How To Buy Bitcoin At 26% Off The Regular Price

Here’s a scorecard on eight ways to own crypto. The most intriguing: a low-cost coin trust available at a nice discount.

Are you interested in virtual currency, now trading at half the price it had last fall? Shop around. Among the many ways to get a piece of the action, there are wide differences in ownership costs. My favorite: a somewhat obscure bitcoin trust to be found in Fairfield, Connecticut.

There are pros and cons to every means of getting cryptocurrency exposure, including the little outfit in Fairfield. This survey covers eight bitcoin bets in descending order of my views on their desirability. You may have a different ranking, especially if you are speculating on a quick turnaround.

#1. Osprey Bitcoin Trust

This quasi-fund (ticker: OBTC), created a little over a year ago, is a knockoff of the much better-known Grayscale Bitcoin Trust. Both trusts are closed-end, in that investors have no right to redeem shares in return for cash or underlying assets.

Osprey is a lot more cost-efficient, with an annual expense ratio of 0.8% versus Grayscale’s 2%. These expense figures incorporate both portfolio management and custody costs.

The trusts trade at discounts to the value of the bitcoins they hold: recently 26% at Osprey, 28% at Grayscale. With either, you are making a bet both on crypto and on that discount. If the discount widens, you’re worse off than you would have been with a coin purchase. If it narrows, you have a windfall.

What might widen the discounts: a continued fall in crypto prices. Bear markets have a way of doing double damage to closed-ends, depressing their share prices even faster than prices decline on the assets they hold. That’s been true of stock funds since the Great Depression and it’s likely to be true of crypto trusts.

It’s happening right now. A 12% fall in bitcoin between Friday afternoon on May 6 and Monday afternoon precipitated a 16% fall in Grayscale’s price.

But the discounts might go away. That would happen if the Securities & Exchange Commission permits exchange-traded funds to hold virtual currencies. Both Grayscale and Osprey have vowed to convert their closed-end trusts to ETFs as soon as such things are allowed.

The ETF structure allows market makers to cash in unwanted fund shares (or buy new shares when shares are sought after) via a swap for underlying assets. That sets up an arbitrage that keeps an ETF’s price close to the fund’s net asset value.

So far the agency has rejected every application for a coin ETF, although last year it did green-light an ETF that holds bitcoin futures contracts. Why the distinction? The futures trade on the heavily regulated Chicago Mercantile Exchange, while coins trade in somewhat murkier venues.

A bearish view of coin trusts comes from Tyler Odean, publisher of Something Interesting, an insightful Substack newsletter on crypto. “The time horizon [for an SEC approval] is long,” he says. “Between now and then the discount is likely to deepen as the number of competitive ways to hold bitcoin also deepens.”

Still, I think the bet in favor of an eventually favorable ruling from the regulators is a reasonable one. Risky, yes, but not as risky as the underlying asset. It’s far more likely that bitcoin will crash another 50% than that the discount will make a comparable move from 26% to 63% (meaning: Your trust collapses from 74 cents on the dollar to 37 cents).

One more concern: liquidity. Osprey has but $100 million of coins in its vault, and its average daily share volume over the past year would be worth $400,000 at today’s share price. Big bettors have to step in cautiously.

#2. Your wallet

You can purchase bitcoins on an exchange, then have them exported to your cold-storage wallet. Market analyst Odean has used this for his long-term bets.

Pros: No counterparty risk. No management fee. If you do it right, no hacker risk.

Con: You might not do it right.

Self-storage entails a fairly elaborate procedure to protect your private key from being lost or stolen. Next week you might walk into an open elevator shaft, so you need some mechanism for survivors to retrieve that key. The computer you use to generate the private and public keys for your coin repository has to be permanently isolated from the internet. The medium on which the secret is stored must be secure; Odean mentions an etched piece of metal as an option.

There are services (Casa, Ledger and others) that make this process less painful, but ease of use comes with some increment of risk.

#3. Exchange storage

You could leave your coins for safekeeping at a coin exchange. If you want that asset segregated, and thus safe from the exchange’s creditors, yours’ll have to pay a custody fee.

At Coinbase Global, where the minimum account size for this service is $500,000, the fee is 0.5% a year. Some customers get a better deal. Osprey, which recently switched its custody from Fidelity Investments to Coinbase, appears to be paying 0.25% or less (its financial statements don’t reveal an exact amount).

If you can stomach some counterparty risk, or you just want assets available for trading, you can leave your coins in a deposit account at no charge. This is the crypto equivalent of keeping your Tesla shares in a margin account. But, unlike stocks at a brokerage firm, coins left with an exchange have no Securities Investor Protection Corp. to back them if the middleman gets into financial trouble.

#4. Foreign ETF

While our SEC bides its time, the Canadian regulator has authorized exchange-traded funds that hold cryptocurrency. One of them is the Purpose Bitcoin ETF, which holds coins now worth just over $1 billion.

Pro: The fund trades at very close to net asset value. The shares that are quoted (in Toronto) in U.S. dollars see $4 million of average daily volume.

Cons: The 1.5% annual expense ratio is a lot higher than Osprey’s. It’s not easy to get your hands on these shares in the U.S., as most brokers will refuse the buy order. On the Fidelity platform you can find Purpose under the ticker BTCC_U:CA, but it takes some digging.

#5. Grayscale Bitcoin Trust

This entity (GBTC) is the elder cousin of Osprey.

Pro: Liquidity. This trust has $20 billion of coins and sees an average daily share volume now worth $140 million.

Con: The stiff fee, 2% a year.

#6. Futures

CME Group’s Chicago Mercantile Exchange lists bitcoin futures contracts, each for five coins. Trading volume, almost all of it in the nearest month, typically runs to $1 billion a day. Settlement is in dollars; no wallets are involved.

Pros: Good liquidity, minimal counterparty risk and the potential for leverage. You can control $2 of crypto by putting down $1 of cash.

Cons: Taxes, trading costs and contango. Bitcoin futures share these three afflictions with many commodity futures.

At tax time you have to declare paper gains and losses on futures, with 40% treated as short-term (at high tax rates).

Rolling over your futures position monthly, which you probably would do in order to stay in the most actively traded contract, will cost you 12 commissions and bid/ask spreads per year.

The contango is a big deal. It means that the futures price at which you’re buying is at a premium to the spot price. On bitcoins the contango is a volatile number usually falling between 3% and 6% annualized. Contango reflects both the cost of financing a stockpile of a commodity and the cost of securing it. In the case of crypto, securing the asset against hackers is not simple (see #2 above).

Futures aren’t bad for day-to-day trading. They are a poor choice for someone hoping to achieve a long-term gain.

#7. Futures ETF

The ProShares Bitcoin Strategy ETF (BITO) holds long positions in bitcoin futures. Here, atop the steep contango of the Chicago trading pits, you have the opportunity to fork over an additional fee: the 0.95% a year assessed by the fund.

ProShares has attracted $900 million for this product. From naïfs.

#8. MicroStrategy

Chairman Michael Saylor has turned this business analytics firm into a crypto betting parlor. The corporation has used mostly borrowed money to acquire 129,200 bitcoins.

The stock had an interesting day May 9. With bitcoin down 14% from where it was Friday afternoon, MicroStrategy shares went down 26%.

Tyler Odean sees these shares as a simultaneous bet on three things: crypto, a mediocre software business and Saylor’s ability to withstand margin calls. He likes the first bet but not the other two.

I aim to help you save on taxes and money management costs. I graduated from Harvard in 1973, have been a journalist for 45 years, and was editor of Forbes magazine from 1999 to

Source: How To Buy Bitcoin At 26% Off The Regular Price

.

More content:

Remote working contents:

https://quintexcapital.com/?ref=arminham     Quintex Capital

https://www.genesis-mining.com/a/2535466   Genesis Mining

 http://www.bevtraders.com/?ref=arminham   BevTraders

https://www.litefinance.com/?uid=929237543  LiteTrading

https://jvz8.com/c/202927/369164  prime stocks

  https://jvz3.com/c/202927/361015  content gorilla

  https://jvz8.com/c/202927/366443  stock rush  

 https://jvz1.com/c/202927/373449  forrk   

https://jvz3.com/c/202927/194909  keysearch  

 https://jvz4.com/c/202927/296191  gluten free   

https://jvz1.com/c/202927/286851  diet fitness diabetes  

https://jvz8.com/c/202927/213027  writing job  

 https://jvz6.com/c/202927/108695  postradamus

https://jvz1.com/c/202927/372094  stoodaio

 https://jvz4.com/c/202927/358049  profile mate  

 https://jvz6.com/c/202927/279944  senuke  

 https://jvz8.com/c/202927/54245   asin   

https://jvz8.com/c/202927/370227  appimize

 https://jvz8.com/c/202927/376524  super backdrop

 https://jvz6.com/c/202927/302715  audiencetoolkit

 https://jvz1.com/c/202927/375487  4brandcommercial

https://jvz2.com/c/202927/375358  talkingfaces

 https://jvz6.com/c/202927/375706  socifeed

 https://jvz2.com/c/202927/184902  gaming jobs

 https://jvz6.com/c/202927/88118   backlink indexer  https://jvz1.com/c/202927/376361  powrsuite  

https://jvz3.com/c/202927/370472  tubeserp  

https://jvz4.com/c/202927/343405  PR Rage  

https://jvz6.com/c/202927/371547  design beast  

https://jvz3.com/c/202927/376879  commission smasher

 https://jvz2.com/c/202927/376925  MT4Code System

https://jvz6.com/c/202927/375959  viral dash

https://jvz1.com/c/202927/376527  coursova

 https://jvz4.com/c/202927/144349  fanpage

https://jvz1.com/c/202927/376877  forex expert  

https://jvz6.com/c/202927/374258  appointomatic

https://jvz2.com/c/202927/377003  woocommerce

https://jvz6.com/c/202927/377005  domainname

 https://jvz8.com/c/202927/376842  maxslides

https://jvz8.com/c/202927/376381  ada leadz

https://jvz2.com/c/202927/333637  eyeslick

https://jvz1.com/c/202927/376986  creaitecontentcreator

https://jvz4.com/c/202927/376095  vidcentric

https://jvz1.com/c/202927/374965  studioninja

https://jvz6.com/c/202927/374934  marketingblocks https://jvz3.com/c/202927/372682  clipsreel  

https://jvz2.com/c/202927/372916  VideoEnginePro

https://jvz1.com/c/202927/144577  BarclaysForexExpert

https://jvz8.com/c/202927/370806  Clientfinda

https://jvz3.com/c/202927/375550  Talkingfaces

https://jvz1.com/c/202927/370769  IMSyndicator

https://jvz6.com/c/202927/283867  SqribbleEbook

https://jvz8.com/c/202927/376524  superbackdrop

https://jvz8.com/c/202927/376849  VirtualReel

https://jvz2.com/c/202927/369837  MarketPresso

https://jvz1.com/c/202927/342854  voiceBuddy

https://jvz6.com/c/202927/377211  tubeTargeter

https://jvz6.com/c/202927/377557  InstantWebsiteBundle

https://jvz6.com/c/202927/368736  soronity

https://jvz2.com/c/202927/337292  DFY Suite 3.0 Agency+ information

https://jvz8.com/c/202927/291061  VideoRobot Enterprise

https://jvz8.com/c/202927/327447  Klippyo Kreators

https://jvz8.com/c/202927/324615  ChatterPal Commercial

https://jvz8.com/c/202927/299907  WP GDPR Fix Elite Unltd Sites

https://jvz8.com/c/202927/328172  EngagerMate

https://jvz3.com/c/202927/342585  VidSnatcher Commercial

https://jvz3.com/c/202927/292919  myMailIt

https://jvz3.com/c/202927/320972  Storymate Luxury Edition

https://jvz2.com/c/202927/320466  iTraffic X – Platinum Edition

https://jvz2.com/c/202927/330783  Content Gorilla One-time

https://jvz2.com/c/202927/301402  Push Button Traffic 3.0 – Brand New

https://jvz2.com/c/202927/321987  SociCake Commercial https://jvz2.com/c/202927/289944  The Internet Marketing

 https://jvz2.com/c/202927/297271  Designa Suite License

https://jvz2.com/c/202927/310335  XFUNNELS FE Commercial 

https://jvz2.com/c/202927/291955  ShopABot

https://jvz2.com/c/202927/312692  Inboxr

https://jvz2.com/c/202927/343635  MediaCloudPro 2.0 – Agency

 https://jvz2.com/c/202927/353558  MyTrafficJacker 2.0 Pro+

https://jvz2.com/c/202927/365061  AIWA Commercial

https://jvz2.com/c/202927/357201  Toon Video Maker Premium

https://jvz2.com/c/202927/351754  Steven Alvey’s Signature Series

https://jvz2.com/c/202927/344541  Fade To Black

https://jvz2.com/c/202927/290487  Adsense Machine

https://jvz2.com/c/202927/315596  Diddly Pay’s DLCM DFY Club

https://jvz2.com/c/202927/355249  CourseReel Professional

https://jvz2.com/c/202927/309649  SociJam System

https://jvz2.com/c/202927/263380  360Apps Certification

 https://jvz2.com/c/202927/359468  LocalAgencyBox

https://jvz2.com/c/202927/377557  Instant Website Bundle

https://jvz2.com/c/202927/377194  GMB Magic Content

https://jvz2.com/c/202927/376962  PlayerNeos VR

Scammers Have a New Way to Phish for Bank Account Information, Banker Says

A new phishing scam is hitting banking customers—and this time, the scammers make it seem like their messages are coming from the real customer service line or fraud prevention hotline.

The scam was revealed by wrestling announcer Lenny Leonard, who says that when he’s not calling body slams and sleeper holds, he’s a “mid-level executive with a very large financial institution.” In a Twitter thread, he details the new scam and how not to fall for it.

Leonard warned on Thursday that he had been called by a scammer who had spoofed the legitimate phone number to his bank. The scammer then sent a fraud alert using this number, asking if he recognized a certain charge.

In Leonard’s case, he says that when he told the scammer that he’d have to call them back, the scammer told him to look at the back of his debit card to confirm that they were calling from the same number. After telling off the scammer, Leonard says he called his bank and, sure enough, no legitimate alert had been sent, nor had any unusual activity been seen on his account.

Leonard told his followers how to not fall for the scam.

“If you EVER have someone CALL YOU and say they are your bank, do NOT provide any information like that over the phone on an INBOUND CALL,” he wrote. “Tell them you need to call them back & make sure you are dialing the number on the back of your card NOT a # they give you”.

“I would just urge everyone to make sure they are sharing this with their less tech savvy friends and family because the text I got looked EXACTLY like a prior text I had gotten from the bank my account is with,” Leonard told Newsweek.

A representative from Chase also confirmed that the company was familiar with the scam.

“Unfortunately, scammers target consumers from many banks. We urge all consumers to never share their banking passwords or send money to someone who tells them that doing so will prevent fraud on their account. Bank employees won’t call, text or email consumers asking for this information, but scammers will,” Amy Bonitatibus, Chase’s chief communications officer, told Newsweek.

While spoofing a phone number is common with scammers, often it’s a fake number as well, though Western Bank warns their customers that fake calls can come from a number they recognize.

The bank also lists a variation on the scam Leonard warns of. In the version Western Bank describes, a scammer spoofs the legitimate customer service number of the bank, like before. But this time, anticipating a response like Leonard’s, the scammer will ask the victim to call them back using the same number that’s on the back of the debit card—which is the same as the one they’re spoofing.

In this variation, though, they’ll leave the phone connection active, fooling the victim with a fake dial tone. Once the victim dials, the scammer “answers,” in hopes that the victim will be fooled into thinking the scammer is indeed a legitimate employee.

One way to thwart this is to remember that a real bank employee will already have your information. Never offer up important information like a bank account number. Instead, ask the bank employee if you can confirm their information by asking them to read off what they have.

In addition, banks will never ask for a PIN, a full Social Security number or a customer’s online banking username and password. Banks already have access to customers’ accounts, and when it comes to Social Security numbers, a legit bank employee will only ask for the last four digits to confirm.

By

Source: Scammers Have a New Way to Phish for Bank Account Information, Banker Says

.

More contents:

Woman With Missing Dog Gets Scam Texts Threats To Expose Affair to Her Wife

Accused Leader of GoFundMe Scam With Homeless Vet Sentenced to 27 Months

How ‘The Tinder Swindler’ Made This Woman Realize She Was Being Scammed

Phishing for phishing awareness”. Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.

Phishing attacks and countermeasures”. In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.

Internet Crime Report 2020″ (PDF). FBI Internet Crime Complaint Centre. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.

The Phishing Guide: Understanding and Preventing Phishing Attacks”. Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.

The Big Phish: Cyberattacks Against U.S. Healthcare Systems”. Journal of General Internal Medicine. 31 (10): 1115–8. 2005). “A Leet Primer”. TechNewsWorld.

Security Usability Principles for Vulnerability Analysis and Risk Assessment”. Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC’07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.

Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content”. ACM Transactions on Computer-Human Interaction. 26 (5): 32.

Data Breach Investigations Report” (PDF). PhishingBox. Verizon Communications. Retrieved 21 March 2021.

Fifteen years of phishing: can technology save us?”. Computer Fraud & Security. 2019 (7): 11–16. doi:10.1016/S1361-3723(19)30074-0. S2CID 199578115. Retrieved 21 March 2021.

The Black Market for Netflix Accounts”. The Atlantic. Retrieved 21 March 2021.

Spear Phishing: Who’s Getting Caught?”. Firmex. Archived from the original on 2014-08-11. Retrieved July 27, 2014.

Hacking Gets Personal: Belgian Cryptographer Targeted”. Info Security magazine. 3 February 2018. Retrieved 10 September 2018.

RSA explains how attackers breached its systems”. The Register. Retrieved 10 September 2018.

Epsilon breach used four-month-old attack”. itnews.com.au. Retrieved 10 September 2018.

What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analyzes”. SSRN Electronic Journal. doi:10.2139/ssrn.3427436. ISSN 1556-5068. S2CID 239250225. Archived from the original on 2021-03-21. Retrieved 2020-11-02.

Threat Group-4127 Targets Google Accounts”. secureworks.com. Archived from the original on 2019-08-11. Retrieved 2017-10-12.

How the Russians hacked the DNC and passed its emails to WikiLeaks”

More Remote Working Apps:

https://quintexcapital.com/?ref=arminham     Quintex Capital

https://www.genesis-mining.com/a/2535466   Genesis Mining

 http://www.bevtraders.com/?ref=arminham   BevTraders

https://www.litefinance.com/?uid=929237543  LiteTrading

https://jvz8.com/c/202927/369164  prime stocks

  https://jvz3.com/c/202927/361015  content gorilla

  https://jvz8.com/c/202927/366443  stock rush  

 https://jvz1.com/c/202927/373449  forrk   

https://jvz3.com/c/202927/194909  keysearch  

 https://jvz4.com/c/202927/296191  gluten free   

https://jvz1.com/c/202927/286851  diet fitness diabetes  

https://jvz8.com/c/202927/213027  writing job  

 https://jvz6.com/c/202927/108695  postradamus

https://jvz1.com/c/202927/372094  stoodaio

 https://jvz4.com/c/202927/358049  profile mate  

 https://jvz6.com/c/202927/279944  senuke  

 https://jvz8.com/c/202927/54245   asin   

https://jvz8.com/c/202927/370227  appimize

 https://jvz8.com/c/202927/376524  super backdrop

 https://jvz6.com/c/202927/302715  audiencetoolkit

 https://jvz1.com/c/202927/375487  4brandcommercial

https://jvz2.com/c/202927/375358  talkingfaces

 https://jvz6.com/c/202927/375706  socifeed

 https://jvz2.com/c/202927/184902  gaming jobs

 https://jvz6.com/c/202927/88118   backlink indexer  https://jvz1.com/c/202927/376361  powrsuite  

https://jvz3.com/c/202927/370472  tubeserp  

https://jvz4.com/c/202927/343405  PR Rage  

https://jvz6.com/c/202927/371547  design beast  

https://jvz3.com/c/202927/376879  commission smasher

 https://jvz2.com/c/202927/376925  MT4Code System

https://jvz6.com/c/202927/375959  viral dash

https://jvz1.com/c/202927/376527  coursova

 https://jvz4.com/c/202927/144349  fanpage

https://jvz1.com/c/202927/376877  forex expert  

https://jvz6.com/c/202927/374258  appointomatic

https://jvz2.com/c/202927/377003  woocommerce

https://jvz6.com/c/202927/377005  domainname

 https://jvz8.com/c/202927/376842  maxslides

https://jvz8.com/c/202927/376381  ada leadz

https://jvz2.com/c/202927/333637  eyeslick

https://jvz1.com/c/202927/376986  creaitecontentcreator

https://jvz4.com/c/202927/376095  vidcentric

https://jvz1.com/c/202927/374965  studioninja

https://jvz6.com/c/202927/374934  marketingblocks https://jvz3.com/c/202927/372682  clipsreel  

https://jvz2.com/c/202927/372916  VideoEnginePro

https://jvz1.com/c/202927/144577  BarclaysForexExpert

https://jvz8.com/c/202927/370806  Clientfinda

https://jvz3.com/c/202927/375550  Talkingfaces

https://jvz1.com/c/202927/370769  IMSyndicator

https://jvz6.com/c/202927/283867  SqribbleEbook

https://jvz8.com/c/202927/376524  superbackdrop

https://jvz8.com/c/202927/376849  VirtualReel

https://jvz2.com/c/202927/369837  MarketPresso

https://jvz1.com/c/202927/342854  voiceBuddy

https://jvz6.com/c/202927/377211  tubeTargeter

https://jvz6.com/c/202927/377557  InstantWebsiteBundle

https://jvz6.com/c/202927/368736  soronity

https://jvz2.com/c/202927/337292  DFY Suite 3.0 Agency+ information

https://jvz8.com/c/202927/291061  VideoRobot Enterprise

https://jvz8.com/c/202927/327447  Klippyo Kreators

https://jvz8.com/c/202927/324615  ChatterPal Commercial

https://jvz8.com/c/202927/299907  WP GDPR Fix Elite Unltd Sites

https://jvz8.com/c/202927/328172  EngagerMate

https://jvz3.com/c/202927/342585  VidSnatcher Commercial

https://jvz3.com/c/202927/292919  myMailIt

https://jvz3.com/c/202927/320972  Storymate Luxury Edition

https://jvz2.com/c/202927/320466  iTraffic X – Platinum Edition

https://jvz2.com/c/202927/330783  Content Gorilla One-time

https://jvz2.com/c/202927/301402  Push Button Traffic 3.0 – Brand New

https://jvz2.com/c/202927/321987  SociCake Commercial https://jvz2.com/c/202927/289944  The Internet Marketing

 https://jvz2.com/c/202927/297271  Designa Suite License

https://jvz2.com/c/202927/310335  XFUNNELS FE Commercial 

https://jvz2.com/c/202927/291955  ShopABot

https://jvz2.com/c/202927/312692  Inboxr

https://jvz2.com/c/202927/343635  MediaCloudPro 2.0 – Agency

 https://jvz2.com/c/202927/353558  MyTrafficJacker 2.0 Pro+

https://jvz2.com/c/202927/365061  AIWA Commercial

https://jvz2.com/c/202927/357201  Toon Video Maker Premium

https://jvz2.com/c/202927/351754  Steven Alvey’s Signature Series

https://jvz2.com/c/202927/344541  Fade To Black

https://jvz2.com/c/202927/290487  Adsense Machine

https://jvz2.com/c/202927/315596  Diddly Pay’s DLCM DFY Club

https://jvz2.com/c/202927/355249  CourseReel Professional

https://jvz2.com/c/202927/309649  SociJam System

https://jvz2.com/c/202927/263380  360Apps Certification

 https://jvz2.com/c/202927/359468  LocalAgencyBox

https://jvz2.com/c/202927/377557  Instant Website Bundle

https://jvz2.com/c/202927/377194  GMB Magic Content

https://jvz2.com/c/202927/376962  PlayerNeos VR

Another Top NFT Company Has Been Hit By a Phishing Attack

The official Discord channel of the NFT marketplace OpenSea was recently infiltrated by cybercriminals who used it to distribute a phishing link.

According to The Verge, a bot in the channel made a fake announcement that the NFT marketplace was partnering with YouTube and that users should click on a “YouTube Genesis Mint Pass” in order to get one of 100 free NFTs before they’re gone forever.

Just like cybercriminals often do in phishing emails, this message instilled a sense of urgency to get users to click on a link to a site that that blockchain security company PeckShield has now flagged as a phishing site.

At the same time, as the NFT space tends to move rather quickly, users knew from past experience that they only had a limited time to claim one of the free NFTs and likely didn’t want to miss out.

Stolen NFTs

Although the malicious messages have been removed from OpenSea’s Discord channel and the phishing site has also been taken down, one user said they lost NFTs in the incident and pointed to an address on the blockchain that belonged to the cybercriminals responsible.

Viewing the address on Etherscan.io or on competing NFT marketplace Rarible shows that 13 NFTs were actually transferred to it from five users around the time of the attack and based on their prices when last sold, all five NFTs appear to be worth just over $18k.

While OpenSea hasn’t yet explained how its Discord channel was hacked, one possible explanation is that the cybercriminals leveraged the webhook functionality  that organizations utilize to control bots which make posts on their channels.

In a statement to The Verge, OpenSea spokesperson Allie Mack provided further details on how the company responded to the incident, saying:

“Last night, an attacker was able to post malicious links in several of our Discord channels. We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts.

We also alerted our community via our Twitter support channel to not click any links in our Discord. Our preliminary analysis indicates that the attack had limited impact. We are currently aware of fewer than 10 impacted wallets and stolen items amounting to less than 10 ETH.”

Whether you’re on Discord or Telegram, you should avoid clicking on suspicious links especially in messages that try to instill a sense of urgency to prevent falling victim to phishing attacks.

Anthony Spadafora

After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Source: Another top NFT company has been hit by a phishing attack | TechRadar

.

More contents:

5 things you didn’t know Google Maps could do

Bypass VPN blocks and make yourself undetectable online

Sony weighs in on PS Plus subscription stacking – and you’re not going to like it

Meta’s Project Cambria price leaks and, spoiler alert, you’re not going to like it

Xbox Game Pass adds a feast of indie games

Get an alert when your data ends up on the dark web with the best identity theft protection

That NFT job offer is probably malware

More Remote Working Apps:

https://quintexcapital.com/?ref=arminham     Quintex Capital

https://www.genesis-mining.com/a/2535466   Genesis Mining

 http://www.bevtraders.com/?ref=arminham   BevTraders

https://www.litefinance.com/?uid=929237543  LiteTrading

https://jvz8.com/c/202927/369164  prime stocks

  https://jvz3.com/c/202927/361015  content gorilla

  https://jvz8.com/c/202927/366443  stock rush  

 https://jvz1.com/c/202927/373449  forrk   

https://jvz3.com/c/202927/194909  keysearch  

 https://jvz4.com/c/202927/296191  gluten free   

https://jvz1.com/c/202927/286851  diet fitness diabetes  

https://jvz8.com/c/202927/213027  writing job  

 https://jvz6.com/c/202927/108695  postradamus

https://jvz1.com/c/202927/372094  stoodaio

 https://jvz4.com/c/202927/358049  profile mate  

 https://jvz6.com/c/202927/279944  senuke  

 https://jvz8.com/c/202927/54245   asin   

https://jvz8.com/c/202927/370227  appimize

 https://jvz8.com/c/202927/376524  super backdrop

 https://jvz6.com/c/202927/302715  audiencetoolkit

 https://jvz1.com/c/202927/375487  4brandcommercial

https://jvz2.com/c/202927/375358  talkingfaces

 https://jvz6.com/c/202927/375706  socifeed

 https://jvz2.com/c/202927/184902  gaming jobs

 https://jvz6.com/c/202927/88118   backlink indexer  https://jvz1.com/c/202927/376361  powrsuite  

https://jvz3.com/c/202927/370472  tubeserp  

https://jvz4.com/c/202927/343405  PR Rage  

https://jvz6.com/c/202927/371547  design beast  

https://jvz3.com/c/202927/376879  commission smasher

 https://jvz2.com/c/202927/376925  MT4Code System

https://jvz6.com/c/202927/375959  viral dash

https://jvz1.com/c/202927/376527  coursova

 https://jvz4.com/c/202927/144349  fanpage

https://jvz1.com/c/202927/376877  forex expert  

https://jvz6.com/c/202927/374258  appointomatic

https://jvz2.com/c/202927/377003  woocommerce

https://jvz6.com/c/202927/377005  domainname

 https://jvz8.com/c/202927/376842  maxslides

https://jvz8.com/c/202927/376381  ada leadz

https://jvz2.com/c/202927/333637  eyeslick

https://jvz1.com/c/202927/376986  creaitecontentcreator

https://jvz4.com/c/202927/376095  vidcentric

https://jvz1.com/c/202927/374965  studioninja

https://jvz6.com/c/202927/374934  marketingblocks https://jvz3.com/c/202927/372682  clipsreel  

https://jvz2.com/c/202927/372916  VideoEnginePro

https://jvz1.com/c/202927/144577  BarclaysForexExpert

https://jvz8.com/c/202927/370806  Clientfinda

https://jvz3.com/c/202927/375550  Talkingfaces

https://jvz1.com/c/202927/370769  IMSyndicator

https://jvz6.com/c/202927/283867  SqribbleEbook

https://jvz8.com/c/202927/376524  superbackdrop

https://jvz8.com/c/202927/376849  VirtualReel

https://jvz2.com/c/202927/369837  MarketPresso

https://jvz1.com/c/202927/342854  voiceBuddy

https://jvz6.com/c/202927/377211  tubeTargeter

https://jvz6.com/c/202927/377557  InstantWebsiteBundle

https://jvz6.com/c/202927/368736  soronity

https://jvz2.com/c/202927/337292  DFY Suite 3.0 Agency+ information

https://jvz8.com/c/202927/291061  VideoRobot Enterprise

https://jvz8.com/c/202927/327447  Klippyo Kreators

https://jvz8.com/c/202927/324615  ChatterPal Commercial

https://jvz8.com/c/202927/299907  WP GDPR Fix Elite Unltd Sites

https://jvz8.com/c/202927/328172  EngagerMate

https://jvz3.com/c/202927/342585  VidSnatcher Commercial

https://jvz3.com/c/202927/292919  myMailIt

https://jvz3.com/c/202927/320972  Storymate Luxury Edition

https://jvz2.com/c/202927/320466  iTraffic X – Platinum Edition

https://jvz2.com/c/202927/330783  Content Gorilla One-time

https://jvz2.com/c/202927/301402  Push Button Traffic 3.0 – Brand New

https://jvz2.com/c/202927/321987  SociCake Commercial https://jvz2.com/c/202927/289944  The Internet Marketing

 https://jvz2.com/c/202927/297271  Designa Suite License

https://jvz2.com/c/202927/310335  XFUNNELS FE Commercial 

https://jvz2.com/c/202927/291955  ShopABot

https://jvz2.com/c/202927/312692  Inboxr

https://jvz2.com/c/202927/343635  MediaCloudPro 2.0 – Agency

 https://jvz2.com/c/202927/353558  MyTrafficJacker 2.0 Pro+

https://jvz2.com/c/202927/365061  AIWA Commercial

https://jvz2.com/c/202927/357201  Toon Video Maker Premium

https://jvz2.com/c/202927/351754  Steven Alvey’s Signature Series

https://jvz2.com/c/202927/344541  Fade To Black

https://jvz2.com/c/202927/290487  Adsense Machine

https://jvz2.com/c/202927/315596  Diddly Pay’s DLCM DFY Club

https://jvz2.com/c/202927/355249  CourseReel Professional

https://jvz2.com/c/202927/309649  SociJam System

https://jvz2.com/c/202927/263380  360Apps Certification

 https://jvz2.com/c/202927/359468  LocalAgencyBox

https://jvz2.com/c/202927/377557  Instant Website Bundle

https://jvz2.com/c/202927/377194  GMB Magic Content

https://jvz2.com/c/202927/376962  PlayerNeos VR

Coinbase Cracks Down Front Running of New Crypto Listings

Digital asset exchange Coinbase will take action against front-running of new cryptocurrency listings on its platform as part of its “zero tolerance” approach.

In a company blog post, CEO Brian Armstrong announced new measures of listing and reviewing tokens on the platform to prevent traders from examining its listing information or software to guess what assets would be listed in advance of the wider market knowing. This included using on-chain data to check if Coinbase is testing new assets integrations.

“We’re also aware of concerns that some market participants may be taking advantage of information from our listings process,” Armstrong said on Thursday. “While this is public data, it isn’t data that all customers can easily access, so we strive to remove these information asymmetries.”

“We’re adding new forensic tools to better prevent front-running, while also ensuring that we can move more quickly to de-list assets that appear to be run by bad actors,” the company tweeted.

Front-running means using non-public information about upcoming token listings to invest in them before the wider market. Coinbase received reports of people seemingly buying particular assets right before their listing announcement and benefitting from the accompanying price movements, Armstrong said.

“Finally, there is always the possibility that someone inside Coinbase could, wittingly or unwittingly, leak information to outsiders engaging in illegal activity,” he said. “We have zero tolerance for this and monitor for it, conducting investigations where appropriate with outside law firms.”

Armstrong said Coinbase’s trading policy restricts employees from trading in crypto assets on the back of material non-public information.

The platform aimed to list all legal assets while also protecting customers and maintaining a level playing field, Armstrong said. He laid out minimum listing requirements that included testing for legality, security, and compliance.

Some of the changes Armstrong announced included publishing decisions to list a token only when the decision had been made, labelling for newer and less well-known assets, and launching asset reviews and ratings.

“It’s always tricky to find the right balance on enabling innovation while simultaneously protecting customers from bad activity, but that is exactly the hard work that we need to do each day,” he said.

Coinbase is the largest crypto exchange in the US. It currently lists 174 coins, according to data provider CoinMarketCap. The company added 95 coins for trading last year, and more than 70 for its custody service, according to Bloomberg.

By:

Source: Coinbase Cracks Down Front-Running of New Crypto Listings

.

Critics:

While the exchange has faced fierce criticism from the crypto community over its asset listing criteria, Armstrong doubled down on its approach in his post. “At Coinbase, our goal is ​​to list every asset that is legal and safe to do so,” he said, claiming that the exchange had no business in picking winners and losers. 

Earlier this month, Coinbase came under heavy fire after UpOnly host and influential crypto trader Cobie publicly called the company out for listing relatively unknown, dubious projects with low market capitalizations, such as StudentCoin, Polkamon, and Big Data Protocol. Notably, Coinbase has neglected to list many other assets that play a crucial role in the cryptocurrency ecosystem, such as Terra and Fantom. 

“Big Data Protocol, virtually completely dead prior to [the Coinbase listing blog post, has pumped 132% as a result of this news!” Cobie wrote, stressing that the coin had a market capitalization of only $1.5 million before the listing.

That wasn’t the first time Coinbase has listed questionable assets in favor of larger, more established projects. In February, the company was criticized for listing Pawtocol, another low-cap coin that claims to use blockchain “to improve the lives of pets and pet owners on a global scale.” Per data from CoinGecko, Pawtocol briefly rallied on the news but has since tanked, now more than 50% down since the listing and 84% short of its all-time high

More contents:

Fighting Identity Theft With The Red Flags Rule

1

An estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags Rule1 requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. This article has tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program.

An Overview

The Red Flags Rule tells you how to develop, implement, and administer an identity theft prevention program. A program must include four basic elements that create a framework to deal with the threat of identity theft.2

  1. A program must include reasonable policies and procedures to identify the red flags of identity theft that may occur in your day-to-day operations. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.3 For example, if a customer has to provide some form of identification to open an account with your company, an ID that doesn’t look genuine is a “red flag” for your business.
  2. A program must be designed to detect the red flags you’ve identified. If you have identified fake IDs as a red flag, for example, you must have procedures to detect possible fake, forged, or altered identification.
  3. A program must spell out appropriate actions you’ll take take when you detect red flags.
  4. A program must detail how you’ll keep it current to reflect new threats.

Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule has requirements on how to incorporate your program into the daily operations of your business. Fortunately, the Rule also gives you the flexibility to design a program appropriate for your company — its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive program to address a high risk of identity theft, a streamlined program may be appropriate for businesses facing a low risk.

Securing the data you collect and maintain about customers is important in reducing identity theft. The Red Flags Rule seeks to prevent identity theft, too, by ensuring that your business or organization is on the lookout for the signs that a crook is using someone else’s information, typically to get products or services from you without paying for them.

That’s why it’s important to use a one-two punch in the battle against identity theft: implement data security practices that make it harder for crooks to get access to the personal information they use to open or access accounts, and pay attention to the red flags that suggest that fraud may be afoot.

Who Must Comply with the Red Flags Rule: A Two-Part Analysis

The Red Flags Rule requires “financial institutions” and some “creditors” to conduct a periodic risk assessment to determine if they have “covered accounts.” The determination isn’t based on the industry or sector, but rather on whether a business’ activities fall within the relevant definitions. A business must implement a written program only if it has covered accounts.

Financial Institution

The Red Flags Rule defines a “financial institution” as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or a person that, directly or indirectly, holds a transaction account belonging to a consumer.4 While many financial institutions are under the jurisdiction of the federal bank regulatory agencies or other federal agencies, state-chartered credit unions are one category of financial institution under the FTC’s jurisdiction.

Creditor

The Red Flags Rule defines “creditor” based on conduct.5

To determine if your business is a creditor under the Red Flags Rule, ask these questions:

Does my business or organization regularly:

  • defer payment for goods and services or bill customers?
  • grant or arrange credit?
  • participate in the decision to extend, renew, or set the terms of credit?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, ask:

Does my business or organization regularly and in the ordinary course of business:

  • get or use consumer reports in connection with a credit transaction?
  • give information to credit reporting companies in connection with a credit transaction?
  • advance funds to — or for — someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them)?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, you are a creditor covered by the Rule.

Covered Accounts

If you conclude that your business or organization is a financial institution or a creditor covered by the Rule, you must determine if you have any “covered accounts,” as the Red Flags Rule defines that term. You’ll need to look at existing accounts and new ones6.  Two categories of accounts are covered:

  1. A consumer account for your customers for personal, family, or household purposes that involves or allows multiple payments or transactions.7 Examples are credit card accounts, mortgage loans, automobile loans, checking accounts, and savings accounts.
  2.  “Any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”8 Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. Unlike consumer accounts designed to allow multiple payments or transactions — always considered “covered accounts” under the Rule — other types of accounts are “covered” only if the risk of identity theft is reasonably foreseeable.

In determining if accounts are covered under the second category, consider how they’re opened and accessed. For example, there may be a reasonably foreseeable risk of identity theft in connection with business accounts that can be accessed remotely — say, through the Internet or the telephone. Your risk analysis must consider any actual incidents of identity theft involving accounts like these.

If you don’t have any covered accounts, you don’t need a written program. But business models and services change. You may acquire covered accounts through changes to your business structure, process, or organization. That’s why it’s good policy and practice to conduct a periodic risk assessment.

FAQs

  1. I review credit reports to screen job applicants. Does the Rule apply to my business on this basis alone? No, the Rule does not apply because the use is not “in connection with a credit transaction.”
  2. What if I occasionally get credit reports in connection with credit transactions?According to the Rule, these activities must be done “regularly and in the ordinary course of business.” Isolated conduct does not trigger application of the Rule, but if your business regularly furnishes delinquent account information to a consumer reporting company but no other credit information, that satisfies the “regularly and in the ordinary course of business” prerequisite.What is deemed “regularly and in the ordinary course of business” is specific to individual companies. If you get consumer reports or furnish information to a consumer reporting company regularly and in the ordinary course of your particular business, the Rule applies, even if for others in your industry it isn’t a regular practice or part of the ordinary course of business.
  3. I am a professional who bills my clients for services at the end of the month. Am I a creditor just because I allow clients to pay later?No. Deferring payment for goods or services, payment of debt, or the purchase of property or services alone doesn’t constitute “advancing funds” under the Rule.
  4. In my business, I lend money to customers for their purchases. The loans are backed by title to their car. Is this considered “advancing funds”?Yes. Anyone who lends money — like a payday lender or automobile title lender — is covered by the Rule. Their lending activities may make their business attractive targets for identity theft. But deferring the payment of debt or the purchase of property or services alone doesn’t constitute “advancing funds.”
  5. I offer instant credit to my customers and contract with another company to pull credit reports to determine their creditworthiness. No one in our organization ever sees the credit reports. Is my business covered by the Rule?Yes. Your business is — regularly and in the ordinary course of business — using credit reports in connection with a credit transaction. The Rule applies whether your business uses the reports directly or whether a third-party evaluates them for you.
  6. I operate a finance company that helps people buy furniture. Does the Rule apply to my business?Yes. Your company’s financing agreements are considered to be “advancing funds on behalf of a person.”
  7. In my legal practice, I often make copies and pay filing, court, or expert fees for my clients. Am I “advancing funds”?No. This is not the same as a commercial lender making a loan; “advancing funds” does not include paying in advance for fees, materials, or services that are incidental to providing another service that someone requested.
  8. Our company is a “creditor” under the Rule and we have credit and non-credit accounts. Do we have to determine if both types of accounts are “covered accounts”? Yes. You must examine all your accounts to determine which are “covered accounts” that must be included in your written identity theft prevention program.
  9. My business accepts credit cards for payments. Are we covered by the Red Flags Rule on this basis alone?No. Just accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule.
  10. My business isn’t subject to much of a risk that a crook is going to misuse someone’s identity to steal from me, but it does have covered accounts. How should I structure my program?If identity theft isn’t a big risk in your business, complying with the Rule is simple and straightforward. For example, if the risk of identity theft is low, your program might focus on how to respond if you are notified — say, by a customer or a law enforcement officer — that someone’s identity was misused at your business. The Guidelines to the Rule have examples of possible responses. But even a business at low risk needs a written program that is approved either by its board of directors or an appropriate senior employee.

How To Comply: A Four-Step Process

Many companies already have plans and policies to combat identity theft and related fraud. If that’s the case for your business, you’re already on your way to full compliance.

1. Identify Relevant Red Flags

What are “red flags”? They’re the potential patterns, practices, or specific activities indicating the possibility of identity theft.9 Consider:

Risk Factors. Different types of accounts pose different kinds of risk. For example, red flags for deposit accounts may differ from red flags for credit accounts, and those for consumer accounts may differ from those for business accounts. When you are identifying key red flags, think about the types of accounts you offer or maintain; the ways you open covered accounts; how you provide access to those accounts; and what you know about identity theft in your business.

Sources of Red Flags. Consider other sources of information, including the experience of other members of your industry. Technology and criminal techniques change constantly, so it’s important to keep up-to-date on new threats.

Categories of Common Red Flags. Supplement A to the Red Flags Rule lists specific categories of warning signs to consider including in your program. The examples here are one way to think about relevant red flags in the context of your own business.

  • Alerts, Notifications, and Warnings from a Credit Reporting Company. Changes in a credit report or a consumer’s credit activity might signal identity theft:
    • a fraud or active duty alert on a credit report
    • a notice of credit freeze in response to a request for a credit report
    • a notice of address discrepancy provided by a credit reporting company
    • a credit report indicating a pattern inconsistent with the person’s history B for example, an increase in the volume of inquiries or the use of credit, especially on new accounts; an unusual number of recently established credit relationships; or an account that was closed because of an abuse of account privileges
  • Suspicious Documents. Documents can offer hints of identity theft:
    • identification looks altered or forged
    • the person presenting the identification doesn’t look like the photo or match the physical description
    • information on the identification differs from what the person with identification is telling you or doesn’t match a signature card or recent check
    • an application looks like it’s been altered, forged, or torn up and reassembled
  • Personal Identifying Information. Personal identifying information can indicate identity theft:
    • inconsistencies with what you know — for example, an address that doesn’t match the credit report or the use of a Social Security number that’s listed on the Social Security Administration Death Master File
    • inconsistencies in the information a customer has submitted to you
    • an address, phone number, or other personal information already used on an account you know to be fraudulent
    • a bogus address, an address for a mail drop or prison, a phone number that’s invalid, or one that’s associated with a pager or answering service
    • a Social Security number used by someone else opening an account
    • an address or telephone number used by several people opening accounts
    • a person who omits required information on an application and doesn’t respond to notices that the application is incomplete
    • a person who can’t provide authenticating information beyond what’s generally available from a wallet or credit report — for example, someone who can’t answer a challenge question
  • Account Activity. How the account is being used can be a tip-off to identity theft:
    • shortly after you’re notified of a change of address, you’re asked for new or additional credit cards, or to add users to the account
    • a new account used in ways associated with fraud — for example, the customer doesn’t make the first payment, or makes only an initial payment; or most of the available credit is used for cash advances or for jewelry, electronics, or other merchandise easily convertible to cash
    • an account used outside of established patterns — for example, nonpayment when there’s no history of missed payments, a big increase in the use of available credit, or a major change in buying or spending patterns or electronic fund transfers
    • an account that is inactive is used again
    • mail sent to the customer that is returned repeatedly as undeliverable although transactions continue to be conducted on the account
    • information that the customer isn’t receiving an account statement by mail or email
    • information about unauthorized charges on the account
  • Notice from Other Sources. A customer, a victim of identity theft, a law enforcement authority, or someone else may be trying to tell you that an account has been opened or used fraudulently.

2. Detect Red Flags

Sometimes, using identity verification and authentication methods can help you detect red flags. Consider whether your procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

  • New accounts. When verifying the identity of the person who is opening a new account, reasonable procedures may include getting a name, address, and identification number and, for in-person verification, checking a current government-issued identification card, like a driver’s license or passport.
  • Depending on the circumstances, you may want to compare that to information you can find out from other sources, like a credit reporting company or data broker, or the Social Security Number Death Master File.10 Asking questions based on information from other sources can be a helpful way to verify someone’s identity.
  • Existing accounts. To detect red flags for existing accounts, your program may include reasonable procedures to confirm the identity of the person you’re dealing with, to monitor transactions, and to verify the validity of change-of-address requests. For online authentication, consider the Federal Financial Institutions Examination Council’s guidance on authentication as a starting point.11
  • It explores the application of multi-factor authentication techniques in high-risk environments, including using passwords, PINs, smart cards, tokens, and biometric identification. Certain types of personal information — like a Social Security number, date of birth, mother’s maiden name, or mailing address — are not reliable authenticators because they’re so easily accessible.

You may be using programs to monitor transactions, identify behavior that indicates the possibility of fraud and identity theft, or validate changes of address. If so, incorporate these tools into your program.

3. Prevent And Mitigate Identity Theft

When you spot a red flag, be prepared to respond appropriately. Your response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

The Guidelines in the Red Flags Rule offer examples of some appropriate responses, including:

  • monitoring a covered account for evidence of identity theft
  • contacting the customer
  • changing passwords, security codes, or other ways to access a covered account
  • closing an existing account
  • reopening an account with a new account number
  • not opening a new account
  • not trying to collect on an account or not selling an account to a debt collector
  • notifying law enforcement
  • determining that no response is warranted under the particular circumstances

The facts of a particular case may warrant using one of these options, several of them, or another response altogether. Consider whether any aggravating factors raise the risk of identity theft. For example, a recent breach that resulted in unauthorized access to a customer’s account records would call for a stepped-up response because the risk of identity theft rises, too.

4. Update The Program

The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in your own experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts you offer; and changes in your business, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Administering Your Program

Your Board of Directors — or an appropriate committee of the Board — must approve your initial plan.  If you don’t have a board, someone in senior management must approve it.  The Board may oversee, develop, implement, and administer the program — or it may designate a senior employee to do the job. Responsibilities include assigning specific responsibility for the program’s implementation, reviewing staff reports about compliance with the Rule, and approving important changes to your program.

The Rule requires that you train relevant staff only as “necessary.” Staff who have taken fraud prevention training may not need to be re-trained. Remember that employees at many levels of your organization can play a key role in identity theft deterrence and detection.

In administering your program, monitor the activities of your service providers. If they’re conducting activities covered by the Rule — for example, opening or managing accounts, billing customers, providing customer service, or collecting debts — they must apply the same standards you would if you were performing the tasks yourself. One way to make sure your service providers are taking reasonable steps is to add a provision to your contracts that they have procedures in place to detect red flags and either report them to you or respond appropriately to prevent or mitigate the crime. Other ways to monitor your service providers include giving them a copy of your program, reviewing the red flag policies, or requiring periodic reports about red flags they have detected and their response.

It’s likely that service providers offer the same services to a number of client companies. As a result, the Guidelines are flexible about service providers using their own programs as long as they meet the requirements of the Rule.

The person responsible for your program should report at least annually to your Board of Directors or a designated senior manager. The report should evaluate how effective your program has been in addressing the risk of identity theft; how you’re monitoring the practices of your service providers; significant incidents of identity theft and your response; and recommendations for major changes to the program.12

Source: Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business | Federal Trade Commission

.

More contents:

%d bloggers like this: