forensic accounting services, llc

A student of mine shared a story that opened my eyes to the risks of posting too much detail within a Facebook account.

The posts on their wall discussed the medical issues of their parent, along with health updates.  A recent post mentioned having to run out and refill prescriptions.  The next day their mail had been stolen, ransacked and only the envelopes that appeared to possibly contain prescriptions had been ripped open.  Thinking back to their posts, anyone reading their Facebook account knew where they lived, that a family member had significant medical issues ongoing, and that they made it easy for someone in search of stealing prescriptions possibly received by mail to track them down.  The latest post even told readers when they would be away for a while.

I am amazed at how open people can become with their posts on sites like Facebook and MySpace, sharing intimate details about their personal lives, and at times articulating their movements, without realizing the details they leave for someone with ill intentions.

It is widely known that employers monitor and review potential candidates’ postings to assist them in their hiring decisions, as do law enforcement agencies to keep tabs on things.  I guess I hadn’t realized until hearing the student’s story that others monitor the postings and activity for other purposes.

Be very careful of the details you leave with anything you do over the Internet.

As I come across things that surprise me, I like to pass them along, especially if I was unaware of the issue, because it could very well mean many folks are unaware of the issue.

I have a portable GPS, my second unit, as my first was stolen from a rental car (subject of an earlier post).  The first thing I did was program my home address so I could easily navigate home from any destination using the button provided.  I never thought about a potential risk I was creating until recently.

Turns out when thieves steal your GPS, they next look for your “Home” address, listed separately or under Favorites.  If the thieves just stole your GPS from your car, they also know you are away from your home, allowing them time to drive to your house (conveniently guided with your GPS unit) and burglarize your house as well.  This could also happen if your unit is permanently mounted in your car if the thieves simply steal your car.  The garage door opener left on the visor in your car is likely how they will gain access to your home.

The best advice I have seen is to replace your actual home address with an address somewhere near your home that you could manage to navigate the rest of your way home without the guidance of your GPS unit.  One suggestion I really liked was to have the “Home” address the local police station, bringing the thieves right to their doors.

I attended a fraud symposium sponsored by one of my state’s largest banks where they referenced their approach on preventing and detecting fraud as a “shared responsibility.”  The bank’s representatives highlighted bank products available to better protect the customer and the bank from instances of fraud, and discussed how in the future account holders would have to decide if they wanted the additional bank products (for a cost), and if not used, then the burden (and cost) of a fraud could shift from the bank to the customer.

Another banking session discussed the customer’s responsibilities to detect fraud and to timely notify the bank of any potential or actual instances of fraud in a timely manner (or run the risk of bearing the cost of the fraud versus the bank).  The “timely” was defined as 30 days for paper statement customers, and as quickly as 24 hours for any electronic or on-line customers.

Well, the shift seems to be happening as described.

In reviewing Bank of America’s electronic agreements today, I noticed written within one of the long detailed legal notice (something I suspect no one ever reads but simply clicks the “accept” button) that if you fail to notify the bank of a potential compromise of the account of user id information within (4) days, and the bank can show the customer should have known of the compromise, the customer will be exposed up to $500.  I saw similar language in my mortgage company during the fall, shifting the burden away from them to protect my account and information.

Here’s an interesting question to raise with your state’s banking commission.  If you go away on a vacation for a period greater than the four day requirement, and while away you have no Internet access (you are one of the lucky ones basking in the sun on the Fiji Islands), how would you be able to monitor your on-line accounts daily to enable you to fulfill the four day requirement.  If your account was compromised on Monday, and you returned on the following Saturday, the first day you had an opportunity to check your account activity, five business days would have passed, and now you could be potentially responsible for the fraudulent activity that occurred between Monday and Saturday (or have to prove to the bank you had no way of knowing).

Seem ludicrous?  You may want to check you bank’s policies.