[SIG-IDtheft] PRESENTATION BY MARI FRANK, Aug. 17, 9:30 am PT

Bob Pinheiro bob at bobpinheiro.com
Tue Aug 14 12:01:22 EDT 2007 

Mari,

I have a few questions/comments that I hope you can address in your 
presentation next week.

1.  At least in terms of financial identity theft involving the 
establishment of new credit accounts by fraudsters, there does not 
seem to be sufficient incentive for individual credit grantors to fix 
the id theft problem.  Whatever losses they suffer due to id theft 
are considered as part of the "cost of doing business", or passed on 
to others in the form of higher rates/fees, or merchant 
chargebacks.  Two things seem to be needed: better methods for credit 
grantors to verify the identities of those applying for new accounts, 
and stronger incentives for their use.  I remember reading about a 
lawsuit in which a large, well-known bank was sued by an id theft 
victim because the bank issued a new credit card (in the victim's 
name) to an identity thief.  The victim sued and claimed the bank 
didn't perform sufficient due diligence to verify the identity of the 
person applying for the credit card.  The victim lost because the 
courts ruled that, since the victim was not actually a customer of 
the bank, the bank did not owe the victim anything.  Or, as the 
lawyers say, the bank did not have a "duty of care" to the id theft 
victim.  So assuming that Liberty and other groups can come up with 
better ways to verify identity online, what do you think about the 
possibility of changing the rules so that credit grantors will have a 
"duty of care" to the person whose identity is used to open a new 
account, whether that person is their customer or not?  Might such a 
"duty of care" provide more incentive for credit grantors to take 
better precautions to ensure the identity of those seeking to open 
new accounts?  This would need to be accompanied by some sort of 
"best practices" for identity verification - if it can be shown by an 
identity theft victim that the credit grantor did not follow the best 
practices, that would be grounds for liability.

Is this reasonable?  Could a lawyer such as yourself sue on behalf of 
an id theft victim and get a court to establish that credit grantors 
have a duty of care to the person whose identity is used to open a 
new account?  Or is that beyond what the courts can/would do,and 
therefore requires action by the politicians?

2.  We know that identity theft is enabled by stolen personal 
information.  But is this information more often used by identity 
thieves to directly impersonate someone to a relying party, or is it 
used indirectly to first obtain fraudulent credentials (ie, fake 
driver's licenses, SS cards, etc.) which can then be presented to 
relying parties?  I would expect that for online identity theft, 
stolen personal information would be used directly, but for off-line 
use (going into a bank to apply for a loan, etc.) fake credentials 
would be more likely.   So the challenge seems to be (for online 
identity theft) to have a way to authenticate a claimed identity that 
does not rely strictly on personal information - say by using a token 
or other credential issued by a third party identity provider.  For 
the offline case, the challenge seems to be for the relying party to 
have a way to verify the authenticity of official-looking credentials 
such as driver's licenses, etc.  Would you agree?

3.  Fraud alerts are a way for credit grantors / relying parties to 
do identity verification for online transactions, but it places the 
burden of doing the verification on the relying party.  Do you think 
it might be more effective if credit bureaus did the 
verification?  That is, when a credit grantor / relying party queries 
a credit bureau to get the credit score of someone applying for a new 
account, the credit bureau could contact the person whose identity is 
claimed, and ask for verification.  If no verification is 
forthcoming, not only could the credit bureau withhold the credit 
score (as with a security freeze), but it could also inform the 
credit grantor / relying party that the person whose identity is 
being claimed did not provide authorization.  [I envision some type 
of opt-in service that credit bureaus could offer to people].  This 
seems better to me than leaving it solely to the relying party, since 
it seems more likely that credit bureaus could better establish and 
follow standard procedures / best practices for doing these verifications.

4.  Regarding criminal identity theft, why does this happen?  Is it 
because the police just do not follow through on verifying the 
identities that people claim when they are apprehended, especially 
when only identity information is given, and no physical credentials? 
Or is it more because police make the effort but just don't have a 
good way to verify these identities?

Bob Pinheiro

---------------------------------------------
Robert Pinheiro Consulting LLC
bp at bobpinheiro.com
(908) 654-1939
<http://www.bobpinheiro.com/>www.bobpinheiro.com


At 08:01 PM 8/10/2007, Mari Frank wrote:
>Thank you Britta-
>             If any of you wish to listen in next week and send me 
> question that would be great. Also, if you are attorneys and wish 
> to get MCLE credit let me know. If you advise me at to your type of 
> job (HR, Privacy Officer, IT , compliance, law enforcement, etc- 
> that will help me to plan to give examples that will be most relevant to you.
>             I look forward to hearing from you.
>
>
>Mari J. Frank,Esq.
>Certified Information Privacy Professional
>28202 Cabot Road, Suite 300
>Laguna Niguel, Ca. 92677
>Phone :949-364-1511
>Fax: 949-363-7561
><http://www.identitytheft.org/>www.identitytheft.org
>www.MariFrank.com
><http://www.kuci.org/privacypiracy>www.kuci.org/privacypiracy
>E-mail <mailto:contact at identitytheft.org>contact at identitytheft.org
>
>
>To order Mari's books:
>Call Porpoise Press 800-725-0807
>This e-mail may be privileged and/or confidential, and the sender 
>does not waive any related rights and obligations. Any distribution, 
>use or copying of this e-mail or the information it contains by 
>other than an intended recipient is unauthorized. If you received 
>this e-mail in error, please advise me (by return e-mail or by phone 
>at 949-364-1511) immediately. Thank you.
>
>
>
>
>----------
>From: sig-idtheft-bounces at lists.projectliberty.org 
>[mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Britta Glade
>Sent: Friday, August 10, 2007 4:40 PM
>To: sig-idtheft at lists.projectliberty.org
>Subject: [SIG-IDtheft] PRESENTATION BY MARI FRANK, Aug. 17, 9:30 am PT
>
>We will be privileged to hear from Mari Frank on our next call, 
>which is FRIDAY, AUGUST 17, at 9:30 am PT.  Attached is the 
>presentation she'll use as a framework for her discussions with us 
>and her bio also appears below.
>
>Mari very much likes to address her presentations to audience 
>attendees....so would request that questions be sent to her ahead of 
>time so that she can best tailor her presentation to meet your 
>specific needs.  This is an excellent opportunity, given Mari's 
>extensive experience in this field.
>
>Dial in is:
>800-504-8071
>International: +1 303-248-0281
>code: 2544233
>
>We'll look forward to our call next Friday at 9:30 am PT!  Have a 
>terrific weekend.
>
>Mari's bio:
>
>Mari Frank is an attorney, Certified Information Privacy 
>Professional (CIPP) and the creator of The Identity Theft Survival 
>Kit, co-author of Privacy Piracy (with Beth Givens), and the author 
>of her two most recent books published by Porpoise Press ( From 
>Victim to Victor: A Step by Step Guide for Ending the Nightmare of 
>Identity Theft (2nd Edition, with CD) and Safeguard Your Identity: 
>Protect yourself with a Personal Privacy Audit. Mari is also the 
>host of Privacy Piracy a weekly one hour radio show at KUCI 88.9 FM 
>(<http://www.kuci.org/privacypiracy>www.kuci.org/privacypiracy) at 
>the University of California, dealing with myriad privacy issues. 
>The show received a Privacy Innovation Award in 2005 by the 
>International Association of Privacy Professional.
>
>Ms. Frank has testified many times on privacy and identity theft 
>issues in the California legislature and in the US Congress. In May 
>1999, she was summoned to the White House to a press conference with 
>President Clinton to speak on Consumer Privacy. Her speech was 
>broadcast on C-SPAN TV. This year, Mari's 90 minute PBS Television 
>special, "Identity Theft: Protecting Yourself in the Information 
>Age," aired nationwide. Two of her books and the DVD of the show 
>were featured gifts for viewers who pledged support for local PBS stations.
>
>Mari consults and trains corporations and governmental agencies. She 
>is a professional speaker on various privacy, identity theft and 
>other legal issues. She also helps victims and consumers, provides 
>expert testimony, and serves on the ID Theft Task Force of the LA 
>County District Attorney, and California's DMV Task Force on 
>privacy. She's an Orange County Sheriff Reserve on the High Tech 
>Crime Unit, an Advisory Board Member of the Identity Theft Resource 
>Center and the Privacy Rights Clearinghouse. Mari is also a Privacy 
>Research Fellow with the Ponemon Institute, and a trainer for the 
>National Office of Victims of Crimes.   She's serving as a member of 
>the appointed Advisory Board of the State of California's Office of 
>Privacy Protection. Mari is a certified trainer for the State Bar of 
>California, a law professor, and currently teaches Conflict 
>Management at the University of California, Irvine.
>
>
>
>Mari has appeared on dozens of national TV programs including 
>Dateline, 48 Hours, the O'Reilly Factor, Investigative Reports, NBC 
>and ABC Nightly News, CNN, Geraldo, CNBC, Montel and has been 
>interviewed on more than 300 radio shows. She has been featured 
>myriad times in major newspapers and magazines, ( US News and World 
>Report, Your Money Magazine, Money, Parade Magazine, The New York 
>Times, The Wall St. Journal, USA Today, The Chicago Tribune, The LA 
>Times, etc) Please visit 
><http://www.identitytheft.org/>www.identitytheft.org, 
>www.kuci.org/privacypiracy/ and <http://www.marifrank.com/>www.MariFrank.com
>
>
>--
>Britta Glade
>Liberty Alliance
>925-254-4233
>_______________________________________________
>This is a public mailing list.  Content is NOT confidential.
>
>Sig-idtheft mailing list
>Sig-idtheft at lists.projectliberty.org
>http://lists.projectliberty.org/mailman/listinfo/sig-idtheft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.projectliberty.org/pipermail/sig-idtheft/attachments/20070814/6f9d8b9b/attachment.html

More information about the Sig-idtheft mailing list