call us at 1.866.467.4733 or visit our website at microshred.com
RSS icon Home icon
  • 7 ways to protect yourself from ID theft while holiday shopping.

    Posted on November 26th, 2012 admin No comments

    South Florida has the highest rate of identity theft of any metro area in the nation so consumers here need to especially protect themselves from identity theft while shopping during the holidays.

    Here are seven tips from the website IDentity Theft 911 at www.idt911.com:

    1. Shop on secure sites that have “https” in the address bar and a yellow padlock logo to the right of the Web browser address bar. Double-click on the lock to see a digital certificate of the website. Review these certificates on unfamiliar sites.
    2. Make sure you enter correct URLs. “Hackers often buy misspelled domains to trick people into entering personal information,” according to the website.
    3. Never enter your Social Security number or passwords to e-mail and bank accounts as part of the buying process with online retailers. South Floridians have especially been stung with thieves stealing their Social Security numbers to file fake federal tax refunds before the honest taxpayers can. Earlier this fall, the U.S. Treasury Inspector General for Tax Administration reported that Florida has the highest rate of stolen identity tax refund fraud in the nation.
    4. Use different passwords for online retailers, personal e-mail and banks accounts. If hackers crack one password, then they won’t have access to others. Also, don’t save personal information on an online retail website. Retailers will offer convenience and better deals, but many customer databases are breached by identity thieves. It’s not worth the risk.
    5. Beware of phishing e-mail scams that include website links advertising “incredible deals.” Don’t click on them. Type the link directly into your browser.
    6. Use credit cards online, not debit cards, to pay for merchandise. Try to use credit cards with low limits to minimize the damage if a thief takes over the account. Or, use a “one-time” credit card number from payment processors such as PayPal. Also, don’t link a bank account to an online pay service such as PayPal. Hackers could break into the PayPal account and drain money from the linked bank account.
    7. Install and update antivirus, anti-malware and firewall software on your computer. Don’t forget to update its operating system and Internet browser with the latest security patches.

     

  • Tampa Car Dealer Pleads Guilty in Tax Scheme

    Posted on November 26th, 2012 admin No comments

    A Tampa car dealer admitted in a plea agreement filed in U.S. District Court that he helped bilk the government out of almost $1.2 million in fraudulent tax returns.

    The document filed Tuesday followed the May arrest of 42-year-old Russell Bruce Simmons Jr. on a 32-count indictment.

    The Tampa Bay Times (http://bit.ly/Tu0tU7 ) reports Simmons agreed to plead guilty to one count of wire fraud and one count of aggravated identity theft.

    The next step is for U.S. District Judge James D. Whittemore to decide whether to accept the plea agreement.

    He faces two years on the identity theft charge and up to 20 years for wire fraud.

    The newspaper reports Simmons was accused to laundering the refunds of fellow identity thieves through Simmons Auto Sales Inc.

    (original post)

  • 2 sentenced for bank fraud, identity theft.

    Posted on October 23rd, 2012 admin No comments

    A Bulgarian man and a Florida woman will spend a decade in jail after identity theft and bank fraud which cost Bank of America at least $862,478.

    Antonio Velikov, 41, and Mariana Biserova Pashova, 35, were both sentenced to 10 years and one month in prison. They pleaded guilty in June to bank fraud, possession of more than 300 counterfeit credit or debit cards and aggravated identity theft.

    The duo were arrested by Hoover police in May 2011 as they attempted to install a skimmer on a Regions Bank ATM. A skimmer is a camouflaged device that can read and store information from the cards.

    “This pair was involved in ATM skimming operations in six Southern states, including Alabama,” U.S. Attorney Joyce White Vance said in a statement.

    When caught, more than $50,000 in cash, a magnetic-stripe encoder, a camouflaged skimmer, laptops, computer accessories and 340 counterfeit cards were recovered from their room.

    (original post)

  • Marine Pleads Guilty To Tax ID Theft Of Other Marines

    Posted on October 10th, 2012 admin No comments

    Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, Michael B. Steinbach, Acting Special Agent in Charge, Federal Bureau of Investigation (FBI), Miami Field Office, and José A. Gonzalez, Special Agent in Charge, Internal Revenue Service, Criminal Investigation Division (IRS-CI), Miami Field Office, announced that Jobson Cenor, 23, of North Miami, pled guilty before U.S. District Judge Robert N. Scola to one count of wire fraud and one count of aggravated identity theft in connection with an identity theft tax refund fraud scheme. Sentencing for Cenor is scheduled for December 14, 2012. He faces a possible maximum statutory sentence of 22 years in prison.

    According to documents filed in court, in 2011, Cenor and co-conspirator Dorothy Boulin agreed on a plan to use stolen personal identifying information (names, dates of birth and Social Security numbers) of individuals to file fraudulent tax returns seeking refunds. On July 12, 2012, Dorothy Boulin was sentenced to 70 months imprisonment by U.S. District Judge K. Michael Moore.

    According to documents filed and statements made in court, in late 2011 and early 2012, defendant Cenor provided Boulin with more than a hundred names, dates of birth, and Social Security numbers of U.S. Marines, many of whom were serving in Cenor’s unit in Afghanistan. Cenor provided the personal identity information to Boulin by creating draft messages in e-mail accounts with the personal identifying information and then sending Boulin the log-in information for the e-mail accounts.

    On January 17 and January 19, 2012, Boulin used the personal identifying information of several Marines to submit fraudulent tax returns seeking refunds. On February 9, 2012, law enforcement searched Boulin’s residence and found several lists that had the name, dates of birth and social security numbers of U.S. Marines. Boulin identified Cenor as the individual who had provided the lists. On that same day, Cenor and Boulin had a telephone conversation in which they discussed splitting the proceeds of the identity theft tax refund scheme. During that call, Cenor directed Boulin could keep his share of the proceeds until he returned from overseas.

    Mr. Ferrer commended the investigative efforts of the FBI and IRS-CI. The case is being prosecuted by Assistant U.S. Attorney Michael N. Berger.

    A copy of this press release may be found on the website of the United States Attorney’s Office for the Southern District of Florida at www.usdoj.gov/usao/fls. Related court documents and information may be found on the website of the District Court for the Southern District of Florida at www.flsd.uscourts.gov or on http://pacer.flsd.uscourts.gov

  • TD Bank waits seven months to notify customers of security breach.

    Posted on October 10th, 2012 admin No comments

    TD Bank is notifying an unknown number of customers that backup computer tapes containing their confidential personal information, including bank account and Social Security numbers, have been “misplaced,” putting them at risk for identity theft.

    Although the security breach occurred in March, the bank only recently began sending letters about it to customers. TD Bank spokeswoman Rebecca Acevedo said the delay was necessary as the bank conducted an internal investigation. But at least one customer called the lag “unconscionable.”

    “So what has happened to my personal information for the past seven months?” asked Lew Alessio, a Lewiston-Auburn area businessman who has both business and personal accounts with the bank.

    The security breach occurred in March when two backup tapes from a computer server were shipped from one TD Bank location to another. Acevedo said the tapes were misplaced in Massachusetts. She declined to say whether the tapes were the responsibility of a TD Bank employee or an outside contractor at the time.

    She said the bank held off notifying customers as it conducted an internal investigation. That investigation is ongoing and the bank has contacted Massachusetts law enforcement, as well. TD Bank began telling customers about the security breach a couple of weeks ago.

    “We weighed everything as far as the investigation and what was going on. We figured now was a good time,” Acevedo said.

    Acevedo declined to say how many customers were affected, though she said they live throughout the bank’s East Coast coverage area, from Florida to Maine. Notification letters are going out now and will continue until late October. Only affected customers will get a letter.

    The two-page letter calls the security breach an isolated incident and notes that the bank has no evidence to suggest customer data has been misused.

    Alessio received his letter Saturday. It told him TD Bank may have lost track of several pieces of his personal information, including his credit card number. He called TD Bank customer service to get more information, but he said representatives couldn’t answer his questions.

    “All they kept on doing was repeating the same information that was in the letter about how much they care about security,” he said. “So now what do I do? Obviously I monitor my credit information, but do I really want to stay with this bank?”

    Among his questions: Why did TD Bank wait seven months to tell him about the breach?

    It is unclear whether such a delay is allowed. Maine law permits businesses to conduct an investigation before notifying customers of a security breach, but that notification must be made “as expediently as possible and without unreasonable delay.”

    The law provides no timeline, except that customers must be notified no more than seven days after law enforcement determines that such notification won’t compromise a criminal investigation. It’s unclear when TD Bank called in Massachusetts law enforcement and whether the bank waited to notify customers to get the OK from police.

    In its letter, TD Bank offers affected customers a year’s worth of free credit monitoring. However, Alessio said he tried to set up his monitoring Monday and was told he would be charged.

    (original post)

  • Florida may hit the road with new license plates.

    Posted on October 10th, 2012 admin No comments

    Florida’s well-known license plate, featuring two oranges and an orange blossom, could be jettisoned in the next two years.

    State officials are drawing up plans for a redesigned plate intended to make it easier to catch scofflaws who go through toll booths as well as people who run red lights. The new plate would be rolled out to motorists in 2014 and 2015.

    Julie Jones, executive director of the Florida Department of Highway Safety and Motor Vehicles, said it is difficult right now for cameras to read the old license plates that feature raised lettering. Jones said so far this year that there have been 2.8 million unreadable tags.

    The effort to switch to a new flat plate so far appears to have the backing of Gov. Rick Scott.

    “It’s not fair if you pay for a toll and somebody else doesn’t,” Scott said Tuesday.

    Florida has roughly 18 million registered vehicles and most of them feature the basic Florida tag that says either Sunshine State or In God We Trust at the bottom. Some of the tags also feature the county that the motorist resides in.

    On the drawing board right now there are four different plates with a much simpler design containing black letters. Each of the four designs includes either an orange or orange slice on it, but at the top of the plate instead of in the middle of the tag. The county designation would no longer be included on the plate.

    The state plans to put the four designs on the Internet and let members of the public vote on which one they prefer.

    Jones said the $31 million it will cost to manufacture the new plates will not be passed on to motorists. She said that the state will recover the cost of the new plates from people who have not updated their tags as required under law.

    Tags currently cost $28, but motorists pay the cost of the plate over a 10-year period.

    Jones pointed out that Florida’s specialty tags — which include popular plates for the University of Florida and Florida State University — will not be replaced with the new flat tags until the existing plates are sold.

    The final decision on the new license plates still has a few more hurdles. Scott, members of the Florida Cabinet — which oversees the motor vehicles agency — and the Florida Legislature will have to give final approval to the switch to the new plates.

    (original post)

  • Florida Realtors Warned About Identity Theft Scam

    Posted on October 10th, 2012 admin No comments

    Thousands of Florida Realtors and other professionals with state licenses are being warned of a “very official”-looking identity theft scam that lures potential victims with threats of disciplinary action.

    The Florida Department of Business and Professional Regulation, which regulates professions ranging from contractors to cosmetologists, began getting complaints about the scam last week.

    Sandi Poreda, communications director for the department, said license holders are getting e-mails that look like they are from the department and claim there are disciplinary actions pending against the recipient. The license holder is directed to call a “department investigator” at a toll-free number where they are asked for personal data such as drivers license information and social security numbers.

    “It looks very official,” Poreda said about the e-mail, which is being investigated by the department. “They copied the banner on our website and created an e-mail signature that looks very much like ours.”

    While Realtors submitted the initial complaints about the scam, Poreda said the department doesn’t know how people are being targeted and therefore are notifying all of their license holders.

    Officials fear the scam could be more effective than a typical e-mail solicitation because the department does contact licenses holders through e-mail about disciplinary issues. But Poreda said an official notice is typically also sent via regular mail.

    “It’s important for people to know that this contact is not coming from us,” she said.

    Anyone who gets a suspicious warning of disciplinary action from the department is being asked to call 850-487-1395 and report it to law enforcement.

    The Federal Trade Commission reported earlier this year that Florida ranked first in the nation last year for the number of identity theft complaints per capita. Georgia followed, with California coming in third.

    Florida’s top identity theft complaints came from fraud relating to government documents, such as tax returns, followed by credit card fraud and bank fraud.

    (Source: Kimberly Miller The Palm Beach Post, Fla. (MCT)

  • FL Agency Issues ID Theft Scam Warning

    Posted on October 10th, 2012 admin No comments

    TALLAHASSEE, FL – The Department of Business and Professional Regulation recently issued a consumer advisory after learning an entity posing as the Department is allegedly targeting license holders in a potential identity theft scam. An unsolicited email which appears to be from the Department warns of pending disciplinary action against licenses. The email directs the recipient to call a Department investigator at a toll-free number and provide personal identification information.

    The Department has confirmed that the email communication is in no way connected with the Department or its regulatory authority.

    If a license holder receives an email from an entity claiming to be the Department and warning of disciplinary action, he or she should not respond to the email or call the listed number. Instead, the licensee should contact the Department directly at 850-487-1395. Licensees may also log into their online accounts to view any public disciplinary actions.

    The Department warned licensees against providing personal identification information to unknown individuals or companies who have made unsolicited contact with them. The theft of personal identification information is a crime and should be reported immediately to local law enforcement.

    The Department will investigate the matter fully and will work with law enforcement to determine whether any criminal action has occurred.

    (original post)

  • ID theft is the latest threat to attorneys.

    Posted on September 6th, 2012 admin No comments

    A Florida lawyer living in Colorado has had her personal information compromised, potentially setting her up for identity theft or impersonation.

    Laurie Morris unwittingly provided the miscreants her sensitive information when she submitted paperwork for a background check to what she thought was a California law firm.

    It wasn’t. Now she is worried about what will happen next.

    Morris recently moved from Tampa to Denver and since she is not licensed in Colorado, she has been working with a placement agency to secure various contract positions.

    After completing an eight-month assignment she got through the agency, Morris was contacted again in July regarding a job with “Isaacson Goldberg Warner,” purportedly a California firm that had a medical malpractice case set for trial in Denver in October and needed some extra help.

    “They supposedly reviewed my resume, approved me, and sent me some paperwork to fill out for a background check,” said Morris, adding she was “hired” along with another lawyer and a paralegal and told when and where to report to get started on the case.

    When that day came, the “California lawyers” never showed and failed to respond to calls from the placement agency.

    After contacting the State Bar of California and the property managers of the building supposedly housing the firm, it became clear “Isaacson Goldberg Warner” didn’t exist.

    “All we can guess is this is some sort of scam to secure personal information, because they did not get anything else from us,” Morris said. “But they do have my Social Security number, my driver’s license number, my date of birth, my address, and they know I’m an attorney — all the identity theft information.”

    As of yet, there have been no known repercussions. Morris said she has taken all the steps she can think of to minimize any damage — such as contacting her banks, credit reporting agencies, and The Florida Bar to alert them about what happened.

    Morris said the placement agency also had sensitive information stolen because the fake firm asked the agency to run payroll for the contract lawyers through its account, as opposed to the “firm” paying the lawyers directly.

    “So they now have her banking information, so she is also compromised both professionally and personally,” Morris said.

    Morris and the placement agency alerted local law enforcement and the FBI, which has turned the case over to its cybercrimes unit.

    “It looks like it was all Internet based,” said Morris, adding the Isaacson Goldberg Warner website’s IP server address has been traced back to Bermuda.

    Morris said the scammers were pretty sophisticated, and the ruse included Isaacson Goldberg Warner website and found much of the verbiage on the site was pirated from a Washington, D.C., based international law firm’s website.

    What’s next?

    Morris now worries about what the fraudster may do with her personal information: sell it to others; open credit card accounts in her name; obtain loans; get a driver’s license or official ID card issued in her name but with someone else’s picture; or even hold themselves out as her and practice law. What terrifies her most is the prospect of the fraudsters perpetrating more scams using her identity, and having Bar complaints wrongfully filed against her.

    Unfortunately, Morris said, she did not have a lot of information about the firm she was applying to work for before the scam got too far along, which is typically the way placement agencies work.

    “At the beginning it is double blind; they don’t tell me who their client is and they redact my information when they submit my resume,” Morris said. “Until it is finalized, you don’t really know who you are working for.”

    Going forward, Morris said if a potential employer wants to do a background check, she will demand to know why, since she is already a licensed professional. If the employer insists, she will ask to be provided with the name of the company that will run the background check “and I’ll communicate with them directly.”

    Morris said her placement agency now plans to run its own background checks and not let potential employers perform them anymore.

    “This is a fairly elaborate scam, which seems to be getting more common,” said Elizabeth Tarbert, the Bar’s ethics counsel. “Unfortunately, it is a lot easier with the Internet — and without real cost but time — to create credentials, such as a fake website, or in the case of another scam, the fake bank check.”

    Tarbert said it is good advice to try to get as much information as possible about potential employers before giving them sensitive personal information.

    The Federal Trade Commission estimates that as many as nine million Americans have their identities stolen each year.

    To learn more about ID theft or what to do if you think or know your identity has been stolen, visit www.ftc.gov/bcp/edu/microsites/idtheft

    (original post)

  • Despite warnings, most states slow to confront corporate ID theft.

    Posted on September 6th, 2012 admin No comments

    How easy is it to steal the identity of a business? Just ask Roger Lee Shoss and Nicolette Loisel, two Houston-based attorneys who turned hijacking the identities of publicly traded companies into a cottage industry.

    According to the Department of Justice, the two took advantage of loose public and private filing systems for more than a year, fooling regulators in Ireland, the UK and the U.S. and stealthily taking control of dozens of dormant firms. The scam calls attention to a little-known, but growing problem in the U.S. and elsewhere: business identity theft, and the way that lax business filing systems aid would-be thieves.

    By all accounts, Shoss and Loisel were masters of the art of corporate identity theft. According to a federal indictment, the two were part of a three person legal team operating within an octopus-like international conspiracy spanning the U.S., U.K. and Spain. After using online business registries to identify dormant, publicly-traded companies in the U.S., Shoss and Loisel would resurrect the firms: filing certificates of amendment for the firms’ articles of incorporation that folded the existing, publicly traded firm into sham shell companies they had set up.

    By manipulating business registration systems in Florida and Delaware as well as filing systems at organizations like NASDAQ and the SEC, the scammers took control of the companies and then obtained legitimate CUSIP numbers and stock trading symbols that were then used to push the worthless stock on unsuspecting investors. In all, the scheme raked in close to $100 million through bogus stock sales of 54 separate firms to gullible investors, mostly in the UK, before regulators and law enforcement got wise to it.

    The scheme was larger in scope than similar business identity theft operations, but not unusual in its details. The success of the perpetrators underscores the gulf in awareness that exists between the well-known problem of consumer identity theft, and the lesser known problem of business (or corporate) identity theft, according to experts interviewed by ITworld. “This is something that goes on quite regularly,” said Ricky Harper, the Director of Florida’s Division of Corporations.

    Harper said that business identity theft is often a lurking problem that slips under the radar of both state officials and law enforcement. Harper said that officials – himself included – often don’t know what to look for. “I was asked by our previous Secretary of State, Curt Browning, to look into the problem. I read some articles on it but didn’t see much evidence of it here in Florida,” Harper told ITworld.

    Then Harper said a case came across his desk that woke him up to the corporate identity theft problem. “We had a business – an aviation company – that had been dissolved by the owners. It was then reinstated by some identity thieves. Soon after, they applied for a $140,000 federal fuel tax credit, which was delivered as a check. The scammers and the money disappeared and the previous owners only learned about it when the IRS came knocking on their door.”

    Harper said that, when learned about the scam, he realized that the Division of Corporations wasn’t looking for the right clues. Rather than trying to identify fraudulent filings, the Division instructed its employees to start looking for innocuous-seeming changes that correlated with business identity theft scams. Those included sudden changes in the registered agent or mailing address of a company. “Once people started looking for that, we discovered a fairly high amount of (identity theft),” Harper said.

    In the last decade, secretaries of state across the U.S. have moved business registries and filing systems online as a convenience to taxpayers and also to save money. Unfortunately, that move online hasn’t gone hand-in-hand with tighter security. Lax business registration systems are the norm in the U.S., and they’re also a common denominator in business identity theft scams, say officials in other states that have confronted the problem.

    In Florida, officials at the Division of Corporations uncovered 40 known cases of fraudulent business filings with damages of up to $360,000 in one case, said Karen Ellis who was hired by the State of Florida in May to spearhead its efforts to stem the business identity fraud and abuse.

    Ellis says that poor communication between law enforcement and secretaries of state, who often manage corporate filings, is one major obstacle to stopping identity theft. Since starting work for the State of Florida in May, Ellis says that she has improved communication between the Division and law enforcement. But bigger changes that can actually stop identity theft have been slower coming, she said. “Right now in Florida we still have fair faith filing. That means I can get on a computer and go and alter things on an LLC, NPO or corporation. I just need to send in the form and pay my $25 charge for the amendment,” she said. “We’ve left ourselves wide open.”

    The loose security around business filings is no accident. In many states, secretaries of state are confined by law to a “ministerial” role with regard to business filings, without the authority to question the details of filings that meet the state’s guidelines. When fraud occurs, secretaries of state are often hamstrung in investigating suspicious filings, according to a January, 2012 report by the National Association of Secretaries of State (NASS).

    That means that, despite increased awareness of the problem of identity theft, would-be identity thieves can easily exploit online registries of corporations to glean the information needed to impersonate the firm, and then abuse Web- and fax-based filing systems to hijack the firms’ identities without concern about getting caught.

    In Oregon, the problem has been identity thieves reinstating old mining companies to steal their corporate identity, said Tom Wrosch, that state’s Commercial Registries Manager. In response, the state set up limits on how long a company could be dormant before it is reinstated, he said.

    Colorado Secretary of State Scott Gessler said that his state has seen a spike in cases of corporate identity theft stretching back to 2009 and 2010, under his predecessor. The problem was big enough to become an issue in a hotly contested political race for the Secretary of State’s seat, with Gessler promising to be more aggressive in combating corporate identity thieves if elected.

    Since winning the race, he said he has made good on his campaign promise: getting legislative approval and funding to expand an existing program to notify business owners by e-mail if their business registration information changed. Business owners in Colorado can now protect their business filings with a password protection – the first such system in the nation.

    “The password feature is straightforward, but it’s new and unusual in the context of central business registries,” Gessler said. The system went live in January and, to date, just over 26,000 businesses have registered for Secure Business Filing accounts, according to data provided by the Secretary of State’s office. The system is voluntary for business owners and Gessler admits that cajoling established businesses to set up an account has been a challenge. But Colorado has made it a default option when citizens set up a new business, with most taking advantage of the feature.

    The data, so far, is encouraging. Reports of business identity theft average about six per month so far in 2012, down from an average of 11 per month in 2011 and 18 a month in 2010.

    But Colorado is the exception rather than the rule. Even with greater attention to business identity theft, most states have little or any security built into their business registries. In states like California, for example, the form to amend a limited liability company (LLC) can be downloaded from the Secretary of State’s Web page and mailed- or faxed in with payment, but no proof of identity. That allows identity thieves to act without fear of getting caught.

    Texas doesn’t provide either an e-mail notification program or a way to password protect a business entity record, though the state is constantly reviewing its procedures in an effort to maintain the security of business records and appropriate public access to them, said Richard Parsons, the Communications Director for Secretary of State Hope Andrade.

    Even states that have implemented security features often fall short of the mark. Massachusetts’ Secretary of State’s office has password protected online filing. However, scammers can obtain a user name and password from the Secretary of State’s office with nothing more than a valid e-mail address and the name of the LLC or LLP they are targeting.

    Don Huntting, the president of Huntting Investigative Services in Westlake Village, California said that California, like other states, is behind the curve, with state agencies mired in bureaucracy and slow to process changes in business filings – let alone spot fraud in real time. He said that, in his state, it often falls to banks, which have higher standards of proof when setting up business accounts – to actually spot and stop business identity theft fraud. “The state is dropping the ball,” Huntting said.

    Wrosch of Oregon said the same is true in his state, acknowledging that the state’s business registry can be manipulated or out of date, and shouldn’t be the final word on the ownership of a company.

    “We tell businesses: if you’re relying on our database to show ownership or authority (of a company), then you’re enabling business identity theft. Our registry is not the best indicator or the sole indicator of who is the owner or person in charge of a business.”

    Business identity theft wouldn’t be a problem, he said, if “the people who had the money – whether that’s a bank or a credit card company – didn’t rely on the business registration … what they see on our system.”

    That’s a shocking admission, but Wrosch’s sentiment is backed up by data. The firm Dun & Bradstreet estimates that approximately 20 percent of the registration data in government databases is inaccurate, complicating tax collection and enabling fraud.

    Besides, Wrosch said, business identity theft isn’t a front burner issue in his state. “We’re not hearing about it from local law enforcement or anecdotally,” he said. That could be because there are no crimes to report, or because businesses are loath to admit when they’ve been defrauded. Whatever the case, with few reports, it’s hard to justify dedicating the resources and money to address the problem, Wrosch said. Add to that the fact that, in many states, implementing new and more secure business registries requires legislative action of some kind to approve the additional budget to fund the new system. In Colorado, despite public attention to the problem, it’s still a year to win funding to implement business registry security features, said Secretary of State Gessler.

    A 2011 position paper by the firm Dunn & Bradstreet said that online business registries have improved the speed and ease of registration over older, paper-based processes and can “strengthen agencies’ mission capabilities in such areas as regulation and oversight, collection of revenue and fees, transparency, and economic development.” But state agencies must fix the problem of what D&B called “inadequate data-quality checks” that have “enabled criminals to use government websites to steal the identities of legitimate businesses to perpetrate crimes.”

    The firm said states should take a number of steps to secure their filing systems and make them more akin to private sector systems. Those steps include proving the identity of those registering a new business or attempting to alter data for an existing firm, then providing them with a unique identifier and password to limit access to that data. But states will also need to invest significantly in support, management and oversight to ensure the continued integrity of their business registries and the data in them, D&B said.

    The NASS also recommended a series of changes in their report, chief among them the establishment of cyber security policies and practices to secure online business records and prevent unauthorized changes. NASS also called for better reporting and tracking of business identity thefts and new laws that empower secretaries of state to investigate fraudulent filings, raise the burden of proof for those seeking to resurrect a dissolved business entity and impose stiff penalties for cases of proven business identity theft.

    The efforts of NASS and others appear to be working. Colorado’s Secretary of State, Scott Gessler, who chairs the NASS Business Identity Theft Taskforce, said that awareness of the problem has grown tremendously in the states where NASS has held workshops. “We have a lot of people who are interested in doing the things we’re doing in Colorado,” he said.

    That’s as it should be because criminals will be quick to shift from higher- to lower security states when changes start to be implemented. “I tell my counterparts in other states that there’s no question that if we stymie crooks in our state, they’re coming your way instead,” Gessler said.

    (original post)