Uncategorized Archives

The Nevada Attorney General’s Office is issuing a series of daily consumer advisories as part of the 13th Annual National Consumer Protection Week, March 6 to 12, 2011.

Las Vegas- Consumers should be aware that criminals can steal your credit card, debit card, passport and other valuable information without even touching your wallet or purse. This crime is referred to as “electronic pickpocketing”. The technology used to perform this type of theft is called radio frequency identification or “RFID”.

Hundreds of millions of credit cards, debit cards and all passports issued since 2006 are embedded with a radio frequency identification chip—or RFID. RFID chips are also commonly used in hotel keys, cards that raise gates in parking garages and unlock doors at businesses. Government, military and port of entry ID cards are also vulnerable to this type of theft. You need only swipe the card in front of a reader. The RFID chip is always on, making consumers more susceptible to identity theft.

Thieves can steal this information by using a frequency reader. These readers are inexpensive and easy to obtain. The thief can simply walk next to you and acquire your credit card number and expiration date without any physical contact. While these cards are in your wallet or purse they can transmit your card or passport number and in some states, your digital drivers’ license information when placed near a reader. The information almost immediately appears on a computer screen without you ever knowing about it. Apparently U.S. passports are more difficult to read than cards with RFID chips because they require a password. However, hackers with enough knowledge can see everything on the passport’s front page. A thief can be long gone before the consumer ever realizes his information has been stolen. This is “electronic pickpocketing”.

The credit card industry and the U.S. Department of State use RFID chip technology because it holds more data than magnetic strips and can be read quicker. However, the convenience can also put consumers at risk of having their information stolen. For instance, instead of swiping these cards, they can simply be tapped or passed by a sensor/reader to complete the transaction. This makes paying faster and easier. It is reported that scanned information transferred onto hotel keys has also been read and used to make purchases.

It is important for consumers to protect themselves from this type of identity theft. While the makers of RFID cards say they are safe, consumers need to learn how to prevent this electronic theft from occurring. You can tell if your credit or debit card has the RFID chip by the four wavy lines on the front or some other symbol that indicates they transmit. If your debit card has an RFID chip, most banks are happy to exchange it for a card without the RFID chip. If you have credit cards or a drivers’ license with the RFID chip, contact the issuer to provide a secure sleeve and keep your card inside the sleeve at all times when you are not using it. Other forms of protection are to place the cards in protective sleeves often made of foil or possibly even tin foil or special badge holders that prevent RFID cards from being read unknowingly.

If you would like further information, please call the Attorney General’s Office in Las Vegas at (702) 486-3420 or in Carson City at (7750 684-1180. Consumer protection information can also be found on the Attorney General’s website at www.ag.state.nv.us, the Nevada Fight Fraud website at www.fightfaud.gov, and at the Federal Trade Commission website at www.ftc.gov.

Ski Pass Defender offers an entire line of RFID Blocking products to protect you and your family for becoming a victim to Electronic Pickpocketing.

The “Database You”

In addition to my 22 years in the ski industry, the past 6 years I have made a career in personal Identity Theft protection and corporate ID Theft risk mitigation.  In the past few years we have seen a dramatic increase of corporate initiatives which utilize personal usage tracking and social media integration, and we find this to be alarming.

We have found that ID protection begins with a company focus of helping customer/consumer/user educate themselves to the risks. With proper user awareness initiatives incorporating RFID, social media, and customer usage can be a relatively safe, fun, and useful. Unfortunately marketing programs such as “Broomfield Resort’s” Epicmix creates serious concerns, and their reckless promotion of the program is what we find alarming. We don’t believe that the these companies can or should police themselves.

The purpose of this post is to let you know about the “Database You”, and how it has been created without your knowledge or permission.  Before I expand on the topic, be aware of the language spewed from PR departments to make you overlook the obvious.

Here are a few notable Privacy Breaches:

CBS News resports on Facebook –

General Breach

sexual orientation

December 31, 2011 Summit Daily Article –

Epicmix has users wanting more

In the case of Epicmix and your usage tracking, rather than informing its users of safe online practices, VR’s company policy has been to tell the users that there are “no privacy concerns”. The are mostly likely referencing their data handling policies and having them fall within their “Privacy Policy”. This stance is disingenuous at the very least as it is self-serving for the corporation which permits open usage data sharing with its partners. It is potentially damaging to the end user as data aggregation services using “public” and “user-shared” data continue to proliferate. When a user submits their “accomplishments” on social media sites such as Facebook and Twitter the data is now in the public domain ready to be data-mined. And as this “Public” information is merged with “private” database information which can be acquired through “affiliate or partner” agreements, comprehensive Heuristic Models are created and used by companies which maintain these models. Perhaps you are aware of this, and you are “OK” with it. And that is fine. But if you are not good with this, then you can email VR – comments@vailresorts.com and ask NOT to have your data shared with their Partners.

Your data is out there. It happens globally.

You may not have heard of:    The Database You – 2006 Database you.ppt

You may download and keep the “Database You” attachment. I created these slides in 2006 for presentation around the US. Since that time we have seen the advent of Facebook and other social media sites in which an incredible amount of information is freely given, this has filled in the blanks for the database of “YOU”.

For a simple example of the Database You, go to www.Spokeo.com a new online USA phone book w/personal info: pics you’ve posted on FB or web, your approx credit score, home value, income, age, etc. You can remove yourself! Search for yourself on their site (don’t buy the access) , copy that URL of your page,and then go to the bottom of the page and click on the PRIVACY button to remove yourself. Copy & repost so your friends are aware. Also, for a more comprehensive list of these Online Data Brokers, you may visit the Privacy Rights Clearinghouse for more information.

Spokeo.com is only one of more than a hundred public sites which do this type of data aggregation. Private databases are even more numerous and comprehensive. The fact is the more information that is out on the web and stored in servers, the more your personal data and privacy is at risk. It is not just about how many vertical feet your skied or how many days you skied. And if you want to track it, fine. But be informed about the pitfalls of freely providing the your specific information and habits.

Your information CAN and WILL be used against you in some form. e.g. Increase in health insurance rates for the top Vertical feet “winners” on Epicmix by rewarding their “risky behavior”. User specific “Spear-phishing” emails sent to you from “friend look-a-likes” which can contain many types of malware. Or becoming a target of a theft ring, by posting something like “I can’t wait to take the entire family to Vail for the weekend”.

SPEAR-PHISHING –

The more specific information you give, the easier it is to create a method someone else profiting from you. Beware of being one of the Sheep. Protect your data where you can, and take it upon yourself to become educated. Because “Broomfield Resorts” and many of the corporations have their best interests in mind, not yours. We use SkiPassDefender to limit the amount of usage data we provide, and to shield our unique pass information. It is simple to use, and still allows the user to fully use Epicmix or a similar program like it, if YOU choose to do so.

With regard to taking time by trying to protect your information by shielding RFID passes, Breckenridge spokeswoman Kristen Petitt says there is little point.

“We’ve been tracking people and collecting information about them anyway for years,” she said with a wry smile. “With EpicMix, we just finally let you see that information.”

Jonathan Lawson has been an expert in the field of Identity Theft Risk Management since 2005.  Mr. Lawson has held dozens of education seminars for minors, adults, and seniors regarding identity theft and risk mitigation. Breckenridge Instructor since 1993, and former Keystone Golf Professional. Staff Trainer Vail Resorts until 2010.