Friday, July 27, 2007

Certegy: "Sorry - did we say it was 2.3 million records stolen?"

Unsurprisingly, the number has mysteriously risen to 8.5 million. Eight million, five hundred thousand: that's how many people have had their personal information stolen from a company whom they most likely hadn't authorized to even have that information to begin with.

Wednesday, July 18, 2007

What is wrong with people?

Some commenters here have suggested that it is the consumer's fault their data was stolen because, after all, they shouldn't be using checks in the first place. I find it difficult to think of a more ridiculous justification. It reminds me of what domestic abusers say - "If she didn't provoke me, I wouldn't have to hit her." Perhaps it's also my own fault if my vehicle is stolen, because, why have a car? Nonsense.

I've said it before and I'll say it again: that other people have committed fraud or had overdrawn accounts is not my problem. The ONLY factors that matter in a check transaction are the correct identity of the check writer, the legitimacy of the physical paper check, and the presence of sufficient funds in the account. This is plainly inarguable. All of these are easily verified by a number of means. And as long as the paper check is legal tender, people have the right to expect a legitimate check to be accepted by a business that still takes them.

Another commenter suggests that this isn't Certegy's fault, really, because they're going after the person who did it and come on, no employee screening is going to be foolproof. I understand that a large corporation can't control every movement of its employees. I get that, I really do. It's just not the point. What angers a lot of people is not that the data was stolen, but that the data was there to be stolen in the first place! Certegy does not need to be keeping decades-old records on millions of people. Even a bankruptcy comes off a credit report after seven years, but Certegy has records on people who haven't written a check in fifteen or more years. They even have credit card numbers, which makes little sense if their job is about checking accounts. What's more - and by their own admission - they frequently don't even use that information to verify checks. Instead they use silly "risk calculations."

Finally, on lawsuits: I say, go for it. Every single person who has had their information compromised deserves to be compensated. I believe that's the case any time there is data theft, but it's especially true in this case as many people never gave consent for Certegy to have any sort of "account" on them to begin with. In a way, there were two data thefts here.

Friday, July 13, 2007

Thousands Learn: Their Personal Data Has Been Stolen

I came home from work two days ago and had a letter from this company called Certegy. (I had never heard of them before) I opened it, assuming it was your ordinary "junk" mail, that is until I saw my personal information on the top of the letter. The letter contained my full name, address, phone number, Social Security Number, & my Bank account numbers. So, I preceeded to read the two page letter. It was a letter sent to me to tell me that an employee of theirs had stolen ALL of my personal info!!! It stated that he had bank account numbers & everything!! It also stated that the employee was fired!! A lot of good that does me ~ he has all my info!!!!

The emails are rolling in now. This is how it works: John Doe gets a letter from Certegy telling him that all of his personal information has been stolen. But don't worry, the letter says, we fired the guy. Poor John has never even heard of Certegy. "Why would they even have my information in the first place?" he wonders.

Odds are you found this site because you recently got just such a letter. In brief, Certegy is a financial company that has a file on you if you've ever written a check to any of these retailers, or gotten cash at a casino. It doesn't matter if it was last week or fifteen years ago - they've got your info. They "verify" check transactions. By "verify," I don't mean they make sure the account has enough money to cover the check. No, that would be too easy. Rather, they use "algorithms" to "determine the risk level" of a given check, and can accept or deny your check based on them. Unfortunately for you and me, no one really knows just what criteria are used to make these determinations. It seems clear that those criteria are faulty, given how many decent responsible people have had checks denied. It's almost as if Certegy's system is simply a random one - they deny just because they feel like it.

Certegy has come up with some "helpful suggestions" for those who have had their data stolen. (Check them out but know that, breaking common web protocol, they're all in unmarked PDF files. Morons.) I'm sure you're thrilled to know that they've filed a civil complaint against the employee that did this. I'll bet a happy little smile will play across your face while you're on hold with your bank's manager, as you think of that naughty high-level executive sitting nervously in his multi-million dollar mansion awaiting a sentence which will probably later be reduced by an equally high-level Republican judge.

My favorite gem from Certegy's Q&A is this one: "Certegy has implemented a fraud watch on its internal systems for those checking accounts that are implicated." Jesus H. Christ. If you've never had dealings with this company before, you should know that their "fraud watch" methods are ALREADY a well-known joke. A common example is the person who tries to write more than one check to the same store within a week's time. The second check gets denied because Certegy thinks it "might be fraud." That's about the extent of their "fraud watch."

Anyway, thus far I myself have not yet gotten the dreaded letter. People have been writing asking for help and advice. Here are my thoughts on what people should do as a next step.

1. If it were me, I'd close my accounts and set up new ones. That is a very time-consuming and irritating prospect, but it's the best way to protect yourself. BUT - when you do this, log each and every minute it takes. Also, record ALL fees or expenses involved. If you have to drive ten miles and back to your bank to switch accounts, write down how much gas you used and calculate its cost. Using whatever your hourly rate is for your day job, figure out how many dollars worth of time you lose doing these tasks.

The idea here is that you are drawing up a bill for Certegy. They are responsible for this, and you have a right to demand compensation for their carelessness. So send them this detailed bill and let them know you will not tolerate this kind of error.

Remember that you never authorized Certegy to have an "account" or file on you in the first place. Did you sign a paper saying they could retain that data? Nope. Did they give you a disclaimer or information on how the data will be used? Nope. They are NOT a credit bureau and they have no business keeping records as if they were!

2. Certegy is encouraging customers to "check their free annual credit report." No. What if you checked it two months ago? You're supposed to wait until May of next year to check again? Or PAY to see it now? Ohhhhh no. Certegy needs to pay for that as well. Call them and demand it.

3. Boycott retailers who use Certegy. Or at least, some of them. And let them know exactly why.

4. Use the links to the left to report Certegy's practices to the proper authorities. File a complaint. You have a voice - USE it. I'm just one chick sitting at a computer calling it like I see it. I can't do this alone. But WE can create change if we raise our voices as one.

Tuesday, July 3, 2007

Surprise, Surprise: Data Breach at Certegy

Well, what a surprise. Evidently a Certegy employee stole some 2.3 million customer records and sold them. Oh, but don't you worry - he only sold your credit card and banking information to marketing companies. You'll get some junk mail and that's about it. No need to worry about identity theft. If you're an idiot, that is.

Monday, June 25, 2007

Certegy's Website - Laugh-Out-Loud "Link Policy"

You may create a hypertext link to the Certegy Inc. homepage ( provided such link does not portray us (or our affiliates or any of our products and services) in a negative, false, misleading, or derogatory manner... Finally, your right to link to our homepage may be revoked at any time by us, for any reason.

Um. No. What a person does on their own website is their own business. Certegy, you may have our financial information by the short hairs, but you're not in charge of the Interwebs. You don't have any say whatsoever in my "right" to link to your page. No permission is needed for a person to link to a publicly accessible web page.

The only possibility of a lawsuit here would be one of libel, and that would fall flat as well. I have not, to my knowledge, posted anything false or misleading. Everything on this site is derived from personal experience, experiences sent to me by others, and information obtained from reliable news sources. If an error or falsehood is found, I encourage people to contact me or comment about it.

Regarding "negative" or "derogatory" remarks, I will say only that this, of course, is a blog. It's common knowledge that blogs are repositories of personal opinions, in this case, mine. If my personal opinion of Certegy is extremely low, I have every right to say so. Welcome to the First Amendment.

Tuesday, June 19, 2007

Harassing Children: Part 2

A while back I posted about how Certegy was harassing a young girl by repeatedly calling her cellphone. It looks like that situation has been resolved.

Her brother writes, "Well, I finally got a hold of a real Certegy person. After entering a fake information, which included three last names, a very fake phone number, and zip code, I was finally transferred to a friendly woman with a southern accent. I asked if they were aware that they were calling a seven-year old for debt collection. She told us that they were calling my sister's number for a Miss/Mrs. McDaniels; and I told her my sister's name was Regan (it is, she didn't ask for any more information). She asked if I knew the person in question. I said no (that's the truth). She said she would update the number as a false phone number, and we shouldn't recieve any more phone calls from Certegy after today; the system would update itself at midnight.
Hopefully this will be the last time I need to deal with Certegy. I know I haven't been as lucky as others. I was all ready to tell my grandma about the whole thing; she works for the Department of Justice/U.S. Attorney's Office in our state. I'm sure she could've offered some legal advice as to what we could do about them. Anyways, I don't know what I would've done without your site and your help. Thank you so much!"

Wednesday, June 6, 2007

They're Harassing CHILDREN now!

Taylor writes, "Hello, I have a question regarding Certegy (obviously). My sister is seven years old, and she has a cell phone (she is diabetic, the cell phone is for her safety; but that is a different subject in itself). Lately, she has been getting voicemails from CPRS (which I have discovered is Certegy) about "important business matters." I am wondering if you have any idea why a seven year old - which no checking account, credit cards, etc. - would be getting calls from CPRS? I have asked her repeatedly if she has given out her number to a sweepstakes or anything else that I wouldn't consider secure. Our parents are in no debt (except for our house), and I just don't see how they got a hold of her number. I find it rather irritating that even a child isn't immune to scams."

Wow. I have no idea. My day job is teaching young children - including diabetic children - so you can imagine how appalled I am at this.

Is the phone a prepaid one, like a Tracfone, or a plan? If it's a plan, is the plan in her name? I also wonder if someone who IS in debt may have accidentally (or purposely!) given your sister's number as their own. Could she even be a victim of identify theft? That's the only thing I can think of. In order to be involved with a debt collection agency, one would have to have debt. In order to have debt, you generally need to give out your name, address, phone number, SSN, etc. etc., which I doubt your sister did. I can't believe that just giving out her phone number to anyone would be enough to get Certegy on her case.

Certegy is notorious for queries about "important business matters." Infuriating, isn't it? They are also notorious for mistakes like this.

If it were me, I would call them right up and demand to know exactly what is going on. Or have your parents do it; that's probably better. I would call them using your sister's cell phone so they don't caller-ID your home phone and give you trouble on that line too. I would just say, "I'm returning your call as requested by the voicemail message." After they tell you what's up, you can decide how to respond. My personal response would be something like, "Are you aware that the person to whom you're referring is seven years old?" You could guilt them out even more by telling them why she has the phone in the first place.

God, stories like this make me so angry!