Archives for posts with tag: Federal Trade Commission

I won’t even begin to list all of the latest hacks of major systems (e.g., Lord & Taylor; PanaraBread’s online ordering system; Delta Airlines).  It seems as if these major breaches are being reported on a daily basis and often months or years after the hacks have been discovered — but corporate responsibility (or irresponsibility) is a topic for another day.

Today I want to share the latest reporting means that the Federal Trade Commission (FTC) and the IRS have developed for consumers. This new online method is important during tax season as well as year round —stolen personal and financial information happens year round and can create tax-related problems beyond tax season.

Tax-related identity theft happens when the thief uses the stolen SSN to file a fraudulent tax return  and get any refund that might be due to the individual.

Report any stolen personal and financial to the IRS using the site.

The Federal Trade Commission (FTC) has just issued some very helpful guidance aimed at helping businesses address data breach issues ( While the guidance is aimed at businesses, it is also very useful for consumers as the video and guide outline the steps the FTC thinks are reasonable ones for businesses.

So consumers should know about the guidance and review it. Why if it’s aimed at businesses? Precisely because it is aimed at businesses. Consumers can educate themselves about what businesses should do if they suspect a data breach. That way, consumers whose data has, or might have, been breached can be knowledgable and pro-active in asking the business the right questions — starting with, “did someone in your organization get, review and then implement the FTC’s guidance?”

The FTC’s guidance is called Data Breach Response: A Guide For Business. The video and written guidance provides concrete and sensible guidance for businesses that might suspect a data breach.  It’s excellent guidance and will help consumers as well as businesses.

The Federal Trade Commission’s (FTC) Division of Consumer & Business Education (Division) pro-actively helps consumers learn about and, hopefully avoid, a variety of scam artists.  Carol Kando-Pineda, Counsel to the Division, has just published a list describing the “top 10 imposter scams” that consumers have reported to the FTC.  While many appear obvious, it is always useful to be refreshed about the scams since they often vary with each version.  The March 2nd article by Ms. Kando-Pineda is titled “The Grate Pretenders” and can be found at:

What are some of the top imposter scams?  The number 1 position is held by scammers impersonating IRS agents.  They call or email consumers, frighten them by saying the consumer owes back taxes or that there’s a problem with the consumer’s tax return.  The goal? Getting the consumer to provide personal and financial information allegedly to pay the owed taxes or correct the return.

Other “top 10″imposter cons include:

  • “You’ve won the prize”: the scammer claims to be from Publishers Clearinghouse. What’s the scam?  The winner only has to pay a processing fee in order to collect the prize;
  • “I’m an official with ….” fill in the government agency.  It could be, for example, a scammer claiming to be from one of the agencies handling health issues.  The scammer says he works for Medicare or in an office administering the Affordable Health Care Act.  The caller threatens the consumer with lost medical benefits unless the consumer provides personal information or fees.

These are just a few of the FTC’s “top 10 imposter scams”.  Ms. Kando-Pineda’s article is well worth taking the time to be reminded about the variety of “imposter scams” that are out there.

Consumers have become accustomed to seeing different icons and seals on company websites.  One of the most reassuring for years has been the TRUSTe seal.  Why?  Because companies displaying that seal did so after having their privacy practices verified according to the TRUSTe requirements about transparency and other requirements.  The latter include the company’s assertions about the options consumers will have about how their personal information will be collected and used.

Now consumers are learning that TRUSTe’s assertions about its own practices have been lacking for years.  TRUSTe has just entered into a settlement with the Federal Trade Commission (FTC).  The FTC had filed a complaint against TRUSTe because of two of its practices that were alleged to be false, misleading and, therefore, deceptive to consumers.

What were these practices? As Lesley Fair wrote in an FTC blog, TRUSTe claimed that companies wanting to display its “Certified Privacy Seal” underwent recertification reviews to reconfirm their privacy practices.  Plus, TRUSTe claimed that it was an independent non-profit, thus making its certifications even more objective (; “The FTCs TRUSTe case: when seals help seal the deal”; November 17th).

Neither was true.  As Ms. Fair writes, the FTC found that TRUSTe hadn’t done recertifications of over 1,000 incidences between 2006 and 2013.  Moreover, TRUSTe became a for profit company in 2008 yet continued carrying the misrepresentation that it was a non-profit entity on recertified websites.

This is sobering news for consumers who often don’t have the time and/or means to undertake their own verifications of a website’s privacy practices.  So can consumers continue trusting the TRUSTe seal and/or other similar seals?  Maybe, but with much more caution and with less absolute trust.


This is another “if it sounds too good to be true it just might not be” cautionary tale.  Snapchat seemed like an ideal way to send photos to friends while making sure those photos would not last forever.  The promise was that people using their app could send photos that would appear for up to 10 seconds on the recipients’ smartphones and then go poof!

That promise was not accurate as workarounds were found  that included the ability to simply take a screenshot of the photo.  Moreover, in its privacy policy, Snapchat claimed that it didn’t track or access consumers’  personal data.  The Federal Trade Commission (FTC) learned that those claims were false and deceptive because Snapchat was doing exactly that.  It transmitted geolocation information from users of its Android app and also collected iOS users’ contacts information from their address books without alerting users that Snapchat would be doing so and without first getting their consent.

The FTC announced the settlement on May 8th (; “Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False”).  Snapchat will be monitored for 20 years by the FTC to make sure it no longer makes false and/or deceptive claims to consumers about its privacy and security measures.  Additional details about the settlement can be found in the FTC announcement.

Consumers who’ve used Snapchat will want to read the FTC’s announcement to learn what  personal information Snapchat might already have sent about, or collected from, them.  Consumers considering using Snapchat will want to read the announcement to learn about the reality of the app.


The Federal Trade Commission (FTC) is responsible for administering the Children’s Online Privacy Protection Rule (COPPA Rule).   The COPPA Rule imposes privacy requirements on operators of commercial websites and online services that are directed to children under the age of 13, or general audience websites and online services that knowingly collect personal information from children under the age of 13.  These requirements include posting comprehensive privacy policies on their respective sites, notifying parents about their information practices and getting parental consent before collecting, using or disclosing any personal information from children under the age of 13.

The COPPA Rule also has a “safe harbor” provision whose purpose is encouraging increased industry self-regulation in the area of protecting children’s privacy online.  Using the “safe harbor” provision, industry groups and commercial website operators can ask the FTC to approve self-regulatory guidelines that implement the above-described COPPA Rule protections.

The Internet Keep Safe Coalition (iKeepSafe) has submitted a proposal to the FTC  for a program to be evaluated under the “safe harbor” provision.  The FTC will be publishing a Federal Register notice very soon to seek public comment on their proposal.  The key issues on which the FTC has said it seeks public comments are whether the iKeepSafe proposed program has protections that are the same or greater than called for in the COPPA Rule; whether it has effective mechanisms for assessing website and online service operations compliance; whether the incentives for operators’ compliance with the guidelines are effective; and whether it provides adequate means for addressing and resolving consumer complaints.

The comment period will be open until April 21st.  I encourage people interested in, and concerned about, children’s online privacy to take a look at the iKeepSafe proposal and submit any comments or concerns you might have.

The Target breach is still being investigated but it does appear that the attack was done via malware that got into Target’s “point-of-sale” system.  That was the latest update in a statement issued by Target CEO Gregg Steinhafel and as reported by Tracy Kitten (; “Target: Breach Caused by Malware”).  All Mr. Steinhafel is saying, at this time, is that Target is working with the Secret Service and the Justice Department on this investigation.

Consumers who used debit cards at Target from November 27th through December 15th (the duration of the hacking) do have legal protection against unauthorized uses of their debit cards.  But consumers need to act very fast in order to avail themselves of the protections afforded under the Electronic Fund Transfer Act (EFTA)  

An excellent discussion of the EFTA‘s coverage can be found on the Federal Trade Commission’s (FTC) website (www.consumer.ftc/gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards; “Lost or Stolen Credit, ATM, and Debit Cards”).

As outlined in the FTC article, under the EFTA if someone makes unauthorized transactions with a consumer’s debit card, but that card was not lost, then the consumer will not be liable for those transactions as long as the consumer has reported those unauthorized transactions within 60 days of receiving her debit card statement.

The article also outlines the EFTA’s additional protections for a lost or stolen debit card; those liability limitations depend on whether the card is reported lost or stolen before or after someone uses it.  For example, the consumer is not responsible for any unauthorized uses if she reports it missing before the card’s been used.  If someone has already made unauthorized transactions using the consumer’s card, then her liability depends on how quickly she reports that the card’s been lost or stolen; specific time requirements with their associated liability limits are outlined in the FTC article.

As I’ve previously urged, consumers who used their debit cards at Target need to be very pro-active in contacting their issuing institution in order to protect themselves and get the EFTA liability protections.

I’ve written before about thieves and scammers who take advantage of disasters for their own gain.  These vile scams are not new and are repeated in slight variations with each disaster.

The Federal Trade Commission (FTC) has issued a new warning to consumers about the scams that are happening following the Moore, Oklahoma tornado disaster (; “FTC Warns Consumers: Charity Scams Often Follow Disaster”).

The FTC article repeats prior warnings that the scams are sent in multiple forms, e.g., emails, regular mail, phone calls, in person solicitations, on websites or social networking sites.  The good advice for consumers is the same: protect your private information!  Do not give out personal or financial information (e.g., credit card and bank account numbers) until and unless you’ve confirmed that the charity is a legitimate one.

In addition, the FTC article provides links to other resources consumers can use to check whether a charity is reputable as well as how much the charity spends on administrative costs.  The resources cited are the following:

  • Better Business Bureau’s “Wise Giving Alliance” (;
  • Charity Navigator (;
  • Charity Watch (charity;
  • Guidestar (; and
  • National Association of State Charity Officials: This is a way to find out information about a charity within a specific State.

People want to help disaster victims but scammers know that.  Consumers need to check out charities so the scammers don’t get the windfall of personal and financial information as well as contributions that were intended for the disaster victims.

I’ve written before about the range of excellent consumer tools produced by the Federal Trade Commission (FTC) to help consumers fight and fix identity theft problems (June 29, 2012; “Fighting and Fixing Identity Theft: FTC’s Helpful Consumer Tools”).  I’ve just learned about another new FTC resource that I want to tell you about.

The FTC has produced a short (about 5 minutes) video titled “Helping Victims of Identity Theft.”  I watched the video and it provides:

  • an excellent summary of the ways someone might learn that he or she’s become an identity theft victim;
  • a review of the identity theft materials and other resources available for consumers ;
  • a description of the pro bono legal guide (“Guide for Assisting Identity Theft Victims”) that can be used by legal services attorneys, social workers and other advocates; and
  • a discussion by an attorney for the AARP Legal Counsel for the Elderly about their success in using the FTC’s pro bono guide.

The video is a quick and handy overview for anyone who wants to learn more about identity theft.  The video can be found at:

I encourage you to look at the video and learn more about these excellent FTC resources.  I hope you, or someone you know, never needs these resources.  Having said that, it’s worthwhile to be informed about what you can, and must do, if you, or someone you know, becomes an identity theft victim.

We all know the adage “if it’s too good to be true, it probably is”.  The “free” gift card scams fall right into that category.  These scams aren’t new but just keep appearing in slightly different variations.  I previously wrote about this very type of scam (see, “Look this “Gift Horse” In the Mouth: Latest Gift Card Scam!”; August 1, 2012).

The Federal Trade Commission (FTC) is very serious about fighting scams aimed at consumers. So it was no surprise, but was most welcome news, to read that the FTC has just filed 8 different complaints against 29 defendants in U.S. District Courts around the country . These defendants are alleged to have engaged in multiple “free” gift card online scams (see, “FTC Cracks Down on Senders of Spam Text Messages Promoting “Free” Gift Cards”;

How did this scam work?  The  defendant-senders allegedly sent out more than 180 million unwanted and unrequested spam text messages to consumers.  The spam messages tried to steer consumers to deceptive websites that contained the false promise of “free” gift cards.  As with other similar “free” gift card scams, the promise was that the cards were for such major retailers as Target, Wal-Mart and Best Buy.

Consumers who clicked on the links were sent to other pages where they were instructed about the prerequisite steps before they could get the “free” gift card. Some of the links required consumers to provide sensitive personal information including health information; some instructed consumers to apply for credit; and others instructed consumers to subscribe to services.  Some of the sites required home addresses so the “free” gift card could be shipped to the consumer.

So what did anyone get from providing any or all of this personal information or opening new lines of credit?  Their personal information was sold to 3rd parties for marketing purposes.

There’s no guarantee, of course, that the FTC’s complaints will stop all of the “free” gift scams.  But these are important and robust actions that send the right message.