MyCRA Specialist Credit Repair Lawyers

Tag: personal information

  • Identity theft at their fingertips: Fraudsters and Social Media

    Media Release

    Identity theftIdentity theft at their fingertips:

    Fraudsters and Social Media

    5 June 2014

    As identity theft numbers increase in Australia, a consumer credit advocate shows how easy it can be for fraudsters to commit identity theft using social media, warning there are too many Australians disregarding their personal information, and leaving themselves wide open to identity theft and credit rating misuse.

    Graham Doessel, who is a Non-Legal Director of MyCRA Lawyers, a firm focused on credit dispute, says social media users who don’t opt in and maintain strong Privacy settings are ‘sitting ducks’ for fraudsters.

    “Fraudsters are trolling Social Media and other internet sites right now, looking for those consumers who are free and easy with their personal information,” Mr Doessel warns.

    “If you don’t strengthen your Privacy settings you run a grave risk – it’s not just the risk of having your account hacked, it’s the risk of having your identity stolen and having crime, including credit fraud, committed in your name.”

    Mr Doessel says the reason Facebook and other social media are so tantalising for fraudsters, is because many of the building blocks for identity theft are laid out.

    “If your Privacy settings aren’t secure your personal information is right at the fingertips of fraudsters,” he says.

    In order to obtain a birth certificate in Australia, a full name, date of birth, father’s name, mother’s maiden name, place of birth, and residential address are required.

    Mr Doessel says this can all be freely available on many social media profiles.

    “The other day I went on to a popular social media site, to see how easy it could be to obtain information. The frightening thing is, within five minutes of browsing a ‘random’ name, I was able to get four points of the information required on this person, and have a pretty good guess at the fifth. By simply changing the address, a fraudster could have a red-hot go at obtaining a birth certificate in this person’s name,” he says.

    Mr Doessel says other random browses proved to be similarly forthcoming, particularly amongst men using social media.

    “Women seemed to safeguard their information much better than the men I came across, begging the suggestion that women are much savvier when it comes to social media Privacy,” he says.

    His warnings come as part of Stay Smart Online Awareness Week 2014, a national education campaign aimed at helping Australians using the internet understand the simple steps they can take to protect their personal and financial information online.

    “We are raising awareness of some simple ways Australians can stay smart with their credit rating. Smart Facebook and other social media use have got to be number one,” he says.

    He is urging Australian users of social media to take some simple steps to protect the privacy of their profiles:

    Staying Smart on Facebook

    1. Don’t share too much, remember your personal information is valuable – and often once you’ve posted something online – it’s permanent.

    2. Install and maintain strong Privacy settings on social media.

    3. Change passwords regularly and use different passwords for different sites.

    4. Put a password on your mobile device.

    5. Don’t ‘friend’ someone you don’t know.

    6. Be wary about the type of requests, emails and attachments you click on.

    According to a recent Australian Institute of Criminology Identity crime and misuse survey, identity theft has increased to 1 in 10 Australians affected. 14 per cent of those victims were refused credit as a result.

    “Identity theft can lead to loans or other credit being taken out in the victim’s name, and often the victims don’t even know they’ve succumbed to identity theft until they’re refused credit themselves,” Mr Doessel says.

    He says recovery can be painstaking because the victim needs to prove they didn’t instigate the credit in the first place, but often necessary due to the victim being locked out of credit for between 5 and 7 years.

    “Identity theft can be really hard to prove, especially if the victim has no idea how their personal information was obtained in the first place. Police reports and large amounts of documentary evidence are generally required to substantiate to creditors the case of identity theft, but to those experiencing this, it’s a point worth fighting for,” he says.

    /ENDS.

    Please contact: Graham Doessel – Non-Legal Director MyCRA Lawyers Ph 3124 7133

    Lisa Brewster – Media Liaison MyCRA Lawyers media@mycralawyers.com.au

    www.mycralawyers.com.au www.mycralawyers.com.au/blog  www.mycralawyers.com.au/mediacentre

    MyCRA Lawyers 246 Stafford Rd, STAFFORD Qld Ph 07 3124 7133

    About MyCRA Lawyers: MyCRA Lawyers is an Incorporated Legal Practice focused on credit file consultancy and credit disputes. MyCRA Lawyers means business when it comes to helping those disadvantaged by credit rating mistakes.

    Image: Gualberto107/ www.FreeDigitalPhotos.net

  • Privacy Awareness Week 2014: Protecting the Privacy of Your Customers

    There has never been a more important time in business to consider the privacy of your customers. Personal information is more accessible than ever before, and with that, comes the need to create and define boundaries around personal information in the private sector. New laws have just been implemented which expand the scope of privacy law in Australia. This it seems is not merely being ‘over-cautious’ with privacy. A recent survey on identity crime shows it has officially become one of the more common crimes in Australia. Results from a survey of 5,000 Australians on their experiences of identity crime and misuse conducted by the Australian Institute of Criminology (AIC) on behalf of the Attorney-General suggest identity crime directly affects around 1 million Australians each year.

    personal information

     

    The survey has found almost 1 in 10 people experienced misuse of their personal information in the previous 12 months, and 1 in 5 people experienced misuse of their personal information at some point in their lives, with 5% of people experiencing identity crime or misuse resulting in a financial loss in the previous 12 months. Identity theft can impact the finances and the credit rating of victims. If your business handles personal information, this Privacy Awareness Week 2014, with its emphasis on education of Australia’s new Privacy Laws, is a good time to ensure you are meeting your responsibilities to consumers and to your business around Privacy, particularly if your business has obligations under the Privacy Act 1988 (Cth).

    By Graham Doessel, Non-Legal Director of MyCRA Lawyers www.mycralawyers.com.au.

    With the emphasis on privacy protection in Australia’s new Privacy Laws, businesses which handle personal information are required to update their Privacy Policies and possibly their systems to fall in line with new changes. Under the new privacy law the IPPs and NPPs has been replaced by the new, unified, Australian Privacy Principles (APPs) – these will apply to businesses with a turnover of at least $3 million, as well as government agencies. This is just one of the many significant changes to the Privacy Act 1988 (Cth).

    The Federal body which handles Privacy in Australia, the Office of the Australian Information Commissioner (OAIC) has previously suggested some basic questions for businesses to prompt further investigation if necessary into possibly obligations under the Privacy Act 1988 (Cth).

    • Does your business or agency handle personal information? There are some changes to what constitutes personal information under the Privacy Act

    • Do you need to review your business or agency’s privacy policy? You should have an up-to-date policy that is reviewed regularly. The new laws set out some requirements for privacy policies

    • Do you need to review your business or agency’s outsourcing arrangements? You will need to do this particularly if you are sending personal information overseas.

    • Do you use direct marketing to reach your customers? If you do, you will need to provide an easy way for people to opt-out of receiving these communications. There are some new rules in the area of direct marketing

    • Does your business or agency receive unsolicited personal information. There are some new rules on how to handle this information

    • Do your information security systems need to be reviewed and updated?

    privacy policyOn Monday, the OAIC launched ‘A guide to developing an APP privacy policy’ to assist organisations and agencies meet this challenge. The Guide sets out a step-by-step process for developing privacy policies and a helpful checklist. There are also a number of tips to ensure that privacy policies are accessible and clearly expressed.

    The OAIC also launched ‘A revised Guide to undertaking privacy impact assessments.’ A Privacy Impact Assessment (PIA) is an assessment tool that ‘tells the story’ of a project from a privacy perspective. PIAs analyse the possible privacy impacts on individuals’ privacy and recommend options of managing, minimising or removing these impacts. PIAs are one way of building an organisational culture that respects privacy while also minimising the risk of data breach which can result in reputational damage and a range of other costs.

    What else can businesses do to ensure it is creating a culture of respect for Privacy of its customers?

    Privacy and your business

    Good privacy practice is important for more than just ensuring compliance with the requirements of the Privacy Act. If an entity mishandles the personal information of its clients or customers, it can cause a loss of trust and considerable harm to the entity’s reputation. Additionally, if personal information that is essential to an entity’s activities is lost or altered, it can have a serious impact on the entity’s capacity to perform its functions or activities.

    It is important for entities to integrate privacy into their risk management strategies. Robust information-handling policies, including a privacy policy and data-breach response plan, can assist an entity to embed good information handling practices and to respond effectively in the event that personal information is misused, lost or accessed, used, modified or disclosed without authorisation. (OAIC Guide to Information Security)

    There is a large amount of help in the OAIC’s Privacy Business resources section on their website, including a Privacy checklist for small businesses.

    It is important businesses don’t leave privacy to chance. Possible ramifications of not protecting personal information can be that customers are left embarrassed, distressed, or potentially financially affected. In the case of identity theft, where personal information is used to assume the identity of the victim, there is a grave potential for credit to be taken out in the vicitm’s name. Their credit rating can be destroyed for 5 to 7 years due to defaults they haven’t actually incurred themselves. Click here to find out more about the ramifications of identity theft on the credit rating. (Article courtesy of MyCRA Credit Repair).

    Under the amended laws, the Privacy Commissioner has been given enhanced powers to conduct assessments of privacy performance for government agencies and businesses, as well as the ability to accept enforceable undertakings and importantly, to seek civil penalties in the case of serious or repeated breaches of privacy.

    MyCRA Lawyers is an Incorporated Legal Practice focused on credit file consultancy and credit disputes. MyCRA Lawyers means business when it comes to helping those disadvantaged by credit rating mistakes.

    MyCRA Lawyers is a proud partner for Privacy Awareness Week 2014.

    PrivacyWeek-Banners-R1 - 2013-3

    Link to see more on the AIC Survey on Identity Theft and Misuse in Australia 

    Image 1: pakorn/ www.FreeDigitalPhotos.net

    Image 2: Stuart Miles/ www.FreeDigitalPhotos.net

     

  • Privacy Awareness Week 2014: New Privacy Laws and You

    PrivacyWeek-Banners-R1 - 2013-3MyCRA Lawyers is a proud partner for Privacy Awareness Week (PAW), held 4-10 May 2014. Privacy Awareness Week is held every year to promote awareness of privacy issues and the importance of the protection of personal information. This year is focused on our new Australian Privacy Laws, which came into force on 12 March 2014. Find out about how Privacy Laws may affect you and your credit rating, this week during PAW.

    By Graham Doessel, Non-Legal Director of MyCRA Lawyers www.mycralawyers.com.au.

    In an age of increasing accessibility of personal information, privacy is growing ever more important, and more valued for Australians. According to a recent survey by the Office of the Australian Information Commissioner (the federal Australian Government body responsible for privacy in Australia), a third of Australians reported they had a privacy problem in the last year. In addition, 60% of Australians decided not to deal with a private business and 25% have decided not to deal with a government agency due to concerns as to how their personal information will be used.

    Australia’s new privacy laws were the most significant changes to privacy laws in over 25 years, affecting a large section of the community. The changes to the Privacy Act 1988 include a new set of Australian Privacy Principles that regulate how your personal information is handled and new enforcement powers for the Office of the Information Commissioner (OAIC).

    One of the aims of the new privacy laws is to ensure that your personal information is managed in an open and transparent way.

    Here are some tips provided by the OAIC during PAW, to help you protect your personal information:

    • Know your privacy rights

    • Read privacy policies and notices

    • Always ask why, how and who — this will help you to know how your personal information is going to be used, and if it is going to be given to another agency or organisation

    • Only give out as much personal information as you need to — always think before handing your personal information over

    • Ask for access to your personal information

    • Make sure the information an organisation or agency holds about you is accurate and up to date

    • Take steps to protect your online privacy

    • Make sure your hard copy records are properly destroyed

    • You can ‘opt out’ of marketing communications if you do not want to receive any further contact of this kind

    • Make a privacy complaint if you consider that your personal information has not been handled properly.

    Many identity theft cases that impact your credit rating could have been prevented with better education and more vigilance around the protection of personal information. Complacency around personal information, both on the part of consumers and entities such as agencies and businesses, can be the undoing of someone’s ability to obtain credit.

    Pieces of personal information are the building blocks for credit file misuse. You can lose your personal information to fraudsters in many ways, and you may be unaware of how or when it has occurred – particularly if it has happened via malware, through data breaches or even through too much sharing online.

    Sometimes it’s not until you apply for credit and are refused that you even find out you have been exposed to identity fraud, and by then it may be too late to detect how it took place.

    This is why it is so important for all Australians to educate themselves on how to keep their information secure, and to demand that any information they are required to give over to any person or company be treated with the utmost privacy. Australia’s new Privacy Laws will hopefully add the requirements for all entities holding our personal information to be more aware of and accountable for upholding personal information privacy.

    You can find out about your rights in more detail through the OAIC’s Privacy factsheet ‘How changes to privacy law affect you.’

    THIS PAW WEEK: If you have a business, get some help in our next post with how to navigate the new privacy laws, including how to update your Privacy Policy, and how and when to conduct a Privacy Impact Assessment. For consumers and businesses alike, also stay tuned this week for how Australia’s new Privacy Laws may impact your ability to obtain credit, through changes to credit reporting laws.

     

  • Fraudsters cashing in on public fear over password security

    fake password checking siteAustralians are warned to be aware of a scam which is targeting public uncertainty following publicised hacking events or data breaches. People are being sent links to fake sites which ‘test’ your logon details for popular sites such as Twitter, LinkedIn, Facebook, Hotmail and Gmail. But be warned, many of these are fake password checking sites, or similar and are phishing for your user name, password and other personal information. We look at this scam in more detail, and how it could impact you and your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Giving away your details to these sites could put you at risk of identity theft and credit fraud– so the message from Australia’s ‘Stay Smart Online’ is – always be suspicious of sites asking for your user name, password or personal information. If you’re not sure – don’t take the chance.

    “Links to password checking sites often circulate on social media and email after publicised hacking events or breaches – such as the hacking of the Associated Press’s Twitter account – a time when checking the strength or security of your own account might seem appealing,” Stay Smart Online warned in an alert yesterday.

    SSO advises never to enter your username and password anywhere except on the site it is intended for:

    Don’t use links in emails or social media messages that take you to a log in page. Navigate there yourself independently to make sure you are on the legitimate site’s logon page.

    Make sure the addresses of the websites you use are correct.

    When logging on to a website, check for HTTPS (or a padlock) in the address bar. This is the secure form of HTTP. Websites that don’t offer HTTPS at logon are unsecured.

    Always be suspicious of unsolicited emails, especially those seeking personal or financial information.

    SSO says there are some legitimate password-checking sites out there, and some of the legitimate sites have been copied.

    Legitimate sites can use minimal information supplied by you, such as your email address (not your password!) to check your address against lists of stolen information found in data dumps on hacker sites. Other legitimate sites may offer to simply test the strength of your password. But trying to distinguish the real from the fake may not be worth the risk.

    SSO warns fake sites may be very difficult to distinguish from legitimate ones, and will simply collect your details.

    “…someone then has everything they need to access to your account,” SSO states.

    The danger in clicking on any link from an unknown source is not only that the personal information that you give out could be directly warehoused for future purposes of identity theft for fraud, but you could also end up downloading malware or a virus which takes that information from your computer.

    Recently MSN Money commented on this latest scam in its story Avoid Password-Checking Sites:

    Given that most people still use simplistic passwords and use them across multiple sites — as has been shown in a variety of data breaches and surveys — there’s a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.

    Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.

    What can fraudsters do if they can get their hands on your personal information?

    They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

    New laws coming through in March 2014 are aimed at protecting your credit file following an incidence of identity theft. If you know you have been scammed, you will be able to put a ‘ban’ on your credit file – so no one will be able to access your credit information – therefore protecting your credit information from misuse.

    But if you don’t know you have been scammed until it’s too late, or if you can’t pinpoint what’s happened to you, it may be still be difficult to protect your credit rating. So you have to be sure you protect all of that, by staying ahead of scams such as this, and by keeping strong passwords.

    MSN Money provides some tips from Microsoft about password security to consider when creating — or changing — a password:

    • Make your password at least eight characters long

    • Mix up the characters with capitals, lower case, numbers, symbols and punctuation marks

    • Change your passwords regularly

    • Use different passwords on different sites

    If you think you might have entered details into a fake site…

    * Change your password immediately. If you use the same logon information elsewhere you should also change these passwords, ensuring you create a unique password for each service.

    * Contact the Police – as well as your bank – especially if you have given over personal information to fraudsters. Don’t be embarrassed – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place. You should also contact the credit reporting agencies that hold your credit file and inform them that you may be at risk of identity theft.

    * Order a copy of your credit report. If there are any inconsistencies on your credit report – change of address, strange credit enquiries and credit you don’t believe you’ve accessed, then you may already be a victim – and should do all that’s possible to follow up on each account so as not to accrue defaults on your credit file that should not be there.

    Credit file defaults are difficult for the individual to remove and generally people are told by creditors they remain on our file for 5 years, regardless of how they got there.

    Although it seemed so easy for the fraudster to use your good name in the first place, you are now faced with proving the case of identity theft with copious amounts of documentary evidence.

    If you have neither the time nor the knowledge of our credit reporting system that you may need to fight your case yourself, you can seek the help of a credit repairer. A credit repairer can help you to clear your credit file and restore the financial freedom you rightly deserve.

    The reason a credit repairer is usually so successful in removing your credit file defaults, is their relationships with creditors, and their knowledge of current legislation.

    Visit www.mycra.com.au  for more information on identity theft or how to repair bad credit.

    image: foto76/ www.FreeDigitalPhotos.net

     

  • Privacy Law reform – protecting your personal information and your credit file: Privacy Awareness Week 2013

    Identity theftIdentity theft is an ever-growing threat to Australians and the commodity which is traded, sought after and misused for criminal or financial gain by fraudsters is your personal information. In amendments to the Privacy Act 1988 (Cth) which occurred late last year and which will be implemented in March 2014, there will be some improvements in Privacy Law to do with requirements on organisations to keep your personal information safe. As identity theft can also go so far as to impact on your credit file, there are also improvements suggested within the Draft Credit Reporting Code of Conduct, aimed at protecting you and your credit file against identity theft. We look at these changes and the impact they may have on you.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au

    PrivacyWeek-Banners-R1 - 2013-3

    Personal Information in the Australian Privacy Principles

    We look at the differences in the areas of requirements by organisations in regards to personal information collection and security of personal information, as provided by the OAIC, which are set out in new Australian Privacy Principles, set to replace the current National Privacy Principles.

    Security of Personal Information

    APP 11 requires an organisation to take reasonable steps to protect the personal information it holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure (as required by NPP 4.1).

    APP 11.1 imposes the same obligation as [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][current] NPP 4 in relation to the protection of the personal information that an organisation holds. However, APP 11.1 now also requires organisations to protect personal information from interference.

    APP 11.2 introduces new exceptions to the requirement that an organisation take reasonable steps to destroy or de-identify personal information, once it is no longer needed for any purpose for which it may be used or disclosed in accordance with the APPs: – if it is not contained in a Commonwealth record (APP 11.2(c))[6], and – if the organisation is not required by or under an Australian law, or a court/tribunal order, to retain the information (APP 11.2(d)).[7]

    Sensitive information

    Summary of [current] NPP 10 An organisation must not collect an individual’s sensitive information unless a listed exception applies (NPP 10.1). Sensitive information is defined in s 6.

    NPP 10.2 and 10.3 set out specific exceptions regarding the collection of health information.

    Relevant APPs

    APP 3 – collection of solicited personal information

    Key differences

    APP 3 clarifies that an organisation must only collect sensitive information about an individual if the individual consents to the collection and the information is reasonably necessary for the organisation’s functions or activities, or an exception applies (APP 3.3).

    The definition of sensitive information in s 6 has been extended to include: -biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.[14]

    Sensitive information may also be collected about an individual: -if required or authorised by or under an Australian law or a court/tribunal order (APP 3.4(a))[15] when a permitted general situation or permitted health situation applies (APP 3.4(b)-(c), s 16A).

    Permitted general situations include the collection of sensitive information where: -the entity reasonably believes that the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety, and it is unreasonable or impracticable to obtain the individual’s consent to the collection (APP 3.4(b), permitted general situation 1 (s 16A item 1)).

    This exception reflects the wording of NPP 10.1(c), but removes the requirement that the threat must be imminent. This exception also replaces the specific circumstances set out in NPP 10.1(c) in which an individual may be unable to consent, with the more general ‘unreasonable or impracticable’.

    -the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in, and the entity reasonably believes that the collection is necessary for the entity to take appropriate action in relation to the matter (APP 3.4(b), permitted general situation 2 (s 16A item 2)).

    This is a new exception in relation to the collection of sensitive information.

    the entity reasonably believes that the collection is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing (APP 3.4(b), permitted general situation 3 (s 16A item 3)).

    This is a new provision in relation to the collection of sensitive information.

    The permitted health situations replicate the wording of NPP 10.2 and NPP 10.3, in relation to the collection of health information for the provision of a health service and for research.

    APP 3.4(e) relates to non-profit organisations and replaces NPP 10.1(d). APP 3.4(e) permits the collection of an individual’s sensitive information by non-profit organisations where the information:

    relates to the activities of the organisation, and relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.

    The definition of ‘non-profit organisation’ is now included in s 6.[16] It states that a ‘non-profit organisation’ means an organisation that is a non-profit organisation, and engages in activities for cultural, recreational, political, religious, philosophical, professional, trade or trade union purposes. This definition replaces the terms ‘racial’ and ‘ethnic’ in the NPP 10.5 definition with the term ‘cultural’. In addition, it also includes in the definition organisations with a ‘recreational’ purpose.

    Identity theft and credit file protection

    The proposed new Credit Reporting Code of Conduct – currently in draft stage, has some significant new protections for victims of fraud.

    The draft code sets out the opportunity for individuals who believe they may be likely to be or have been a victim of fraud, to request a ban be placed on the use or disclosure of their credit reporting information without the individual’s consent. This is intended to combat identity theft which involves the stealing of credit through impersonating the victim and taking credit out in their name.

    Where a Credit Reporting Bureau (CRB) receives a request from a Credit Provider (CP) for credit reporting information about an individual in relation to whose credit reporting information a ban period is in effect, the CRB must inform the CP of the ban period and its effect.

    The Code also intends to give a CRB powers in these cases to seek information relevant to the individual’s fraud allegations from a CP who may have also been affected by the alleged fraud in order to both determine whether the individual has been a victim of fraud, and to decide the length of the ban period.

    Enhanced powers for the Privacy Commissioner

    Whilst we are yet to have mandatory data breach notification laws, which would require individuals to be notified by an entity which holds their information of a data breach (currently it is just encouraged that this occurs), there are some areas where the Privacy Commissioner’s powers will be strengthened.

    The Privacy Commissioner will have enhanced powers, in the areas of:

    • Ability to accept enforceable undertakings

    • Ability to seek civil penalties in the case of serious or repeated breaches of privacy

    • Ability to conduct assessments of privacy performance for both Australian government agencies and businesses.

    On 28 December 2012, section 4AA of the Crimes Act 1914 was amended to increase the amount of a penalty unit from $110 to $170.

    This means that, under the reforms to the Privacy Act due to commence on 12 March 2014, the maximum penalty amount for a serious or repeated interference with the privacy of an individual will be $340,000 for individuals and $1.7 million for entities.

    Identity theft test.

    As part of Privacy Awareness Week, you can take an online identity theft test, via the OAIC website to see how vulnerable you may be to identity theft. It examines 11 ways you could become a victim of identity theft and offers advice on ways to reduce your risk.

    Image: Salvatore Vuono/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Information Security – Is Your Business Ready for Privacy Law Reform? Privacy Awareness Week 2013

    Do you have a plan to walk your business through privacy law reforms? The Office of the Information Commissioner (OAIC) recommends businesses and government agencies who have obligations under the Privacy Act 1988 (Cth) should start planning now for the implementation of privacy law reform in March 2014. We provide you with guidance and links to the many significant aspects governing new obligations and responsibilities as a business which handles the personal information of individuals to assist you with the changes coming your way next year.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    PrivacyWeek-Banners-R1 - 2013-3

    Currently, businesses covered by the Privacy Act are subject to the 10 National Privacy Principles (NPPs), while most Australian, ACT and Norfolk Island government agencies must comply with 11 Information Privacy Principles (IPPs). Under the new privacy law the IPPs and NPPs will be replaced by the new, unified, Australian Privacy Principles (APPs). This is just one of the many significant changes to the Privacy Act.

    The OAIC has outlined some questions you can ask yourself to see what your requirements may be within the new privacy laws:

    • Does your business or agency handle personal information? There are some changes to what constitutes personal information under the Privacy Act

    • Do you need to review your business or agency’s privacy policy? You should have an up-to-date policy that is reviewed regularly. The new laws set out some requirements for privacy policies

    • Do you need to review your business or agency’s outsourcing arrangements? You will need to do this particularly if you are sending personal information overseas.

    • Do you use direct marketing to reach your customers? If you do, you will need to provide an easy way for people to opt-out of receiving these communications. There are some new rules in the area of direct marketing.

    • Does your business or agency receive unsolicited personal information. There are some new rules on how to handle this information.  

    • Do your information security systems need to be reviewed and updated?

    We recommend you download the OAIC’s Guide to Information Security (PDF) – an essential document for any business or agency which establishes a requirement to protect the personal information of individuals.

    If you are directly handling personal information, see also below the OAIC’S privacy factsheet 7 on ‘Ten Steps to protect other people’s personal information’ below:

    Ten steps to protect other people’s personal information.

    The aim of this 10 step guide is to help your organisation or agency protect other people’s personal information.

    Personal information is defined in s 6 of the Privacy Act 1988 (Cth) (Privacy Act) and means information that identifies or could reasonably identify an individual. There are some obvious examples of personal information, such as a person’s name and address. Personal information can also include medical records, bank account details, photos, videos, and even information about what an individual likes, their opinions and where they work.

    The 10 step guide gives a snapshot of some of the privacy rights for individuals, and obligations that organisations and Australian, ACT and Norfolk Island Government agencies have under the Privacy Act.

    The OAIC website has more information for organisations and agencies. You can also call our Enquiries Line on 1300 363 992.

    1. Only collect information you need

    Make sure individuals know what personal information your organisation or agency collects and why. Also ensure that: each piece of information is necessary for any of the functions or activities of the organisation or agency, and the information is required in the circumstances. Sometimes, activities can be carried out without collecting personal information. This allows individuals to interact anonymously with your organisation or agency.

    2. Don’t collect personal information about an individual just because you think that information may come in handy later.

    Only collect information that is necessary at the time of collection, not because it may become necessary or useful at a later date. If you need it later, collect the information then.

    3. Tell people how you are going to handle the personal information you collect about them.

    Have a publicly available policy that tells people how you handle personal information. Also, when you collect personal information, always let people know why you need to collect the information, how you plan to use it, who you are going to give it to. Make sure they know your contact details and, if they want to, how they can get access to their personal information.

    4. Think about using personal information for a particular purpose.

    Generally, organisations should not use personal information for a secondary purpose unrelated to the main purpose for which they collected the information. Unless your organisation has consent from the individual concerned or authorisation under law, it should generally only use personal information if it is: related to the purpose your organisation collected it for, and within the reasonable expectations of the individual.

    Similarly, agencies must: only use personal information for a relevant purpose, and take reasonable steps to ensure that personal information is accurate, up to date and complete before using it.

    The OAIC website has more information on the obligations organisations and agencies have under the Privacy Act.

    5. Think before disclosing personal information

    The Privacy Act allows organisations and agencies to disclose personal information in some circumstances. Sometimes, organisations and agencies disclose personal information when they don’t need to, or without considering whether the disclosure is authorised under the Privacy Act. Always think about whether a purpose can be achieved without disclosing personal information. Good practice: Get consent from the individual if you want to disclose their personal information for a reason that is different from the reason you collected it.

    6. If people ask, give them access to the personal information you hold about them

    Organisations and agencies have a general duty to give individuals access to their personal information. Here are some things to consider: Be as open as possible by giving individuals access to their personal information in the form they request. If you deny access to personal information, give the reason — consistent with the Privacy Act — to the individual as soon as you can. An individual also has an alternative path when seeking information from an agency. If an individual seeks access under the Freedom of Information Act 1982 ((Cth)) (FOI Act), the agency is obliged to consider the request under the FOI Act rather than the Privacy Act. Access under the FOI Act may be subject to specific exemptions. This alternative applies only to agencies, not organisations. The OAIC website has more information for agencies regarding the FOI Act.

    7. Keep personal information secure

    It is important that you keep personal information safe and secure from unauthorised access, modification or disclosure and also against misuse and loss. How you do this depends on the sensitivity of the information you hold, and the circumstances of your organisation or agency. Methods could include: considering the adequacy of existing security measures and procedures, including whether any relevant standards are met training staff in privacy procedures ensuring adequate IT security, such as installing firewalls, cookie removers and anti-virus scanners on work IT systems checking that all personal information has been removed from electronic devices before you sell or destroy them keeping hard copy files in properly secured cabinets allowing staff to access personal information on a ‘need to know’ basis only regularly monitoring your information handling practices to ensure they are secure. Depending on the size of your organisation and the information it collects, it may be prudent to have an external privacy audit done.

    8. Don’t keep information you no longer need or that you no longer have to retain

    If you no longer need personal information and there is no law that says you have to retain the information, then destroy it. Shred, pulp or destroy the personal information paper records. Dispose of files in security bins. Delete electronic records or files securely so that they can’t be retrieved.

    9. Keep personal information accurate and up to date

    The accuracy and currency of personal information you hold can change. Your organisation or agency needs to take reasonable steps to keep the personal information it holds current. Amend your records to reflect changes and make sure both hard copy and electronic files are updated. If you know that some personal information is likely to change regularly, go through the files periodically to ensure that your records are accurate and up to date.

    10. Consider making someone in your organisation or agency responsible for privacy

    This could be a designated person (often called a Privacy Contact Officer or Chief Privacy Officer) who: knows your organisation or agency’s responsibilities under the Privacy Act, and is willing and able to handle complaints and enquiries about the personal information handling practices of your organisation or agency. This person could also be responsible for implementing a complaint handling process, staff training programs and promoting Privacy Act compliance.

    Don’t leave privacy to chance.

    In tomorrow’s Privacy Awareness Week 2013 post – we look at the Privacy Reforms aimed at protecting individuals, and their credit file from identity theft.

  • Mandatory data breach notification finally on the table in Australia

    Should organisations be required by law to make data breach notifications when they occur? The Australian government has finally put this topic to the Australian public following the release of their discussion paper. This is long overdue so that customers who have their personal information unsecured in some way through a company data breach are notified and are able to take swift steps to secure their own records and personal information from identity crime. We look at why these laws are so important and how a data breach can impact a person’s credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Yesterday the Australian Government released a statement to the media seeking views on the introduction of mandatory data breach notification laws, which aims to bolster privacy protections for Australians’ personal information in digital databases.

    Attorney-General Nicola Roxon said that it was timely for a public discussion on how legislation might deal with data breaches, such as when private records are obtained by hackers.

    “Australians who transact online rightfully expect their personal information will be protected,” Ms Roxon said.

    “More personal information about Australians than ever before is held online, and several high profile data breaches have shown that this information can be susceptible to hackers.

    Those high profile data breaches include the Sony data breach in 2011, First State Super scandal in the same year; this year the Zappos data breach and the Telstra data breach to name but a few instances where the personal information of Australians was exposed to hackers. What these incidents did is highlight the gaping hole in Australia’s privacy legislation which needed to be filled to protect consumers.

    Whilst organisations are encouraged to disclose data breaches to the Commonwealth Privacy Commissioner, it has not been mandatory to do so. There has been much criticism over companies “holding out” on their customers following a data breach, and waiting days or up to a week or so to notify customers that their personal information may be at risk.

    During this time, it has been argued that hackers have had free access to this personal information without the customer doing anything to minimise their own risk, such as cancelling accounts, changing passwords and flagging their credit accounts and credit file.

    The Australian Privacy Commissioner, Mr Timothy Pilgrim has had little recourse within legislation to deal with lack of notification following a data breach.

    In his statement to the media, Mr Pilgrim said in 2011–12, the Office of the Australian Information Commissioner (OAIC) received 46 data breach notifications, an 18% decrease from the number of DBNs received in 2010–11.

    ‘This decrease in notifications is difficult to explain but I have seen reports that suggest we are only being notified of a small percentage of data breaches that are occurring. It is very concerning that many of incidents may be going unreported and customers are unaware that their personal information may be compromised,’ Mr Pilgrim said.

    He has officially supported the release of the discussion paper.

    ‘…Privacy breach notification is an important issue that needs community debate, and I’m sure there will be a wide range of views expressed on whether this notification should be mandatory.’ Mr Pilgrim said.

    ‘Currently there is no legal requirement in Australia for organisations to notify individuals when a privacy breach occurs. However, I believe that where personal information has been compromised, notification can be essential in helping individuals to regain control of that information. For example, an individual can take steps to regain control of their identity and personal information by changing passwords or account numbers if they know that a data breach has occurred,’ Mr Pilgrim said.

    We agree this is an area which is overdue for going under the legislative spotlight. We can’t take lightly the possibility that any company that keeps data on its customers could be exposed to data breaches. Identity theft is becoming more prevalent, and personal information is lucrative for fraudsters.

    Unfortunately it seems everywhere people turn some company has been hacked – and it seems every entity with a computer is vulnerable. It is still extremely scary the level of risk peoples’ personal information undergoes these days when it is stored online.

    Personal information in the wrong hands can lead not only to identity fraud, but the misuse of the victim’s credit file, which can have significant long term consequences.

    A lot of identity fraud is committed by piecing together enough personal information from different sources in order for criminals to take out credit in the victim’s name. Often victims don’t know about it right away – and that’s where their credit file can be compromised.

    Once the victim’s credit rating is damaged due to defaults from this ‘stolen’ credit, they are facing some difficult times repairing their credit rating in order to get their life back on track.

    These victims often can’t even get a mobile phone in their name. It need not be large-scale fraud to be a massive blow to their financial future – defaults for as little as $100 will stop someone from getting a home loan.

    Once an unpaid account goes to default stage, the account may be listed by the creditor as a default on a person’s credit file. Under current legislation, defaults remain on the credit file for a 5 year period.

    What is not widely known is how difficult removing credit listings which shouldn’t be there can be – even if the individual has been the victim of identity theft. There is no guarantee that the identity theft victim will have the defaults removed from their credit file. The onus is on them to prove their case and provide copious amounts of documentary evidence.

    This is where often victims who need to recover their credit rating can benefit from third party assistance, such as a credit repair company, to assist with proving the victim did not intitate the credit, help with a case for removal and negotiate on the victim’s behalf.

    But the best method is prevention – and this can be difficult for victims to have any control over. They leave their personal information with a company, and must trust that their systems are working and that their information is safe.

    The only ways people can ensure their details are safe or dealt with safely are to:

    a) Demand that the companies they deal with are protective over their customers’ personal information. They should demand companies have strong IT systems.

    b) Adopt a need-to-know basis for disclosing their personal information. They should always question the need for their details to be handed over. If it is not essential, they shouldn’t do it; and

    b) Demand our country adopt mandatory data breach notification laws so we can, as Mr Pilgrim describes, have our organisations “embed a culture that values and respects privacy.”

    Image: phanlop88/ www.FreeDigitalPhotos.net

  • Is your good name at risk? What you may not know about identity theft and your credit file

    It is reported that possibly as many as 24 per cent of Australians* have been, or knows someone who has been, a victim of identity crime in the last six months. As this week is National Identity Fraud Awareness Week, we are hoping to do our part to raise awareness about this crime. Victims are not always ‘gullible’ as may be the impression in the wider community. Many experts say it is not a matter of if you experience an identity theft attempt, but when. So we look at the facts on identity crime both worldwide and in Australia, and hope to educate more people about this new crime wave, as it can severely impact your credit file and hinder your ability to obtain credit. It could also help to pass the information on to someone you know.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au

    Australian Federal Police released a statement yesterday warning Australians to defend themselves against identity crime. AFP National Coordinator Identity Security Strike Team’s Darren Booy said this year’s focus is on limiting the amount of personl information that falls into the hands of criminals.

    “Identity fraud is an emerging threat to Australia and is growing rapidly, with identity fraudsters using increasingly sophisticated methods to manipulate their victims,” Superintendant Booy said in a statement to the media.

    Who commits identity theft?

    It can originate from someone you know – for example an acquaintance obtains identity documents or credit card details to impersonate you. Or more increasingly it comes from professional fraudsters whose main occupation is to steal personal information and financial details in order to commit fraud. These fraudsters are reportedly part of a network of criminals possibly involved in many other crimes. The Australian Federal Police recently stated that most large crime groups have built identity theft into their repertoire.

    The key to successful identity theft is obtaining your vital personal information. The internet is a big source of personal information and its ever increasing use makes you more vulnerable to identity crime than ever.  This means identity crime can have very long arms and can originate overseas. Social networking, online banking, company databases and email scams can all be havens for today’s cyber- criminal.

    You can also fall victim to a number of rampant telephone scams, credit card skimming, or criminals can also take to going through your rubbish bin for anything they may be able to use to steal your identity.

    Why is identity theft increasing?

    The pay-offs are huge for criminals. It is estimated by the Australian Crime Commission that identity crime costs Australians $1 billion a year.( OECD Committee on Consumer Policy, Online Identity Theft, February 2009, p. 37).

    In cyber circles alone, world estimated costs for cybercrime are staggering.

    Cyber-crime expert Mischa Glenny says that while there are no precise figures out there, the White House suggested in 2009 that cybercime and industrial espionage inflicts damage of around U.S.$1tn per year, which is almost 1.75% of GDP.

    “Traditional bank robbers must be absolutely gobsmacked when they hear sums like this being hoovered up by cyber- criminals week in, week out,” he said in an article Cybercrime: is it out of control?

    How would identity theft impact my life?

    We consider if someone is alerted to having money stolen from credit cards early, or perhaps is able to call their bank and stop fraud in its tracks – that they are the lucky ones.

    The unlucky identity theft victim is unaware of the fraud until their identity is misused, and their credit rating with it. When identity theft damages your credit rating – it is because the fraudster has been able to overtake credit accounts, or has gained access to enough personally identifiable information about you to forge new identity documents.

    This gives the fraudster access to credit cards, loans, even mortgages which allows them to extract significant amounts of money without you realising it straight away.

    Fraudsters are never kind enough to pay back the credit they obtain in your name. After 60 days you may be issued with written notification of non-payment and the intention for the creditor to list a default on your credit file. It is at this moment that some people who were previously unaware of any problems find out they have been victims of this more sophisticated type of identity theft.

    But often the credit file holder has also had their contact details changed – and this means it is not until they apply for credit in their own right and are refused that they find out about the identity fraud. This can be a significant time after the initial crime.

    When would I know if I have been a victim of identity theft?

    Some signs to watch out for include:

    1. Strange unaccountable withdrawals on credit or personal bank accounts. It may not need to be a big amount to indicate fraud. Many criminals do ‘test’ amounts to begin with before extracting more significant amounts.

    2. Phone calls or emails from what often appear to be legitimate companies, asking for money or personal details. If you have given bank details or personal information in this way either online or on the phone there is a high chance it was a scam. Verify with the company in question.

    3. Can’t log in to social networking or bank accounts.

    4. Credit refusal

    5. Bills or letters of demand sent to you for accounts you don’t know about

    6. Missing mail – particularly credit card statements which could indicate someone has overtaken your accounts. In this case no news is not good news.

    What steps can I take to prevent identity theft?

    1. Keep virus software up to date on your computer. Install automatic updates and perform regular virus scans.

    2. Keep your privacy settings secure on all social networking sites.

    3. Keep your passwords and PIN numbers secure. Don’t carry PIN numbers with your credit/debit cards, change passwords regularly and use a variety of passwords for different purposes.

    4. Check all your credit card and bank statements each time they come in.

    5. Cross-shred all personally identifiable information which you no longer need.

    6. Buy a safe for your personal information at home.

    7. Do not give any personal information or credit card details to anyone via phone or email unless you are sure the site is secure, and or you can verify the company details.

    8. Be aware of who gets our personal information and for what purposes. What can these people do with the information they are gathering? For instance, is it really necessary for the site you are registering on to have your date of birth?

    9. Keep up to date with the latest scams by subscribing to the ACCC’s ‘SCAM watch’ website. For a list of ways your computer can put you at risk, visit the governments Stay Smart Online website www.staysmartonline.gov.au.

    10. Check your credit file regularly. A credit check at least every 12 months (which is free annually) will alert you to any suspicious activity with your credit file.

    If you think you might be vulnerable to identity theft, here are some things you need to do:

    What can I do if I suspect I am a victim of identity theft?

    1. Notify Police immediately. Many people do nothing due to embarrassment, or because they don’t believe the fraud was significant enough. But is only through this crime getting reported that statistics get collated, and we start to have any chance of catching the criminals.

    2. Notify creditors. You may need to cancel credit accounts.

    3. Obtain a credit report. This report is free once per year for every Australian who holds a credit file. It will indicate to you whether any of your contact details have changed, or whether there have been credit enquiries on your account. If you act quickly enough, you may be able to stop your credit rating from being affected by black marks which would come from fraudsters obtaining credit in your name.

    4. Notify credit reporting agencies of the possible fraud. They will be able to put an alert on your credit file.

    5. Police may assist you in obtaining a Victims of Commonwealth Identity Crime certificate, if they believe you are eligible. You can apply to a magistrate in your State for this certificate, which may help in recovering your credit rating or credit accounts. Victims need to have had a Commonwealth Indictable Offence committed against them. For more information, visit the Attorney-General’s website www.ag.gov.au.

    If you or someone you know needs help recovering their credit rating following identity theft, contact MyCRA Credit Repairs, www.mycra.com.au or call a Credit Repair Advisor tollfree on 1300 667 218 for confidential advice and help restoring your good name.

    The Australian Federal Police have established an Identity Crime Survey to test people’s vulnerability to identity crime, and we encourage everyone to take the test: http://www.afp.gov.au/what-we-do/campaigns/national-identity-fraud-awareness-week.aspx

  • Veda throws new light on identity theft and credit fraud: 1 in 5 affected

    Identity theft numbers continue to climb. How can this impact your credit file and possibly lead to a wrong default listing? And what action can you take if you are a victim of identity fraud?

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Credit reporting agency Veda Advantage has revealed more results of their annual Australian Debt Study, of around 1,000 Australians that one in five have had their identities stolen or had their personal or financial data illegally accessed.

    The results, released on Thursday to the Sydney Morning Herald and published in the story Identity theft hits one in five: study, shows the figures have climbed higher than previous studies on identity theft. This includes the widely attributed study on identity theft commissioned by former Attorney-General Robert McLelland twelve months ago, which revealed one in six Australians had fallen victim to, or knew someone who was a victim of identity theft.

    It was reported that credit card crime such as skimming is one of the major problems plaguing consumers. Here is more from that story:

    Australians aged 35-49 are the most likely group to fall victim to identity fraud while 18-24 year olds are the least likely to report illegal access to their personal or financial data…

    …people earning more than $70,000 are much more likely to be targeted for bank account and credit card crime than those earning $40,000 a year or less and cases of identity theft and financial fraud are highest in Western Australia and NSW.

    Findings also show that almost one in three Australians suffered some form of credit crime and lost their wallet containing credit cards and identification.

    Matthew Strassberg, a Veda senior advisor said: “Identity crime is a thriving industry in Australia, with the Australian Bureau of Statistics estimating the cost of personal fraud to consumers at $1.4 billion dollars a year.

    “Whilst credit card fraud is a common form of identity crime, many people do not realise that with only a small amount of personal data, an identify thief could take out a second mortgage on a house, or open up a new line of personal credit and purchase items in their name or under a false identity.”

    Credit card fraud is the most common type of identity crime, but it is buffered by substantial bank insurance and good general knowledge of the steps to take should a person’s credit card be stolen – cancel cards, let the bank know etc etc – but the silent ‘killer’ if someone’s wallet is stolen or a home is broken into; or personal information accessed over the internet or through the various sophisticated computer viruses that are out there – could be the personal information that can be accessed and misused.

    We consider if someone is alerted to having money stolen from credit cards early, or perhaps is able to call their bank and stop fraud in its tracks – that they are the lucky ones.

    The unlucky identity theft victim is unaware of the fraud until their identity is misused, and their credit rating with it. When identity theft damages a person’s credit rating – it is because the fraudster has been able to overtake credit accounts, or has gained access to enough personally identifiable information about the victim to forge new identity documents.

    This gives the fraudster access to credit cards, loans, even mortgages which allows them to extract significant amounts of money without the victim realising it straight away.

    If credit accounts are not repaid – after 60 days the victim may be issued with written notification of non-payment and the intention for the creditor to list a default on their credit file. It is at this moment that some people who were previously unaware of any problems find out they have been victims of this more sophisticated type of identity theft.

    But often the credit file holder has also had their contact details changed – and this means it is not until they apply for credit in their own right and are refused that they find out about the identity fraud. This can be a significant time after the initial crime.

    It can often be difficult for Police to track down who was responsible for the fraud, and likewise, it can be difficult to prove to creditors the victim did not instigate the credit in the first place. People can be left not only owing thousands of dollars, but can also be left robbed of the ability to take out new credit. Major fraud such as this can completely debilitate a family for years after the crime took place. Bad credit sticks around for between 5 and 7 years, depending on how the unpaid credit is listed on the victim’s credit file.

    Knowing how to dispute a credit report which is damaged from identity theft is a science, as is all credit listing complaints. The onus is on the credit file holder to prove to the creditor they did not initiate the credit. This requires proof, including Police reports and documentary evidence.

    This is why many identity theft victims – and all victims of credit file mistakes – turn to professional credit repairers to repair their bad credit in these instances. Often there is only one shot at disputing a credit listing with a creditor. Seeing a professional can give people the best chance of correcting bad credit and having those mistakes (including mistakes from fraud) which appear on their credit report removed for good.

    If you are the one in five who has been a victim of identity theft, have you checked your credit file lately? Do you know whether you could be at risk of identity fraud and credit misuse?

    You can get a free copy of your credit file annually from one or more of the credit reporting agencies in Australia and you should do this to make sure your good name hasn’t been compromised.

    If there is something on your credit report that you don’t agree with, or you think you may have fallen victim to identity crime, contact Police and contact a credit repairer – don’t be embarrassed, and don’t put up with bad credit that shouldn’t be there.

    Image: scottchan/ www.FreeDigitalPhotos.net

    Image: vichie81/ www.FreeDigitalPhotos.net

  • Don’t throw away your identity on rubbish day

    Rubbish day will never be the same again…not when fraudsters are sniffing around rubbish bins like alley cats at night looking for any kind of personally identifiable information on unsuspecting residents.

    If people think there’s nothing that can be done with that old electricity bill, or scoff at credit card offers and bin them immediately, they may be surprised to know that the information they throw away could be pilfered and those criminals could be putting everything they hold dear at risk.

    A growing crime known as ‘dumpster diving’ threatens the bank accounts, and the good name of many Australians every night. Personal information has become such a valuable commodity, criminals are willing to rifle through people’s rubbish to obtain it.

    Here’s how it happens…

    At night criminals are out on the streets of Australia going through rubbish bins. They are hunting for personal information to commit identity theft. This may not be their first time at a particular rubbish bin. They may be adding information to what they already have.

    Or piecing together information from a variety of sources including the internet, until they have enough to go about obtaining duplicate copies of identification documentation.

    Once this happens, they are able to take out credit such as loans, cards and even mortgage properties in the victim’s name.

    This comes as Today Tonight  in its story ‘Identity Theft Alert‘ interviewed Rob Forsyth from security company SOPHOS on 14th October.  It was revealed that 2 in 5 Australians put old bank statements and other key personal papers into recycling.

    Mr Forsyth says no suburb is immune to fraudsters rifling through that rubbish on the hunt for personal information.

    “They know, because it’s public information which councils have pick-ups on which day, and whether it’s garden waste or recycled waste, and they will cruise through those streets in the middle of the night and go through the garbage bins,” Mr Forsyth says.

    He says once they have enough personal information, they will on-sell that information abroad – including dumped bank statements, credit card offers, phone bills, which already bear the person’s name and address.

    The Australian Crime Commission cites identity theft as the “fastest growing crime in Australia” , and a survey commissioned by the Attorney-General’s office in June revealed 1 in 6 people had been or knew someone who had been a victim of identity theft or misuse.

    There are significant long-term implications for the identity theft victim past the initial monies lost if fraudsters gain access to a person’s credit rating.

    If an account – fraudulent or otherwise – goes unpaid past 60 days, the creditor will list the non-payment as a ‘default’ on the person’s credit file. This default will remain on the credit file for 5 years and can severely hinder  any chances of obtaining credit during that time.

    Often the first time victims of identity theft and subsequent fraud find out about the crime is when they go to apply for a loan or credit card and are refused due to defaults they were not aware of.

    Adverse credit file listings such as defaults are not removed easily, and at this stage, victims have to do a whole lot of work to try and prove to creditors they were not responsible for the unpaid accounts, including providing Police reports.

    Information should be treated with the respect it gets in criminal circles.

    Here’s some simple ways to protect personal information from identity theft:

    – Buy a shredder and cross -shred every piece of personally identifiable documentation that is no longer required before putting in the rubbish bin.

    -Buy a safe for personal documents at home

    -Put a lock on the letterbox to avoid mail being stolen.

    -NEVER give out personal information to any person or entity without verifying their identity .

    -Personal information is valuable – always question the need for people to have it. If in doubt – opt out.

    Obtain a credit report regularly. People who may be vulnerable to identity theft can contact one or more of the major credit reporting agencies in Australia and request a copy of their credit file.  A credit file report is free for Australians every 12 months.

    For a fee, Veda Advantage offers credit file holders an alert service, which tracks any changes to their credit file within a 12 month period.This could detect suspicious entries such as new credit enquiries or changes in contact details which would point to an identity theft attempt, allowing steps to be taken before the fraud affects the person’s good credit rating.

    Personal information is so valuable to fraudsters. Shred it before you bin it, and lock it up if you want to keep it. Filter who gets it.  Protect your identity and your credit file integrity.

    For more information on identity theft and credit repair, people may contact MyCRA Credit Repairs on 1300 667 218 or visit the main website www.mycra.com.au.

    Image: Grant Cochrane / FreeDigitalPhotos.net

  • What We Can Do to Prevent Identity Theft

    So far this year we have posted about many issues that have arisen concerning the security of our personal information in this age of technology, and the possible dangers identity theft poses for our credit file.

    It is no secret that it is essential to take steps to keep our personal information safe. Why? Because regardless of whether our card/s will be reimbursed should we become victims of fraud, there is still the very real ramification of having our credit file tarnished by any identity fraud – and the inability to obtain credit for up to 5 years can be a huge financial loss.

    Events which have transpired recently have made us all feel quite nervous about who has the potential to use our personal details for purposes of stealing our identity.

    Issues such as the Sony PlayStation data breach, the attacks on Google’s U.S. Gmail account holders and the announcement of almost daily attempts at cyber-attack on Australia’s Foregin Affairs Department (just to name a few) have made us realise that identity fraud is indeed a reality for people in this country.

    A positive to come from these issues is that our Government has decided to step in to give advice via a white paper as to how businesses, government and individuals can make some changes to the internet in the interests of the security of its users.

    What do we do in the meantime? What steps can we take NOW to reduce our chances of becoming victims?

    Recently we read some really great articles from ‘Savings Guide.com.au’ on some practical ways we can all stay safe.

    In their article – “Shopping Online, How to Do it Safely” by Francesca Sidoti, she provides some great tips. We like this one:

    “Choose Your Location. Instinct is a funny thing. You have no hard reasons for why something feels off, it just does. And in this scenario, you should let it be your guide. Just as you wouldn’t hand over money to someone who looks dodgy, you should[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][n’t] enter your details in a site that doesn’t feel right. If something seems amiss, do some research. Google the site, or call the contact number. Be wary as well of clicking on ads. Though they’re usually hosted by legitimate companies, it’s worthwhile keeping a critical eye on everything you are entering personal information into.”

    Francesca also published an article “How to Avoid Credit Card Fraud and Identity Theft,” which provides help with how to use your credit card safely. The two tips below are excellent to remember:

    “Don’t’ give your credit card details out over the phone or email. Unless you’ve initiated the conversation. No legit company would ask for those details over the phone/email.

    Don’t sign blank credit card receipts How often do you actually check the receipt you sign? If your answer is ‘not often’, you need to rethink your approach. Blank sections of a receipt can be used to add extra charges, which you will pay for because your signature will be down the bottom.”

    We have compiled a quick list of some other ways we can prevent what has become the fastest growing crime in Australia:

    1. Keep virus software up to date on our computers. Install automatic updates and perform regular virus scans.
    2. Keep our privacy settings secure on all social networking sites.
    3. Keep our passwords and PIN numbers secure. Don’t carry PIN numbers with our credit/debit cards, change passwords regularly and use a variety of passwords for different purposes.
    4. Check all our credit card and bank statements each time they come in.
    5. Cross-shred all personally identifiable information which we no longer need, rather than throwing it straight in the bin.
    6. Buy a safe for our personal information at home.
    7. Do not give any personal information or credit card details to anyone via phone or email unless we are sure the site is secure, and or we can verify the company details.
    8. Be aware of who gets our personal information and for what purposes. What can these people do with the information they are gathering? For instance, is it really necessary for the site we are registering on to have our date of birth?
    9. Keep up to date with the latest scams by subscribing to the government’s ‘SCAM watch’ website.
    10. Check our credit file for free every 12 months. By requesting a copy of our credit file from one or more of the major credit reporting agencies,Veda Advantage, Dun & Bradstreet and Tasmanian Collection Service (TASCOL) we can be aware of any discrepancies which may need to be investigated. Often it is only through a credit check which comes back with defaults on our credit file do we realise we have been victims of identity theft.
    11. Report any incident of identity theft, no matter how small, or even if we have been reimbursed for the damage – to the Police. The more of us who report identity theft, the more effective will be our Government and Police response to it in the future.

    For those of us who are already identity theft victims, it can be difficult to navigate the current credit reporting system to have the offending defaults removed from our credit file.

    MyCRA Credit Repairs can completely remove defaults from credit files that have errors, are unjust or just shouldn’t be there. Contact www.mycra.com.au for more help.

    <p><ahref=”http://www.freedigitalphotos.net/images/view_photog.php?photogid=584″>Image: Chris Sharp / FreeDigitalPhotos.net</a></p>

     

    [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]