Contact Information [more...]

Credential Check Corporation is pleased to provide you with this month's edition of the Examiner-your source for news and facts on the security industry. This edition offers helpful insight in to important legal action against Spyware distributors, an update on ChoicePoint's legal woes, and a new toy threatening small security systems.

For a long time, savvy employers have appreciated the value of verifying credentials. It is no secret that job seekers often inflate credentials and experience in order to be more marketable while job hunting. But the concept apparently is foreign to Major League Baseball. Turns out that the medical director of the New York Jets and New York Islanders did not possess the education cited on his résumé. Dr. Elliot J. Pellman does not have the medical degree from the State University of New York he claims he did. He actually received his medical degree in Guadalajara, Mexico, though he spent one year at SUNY at Stony Brook. "Dr. Elliot and the Jets are a perfect example of why thorough pre-employment screening is so important to all businesses," said Tim Whiting, Director of the Applicant Screening Division of Credential Check Corporation. "The Jets opened themselves up to some potentially serious problems if Elliot would have done something wrong."

Best advice: Regardless of the position for which the applicant has applied, verify his or her credentials and ask to see the actual diploma(s).

New York Attorney General Eliot Spitzer is at it again. This time New York's top crime fighter has targeted spyware; those nasty little programs that crooks, identity thieves and unscrupulous advertisers secretly load onto your computer in order to control it or monitor its use. Last week Spitzer sued Los Angeles based Internet marketer, Intermix Media Inc., claiming it illegally sticks hapless computer users with spyware and intrusive adware. To gain access to its victim's computers, Intermix lures users to one of its Websites-such as MyCoolScreen.com or CursorZone.com where they download screensavers, cursors, games, gags and greetings. According to Spitzer many of these freebies contain spyware and adware that download unnecessary and annoying toolbars directing computers to unrequested Websites with pop-up ads. Spitzer alleges that his six-month investigation revealed that Intermix dumped 3.7 million unwanted downloads on New Yorkers alone. "These fraudulent programs foul up machines, undermine productivity and in many cases frustrate consumers' efforts to remove them from their computers," says Spitzer.

Spitzer is known for his bare knuckle negotiating tactics, often squeezing massive settlements from defendants before even getting them to trial. Says one observer, "A call from Spitzer's office can ruin your day, and your pocketbook."

Some of the big retailers say there is a common thread to many of the recent security breaches they and their customers have suffered: software that they say improperly stores credit card data. Merchants say that the software that processes customer credit card information is supposed to purge the data after each transaction. However, a programming glitch has enabled criminals to capture it and use it for illegal purposes. Retailer Polo Ralph Lauren Corp. is one such merchant. A spokeswomen for the firm said that software used at checkout counters at more than 180 stores improperly retained customer credit card data.

According to sources close to the problem, the magnetic strip on the back of credit cards contains encoded information that does not appear on the front of the card. If in the wrong hands, the information, including a three-digit verification code, could allow criminals to "validate" a fake card.

As concerns mount, retailers are fighting back. BJ's Wholesale Club Inc. has sued IBM to compensate it for losses stemming from a credit card breach last fall. BJ's claims that hackers stole 40,000 of its customer's credit card numbers by means of a defect in IBM's software. The Natick, Massachusetts retailer has set aside $16 million to cover potential claims resulting from the loss. In legal papers filed by IBM, it says it is not responsible.

According to the Wall Street Journal, recent computer breaches have raised questions about the security some credit card processing software offers.

Merchant	Software/Vendor	Alleged Breach
Polo Ralph Lauren Chipotle Mexican Grill DSW	Tradewind/Datavantage Aloha Suite/Radiant Systems Advanced Store/NCR	Fall 2004 October 2004 November 2004-February 2005

ChoicePoint, a leading data wholesaler, faces problems on several fronts. In September 2004 the company became suspicious of several small business customers. An internal investigation eventually revealed that identities of over 140,000 consumers had been compromised. The investigation led to the arrest and conviction of one man. Because some 35,000 of the consumers lived in California, which has a notification law requiring consumer notification in the event of illegal access to their personal data, all 140,000 were notified. So far only 750 of them have been victimized. But according to Security Business Newsletter, ChoicePoint CEO, Derek Smith and COO Doug Curling, knowing the violation of internal controls had occurred, sold about $18 million in stock they owned. The price of the stock has since declined. In the meantime, ChoicePoint has begun auditing its customers and truncating Social Security numbers when providing consumer information to its customers. The firm estimates that the loss of business and consequential litigation will result in a charge of about $20 million.

"Another result of much greater consequence is the avalanche of new legislation proposed by lawmakers to restrict the access to consumer information and more severely punish those that steal identities," said Bob Samuel, Director of the Agent Management Division of Credential Check Corporation. "However the unintended consequence of much of this legislation, if enacted, will restrict those in the private sector that fight identity theft and chase down fraudsters."

Zacarias Moussaoui, the only person charged in connection with the 9/11 attacks against the United States, last month pleaded guilty to six counts, including conspiracy to commit terrorism, commit aircraft piracy, destroy aircraft, murder government employees, and destroy property. Moussaoui told federal Judge Leonie Brinkema that he was part of a broader plot to fly a jetliner into the White House. The surprise plea ended Moussaoui's rollercoaster trial, in which he represented himself and had to be delayed three times since beginning in October 2002. He now awaits sentencing, which could result in his being put to death. Moussaoui said he is opposed to the death penalty for religious reasons and would fight such a sentence.

Surprise: While Moussaoui held a six-month temporary Visa and was in the U.S. legally at the time of his arrest, he had a valid state drivers' license in his pocket-a license that would not expire for six years after the expiration of the Visa!

They are all over. You know, those small CCTV set-ups in convenience stores, gas stations and small businesses. Now an innocent but often disliked gadget called TV-B-Gone poses a new threat to these systems. Most of the more than one million systems in operation are installed so as to be controlled with a simple remote. TV-B-Gone, a small handheld device the size of a car key fob, when pointed at any remote-capable TV, will turn it off in less than 30 seconds. While novel, the device also can be used to turn off remote-capable security systems. CCTV's are small retailers' number one deterrent against armed robbery. Now a toy that costs about $15 can neutralize them remotely and almost instantly. Best advice: replace remote-capable systems and post signs indicating existing CCTV set-ups are manually operated and monitored.

TV-Be-Gone is a proud sponsor of the TV Turnoff Network, a Washington D.C. based nonprofit that "encourages children and adults to watch less television in order to promote healthier lives and communities." TV-Be-Gone recently supported TV Turnoff's National TV Turnoff Week last month. No doubt you heard about it.

Last month the TSA added all types of lighters to its list of items that can no longer be carried aboard commercial airliners. Lighters have long been prohibited from checked baggage because of the potential fire hazard, so the change is an extension of an existing safeguard says the TSA. The new rule allows passengers to possess up to four books of matches and relaxes the restriction on nail clippers, disposable razors, knitting needles and tweezers. For a complete list of prohibited items go to the TSA Website and enter prohibited into the search box.

Office dating, a taboo in many workplaces, has gained new popularity. Because so many workers spend so much time at work, it has been increasingly difficult for singles to find dates outside of the office. According to the American Management Association, office dating indeed often leads to marriage. Among colleagues who dated, 44 percent married, another 23 percent had a long-term relationship.

Employers quickly respond that office dating is the leading cause of sexual harassment claims against them and their managers.

Stamps.com is at it again. The company that last year briefly allowed customers to turn their favorite image into a custom postage stamp-quickly stopped the offer when pranksters turned images of Ted Kaczynski and Linda Lovelace into legal postage- is back. This time Stamps.com has stricter rules on the kinds of images that can be placed on stamps. No longer will the firm allow the images of celebrities, politicians, world leaders or convicted criminals be put onto stamps. Obscene, offensive, pornographic and menacing images are out also. To monitor images submitted for stamps, the firm has assembled a library of tens of thousands of images it has deemed prohibited. In a recent test of just two months, Stamps.com said it sold 2.75 million custom postage stamps. Of the 83,000 images submitted about 9 percent were rejected. While some stamps of questionable taste did slip through, the U.S. Postage Service has given Stamps.com the green light to again sell custom stamps. Stamps.com will again be taking orders starting May 17th. A sheet of 20 37-cent stamps costs $16.99.

Security experts agree that it is only a matter of time before criminals figure out ways to find and exploit security holes in Check 21's new check processing technology. In the meantime, consumers can do more to protect themselves. Here's what we recommend:

• Never make checks payable to Cash.
• Order your checks from your bank. Mail-order checks are often less expensive but typically are easier to alter than bank checks.
• Protect deposit slips. A common scam is to deposit worthless checks into your account and get some of the deposit back as cash.
• Review all deposited checks and ensure they are still made out to and endorsed by the original intended party.
• Protect your signature. Use your real signature for checks and important documents; use another for forms, questionnaires and other routine documents.
• Report suspicious transactions to your bank immediately. The sooner the bank is aware of a problem, the sooner it can investigate it and take corrective action.

If you are interested in obtaining additional information about these articles or the services offered by Credential Check Corporation, please contact one of the following individuals:

Michael A. Pachuta President		888-689-2000 michael.pachuta@credentialcheck.com
Robert H. Samuel Executive Vice President		888-689-2000 robert.samuel@credentialcheck.com
James E. Bonnell, CFE, CPP Director of Risk Management		248-526-5209 james.bonnell@credentialcheck.com
Timothy D. Whiting Director of Applicant Screening		248-526-5213 timothy.whiting@credentialcheck.com

Thank you! We'll see you next month!