EmployeeScreenIQ Blog

I saw this on our local NBC news affiliate last night.  It appears that applicants for open positions at Starbucks at Cleveland Hopkins Airport were having their identities stolen.  Candidates were submitting their job applications which included their Social Security Numbers.  An employee was using that Personally Identifiable Information (PII) to compromise their identities while racking up over $115,000 in fraudulent credit card charges.  Many employers only ask for this critical information when a decision to hire is made and a background check is ready to be run.  The story supports the fact that background checks have been on the rise since the 9/11 terrorist attacks.

Northeast Ohio: Starbucks job applications used in identity theft

CLEVELAND — We’ve heard identity theft  cases involving dumpster dives, over the shoulder wandering eyes in the checkout line, and even toddlers targeted for their personal information.

The U.S. Attorney has an indictment against a woman that allegedly stole from the unemployed. Information was lifted from where they’re most vulnerable — job applications.

For Hyde Park Restaurants, the process of protecting employee identities starts with the application.

“What we’re looking for is past job experiences and personal references,” General Manager Jason Crawford said.

Private information, such as a birthdate or Social Security number, is obtained only after an applicant has been offered the job. Such sensitive documentation never stays on the premises.

More

Continue Reading

Now why didn’t I see this one coming?  The Atlanta Journal Constitution published an article today about young people being denied employment after a background check reveals problems on their credit report.  What’s worse? It was their beloved parents who committed identity theft and caused the problem.  Check out this story below.

Child Identity Theft Increases- Atlanta Journal Constitution

Many face credit troubles at the hands of family members being dashed because they are unwitting victims of identity theft at the hands of someone they know, usually their parents.

It often happens when victims are too young to do anything about it, so it’s a crime that can go undetected for years.

A parent or other relative uses a child’s personal information, including Social Security number, to get a credit card, loan or other account with a clean credit record. That’s identity fraud in Georgia.

When the child enters the business and financial world as an adult, he encounters debt he knows nothing about

“They won’t be able to get a credit card. Or if the debt owed is disproportionate to their earnings, then they can’t get loans. It’s difficult to get a car,” said Michelle Jones, senior vice president of counseling for CredAbility. The Atlanta-based nonprofit, provides credit counseling and education across the Southeast.

“And when you are applying for car insurance or applying for a job, people look at your credit score. The worst case scenario … you have a young adult who is facing filing for bankruptcy on a debt that they never personally incurred,” Jones said.

The Federal Trade Commission’s figures on identity theft show Georgia ranking seventh nationwide for the highest number of complaints over the last three years. FTC breakdowns by age show about a quarter of the complaints come from 20- to 29-year-olds. But there’s no way to say how many are from parent identity theft.

Georgia Office of Consumer Affairs spokesman Bill Cloud believes cases of child identity theft have multiplied substantially in the last few years. Identity theft is a felony in Georgia.

“It’s a growing problem,” said Cloud, who said about 3 percent of identity theft victims in 2003 were children. That number increased to about 5 percent in 2006.

They do provide some advice for those who think their identity has been stolen.

• Check credit files. Minor children shouldn’t have credit files unless their information has been pilfered.
• Each credit bureau has its own procedure. For TransUnion: send an e-mail to childidtheft@transunion.com with relevant identifying information, and the company will confirm if it has a file. For Experian: visit www.experian.com/fraud or call 1-800-311-4769. For both these agencies and Equifax, follow these instructions on what to send to order a child’s report: bit.ly/aDFTi1
• Adults can order their own copies from Experian, TransUnion and Equifax through www.annualcreditreport.com , the federally-created Web site that allows free reports once a year.
• File a police report using the information from your credit reports as evidence. Victims can provide a printed copy of the Federal Trade Commission’s Universal Complaint Form to the law enforcement agency to incorporate into the police report. Find the form online: bit.ly/bN25VL
• Call all companies or collection agencies listed on your credit report that you haven’t personally opened. Ask them to send you a copy of the application and transaction records. You must send a police report with this request.
• If you have a police report listing all the fraudulent accounts, the credit bureaus must block the fraudulent accounts from your credit reports within 30 days.

Job seekers are also encouraged to conduct a personal background check on themselves at sites like TransparentMe.com

View Full Article

Continue Reading

The FTC’s “Red Flag” mandate to curb identity theft was set to take effect today, June 1, 2010, a year and a half after the original policy was to be enforced. Creditors and Financial Institutions were to develop and implement a written Identity Theft Prevention Program.  This time at the 12th hour, it was announced that they will again delay enforcement until December 31, 2010.

According to the FTC, “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”

According to the FTC, “The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring ‘creditors’ and ‘financial institutions’ to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have ‘covered accounts’ to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as ‘red flags’ – that could indicate identity theft.”

Full FTC Release

Further, all employers that conduct background checks are supposed to have a policy in place to handle “Red Flag” Address Discrepancy Notifications from the National Consumer Reporting Agencies (mainly credit bureaus). This rule has been in effect since November, 2009 and we are still unclear what such notifications will look like when and if they occur.

For more information on these guidelines and how to comply check out:

FTC Delays Red Flags Rules Again . . . and Again

Users of Consumer Reports Have New Responsibilities as of November 1
EmployeeScreenIQ Offers Free Webinar on New FTC Guidelines

Continue Reading

Courts in the state of Missouri have have proposed a rule that would remove personal identifiers such as Social Security Numbers and Dates of Birth from public records. “Court Operating Rule #2″ is most likely an effort to mitigate the opportunity for identity theft, but there is an unintended consequence that is not being considered. This measure would be an insurmountable set-back to any organization who conducts criminal background checks on potential job candidates. If the courts destroy these records, employers have no way of being assured that they can perform thorough due diligence on their candidates.

There is still plenty of time to influence law makers in Missouri and I am certain that the National Association of Professional Background Screeners (NAPBS) will lead the efforts to educate them. Those that are interested in getting involved can send a letter to Catherine Zacharias, General Counsel, State Judicial Records Committee.

We’ll pass more along information on this as soon as it becomes available.

NAPBS has been very successful educating public officials when similar bills are introduced. See examples below of these efforts. In each instance, the measure was defeated.

New Mexico House Bill 103 Threatens Employment Background Checks
Rhode Island Legislators Approve Bill to Destroy Criminal Records
Massachusetts Proposes Redaction of Personal Identifiers: Bad News for Employment Screening
Oklahoma Supreme Court Reverses Itself on the Removal of Identifiers

Continue Reading

This story out of the Palm Beach Post caught my eye because it involves so many warning signs that an employer missed or failed to follow up on and ultimately resulted in disaster.  Erika Morales showed up for her first day of work at a medical supply company with an electronic monitoring device courtesy of Palm Beach county.  When asked, she said that she needed to resolve a domestic issue.  The employer never followed up.  Ms. Morales was given access to the personal information of hundreds of clients and in turn used that information to commit identity theft and steal from them.

She is now in jail and charged with 25 counts of identity theft.  See story.

Here’s what we learned in the wash.  The employer says that they conducted an employment background check.  Of course the first signal that perhaps the check was flawed would have been the lovely jewelry she wore around her ankle.  Here’s what they missed:

• If they would have conducted employment verifications or professional reference interviews they could have known this from her past employers:
  • • Walmart: stole two $500 gift cards.
    • Yellow Cab: stole more than $4,000 by logging phony trips and running customers’ credit cards more than once.
    • Kauff’s Towing: stole about $2,500. Prosecutors declined to prosecute.
• If the would have run a credit report, they would have seen that she had over $78,000 of liens and judgments against her.
• And then to 6 arrests for fraud and a two year stint in prison that might have been revealed if a proper criminal background check was completed

Who know how much this will cost her employer or how badly their reputation has been damaged.  It could have been avoided with an inexpensive, but thorough employment background check.

Continue Reading

We are intrigued by how quickly and stealthly (word? we’ll add that to the “Nicktionary”) the March 1st deadline for complying with the new Massachusetts Data Security Regulations came and went.  We also think that there isn’t a whole lot of information out there about exactly who this affects and how they can comply; not even from the state’s attorney general.  So we sought the expert advice of Massachusetts attorney Michael S. Kraft to help educate us.  Check out our podcast below which highlights what the regulations entail, who they affect and how companies can get in compliance.  While the regulations are fairly sweeping and apply to more than just human resource practices, we focused on the personal data employers receive from job applicants and their employment applications and background check releases.

Also, Michael offered the following compliance checklist for employers:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

Continue Reading

Massachusetts attorney Michael S. Kraft was kind enough to correct me on the entry I posted last week about the state’s new data security regulations.  According to Mr. Kraft, not only do organizations based in the state of Massachusetts need to draft a policy to protect personal information, but any business that has any employee or consumer customer located in Massachusetts.

I checked out his blog and also found other helpful advice for how employers can comply with these guidelines.

The new Massachusetts data security regulation goes into effect on Monday, March 1. If you have not yet begun to plan for the deadline, then likely either you are unaware of the requirements, or you are feeling overwhelmed by them. And who would blame you in light of the seemingly endless list of tasks:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

You know that it is vitally important, both because it’s legally required and because it’s the right thing to do to protect your customers.  But where to begin? Do you need professional assistance – a lawyer or specialized IT firm to accomplish this task?  That really depends on the size and nature of your business, the data that requires protection and how much time and energy you are willing to devote to the process.  Many businesses are probably capable of accomplishing a lot on their own. For the most part, the regulation is a straightforward recitation of the tasks needed to comply. But is that the best use of your time? Noted author and business consultant Andy Birol would caution business owners to judge very carefully those tasks that they choose to do by themselves and those that are properly delegated.

More

Continue Reading

It’s been fairly smooth sailing for the E-Verify, the government program that allows employers to check the legal right to work status of an employee in the United states, since it was made mandatory for federal contractors last year.  That is until now, where it is being reported that this system is failing to catch more than half of all illegal workers.  The technology is not the problem, nor are Social Security Administration’s or Department of Homeland Security’s databases.  The issue lies in its inability to detect identity fraud.  In other words, if the employee fills out their I-9 Form and presents documents that contain valid information (such as a social security, passport or drivers license number), the system simply can’t tell that they belong to someone else.

I suppose this is a better problem to have then the system regularly spitting our tentative non-confirmations for legal workers, but still something that will have to be addressed in some fashion.

Report: E-Verify Misses Half of Illegal Workers

By SUZANNE GAMBOA, Associated Press Writer – Thu Feb 25, 3:09 am ET

WASHINGTON – The system Congress and the Obama administration want employers to use to help curb illegal immigration is failing to catch more than half the number of unauthorized workers it checks, a research company has found.

The online tool E-Verify, now used voluntarily by employers, wrongly clears illegal workers about 54 percent of the time, according to Westat, a research company that evaluated the system for theHomeland Security Department. E-Verify missed so many illegal workers mainly because it can’t detect identity fraud, Westat said.

“Clearly it means it’s not doing its No. 1 job well enough,” said Mark Rosenblum, a researcher at the Migration Policy Institute, a nonpartisan Washington think tank.

E-Verify allows employers to run a worker’s information againstHomeland Security and Social Security databases to check whether the person is permitted to work in the U.S. The Obama administration has made cracking down on employers who hire people here illegally a central part of its immigration enforcement policy, and there are expectations that some Republicans in Congress will try in coming weeks to make E-Verify mandatory.

E-Verify correctly identified legal workers 93 percent of the time, Westat said. However, previous studies have not quantified how many immigrants were fooling the E-Verify system. Much of the criticism of E-Verify has focused on whether U.S. citizens and legal immigrants with permission to work were falsely flagged as illegal workers.

More

Continue Reading

It is indeed a rare day when I will applaud legislation that aims to restrict those who provide employment background checks. We’ve just learned that the California legislature has introducedSenate Bill 909 which would mandate that a background screener “that prepares or processes in any manner an investigative consumer report, or portion thereof, outside of the United States or its territories to make specified disclosures to the potential user of this information, including, but not limited to, the country or countries where the report, or portion thereof, will be prepared or processed. The bill would also prohibit an investigative consumer reporting agency from transmitting a consumer’s social security number, except for the last 4 digits, outside of the United States or its territories.”

I support this bill because as an industry, we have an obligation to protect both our clients and their employees, and or prospective employees.  Identity theft is rampant in our society today and we all strive to ensure that the personal information that is provided to us in order to conduct a background check is held in the strictest of confidence.

There are some in our industry that choose to off-shore this information because let’s face it, it’s cheaper than paying someone to do it stateside.  Of course, once the information leaves the direct control of the screening company, what could happen next is anyone’s guess.

This law would obligate companies that off-shore this information to disclose that fact.  According to the bill, it would also, ”prohibit an investigative consumer reporting agency from transmitting a consumer’s social security number, except for the last 4 digits, outside of the United States or its territories. The bill would require these agencies to adopt and publish a privacy policy relating to information contained in reports that are prepared or processed outside of the United States, as specified. The bill would provide that an investigative consumer reporting agency is liable to a consumer who is harmed by any act or omission that occurs outside the United States or its territories, as specified.

Lastly, it is important to note that this bill exempts these requirements for those conducting background checks on individuals that live outside of the United States.

This bill is a win/win for employers and consumers.  We know that this effort will not be popular with those in our industry engaged in this practice, but it is efforts like these that will ultimately benefit the industry at-large.  We hope that it passes and would like to see similar legislation on a federal level.

Read the California SB909

Continue Reading

We realized recently that we have been negligent in adding to our “Smooth Criminal” series.  One of the great things about being in the background screening business is that we get to see all kinds of crazy things.  The things we see everyday can’t be written about for obvious confidentiality reasons.  However, oftentimes the news does the work for us!  Its not hard these days to open your internet browser and come across one of these….smooth criminals!

Criminals Use Fake ‘Office’ I.D. to Steal Ricky Gervais’ Cash

Just when we think we’ve heard about the dumbest criminal on this planet, another story breaks and leaves our mouths agape. With this latest one, we almost don’t know where to start. Let’s preface it with this: If you’re going to scam a celebrity, you better bring your A-game.

Unfortunately, a group of UK-based, bungling criminals didn’t even bring their D-game. According to The Sun, British actor Ricky Gervais revealed for the first time that a group of unidentified crooks attempted to use a fake passport several years ago to steal about $330,000 from his bank account. But it gets better. Instead of finding a picture of Gervais himself for the passport, they just cut out the picture of his character, David Brent, from the DVD cover of the UK version of ‘The Office’. And why did they need all that cash? To buy gold bullion, of course (we swear this isn’t a plot from Gervais’ next comedy). After Gervais gave his bank permission, it contacted police, who arrested the dumb criminals while they attempted to purchase the gold.

The would-be thieves were sent to jail, and Gervais says he can laugh about the ordeal now. “We were laughing for ten minutes,” he told The Sun. ” …it’s a picture of David Brent sitting at a desk with that little smug look on his face!”

In other news, Steve Carrell was seen at a Best Buy grabbing armfuls of DVDs of the U.S. version of ‘The Office’ and shouting “I’m not Michael Scott!” [From: The Sun]

More

Continue Reading