“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.”
– David Brin – American Scientist and Award-Winning Author
“Privacy is not dead, just cumbersome and getting more and more expensive.”
– Christina Kubecka – Digital Security Expert – Led Recovery of the Biggest Hack in History
“Crime has always been a regrettably consistent element of the human experience.”
– Mark Frost – American Screenwriter and Crime Novelist
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
– Benjamin Franklin
A few years ago, a hacker broke into the network for the accounting firm that does our tax preparation. The firm (a very fine accounting firm I might add) learned of the hack when one of their customers found out that another person had filed a fraudulent tax return (claiming thousands in refunds) in their name. When we were informed by our accountant the full impact became very obvious to us. Not only had the miscreant obtained our Social Security numbers and all our personal financial information, they had also gained access to our bank account information. (We utilize direct automatic clearing house (ACH) transactions for paying taxes and receiving refunds.)
We have had our credit card numbers stolen so many times that this process is becoming old hat to us. We report it as soon as we detect it or often the credit card companies detect it before we do. The old cards are disabled and new ones are issued with a different number. We have been very pleased with the speed with which the companies get on these situations and how they minimize the inconvenience to us. But this breach at our accountants was “a cat of a different stripe” as they say. We did the obvious – we rushed down to our bank to close our checking account. (Their service was EXCELLENT, again minimizing our disruption.) And then we went to work on the less obvious. We made filings with the Internal Revenue Service to prevent someone filing false tax returns with our numbers. We also then contacted the three major credit rating agencies in the country – Equifax, Experian and Transunion. We reviewed all the recent data to make certain that our credit rating was not being degraded by someone impersonating us. And we took the extra step of locking access to our records. This is advisable since one of the unpleasant outcomes of this scenario is that a criminal takes out a mortgage, car loan or personal loan in your name and then defaults. Nearly any lender these days accesses the national credit rating companies before extending credit. Of course, if WE want to take out a loan, we have to undo that so that our lender can check us out and then relock it again. We have had to do that a couple of times and I am getting adept at it. There are fees for the original “locking” but the real pain in the butt for all of this is the time and inconvenience that it involves. Without exaggeration I am sure that we spent fifteen to twenty hours trying to straighten things out.
We were just getting over this shock when we got a letter from Experian indicating that THEIR files had been hacked and our financial data, Social Security numbers and tons of other information had been stolen by an unknown criminal or criminals. Facebook is on the hot seat for their privacy policies along with other major tech companies. And along the way we now learn that our Russian friends have attempted to break into our voting records. My reaction was that this MUST stop. We must step up our efforts to insure privacy. I truly believe that our major companies and governments are working at this. Credit card companies go to great lengths to make sure that our transactions are secure. But that doesn’t necessarily make me feel better every time I see somebody in Florida spending $800 on a car rental using my credit card number. We need more stringent regulations. I WANT MORE PRIVACY.
But on the other hand, my recent experience in changing our internet provider makes me see another side to this. Let me tell you, that was an experience. The new company really seemed to want our business UNTIL it came time to sign up. I was advised that among other things they would be reviewing our credit scores from Experian, Equifax and Transunion. I said – “REALLY??!?.” They assured me that this was an iron clad requirement. Because of our experiences described above they could not access our credit history. I told them we had lived in this house for 26 years and that our FICO score was good. They were totally unimpressed and unmoved. So, I reluctantly went online, accessed our Transunion account and unlocked access for a period of two weeks. Problem solved right? Not so fast!
When I called our new provider back to tell them that the credit records were now accessible and we were ready to sign up, our account representative (a very nice lady) said, “Fine! What is your account number?” I said, “We are new customers and don’t have one yet or if we do, we haven’t been told what it is.” This was a problem. She asked if we had already ordered the installation and I said yes. She said that the account number would be on the order confirmation which fortunately I had saved. But when I gave her that number as it was written on the installation order she said, “That is not an account number – account numbers have three more digits than that.” So, I can’t be a customer??? After some hesitation she said the numbers that I gave her were PART of our account number but there were three more digits that she needed to verify. I said, “Well I don’t know what they are but YOU must, since you knew that the digits that I gave you were part of the number”. She said that she DID know but she couldn’t tell me. CATCH 22!!! So I said, “What can I do?” After a period of silence, she said that she really wasn’t supposed to tell me this but there is another number on the installation work order that has the last three digits in it. I said “Excellent, which other number is that?” She said, “I can’t tell you that”. By this time, I was ready to call our original provider back. The problem was that I had already cancelled that service! So, I just started guessing from some of the other identifying numbers on the order form.
There was a time in my life when I would have gone ballistic and demanded to talk with a supervisor and the company president. Instead although it took me three or four guesses, I finally hit on it and we are all set. I went down to the Laundry Room and had a Miller High Life! Did I run into an uncooperative, nasty company representative? Not at all, she was very polite and patient. She persevered though the problem and in the end between the two of us we were able to complete the transaction. I know that she was absolutely doing her job as she has been taught. And the company really DOES want my business. The representative’s training is based on governmental and industry standards that are totally well intended – intended to protect me and people like me. Now I can tell you that after twenty-five minutes on the phone it didn’t necessarily feel that way but I believe this is the truth. We are so protected these days that complying with these regulations is impeding business. I WANT SOME ACCOUNTABILITY FOR WHO IS REQUIRING THIS STUFF.
Most of my blog entries reach a point where everyone wants to ask, “What’s your point?” The IT director where I used to work assured me that I didn’t need to worry if our credit card numbers had been stolen, that was nearly a given. The crooks have so many stolen credit card numbers their challenge is in knowing which ones to use. If you haven’t been hacked yet, you will be. But as maddening and alarming as it is when this happens to us, we shouldn’t overreact. We can’t crawl in a hole and give up our liberties as Benjamin Franklin noted. We can’t let the bad guys win. Our federal, state and local law enforcement agencies are working on this stuff every day. This is a part of doing business for the credit card companies. They plan for it and they build their losses into their fees – which of course WE pay. I hope you never have your Social Security numbers compromised but you should still have a plan for what to do when that happens. In other words, this is life in 2019. We may not like it, but we need to remain calm and carry on as the Brits say.
The discouraging thing in all of this is the amount of expense and disruption these folks introduce into the system. Hacking is NOT a victimless crime. We are ALL victims even if our individual accounts are never breached. If these technical-whiz hackers are so smart why don’t they take one of the jobs that we are so desperately trying to fill these days?!?!? Sadly, there are criminals in our world today, there always has been and there always will be. The victims of their crimes will have to bear the costs as we always have. Today’s criminals are just adjusting to new business systems. The effect to us is that just like shoplifting or bank robbing, the costs are reflected in what we pay for what we buy AND the bureaucratic hoops we need to go through to buy it!!