As cybercriminals become more skilled, the privacy practices at many organizations have not kept apace. States are making it easy for fraudsters to steal consumers' unclaimed funds and sensitive personal information.
New York, NY (PRWEB) June 30, 2015
Many consumers each year search for unclaimed property and funds. States are responsible for ensuring unclaimed property makes it into the right hands. Twice a year, organizations like banks and insurance companies report uncollected payouts to their state's Unclaimed Property Office. From there, the debt is published in a local newspaper, and if it remains unclaimed, the property (funds, stocks, commodities, etc.) has to be surrendered to the state for safekeeping until a claim is made.
Two years ago, there was a total of $58 billion in unclaimed property nationwide. The process to collect funds is assumed to be safe. The claimant needs to be able to identify themselves and go through a verification process to collect the money. However, because Social Security numbers and other personally identifiable information (PII) are increasingly easy to find on the dark web, consumers are faced with a potential fraud-frenzy not unlike the spike in stolen tax refunds of recent years. It takes a good deal of information for a fraudster to claim funds that rightfully belong to the claimant, but the danger of PII on unclaimed funds sites cuts both ways - fraudsters attempt to gather personal information to claim the funds, or they can use the information from the unclaimed funds sites to build a dossier on their victims to target them for other scams.
Adam Levin, Chairman and Co-founder of IDT911 and Credit.com says "as cybercriminals become more skilled, the privacy practices at many organizations have not kept apace."
Mr. Levin, along with his team at IDT911 and Credit.com compiled the State Compendium of Unclaimed Property Practices to rank the amount of personal data state treasuries expose during the process by which individuals can claim and collect unclaimed funds. The data exposed can provide fraudsters with a crime exacta: claiming money that no one will ever miss and gathering various nuggets of personal data that can help facilitate other types of identity theft.
According to watchdog site, Scambusters, one common scheme involves charging a fee to "locate" the unclaimed property. In the process, the swindler grabs personally identifiable information that can be used to commit identity theft. According to KHOU.com, in 2011, a Houston woman was convicted for stealing almost $500,000 in tax refunds and unclaimed funds. Thomas used public databases to locate the names of the people owed money and armed with their personal information claimed the funds. This took place in Texas, which according the the compendium, ranks very low with a lone star.
Data breaches have become the new norm and with the recent OPM hack which has affected millions of federal employees and their friends and families, there is tons of personal data that hackers can easily grab and use for various scams.
The OPM hack has become a watershed moment. Millions of federal employees had their personally identifiable information exposed to hackers due to shoddy data security at the Office of Personnel Management, (The Hill, 6/18/15) Between the breach at Anthem that leaked Social Security numbers and the Premera breach that leaked far more specific information (in addition to SSNs), almost 100 million records were stolen. The recent IRS revelation that fraudsters essentially walked through the digital front door and stole $50 million in tax refunds using information accessed in its "Get Transcript" application highlighted the need for more stringent processes at government agencies. That swindle, like so many others, was made possible by a seemingly never-ending string of breaches. The fraudsters had enough information to game the IRS verification process. (CBS Philadelphia, 5/27/15)
The same approach could be used with unclaimed funds. According to some estimates, there are more than a billion records exposed to cybercriminals. It is crucial that organizations entrusted with the personal information of consumers do everything possible to limit exposure, especially when consumers' hard earned money and sensitive personal data is on the line.
According to the new compendium, more than half the country could be doing a better job. Thirty-six states had practices that exposed more personal information than was necessary--ranked "Not Good" (28) or "Bad" (8)--exposing various kinds of data that fraudsters can use to build the type of personal information dossier on an individual, or even a celebrity that facilitates the commission of identity theft.
What Needs to be Done
For Consumers: Consumers need to get their money now! Visit their state's unclaimed property site as soon as possible to see if they have outstanding funds. If they located unclaimed funds, they need to act quickly to claim the funds before a craft identity thief does. Consumers need to stay vigilant. Even if there are no unclaimed funds out there, it does not mean that a scammer can't target consumers with phishing schemes and other scams. Consumers should monitor their financial accounts regularly for unauthorized charges, and keep an eye on credit reports and scores for signs of new-account fraud. They should take necessary steps like getting a free annual credit reports at AnnualCreditReport.com and checking credit scores for free every month on Credit.com.
For States: It is crucial that states respect their fiduciary duty to protect consumers and expose less PII in the verification process.
Which States Ranked the Best and Worst? Click here to read the full State Compendium of Unclaimed Property Practices.