Friday, July 27, 2007

Certegy: "Sorry - did we say it was 2.3 million records stolen?"

Unsurprisingly, the number has mysteriously risen to 8.5 million. Eight million, five hundred thousand: that's how many people have had their personal information stolen from a company whom they most likely hadn't authorized to even have that information to begin with.

Wednesday, July 18, 2007

What is wrong with people?

Some commenters here have suggested that it is the consumer's fault their data was stolen because, after all, they shouldn't be using checks in the first place. I find it difficult to think of a more ridiculous justification. It reminds me of what domestic abusers say - "If she didn't provoke me, I wouldn't have to hit her." Perhaps it's also my own fault if my vehicle is stolen, because, why have a car? Nonsense.

I've said it before and I'll say it again: that other people have committed fraud or had overdrawn accounts is not my problem. The ONLY factors that matter in a check transaction are the correct identity of the check writer, the legitimacy of the physical paper check, and the presence of sufficient funds in the account. This is plainly inarguable. All of these are easily verified by a number of means. And as long as the paper check is legal tender, people have the right to expect a legitimate check to be accepted by a business that still takes them.

Another commenter suggests that this isn't Certegy's fault, really, because they're going after the person who did it and come on, no employee screening is going to be foolproof. I understand that a large corporation can't control every movement of its employees. I get that, I really do. It's just not the point. What angers a lot of people is not that the data was stolen, but that the data was there to be stolen in the first place! Certegy does not need to be keeping decades-old records on millions of people. Even a bankruptcy comes off a credit report after seven years, but Certegy has records on people who haven't written a check in fifteen or more years. They even have credit card numbers, which makes little sense if their job is about checking accounts. What's more - and by their own admission - they frequently don't even use that information to verify checks. Instead they use silly "risk calculations."

Finally, on lawsuits: I say, go for it. Every single person who has had their information compromised deserves to be compensated. I believe that's the case any time there is data theft, but it's especially true in this case as many people never gave consent for Certegy to have any sort of "account" on them to begin with. In a way, there were two data thefts here.

Friday, July 13, 2007

Thousands Learn: Their Personal Data Has Been Stolen

I came home from work two days ago and had a letter from this company called Certegy. (I had never heard of them before) I opened it, assuming it was your ordinary "junk" mail, that is until I saw my personal information on the top of the letter. The letter contained my full name, address, phone number, Social Security Number, & my Bank account numbers. So, I preceeded to read the two page letter. It was a letter sent to me to tell me that an employee of theirs had stolen ALL of my personal info!!! It stated that he had bank account numbers & everything!! It also stated that the employee was fired!! A lot of good that does me ~ he has all my info!!!!

The emails are rolling in now. This is how it works: John Doe gets a letter from Certegy telling him that all of his personal information has been stolen. But don't worry, the letter says, we fired the guy. Poor John has never even heard of Certegy. "Why would they even have my information in the first place?" he wonders.

Odds are you found this site because you recently got just such a letter. In brief, Certegy is a financial company that has a file on you if you've ever written a check to any of these retailers, or gotten cash at a casino. It doesn't matter if it was last week or fifteen years ago - they've got your info. They "verify" check transactions. By "verify," I don't mean they make sure the account has enough money to cover the check. No, that would be too easy. Rather, they use "algorithms" to "determine the risk level" of a given check, and can accept or deny your check based on them. Unfortunately for you and me, no one really knows just what criteria are used to make these determinations. It seems clear that those criteria are faulty, given how many decent responsible people have had checks denied. It's almost as if Certegy's system is simply a random one - they deny just because they feel like it.

Certegy has come up with some "helpful suggestions" for those who have had their data stolen. (Check them out but know that, breaking common web protocol, they're all in unmarked PDF files. Morons.) I'm sure you're thrilled to know that they've filed a civil complaint against the employee that did this. I'll bet a happy little smile will play across your face while you're on hold with your bank's manager, as you think of that naughty high-level executive sitting nervously in his multi-million dollar mansion awaiting a sentence which will probably later be reduced by an equally high-level Republican judge.

My favorite gem from Certegy's Q&A is this one: "Certegy has implemented a fraud watch on its internal systems for those checking accounts that are implicated." Jesus H. Christ. If you've never had dealings with this company before, you should know that their "fraud watch" methods are ALREADY a well-known joke. A common example is the person who tries to write more than one check to the same store within a week's time. The second check gets denied because Certegy thinks it "might be fraud." That's about the extent of their "fraud watch."

Anyway, thus far I myself have not yet gotten the dreaded letter. People have been writing asking for help and advice. Here are my thoughts on what people should do as a next step.

1. If it were me, I'd close my accounts and set up new ones. That is a very time-consuming and irritating prospect, but it's the best way to protect yourself. BUT - when you do this, log each and every minute it takes. Also, record ALL fees or expenses involved. If you have to drive ten miles and back to your bank to switch accounts, write down how much gas you used and calculate its cost. Using whatever your hourly rate is for your day job, figure out how many dollars worth of time you lose doing these tasks.

The idea here is that you are drawing up a bill for Certegy. They are responsible for this, and you have a right to demand compensation for their carelessness. So send them this detailed bill and let them know you will not tolerate this kind of error.

Remember that you never authorized Certegy to have an "account" or file on you in the first place. Did you sign a paper saying they could retain that data? Nope. Did they give you a disclaimer or information on how the data will be used? Nope. They are NOT a credit bureau and they have no business keeping records as if they were!

2. Certegy is encouraging customers to "check their free annual credit report." No. What if you checked it two months ago? You're supposed to wait until May of next year to check again? Or PAY to see it now? Ohhhhh no. Certegy needs to pay for that as well. Call them and demand it.

3. Boycott retailers who use Certegy. Or at least, some of them. And let them know exactly why.

4. Use the links to the left to report Certegy's practices to the proper authorities. File a complaint. You have a voice - USE it. I'm just one chick sitting at a computer calling it like I see it. I can't do this alone. But WE can create change if we raise our voices as one.

Tuesday, July 3, 2007

Surprise, Surprise: Data Breach at Certegy

Well, what a surprise. Evidently a Certegy employee stole some 2.3 million customer records and sold them. Oh, but don't you worry - he only sold your credit card and banking information to marketing companies. You'll get some junk mail and that's about it. No need to worry about identity theft. If you're an idiot, that is.