questions. They can give you the kinds of advice I mentioned above, recommend hotels in departure cities, often get you a lower price than the cruise line’s website, and book all elements of your vacation: the cruise, hotels, air travel, and transfers between airports, hotels, and cruise ship terminals. Whenever we work with a travel agent, we have in mind a budget and the probable retail price for the itinerary we want. We use a travel agent located nearby, so we can visit their office.

9. Read cruise reviews. Once you've selected 3 or 4 itineraries and ships, then it makes sense to read cruise reviews about the ships or itineraries you are considering. Many passengers write and post online their reviews. This is a good way to learn about the advantages and disadvantages of a ship or itinerary. A good place to read passenger-written cruise reviews is the Community section at the Cruise Critic site. Select the cruise line and then the cruise ship you are interested in.

As I said above, my wife and I have sailed on 22 cruises; both ocean and river cruises; and to most parts of the world: Mediterranean, Alaska, Hawaii, Bermuda, Panama Canal, the Caribbean, and northern South America. We have sailed on almost all of the above entry and mid-range cruise lines. We’ve only sailed on one of the luxury cruise lines.

Learn more: 8 tips about cruise ship vacations.

My friend really appreciated this detailed reply. If you have sailed on cruise ship vacations, what are your favorite itineraries? Your favorite destinations? Favorite ships? Any advice you have for new cruisers?


What Data Does Your Web Browser Collect About You?

While many people use mobile apps, most people use web browsers to access the Internet. Last week, Mozilla released a new version of its popular Firefox browser. If you use this browser and haven't reviewed some of its newer features, you probably should. The web browser software contains several options that collect data about how you use the Interenet, and then transmits this information back to the developers at Mozilla.

To view these options, open the Firefox browser on your computer and open the Tools drop-down menu. Then, select Options, then Data Choices. You'll see:

  • Telemetry
  • Firefox Health Report
  • Crash Reporter

What are these options? What data do they collect? First, Firefox defines Telemetry as:

"Usage statistics or "Telemetry" is a feature in Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory and hardware configuration. Your IP address is also collected as a part of a standard web log. Usage statistics are transmitted using SSL and help us improve future versions of Firefox. Once sent to Mozilla, usage statistics are aggregated and made available to a broad range of developers, including both Mozilla employees and public contributors. This feature is turned on by default in Nightly, Developer Edition, Aurora and Beta builds of Firefox to help those users provide feedback to Mozilla. In the general release version of Firefox, this feature is turned off by default."

Are you comfortable with your browser collecting and transmiting this data? That's your choice. The default for this option is off, so you have to opt-in or enable it. To enable it, click the check box next to Telemetry in the pop-up Options box.

The second option is the Firefox Health Report:

"Firefox Health Report (FHR) is designed to provide you with insights about your browser's stability and performance and with support tips should you experience issues, such as high crash rates or slow startup times. Mozilla collects and aggregates your data with that of other Firefox users and sends it back to your browser so you can see how your Firefox performance changes over time. This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, how old a profile is, count of crashes, and count of pages. FHR does not send Mozilla URLs that you visit. We use the data sent through FHR to provide users with FHR's functionality, such as helping you analyze and address performance issues with your browser..."

Anytime I see the phrase, "includes, for example" that tells me the option collects and transmits more data elements than those listed above. Why didn't Mozilla provide the entire list of data elements? Not doing so forces users to hunt for the complete list.

The third option is the Crash Reporter:

"This report contains technical information for us to improve Firefox including why Firefox crashed, the active URL at time of crash, and the state of computer memory during the crash. The crash report we receive may include personal information. We make portions of crash reports available publicly at https://crash-stats.mozilla.com/). Before publicly posting crash reports, we take steps to automatically redact personal information. We do not redact anything you may write in the comments box."

Maybe your Firefox browser is stable, or not. Mine is pretty stable. It rarely crashes. I have a hard time remembering the last time it crashed... probably four or five years ago. The default for this option is already enabled, so you have to opt out or remove the check box next to the Crash Reporter option.

To me, this crash data seems worthwhile, so I left the Crash Reporter opinion enabled. The other two options didn't seem critical, so I decided not to enabled them. My point: wise Internet users know what data their web browsers collect.

I like that Mozilla provided these options with their web browser. I feel informed and in control of my personal information and privacy. Perhaps, you feel similarly. I hope so.

It'd be great if all other web browser software developers offered similar options to help their users. It'd be great if all manufacturers of mobile devices (e.g., tablets, smart phones, fitness accessories, watches, cameras, auto insurance trackers, etc.) provided consumers with similar options to maintain control of their information and privacy.

What are your options of the Firefox options? Of the options device manufacturers provide?


Asurion Expands Service Offering With Malware Protection For Smart Phones

Asurion, a provider of mobile device insurance services, announced yesterday that it will provide Walmart MobileCarePlus customers with free Asurion Mobile Security software. The Asurion security software is available in the respective app stores for Android and Blackberry smart phone users. According to the announcement:

"The Asurion Mobile Security solution regularly scans messages, pictures, installed applications and files on a customer's phone to identify and eliminate the latest viruses and malware, many of which can access private information and harm the mobile device itself. Safe browsing alerts users before visiting web sites which may compromise their phone's security and in the event a protected phone is misplaced, locate features can trigger an audible alarm, making recovery much easier... During the last two years, 48 percent of high school and college age students required a replacement device due to loss or damage."

For lost or stolen smart phones, the security service also includes a remote wipe feature to prevent thieves from accessing sensitive data and contacts on your smart phone.

This blog has warned mobile device users to add anti-malware software to their devices. Security software is available from a variety of vendors. If you are considering insurance for your mobile device, then read this first to help decide what's best for you.


Data Breach At Nationwide Insurance Affects More Than 28,000 Consumers In Georgia

On Monday, the State of Georgia Insurance Commissioner (GADOI) confirmed a data breach at Nationwide Insurance. Hackers gained unauthorized access to private and sensitive information at the company's online computers.

The announcement contained few details. It did not list the specific personal data elements stolen or exposed, nor explain how the breach happened and what the insurance company is doing so this breach won't happen again.

About 28,467 Georgia residents and policyholders were affected. The insurance company has agreed to:

  • Provide the GADOI with copies of written breach notices sent to affected consumers,
  • Set up a toll-free phone number (800-760-1125) for breach victims to ask questions, and
  • Provide breach victims with at least one year of free credit monitoring services

Some news sources reported that the F.B.I. is investigating the breach. Another news source reported that names, birth dates, drivers license numbers, and marital statuses were stolen. Given the personal data elements stolen, the hackers can do damage.

This is not the first data breach at Nationwide. A check of the breach database at Privacy Rights Clearinghouse found that the insurance company had two small breaches (Florida and New York) during 2007 where laptops containing sensitive personal information were stolen from employee's cars. In 2006, Nationwide was one of severalinsurers affected by a lockbox theft at Concentra Preferred Systems in Ohio.

The insurance company has not disclosed the number of affected consumers in other states. More details will emerge and the number of breach victims will most likely increase since several states require notice of data breaches.


You've Been 'Mugged' In An Auto Accident Insurance Scam. What To Do Next?

Recently, an I've Been Mugged reader wrote asking what to do. She had been the innocent victim in an auto insurance scam:

"Two days ago, I was surprised to find myself in a situation that I believe is a clever scam. It involves auto insurance and a trumped up claim. Although the situation is still unfolding, and my carrier may not pay once they investigate, I am shaken at being on the business end of such a scheme. I'm afraid to drive. I feel unsafe because this person has my address and who knows what else such a person might do."

While I had heard about these scams, I have never been involved in an auto accident insurance scam. And, I had not thought about an insurance claim scam as also being a potential identity theft risk, too. It stands to reason that if some criminals are willing to stage a bogus accident, intentionally cause a collision, and/or submit bogus medical claims after an accident, then they are also willing to abuse the other driver's personal data.

So, what should a consumer do to protect yourself? What can a consumer do to protect yourself after a staged accident?

First, I did some online research to learn about the types of auto insurance scams. My thinking is that by understanding them, it would be easier to recognize them and not get tricked. The Allstate Insurance page lists the types of auto insurance scams and fraud schemes:

  • Swoop & Squat
  • Sideswipe
  • Shady Helpers

I am not going to repeat the scam descriptions here. You can visit the site and read them for yourself. Some are intentional collisions. Sadly, criminals will stage bogus accidents or cause intentional collisions. In 2010, Florida led the nation in the number of complaints about insurance fraud related to staged accidents.

Second, I found that auto insurance company websites often provide advice for their policyholders about how to protect yourself, and what to do if you suspect fraud. The State Farm site lists the types of auto insurance frauds and provides instructions for its policyholders:

"To report suspected insurance fraud, call State Farm or the National Insurance Crime Bureau (NICB) hotline: 1-800-TEL-NICB / 1-800-835-6422"

So, if you suspect fraud, you should inform both your auto insurance company and the NICB. I visited the NICB website to learn more.

The NICB, based in Des Plaines, Illinois, is a non-profit organization dedicated to preventing, detecting, and defeating insurance fraud and vehicle theft. The NICB works with more than 1,100 property and casualty insurance companies. The NICB offers an Apple iPhone app for consumers to report suspected insurance fraud.

According to the NICB, staged accidents occur in every state in the nation. In 2010, the top five cities with the most staged accidents and related auto insurance fraud schemes were:
  1. New York, New York
  2. Tampa, Florida
  3. Miami, Florida
  4. Orlando, Florida
  5. Houston, Texas

And, the top five states were:

  1. Florida
  2. New York
  3. California
  4. Texas
  5. Illinois

The NICB also describes the types auto insurance scams:

  • Swoop & Squat
  • Sideswipe
  • Panic Stop
  • Drive Down

While at the site, I downloaded the NICB Staged Automobile Accident Fraud brochure (Adobe PDF) to learn more. It sounded to me like the I've Been Mugged reader had experienced a "Drive Down" scam.

The NICB also offers a really good flyer for consumers about what to do after an auto accident. Download the Accident Checklist (Adobe PDF). The NICB advises consumers to:

  • Tend to the injured. Call emergency and/or ambulance personnel if needed
  • Keep a disposable camera in your auto. Take photos of the entire accident scene, and damage to your car, the other car(s), and any buildings affected. Take photos of all cars' license plates and Vehicle Identification Numbers.
  • Notify the police immediately, and call them to the scene
  • Get the information (e.g., name, address, phone, insurance certificates) of all other drivers involved, and of any witnesses. Either write down the informaton, or take photos of any documents, especially if the driver is not the registered owner of the other car
  • Notify your insurance company immediately
  • Don't disclose your Social Security Number or bank account information

If you suspect that others involved in the (staged) accident have abused your personal information or committed identity fraud, file a report with local police and get a copy of that police report. I have used the Identity Theft Resource Center (ITRC) website before, and highly recommend it. The site provides plenty of information and advice for a variety of identity theft and fraud situations. If you suspect other drivers in the (staged) accident are abusing your personal information, then Fact Sheet 110 seems to apply. It makes sens to file fraud complaints with your insurance company and with the U.S. Federal Trade Commission (FTC).

If you are feeling particularly vulnerable, you might arrange a consultation with an attorney to get advice about what to do next. Get an attorney referral from somebody you trust and know. I also visited the websites for several states' Attorney General offices, as these websites often contain advice and resources for consumers.  For example, the New York State Attorney General website provides advice for consumers about how to fight auto insurance fraud.

I am sure that some I've Been Mugged readers have opinions or experience with auto insurance claim scams. If you were a victim in a staged auto accident auto insurance scam, what did you do to protect yourself? What resources did you find most helpful?


Houston Identity Theft Theft Ring Arrested After Ordering Smart Phones

The Houston Examiner reported the arrest of members of an identity theft ring that used the stolen identities of Sprint customers to order fraudulent replacement smart phones, which they resold:

"Customers are routinely asked for their secret PIN numbers when they walk into Sprint stores, and federal agents say employees of the store were giving that information to thieves who were using it to get replacement phones that could be sold online."

What I found interesting about this case were the three points where data security failed. Better security at any one of these points could have stopped this theft ring before it started.

First, insider identity theft by employee facilitated the thefts. Using the stolen identities, the thieves ordered replacement smart phones from the insurance company, Asurion, used by Sprint mobile customers. A data breach like this highlights the need for a mobile service provider to implement a Red Flags program to identify and address problem data-security areas.

Second, the insurance company didn't seem to notice the rise in replacement phones within a specific geographic area:

"After filing the insurance claims, Secret Service agents say brand new phones were mailed out to hotels throughout the Houston area."

Most banks regularly flag purchases outside a consumer's normal credit card purchase patterns. Mobile service providers and mobile device insurers could and should do the same; especially where insurance claims include a different delivery address than the customers' home address. The new overage alert features by mobile service providers is a good first step in this direction, but it shouldn't require prodding by the FCC.

Third, several Houston area hotels seem to routinely accept and deliver packages to people who routinely made reservations but never checked in. This is like airlines accepting luggage for passengers who make reservations but never buy a ticket. Airlines have identified this security risk, and so too should hotels. Accept packages if you want, but deliver them only to customers have they have registered and checked in; or make it a perk only for loyalty program members.


The Frenzied World Of Companies Collecting Consumers' Financial Histories

Many consumers believe that if you pay your bills on time, keep your (Experian, Equifax, and TransUnion) credit reports accurate, and keep your credit scores high, then all is well. Not necessarily. There are many more companies that track and collect data about consumers financial history.

Chances are, you haven't heard of their names. The Washington Post reported:

"But little attention has been paid to the firms that target consumers outside the mainstream financial system. Often they are students, immigrants or low-income consumers who do not qualify for traditional loans or choose not to use them... they carry particular weight for the estimated 30 million people who live on the margins of the banking system."

Who are some of the smaller firms? Some of them this blog has covered: ChoicePoint, Innovis, RapLeaf, Quantcast, First Data, Acxiom, Intelius, US Search, and Spokeo. Some are data brokers. Some collect website visitation statistics. Others focus on finance or insurance. Some are technology vendors working with ISPs. A prior blog post discussed the variety of brands of credit scores. Some other firms' names you may not have heard about:

"LexisNexis, whose parent company bought ChoicePoint three years ago, handles background checks, tax assessments and criminal histories. Bounced checks can be tracked through Chex Systems, TeleCheck or SCAN. Payday lenders report to a company called Teletrack. Alliant Data compiles information on so-called “installment payments,” industry jargon for recurring monthly fees such as gym memberships. The National Communications, Telecom and Utilities Exchange collects account information for 63 of that industry’s largest firms..."

The accuracy of the information collected by these firms is suspect:

"Arkansas resident Catherine Taylor didn’t learn about the fourth bureau until she was denied a job at her local Red Cross several years ago. Her rejection letter came with a copy of her file at a firm called ChoicePoint that detailed criminal charges for the intent to sell and manufacture methamphetamines. The information was incorrect... Taylor said she has identified at least 10 companies selling reports with the inaccurate personal and financial information, wrecking her credit history so badly that she says she cannot qualify to purchase a dishwasher at Lowe’s. Taylor must apply for loans under her husband’s name and has retained an attorney to force the firms to correct the record..."

And all of these firms do not include social networking websites, advertising networks, and mobile device marketers -- all collect information and profiles about consumers.

Given the long list of companies across several industries collecting consumers' personal information, you could call this a feeding frenzy.


Would You Buy Pay-As-You-Drive Auto Insurance?

A few nights ago, the CBS affiliate here in Boston broadcast a news story about "pay-as-you-drive auto insurance." The idea is that if you pay auto insurance premiums based on the number of miles you drive. If you drive a lot, you pay more. If you drive less, you pay less. Good drives might pay 2 cents a mile; bad drivers 10 cents a mile.

Why am I writing about this? Be patient and read to the end. The reason will quickly become obvious.

The idea of pay-as-you-drive or pay-per-mile auto insurance appeals to me, mostly because I don't drive much. I am happy to walk and/or take mass transit. Boston has a pretty good mass transit system with buses and subway trains.

My wife and I own one car which we share. When we need a second car, I use Zipcar.com, which is effectively paying for the use of a car (and its auto insurance) only when I need it -- on an hourly basis. If I use a Zipcar more, I pay more. I pay for only for what I use.

It seems a little unfair for me to pay the same amount as a person who drives 1,500 miles each month, while I drive only about 350 miles monthly. So, my auto insurance premiums would decrease substantially with pay-as-you-drive pricing. Another benefit of mileage-based auto insurance:

"A new study commissioned by the Conservation Law Foundation found that basing premiums on mileage would encourage drivers to drive less, cut down on pollution from tailpipe emissions, even reduce accidents which could be attractive for insurers."

The idea of pay-per-mile auto insurance also appeals because this form of pricing is not new. Rental car rates are often mileage based. Airplane and bus travel are often mileage based. you pay more the further you travel.

The news story was rolling along nicely until the reporter mentioned how insurance companies might measure drivers' mileage:

"... drivers would probably have to agree to a tracking device in their car to monitor their mileage and  check their driving habits."

Whoa!! More tracking of consumers?

There is tracking and then there is tracking. Simple tracking might upload once a month the car's odometer mileage reading. That is simple enough, since most new cars have digital odometers. Or, the folks at On-Star might include this with their existing service. It's what I had in mind during this news broadcast.

More invasive tracking might use a GPS device to measure your mileage and speed; in theory to determine whether or not drivers comply with posted speed limits. That is problematic and unnecessary.

Why? First, insurance companies already obtain speeding ticket information from state motor vehicle registries. Second, inspection stations already record mileage during the auto inspection. Just add the upload feature to the RMV.

Third, slow drivers could get penalized needlessly if the tracking doesn't include traffic information. Fourth, extensive tracking collects more information a company could lose or have stolen during a data breach.

Fifth and perhaps most importantly, GPS tracking captures a lot more information than insurance companies need: your location, time of day, travel patterns, and how long you stay at certain places. That is far more extensive data collection than any insurance company deserves, or should have.

Are insurance companies prepared to invest more in data security to protect this information? So far, they don't seem prepared to do so. They would have to because where you are during the day, and your travel patterns over weeks or months, is very valuable information. Burgulars, for one, would love to have it. They'd know when you aren't home and when you are expected to return.

The news reporter, Beth Germano, didn't discuss any of the privacy issues related to tracking. Hopefully she will in a future news telecast, because a rental car company, using GPS tracking, issued a consumer a speeding ticket and included the speeding fine with his auto rental bill. Insurance companies should not perform law enforcement tasks. The insurance company was forced to stop billing speeders.

What's your opinion about pay-as-you-go auto insurance? Would you buy it? What track would you be comfortable with? If you missed the news telecast, here it is:


How To Make Sure Your Bank Accounts Are Covered By FDIC Insurance

You work hard for your money. Naturally, you want to make sure your money is protected. The Federal Deposit Insurance Corporation (FDIC) insures the deposits at member banks. The current FDIC insurance limits:

"If you (or your family) have deposits at one FDIC-insured bank with a combined total balance less than the basic maximum insurance amount under federal law – currently $250,000 through year-end 2013 – all of that money is fully protected. And, as always, you may qualify for much more than the standard maximum insurance amount at the same bank – perhaps millions of dollars of coverage – if you have funds in different "ownership" categories. That's because the FDIC's rules allow for separate $250,000 coverage for deposits held in your name alone (single accounts), accounts with one or more other people (joint accounts), accounts that name beneficiaries when you die (testamentary or revocable trust accounts), and certain retirement accounts, such as Individual Retirement Accounts (IRAs)."

All of this sounds great. How can a consumer easily find out which accounts are insured? Try EDIE, an online estimation tool by the FDIC.

To use EDIE, first you enter (or select) your bank. EDIE has a nice look-up mechanism to find your bank by name and by branch location. Then, select the type of account (e.g., checking, savings, IRA, etc.) you have at that bank, and the amount in that account. You then repeat this last step for each account you have at the same bank.

After entering this data, EDIE will tell you if each account at that bank is covered by FDIC insurance, the amount insured by the FDIC, and if any amounts are not insured (e.g., over the FDIC insurance limit). This presentation by EDIE makes it easy to see how much money you must move to another bank so that it is insured by the FDIC.

I hope that you will use EDIE. I did. It's easy to use.


The 2009 Data Breach Hall Of Shame

This month, Network World magazine released its list of the 2009 Data Breach Hall of Shame. This list includes companies and government agencies that really effed up... they didn't protect consumers' sensitive personal information as they should have. All of these breaches were preventable. Here's who made the list:

  1. Transportation Security Administration (TSA) after it accidentally posted on a public Web site a manual that contained complete details on its airport screening procedures,
  2. Heartland Payment Systems after it allowed hackers to steal about 130 million credit and debit cards over several months while the company was being certified as PCI compliant for security,
  3. Health Net after it lost a hard drive with unencrypted personal, financial, and medical information of 1.5 million consumers and after it waited for six months before notifying government authorities and its breach victims,
  4. U.S. Government Printing Office after it posted on a publicly accessible web site a document with details on U.S. civilian nuclear sites marked as "Highly Confidential Safeguards Sensitive,"
  5. RockYou Inc after a hacker stole over 32 million consumers' passwords and sign-in credentials that were stored in plain text without any encryption or protection

I agree with Network World. The companies and agencies on this list deserved to be on this list. Their executives were sound asleep when they should have been awake and actively protecting the sensitive information they were entrusted with. In honor of these executives, I'd like to present them with the Data Breach Analysis Flow below, which was first published in this blog in September 2007:

Data Breach Flow


Health Net May Have Violated Consumer Notification Laws After Its Data Breach

From the Boston Examiner:

"On Friday Attorney General Terry Goddard called on Health Net, a Connecticut-based insurance company, to immediately notify its Arizona policyholders whose personal, medical and financial information was either lost or stolen in a data breach that occurred six months ago. He said further that his Office will open an investigation to determine whether a state law requiring prompt notification was violated. Health Net notified the Arizona Department of Insurance on Wednesday that a hard drive containing personal data on some 316,000 present and former Arizona policyholders has been missing since May from the company's headquarters in Shelton, Conn. The company has yet to contact the affected policyholders about the breach, however, saying it plans to send letters to them soon."

Soon? The company already waited six months after the breach to notify State of Connecticut officials. To learn more, read this prior blog post.


How To Check Your Insurance Company's Complaint Record

Everyone has horror stories about insurance companies, whether its auto insurance, health insurance, homeowners, or property insurance. There's a good article at Kiplinger.com that has documented the leading ways insurance companies "mug" or abuse their customers:

"... the top complaint had to do with claims payments -- claims-handling delays (19.1%), followed by denial of claims (17.9%) and unsatisfactory settlement offers (15.0%). You should be concerned if a company you're considering has a lot of complaints in these areas. The next category of complaints revolves around underwriting -- the insurer's process of accepting or rejecting applicants and setting rates. Premium and rating accounted for 4.8% of the complaints, and policy cancellation for 4.2%. The type of insurance policyholders had the most complaints about was accident and health insurance (37.7%), followed closely by auto insurance (33.7%). There were fewer complaints about homeowners insurance (12.71%) and life insurance and annuities (10.4%)."

Maybe you are looking for a new insurance company, or just curious about your current provider. To check an insurance company's complaint record, visit the Consumer Information Source Web site produced by the National Association of Insurance Commissioners (NAIC). Then:

"Type in the name of the company, the state where you live and the type of insurance. (Under "statement type" and "business type," click on "property/casualty" for home and auto insurance or "life, accident and health.") The site then provides the insurer's national complaint statistics. Focus on the complaint ratio, which shows the ratio of the company's U.S. market share of complaints to the company's U.S. market share of premiums for a specific policy type... If the national median complaint ratio is 1.00 and the ratio for the company you're considering is 2.00, for example, that should be a red flag. Also look at the complaint trend report to see whether the company's complaints have been increasing or decreasing over time. If the insurer's complaint ratio is high, check its record at your state insurance department and find out whether any enforcement actions have been taken against the insurer."

To find your state government's insurance department, browse this NAIC Web page with a map of insurance commissioners by state. Both links are great resources, whether you are happy with your current insurance company or looking for a new one.


ChoicePoint Settles With The FTC About Its Data Breaches and Security Lapses

I'd written previously about my less than consumer friendly experiences with ChoiceTrust, a service from ChoicePoint, Inc.. Recently, the U.S. Federal Trace Commission (FTC) announced a settlement by ChoicePoint, Inc. after the company's past data breaches and data security lapses:

"In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention. The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also alleged that ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information."

Gee, that's extremely poor management. First, the company fails to implement every security feature it had already established. Second, its actions violated a previous court order about data security. How arrogant can a company act?

ChoicePoint's settlement included actions to:

"... strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information... This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000."

Was this fine sufficiently large enough? In my opinion, no.

Will ChoicePoint do the right thing and maintain adequate protections for the consumer data it stores and sells? Will it comply with applicable Red Flag rules by the FTC in 2010? Time will tell. I'm not holding my breath.

I'd love to be able to pull my C.L.U.E. insurance reports and records from Choicetrust, but we consumers don't have that option. Due to ChoicePoint's cozy relationship with the government, the company enjoys a near-oligopoly status regarding C.L.U.E. insurance reports. This is a good example of a "free market" sham. Same for the credit-reporting agencies.

At some point, this crap has to end.


How To Confirm That Your Bank Is FDIC Insured

Great advice for consumers from The Consumerist blog. First, some background:

"... FDIC insurance covers banks and NCUA insurance covers credit unions. Not all credit unions are insured by the NCUA, the ones that aren't often have insurance from American Share Insurance (ASI)..."

Here's the important information:

"The best and only way you can confirm that a bank is FDIC insured is by using the FDIC's Bank Find tool. The search will tell you whether or not the bank is in the database but it's not very robust because it does a broad match search. If you search for ING, as in ING Direct, you'll get every bank with 'ing' in its name which is is pretty much every single bank with the word "Savings" in it. An alternative is if you go to the site and find the FDIC certificate number. On the FDIC Bank Find page, click on "More Search Options" and you can enter the certificate number."

For consumers who use credit unions:

"The NCUA has a similar Find a Credit Union search that lets you find the credit union you're interested in. Again, the search is broad match so it might be easier to get the Charter Number of the credit union and entering it directly... Finally there's ASI and you can search for credit unions insured by ASI at their credit union search. FDIC and NCUA are effectively backed by the full faith and credit of the United States, ASI is not."


FTC Continues Toward Credit-Based Auto And Homeowner Insurance Rates

Just before the Christmas holiday, the FTC released this news release:

"The Federal Trade Commission has ordered nine insurance companies to produce information for a study on the use and effect of credit-based insurance scores on consumers of homeowners insurance... The orders require information from the nine largest private providers of homeowners insurance, which have roughly 60 percent of the homeowners insurance market in the U.S..."

The nine insurance companies required to turn over data to the FTC:

  1. State Farm Mutual Automobile Insurance Company,
  2. The Allstate Corporation,
  3. Fire Insurance Exchange,
  4. Nationwide Mutual Insurance Company,
  5. The Travelers Companies, Inc.,
  6. United Services Automobile Association,
  7. Liberty Mutual Holding Company, Inc.,
  8. The Chubb Corporation, and
  9. American Family Mutual Insurance Company.

The companies have until April 24, 2009 to respond to the FTC's data request, which will be used for the FTC's final rules and guidelines.

In June 2008, I wrote about the the FTC's intent to study of the use and effect of credit-based insurance scores on the availability and affordability of automobile and homeowners insurance, and the open comment period for consumers to voice their concerns and objections. I wrote about this because it has everything to do with how companies make money from your sensitive personal data; and how that sensitive personal data is used, archived, and shared between government and industry. According to the latest FTC press release:

"In May 2008, the Commission authorized the use of compulsory process in the homeowners insurance study (http://www.ftc.gov/opa/2008/05/comprofyi.shtm) and posted for public comment a draft model order to obtain data for the study. Based upon comments received, the FTC developed final orders that maximize its research capability while minimizing any unnecessary burden on insurers participating in the study."

Should you be concerned? If this project continues, your auto and homeowners insurance will be based mostly on your credit worthiness rather than on your driving and accident record. Does this make sense? It's another example of the "tilt in the playing field" towards the needs of companies and away from the needs of consumers.

Credit-based insurance rates also mean that consumers must spend more time and money inspecting their credit reports at the three major credit bureaus, because inaccurate credit report information could lead to higher insurance rates. Seems to me like your auto insurance should be based on our driving record; and your homeowner's insurance based on your claim history.


Would You Trade Privacy For Auto Insurance Discounts?

Last week, I mailed to my insurance agent a form for the low-mileage discount. My wife and i drive less than 5,000 miles monthly yearly since I use mass-transit to commute to work. The form required me to disclose the car's odometer and to provide an explanation why we expect to drive less than previously.

I was comfortable with the form my insurance agent required. Then, I saw the MSNBC video below. The new proposed methods by insurance companies would required consumers to disclose far more than your mileage. a GPS device can track (and send to the recipient) your mileage plus everywhere you drive to. A smart recipient could compute your highway speed and issue speeding tickets accordingly. that's a lot of data to provide just for an insurance discount this year, which the insurance company could eliminate next year.

Plus, a data breach at an insurance company would expose far more data to identity thieves and criminals. Data breaches happen at insurance companies:*

  • April 2006: Progressive Casualty Insurance
  • April 2006: Aetna: 38,000 records exposed
  • June 2006: AIG: 930,000 records exposed
  • June 2006: Allstate: 2,700 records exposed
  • July 2006; Sentry Insurance, 112,270 records exposed
  • December 2006: Aetna, Nationwide, and Wellpoint via a vendor: 172,000 records exposed
  • October 2007; West Virginia Public Employees Insurance Agency: 200,000 records
  • March 2008: Sterling Insurance & Associates: undisclosed
  • May 2008: BB&T Insurance: undisclosed
  • June 2008: Texas Insurance Claims Service: unknown
  • September 2008: State Farm: 137 records exposed

Would you trade privacy for an auto insurance discount? Watch the following:

*Source: Privacy Rights Clearinghouse, Chronology of Data Breaches


Suze Orman And the FDIC Partner To Help Consumers With Determining Bank Account Insurance Status

With the recent bankruptcies of financial firms, some banks, and the general uncertainty with the mortgage and credit crises, consumers are understandably nervous about the status of the bank accounts. This blog has previously discussed tips to help consumers.

Earlier this month, financial expert Suze Orman and the FDIC launched a web site to help consumers determine if their bank accounts are protected by FDIC insurance: www.myfdicinsurance.gov

According to the FDIC web site:

"EDIE the Estimator can calculate your FDIC insurance coverage for each FDIC-insured bank where you have deposit accounts. EDIE lets you know in a printable report for each bank whether your deposits are within or exceed coverage limits."

When using the EIE tool, it was satisfying to read the following privacy information:

"... EDIE the Estimator does not require any confidential or personally identifiable information, nor does it store information after you complete a specific user session. Moreover, users can enter an owner's name by using their real name (Joe Smith), their relationship in the family group (Husband), or numerically (Owner1). The names of beneficiaries (if applicable) can be similarly entered. In addition, as an extra measure of safety, the system is programmed so no account group information for the session is transferred over the Internet."

So, for maximum protection and privacy, enter "Bank #1" for your financial institution and your generic family position (e.g., husband, spouse, child #1, etc.).


Farmers Identity Shield (Product Review)

Farmers Insurance While watching late-night television recently, I saw an advertisement for Farmers Identity Theft Shield. Readers of this blog know that I'm looking for a replacement credit monitoring service after Discover changed its credit monitoring vendor. The Product and Service Reviews page in this blog lists all of the credit monitoring services I've reviewed so far. Today's post includes a review of Identity Shield from Farmers Insurance.

Farmer's service is coverage a consumer would add to an existing Farmers homeowners insurance policy. It isn't sold separately. The Farmers site does an average job of explaining their offering. The site does not provide a price, so it is difficult for consumers to determine if the Farmers offering is a good value for their money. Some key features of Farmers offering:

  • Coverage of $28,500 expenses
  • $1,500 indemnity
  • Monitoring of credit files and publicly accessible records for fraudulent activity, for two people
  • Annual identity report with details of the customer’s credit file and public records
  • Professional on call to answer questions regarding identity safety concerns
  • Assistance in replacing lost, stolen or damaged identification documents (birth certificate, passport, etc.)
  • E-mail tips and news to help prevent identity theft
  • Access to Farmers’ informative Web site www.FarmersIdentityShield.com

Actual ID-theft victims would also receive:

  • Identity resolution services for the entire household
  • 24/7 access to an advocate at Identity 911 to guide the victim through the identity recovery process
  • Preparation of correspondence necessary to notify all relevant parties of the fraud (credit bureaus, financial institutions, etc.)
  • Creation and maintenance of a case file of all phone calls, documents and results
  • Assistance in placing fraud alerts and security freezes with credit bureaus

The focus of the site is to get a consumer to talk with a Farmer insurance agent. While that is a reasonable goal, the site is very weak on providing details. It could and should do both.

The site doesn't explain what the "$1,500 indemnity" means. The insurance coverage is a little more than available from other providers, but the site doesn't provide a link to the full text of the agreement so consumers can read the coverage details. As I discovered in prior product reviews, the important details about insurance coverage and expense reimbursement is covered in the detailed agreement, which the Farmers site doesn't provide.

The Farmers site does not list specifically which credit bureaus it monitors. The copy implies all three national credit bureaus, but I look for precise copy statements, not implications. the site does not explain the training and qualifications its phone-based professionals have, so the user cannot evaluate how beneficial this phone support might be. The site does not even link out to the sub-contractor, Identity 911. This is critical since Identity 911 would provide assistance to ID-theft victims.

I reviewed briefly the www.FarmersIdentityShield.com site and quickly noticed that much or most of its content is a copy of the Identity Theft Knowledge Center site run by Identity 911. I guess that Identity 911 allows its clients to reuse its news, tips, and informational content. While this may greatly help Farmers, it left me wondering how much Farmers Insurance really understands about identity theft. Farmers seemed to have hired a subcontractor to do all of the heavy lifting.

The site says that consumers get an "Annual Identity Report," but the site doesn't show an example report. So, consumers are unable to learn exactly what's in this report and how beneficial it might be (or not). Is it the full text of the consumer's credit reports at all three national credit bureaus? Or is it a Farmers-created summary? And, an annual report may not meet many consumers' identity protection needs. When an alert informs the user that there's a change to one of their credit reports, the consumer wants to see that report immediately... not wait for the annual identity report which could be months away.

Would I buy this product? No way. The site is skimpy on details. Many of the service features and descriptions are vague. No demos or online tutorials. The site does a very poor job of explaining and proving the service benefits and features.

The site didn't offer any explanations of why Farmers Identity Shield might be better than other credit monitoring services. The user is left to make their own comparisons and analysis. It seems that Farmers quickly cobbled together an offering, with the hope that poorly informed consumers would buy it without asking hard questions. Part of the services Farmers seems to charge for (e.g., placing Fraud Alerts and Security Freezes), I have already done and consumers can do for themselves for free. It is very easy and a fast 5-minute phone call for a consumer to place a Fraud Alert on their credit reports.

More importantly, the site fails to state the monthly fee for the service. How can consumers make a decision about a service when the site doesn't state the price?

During the upcoming weeks, I will review more credit monitoring services. You can access prior reviews at the Product and Service Reviews page, or via "Product Reviews" in the right-column tag cloud. To receive alerts about future reviews, click on either of the e-mail or RSS links in the right column.