We often consider debit cards a convenient alternative to their look-alike payment tool, the credit card. What many of us fail to remember is that the theft of debit card resources, robs us of our own money and not the bank’s money. Fortunately, there are protections and guidelines in place for victims of debit card scams, but the key lies in understanding the extent of our responsibility for reporting a problem.

Although most debit card issuers offer a brief grace period for reporting a lost, stolen or compromised card, we have specific obligations to our bank that could mean the difference between the protection or the loss of our assets.

According to Bankrate.com, not all debit card issuers play by the same rules:

“Federal law limits personal liability for unauthorized transactions to $50 for credit cards, but offers more limited fraud protection for debit cards. How to protect yourself: Find out if your bank offers theft and fraud protection. Get specific. Under what circumstances is it honored? How do you have to use the card? Whats your timetable for reporting the loss?”

Since each  financial institution varies, you need to know the following for any debit card you carry:

1. What are the specific written rules for my card? Get the rules in writing from your card issuer.

2. Lost, stolen or compromised cards require different time-sensitive responses from you. Get it in writing from your card issuer.

3. Failure to report a problem could result in the loss of all your money. Monitor your debit-card account at least monthly for any irregularities and promptly report them.

The rules above all point to you “promptly reporting” any concerns, though the definition of “prompt” varies. Again, get it in writing.

Jay Foley at the Identity Theft Resource Center reminds consumers to file a police report in the event of a suspicious transaction, which helps document the facts of  your case
for reimbursement with the bank.

By simply keeping a watchful eye on your card’s balances and activity no less than monthly, you can drift off to sleep at night without fear that someone might steal those sheep you’ve already counted.

Consumers got a wake up call on two fronts with the disclosure of the massive Epsilon Interactive data breach last week.

Our  first wake up call stems from the sheer length of the  list of companies who utilize Epsilon’s email  service to reach their customers.

The second wake up call is the reality that so many trusted brands outsource our names and email addresses to a third party  email service provider (ESP)  who has now been exposed as functionally incapable of protecting the  private personal data that was entrusted to them.

The truth is that there is nothing you or I can do to prevent these leaks when the repository for our data is in the hands of other people.

According to the consumer advocacy group Cauce, the following  financial institutions were affected by the breach:

• Ameriprise Financial
• Barclays Bank of Delaware
• Capital One
• CITI
• JP Morgan Chase
• Moneygram
• Scottrade
• TD Ameritrade
• TIAA-CREF
• U.S. Bank
• World Financial Network National Bank (Victoria’s Secret card)

The CAUCE report went on to explain:

“As well, these marketing and retail companies have reportedly had their client email, names and in some cases, other information stolen”:

1. 1800Flowers.com
2. AbeBooks (division of Amazon)
3. Airmiles
4. Beachbody
5. Benefit Cosmetics
6. Best Buy
7. Best Buy Canada Reward Zone
8. Brookstone
9. City Market
10. CollegeBoard
11. Dillons
12. Disney Destinations
13. Eileen Fisher
14. Ethan Allen
15. Food 4 Less
16. Fred Meyer
17. Fry’s
18. Hilton HHonors
19. Home Shopping Network
20. Jay C
21. King Soopers
22. Krogers
23. Lacoste
24. L.L. Bean credit card
25. Marks and Spencer
26. Marriott Rewards (Update: Marriottt confirmed NO points totals were taken)
27. McKinsey Quarterly
28. New York & Company
29. QFC
30. Ralphs
31. Red Roof Inns
32. Ritz-Carlton (Update: Ritz-Carlton confirmed NO points totals were taken)
33. Robert Half
34. Smith’s
35. Soccer.com
36. Target
37. TiVo
38. Verizon
39. Viking River Cruises (unconfirmed)
40. Walgreens (for the second time)

The impact of the Epsilon breach is expected to cause a sharp, severe and extended series of spear phishing attacks. These phishing attacks will  target and exploit the trusting relationship between the victimized brands and their clients.

It is estimated that tens of millions of people’s names and email addresses have been exposed as a result of this breach. In the past three days, our own household has received at least three notifications from worried banks and retailers.

Consumers should brace themselves for what could be a barrage of incoming phishing attempts, disguised as communication from a trusted vendor. Although most savvy internet users are aware of these ploys, now is a good time for a few timely reminders.

• Consumers can report attempted phishing attacks to the U.S. Secret Service by emailing them at: phishing-report@uscert.gov
• Never click on a link in an email, just type the web address into your browser yourself to avoid infectious malware.
• Security expert Brian Krebs reported that over 100  ESP’s (email service providers) have been under attack by fraudsters in recent months. This is an ongoing, sustained effort to grab your information!
• Gmail, Earthlink and Yahoo all provide tools to help fight spam and phishing attacks.

An ancient proverb comes to mind: ” Trust in the gods, but tie up  your camel anyway!”

We all know the premise.  Robin Hood takes from the rich and gives to the poor. Unfortunately, not all thieves are so noble. Please read on.

The Orange County Business Journal and Forbes Magazine blogger Mark Lacter recently reported on a modern story based on the classic tale of a wealthy land owner who falls prey to a dastardly thief.  In this case, the alleged crook  Moundir Kamil, decided to keep $1.4 million in loot for himself after commandeering  a large IRS tax refund check. The wealthy land owner in our modern tale is billionaire California real estate mogul Donald Bren.

According to the Orange County Business Journal:

“News of the bizarre theft went on to get national exposure as questions arose about how a 40-something suspect—who listed his occupation merely as “smoke shop” operator and looks nothing like the 78-year-old Bren—could make off with the identity and money of OC’s most prominent businessman. The refund check Kamil allegedly stole was the result of overpayment of estimated quarterly taxes by Bren. When and how the suspect managed to get the check wasn’t stated in the initial complaint, nor is it mentioned in the government’s updated charges for Kamil.”

Although authorities have not disclosed how Kamil came into posession of the check, it is clear that he was somehow able to pass himself off as the victim. Not only did he deposit the loot into a newly opened bank account, he withdrew most of it before being captured.

Thanks to an eagle-eyed prison guard who recognized surveillance photos of the culprit, the fraudster’s identity was uncovered. It seems that Kamil had previously been caught stealing from the rich.  He is not just a disappointment to Robin Hood fans, worldwide.  The parole board has to be a little embarrased and disappointed to have released a 9 time bank robber back into the general population in Sherwood Forest.

Educated at Brown University and the Yale School of Drama, Pulitzer winner Lynn Nottage was awakened in the early morning hours, to a flurry of alarming phone calls from concerned family and friends.

According to a report in the Brooklyn Eagle:

“Less than an hour before the call, someone hacked into Nottage’s three e-mail and Facebook accounts, sending out a cry for help after allegedly being mugged in a United Kingdom park. The e-mail blast, which said Nottage was writing “with tears in my eyes,” went out to every listserv she was on, totaling thousands of people, Nottage estimated.

This story resonates with me because our family got similar calls this past summer, from someone claiming that our son had been involved in an accident in Europe. The caller pleaded for money to be wired via Western Union.

Because our son had been to Europe just weeks earlier with a concert choir, our family members called us to make sure he was okay.  One particularly loving (but vulnerable) family member actually withdrew a very large sum of cash to wire overseas and thankfully called us prior to sending the money.

Commonly known as the “grandparents scam”, predators depend on friends and family (often grandpa and grandma) to take the bait and send the money immediately. Sadly, many do just that.

One of the more unsettling questions in our family’s case was how did these well organized criminals obtain details about our son’s travels, as well as  his contact information back at home. Scary question eh?

In another case reported by consumeraffairs.com:

Lest any of us fall asleep at the wheel thinking we are already hip to the rather primitive  phishing tactics of the past, this one could easily  catch you in it’s insidious hooks if you don’t read on.

Known as “tabnapping”, this ploy is designed to psych you out with a behind-the-back switcheroo that literally kidnaps  open tabs and catches most savvy observers by surprise. Using an almost invisible layer of embedded JavaScript, here’s how it works.

Brian Krebs explains:

” As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.”

In as little as five seconds, a tabbed page silently and almost invisibly changes to a seemingly familiar page (including the cute little “favicon” in the address bar) which requires you to re-enter your log-in credentials. As soon as you enter your private details,  both you and your personal information  have literally been “had”.

The best defense against this tricky new tactic is to take a time-out. What that means is whenever a site you visit “times-out” , you should take some time-out of your browsing frenzy to open a new tab and re-enter the desired URL yourself.

Most browsers including Safari, Chrome,  Firefox and Internet Explorer claim to be on the lookout for you by blocking tabnapping attack code. Researchers and hackers have both been able to sidestep many of the current blocking protections,  leaving most browsers vulnerable.

Safety dictates that you don’t log in on any tab that you  have not opened yourself. Get into the habit of opening fresh tabs whenever you enter a user-name or password.

If you forget to refresh previously opened and familiar log in pages, one day soon you could literally open up a fresh can of worms.

Nope, guess again.

All three have found themselves  in the middle of complaints about dubious business practices. The behavior in question has recently been investigated by the Federal Trade Commission on behalf of boatloads of victimized consumers.

The scam here,  refers to the practice of sharing or “passing” credit card information over to a third party at the end of a transaction without the knowledge or explicit consent of the buyer.

The retailers deny any wrongdoing.

The practice known as “Data Passing” or “Pre-Acquired Account Marketing” was the subject of a high profile, year-long investigation by the Senate Commerce Committee according to a June 22, 2010 article in the Washington Post.

According to published reports:

“In May 2009, Chairman Rockefeller launched an investigation into a set of controversial e-commerce business practices that have generated high volumes of consumer complaints. Since that time, Commerce Committee staff has been investigating three Connecticut-based direct marketing companies – Affinion, Vertrue, and Webloyalty – as well as the hundreds of online websites and retailers that partner with these three companies to sell club memberships to online shoppers. Although this investigation is not yet complete, it is clear at this point that these three companies use highly aggressive sales tactics to charge millions of American consumers for services the consumers do not want and do not understand they have purchased.”

Bob Sullivan from MSNBC.com  also reported that the problem has triggered an astounding $ 1.4 billion in unauthorized charges onto the credit card bills of  30 million Americans.

Senate investigators revealed that this practice was used by over 450 e-commerce websites and retailers. Many of the names on the list are well-known and respected companies who got around existing data-privacy and banking rules by forming partnerships and joint ventures with third parties.

Credit card issuer Visa, has taken a stand and no longer allows merchants to use the so-called “Data-Pass Marketing” on their network.

Despite Visa’s policy and after more than $1 billion dollars in “aggressive and potentially deceptive” sales tactics,  I think it would be fair to complain that the horse is already out of the barn.

The scammers who take advantage of disasters  such as this one by preying upon unsuspecting donors,  are already in full swing.

It has been widely reported now, that criminals have begun setting up fraudulent charities, helplines and websites in an attempt to cash in on the misery and heartache of the Haitian quake survivors.

Reuters is reporting that the FBI and The Bureau of Justice Assistance have already begun warning donors and tracking complaints during this relief effort.

Both the Asian tsunami and Hurricane Katrina shed light on the depths to which con-artists will go in order to steal both money and personal information.

The potential for technology to be used for the good of the Haitian relief effort,  can be seen and safely accessed by texting to one or more legitimate mobile-friendly sites that are now in place.

– Texting HAITI to 90999: The U.S. Department of State’s Web site suggests texting “HAITI” to “90999″ to donate $10 to the American Red Cross to help with relief efforts. The $10 will be charged to your cell phone bill. Or you can go online to organizations like the Red Cross and Mercy Corps to contribute to the disaster relief efforts.

– Texting YELE to 501501: On Twitter, musician Wyclef Jean, a native of Haiti, notes, “Haiti needs your help text YELE to 501501 and $5 dollars will go toward earthquake relief.” Yele Haiti is a grassroots movement Jean has set up to inspire change in Haiti through programs in education, sports, the arts and environment.

We Americans can be a very generous and compassionate people.  The sheer magnitude of the issues facing the world’s poorest countries like Haiti, can and are now being brought to light by the media as well as the ongoing efforts of  well established relief organizations like World Vision and Food For The Poor.

In their hour of need, Haitian earthquake survivors and relief workers must not be held hostage by opportunistic “privacy pirates”.  Shame on those who attempt to re-route essential resources away from the people of Haiti and into their own dark pockets.

* Beware of tax-time ID thieves who create fake IRS websites just for this season.

* Bold fraudsters often “pose” as IRS agents to trick you into revealing personal data.

* The IRS never uses email to initiate contact with taxpayers.

* Any email that promises to deliver refund money should be deleted immediately.

* Taxpayer audit and refund information is always delivered through the U.S. mail.

* Unsolicited IRS contacts sent via email should never be opened or responded to.

* Communication from the IRS can be confirmed by calling (800) 829-1040.

Another common twist is that many unsuspecting taxpayers have received legitimate notifications from the IRS, requesting payment of taxes due on unreported earnings.

This is possible if someone illegally uses your Social Security number to obtain employment. In these cases, an unwitting employer reports the earnings attached to your stolen number and Uncle Sam comes calling for taxes on income you truly never earned!

Protect your Social Security number at all times and at all costs. If you suspect fraud, contact the Social Security Administration  immediately. They can also be reached at (800) 772-1213.

Today was unlike most days when I open my email, yawn and shrug my shoulders. This evening, my KEEN eye caught three names of email senders that I didn’t recognize. That generally means “junk or spam email, but today was different due to the sheer volume and ridiculously (laughable) transparency of these scammers.

These emails were online scams, so phony looking that anyone with “half-a-brain” could spot them a mile away. Three in one day! I had to look in a mirror to make sure the word “sucka” wasn’t pinned to my back.

Not only did the senders promise OUTRAGEOUS sums of money for my help, the spelllinngg was so bad that I actually laughed out loud.

Phishing scams come in many varieties including lottery scams, bill collector scams, fraud investigation scams, employment application scams, overseas bank transfer scams, credit card or banking verification scams and many  others.

According to the Yahoo Security Center:

“If you receive an email (or instant message) from someone you don’t know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don’t be fooled by a site that looks real. It’s easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.”

Unfortunately, the current economic downturn is expected to cause a dramatic increase in the number and frequency of these fraudulent attempts to separate the uninformed from their personal data.

The good news is that these crimes are getting harder and harder to pull off, due to greater consumer awareness and more advanced spam filtering technologies.

Despite the almost comical transparency of the three scams that entered my email box today, the potential for harm and the growing frequency of these annoying ploys is really no laughing matter.