This was the case of a major credit card company selling accounts to another credit card service company without telling their customers of the sale. The customers eventually found out about the sale when they tried to use their credit card and found that the card transaction was declined. Upon contacting the initial credit card company to inquire about why they couldn't use the card, they were told then about the sale of their account. Eventually, they received a letter from the credit card company that bought the accounts, and were told that their old account was closed and that they had to pay the complete balance "upon receipt of this letter," or legal action would be taken against them; as well as, reporting the uncollected debt to all of the credit bureaus. If that wasn't bad enough, the cancelled account holders received a statement from the credit card company that bought the accounts, showing new charges (purchases and cash advances) that the holders of the cards supposedly had made before the accounts were closed. The problem here was that none of the card holders had made any of these charges. Apparently what happened, was that just before the accounts were closed, several customer service representatives within the company that purchased the accounts, decided to run up charges on the credit cards for their own personal use; and, then sold the account numbers and social security numbers to other criminal elements. These criminals used that information to charge up the cards some more, and open up new accounts in the card holders' names through the use of the stolen social security numbers. I really can't comment any further on this case, it is still pending in the courts. But, what I can say is, that more and more credit card companies are selling your accounts to other unscrupulous financial organizations without your knowledge. And, by the time you find out, your identity has already been stolen.

What is the most important thing people can do to protect them from identity theft on the Internet?

You can stop doing business on the Internet as an individual. But, it's really what your ISP can do for you that's most important.

The following are ID Theft prevention methods for ISPs:

1. Limit the access to your customer' information within your organization.

2. Practice due diligence to ensure those who do have access are trustworthy (background checks).

3. Make sure your online transaction forms are as secure as you can make them.

4. Have one member of your staff, your Privacy Officer, responsible for your customer's data.

5. Educate your customers to the possible dangers of giving out personal information and make sure your staff is ready to help in the event they are victims of such an attack.

6. Know the law. When the Feds come knocking, it will be helpful for you to know exactly what to give them and why.


In your opinion, what should a bank do if they realize one of their customers has become a victim of identity theft?

Banking organizations should provide their customers with information about how to prevent identity theft and necessary steps to take in the event a customer becomes a victim of identity theft. An excellent source of information for consumers is the Federal Trade Commission's website.

Banking organizations should also assist their customers who are victims of identity theft and fraud by having trained personnel to respond to customer inquiries, by determining whether an account should be closed immediately after a report of unauthorized use, and by prompt issuance of new checks or new credit, debit or ATM cards. If a customer has multiple accounts with the institution, it should assess whether any other account has been the subject of potential fraud.

What are your plans for the future? Any exciting new projects?