Archive for July, 2007

Updated FISA brings out advocates for both privacy and security

Tuesday, July 31st, 2007

Another day, another battle between privacy and security experts — and the U.S. is all the better for it.

The Bush administration this week sent Congress a recommended update to Foreign Intelligence Surveillance Act (FISA) that attempts to address gaps created in U.S. intelligence due to the new technologies that have become so pervasive since the law was enacted in 1978.

This law, according to the Federation of American Scientists,

“prescribes procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power. Requests are adjudicated by a special eleven member court called the Foreign Intelligence Surveillance Court.”

According to the Washington Post, this proposed update would change FISA to,

“allow surveillance without a warrant of terror suspects who are overseas. The Bush administration believes the FISA court now must approve such spying because many conversations and contacts taking place overseas are routed through U.S.-based communication carriers, satellites or Internet providers.”

The Houston Chronicle reports that Democrats will cautiously support the new bill that would,

“allow U.S. spy agencies to focus on a wider pool of individuals with potential information and their locations, rather than the means by which they communicate. That would allow the U.S. to eavesdrop on multiple cell phones, Internet and other handheld technologies among wider networks of individuals.”

Not so, says the ACLU’s Caroline Fredrickson:

“Even the man responsible for prepping and filing all FISA applications, James Baker, head of the Justice Department’s Office of Intelligence Policy and Review, has said that, ‘There’s no type of collection that’s prohibited by the statute.’ By the way, FISA was modernized by the Patriot Act, by Intelligence Reform legislation and by the re-authorization of the Patriot Act. In fact, FISA has been updated 50 times since it was enacted in 1978.”

And the Electronic Froniter Foundation writes,

“Contrary to the Administration’s characterizations, its “FISA Modernization” bill is not about “updating” the law and allowing surveillance of foreign-to-foreign communications. Instead, it could radically expand the government’s ability to spy on Americans without a warrant.”

As we’ve said in posts past:

“Even our Founding Fathers battled over balancing this issue. In the blue corner, wearing green trunks is Ben Franklin who said, ‘He who would trade liberty for some temporary security, deserves neither liberty nor security.’ In the red corner, coming in 225 pounds is Thomas Jefferson who said, ‘The price of freedom is eternal vigilance.’”

And from another post of ours:

“The United States has struggled with this debate over privacy versus security since its inception. […] One thing that is clear about this 200-yr-plus debate is that the opinions and actions of both the defenders of privacy and security must remain engaged and unbending, watchful and most importantly — true to their beliefs to maintain a proper balance.”

We urge both sides to let freedom ring, to keep fighting the good fight till we find a balance between privacy and security.

Identity Resolution Daily Links 2007-07-31

Tuesday, July 31st, 2007

[Daily Post from Infoglide Software] The Not-so Funny Side of Insurance Fraud

“This video of a family crashing their van repeatedly into a tree would almost be funny if offenses like this didn’t cost consumers $300 (PDF from the NICB ) a year in extra insurance premiums…”

Radio Free Europe: World: International Community Said Successful Against Terror Financing

“[Terrorists] cannot operate without financing, and they have devised many ways to get the money they need and move it around between countries and continents. Many experts on international financial regulation at the conference have praised the decisive guidance governments and financial institutions have been getting from the United Nations. Stopping the flow of money presents many obstacles. Experts say most of the funds used by terrorists are legally acquired. Terrorist cells are hard to penetrate, there are fewer large donors these days and small donors are difficult to track. This prompts the question of whether the international community is actually succeeding in fighting against terrorist financing. But the answer seems to be a qualified ‘yes.’”

United Press International: Thieves hit Victoria’s Secret stores

“Police said they are unsure whether the shoplifting cases are connected. There are similarities between some incidents, including several where a store clerk was distracted by an accomplice while others shoplifted. ‘It certainly could be… part of a larger scheme,’ said Raleigh police spokesman Jim Sughrue.”

Memphis Commercial Appeal: Little change seen in shoplifting

“Despite a new, tougher policy on prosecuting shoplifters by retail giant Wal-Mart, Southaven police say they haven’t seen much change in activity so far. The Bentonville, Ark.-based retailer announced in July that its stores could begin prosecuting shoplifters at 16 years old rather than the previous 18.”

The Not-so Funny Side of Insurance Fraud

Monday, July 30th, 2007

This video below of a family crashing their van repeatedly into a tree would almost be funny if offenses like this didn’t cost consumers $300 (PDF from the NICB) a year in extra insurance premiums:

Here’s another scam:

“Wyndell Buckmon defrauded an insurance company by claiming he was driving his car when the vehicle was involved in an accident and had lost his leg as a result. However, several witnesses who were involved in the accident indicated Buckmon was not in either car at the time of impact. In fact, the responding police officer drove up the road to the car wash where Buckmon was working at the time and brought him to the accident scene after-the-fact. The investigation further revealed that Buckmon had already lost his leg years prior to this incident.” -From The Top 7 Most Outrageous Insurance Fraud Cases of 2007 (scroll down).

Call it a “fraud tax,” because the bad guys actually cost each law-abiding American $600 a year if you add in the costs of retail fraud, as we did in a previous post (see Who pays the cost of theft and fraud in retail? You do.).

This incident involving Mr. Buckmon came to our attention when South Carolina’s Governor Mark Sanford recently proclaimed July 15-21 as Insurance Fraud Awareness Week. For more not-so-funny fraud, see the Coalition Against Insurance Fraud’s Hall of Shame. According to this story on the Governor’s proclamation:

“Insurance fraud costs nearly $120 billion a year, with healthcare fraud at $85 billion a year and property and casualty insurance fraud at $30 billion a year…”

It takes a lot of people crashing a lot of vans into a lot of trees to defraud the insurance industry (and us) out of $120 billion.

What’s the solution? Insurers need a way to tap into the data they already have to stop insurance fraud rings like this one reported by the Insurance Journal:

“A New Orleans man and woman have admitted that, from 1997 through 2004, they collected at least $51,000 in insurance on fender-benders they caused on purpose.”

Most insurers have the data they need to catch these crooks. It’s just that the individual nuggets of information are too often contained in disparate silos - with no effective way to provide a “big picture” view for analysis. With an identity resolution solution that has non-obvious relationship matching capabilities, the insurance company would have been able to uncover a pattern of connections that indicated that something fishy was going on and they could then stop paying the fraudulent claims.

Identity Resolution Daily Links 2007-07-30

Monday, July 30th, 2007

[Daily Post from Infoglide Software] Knowledge Center: ORCs, Loss Prevention and Anti-Money Laundering

“Want to be a guest blogger on Identity Resolution Daily? If you’ve have some insight that our readers would find valuable, please leave us a comment and we’ll be in touch.”

MSNBC.com: Shame and Shoplifting at Wal-Mart

“In recent years, retailers have upgraded their technology and joined a shared database with law enforcement agencies to reduce shrinkage. But the rate of loss remains consistent. According to the National Retail Federation/University of Florida study, shrinkage as a percentage of sales ticked up to 1.61% last year, from 1.60% the year before. ‘Despite our best efforts we haven’t managed to reduce the rate of crime — and that’s because we are in the business of opening our doors to people,’ says Joseph LaRocca, vice-president of loss prevention at the National Retail Federation.”

Washington Post: Travelers Face Greater Use of Personal Data

“U.S. Homeland Security Secretary Michael Chertoff praised the pact as an ‘essential screening tool for detecting potentially dangerous transatlantic travelers.’ If available at the time of the Sept. 11, 2001, attacks, Chertoff said, such information would have, ‘within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments.’”

United Press International: U.S. to have less access to EU travel data

“The new agreement on Passenger Name Record, or PNR, data, effective as of Jan. 1, 2008, stipulates that the department will no longer have the right to access 34 PNR data per passenger in the airlines’ databases. Instead the airlines will be required to give the department 19 PNR data per passenger. “

CarInsruance.com: 4 Arrested In Auto-Insurance Scam

“Four Tampa residents were arrested Wednesday in connection with an auto-insurance scheme in which medical clinics reportedly paid patients to receive treatment they didn’t need, then billed insurance companies.”

Knowledge Center: ORCs, Loss Prevention and Anti-Money Laundering

Friday, July 27th, 2007

A few weeks ago, we began publishing Knowledge Center, a series of guest posts authored by some of the nation’s leading experts in identity resolution, loss prevention, fraud prevention and risk management. To date, we’ve had some great analysis from Jeff Stein, president of Executive LP Services and MonitorClosely.com and Barry Graubart, VP of product management, Alacra. If you missed any of these posts, please see below.

In the future, we’ll also feature guest posts from authorities in federal government, retail, insurance and financial services sectors.

Want to be a guest blogger on Identity Resolution Daily? If you’ve have some insight that our readers would find valuable, please leave us a comment and we’ll be in touch.

By Jeff Stein:
Tech Tools to Trap ORCs

“My partners and I once apprehended an ORC ring called the “Brooklyn Knapsack Gang.” They were teenagers from Brooklyn who’d take buses and stolen cars to NJ & PA to steal Polo merchandise. They all carried knapsack bags over their shoulders and wore baseball hats. (Baseball hats helped them conceal their eyes so Loss Prevention could not see…” (more)

Loss Prevention - Then vs. Now

“For internal investigations we used look out perches, integrity shoppers and covert CCTV (B&W pin hole cameras) rigged in a hole or speaker grill that we put in one of the drop down ceiling tiles when we could. Another covert mission would be for one of us to climb into the ceiling before the store opened and sit on one of the steel I beams in the ceiling looking into a hole in the ceiling trying to watch an employee while working at the cash wrap stand. Oh yeah, I would hate to leave out how we would find a big cardboard box and…” (more)

By Barry Graubart:
Complexity of Identity Resolution and Anti-Money Laundering

“…when comparing customer records to Anti-Money Laundering (AML) or Terrorism watch lists, banks and other financial institutions frequently have very limited access to information (on the watch list side). Terrorists, money launderers and drug traffickers don’t often provide a SSN or a street address. Instead, AML pros are limited to matching a name and, at best, city or country. Further complicating matters is the fact that…” (more)

Identity Resolution Daily Links 2007-07-27

Friday, July 27th, 2007

[Daily Post from Infoglide Software] Knowledge Center: Jeff Stein on Tech Tools to Trap ORCs

“ORC has plagued retailers for years. Large rings are getting bigger, better and more violent. This problem has become so serious that the FBI has joined in the fight.”

Los Angeles Times: Long Beach Airport reopens after evacuation

“Long Beach Airport was evacuated this morning after security screeners found a “suspicious” device in a piece of luggage that turned out to be a prototype for a new toy, law enforcement officials said.”

Guardian Unlimited: Experts Praise Airport Security Warning

“Security experts and politicians - even longtime critics - praised the Transportation Security Administration’s warning that terrorists might be testing whether innocent-looking bomb components can be smuggled onto an airplane. The TSA’s intelligence circular that leaked this week demonstrates that the agency the flying public loves to hate has matured beyond confiscating nail clippers, tweezers and lighters.”

AP: Companies Say DHS Must Share Info Faster

“Officials from three separate DHS offices acknowledged the need to better share information with the private sector, which controls about 85 percent of the nation’s critical infrastructure. But they said ensuring data accuracy and reaching an audience that includes nuclear, financial services, transportation and agriculture industries is an immense task.”

Knowledge Center: Jeff Stein on Tech Tools to Trap ORCs

Thursday, July 26th, 2007

By Jeff Stein, president of Executive LP Services and MonitorClosely.com

Early in my career in the late 80’s we caught several Organized Retail Crime (ORC) groups, but Jeff Stein Loss Prevention.jpglaw enforcement’s technology wasn’t there yet and it was hard to see how professional and organized these bad guys were. Getting lucky was usually the only way we could get a glimpse into the depths of these ORCs. We didn’t have an identity resolution solution like Infoglide Software’s that could tell who was who and who knows who. Instead, happenstance connected the dots for us when working at a different mall or retailer and we’d apprehend someone we’ve seen before.

My partners and I once apprehended an ORC ring called the “Brooklyn Knapsack Gang.” They were teenagers from Brooklyn who’d take buses and stolen cars to NJ & PA to steal Polo merchandise. They all carried knapsack bags over their shoulders and wore baseball hats. (Baseball hats helped them conceal their eyes so Loss Prevention could not see them suspiciously looking around) One of the guys we caught actually had a typed report on how to shoplift. It was a complete instruction manual on how to shoplift, what to say if caught, where to go to sell the merchandise, how much they would get paid, etc.

ORC has plagued retailers for years. Large rings are getting bigger, better and more violent. This problem has become so serious that the FBI has joined in the fight.

In response to congressional legislation intended to combat the growing problem of ORC, the FBI has teamed with the National Retail Federation (NRF) and the Retail Industry Leader’s Association (RILA) to create the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that allows retailers and law enforcement to share information. According to a LERPnet press release, the system addresses communication issues like this:

“Hypothetical scenario: Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.

“Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents since the crime did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: the thieves have sold the items to a fence operator or have sold them on an online auction site.”

This three month-old organization now boasts 45 members including JCPenney, Wal-Mart, Safeway, CircuitCity, Walgreens and Williams-Sonoma, reports StoreFrontBacktalk. The data-mining will only get better as more retailers sign on.

Back in the day, we could have used the ability to collaborate quickly with other retailers and other law enforcement jurisdictions. Again, luck played way too big a part in our successes. Oftentimes, it was the police themselves who connected the dots just by processing a suspect a bit slower than normal. For example, say we had apprehended a shoplifter who was using a booster bag. Normally the police would cut these guys loose pretty quickly. But every now and then a delay in processing would give the officers a chance to dig a little deeper and surprise, surprise — the perp would have shoplifting arrests up and down the eastern sea board.

Here’s where we could have used identity resolution. ORC members often have multiple or hidden identities. But retailers, thanks to many encounters with the same bad guys, have all the data they need in their existing databases. Unfortunately, the data is spread across different systems and departments. With an identity resolution solution bolted on to your existing architecture, you can gather data from multiple data sources and apply sophisticated similarity search techniques to resolve multiple identities so you can figure out who the guy in handcuffs really is. And just as importantly, identity resolution susses out hidden relationships between individuals so you can also figure out who this guy works with.

Today, the ORC groups have gotten more sophisticated. The larger, more organized groups use their ill-gotten money to support terrorists, money- launderers and drug lords. Fortunately, retailers and law enforcement have also beefed up their tools and resources to combat ORC with dedicated investigative units, various web sites, specialized databases, identity resolution software and RFID tags.

Besides LERPnet, here are two more sites that retailers use today to help track shoplifters and share information.

Please leave a comment and share your experiences with investigating/apprehending ORC individuals (past or present).

Identity Resolution Daily Links 2007-07-26

Thursday, July 26th, 2007

[Daily Post from Infoglide Software] Knowledge Center: Jeff Stein, Loss Prevention Expert, Returns to Talk about ORCs

“Tomorrow, Loss Prevention expert and guest blogger Jeff Stein joins us again with an informative post on Organized Retail Crime (ORC). Retailers lose $30 to $37 billion a year to organized rings that continue to grow larger and more sophisticated every day. How bad is it? …”

InfoWorld: Organized crime infiltrates financial IT

“Eighty-five percent of the respondents have been affected by employee fraud in general, and 65 percent see the threat becoming even more serious in the future, the survey found. More than 50 percent of participating companies admitted their belief believe that only half, or less, of all employee fraud occurring within their organizations is currently being caught. […] Among the factors contributing to the criminal trend are increased access to technology by rank-and-file employees, as well as poor hiring and screening processes within end user firms, according to the report. Data availability and a lack of dedicated resources for fraud detection technologies were other issues identified by respondents as fueling internal attacks.”

PogoWasRight.org: GAO: Homeland Security: DHS Privacy Office Has Made Progress but Faces Continuing Challenges

“These notices should identify, among other things, the type of data collected, the types of individuals about whom information is collected, and the intended uses of the data. Until the notices are brought up-to-date, the department cannot assure the public that the notices reflect current uses and protections of personal information.”

Washington Post: Security Report Meant To Raise Awareness, Not Alarm, TSA Says

“Passengers mentioned in a security report describing suspicious items at airports are not terrorism suspects and were included in the document only to help airport screeners think more broadly about potential threats, the nation’s top aviation security official said yesterday. “

AP: Threat Forces Plane to Return to Seattle

“A man who had missed his flight Wednesday said there was a bomb aboard the plane, forcing it to return to Seattle-Tacoma International Airport even though authorities did not believe the threat was legitimate, an airport spokeswoman said.”

Dallas Morning News: Prosecutors: Holy Land Foundation key in Hamas effort

“Prosecutors contend that money raised in the U.S. by Holy Land — often through fiery fundamentalist fundraisers throughout the country — enabled Hamas’ military wing to divert money for use in suicide bombings.”

Knowledge Center: Jeff Stein, Loss Prevention Expert, Returns to Talk about ORCs

Wednesday, July 25th, 2007

Tomorrow, Loss Prevention expert and guest blogger Jeff Stein joins us again with an informative post on Organized Retail Crime (ORC). Retailers lose $30 to $37 billion a year to organized rings that continue to grow larger and more sophisticated every day.

How bad is it? It’s so bad that the FBI launched Law Enforcement Retail Partnership Networkjeffstein3.jpg (LERPnet), a new database initiative back in April:

“‘The overall price tag is more than burglary, larceny, robbery, and auto theft combined,’ says Supervisory Special Agent Brian J. Nadeau, program manager of the Organized Retail Theft Program at FBI Headquarters. ‘Theses aren’t shoplifters taking a pack of gum. These are professional thieves. This is their day job.’” (From this article found on the FBI web site.)

A long-time foe of the ORCs, Jeff’s career in Loss Prevention began 20 years ago as a store detective for Haynes Department Stores and he’s got a lot of great stories to tell. Now the president of Executive LP Services and MonitorClosely.com, Jeff has been kind enough to give us some of his time and expertise in bi-weekly posts.

For all of Jeff’s Knowledge Center posts to-date, click here.

Come back tomorrow to hear about Jeff’s apprehension of the “Brooklyn Knapsack Gang.”

Identity Resolution Daily Links 2007-07-25

Wednesday, July 25th, 2007

[Daily Post from Infoglide Software] Feds Update BSA/AML Compliance Regs: Still No One Know What KYC Means

“It’s really scary that because of the ambiguity surrounding BSA/AML compliance, bankers are forced to play defense against their own government, instead of being on offense against money-launders, drug traffickers and terrorists.”

East Bay Business Times: UnionBanCal’s Q2 profit down, bank facing BSA fine

“The bank said it was recently advised by the OCC that the regulator would institute the procedure for a cease-and-desist order and will assess civil money penalties. The bank also expects a fine from the Financial Crimes Enforcement Network, a part of the U.S. Treasury Department.”

AP: Airports warned about terror dry runs

“Airport security officers around the nation have been alerted by federal officials to look out for terrorists practicing to carry explosive components onto aircraft, based on four curious seizures at airports since last September. The seizures at airports in San Diego, Milwaukee, Houston and Baltimore included ‘wires, switches, pipes or tubes, cell phone components and dense clay-like substances,’ including block cheese, the bulletin said. ‘The unusual nature and increase in number of these improvised items raise concern.’”

vnunet.com: US to keep UK personal data for 17 years

“The European Commission’s latest deal with the US over data usage allows the DHS to keep passenger name record (PNR) data for seven years in an active database and then another eight years in ‘non-operational’ storage. The data could include political opinions, religious or philosophical beliefs, trade union membership and sexual orientation.”

FindLaw’s Writ: Ramasastry: The FBI STAR Terrorist Risk Assessment Program Should Raise Renewed Concerns about Private Sector Data Mining

“Some studies of consumer credit reports indicate that many consumers have errors on their credit records; identity theft is a growing problem; and many mistakes on the no-fly and selectee lists have been identified when innocent persons are wrongly flagged. There is one cause for hope, however: The STAR system would be subject to a privacy-impact assessment before being launched in final form. That may address some privacy concerns, but accuracy, too, is an important priority. Thus, Congress needs to press the FBI for further information about the sources of the data it will be using, whether such data contains errors, and if it does, how those errors may be corrected.”

Bad Behavior has blocked 594 access attempts in the last 7 days.

E-mail It
Portfolio Strategy News The Direct Marketing Voice