Buyer Beware

In our monthly catch-up with Morris J. Schlaf, of Sacco & Fillas, LLP, we wanted to remind readers about the threat of online hackers and fraud. Cyber Monday will kick off the busiest shopping season of the year, and it will be a hotbed for cyber fraud. Morris addresses ways that we can keep our accounts and identity safe.

GMA: Cyber Monday, the biggest shopping day of the year, is fast approaching. How can shoppers legally protect themselves from online hackers?

MS: There are several things everyone should do before shopping online. First, if possible, use a credit card with adequate fraud protection. Another tip that you should implement is to ensure that you do not reuse any passwords, especially not the password for your e-mail account or one that you use for banking. There are a number of password managers available which allow you to securely store your randomly generated passwords (just be sure to memorize your master password). Also, remember to be careful when receiving e-mails. Make sure to check the “from” address of incoming e-mails and the address bar of the web browser you are using; if the web address is a string of numbers or doesn’t match the name of the company, steer clear. And finally, make sure that the connection to the site is secure (this is verified by a lock icon in the address bar), as well as avoid using public WIFI when shopping online.

GMA: Is cyber fraud easy to track and prove?

MS: Unfortunately, not. In most cases, cyber fraudsters will connect through multiple proxy servers and encrypted networks to cover their tracks. In most cases, you should be able to dispute an unauthorized purchase with your credit card provider, but you would not likely be able to track down the perpetrator.

GMA: Once your identity is stolen through online fraud, what are the legal challenges people face in recovering their identity?

MS: Victims of identity theft often face lawsuits regarding debts that were incurred in the victim’s name. The victim has to bear the burden of defending against the lawsuit and showing that the debt was incurred as a result of identity theft. There can be multiple debts and multiple lawsuits. In addition, fraudulently incurred debts are posted to a victim’s credit report, adversely affecting their ability to borrow money or rent an apartment until the fraudulent debts are removed. While the three credit reporting agencies (Equifax, Experian, and TransUnion) each have a straightforward procedure for resolving disputes, they often do only a cursory review, and the debt is deemed valid as it reflects the creditor’s records. To prevent being a victim of identity theft, it’s a good idea to request your credit reports from each of the three services at annualcreditreport.com. This is a free service required to be provided by the federal government. If you are concerned about being a victim of identity theft, you can request a security freeze from each of the three reporting agencies in order to prevent third parties from accessing your credit.

GMA: If a company’s online security system has been the target of a cyber attack, are they legally bound to inform their customers and take measures to address and protect them from any damages?

MS: In the United States, there is no federal law concerning what a company is supposed to do in
the event its data is breached unless that company is concerned with health care information. However, there are laws in 47 states (including New York) that require companies to disclose data breaches that are known to have occurred and what information was compromised. Beyond that, a company is not likely to be liable to consumers if a data breach has occurred. The Federal Trade Commission (FTC) has found that companies are required to maintain reasonable security standards; however, where they do maintain such standards, and a breach occurs regardless, they might not be held liable for the breach.

31-19 Newtown Avenue (Seventh Floor) | 718-ASTORIA | saccofillas.com