Log in

PART 3 OF A SERIES: Video Store Policies Can Make ID Theft Easy

7 Feb, 2003 By: Holly J. Wagner

When a security flaw in America Online's e-mail servers exposed 35,000 customers' correspondence and data to potential snoopers late last month, news that an online business was not as secure as believed probably surprised few people.

But while consumers are quick to distrust e-commerce, most feel quite comfortable jotting personal information onto paper forms like credit or video store applications.

That, said Ed Livingston, chief of the Economic Crimes Bureau in the Westchester Count, N.Y., District Attorney's office, is one major security flaw that left a Hollywood Video store in Mount Vernon, N.Y., vulnerable as a center of customer identity theft in a case that yielded more than 2,000 stolen identities.

“Hollywood Video had a habit of requesting Social Security numbers on customer applications. They don't need a Social Security number on the application,” Livingston said. “The stated reason is to track deadbeat customers. But in my opinion, I don't think they are going to rack up so much debt that it justifies risking customer information being stolen.”

Social Security numbers were as good as gold to then-store-manager Ronald A. Darden, who today awaits sentencing after pleading guilty to felony scheme to defraud charges connected with the crime uncovered last July. Several of his alleged accomplices are still awaiting trial.

“He was stealing identities and providing them to other members of the ring who were in turn using the identities to apply for credit online, apply for credit cards and get accounts,” Livingston said. “They were paying a small fee, like $50, to homeowners they had relationships with to receive the stolen merchandise. They would then use the merchandise by selling it on the black market in New York City.”

Darden's accomplices used the information to open online accounts at Gateway Computer and Sony, charged more than $100,000 in purchases to stolen or false identities, then resold the ill-gotten goods to retailers in the Bronx.

“Unfortunately we found out from the press, rather than finding out from authorities,” recalled Hollywood general counsel Eric English. “Even before the New York case, we hired outside experts to review our security. I do think our practices and policies are there to protect this information.”

Though video stores are not uniquely vulnerable to such crimes, Livingston said three features of this business made it easier: requiring Social Security numbers and birth dates from customers, leaving a site manager in sole control of customer records and lax oversight of on-site activities.

“I do believe that we have appropriate responses for each of those,” English said. “I intend to talk with the police officers to better understand whether this is an execution issue or a company issue.”

The chain also contacted ID theft victims after it learned of the crime, English said.

“When people have been victims of this we have worked with them quickly and we have satisfied their concerns about having this happen,” he said. “It's equally important as a company to have information and a swift response team in the event that our system has been breached.”

Livingston has advice for all business owners.

“It's a good business practice to have a series of checks and balances on all phases of your operation,” he said. “In this instance, Hollywood trusted Mr. Darden completely with controlling the store's applications. There was no checking or auditing, no shredding of applications that were expired or needed to be discarded. And he was meeting in the parking lot with members of the ring after hours.”

While no one knows how widespread identity theft is in the video store world, identity theft in general is on the rise.

Consumers' identity theft complaints to the Federal Trade Commission (FTC) doubled in 2002 from 2001, the agency reported. FTC's No. 1 piece of advice for consumers? “Protect your personal information.” Livingston echoed that sentiment, saying, “If a company requests it, I would go elsewhere.”

Identity thieves are sneaky, but there are things store owners can do to help protect themselves and their customers.

“A good store owner is going to look at their own resources and setup,” Livingston said. “There are ways you can minimize the chances of larceny occurring: Put video surveillance cameras in an area where employees can't reach them and don't have access to them. Show up randomly on days off to see how employees are doing. Secure personal information under lock and key.”

And, like much in crime prevention, customer service can be a tool.

“Take your own steps by reaching out to customers, asking if they have had any problems with the store's service or operations,” Livingston advised. “Use customer service to do spot checks.”

It's also important for store owners to be aware of what employees are doing on site.

“Reach out to local police. Ask for night-time patrols. In our case, we had nefarious characters meeting with employees in the parking lot at various hours of the night,” Livingston said. “We need the cooperation of the companies. Too often the companies don't want to deal with the bad press, but it's the companies that can see patterns.”

Add Comment