July 18, 2010 06:40 PM UTC

Colorado Secretary of State responds to identity theft questions

•  
• by: DavidThi808

Reply from Rich Coolidge (SoS Office):

David,

First of all, thanks for helping us get the word out on this new criminal activity. As soon as Buescher was alerted to this crime, he met with CBI and the Colorado Bar Association’s business advisory group. The most immediate safeguard was the email notification system. As you know, implementing user names and passwords for 800,000 businesses will take time and resources. We would need to designate an additional call center just to accommodate resetting these user names and passwords. Not to mention, we would somehow need to verify the person on the other end of the phone is authorized to have access to that password and user name. This is more of a long term option that we’ll continue to debate.

This is certainly the challenge to identity theft. Thieves previously were breaking into people’s mailboxes and stealing their mail. Instead of mandating locked mailboxes, educating people about the crime and reminding them to watch their credit reports helped to reduce the number of crimes.

Also, as a registered agent yourself, if someone tries to change your business’s information without authorization, the thief has committed a felony. The email notification will help us track down and prosecute the offender before financial damage is done. This isn’t a crime that can be committed overnight. This information needs to be picked up by credit agencies and other information is needed before a credit application can be completed successfully.

I’m happy to continue to answer any questions you might have related to this issue. Buescher and others are committed to continuing our outreach efforts to alert these business owners to the crime and explaining the immediate safeguard available. Again, thanks for helping us get the word out. Obviously in the future, I’m happy to respond before you publish your diary.

Rich

From the Secretary of State’s Office h/t to Jim Thomas

The criminals manipulate targeted business filing records at the Secretary of State’s office by changing a business’s information in order to imply that they have a legitimate stake in the company. These identity thieves use this maliciously altered information along with other records to apply for lines of credit from major retailers. Before the company’s actual owner or agent realizes what has happened, the business starts to receive calls from debt collectors and suffers damage to its credit report.

So I went to the SoS website, and went to change the registered agent for my company. I went through every step except the final submit and at no time did it request any login from me. As far as I can verify, any company can have it’s corporate info hijacked at any time by anyone on the web.

But not to worry, Bernie Buescher is on the job and has a solution:

Most businesses operating in Colorado must register their names and list a local physical address with the Secretary of State’s online business filing system. This on-line filing system also allows business owners to make changes or corrections to business information and access other functions, including an e-mail notification service. This e-mail notification service provides instant notification of any change to a business’s record. If an unauthorized change is made to a record, this instant e-mail notification will allow a business owner to take quick action to help stop the crime before any real damage is done and provide law enforcement time to act.

“The most effective and simple way for businesses to protect themselves is through these automated email notifications,” Buescher said. “There’s no limit to how many email addresses can be included for each business, so include your attorney, your accountant, your banker, whoever.”

Are you fucking kidding me? Your solution is to allow identity thieves to continue to impersonate companies – but to try and undo it fast enough that it won’t matter. I like Bernie a lot but this is totally brain-dead.

Look, if requiring a login to change company info is beyond the technical skills of the programming talent available to the SoS, then turn the server off. Leaving the door wide open would get any private company sued – and deservedly so.

Second, this is a job killer. If my company ends up having to pay $75,000.00 due to identity theft, we hire one less person this year. One more unemployed is no big deal (except to that one person), but if this happens to a thousand companies, that’s a thousand jobs.

Third, this reinforces the impression many businesses have that the state hates private business. Causing businesses to expend extra effort and helping criminals target them is not a pro-business attitude. (Trust me, it isn’t.)

ps – If you own a business, go here to sign up to be notified when the SoS office has assisted an identity thief to target your company.

Update: ThillyWabbit asked me to include the following from the press release:

Our aim is to shut down all the avenues used as part of this elaborate scheme.”

If the SoS sincerely means that – they can turn off that functionality on their website today. That will take 5 minutes. (If reconfiguring the JSP pages is beyond the ability of your IT staff, call me – I’ll drive down and do it for you.)

 Loading ...