EmployeeScreenIQ Blog

According to The Baltimore Sun:

“New security screening procedures will be tested at O’Hare International Airport starting this summer to allow pilots to speed through checkpoints without undergoing scans or pat-downs, officials said.

It’s a first step toward transitioning to a more logical risk-based screening and away from the current system of treating pilots and passengers as equal potential security threats, according to the Transportation Security Administration. 

Expedited screening of flight attendants, who undergo less rigorous security and background checks than pilots during the hiring process, will occur later, officials said.”

Really?  Hasn’t the TSA learned anything from the recent incident at Miami International Airport where an illegal immigrant from Guyana was found working as a flight attendant?  This person was able to get this job using a stolen identity and his deception was not uncovered during the background screening process – it only came to light after the identity theft victim attempted to apply for food stamps and was denied because government records matched his SSN to the airline job.

I think before the TSA grants less rigorous security to airline personnel, they need to work with the airlines to ensure incidents like this don’t happen! 

New screening will let pilots fly through security

Continue Reading

Illegal-alien airline security shocker

By LARRY CELONA and BILL SANDERSON

In a colossal failure of 9/11 security measures, an illegal immigrant used the stolen ID of a Bronx man with an arrest record to get hired as an airline flight attendant, and flew several trips as a trainee before he was busted yesterday, authorities said.

Besides getting a job at American Eagle, Jophan Porter, 38, used the stolen ID to obtain a US passport, a US Department of Transportation ID card and at least three Florida driver’s licenses, law-enforcement sources told The Post.

Porter was caught after ID-theft victim Anthony Frair of The Bronx was denied food stamps because government records matched him to the airline job.

A law-enforcement source confirmed that Frair, 40, has an arrest record. Public records show a man with his name and age was busted in Florida in 2008 on domestic-assault charges.

It’s unclear how long Porter used Frair’s identity, sources said. American Eagle hired him in March, and he worked from the airline’s Miami base, said company spokesman Tim Smith.

Smith and spokespersons for several federal agencies couldn’t explain how Porter cleared the security checks needed to become a flight attendant — or why the airline didn’t realize the ID he had stolen belonged to a criminal suspect.

Smith couldn’t say whether the airline even did a Google search, which would have uncovered Frair’s arrest in Florida.

Porter was born in Guyana, and records show he’s also a former Bronx resident.

He was arrested at Miami International Airport early yesterday just after he’d returned from a personal trip to London on an American Airlines flight, Smith said.

More

Continue Reading

I wanted to write a quick post because of a topic that we encounter quite often.  Employment screening firms are given the opportunity to bid on new business often times through an extensive Request For Proposal (RFP) or Request For Information (RFI) process.   The National Association of Professional Background Screeners (NAPBS) has put out some great suggestions on how to develop a RFP/RFI for our industry, its a great document.  EmployeeScreenIQ also developed similar suggestions a while back (they can be found here).

One of the questions we seem to encounter more and more are requests for documents outlining company security measures.   Its a broad topic and for many CRA’s, could mean a myriad of different things.  Some CRA’s have security proceedures for every aspect of the operation.  There are literally security proceedures on what to shred, what do leave on one’s desk, how to properly lock a door, etc.  Its helpful when end users frame their security questions more directly rather than asking for a general statement.

A great place to start is for End Users to review the NAPBS Background Screening Agency Accreditation Program (BSAAP).  This accreditation program was recently launched and covers many aspects of operational and document security.  The transmission, usage and storage of Personally Identifiable Information (PII) is a highlight of this program.  Accredited companies are required to demonstrate how these policies are followed through an on-site audit by a third party in addition to a thorough document review.  Once successfully completed the the Background Screening Credentialing Council (BSCC) votes on their candidacy.  Many screening firms use these standards as an absolute minimum, so its a great place for End Users to start when formulating these questions to their screening providers.   EmployeeScreenIQ is proud to be an Accredited Member of NAPBS.

Continue Reading

I saw this on our local NBC news affiliate last night.  It appears that applicants for open positions at Starbucks at Cleveland Hopkins Airport were having their identities stolen.  Candidates were submitting their job applications which included their Social Security Numbers.  An employee was using that Personally Identifiable Information (PII) to compromise their identities while racking up over $115,000 in fraudulent credit card charges.  Many employers only ask for this critical information when a decision to hire is made and a background check is ready to be run.  The story supports the fact that background checks have been on the rise since the 9/11 terrorist attacks.

Northeast Ohio: Starbucks job applications used in identity theft

CLEVELAND — We’ve heard identity theft  cases involving dumpster dives, over the shoulder wandering eyes in the checkout line, and even toddlers targeted for their personal information.

The U.S. Attorney has an indictment against a woman that allegedly stole from the unemployed. Information was lifted from where they’re most vulnerable — job applications.

For Hyde Park Restaurants, the process of protecting employee identities starts with the application.

“What we’re looking for is past job experiences and personal references,” General Manager Jason Crawford said.

Private information, such as a birthdate or Social Security number, is obtained only after an applicant has been offered the job. Such sensitive documentation never stays on the premises.

More

Continue Reading

Now why didn’t I see this one coming?  The Atlanta Journal Constitution published an article today about young people being denied employment after a background check reveals problems on their credit report.  What’s worse? It was their beloved parents who committed identity theft and caused the problem.  Check out this story below.

Child Identity Theft Increases- Atlanta Journal Constitution

Many face credit troubles at the hands of family members being dashed because they are unwitting victims of identity theft at the hands of someone they know, usually their parents.

It often happens when victims are too young to do anything about it, so it’s a crime that can go undetected for years.

A parent or other relative uses a child’s personal information, including Social Security number, to get a credit card, loan or other account with a clean credit record. That’s identity fraud in Georgia.

When the child enters the business and financial world as an adult, he encounters debt he knows nothing about

“They won’t be able to get a credit card. Or if the debt owed is disproportionate to their earnings, then they can’t get loans. It’s difficult to get a car,” said Michelle Jones, senior vice president of counseling for CredAbility. The Atlanta-based nonprofit, provides credit counseling and education across the Southeast.

“And when you are applying for car insurance or applying for a job, people look at your credit score. The worst case scenario … you have a young adult who is facing filing for bankruptcy on a debt that they never personally incurred,” Jones said.

The Federal Trade Commission’s figures on identity theft show Georgia ranking seventh nationwide for the highest number of complaints over the last three years. FTC breakdowns by age show about a quarter of the complaints come from 20- to 29-year-olds. But there’s no way to say how many are from parent identity theft.

Georgia Office of Consumer Affairs spokesman Bill Cloud believes cases of child identity theft have multiplied substantially in the last few years. Identity theft is a felony in Georgia.

“It’s a growing problem,” said Cloud, who said about 3 percent of identity theft victims in 2003 were children. That number increased to about 5 percent in 2006.

They do provide some advice for those who think their identity has been stolen.

• Check credit files. Minor children shouldn’t have credit files unless their information has been pilfered.
• Each credit bureau has its own procedure. For TransUnion: send an e-mail to childidtheft@transunion.com with relevant identifying information, and the company will confirm if it has a file. For Experian: visit www.experian.com/fraud or call 1-800-311-4769. For both these agencies and Equifax, follow these instructions on what to send to order a child’s report: bit.ly/aDFTi1
• Adults can order their own copies from Experian, TransUnion and Equifax through www.annualcreditreport.com , the federally-created Web site that allows free reports once a year.
• File a police report using the information from your credit reports as evidence. Victims can provide a printed copy of the Federal Trade Commission’s Universal Complaint Form to the law enforcement agency to incorporate into the police report. Find the form online: bit.ly/bN25VL
• Call all companies or collection agencies listed on your credit report that you haven’t personally opened. Ask them to send you a copy of the application and transaction records. You must send a police report with this request.
• If you have a police report listing all the fraudulent accounts, the credit bureaus must block the fraudulent accounts from your credit reports within 30 days.

Job seekers are also encouraged to conduct a personal background check on themselves at sites like TransparentMe.com

View Full Article

Continue Reading

The FTC’s “Red Flag” mandate to curb identity theft was set to take effect today, June 1, 2010, a year and a half after the original policy was to be enforced. Creditors and Financial Institutions were to develop and implement a written Identity Theft Prevention Program.  This time at the 12th hour, it was announced that they will again delay enforcement until December 31, 2010.

According to the FTC, “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”

According to the FTC, “The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring ‘creditors’ and ‘financial institutions’ to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have ‘covered accounts’ to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as ‘red flags’ – that could indicate identity theft.”

Full FTC Release

Further, all employers that conduct background checks are supposed to have a policy in place to handle “Red Flag” Address Discrepancy Notifications from the National Consumer Reporting Agencies (mainly credit bureaus). This rule has been in effect since November, 2009 and we are still unclear what such notifications will look like when and if they occur.

For more information on these guidelines and how to comply check out:

FTC Delays Red Flags Rules Again . . . and Again

Users of Consumer Reports Have New Responsibilities as of November 1
EmployeeScreenIQ Offers Free Webinar on New FTC Guidelines

Continue Reading

Courts in the state of Missouri have have proposed a rule that would remove personal identifiers such as Social Security Numbers and Dates of Birth from public records. “Court Operating Rule #2″ is most likely an effort to mitigate the opportunity for identity theft, but there is an unintended consequence that is not being considered. This measure would be an insurmountable set-back to any organization who conducts criminal background checks on potential job candidates. If the courts destroy these records, employers have no way of being assured that they can perform thorough due diligence on their candidates.

There is still plenty of time to influence law makers in Missouri and I am certain that the National Association of Professional Background Screeners (NAPBS) will lead the efforts to educate them. Those that are interested in getting involved can send a letter to Catherine Zacharias, General Counsel, State Judicial Records Committee.

We’ll pass more along information on this as soon as it becomes available.

NAPBS has been very successful educating public officials when similar bills are introduced. See examples below of these efforts. In each instance, the measure was defeated.

New Mexico House Bill 103 Threatens Employment Background Checks
Rhode Island Legislators Approve Bill to Destroy Criminal Records
Massachusetts Proposes Redaction of Personal Identifiers: Bad News for Employment Screening
Oklahoma Supreme Court Reverses Itself on the Removal of Identifiers

Continue Reading

This story out of the Palm Beach Post caught my eye because it involves so many warning signs that an employer missed or failed to follow up on and ultimately resulted in disaster.  Erika Morales showed up for her first day of work at a medical supply company with an electronic monitoring device courtesy of Palm Beach county.  When asked, she said that she needed to resolve a domestic issue.  The employer never followed up.  Ms. Morales was given access to the personal information of hundreds of clients and in turn used that information to commit identity theft and steal from them.

She is now in jail and charged with 25 counts of identity theft.  See story.

Here’s what we learned in the wash.  The employer says that they conducted an employment background check.  Of course the first signal that perhaps the check was flawed would have been the lovely jewelry she wore around her ankle.  Here’s what they missed:

• If they would have conducted employment verifications or professional reference interviews they could have known this from her past employers:
  • • Walmart: stole two $500 gift cards.
    • Yellow Cab: stole more than $4,000 by logging phony trips and running customers’ credit cards more than once.
    • Kauff’s Towing: stole about $2,500. Prosecutors declined to prosecute.
• If the would have run a credit report, they would have seen that she had over $78,000 of liens and judgments against her.
• And then to 6 arrests for fraud and a two year stint in prison that might have been revealed if a proper criminal background check was completed

Who know how much this will cost her employer or how badly their reputation has been damaged.  It could have been avoided with an inexpensive, but thorough employment background check.

Continue Reading

We are intrigued by how quickly and stealthly (word? we’ll add that to the “Nicktionary”) the March 1st deadline for complying with the new Massachusetts Data Security Regulations came and went.  We also think that there isn’t a whole lot of information out there about exactly who this affects and how they can comply; not even from the state’s attorney general.  So we sought the expert advice of Massachusetts attorney Michael S. Kraft to help educate us.  Check out our podcast below which highlights what the regulations entail, who they affect and how companies can get in compliance.  While the regulations are fairly sweeping and apply to more than just human resource practices, we focused on the personal data employers receive from job applicants and their employment applications and background check releases.

Also, Michael offered the following compliance checklist for employers:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

Continue Reading

Massachusetts attorney Michael S. Kraft was kind enough to correct me on the entry I posted last week about the state’s new data security regulations.  According to Mr. Kraft, not only do organizations based in the state of Massachusetts need to draft a policy to protect personal information, but any business that has any employee or consumer customer located in Massachusetts.

I checked out his blog and also found other helpful advice for how employers can comply with these guidelines.

The new Massachusetts data security regulation goes into effect on Monday, March 1. If you have not yet begun to plan for the deadline, then likely either you are unaware of the requirements, or you are feeling overwhelmed by them. And who would blame you in light of the seemingly endless list of tasks:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

You know that it is vitally important, both because it’s legally required and because it’s the right thing to do to protect your customers.  But where to begin? Do you need professional assistance – a lawyer or specialized IT firm to accomplish this task?  That really depends on the size and nature of your business, the data that requires protection and how much time and energy you are willing to devote to the process.  Many businesses are probably capable of accomplishing a lot on their own. For the most part, the regulation is a straightforward recitation of the tasks needed to comply. But is that the best use of your time? Noted author and business consultant Andy Birol would caution business owners to judge very carefully those tasks that they choose to do by themselves and those that are properly delegated.

More

Continue Reading