A Tennessee man is facing $1,300 in unauthorized cable charges and ruined credit after at least one Comcast employee allegedly stole his identity and provided it to an outside vendor who signed up new Comcast customers who never had any intention of paying their bills.

Ricky McClure of Murfreesboro first learned about the fraud when collection agencies working for Comcast sent him collection notices demanding payment of a combined $1,300 in unpaid charges made in his name in Shreveport, La.

McClure is already a Comcast customer, and he does not pay his cable bill late, so he called Comcast over what he thought was a simple billing error and ran into a customer service buzz saw.

“Comcast basically said the name and social matches what we have on record so this is your account. You need to pay the money and we’re not going to pull it back from collections,” McClure told WKRN-TV.

McClure was left investigating the mysterious charges on his own and discovered the extra accounts on his credit report, both using his Social Security number, and opened without his permission. Even more disturbing, the service addresses on file were in a city McClure has no ties to.

“Where is our money, lady?”

“It’s very alarming. You don’t know who is going to be calling you next,” said McClure.

Comcast’s customer service seemed unconcerned McClure’s identity was stolen. They simply wanted to clear up the matter of the $1,300 in unpaid charges. In fact, Comcast reserves the right to terminate an identity theft victim’s own service until the billing matter is settled or the fraud verified.

An isolated incident? Not quite.

Stop the Cap! reader John Spencer (not his complete real name at his request) in Nashville was also a victim of Comcast fraud. He wrote to share the story of McClure, which he recognized only too well. He faced over $2,000 in Comcast bills sent to collections for another “customer” in Shreveport. This time, the thieves were smart enough to submit a change of address for the bills headed for Louisiana, claiming it was a vacation property. The collection agency finally connected the Social Security number to Spencer’s address in Nashville and commenced collection activity that dropped his FICO score by more than 90 points, which now hovers around 600. Spencer’s damage went far beyond dealing with persistent collection calls. Alarmed credit card issuers running periodic credit checks suspended or slashed Spencer’s credit lines because he was suddenly a credit risk, and Verizon wants him to pay a deposit on his new cell phone account. His car insurance even went up $65 semi-annually, the insurance company explained, because his credit score necessitated a re-evaluation of his rate.

It took over three months for Comcast to finally get the negative information off his credit report, and nine months later he is still trying to get his former credit reputation back. While credit card companies did restore his former credit lines, they made new credit inquiries before granting his request, which has cost him 40 points on his restored FICO score for “excessive credit inquiries.” Verizon won’t budge on demanding a deposit, and his insurance company will reconsider his rate only after it comes up for renewal.

Comcast’s identify theft reporting form runs six pages and requires a police report, a notarized signature, and copies of your valuable photo ID.

Identity theft has become pervasive enough at Comcast that the company dedicates a special section of its website to accept reports from customers victimized by unauthorized charges.

Comcast doesn’t offer much of a shoulder to cry on either, sternly telling victims they must complete and sign a notarized affidavit, attach a police report for the claim, and prove to Comcast’s satisfaction where they actually live.

Some customers already victimized by Comcast once aren’t too happy about another requirement – providing a copy of a valid government-issued photo ID like a driver’s license or passport. If Comcast employees were willing to peddle your Social Security number for quick cash, imagine what they can get for a copy of your driver’s license.

Don’t expect the collection calls to end immediately either. Comcast warns it considers all accounts valid and payable amounts due until proven otherwise.

San Francisco area customer Tammerlin Drummond was also a victim of a rogue Comcast employee who sold her Social Security number and address to an unknown third-party who opened an account and collected a bounty of cable equipment.

Comcast billed Drummond $442.13 for service at an address she had nothing to do with. Ironically, Comcast sent Drummond a separate letter claiming that the security of her account was “a top priority at Comcast” and included a PIN number.

Comcast doesn’t like to break a sweat investigating these scams and kept the fraudulent account open while putting Drummond on its customer fraud treadmill, insisting she do all the work completing the aforementioned affidavit. Another representative even suggested visit a Comcast store in Oakland because people associated with the fraudulent account were recently there to pick up more cable equipment.

“She gave me the ID of the rep who had handled the transaction and suggested I might go to the store to ask if he remembered anything,” Drummond wrote in a column published by the Contra Costa Times. “She said there was a lot of activity connected to my Social Security number and that it was an obvious case of fraud. It smelled like an inside job to me, and I told her so.”

Comcast admitted in all three cases different employees used their positions at the cable company to access customers’ Social Security numbers and other personal information and resell it to other criminals that offer “free” cable service or tell customers to pay them, not Comcast, for “discounted service.”

The two cases in Shreveport were never uncovered by Comcast. It took the initiative of the Shreveport Police Department to launch an investigation last March. Comcast first learned about it not from customers, but from the police department who contacted the cable company about the problem.

Victims were eventually sent letters from Comcast explaining what happened:

“Based on what we know at this time, a small group of individuals employed by a third-party vendor and a former Comcast employee were engaged in identity theft and theft of Comcast services. These individuals may have used your information, including your name and/or social security number, for these unauthorized purposes.”

The letter goes on to say the company is offering a complimentary identity protection plan for a year.

But identity protection may not help much if Comcast can’t secure its customers private, personal information.

Out in San Francisco, Comcast spokesman Bryan Byrd told Drummond a Comcast employee had opened the fraudulent account and that “he has been dealt with.”

Comcast has closed the account, erased the bill and removed the mess from her credit report. Because Drummond was a victim, anyone (including her) will now need to show ID and proof of residence before opening a Comcast account — provisions that would likely protect every Comcast customer from identity theft if broadly enforced.

“It makes you wonder how protected one’s personal data is,” Drummond complained. “How many others did this rogue employee target?”

Comcast says these are all isolated incidents and not a pattern to a wider problem. But apologies are not forthcoming to Mr. McClure or Spencer.

Alex Horwitz, a Comcast spokesperson in Tennessee released the following statement:

“We take this matter very seriously and, out of an abundance of caution, we have contacted a small number of people whose information may have been used to create unauthorized accounts and are providing them with credit monitoring services. We have no evidence that this was an online system breach or that any additional personal information was obtained or used for any other purpose. We are continuing to cooperate with law enforcement and are conducting our own internal investigation. The individuals involved in this are no longer working on our behalf, and we have reinforced our privacy and security policies with employees and third-party vendors.”

Comcast won’t comment on how many cases of identity theft it deals with annually.

[flv]http://www.phillipdampier.com/video/WKRN Nashville Man gets 1-3K in Comcast bills 10-15-14.mp4[/flv]

Several mid-Tennessee Comcast customers have been victims of identity theft, discovering unpaid Comcast bills run up in their names for service several states away. WKRN in Nashville shares the story of Ricky McClure, who faced $1,300 in Comcast charges sent to collections he didn’t owe. (2:41)

AT&T aids and abets cramming fraud by making it hard to find on customer bills.

More than five years after complaints began rolling into AT&T from wireless customers finding unauthorized charges on their monthly bills, the Federal Trade Commission and Federal Communications Commission today announced those customers deserve a refund, and AT&T has agreed to pay $80 million towards restitution for their complicity in bill cramming.

Keep an independent eye on the scale

Without independent verification by an unbiased third-party, providers’ usage meters can measure any amount of usage — correct or not — with no recourse for those facing overlimit fees or service suspension.

That is why companies like Comcast depend on the patina of credibility a third-party company can offer when certifying Internet traffic measurement tools as accurate, even if that company has a vested interest handing Comcast the results it wants to see.

NetForecast just completed its third paid study of Comcast’s Internet meter declaring it amazingly accurate with an error rate of just -0.75 to 0.36%.

NetForecast claims it performed independent traffic measurements using real user traffic in subscribers’ homes as well as its own in-house PC and server.

“Based on our measurement results, Comcast subscribers should be able to rely on Comcast’s meter accuracy,” NetForecast says.

Comcast subscribers should also be able to rely on the fact that any cable company that involved with its usage measurement meter has a clear agenda to use it as part of a nationwide return to usage caps or usage-based billing.

NetForecast is no substitute for utilizing a financially uninvolved third-party to oversee any measurement tool that could expose customers to additional charges.

The country has been through this before.

Offices of Weights and Measures represent one of the country’s oldest efforts at consumer protection and trace their origins to the Code of Hammurabi, the Magna Carta and the United States Constitution. Most states created their own bureau to verify all sorts of measurement tools from scales to gas pumps in the early 1900s after an epidemic of widespread fraud shortchanged citizens.

Measure with confidence.

By 1910, the California Legislature was engaged in a battle with the railroads over the accuracy of scales used to weigh railway cars. Railroad tariffs for hauling goods were based on the weight or measurement of the commodity carried. The railroad industry occasionally hired so-called “independent” third parties to certify the accuracy of railway scales to fend off government regulation and oversight after reports of widespread fraud reached the legislature. It didn’t solve the problem.

In 1920, 52.4% of railroad scales, including those “certified” accurate were found to be well out of tolerance. When the industry knew the state of California’s Office of State Superintendent of Weights and Measures would oversee testing a year later, every scale tested in 1921 was suddenly accurate within tolerance.

The problem of accurate measurement was not limited to the railroads. Californian cattle and livestock ranchers faced dishonest hay balers that ginned up the cost of hay by sneaking in heavy debris like rocks and using inaccurate scales to charge higher prices. The 1919 Hay Baling Act was passed to ensure accuracy in the sale of hay and to stop the fraud and abuse the hay balers denied ever existed.

In Maryland, the fraud came from scales used by grocers and gas pumps — both rigged by their respective owners to deliver bigger profits at the consumer’s expense.

In the 1971 Report of the 56th National Conference on Weights and Measures, E.E. Wolski, manager of quality control at the Colgate-Palmolive Company considered it unthinkable that anyone other than a truly independent, financially uninvolved third-party should monitor the accuracy of measurement tools.

This Maryland gas pump is being verified for accuracy by the Weights & Measures program run by the state government.

“I do not think anyone will be so naïve as to even suggest that an elimination or reduction of inspection or enforcement would result in anything other than a return to the situation which made the need for them so apparent,” said Wolski. “It is a well-known fact that where enforcement drops off, so does compliance.”

In one state where private companies were permitted to self-certify, inaccuracy turned out to be rampant.

“I was informed that the average gallon was about a half pint short and that an average pound had been a little less than an ounce short,” Wolski said. “The shortages had been statewide and were almost universal.”

The state-employed director that finally established independent oversight of weights and measurements in light of the widespread fraud Wolski talked about was firm in his conclusion that “everybody, literally everybody (and that includes you and me), needs to know that someone is there watching what he does.”

Any financial interest in the outcome of a weight or measurement involving money is a temptation to cheat consumers, one that has effectively only been tempered all the way back to the days of King Solomon by truly independent oversight, typically by a state or local authority. That authority is on display today in the form of a compliance sticker found on commercial scales, gas pumps, and other measurement tools, attesting to their accuracy.

While it is nice Comcast at least bothers to investigate the accuracy of its usage meter, consumers should not be asked to trust the findings of a third-party paid to produce results. Consumers should insist that a truly independent regulator of weights and measurements regularly test and verify usage meters wherever they could be used to suspend a customer’s account or result in extra fees.

The Pinellas County Sheriff’s Office released this mug shot of Leonard I. Solt, 49, of Land O’Lakes, one of three people accused of defrauding the federal Lifeline program out of more than $32 million.

A lack of robust state oversight of independent contractors and resellers may have cost the Universal Service Fund and nationwide Lifeline program up to $1 billion in waste, fraud, and abuse.

This month, three men were accused of stealing more than $32 million in Universal Service Fund (USF) money that supported lavish lifestyles including the purchase of multiple luxury automobiles. The federal government wants the money back.

Leonard I. Solt, 49, of Land O’Lakes, Fla.,Thomas Biddix, 44, of Melbourne, Fla. and Kevin Brian Cox, 38, of Arlington, Tenn., all face federal criminal charges for allegedly padding the number of customers signed up for Lifeline phone service through five companies all connected to the men: American Dial Tone, Bellerud Communications, BLC Management, LifeConnex Telecom and Triarch Marketing.

In some cases, Lifeline cell phone service was completely subsidized by USF funding, allowing customers to sign up for free cell phone service. Average Americans cover the costs of the program through a surcharge on monthly phone bills.

The indictment charges the defendants with one count of conspiracy to commit wire fraud and 15 substantive counts of wire fraud, false claims and money laundering.

In an 18-month period from 2009 to 2011, the phone companies obtained more than $46 million through the Lifeline program.

Regulators have been suspicious of the companies and the men who ran them since at least 2010 when the Florida Public Service Commission noticed a dramatic spike in Lifeline reimbursement requests from Associated Telecommunications Management Services, LLC., the parent company of the five entities. The Florida PSC accused AMTS of misrepresenting customer enrollment when claiming reimbursement. It was not until June 2011 that the Florida PSC approved a settlement of $4 million from AMTS and an agreement to stop doing business in the state.

The case illustrated several ostensibly-independent companies were created to market service across Alabama, Arkansas, Florida, Georgia, Indiana, Kansas, Kentucky, Louisiana, Michigan, Mississippi, Missouri, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, and Wisconsin. Many had ties back to AMTS management. Despite the Florida settlement, the firms continued to do business in multiple states. Many of the states involved have deregulated the telephone business and have cut staff at state agencies tasked with oversight issues.

By the time the federal government moved in to prosecute, the three men had used USF funds to buy a private jet, a 28-foot boat and six luxury cars, including an orange Lamborghini, a red-bronze Chevrolet Corvette, a black Cadillac Escalade, a Chevrolet Suburban limo, a black Mercedes Benz S63 and a blue Audi R8.

Last week, government agents seized the vehicles from Biddix’s Melbourne-based pawn shop, Outdoor Gun and Pawn.

The Wall Street Journal reported in 2013 that the FCC’s own data showed that more than 40% of the six million subscribers at five of the program’s top carriers were either ineligible or failed to show that they qualified for subsidized service. As more independent companies win authorization to start pitching Lifeline landline and mobile phone service to the poor, the cost of the program has skyrocketed to $2.2 billion last year, up from $819 million four years earlier.

The companies are reimbursed for providing service, providing an incentive to sign up as many as possible.

In Alaska, a GCI subsidiary, Alaska DigiTel hired a marketing company to help it sell Lifeline cell phone service. The company quickly began signing up patients in hospitals, using hospital addresses as their residence. It also encouraged applicants to list phony addresses. For four years, GCI profited from questionable  reimbursements filed with the FCC. GCI finally agreed to pay a $1.5 million settlement that includes no admission of liability.

Other providers simply used telephone directories to collect names and mailing addresses of “customers” and sent them unsolicited cell phones for which they requested reimbursement.

An Oklahoma provider that regulators suspect got exceptionally greedy allegedly signed up so many Oklahoma residents to Lifeline service, the state is likely to exhaust the supply of phone numbers remaining in the 405 area code sooner than expected.

True Wireless received nearly $46 million under the program in 2012, bringing questions from Oklahoma’s Corporation Commission as to whether enrolling that many residents was mathematically possible. A cursory review found some customers had signed up multiple times in violation of federal rules.

In Wisconsin, the state Public Service Commission eventually revoked Midwestern Telecommunications Inc.’s ability to receive Lifeline funding after its overworked staff discovered MTI was mailing phones to customer that never requested them, billing the USF Fund for reimbursement. Some turned out to be children.

The scheme eventually began to unravel when a former Public Service Commission staffer received an unsolicited Lifeline phone. The alleged fraud was so great, MTI went from receiving 1% of Lifeline reimbursements in Wisconsin during the second quarter of 2010 to 33% of disbursements in the same quarter the following year.

The fraud also extends to Lifeline recipients, some who have bilked the program for free phones. A review of the Lifeline customer database revealed many customers had multiple Lifeline accounts, including some sent more than 10 free phones that were later reportedly resold on street corners.

Nationally, the $1.8 billion Lifeline Program subsidized phone service last year for 14.5 million low-income customers.

Customers are usually eligible if they are already enrolled in income-based programs such as Medicaid, food assistance or public housing, or if household income falls below 150 percent of federal poverty guidelines.

[flv]http://www.phillipdampier.com/video/WSJ Lifeline Fraud 2-18-13.flv[/flv]

WSJ’s Spencer Ante has details of a $2.2 billion government program to give cell phones to poor people that resulted in phones winding up in the hands of people ineligible for the program. (1:13)

A prominent story airing last week on the NBC Nightly News with Brian Williams suggested visitors to the Sochi Olympic Games in Russia should expect their Android smartphone or laptop to be infiltrated by hackers moments after being switched on. A closer examination of the story suggests NBC News reporter Richard Engel had to go out of his way to get infected with malware.

[flv]http://www.phillipdampier.com/video/NBC News Hackers at the Olympics 2-4-14.flv[/flv]

Is it really too late to protect your electronic device if you power it on at the Sochi baggage claim facility at the airport, as NBC News’ Brian Williams claims? (3:35)

Trend Micro security expert Kyle Wilhoit, who helped design the experiment based on Engel’s usage habits, admitted security holes were left wide open on the tested devices:

On all of the devices, there was no security software of any type installed. These devices merely had standard operational programs such as Java, Flash, Adobe PDF Reader, Microsoft Office 2007, and a few additional productivity programs.

When considering this experiment, there were some basic things to be considered. First was mimicking the user behavior of Richard Engel. Since these were going to be machines with fake data, it was important to accurately imitate his normal activities. I had to investigate Richard’s user habits. In addition to other information, I needed to understand what he actually did on a daily basis, and sites he commonly visits. Also, I needed to understand where he posted. Did he post information on forums? Did he post on foreign language sites?

NBC’s story implied that three new devices, including an Apple MacBook Air, an Android phone, and a Lenovo laptop running Windows 7 were all hacked within minutes of being switched on for the first time, right out of their respective boxes.

A story about hacking at the Olympics in Sochi, Russia was recorded largely in Moscow, more than 1,000 miles away.

Careful observers will notice Wilhoit is wandering around Moscow, more than 1,000 miles away from Sochi. Wilhoit would later clarify in a tweet he never visited Sochi at all. A closer look at shots of computer screens show the reporter clicking on suspicious links and visiting obviously phony Olympics-oriented websites. With no virus or malware protection and Engel’s apparent willingness to click on anything suggests you should never loan him your laptop or phone.

NBC News went over the top getting their Android phone hacked. In fact, Engel not only had to manually find and download the infected app that let the hackers in, he had to navigate a set of menus to disable Android’s built-in security, turning on permission to download apps from unknown or third-party websites not affiliated with the Google Play store. Installing a security-compromised app also brings multiple additional warning messages advising users not to proceed. Under these circumstances, Aunt Sue can rest easy her Galaxy S4 is not accidentally open season for hackers while she watches the downhill skiing events.

Media sensationalism makes for good ratings but requires a lot of truth dodging to make the story real. This is an example.