Unemployed- The American Dream turns into The American Nightmare

There are so many articles and news reports about unemployment it is very difficult to know which one is accurate. The newest government report shows overall unemployment fell to the lowest percentage in the last two years. Next weeks report will probably show a sudden increase in the unemployment numbers. There are also a number of articles that list older workers are having an especially hard time in finding employment. Congress is at odds on what to do about continuing long term benefits. Some states are almost double in the percentage of unemployed people the national average is listed at. Because of these items and so many more for America, the American Dream has turned into the American Nightmare.

All the aforementioned items make being unemployed more stressful than most people can imagine. Many of the people that are unemployed want only one thing, an opportunity to support their family and themselves by working. Unemployment benefits do nothing but help families survive at a difficult time. Most unemployed are required to use their savings and other financial reserves just to survive especially if they are one of the long term unemployed. I have heard it said that people on unemployment have little incentive to find work since they have money coming to them in the benefits they receive. The people making those statements are employed and bringing in wages and I doubt if this statement is ever made by someone that is unemployed.

This new computer age has the majority of companies using an online application process. Place your personal information online at their company’s career site or use third party information software they have contracted to gather this information. Once your information is entered, an algorithm can scan and evaluate whether the prospective party has the necessary skills the company is looking for. The problem with this automated evaluation is companies are losing people that have the majority of the skill sets that the company is looking for but more importantly they are losing people that want to do the best job possible and become an asset to the company.
Some companies were extremely selective and only hired candidates that are an exact match to their needs. An analogy of why companies are losing workers they need is as follows; a car dealership, example, GM dealership decides to close their doors and let their employees go. One employee has work at that dealership as a top salesman for over 30 years. A Ford dealership in the same town needs a salesman so this person applies. His application is rejected because he/she has never sold a new car with the Ford brand. In other words he/she does not have this portion of the experience that the company is looking for. Other companies may not have been able to find candidates with the necessary skills and are unwilling to dedicate the time or money to give the candidates that are applying for the open positions the remaining 10 to 20 percent skills that they might lack. Many times companies reject applicants because they are considered over qualified. Hiring managers forget that many of the applicants are just trying to support themselves and their family and hope that they can bring their experience to a company in such a way that will help the company. Maybe the hardest item to understand and accept, for applicants, is when an applicant is rejected for a position and that position continues to be advertised, sometimes for several months.
Early in my career I was one of four managers that hired for open positions. Because I enjoyed interviewing I was given an application by one of the other managers that did not wish to waste their time with an applicant. The application showed that this lady had not worked in over 15 years and I thought going in I would give her a few minutes and send her on her way with the normal promise to “let her know” later in the week. After about 10 minutes I thanked her for coming in and got up. She remained sitting and blurted out that “this was her 10th interview and everyone was brushing her off.” She stated “All I want is a chance.” I sat back down and we talked for another 45 minutes at which time I hired her. The other three managers thought I had lost my mind. Long story short, 2 ½ years later when I let the company she was promoted to my position and continued on with that company for several more years.
There is heavy competition for each available job. Articles have been written that about 13.3 million people were listed as unemployed in November 2011, which means there was an average of 4.2 people out of work for each opening companies had. Most major corporations require a college degree for any position their company lists. Some reports have shown that only about 25% of the people of working age have a college degree. This fact alone limits the number of applicants that a company will even consider. The percentage of college graduates with degrees is down significantly in older workers because when they either left or graduated high school they needed to get employment to help their families which limits the prospect of finding suitable employment even further. I have always wondered what type of college degree would be the equivalent of someone working for 10 or 20 or even 40 years in the job market. Reviewing the various articles and news reports that show the number of people that want to work and make every possible effort they can to support themselves and their families makes it difficult to understand the inflexible hiring rules many companies and organizations utilize.

Fulltime employed people mainly work 5 days a week 8 hours a day. A number of the unemployed people “work” 7 days a week in hopes of finding something that will allow them not only to work an average of 5 days a week but also give them the chance to survive.

There are some people, organizations and television shows that try to help some of the people that are unemployed or are having difficult times. Ellen DeGeneres has a show that my wife watches while we eat supper. She helps some people she and her staff believe need assistance. During one shows she featured a younger couple from Illinois because the husband had been off work for 18 months. The thing I found problematic was he stated he had applied for 15 jobs over that 18 month period. That comes out to one application every 36.5 days. What about the people that are applying for 5 to 15 jobs a week? Another family this show featured had several children and they were given a number of items to help them. This same family was featured a few weeks later on a different station, on the show Extreme Home Makeover, receiving a new home and a number of other items. I understand that people and shows like Ellen truly try and help people in need and she features things that affect society. The number of people and organizations that reach out to shows such as hers must be overwhelming. I hope that these people and shows continue to help the people and families that are truly in need and are making every effort possible to make things better for themselves, and the people around them.

If companies, government agencies, and organizations that are in need of workers would remember the one thing a woman once asked me when she applied for an open position, “All people want is a chance.” Companies, government agencies, and organizations might be surprised at the probability of finding dedicated and hard working employees. Giving people a chance can turn the nightmare faced by so many of the American people into a hope that someday they will once again be part of the American dream.

Al Cameron

Simplifying Pins and Passwords

For centuries mankind has tried to figure out ways to protect or lock up valuable items and information. We use a variety of locks as well as multiple other ways to protect what is considered important. The ever changing world has forced us to developed new ways to protect our homes and businesses. And now, for our electronic security, we need to “remember” passwords and pin numbers.

Pin Number Protecting
Have you ever forgotten a pin number you needed when trying to use a credit card or a debit card? Have you ever forgotten a password that is needed for a computer, document, or any number of other electronic items? Are you one of those people who need to change your password(s) often and use the unsecured way of remembering a password, the piece of paper you wrote it on that is hidden in your wallet, desk drawer, or taped to the bottom of your keyboard, because you believe no one else could possibly want it or find it. Another favorite place no one would look is on the back of that favorite family or pet photo frame that is on your desk.

Passwords and pin numbers has become part of our everyday life. Stealing those passwords or pin numbers have become a way of life for the thieves of the world. Once they have your information they can change it to what they want and lock you out of your own life. We have all read stories on how individuals have put electronic devices on ATM machines to capture our private information. Articles come out daily that warn us about phishing and pharming schemes that prompt us to provide our personnel information.

Only you can thwart giving the thieves this private information. How do you do this and still remember that password People have been asked to remember multiple passwords and pin numbers without writing them down.

If you can remember as little as three words or numbers you can secure anything with a password or pin number. Depending upon how much security is needed, you will need only a few words to develop the level of security you wish to assign to protect your files.

First let us look at pin numbers. Most pin numbers are either three, four, or five number long. Experts warn never to use your birthday as a pin number. Let us look at how two dates can protect us and make it easy for two people to remember them.

Use two sets of numbers that are not birthdates, anniversaries, or common dates that could be traced back to be common to you or your family. As an example take these two dates, 1-21-1858 and 7-5-1858.
The people who are required to know the combination for locks, pin numbers, or other related security could use something similar to the following. A three digit lock like a suitcase we share, and is mostly filled with her clothes and her other items, could be set to 121. A four digit lock or pin number that needs high security like a cash card, in room hotel safe, etc. could be set to 7558. In rare occasions where a 5 digit pin is needed for home security and other high security places, this could be set to 12158. Remember all parties need to know the codes for all items without really trying to remember. If you have multiple items or places to protect, like credit cards and do not want the same number, just reverse the numbers. You then only have to remember the two dates just understand the security level you are protecting. This does not have to be a date; it can be any shared number like a phone number. Do not use your home, cell or work phone numbers, but you could use a number that is out of the area that you both call. 312 555 6999. Three digits 312, four digits 6999, or five digits 31255.

Passwords made easy

Passwords have become a part of our life. How do we remember all these passwords? I have over 18 passwords that I use but only two ever changed. How do you remember what password you assigned where without compromising the security you are trying to provide? Before going on I want to relay one of the most common mistakes I have seen and that is to use the password you created as the hint or to use the public information as the hint. What is your mothers maiden name, What is your dogs name, Name of your high school, etc. As if someone can not go on line and get this making your security efforts nearly useless.

Using a word and adding a combination of numbers and letters will give you levels of security that will frustrate all but the best programs and people without taxing your patience or memory. Take any word or three words that you wish. Most of this can be accomplished with the use of one word allowing for one hint that has variations. For this purpose let us use the word mermaid. Since most passwords, especially the secure ones, are case sensitive you can easily adapt this to your own needs but for this article I will keep it simple.

Opening your computer at home you can type in mermaid or MERMAID. Opening your bank records or other credit or personal information I would high recommend the following. Mermaid,77ac77. Security expert recommend using a comma in all passwords. Below are different levels of security making it easy to remember what level you desired to assign to what you are protecting. Use mermaid mermaid,8 mermaid,88 mermaid,ac mermaid,8888 mermaid,ac8888 for different levels of protection.

I will now show you how to put your sticky notes out in the open and really confuse the people who might wish to steal your password and protection information. How do you give yourself a hint of what your password might be? Most of you will remember the passwords you have assigned yourself but when you need a hint or are required to give a hint for security purposes, your hint can be, woman, creature, fish, and ocean. Use the same hint every time but use something that means something only to you and or the person sharing the password. Remembering the security levels is just as easy. If I write something down I use these types of hints knowing that a comma will always follow my password. For secure items, I never hint at this. Use woman, woman–, woman–ll, woman—,woman–ll– The dashes represent the numbers I have assigned and the ll represent if I used letters in the password and where.

By utilizing three or less words to protect yourself and your information changing their value from simple to high you might have 5 or more passwords and not have to struggle with remembering what they are. This should make how to protect your data a little more simplified and a little more secure for you and your family.

Al Cameron

Risking your Mobile Payments Information

The financial and consumer worlds are once again set to embrace a new payment method. Mobile payment make it faster to purchase goods and services as well as make it cheaper and easier to process payments for the merchants and other companies involved. According to a Gartner there are currently over 100 million mobile payment users globally and estimates predict up to 90 billion dollars will be spent in 2011 using the mobile payment services that are currently being tested and provided.. Other reports expect this number to be at nearly 500 million users by 2014.

As companies and financial institutions are trying to develop more efficient avenues for consumers to make payments for their goods and services as well as making it easier for merchants around the world to accept payments, there is the risk side of this mobile payment technology. Every new payment method has been challenged with new forms of theft as groups of individuals and organizations spend their time and resources trying to figuring out how gain access to this data in order to steal. In the last 50 years it has included forging checks, stealing credit cards, skimming of the credit card mag strip, electronic readers to obtain information from the RFID chip, and the list goes on.

Consider a potential future crime, a gang of thieves may find it easier to rob a venue where people are gathered and instead of telling everyone to give them their wallets or jewelry, the thieves demand everyone given them their mobile devices. Transmission of the stolen mobile data could be transferred around the world in minutes and the financial information these devices have stored utilized minutes later.

The companies and financial institutions may have the counter argument that this could not happen because of the levels of security mobile devices currently have or will be required to have. I look at the levels of security required for different types of financial transactions like companies that are PCI compliant and the number of data losses that occur, or the security supposedly given to ACH and other payment methods and the financial losses that occur because of one reason or another. Obtaining pin numbers or passwords used to activate the ability to use the financial information on the mobile device might be a stumbling block. My argument would be, this has never been much of a problem for the thieves that have stolen ATM cards or other forms of payments that require pins or passwords I do not believe the new mobile payment technology will be any different.

Security for mobile devices has the potential to be compromised and a greater number of steps to protect the stored information will need. The need to review transaction history of each person purchasing history is paramount to stopping possible fraudulent transactions or attempted transactions. Employing this granular type of system would help in controlling losses.

Al Cameron

Resolving Credit Card Fraud

In December 1999, the Wall Street Journal ran an article about generals, admirals, and other military personnel who experienced identity theft and Internet fraud. An invisible party was able to secure enough information to obtain credit cards in the names of unsuspecting individuals. In turn, this Internet thief ordered thousands of dollars in merchandise with fraudulent, new cards. To make matters worse, this party used the Internet to inform other online thieves how they could steal using this technique.

Do you believe this is an isolated incident? Hundreds of times per day, the new online shoplifter is using his new abilities to obtain other’s credit information and steal from the many new companies conducting
e-commerce. A survey by the National Consumers League reveals Internet fraud has increased over 600% in the past year alone. The Internet and the Titanic are in the same class. The thieves and the iceberg have something in common — only a small percentage will of each are seen. The collision is inevitable. The world knows about the Titanic tragedy. Unfortunately, Internet companies have only began to shout, “Iceberg.” Will the knowledge needed to stop this collision come in time, or will companies continue to be blinded by the drive to make one more sale?

It is unlikely that an average world citizen will ever dealing with Internet fraud. When a thief decides to use someone else’s credit information to steal from e-commerce companies, the victim’s and the e-commerce company’s worlds change forever. Who is the victimized party here? The company who lost? Or the victim who had her credit information compromised? Both parties are the victims of the crime. The one who feels the greatest loss is the victim whose credit information was compromised. The victim will do her best to explain to the company that she did not place an order. The victim may be angry that more precautions were not taken before the order was fulfilled. The company may be angry that the victim did not take greater precautions with her credit information. The anger of both is justified. Since both parties have to blame someone, they blame each other. Consumers need to take steps quickly reduce their liability.

First, as a consumer you should make sure family members or friends did not use your credit information. If someone other than a family member has compromised your credit information, contact your bank or credit card company. The steps for handling and solving this problem are outlined on your statement and original credit card agreement. Follow the instructions carefully in order to avoid future problems. The merchant contacts are listed on your credit card statement. Never assume that your financial institution or credit card company will do this for you. File requested forms for disputes as instructed by the merchant, your financial institution or the credit card company.

You should also file a police report. It is not a waste of time. Many law enforcement agencies will investigate this new form of crime. If the merchant has the proper software and personnel, they will provide law enforcement agencies that contact them with the equivalent of an Internet fingerprint. The information captured should provide law enforcement enough information and documentation to obtain a subpoena to serve upon the domain administrator. The phone number and address from where the order was placed and the credit information given can be obtained.

You may not realize someone has obtained credit in your name. Thieves will do anything to steal or obtain your credit information including searching your garbage. Skimming is becoming popular. Skimming is the process of capturing of your credit card information in a small electronic device that stores the information from your magnetic strip. The information can be downloaded to a computer and used to steal merchandise worldwide. It can also be sold and someone can steal from merchants worldwide. Additionally, thieves can set up a computer to automatically run algorithms programs to order merchandise from e-commerce merchants. When an order is accepted, the program will automatically start the order process with another merchant.

This nightmare is what the e-commerce craze has imposed upon law-abiding citizens. Until safeguards are put in place and attention to this crisis increases, victims will be violated and the unsuspecting merchants will have goods stolen.

Financial institutions and credit companies need to develop communication channels to notify customers of purchases within a few minutes after a purchase. Individuals need to quickly verify mistakes on the credit statement. E-commerce merchants need to use the most advanced equipment and software to screen information with equipment and trained personnel. Consumers, companies, and agencies need to cooperate to slow the thieves down.

If you suspect that your credit card or other forms of credit have been compromised, the following steps should be taken as soon as possible: (1) call your financial institution or credit card company and review all previous suspected charges; (2) cancel the affected account; (3) follow the financial institution’s instructions, but remember merchants may have additional rules; (4) call the merchant(s) and ask them the procedures(s) needed to resolve fraudulent purchases; and (5) file a police report and ask the police if they investigate Internet fraud.

Merchants need to take a few simple suggestions: (1) listen when a consumer calls about Internet fraud; (2) explain how your company handles fraudulent purchases; (3) send necessary forms or paperwork to the consumer; and (4) fully-cooperate with the law enforcement agencies.

The problem of Internet fraud is in its infancy and the growth rate is alarming.Companies need to make the investment to slow Internet shoplifters. Since most consumers are innocent victims, companies need to take the burden of obtaining the proper software, security, and qualified personnel to maintain a safe and secure e-commerce order process.

Consumers should remember the merchant has not only lost the product, but also the money involved in purchasing the lost product.Merchants need to remember the consumer is the victim of a crime and the security we all need to have has just been taken away.

Al Cameron

Purchasing over the Internet- Is it Safe?

Everyday we hear newscasts and read stories about hackers stealing credit information from Internet companies. Hackers have the ability and knowledge to steal millions of pieces credit information by exploiting weaknesses in software programs used by unprepared e-commerce companies. E-commerce companies about the newest software or shopping cart being used to make us feel comfortable about venturing onto the Internet to shop make claims daily. Internet companies have convinced us to come shop at their site and purchase products using our most valued information — our credit information. Yet, only a very small number of these companies have taken adequate steps to ensure the safety of that information. This has made it difficult for all firms selling online.

I understand completely the ease and danger of purchasing products and services over the Internet. I also understand that e-commerce merchants face more fraud problems than their brick-and-mortar counterparts. Thieves from around the world will try to order products and services by using someone else’s credit information. This affects not only the merchants, but also the consumers. Merchants face mounting losses in their attempts to do business over the Internet. Consumers are protected under various federal and state laws when their credit card information is used to make a fraudulent purchase. As a result, one of the biggest irritations for consumers is dealing with the unexpected charge rather than financial loss.

Think of the advantages of shopping online. People all over the world spend a large part of their life shopping. Think of the Internet as the world’s largest open-air market. Items from all over the world can be purchased at the click of a mouse. What once was available to a privileged few now can be purchased by the world’s masses. Online buyers can shop in Hong Kong, London, Paris, New York, Bangkok, and any other city in the world where goods are for sale. Instead of people wishing they could purchase a special gift for someone or for themselves, the dream is now possible. A few minutes of your time plus some basic personal and credit information and the item is yours. Even the basics of life, can now be purchased over the Internet. Click and you shall receive.

There are millions of people and businesses using the Internet to purchase goods and services each day. Thousands more are beginning to explore this new found freedom to do comparative shopping and purchase from merchants worldwide. Ask these people what they think about when they enter their credit and personal information into web page forms make a purchase, and the majority will say they worry about having their credit information compromised by some unknown party or company. Airlines for many years have convinced us to fly with them to get to someplace because, all things considered, it is more dangerous to walk down a street than to fly. Likewise e-commerce companies are trying to convince the e-commerce shopper that their site is secure from all preying eyes. I take more precautions when I give my credit information to make hotel reservations, car reservations, or purchase items over the phone, than when I order over the Internet.

Most e-commerce companies are safe and are beginning to take extraordinary measures to make sure that the thieves of the world will not get your credit information. This extra effort being made by companies comes on the heels of the daily articles that are being written and read about hackers stealing credit information from a few e-commerce sites. Some e-commerce companies, such as Digital River, a global e-commerce provider, were concerned about security from the day they started assisting companies sell products over the Internet. Just like most brick-and-mortar companies, some e-commerce companies found they needed tighter security since they would be selling in high-risk geographic areas.

The consumer also shares in the responsibility to take a few precautions when ordering over Internet. If you are new to online buying, the first thing you should do is make sure that you are only ordering from secure sites. An easy way to tell if you are in a secure site is to look for a padlock or a key someplace on the screen. If the padlock is open or the key is broken it is not a secure site. If you are unsure if a site may actually be secure, send the company an e-mail requesting information on how to secure your transaction. If you do not receive a reply from the company, you should find a merchant that offers a secure shopping environment. Use a single credit card for all your Internet purchases. Make sure to keep track of your purchases. The purchase confirmation e-mails that you receive should be kept in a special folder that you can set up in your e-mail box. Use one piece of credit information for all your purchases. Make sure that you use only the billing address that is on the credit card statement. Using consistent information when making a purchase will assist the merchant in verifying and fulfilling your orders. This will also allow you to make sure that it was a legitimate order if there is a need to check on the order status.

Treat Internet purchasing like you would any new shopping experience. I do not believe that you would travel to a foreign land and shop at an open-air market without making sure your cash or credit cards were secured. Like most people, I like to browse through shopping malls and open air markets. Today I use the Internet. No pesky sales people, no lines to wait in, and you can still bargain to get a lower price. I can find what I want, when I want it, and my eyes are the only thing that gets tired. With just a few simple precautions, buying over the Internet can be fun and exciting.

Al Cameron

My Houston Problem

I call this my “Houston Problem,” although the proper name should be my Houston/Germany problem. The Houston Problem centers around Internet credit card fraud that appeared to be taking place Houston, Texas; however, my investigation would take me to the other side of the world to find the thief.

In January 1999, the Houston Problem thief was testing their skills in Internet theft. The thief were using stolen credit card information to order products and test the system of what would eventually become theft of hundreds of e-commerce merchants worldwide. The thief could steal at the speed of the Internet, but the victimized merchants would not discover the thefts for months. Until an angry customer asking how a thief could purchase something with stolen credit information calls a merchant or the merchant’s financial institution notifies them a credit card charge back had been received, the merchants are unaware merchandise was stolen.

My Houston Problem began slowly. First, the fraud prevention software used by Digital River detected inconsistencies with some orders. The order size was small so I dismissed the inconsistencies to typing errors. Since Internet merchants have their own fraud detection systems, this thief had much to learn. The thief’s thoughts would turn to testing the fraud prevention systems — asking himself, “How much could I steal before the credit information I am using today gets cancelled?” By February 1999, this thief was submitting multiple orders and using several pieces of stolen credit and identity information. Little did this thief realize that the system used by Digital River was designed to guard against this technique. The more he tried to order, the closer he came to getting caught. By the end of February, efforts to stop this thief escalated.

Ten days passed and roadblocks were set in Digital River’s fraud prevention software to spot and
stop this party. However, two more orders got through. I went to Digital River’s development staff who developed the software to stop fraud. It took them a day to put in the final measures in place to stop the thief from stealing from Digital River’s vendors. My investigation intensified to find the guilty party. I knew our system captured more information than any fraud checking system used by other Internet merchant. I provided enough information to numerous worldwide law enforcement agencies to assist them in capturing shoplifters who were not as sophisticated as the perpetrator of the Houston Problem. Law enforcement agencies were amazed at the level of software sophistication used by Digital River.

The first step was to find the information our system had attached to the thief’s information. A cross-check of e-mail addresses, credit card numbers, IP addresses, and the zip codes used by the shoplifter provided a wealth of information. The thief attempted to use over 300 credit card numbers, changed names, addresses, and other information to have the system accept an order. Unfortunately, 15 orders did get through. This information was accumulated in under 10 hours. The search for the thief was my main priority.

During a few weeks looking for the thief, I received a few credit card statements from customers showing fraudulent orders. One credit card statement showed $14,000 worth of purchases in eight days. Another statement had almost an equal amount charged in even less time. Both statements included numerous e-commerce merchants. I tried contacting some of the merchants. When I asked for the fraud departments, not one of the companies I contacted had a fraud or loss prevention department. One of the merchants had almost $7,000 in losses on one statement and was not yet aware of the losses. I left my name and number at each company and have never had a return call. Compared to some of the e-commerce companies involved in this thief’s crime spree, I was relieved Digital River’s fraud software and manual-checking system was capable of stopping everything it did. Additionally, I contacted credit card companies for assistance. After giving them the series of numbers issued from their company, they informed me they would block the numbers, but they could not give me any information regarding the cardholders or companies.

Next, I located the server being used for the fraud attempts in Germany. After locating the information about the domain administrator, I sent an e-mail to request his assistance in locating and contacting the thief responsible for the stealing of our clients’ products. He responded and agreed to forward the party an e-mail I wrote. The e-mail I received back from the thief stated they knew nothing about this. The domain administrator offered assistance to provide further information but only to a law enforcement agency. I began searching for a law enforcement agency in Germany that would get involved. My search led me to a detective from the Aachen, Germany Police Department who agreed to look into the matter. I sent him the same documentation sent to the domain administrator. I received a response stating the alleged thief was residing outside of Frankfurt, Germany, and he was sending the information to the Frankfurt Prosecutors’ Office to proceed.

To date, I have not received any information from the Frankfurt Prosecutors Office concerning the status of the case. No one has contacted me and I wonder what was done considering one amazing thing that did happen. A week after I had sent the documentation to the Detective in Aachen, Germany, I received an e-mail from the domain administrator. He asked about the status of my investigation. I replied I had sent the documentation concerning the fraudulent orders to a detective in Germany. I requested he keep this information highly confidential and thanked him for his assistance. Then came something I never expected. The next morning I received an e-mail from the thief apologizing for stealing and promising to destroy the software and never do it again if the authorities were kept out of it. Here is the apology I received and the response I e-mailed back to the thief:

From the thief:
Very much Geehrte ladies Una sirs
I explain hereby to you that all programs and copies is destroyed is.
And the programs these installed is, are relaxed, and I explain to you that no wider persons use these programs. The addresses, this one are telephone numbers and the names and the credit
card numbers destroyed. I explain and guarantee you that no further tries future in this gives.

Yours Sincerely,

User of Ginko Net

Below is my reply:

We appreciate you finally responding to and acknowledging your participation in the theft of our vendor’s software. It is not the policy of Digital River to ask any law enforcement agency to discontinue their investigation once an investigation has started. However, Digital River has made the law enforcement agencies and courts systems, that have previously investigated and prosecuted crimes against parties that have attempted to perpetrate these type of acts against Digital River and its vendors, aware that the parties involved have cooperated. You must be willing to cooperate in the previous requests for your cooperation and information as follows:

1) Destroy all programs and copies of programs involved in the downloads that took place.
2) Each party must file a letter of destruction on each piece of software downloaded and forward a list of any other party that they may have shared the software with.
3) Share with Digital River, Inc. all programs used in the commission of downloading the software obtained.
4) Share with Digital River, Inc. all programming or other relevant knowledge used in the commission of downloading the software obtained.
5) A written assurance that no future acts of this type will be perpetrated against Digital River, Inc. or any of the vendors involved with Digital River, Inc.
6) You must also identify yourself, all parties involved, complete address for yourself and the parties involved, the phones numbers for yourself and all parties involved, and proper and verifiable e-mail addresses for all parties involved in the next e-mail that you send to my office.

If this is acceptable to you and any other parties involved, please e-mail me. If all parties cooperate, we will do our best to request leniency on any charges that would arise in respect to the crimes against Digital River, Inc. or its vendors.

I am grateful to the parties who assisted my office with the investigation leading to this point. I am curious how far the authorities were able to proceed with the case. Considering the facts pertaining to the case, I estimate the losses for the merchants involved at approximately$500,000 to $900,000.

Al Cameron

Mobile Payments-Boom or Bust

It has been said that the new mobile payment method is like the old American West, growing at a breakneck pace with few boundaries. I compare this new payment method to another piece of history- the California or Alaskan Gold Rush. During that time people from all over the world were rushing to find their fortunes. Now companies from all over the world are rushing to increase their sales and profits by using this new payment method. Unfortunately I believe only a select few will find their fortunes and not suffer major data and financial losses.

Unfortunately, then like now, only a few companies will take the time to take the proper steps to reach their goal and protect their investment. History has taught us the lessons of the perils faced by those early dreamers. Only recently have the stories of the potential dangers of accepting mobile payment started to be told. Today almost all newspapers and magazines around the world are writing something about data losses, fraud, and identity theft but little about mobile payment problems.

Like the men of the old west were blinded by the color of gold, so are today’s companies blinded by the new potential payments markets and their potential profits. Companies are forging ahead without truly looking at the losses associated with current payment methods. Like the gold miners of yester-year, the rush for companies to get their presence in the newest payment method and start accepting the newest methods is blinding the parties to the dangers and costs involved. What happens when the companies say “we now accept”? Have they really thought it all through? Just like a hundred plus years ago, a mistake can be extremely costly.

Credit cards and now mobile payments have brought the start of a new way of life for the people of the planet Earth. They have made the world a smaller place to live in. It has brought out the best some people and companies have to offer and also helped countless millions obtain goods and services that 15 years ago would have been impossible for most to obtain. It has also brought out the worst in some. The thieves’ numbers, who steal from people and companies worldwide, have grown at an incredible rate and the new technology and knowledge needed to properly track these parties has not.

Ask any historian. Those who don’t learn history the first time around are doomed to repeat it. Why? Because knowing what happened in the past will help us understand why things are the way they are now. The thieves rely on companies to continue to use the same techniques and procedures that have been developed to help protect them. Protecting mobile payments using past methods of data and fraud protection may easily result in an ever increasing number of losses and problems for companies and consumers alike.

Al Cameron

Major Company’s-Mobile Phone Data Breach

Well it has finally happened to me. I have received a warning letter from my mobile phone provider stating that my account was one of a number of accounts involved in a data breach perpetrated against the company that provides my mobile phone services. This is my first letter ever, of this type warning me that my data might be in the hands of thieves.

I have written several articles addressing this subject and what companies and individuals should do to protect themselves. My letter states that I may be subject to “phishing” and “smishing” attacks and the reverse side of the letter explains what each of these are as well as other measures I should take. Examples; “Email and text message headers can be easily forged, so the posing sender may not be the real sender.” “Avoid providing or filling out forms via email because data is likely to be unsecured.” “I should realize that internet scammers can create realistic forgeries of websites.”

I wonder how many people actually turn the letter over and read the information. Data breaches have become so common that few people take the time to do more that a cursory glance at letters or information received unless unexpected charges show up.

Because I like to be thorough I did a Google search for a data breach at this company and no surprise, nothing showed up. I would be curious if this data breach involved a few hundred accounts or a few million. Because I have done business with this company for over 40 years, under one name or another, I do not think I will be switching services soon.

As I have previously wrote I do have a hard time with a company that reports a data breach and then expects the customer to shoulder that responsibility of watching out for potential attacks. A properly developed fraud monitoring system can be fine tuned to recognize patterns that are outside of the individuals previous behavior in the use of, in this case, online account management or mobile phone usage. This should be a requirement for any company that has a data breach in the first step of protecting potentially sensitive data from further compromise. Too many companies want individuals to spend their time and effort in protecting against potential threats even though the company themselves screwed up.

The line I enjoyed the most in the letter is “This letter is to advise you that we recently detected an organized and systematic attempt to obtain information on a number of customer accounts, including yours.” This was followed by “We do not believe that the perpetrators of this attack obtained access to your online account or any information contained in that account.”

Several years ago I was required to place some information on the online account in order to register something to do with my mobile phone service. This is why I find the companies statement about “recently detected” as an oxymoron, since I have not used or tried to sign onto that feature in years, any detection system the company may have had in place should have “immediately detected” that something was suspicious.

I am probably safer than most of the affected customers. Not because I have been helping companies understand and fight fraud since 1998 or that I have done a number of seminars on this subject. The main reason is, anytime I have upgraded to a new phone, 2 in over 10 years, I have immediately had the company shutdown the phones abilities to connect to the internet and receive or send text messages. I use my phone as a phone.

The same day and in a nearly identical envelop came a second letter from the mobile phone company. In this letter I was being offered a Free Android Smartphone which would make it easier for me to receive texts and faster web browsing. I know this company is large but I wonder if they should not have waited a few days to send out this promotion since they just informed me that they had been hacked and my data was probably compromised and I could be subject to unsafe texts and potentially harmful web browsing.

Al Cameron

Links Referencing My Work

• http://www.americanbanker.com/btn/14_9/-157578-1.html
• http://mobile.eweek.com/c/a/Mobile-and-Wireless/Digital-Delta/
• http://www.allbusiness.com/accounting/3486797-1.html
• http://www.verifraud.com/images/BCMFeb2004.pdf
• http://800notes.com/Phone.aspx/1-805-275-2235/7
• http://www.ahariri.com/images/OPIM%20220.pdf
• http://www.ahariri.com/images/OPIM%20215.pdf
• http://www.freepatentsonline.com/y2003/0009426.html
• http://www.forius.com/focus/Forius_Focus_2007_Sept_Oct.pdf
• http://www.allbusiness.com/accounting-reporting/fraud/753847-1.html
• http://groups.yahoo.com/group/ciberpac-net/message/99
• http://www.amcea.org/members/NewsandViews/0403/pocket.htm
• http://www.ectnews.com/perl/board/mboard.pl/ecttalkback/thread219/219.html
• http://photomarketing.com/newsletter/ni_WholeWindow.asp?dt=09/17/2003
• http://articles.baltimoresun.com/2000-04-02/news/0004010053_1_credit-card-fraud-card-accounts-charge-card/2
• http://www.paymentcentralinc.com/Fraud/FrdONLINEFRD.html
• http://www.ecommercetimes.com/story/2771.html
• http://www.ecommercetimes.com/story/8287.html
• http://www.ectnews.com/perl/board/mboard.pl/ecttalkback/thread1530/1530.html
• http://www.eweek.com/c/a/Web-Services-Web-20-and-SOA/Foreign-Flimflam/
• http://www.linuxsecurity.com/content/view/107280/1/
• http://www.uspatentideas.com/creditcard/credit-card-139.html
• http://ask.slashdot.org/story/00/05/27/2145231/A-Matter-Of-Trust

Internal Revenue Service Providing Information to help Identity Thieves Steal

There have been a large number of articles and reports about the amount of money the IRS has lost to bogus tax filings. Placing “IRS Identity Theft” in any search engine will result in hundreds of links to articles, news reports, and even to the IRS web site telling about the size and scope of this problem for the IRS.

This is why I am wondering why the IRS is actually providing all the information for the thieves to take over millions of people’s identity.

I believe in having my federal taxes completed as soon as I can each year. Unfortunately this year I owed the IRS a small amount. Since I am one that does not believe in waiting till the last minute to pay things, I sent a check for the amount owed. When I reviewed my banking transactions I saw the check that I sent to the IRS had been cashed. I am not sure why I decided to review a copy, maybe I have been fighting fraud to long, but to my surprise the stamp that the IRS uses for depositing the check contained my Social Security number.

The number was not encrypted, partially blocked, or hidden in any way. Financial institutions have had major breaches over the last few years and anyone with a simple program to recognize key words on electronically stored documents could easily obtain all of the information on the front and back of the checks allowing for identity thieves to steal using the unsuspecting parties’ information including the social security number.

One of the basic rules of protecting your information is never to given out personal information especially your social security number. You can imagine my surprise when I found out this one document contain this information.

I understand why it might be necessary to have an identification number that the IRS or individual party could reference in case of any future disputes occurring but I really believe that something other than a person’s social security number should be stamped on a document that could be intercepted by any number of persons at the various financial institutions or clearing stations that are used to process financial documents.

Alvin Cameron