THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING
Consumer beat

Data-gatherers make their names by knowing ours

Email|Print|Single Page| Text size + By Bruce Mohl
Globe Staff / April 25, 2004

Consumers are repeatedly told to protect their Social Security numbers to guard against identity theft, but few people realize what they're up against: an army of businesses trying to ferret out their numbers and sell them.

Some of these information-gathering companies operate under the radar on the Internet, selling to anyone willing to pay their price. They traffic, often illegally, in everything from Social Security numbers to bank statements to credit reports.

I've highlighted the dangers of these types of companies several times in this column over the last six months, but today I want to focus on reputable information-gathering companies such as LexisNexis Group, Seisint, and ChoicePoint, which traffic in personal information on a vast scale.

These companies gather Social Security numbers and other personal data about Americans and sell that information exclusively to companies that want a quick, easy way of verifying identities. Banks, for example, are required under the Patriot Act to verify the identities of new customers.

LexisNexis, Seisint, and ChoicePoint say they help guard against identity theft by allowing their corporate clients to verify that their customers are who they say they are. The companies say they check out their business clients to make sure they are legitimate and audit them to make sure the information is used properly.

But once password access to an online database is provided to a client, how much control does the information-gathering company really have? At a large company, is it hard to imagine the password being passed around?

"The more available certain information is, the more likely it is to fall into the wrong hands," said Betsy Broder, an assistant director at the Federal Trade Commission's division of planning and information and an agency spokeswoman on identity theft.

Broder said a name, address, birth date, and Social Security number are "more than enough" to steal someone's identity, a crime that, according to a study done last year for the FTC, affected an estimated 10 million people over the course of the previous year and cost businesses and victims $50 billion.

LexisNexis, ChoicePoint, and Seisint all gather their information in similar ways, from public records and national credit bureaus. The credit bureaus supply so-called credit header information, which includes names, current and previous addresses, possible aliases, and Social Security numbers. The credit header does not include financial or credit data.

The law covering the distribution of Social Security numbers and birth dates by information resellers is murky, but some of the companies voluntarily restrict access to the sensitive data.

For example, LexisNexis and ChoicePoint release complete Social Security numbers only to law enforcement and government agencies and a handful of other clients, including banks and collection agencies. For all other clients, the last four digits of Social Security numbers are truncated for privacy reasons.

By contrast, Seisint, through its Accurint subsidiary, appears to sell complete Social Security numbers and birth dates to a much wider client base. In an e-mailed response to written questions, Keith Kuehn, the firm's chief marketing officer, said the Boca Raton, Fla., company complies with all federal and state privacy laws.

"Seisint provides access only to commercial organizations in good standing in their respective industries and for permissible uses," Kuehn said. In addition to law enforcement, government agencies, banks, and collection agencies, Kuehn said clients eligible to receive the information include attorneys and some "general businesses." He said private investigators "have access to certain data, depending upon the permitted use for which the data is going to be used."

The Globe is one of Accurint's general business subscribers. Reporters trying to locate an individual can use a password to access the Accurint website and pull up a person's address, phone number, birth date, and Social Security number.

I inputted my name and came up with a current address, a past address, and a work address. My Social Security number was listed correctly. My age was correct, but my birth date was off by eight days.

It was a simple process to look up similar information for a wide variety of public officials, including Governor Mitt Romney, Boston Mayor Thomas M. Menino, and House Speaker Thomas M. Finneran. It was also easy to get the personal information of a colleague at work.

James E. Lee, the chief marketing officer for ChoicePoint of Alpharetta, Ga., said his company would not give a newspaper or other general business access to complete Social Security numbers.

"We don't believe that under our privacy policy that it's the right thing to do," he said. "The reason we do that is because you have no reason to know a person's Social Security number. If you need it, you can get it from the person himself."

Accurint's policy on releasing Social Security numbers is also less stringent than the current policy of Docusearch Investigations. Docusearch, a private investigative firm also based in Boca Raton, was sued by the mother of Amy Boyer, a New Hampshire woman who was murdered by a former high school classmate in 1999. The former classmate tracked Boyer down using a Social Security number and address information supplied by Docusearch for about $150.

Docusearch settled the suit earlier this year by paying Boyer's mother $85,000. The firms's website now says it won't sell Social Security numbers to the general public. The website says Social Security numbers will be supplied only for "permissible purposes," including official government business or verifiable probes involving identity fraud, fraud, or civil or criminal actions.

The Danbury deception

The Danbury Mint, a purveyor of what it calls "fine collectibles," is using deceptive direct mail solicitations to sell its wares.

The Connecticut firm, which did not return my phone call, is mailing out "invoices" for a Classic Romance Necklace. The invoices seem to indicate the recipient has ordered the necklace yet failed to make the first payment. The envelope even contains a small insert urging the recipient to disregard the invoice if "your payment and this reminder simply crossed in the mail."

It's an old scam. Don't fall for it.

Bruce Mohl can be reached at mohl@globe.com.

© Copyright 2008 Globe Newspaper Company.

more stories like this

  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.