149 posts categorized "Statistics" Feed

U.S. Department Labor Division Recovered $1.2 Billion During 2012 For Employer Benefit Programs

Within the U.S. Department of Labor (DOL) federal agency, its Employee Benefits Security Division (EBSA) oversees employee benefits programs, including about 707,000 retirement plans, 2.3 million health plans, and related employer-sponsored benefits plans (e.g., stock plans, IRA plans). All of these plans cover about 141 million individuals (e.g., employees and their dependents), with assets of about $7.1 billion.

The oversight function by the EBSA includes enforcement when employers violate labor laws. During 2012, the EBSA:

"... closed 3,566 civil investigations, with 2,570 (72.1%) resulting in monetary results for plans or other corrective action. EBSA often pursues voluntary compliance as a means to correct violations and restore losses to employee benefit plans. However, in cases where voluntary compliance efforts have failed, or which involve issues for which voluntary compliance is not appropriate, EBSA forwards a recommendation to the Solicitor of Labor that litigation be initiated. In FY 2012, 218 cases were referred for litigation..."

Also during 2012, the EBSA closed 318 criminal investigations and indicted 117 persons about crimes related to benefits plans. All of that agency activity, including both voluntary and involuntary compliance, resulted in the EBSA achieving about $1.27 billion in monetary results. That's a huge amount of money that employees would have lost otherwise.

Some examples of employer violations and EBSA resolution activity during 2012:

Another way to look at this enforcement activity: it's a lot of companies -- a lot of senior executives -- violating wage laws. It's not just low-wage or immigrant employees affected, but white-collar, middle-income employees (and their families) affected.

The EBSA also operates an Informal Complaint process, where employees can submit complaints about alleged violations and abuses. During 2012, the EBSA:

"... EBSA's Benefits Advisors closed nearly 240,000 inquiries and recovered $260.7 million in benefits on behalf of workers and their families through informal resolution of individual complaints..."

This is government working effectively, folks. Employees can submit complaints by contacting the EBSA via its toll-free phone number (1-866-444-3272), or visit www.askebsa.dol.gov.

To read the full report, download the 2012 EBSA Fact Sheet (Adobe PDF, 52.9K). The latest EBSA Fact Sheet is also available online.

I look forward to reading about the EBSA's performance during 2013, despite the 16-day federal government shutdown which cost the country an estimated $24 billion, and which probably hampered EBSA performance.


Study Finds EU Companies Reluctant To Publicly Announce Data Breaches

A recent study by AlienVault uncovered some interesting statistics about data breaches and corporate responsibility:

"... only 2% of surveyed [European Union] companies would be willing to go public should they suffer a security breach. 38% opted to inform the relevant authorities and 31% said they would tell their employees. A mere 11% said they would share the information with the security community."

The reluctance of companies to publicize data breaches seems to be an attempt to balance the need to prevent future attacks against the need to minimize damage to their brands. Additional statistics from the survey: 5 percent of survey respondents said they would do nothing after a malware attack to their systems. Half of survey respondents said that after an attack they would share intelligence with competitors; 35% anonymously and 15% would reveal their company name.

Sharing information is important. Barmak Meftah, President & CEO of AlienVault said:

"The growing complexity and sophistication of threats make it difficult for security professionals to have a clear view of possible vulnerabilities, threats, and attacks that are out there... Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts... In addition, it helps identify attack methods, tools and patterns, all of which help fuel research on new defense technologies."

AlienVault provides organizations with limited security staff and budgets with methods to address data security compliance and threat management.


Credit Unions Outperform Banks On Customer Loyalty, And Banks Lobby To End Credit Unions' Tax-Exempt Status

The Bankrate Banking blog reported the results from a recent survey about customer loyalty:

"According to the 2013-2014 National Member and Nonmember Survey from the Credit Union National Association, 57 percent of credit union members indicate they are extremely likely to recommend their credit union to friends. In contrast, just 40 percent of members who also use banks say they're equally as likely to recommend that institution to friends."

A 2012 survey found that 11% of customers were ready to leave their bank. To improve their performance, you'd think that banks would focus on better customer service, and cut costs to improve profitability. The big banks have focused on lobbying legislators in Washington to end the tax-exempt status of credit unions, which are non-profits:

"... Frank Keating, president of the American Bankers Association (ABA) wrote, "Many tax-exempt credit unions have morphed from serving 'people of small means' to become full-service, financially sophisticated institutions. The time has come to abolish this exemption." "

Another claim the banking industry likes to make is that repealing the credit unions' tax-exemption would create a level playing field. Earlier this year, the American Banking Association trade group released a flyer (Adobe PDF) which claimed:

"Today credit unions are a $1 trillion industry that pays no income tax. That’s nearly $2 BILLION every year that could help shrink the federal deficit. Now, credit unions want even more perks. It’s time to end credit unions’ indefensible and outdated special treatment. Enough is enough."

I agree. Enough is enough. And, enough with the spin and misleading statements. Let's start with some facts from the U.S. Statistical Abstract:

  • The average bank is about 14 times larger than the average credit union. In 2010, the average bank had $1,739.7 billion (or $1.7 trillion) in assets while the average credit union had $124.6 billion in assets.
  • Banks still control a whopping 94% of the market, based on assets. In 2010, FDIC-insured banks (commercial and savings) had over $13.3 trillion in assets, compared to $914 billion in assets at credit unions (federal- and state-insured).
  • Banks are far bigger with more branch offices and ATM retail booths. Also in 2010, the 7,657 FDIC-insured banks (commercial banks and savings institutions) had 95,527 offices (main office and branches). That is about 12 offices per institution. In the same year, there were 7,339 credit unions; most with a couple offices (that rely on others' ATM networks to service their members).
  • In 1990, the average bank was about 20 times larger than the average credit union. In 1990, the average bank had $306.6 billion in assets while the average credit union had $15 billion in assets.
  • From 1990 to 2010, the number of banks decreased (e.g., consolidations, failures) by about 50%, the number of offices increased by 45%, and assets increased 186%. So, the big banks got a lot bigger.
  • During the same period, the number of credit unions decreased (e.g., consolidations, failures) by about 43%, and assets increased by 361%. So, small organizations did get bigger.
  • In 1990, banks controlled about 96% of the market; based on assets. So, credit unions have captured 2% of the market in 20 years. That is miniscule annual growth in market share.

Some additional facts worth noting:

The trade group representing credit unions has completed its own analysis which totally debunks the level playing field claim by banks. Read this 2011 report: Commercial Banks and Credit Unions: Facts, Fallacies, and Recent Trends:

  • The claims by bankers imply that credit unions have captured a larger share of the market. This is false. In 1992, credit unions had 6% of the market -- the same share as in 2010.
  • In 2011, half of credit unions had less than $19 million in assets while less than 2% of commercial banks were this small. During the same period, two-thirds of banks had $100 million or more in assets, while only 20% of credit unions were this big.
  • The claims by bankers that credit unions don't paying their fair share of taxes is misleading and dishonest. Many banks use the SubS tax status to pay less taxes. According to CUNA, the number of banks using the SubS tax status has grown from 6% in 1997 to 31% in 2011. Both small and big banks use this tax dodge. Again in 2011, 61 banks with $1 billion or more in assets used the SubS lower-tax status, which was originally created for small businesses. It would seem that the banks are gaming the system tax wise.

What's really going on here? I began to wonder why an industry that controls 94% of the market would complain about its competition.

As I see it, this lobbying by banks is another slick attempt to focus attention away from themeselves and to limit consumer freedoms and banking choices. By limiting or eliminating choices (e.g., credit unions), banks reduce competition that keeps banking prices down. Without credit unions, it would be easier for banks to raise prices (e.g., fees, loan interest rates, decrease savings interest rates). Consumers would not have an option to move their money to from banks. I can think of no other reason why an industry would complain about competition that has only 6% of the market.

Remember, raising prices was what the banks wanted to do in 2011, but couldn't when consumers rejected higher monthly checking and debit fees proposed by the Bank of America and other big banks. Raising banking prices has several benefits for banks:

  1. Increases banks' revenues and profits
  2. Encourages some current account-holders to move to underbanked status: a checking or a savings account, but not both
  3. Encourages some current account-holders to move to unbanked status: neither a checking nor a savings account
  4. Allows banks to service both underbanked and unbanked customers with highly-profitable prepaid cards, instead of with traditional checking and savings accounts. Prepaid cards aren't as tightly regulated as debit cards, credit cards, checking accounts, and savings accounts. Prepaid cards have fewer or no disclosure requirements and few to no limits on the number or amount of fees the banks can charge. Prepaid card users have greater liability should the bank that issued their prepaid card fail.

In 2011, about 8% of U.S. households were unbanked and 20% were underbanked. The average prepaid card charges about $300 per year in basic fees. That's a huge revenue source for banks. Do you want to pay $300 per year, or more, in banking fees? I doubt it. I don't.

This blog discussed the long list of fees charged on many prepaid payroll cards. The goal should be to decrease unbanked and underbanked households. The St. Louis Federal Reserve said it well in 2010:

"Encouraging the unbanked to handle payments through the financial mainstream is important for a number of reasons. Having a checking and savings account is an important first step in establishing that the consumer has the financial acumen to apply for credit for a car or home... the key advantage to consumers having bank accounts is avoiding costly alternative financial services and enabling families to build and protect their wealth. Unbanked consumers spend approximately 2.5 to 3 percent of a government benefits check and between 4 percent and 5 percent of payroll check just to cash them. Additional dollars are spent to purchase money orders to pay routine monthly expenses. When you consider the cost for cashing a bi-weekly payroll check and buying about six money orders each month, a household with a net income of $20,000 may pay as much as $1,200 annually for alternative service fees—substantially more than the expense of a monthly checking account fee."

So, traditional checking and savings accounts are ways for consumers (e.g., the poor and lower middle-income people) to move up the economic ladder in society to achieve the American dream. If one wants the poor and middle-income classes to succeed, one should encourage them to open traditional checking and savings accounts with the lowest-cost financial products possible, usually available at credit unions.

Without credit unions (or with severly hampered credit unions), a rise in banking prices by banks would likely result and cost consumers dearly. The Los Angeles Times reported:

"The tax exemption is crucial to credit unions, which by law can't raise capital through public stock offerings the way that banks can, said Fred R. Becker Jr., president of the National Assn. of Federal Credit Unions, a trade group with about 3,800 federally chartered members... A 2012 economic study commissioned by the trade group found that removing the tax exemption would cost consumers about $10 billion a year through higher fees and interest rates on loans, as well as lower interest rates on savings."

The Los Angeles Times article also provided some good background information:

"Under a 1934 law, Congress exempted credit unions from federal income taxes as long as they were nonprofit businesses, organized without capital stock and operated for the benefit of their members. For decades, most credit unions were small operations, usually serving employees of individual businesses and government agencies. The industry has grown significantly since the 2008 financial crisis, boosted by outrage over Bank of America's 2011 plan to impose a $5 monthly fee for debit card use."

So, the big banks have only themselves to blame for the rise in credit unions. I think that it is important to remember the history of banks and credit unions described in this Federal Credit Union handbook (Adobe PDF):

"In the early twentieth century, credit needs of the urban working classes in the United States were largely neglected by established financial institutions. For the most part, the average worker had nowhere to turn except to the usurious money lenders of the day. This growing dependency complicated the economic life of the average consumer and gave rise to the development and formation of a cooperative credit system in the United States, an idea originating in Europe and imported to North America in 1900. In 1908, the first legally chartered cooperative credit society was established in Manchester, New Hampshire by a special act of the state’s legislature. The following year, the first complete credit union act, the Massachusetts Credit Union Act, became law in Massachusetts. By 1933, enactment of state laws permitting formation of credit unions had been largely accomplished. In 1934, the Federal Credit Union Act was signed into law..."

A reminder: usurious = very high or unlimited interest rates. So, a world without credit unions would eliminate the need for the Credit Union Act. It would also eliminate several freedoms citizens have, including the right to gather as a group and form a credit union. It would also set conditions for a return to the high interest-rate times of the 1800's. Do you want to return to banking practices of the 1800s? I doubt it. I don't.

What to do next. First, contact your elected officials and tell them what you think of the banks' lobbying against the tax-exempt status of credit unions. Second, move your money to a local, community bank or to a credit union. Third, join the Don't Tax My Credit Union movement.


83% Of The Leading Mobile Apps Put Your Sensitive Personal Information At Risk

Appthority logo On July 30, Appthority released a report about the risks with mobile apps. The report including a study of the 400 leading apps across the Apple iOS and Google Android platforms. The study included 100 leading free apps and the 100 leading paid apps from both platforms.

Since there are more than a million apps in the Apple App Store and in Google Play, there is stiff competition among app developers. As a result, many app developers increase their revenues by selling mobile users' information to both advertising networks and analytic/tracking companies. Developers of both free and paid apps do this.

Key findings from the study:

"Overall, 83% of the most popular apps are associated with security risks and privacy issues.

iOS apps exhibited more risky behaviors than Android apps overall. 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps.

95% of the top free apps and 78% of the top paid apps exhibited at least one risky behavior.

78% of the most popular free Android apps identify the user’s ID (UDID).

Even though Apple prohibits its developers from accessing the UDID, 6% of the tested iOS apps still do.

72% of the top free apps track for the user’s location, compared to 41% of paid apps.

Although paid apps already generate revenue when downloaded, 59% of paid iOS and 24% of paid Android apps still support in-app purchasing. Furthermore, 39% of paid iOS and 16% of paid Android apps still share data"

The UDID is a bonanza for companies, marketers, analytics/tracking companies, advertising networks, and any entity interested in tracking consumers. When matched with your 10-digit phone number and App Store account, the UDID is a powerful identification (and tracking) tool that allows the compilation of all data, usage, and information on a mobile device to a person: phone calls, email messages, photos, video, text messages, GPS position, phone book, web browser history, apps downloaded, music, movies, and more. That compilation is more extensive since many consumers now use multiple email addresses (e.g., work and personal) on a single mobile device.

While both types of apps expose you to risky behavior, the researchers found that free apps are riskier than paid apps:

"The biggest disparity between free and paid apps is location tracking. While 73% of free apps track for location, less than half of paid apps (41%) do the same. Free apps are also more likely than paid apps to use single sign-on (67%), share data with ad networks and analytics (51%), offer in-app purchasing (50%), identify the user or UDID (44%), access the address book or contact list (42%), and access the calendar (15%). Paid apps, on the other hand, aren’t as safe as one might think..."

So, using only paid apps is not a security solution for consumers. The researchers also found that Apple iOS apps exhibited more risky behavior than Android apps:

"... 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps. Of the 200 iOS apps Appthority tested (100 free, 100 paid), 62% tracked for location, 56% used single sign-on, 59% offered in-app purchasing, 43% shared data with ad networks or analytics companies, 39% accessed the address book or contact list, and 20% accessed the calendar..."

So, assuming that Apple iOS apps are safe is not a good security solution for consumers. Many apps track your GPS location needlessly. That is, the app doesn't need your geo-location to operate, but it collects it anyway so the developer can sell more data to advertising networks and analytics/tracking companies. And the apps won't always tell you they are doing this:

"In some cases, developers are paid based on the amount of data they collect and share about users. Have you ever noticed an app that’s constantly running in the background (that really has no need to)? It’s possible that it’s tracking your location and sharing it with outside parties for advertising purposes. App developers will often ask for these types of permissions upfront, but unfortunately that’s not always the case; or, the language they use is intentionally deceptive."

Plus, these apps that constantly collect and report your geo-location will consume more of your valuable data plan minutes, since many telecommunications providers have eliminated the unlimited data plan option. Some of the companies that built the leading Apple iOS apps:

"Disney dominated the market share of popular iOS apps (10 apps), followed by Electronic Arts (5), Apple (4), George CL (4) and Rovio Entertainment (makers of Angry Birds) (4). There were 79 different developers in the top 100 paid iOS apps... From the top 100 free iOS apps, there were 81 different developers... "

Some of the companies that built the leading Android apps:

"... Electronic Arts led the pack (5 apps), followed by Disney (4), Gameloft (4), Google (4) and Chainfire (3). There were 88 different developers in the top 100 paid Android apps... With the top 100 free Android apps, there were 85 different developers..."

Most of these apps are games, followed by social networking apps, music apps, and utilities:

"... gaming apps exhibited more risky behaviors across all categories, with the exception of accessing the address book or contact list. More than twice as many gaming apps (68%) supported in-app purchasing, as compared to non-gaming apps. Also, interestingly enough, gaming apps and non-gaming apps showed the same level for location tracking (57%)... 56% used single sign-on, 51% shared data with analytics or ad networks, 43% identified the user (UDID), 27% accessed the address book or contact list, and 13% accessed the calendar..."

The complete report lists the apps studied by type (e.g., free, paid), by platform (e.g., Apple iOS, Android), and by name.

Since many consumers use their mobile devices for both work and personal activity, some IT departments might be tempted to block or ban gaming apps as a data security policy. The researchers advise against this, because not all gaming apps are risky, and not all  apps in other categories (e.g., social networking, music, utilities) are safe. Plus, most employees will resent and resist being told what apps they cannot download onto their personal devices.

While the Apple iOS platform seems safer than the Google Android platform, the Apple iOS apps are riskier. So, brand loyalty isn't necessarily a good data security strategy.

In my view, using mobile apps today is like the wild west frontier of the 1800s. Anything goes. Past studies have documented the lack of privacy policies with too many mobile apps. In some instances, class-action lawsuits have been a remedy to abuses for consumers.Some states' attorney generals have cracked down on apps that abuse consumers' sensitive personal data.

Download the complete App Reputation Report by Appthority.


11 Dangers To Personal Information

[Editor's Note: I am pleased to present in today's post the press release below by ID Experts.]

PORTLAND, Ore. — July 10, 2013 — The security of personal information is at greater risk now than a decade ago. Financial identity theft and medical identity theft—with life-threatening implications—are impacting millions of people. In fact, experts estimate that an identity is stolen every three seconds. The infographic, Is Your Information Safe?, provides a snapshot of identity theft and data breach over the last decade. According to leading experts, global networks and use of advanced sinister technologies are expected to escalate, threatening consumers’ information:

1. Global criminals. Criminals are now globally connected and increasingly part of organized crime rings.
-- Rick Kam, president and co-founder, ID Experts

2. Undetected hackers. Advanced persistent threat (APT) is when hackers gain access to a company’s network and remain there undetected for a long period of time.
-- James Christiansen, chief information risk officer, RiskyData

3. Malicious attackers. Hacktivists have an advantage over today’s corporate data.
-- Dr. Larry Ponemon, chairman and founder, the Ponemon Institute

4. Data breaches affect everyone and everything. Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
-- Kirk Nahra, partner, Wiley Rein, LLC

5. Electronic breaches are infinite. Electronic health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage for an unlimited period of time.
-- James C. Pyles, principal and co-founder, Powers Pyles Sutter & Verville PC

6. More devices, science fiction type-technologies, to digitize personal data. Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software—all used to collect and digitize consumers' sensitive personal data—are on the horizon, and will force consumers to demand better privacy protections.
-- George Jenkins, editor, I’ve Been Mugged

7. The Insider Threat. Dishonest and poorly trained employees pose one of the greatest threats to consumers' personal information; it's much easier to do damage once inside the castle.
-- Philip L. Gordon, shareholder, Littler Mendelson, P.C.

8. Data cannot be protected. The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected.
-- Anthony M. Freed, community engagement coordinator, Tripwire Inc.

9. Bring Your Own Device (BYOD). More employers are allowing employees to utilize their own personally-owned mobile devices for work. While this can increase productivity and convenience, it introduces several potential data security threats.
-- Joanna Crane, senior consultant, Identity Theft Assistance Center

10. Data breaches involving sensitive consumer information have become the new normal. Consumers must play an active and long-term role in the privacy and security of their personal information and regularly monitor their financial account statements, credit reports and healthcare explanation of benefits.
-- Robin Slade, development coordinator, Medical Identity Fraud Alliance (MIFA) and president & CEO, FraudAvengers.org

11. The Surveillance Economy. With technologies such as Google Glass that can record video without anyone's knowledge or approval, we are always on candid camera. Combine that with location-based tracking on our mobile devices and suddenly privacy seems to be an outdated concept.
-- John Sileo, privacy evangelist and CEO of The Sileo Group

“Identity theft will not go away, until the issue of identity is solved,” said Robert Siciliano, CEO, IDTheftSecurity and personal security and identity theft expert. “‘Identity-proofing’" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.”

About ID Experts

ID Experts delivers complete data breach care. The company's solutions in data breach prevention, analysis and response are endorsed by the American Hospital Association, meet regulatory compliance and achieve the most positive outcomes for its customers. ID Experts is a leading advocate for privacy as a contributor to legislation, a corporate and active member in both the IAPP and HIMSS, a corporate member of HCCA and chairs the ANSI Identity Management Standards Panel PHI Project. For more information, join the LinkedIn All Things HITECH discussion or All Things Data Breach; follow ID Experts on Twitter @IDExperts; and visit http://www2.idexpertscorp.com/.

###

Media Contacts:

Kelly Stremel or Lisa MacKenzie
MacKenzie Marketing Group
Phone: 503-225-0725


A Rapid Increase In The USA In Utility Smart Meter Installations

U.S. Department of Energy logo We've all heard phrases such as "the smart grid" and "smart meters." What are they about? What's going on?

It's wise for consumers to familiarize yourself with the above phrases and new terminology. Change is coming to many homes and businesses. According to the U.S. Department of Energy, which defines the "smart grid" is:

"... a developing network of new technologies, equipment, and controls working together together to respond immediately to our 21st century demand for electricity."

That sounds beneficial and harmless enough. The new technologies and equipment include utility smart meters, or "advanced metering infrastructure" (AMI), as the industry calls them. The industry is replacing the old technology (e.g., analog utility meters) in both homes and businesses with new technology: smart meters.

Smart meter by Baltimore Gas and Electric. What makes these new meters smart? These devices do several things:

  1. Communicate two-ways via radio frequencies (e.g., wireless connections) between the customer and the service provider
  2. Have sufficient memory to store a customer's usage, as much as a year
  3. Store and transmit customers' energy consumption in digital format
  4. Transmit energy consumption to the service provider at regular intervals, as often as every 15 minutes

The service provider is the utility or private company that provides you with power; the company that sends you your monthly energy bill. The customer's energy consumption can include electricity, gas, or both. The "two way" connection is important because the device transmits usage, and staff at the service provider can query meters to retrieve data.

By August 2012, about 36 million smart meters had been installed in the USA. States with the highest number of smart meter installations -- the industry calls it "penetration" -- have penetration rates greater than 50% across all customer types: residential and businesses. In 2011, the states with penetration rates equal or greater than 50% included Alabama, Arizona, Delaware, Georgia, Idaho, Maine, and Texas. Another half-dozen states had penetration rates of 30% or more.

Penetration rates across all business sector since 2007:

Smart meter deployment in the USA from 2007 to 2011 by the U.S. Department of Energy

So, in 2011 about 23% of residential energy customers used smart meters. That's up from about 2% in 2007. That seems to be pretty fast growth. Experts expect this growth to continue.

There are several reasons for the growth. The frequently mentioned benefits for service providers are lower operating and maintenance costs. The service providers no longer have to send technicians monthly to your home or office to record the usage on your meter. Now, workers remotely at the service provider can collect customers' energy consumption real-time.

The benefits for consumers: you can better understand your energy usage, and (in theory) make changes accordingly to lower your consumption and costs. For example, a promotional video by Baltimore Gas and Electric (BGE) presents four benefits for consumers:

"1. Energy management tools
2. New rebate programs
3. Fewer estimated bills
4. Enhanced service restoration after an outage"

Previously, a service provider sometimes estimated your monthly bill based on past usage, when it didn't send a technician to read the usage on your meter. Given all of these benefits, everything sounds peachy with no problems. Well, not necessarily. An upcoming blog post will explore some of the issues associated with smart meters.


Survey: The Public's Views Of The NSA Spying Leak, The Whistle Blower, and a Wikileaks Comparison

Pew Research released the results of a survey conducted June 12 - 16, 2013. The survey, conducted by Pew Research and USA Today, asked 1,512 adults their opinions about the whistle blower and the impact of the leak about the NSA spying programs. Key results:

  1. The public seems split over whether or not the whistle blower's leak served the public interest. 49% believe it served the public interest. 44% believe it harmed the public interest.
  2. Most, 54%, believe the whistle blower should be criminally prosecuted.

Pew Research also found:

"Young people, by 60% to 34%, think that the NSA leak serves the public interest. Americans 30 and older are divided (46% serves vs. 47% harms)... the public has a more positive opinion about the impact of the revelations of NSA communications surveillance on the public interest than it did about the release of a massive trove of classified material about U.S. diplomatic relations by the Wikileaks website two-and-half years ago."


2.4 Million Customers Leave The Five Biggest Banks In The UK

The Move Your Money campaign in the United Kingdom announced on June 12 that about 2.4 million customers have moved their accounts from the five largest banks to smaller and local banks:

"The figures, based on quarterly market polling publically available, show a mass movement away from the big banking groups, Lloyds, RBS, Barclays, HSBC and Santander. This represents a 5% point loss of the market share of current accounts, and demonstrates a massive response from ordinary people to a year of scandal by voting with their feet and switching who they bank with."

The data, drawn from industry studies, presents an increase in the migration of accounts from the big banks. Experts predict the trend to continue throughout 2013. Laura Willoughby MBE, Chief Executive of campaigning website MoveYourMoney.org.uk, said:

“The constant slew of scandals last year has opened the floodgates, and people are beginning to realise that they don’t have to put up with the arrogance of the big banks... People are switching because they are angry about the lack of reform in Britain’s broken banking system, and have decided to take matters into their own hands."

Many people are frustrated with the huge bonuses bankers paid themselves, and with the Libor rate-fixing scandal.

This is proof positive that consumers have power in the marketplace, and can have an impact. Consumers in the United Kingdom are using that power. Visit the Move Your Money website for the USA. Woe to the banks and companies that do not respect that power.


Blogger Claims Toddlers Killed More People Than Terrorists In The USA This Year

This is not humor. At the Opposing Views website, blogger Stacie Borrello has started an interesting analysis. Borrello claimed:

""You you might be shocked to know that preschoolers with guns have taken more lives so far this year than the single U.S. terrorist attack, which claimed four lives in Boston."

Borello searched through news reports and found the instances where children ages 3 through 6 gained access to guns and killed people (e.g., others, parents, and/or themselves). She found 11 deaths in 5 months where the shooter was ages 3 to 6. Borello concluded:

"... most if not all of the above deaths and injuries can be attributed to careless adult gun owners... we still must reach a compromise to address gun violence. I do not have all the answers, but I know as responsible citizens we have to do something... People who worship the Second Amendment should recognize the “well-regulated” aspect of gun ownership that the forefathers intended..."

I hope that others build upon this analysis, to help us understand the impacts and reach of gun violence.


Research And Survey Results About Civil Liberties And Protection Against Terrorism

Disclosures last week about secret programs by the U.S. government that spy on both citizens' telephones and Internet usage, have raise the question: is it necessary to give up civil liberties for protection against terrorism. Several pundits and politicians (from both parties) have been quick to defend the current administration's programs.

I wanted some context with a reliable poll about what American believe and think about the issues. The Pew Research center provides some solid statistics with a historical perspective and context:

"...Since shortly after 9/11, Pew Research has asked whether people’s greater concern is that anti-terror policies will go too far in restricting civil liberties, or that they won’t go far enough in adequately protecting the country. The balance of opinion has consistently favored protection..."

Ten years after 9/11, things have changed. First:

"... fewer Americans think it will be necessary to sacrifice civil liberties to combat terrorism than did so shortly after the 9/11 attacks. In a poll conducted in 2011, shortly before the 10th anniversary of 9/11, 40% said that “in order to curb terrorism in this country it will be necessary for the average person to give up some civil liberties,” while 54% said it would not. A decade earlier, in the aftermath of 9/11 and before the passage of the Patriot Act, opinion was nearly the reverse (55% necessary, 35% not necessary)."

The table below highlights the flip in public opinion:

  % of Americans Surveyed Who Agree That It Is:
  Necessary to give up civil liberties for protection Not necessary to give up civil liberties for protection
2001 55% 35%
2013 40% 54%

One of those civil liberties is privacy. The second shift is the opinion that government should track terror suspects, but not everyone. Spying on all Americans has historically gotten low support; even lower than other methods (e.g., ID cards, credit cards, airport checks):

  % of Americans Surveyed Who Support:
  Government monitoring personal phone calls and emails Extra airport checks on passengers who appear to be of Middle Eastern descent
Aug., 2002 33% 59%
Dec. 2006 34% 57%
Aug. 2011 29% 53%

And, all of this was before the NSA spying disclosures.

In a recent poll by Pew Research and the Washington Post, people wereo asked whether they find it acceptable for:

"NSA getting secret court orders to track calls of millions of Americans to investigate terrorism..."

56% of respondents said this is acceptable while 41% don't. So, just over half of people support the FISA secret court program. Pew also asked:

"Should the government be able to monitor everyone's email to prevent possible terrorism?"

45% said yes while 52% said no. So, less than half of respondents support this. That is not a majority, nor what I would call a ringing endorsement. And, neither question really addressed Internet usage, since email is only part of a person's Internet usage. Plus, the questions didn't include any time parameters (e.g., sometimes).

There are a lot of polls circulating. How one frames or asks the questions greatly influences the results. For example, if you ask the question this way (E.g., Should the government monitor terror suspects? Do you think that it is sometimes necessary to sacrifice civil rights to fight terrorism? To prevent terrorism?), you will get very different results than if you ask it this way (e.g., Should the government monitor all citizens? Do you think that it is necessary to sacrifice civil rights to fight terrorism? To prevent terrorism?). One poll after the NSA spy disclosures cited support for government spying by British citizens. Polls of Americans generated conflicting results in 2006.

The Associated Press conducted a poll in 2011 (Adobe PDF document) and also asked the question straightaway:

"Q11. Do you think that it is sometimes necessary for the government to sacrifice some rights and freedoms to fight terrorism, or is it never necessary to sacrifice rights and freedoms to prevent against terrorism?"

The results: 64% of respondents said it was sometimes necessary. 33% said that it was never necessary. 2% said they didn't know. And 1% didn't answer the question. Note: nobody is agreeing to give up civil liberties perpetually or forever.

Since the NSA and PRISM spying programs have run consistently for about seven years, one can argue whether or not this meets the definition of "sometimes." To me, it doesn't meet the definition. Not even close.

ProPublica documented the history of changes in surveillance laws that have led to today. It's important to understand the changes also during the President George W. Bush administration.

So, is it necessary to give up civil liberties for protection against terrorism? This is a discussion we must have. And, our politicians must listen.

Americans get it. they don't want to trade civil liberties for protection. And, the balance between civil liberties and protection is out of balance. Woe to politicians who ignore the above facts.


Visa Survey Claims Consumers Lose $1 A Day In Cash

Visa logo While surfing the web recently, I ran across a news item at Talking Payments, a website for people and companies (e.g., banks, retailers, card issuers, payment processors, etc.) interested in digital payments. The TP news item mentioned a study by Visa that consumers lose, on average, about $1.00 a day.

To learn more about the Visa study, I next visited the Visa Viewpoints website. The August 2012 survey included 5,641 people in Australia, India, Indonesia, Japan, Russia, Singapore, South Africa, South Korea, Taiwan, Thailand, the UAE, and the USA. View the infographic about the study (Adobe PDF). The survey tries to document the "cost" to consumers of using cash by adding cash lost plus idle cash. Some findings:

  • In the US: $365 lost cash = $285 in lost foreign currencies after trips + $80 in idle cash lying around your home, office and/or car.
  • In the US: men ($331) lose more than women ($245). And, younger people ($165) lose more than older people ($135).
  • Lost cash varies across countries: Singapore ($656), Australia ($361), Japan ($349), and Russia ($137)

At first read, this seems very interesting. The implication of this study is that consumers who use payment cards (e.g., credit, debit, or prepaid) won't lose cash daily. Losing $1.00 a day in cash equals about $30 a month, or $365 a year.

Do you lose $1.00 a day in cash? I don't. I know this as I check the cash in my pocket at the end of the day -- everyday. When I receive change in the form of bills, I place that change in my wallet immediately. And, I don't consider idle cash as "lost." Maybe you do, but I don't. So, I am wondering exactly what consumers really lose $1.00 a day cash, and if people really lose that much cash daily.

One of the footnotes in the Visa inforgraphic reads:

"2. Foreign currencies given as tips given away in airports and/or misplaced."

What? So, a portion of the supposedly lost foreign currencies includes tips. I don't consider tips as lost money. When traveling, I tip bellhops, taxi drivers, and others who help me with my luggage. That's not lost money, That is paying for services received. Sometimes, I have foreign currencies left over from a trip, but that amount is nowhere near $285. It's under $5.

What's really going on here?

In my view, several things. First, banks really want to capture usage from consumers who don't have traditional bank accounts, or have only one account (e.g., checking or savings). Second, banks really want consumers to migrate to prepaid cards where there are fewer regulations for them; which means fewer or weaker consumer protections and consumer rights. That includes banks working with employers to provide payroll cards and banking services via prepaid cards, and/or health care spending accounts via prepaid cards. To learn more, read the list of prepaid card fees in this blog post, the payroll cards from Bank of America, and the Walmart MoneyCard.

To me, the study methodology compiled numbers in a way to inflate the amounts lost to justify these business goals.

Third, even if you lose as much as $1.00 a day in cash, a fair comparison is to consider the fees associated with prepaid cards, and if those those fees are greater than the cash you really lose. CNN Money found that basic prepaid card fees are about an average of $300 per year. That is almost as much as the supposed cash lost by consumers in the US, Australia, and Japan. Those average prepaid fees exceed the cash lost by consumers in several countries.

Both CNN Money and Consumer Reports found a wide variety of fees when it investigated prepaid cards: activation fees, monthly fees, reload fees, cash withdrawal fees, inactivity fees, online payment fees, paper statement fees, customer service phone call fees, and more.

What do you think of the Visa lost cash study?


Report: It Takes Months For Organizations To Detect And Resolve Data Breaches

I started writing this blog after a data breach at a former employer exposed my sensitive personal information. The consequence was that I had to take action due to a former employer's sloppiness.

Given that history, a new report by the Ponemon Institute, and sponosred by Solera Networks, caught my attention. The report included results from a study of data breaches in organizations to understand the differences between malicious and non-malicious data breaches, plus any lessons learned from the post-breach and forensic investigations.

Typically, after a data breach organizations' IT departments investigate independently or with the assistance of an outsourced technology consultant, the data breach. That investigation includes the cause of the breach, the specific computer systems and/or networks compromised, the number and types of records accessed (e.g., current employees, prior employees, contractors, students, etc.), and the specific data elements (e.g., names, street addresses, bank account numbers, Social Security numbers, e-mail passwords, etc.) accessed and/or stolen. By understanding what happened, organizations, in theory, can better secure their computers and networks from future data breaches.

The Ponemon study used the following definitions for data breach types:

"... we define a non-malicious breach as a system error, employee negligence or third-party snafu and a malicious breach is defined as one involving the theft of information assets by a criminal insider or [external hacker]..."

I found the results fascinating for several reasons. In my personal experience, my former employer's breach included data tapes shipped via a third-party vendor which never arrived at the off-site storage facility. This affected my privacy along with that of both current and other former employees.

First, the global results from the Ponemon report:

  • 54% of IT professional respondents said (e.g., Strongly Agree or Agree) that the severity of data breaches has increased during the past 24 months
  • 52% of respondents said (e.g., Strongly Agree or Agree) that the frequency of data breaches has increased during the past 24 months
  • Only 44% of respondents said that their organization has the tools, personnel, and funding to quickly detect data breaches
  • Only 43% of respondents said that their organization has the tools, personnel, and funding to prevent data breaches
  • While 63% of respondents said that understanding the root causes of data breaches has increased data security in their organization, but only 40% said they have the tools, personnel, and funding to determine the root causes of data breaches
  • On average, it took organizations 49 days to detect non-malicious data breaches, and 80 days -- almost 3 months -- to detect malicious breaches. For resolution, it took 83 and 123 days, respectively.
  • Only 39% of respondents that experienced a malicious breach said that they were confident (e.g., Very Confident and Confident) that their organization determined the root cause of the breach

This is not good. It takes a long time to detect breaches, if at all, and a long time to fix them. The most frequent types of data breaches experienced during the past 24 months:

  • 47% - Employee or contractor negligence
  • 32% - System error or malfunctions
  • 24% - External attacks
  • 23% - Third party mistakes or negligence
  • 14% - Malicious insiders

Where the data breach occurred within the organization varies:

Breach LocationMalicious BreachesNon-Malicious Breaches
Within business unit 15% 27%
During transit or transmission to a third-party location 6% 22%
Off-site 30% 20%
Off-site data center 12% 12%
On-site data center 9% 9%
Unable to determine 28% 9%

When the breach was discovered:

When DiscoveredMalicious BreachesNon-Malicious Breaches
Immediately 2% 20%
Within one week 19% 19%
Within one month 29% 28%
Within 3 months 24% 16%
Within 6 months 6% 4%
Within 1 year 4% 2%
Within 2 years 2% 1%
Unable to determine 15% 10%

So, an astounding 15% of the time organizations were never able to determine when malicious data breaches were detected. That's about one out of every six breaches. How malcious breaches were discovered:

  • 28% - Forensic tools and methods
  • 19% - Loss preventiona tool such as DLP
  • 15% - Notification by law enforcement
  • 10% - Automated monitoring
  • 9% - Accidental discovery
  • 6% - Audit or assessment
  • 3% - Legal filing or complaint
  • 3% - Manual monitoring
  • 3% - Notification by partner or third-party
  • 3% - Consumer or customer complaint
  • 3% - Unsure
  • 1% - Other

Second, some country-specific results:

  • 41% of survey respondents from the USA said (e.g., Strongly Agree and Agree) that their organization were ready with the tools, personnel, and funding to prevent data breaches. The average across all countries was about 44%. Organizations in Japan (56%) and Singapore (58%) led the way with prevention readiness.
  • 42% of survey respondents from the USA said that their organization were ready with the tools, personnel, and funding to quickly detect data breaches. The average across all countries was about 44%. Again, organizations in Japan (55%) and Singapore (57%) led the way with detection readiness.
  • 33% of survey respondents from the USA said that their organization's leaders view data security as a top priority. The average across all countries was about 37%. Again, organizations in Japan (51%) and Singapore (50%) led the way with senior management leadership.

The study included a survey of 3,529 Information Technology professionals in eight countries. 54% of survey participants report directly to the chief information officer (CIO) in their organization. Participants were selected from organizations that had at least one data breach during the past 24 months. The survey included organizations from both the public and private sectors.

Survey respondents by country:

  • 659 - USA
  • 566 - Japan
  • 445 - Brazil
  • 431 - United Kingdom
  • 423 - Canada
  • 395 - Australia
  • 309 - Singapore
  • 301 - United Arab Emirates
  • 3,529 - Total

Third, survey respondents by industry:

  • 18% - Financial Services
  • 11% - Federal and central government
  • 7% - Services
  • 7% - Retail, Internet
  • 6% - Professional services
  • 5% - Industrial products and chemicals
  • 4% - State, province and local government
  • 4% - Communications
  • 4% - Consumer products
  • 4% - Entertainment and media
  • 4% - Hospitality
  • 3% - Defense contractor
  • 3% - Retail, conventional
  • 3% - Technology and software
  • 2% - Energy and utilities
  • 2% - Education and research
  • 2% - Healthcare and medical devices
  • 2% - Pharmaceuticals and biotech
  • 1% Transportation
  • 1% - Other
  • 100% - Total

What is a consumer to take from the results in this report? As I see it:

  1. Data breaches will continue to happen. The bad guys also read reports like this, and determine where the soft or easy targets are.
  2. There is an opportunity for companies and senior executives in the USA to do much better and take a leadership role. Will they?
  3. Outsourcing matters, since about 48% of malicious breaches happened off-site or during transit/transmission with a third party contractor or partner
  4. Despite what senior-level executives say in speeches and press releases about valuing data security, the survey suggests otherwise. Many organizations don't have the necessary tools, personnel, and funding.
  5. Despite what senior-level executives say in breach notification letters after a data breach, they often don't know what happened and won't for a long while, if they ever do. Too many never determine when and what happened.
  6. Informed consumers realize the reality is that you have to protect your sensitive personal data. Don't rely on a employer or former employer to do it.
  7. All of this applies to mobile app developers, app stores, online retailers, and related Internet companies since the study included those industries, too.

Access the complete "Post Breach Boom" Ponemon report here.


Microsoft Survey For Data Privacy Day 2013. What Internet Users Do To Protect Their Privacy

Today is Data Privacy Day, with celebrations in North America and Europe. To support this event, Microsoft released last week the results of a survey of Internet users about what consumers do to protect their privacy. I found some very interesting results:

  • 45% of respondents said they have little or no control over the personal information companies collect about them while browsing the Web.
  • 54% of respondents said they sometimes consider a company's privacy reputation, track record or policies when selecting which websites to visit.
  • 32% of respondents said they always consider a company’s privacy reputation, track record and policies when selecting which websites to visit
  • 24% of respondents said that they had little or not control over the personal information they share online
  • Regarding website privacy, 39% said they consult a family member or friend about a website, 39% check a company's website privacy policy, 29% check the company's privacy policy, 21% check an industry or consumer organization, and 15% do nothing. More men do nothing (17%) than women (12%).
  • The sources of privacy information respondents trust most are friends and family (33%), industry or consumers organizations (25%, a website's privacy statement (22%), a company's privacy statement (20%), government agencies (15%), and news media (10%). Younger adults are more likely to trust government agencies, while older adults are least likely (5%) to trust news sites.

In a blog post, Brendon Lynch, Microsoft's Chief Privacy Officer, said:

"... customers want and expect strong privacy protections to be built into our products, devices and services, and for companies to be responsible stewards of consumers’ data... People also need more information about their privacy options and help controlling their personal information online."

I agree with that. Consumers want and need more control over their sensitive personal information.

The survey included interviews of 1,015 adults aged 18 or older. The survey was conducted during November 2012 by Microsoft and Ipsos MediaCT. Some descriptive facts about the survey respondents:

  • 51% were female
  • Ages: 18 to 34 (31%), 35 to 54 (37%), and 55 or older (32%)
  • Household income: below $50K (42%), and $50K or higher (58%)
  • Education: high school or less (32%), some college (35%), college graduate (20%), and post graduate (13%)
  • Employment: full-time (39%), part-time (11%), retired (17%), unemployed (11%), homemaker (9%), student (6%), and other (10%)

Study: 30 Percent Of Teen Girls Meet In Person Strangers They Met Online

This is a startling and terrifying statistic. Parents: what is your teenage daughter doing online? WFMJ reported the results of a recent pediatric study:

"... the study tracked online and offline activity among more than 250 girls aged 14 to 17 years and found that 30 percent followed online acquaintance with in-person contact..."

The study, funded by a grant from the National Institutes of Health (NIH), included a mix of girls with and without a history of risky behavior. The study's author is Jennie Noll, a professor of pediatrics at the University of Cincinnati. The NIH is part of the U.S. Department of Health and Human Services (DHHS).

I recommend that parents read the WFMJ article, since it includes additional information. Reportedly, the study appeared in the Journal of Pediatrics. I wished that the study had included younger girls, since many social networking sites allow youth aged 13 and older to register.


Unclear About Data Brokers But Wanting Control And More Disclosure

While the U.S. Senate probes data brokers and consumer privacy issues, a recent study by Trusted ID provides some insights into how consumers view data brokers:

  • 80% of respondents do not have a good understanding of what a data broker is, what they collect and how they use information
  • About 80% of respondents state that it is important to control their data collected and archived by data brokers
  • 76% of consumers feel that it is important to be notified about information that data brokers collect
  • 80% of respondents want a centralized website to manage their information that is collected and archived by data Brokers

The survey was conducted online between August 23 and September 5, 2012, with a national sample of 2,960 Americans.

Earlier this year, the data broker Spokeo paid $800,000 to settle charges by the U.S. Federal Trade Commission (FTC) that it allegedly violated the Fair Credit Reporting Act by operating as a credit reporting agency and by maketing consumers' profiles to companies in several industries without implementing methods to protect consumers as required by the FCRA. The complaint (Adobe PDF) filed by the FTC, in June 2012 in the Central District Court in California, read in part:

"Spokeo assembles consumer information from 'hundreds of online and offline sources,' such as social networking sites, data brokers, and other sources to create consumer... In its marketing and advertising, [Spokeo] has promoted the use of its profiles as a factor in deciding whether to interview a job candidate or whether to hire a candidate after a job interview. Spokeo purchased thousands of online advertising keywords including terms targeting employment background checks, applicant screening, and recruiting. Spokeo ran online advertisements with taglines to attract recruiters and encourage HR professionals to use Spokeo to obtain information about job candidates' online activities. Spokeo has affirmatively targeted companies operating in the human resources, background screening, and recruiting industries... Spokeo profiles are consumer reports because they bear on a consumer's character, general reputation, personal characteristics, or mode of living and/or other attributes listed in section 603( d), and are "used or expected to be used... in whole or in part" as a factor in determining the consumer's eligibility for employment or other purposes specified in section 604."

Consumers can conclude a couple things from this. First, sloppy data practices by data brokers can abuse consumers' information. Second, what you share online in social networking sites can affect whether or not you get a job, or even get an interview. In the rush to make money and create new revenue streams, social networking sites now use your information in ways you didn't originally intend. The I've Been Mugged blog first reviewed Spokeo in 2010.

Download the Trusted ID survey results in the, "Consumer Perspectives - Data Brokers In Review" report (Adobe PDF).


National Protect Your Identity Week 2012

Not sure what you can do to protect your sensitive personal information? October 20 - 27, 2012 is "National Protect Your Identity Week" (NPYIW).

The ProtectYourIDNow site contains a wealth of information for consumers, plus local events by state. I visited the website to see what's available this year. There are some interesting statistics about how consumers don't protect themselves nor their sensitive personal information:

"68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet's name-all are prime examples of personal information a company would use to verify your identity."

While it may feel nice to receive birthday congratulations from your "friends" on social networking websites, the fact is that your birth date is a sensitive and critical piece of personal information that data brokers (and identity thieves) use to distinguish between multiple people with the same name. Experts warn consumers to stop doing these seven things on Facebook and other social networking websites. Some other interesting statistics:

"Seven percent of Smartphone owners were victims of identity fraud... 32 percent of Smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen... 32 percent save login information on their mobile device... Young adults, aged 18-24, took the longest to detect identity theft - 132 days on average... the average cost ($1,156) was roughly five times more than the amount lost by other age groups... Children may be 51 times more likely than adults to have their identity stolen..."

The NPYIW website includes tips to protect yourself, informative videos, advice about what to do if you are a victim of identity theft and fraud, and an online quiz to test your knowledge about identity theft and fraud. Sponsors of NPYIW include the National Foundation for Credit Counseling, the National Sheriffs Association, the National Association of Triads, the Consumer Federation of America, the Council Of Better Business Bureaus, the U.S. Federal Trade Commission (FTC), the Identity Theft Resource Center, the National Crime Prevention Council, the Credit Union National Association, and many others.

Did you attend a NPYIW event? If so, share your experience below.


Study: Small And Medium Sized Businesses Face Growing Data Security Threats

According to a new report by Osterman Research, and sponsored by Trend Micro, while cloud and mobile device usage have increased within small and medium sized businesses, so too has malware and data security threats. The survey found that about 52.1% of devices (e.g., desktop computers, laptops, tablets, smartphones) used by employees were infected annually with malware. In any given month, about 4.3% of devices were infected.

The report found that the malware has become more serious, with more versions, a short life, had target specific mobile devices (e.g., devices running the Android operating system) ,and had targeted businesses in specific countries that perform online banking.

The researchers found the costs to businesses were substantial. Information technology (I.T.) departments spent on average 72 minutes per device to remove the malware and fix the infected computer. The direct I.T. staff cost was about $2,400 per device per year. And, those costs don't include the lost employee productivity.

The data breaches from this malware can lead to theft of money, trade secrets, or the sensitive personal information of employees, former employees, and contractors. Criminals try to infect employees' devices with keystroke-logging malware to steal online bank account passwords. The report listed some of the company data breaches where businesses were robbed in this manner:

  • Western Beaver County School District: $700,000
  • The Catholic Diocese of Des Moines: $600,000
  • Hillary Machinery: $800,000 (its bank was able to recover only $600,000)
  • Patco: $588,000
  • Experi-Metal, Inc.: $560,000
  • Village View Escrow: $465,000
  • An unidentified construction company in California: $447,000
  • Choice Escrow: $440,000
  • An unidentified solid waste management company in New York: $150,000
  • An unidentified law firm in South Carolina: $78,421

So, if you work in a small or medium sized business that performs online banking, you can assume that identity thieves and criminals have targeted your employer and, most likely, your mobile device.


Survey: How Mobile Device Users Protect Their Privacy With Mobile Apps

A recent survey by the Pew Research Center investigated how mobile device users manage their privacy. The survey included both cell phone users and smart phone users. Key findings:

"54% of app users have decided to not install a cell phone app when they discovered how much personal information they would need to share in order to use it; 30% of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn’t wish to share. Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons."

It is good to read that consumers are not blindly downloading and using mobile device apps, since prior studies have documented sporadic and inconsistent access to privacy policies for mobile apps. After pressure from the California Attorney General, several companies (e.g., Amazon.com, Apple, Google, hewlett-packard, Microsoft, and Research In Motion) that operate mobile app stores agreed to improve app privacy policies disclosing the personal data collected, stored, and shared. Earlier this month, researchers at M.I.T. documented privacy abuses by mobile apps that tracked consumers without notice nor consent. And, the U.S. Federal Trade Commission published guidelines for businesses that develop and market mobile device apps.

The Pew survey found that almost one-third, 31% of all smart phone users surveyed, have lost their device or had it stolen. Among users 18 to 24 years of age, about 45% had either lost their device or had it stolen. The survey authors concluded:

"Smartphone owners are generally more active in managing their mobile data, but also experience greater exposure to privacy intrusions"

The table below highlights this conclusion:

ActivitySmart Phone UsersCell Phone Users
Back up phone contents 59% 21%
Cleared browsing or search history 50% 14%
Turned off location tracking 30% 7%
Experienced lost or stolen device 33% 29%
Somebody accessed device in a way that felt like a privacy intrustion 15% 8%

Pew conducted the nationwide survey, in both English and Spanish, of 2,254 adults (age 18 and older) during March 15 to April 3, 2012. Download the Pew report: "Privacy and Data management on Mobile Devices."


The Risks Of Buying Drugs Online

Everyone loves a good deal. And the Internet provides several sources of deals and discounts. If you seek deals on prescription drugs, there are several things you should know so you don't get "mugged" by a rogue online pharmacy website.

Earlier this year, the National Association of Boards of Pharmacy (NABP), which accredits online drugstores, released the results of a study where it reviewed more than 9,600 online pharmacies. Key results:

  • Most are rogues sites: 96.6% (or 9.349 of 9,677 online pharmacies reviewed) operated out of compliance with existing laws and standards
  • Only 2.7% (259 online pharmacies) to be legitimate websites, and 0.7% (69 sites) were accredited through an NABP verification program
  • Of these 9,349 online pharmacies, 8,122 don't require a valid physician's prescription
  • 4,648 offer foreign or drugs not approved the U.S. FDA
  • 3,363 have internet servers outside the USA
  • 1,523 don't have secure web sites

The problem is intensified by drugs that are in short supply. Fraudsters know this and try to take advantage of the situation:

"The most critical shortages involve cancer, antibiotic, nutrition, and electrolyte-imbalance medicines, according to the FDA. For many community pharmacies, health-system pharmacies, and patients the lack of availability of needed -- and often life-saving -- medications through official, authorized supply channels means resorting to unconventional and more dangerous means of obtaining the medications, sometimes turning to unknown sellers online. The unfulfilled demand for these medications has created a lucrative market for counterfeiters..."

The results: several risks to consumers. One risk is that you may not get what you paid for:

"... health care facilities and patients have no assurance that the substances they receive are what they are purported to be. Many of the replacement drugs purchased online are unregulated, meaning there are no safeguards in place to ensure their identity, safety, efficacy, where and under what conditions they were made, or how they were handled."

A second risk is to your health. Counterfeit drugs can fail to address your medical conditions, make you sicker, or kill you:

"... two-thirds of the online drug sellers discovered in this study are represented on the NABP list of Not Recommended sites. These illegal online drug sellers pose serious risks to patient health. The risk is especially high with vaccines..."

A third risk is identity theft or fraud at those online pharmacies that operate unsecured sites.

Earlier this year, the U.S. Congress House Committee on Oversight and Government Reform investigated "gray market" companies, that operate outside of authorized drug distribution networks to provide short-supply drugs at hugely inflated prices. In July 2012, the committee released its report (Adobe PDF), which found:

"... a growing number of prescription drugs sold in the United States have experienced supply shortages. Because these shortages have been most severe among a group of injectable drugs used to treat patients with cancer and other serious illnesses, they have had a particularly serious impact on hospitals... During drug shortages, hospitals are sometimes unable to buy drugs from their normal trading partners, usually one of the three large national “primary” distributors... some short-supply injectable drugs do not reach health care providers through the manufacturer-wholesaler distributor-dispenser chain that policymakers and industry stakeholders present as the typical model for drug distribution. Instead, these drugs “leak” into longer gray market distribution networks, in which a number of different companies – some doing business as pharmacies and some as distributors – buy and resell the drugs to each other before one of them finally sells the drugs to a hospital or other health care facility. In more than two-thirds (69%) of the 300 drug distribution chains reviewed in this investigation, prescription drugs leaked into the gray market through pharmacies. Instead of dispensing the drugs in accordance with their professional duties, state laws, and the expectations of their trading partners, these pharmacies re-sold the drugs to gray market wholesalers..."

The investigation also found:

"... a number of businesses holding pharmacy licenses that do not dispense drugs, but instead appear to operate for the sole purpose of acquiring short-supply drugs that can be sold into the gray market.... Some gray market wholesalers gain access to shortage drugs by recruiting pharmacies to act as their purchasing agents..."

The impact is far higher drug prices than otherwise for health care facilities, hospitals, and consumers.

The NABP operates several online pharmacy accreditation programs, including the Verified Internet Pharmacy Practice Sites (VIPPS), the Veterinary-Verified Internet Pharmacy Practices Sites (Vet-VIPPS), and the e-Advertiser Approval Program. The NABP has appllied to the Internet Corporation For Assigned Names and Numbers (ICANN) for a specific domain-name to help consumers recognize accredited online pharmacies.

To protect yourself online, experts advise consumers to:

  1. Buy drugs online from reputable stores you already know
  2. Look for NABP VIPPS and Vet-VIPPS symbols when shopping
  3. Visit AwareRX.org, which maintains lists of both NABP-recommended and not-recommended online pharmacy websites
  4. Visit SafeMedicines.org operated by the Center for Safe Internet Pharmacies (CSIP), which contains a tool for patients to check if doctors in their state purchased counterfeit cancer medications
  5. Watch this public service announcement produced by the CISP:

Download the full NABP report: "Internet Drug Outlet Identification Program Progress Report for State and Federal Regulators: April 2012" (Adobe PDF).


How To Evaluate Prepaid Card Options

Perhaps, you have already noticed. Banks now offer a variety of prepaid cards. They are popular to. According to a 2012 report by CardHub.com:

"Consumers loaded $57 billion onto prepaid cards in 2011, a nearly 33% increase from 2010, and that number is expected to rise by 44% to $82 billion in 2012, according to the Mercator Advisory Group. By 2013, the group predicts consumers will load $117 billion onto prepaid cards, which would mark a 200% usage increase in just three years."

With so many prepaid card options, how can a consumer pick the best card? It all depends upon your financial situation. Of course, if you have the money, opening traditional checking and savings accounts at a bank or credit union is probably the best route. There are several articles in this blog to help you decide if moving your money to a prepaid card is a wise choice.

If you are determined to use a prepaid card instead, the best card for you probably depends upon your specific financial situation: how often you are paid, how much you are paid, the format of your pay, your spending and shopping patterns, and if you perform online banking.

In its 2012 report about prepaid cards, CardHub.com presented three scenarios to help consumers evaluate and find the best prepaid card. The three scenarios:

  • Scenario 1:a person paid $2,000.00 monthly, whose employer offers direct deposit, visits an ATM once per week, expects to makes five purchases per week with their prepaid card, and pays two bills per month by check.
  • Scenario 2: a person gives their teenager a $100.00 monthly allowance. The teenager visits an ATM twice per month and expects to makes two purchases per week with the prepaid card each week. In this scenario, money is loaded onto the prepaid card from the parent's bank or PayPal account.
  • Scenario 3: a person paid weekly and earns $1,600.00 monthly, does not have the direct deposit option, and expects to make three purchases per week with the prepaid card. In this scenario, the person must load money to their prepaid card and make ATM withdrawals each week.

Of course, you can pick the scenario that matches or is closest to your financial situation. It might be that none of these scenarios adequately describe your financial situation. Maybe you have more children, earn a vastly different amount, or shop more often (e.g., groceries, lunches while at work).

Of course, you have the option to give your teenage child an allowance in cash and let him or her learn by deciding whether or not to transfer their cash to a prepaid card. Regardless, if is important for both parents and youth to learn the differences between credit cards, debit cards, and prepaid cards. Banks can charge a variety of fees on prepaid cards. Some employers offer banking services, pay their employees via prepaid cards, and administer health care spending accounts via prepaid cards.

In its 2012 report about prepaid card, CardHub.com listed the monthly costs for various banks' prepaid cards for the above three scenarios, and which prepaid cards are not suitable. Some of the monthly costs exceed $26.00, which is a lot ot pay for any banking option. So, it is wise to shop around and do your homework first. Know your pay and spending patters, then compare prepaid cards based on your banking habits.

Whatever you decide, it is wise to revisit your decision after a few months to see if your banking habits changed. A change in pay, ATM withdrawals, out-of-network ATM withdrawlas, and/or spending may make a prior decision no longer best for you:

"... every card has different fees based on the specific usage of each card. How often a person uses an ATM and how much money they load onto the card each month are the most important drivers in the cost of each card..."

If you use a prepaid card, what do you use it for. And what factors influenced your prepaid card choice?