A few days ago I mentioned efforts by TJ Maxx to settle the first class action lawsuits stemming from its massive data breach earlier this year.

One of the many questionable components of the settlement was TJ Maxx' offer of a $30 voucher for affected customers. But at the same time as TJ Maxx was admitting that it wasn't in a position to even let all affected customers know about the offer, a judge set to hear the lawsuit questioned the validity of a voucher that would only be valid at a TJ maxx or related store.

Instead he suggested a simple cash payment, something that could cost TJ Maxx a lot more.

Good on ya, Judge. Time for TJ Maxx to take its punishinment and pay up.

Speaking of ridiculous e-mails, has anyone received one lately from the offspring off a dead Nigerian diplomat? You know the one — that same guy who has specifically chosen you, from all the world’s online users, to help him move millions of dollars of shady inheritance in return for a hefty seven-figure fee (for the record, these e-mail scams are actually called “Nigerian 419 scams”).

Or how about those e-mails congratulating you on winning a lottery in the Netherlands — or maybe in Spain? How you can win a lottery somewhere if you never bought a ticket?! In spite of it all, don’t those e-mails almost seem legitimate? I mean, they don’t actually ask you for any personal information or money.

If you still receive online messages like these, don’t sweat it. Almost everyone does. And you’ll be surprised how many people actually do fall for these email scams. If you’re one of them, though, here’s some sound advice:. Don’t quit your job! Needless to say, there’s no lottery payout, and the Nigerian millionaire’s nephew is most likely a down-and-out scammer, e-mailing you and millions of others from a shabby cyber café in downtown Lagos. So what’s all the hubbub about?

Click to read more ...

In the latest twist in the TJ Maxx data breach/identity theft saga, the company just offered to provide victims with three years of free credit monitoring as well as identity theft insurance, in an effort to settle the first long-expected class action lawsuits.

The company is also offering to cover the cost of replacing victim driver's licenses, is offering some victims $30 shopping vouchers and even announced a three-day customer appreciation sale offering 15% off. I wonder if it's a victim-only sale? Just hope they don't ask for a driver's license as ID.

To jog your memory, TJ Maxx' parent company was at the center of a highly publicized data breach earlier this year that exposed the personal records of more than 46 million of its customers. At the time, the company estimated the cost of the impact at around $3 - $5 million while security experts put the real figure at a staggering $1 billion or more.

Click to read more ...

Just last month research firm Javelin Strategy & Research issued a press release with a list of what it believes are the key elements that would help create a security “dream card” that offers the maximum consumer protection available.

I thought they had some great ideas, even if nothing original. But it’s certainly a wish list that every bank and credit card issuer should study carefully, and included.

• Providing customers with the ability to restrict or allow certain types of transactions (e.g. cash advances, foreign transactions, card-not-present transactions).

• Using identifiers other than social security numbers for identity verification.

• Encouraging customers to protect their home computers with anti-virus software by encouraging banks to partner with security software vendors (e.g. Bank of America’s partnership with Symantec).

• Using a photo of account holder on card.

• Providing mobile device or email alerts of high-risk changes to accounts (e.g. replacement card sent out, PIN or password reset, change of physical address or email address).

• Notifying customers of new account set-ups. New accounts fraud is traditionally the most difficult for consumers to detect. Credit cards continue to be the most abused category of fraudulent new accounts.

• Instituting a comprehensive, up-to-date data breach resolution plan.

• Providing an identity fraud assistance team to help customers affected by fraud.

• Offering free identity fraud insurance.

According to the report only 24% of card issuers provide user-defined limits and/or prohibitions (UDLAPs) on cash advances, and more than half (56%) of top card issuers still require full nine-digit Social Security numbers when interacting with customers, whether by phone, Internet or mail.

I think Javelin has hit a home run with their recommendations, and combined could help to shut down most attempts at identity theft and fraud. Let’s see who’s listening.

The other day, a family friend proudly boasted of the multiple layers of security he had installed on his computer (partly on my advice) to keep hackers and Identity thieves at bay. He then made a comment, that with all these layers of defense in place, he can now sleep better knowing his identity is beyond the reach of thieves.

When I asked him how often he patched his computer in response to newly discovered vulnerabilities and Identity theft scams, his blank stare told me my work here was not yet done.

I guess he must have just taken the advice that suited him, because as I’ve been saying for years, your computer is not the only way hackers will try to steal your identity. In fact, countless studies have shown that many if not most identity thefts don’t involve a computer or even the Internet.

Click to read more ...