For the first time since the Federal Trade Commission started counting 10 years ago, the number of Americans reporting identity theft dropped in 2009, the agency said Thursday.  The drop was significant – about 10 percent – but doesn't necessarily indicate the crime is disappearing.  The 278,078 reports taken last year still represent more than any year prior to 2008.

Meanwhile, reports of other kinds of fraud to the agency skyrocketed by 24 percent, with consumers telling the FTC they had lost $1.7 billion in those frauds.  The median lost per complaint was $399.

---

Tops among this "other fraud" category were debt collection firms.  Nearly 10 percent of all complaints taken by the FTC involved debt collection, totaling nearly 120,000.  Debt collection complaints jumped by 11 percent from last year.

Other credit-related complaints also jumped, including complaints about credit cards, which more than tripled from last year.  Complaints labeled "banks and lenders" were up by nearly 50 percent.

The results can be found in the FTCs annual report of top complaints to its Consumer Sentinel database, which was released Wednesday morning. John Krebs, director of the Sentinel database, said the jump in complaints about financial companies should come as no surprise.

"These do seem to be in line with what we've seen given the state of the economy," he said.

Krebs cautioned against viewing the drop in ID theft reports as a trend, because the complaints represent only self-reported information from consumers.  Still, multi-year drops in reports of a particular type of ID theft involving credit card fraud provide a reason for optimism, he said.

"Hopefully some of that represents increased awareness by consumers and increased vigilance by industry," he said.

Once again, most consumers reported their first contact with fraudsters generally arrived via the Internet – 48 percent said e-mail, while another 12 percent said a Web site. Only 10 percent of complainers said their incident began with a phone call, perhaps an indication of the success of the Do Not Call list, Krebs said.

Other notable observations from the FTC data: Nevada is the state with the highest per capita rate of reported "other" fraud, followed by Colorado and New Hampshire.  Florida is the state with the highest per capita rate of reported identity theft complaints, followed by Arizona and Texas.

Credit card fraud (17 percent) was the most common form of reported identity theft, followed by government documents/benefits fraud (16 percent), phone or utilities fraud (15 percent), and employment fraud (13 percent). Other significant categories of identity theft reported by victims were bank fraud (10 percent) and loan fraud (4 percent).

Krebs said it's hard to draw definitive conclusions from the raw data that the agency releases every year, other than to serve as warning to consumers that fraud is alive and well.

"Clearly whether the number goes up or down, ID theft and fraud are still major issues," he said. "The key message is it's still out there, and with each new situation that arises in the economy fraudsters try to take advantage of it."

Krebs urged consumers to maintain a healthy skepticism and to take advantage of educational materials available on the FTC's Web site, including a new video with tips on avoiding fraud and filing complaints.

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

THE FTC'S 2009 LIST OF TOP COMPLAINTS
Rank	Category	No. of Complaints	Percentages
1	Identity Theft	278,078	21%
2	Third Party and Creditor Debt Collection	119,549	9%
3	Internet Services	83,067	6%
4	Shop-at-Home and Catalog Sales	74,581	6%
5	Foreign Money Offers and Counterfeit Check Scams	61,736	5%
6	Internet Auction	57,821	4%
7	Credit Cards	45,203	3%
8	Prizes, Sweepstakes and Lotteries	41,763	3%
9	Advance-Fee Loans and Credit Protection/Repair	41,448	3%
10	Banks and Lenders	32,443	2%
11	Credit Bureaus, Information Furnishers and Report Users	31,629	2%
12	Television and Electronic Media	26,568	2%
13	Health Care	25,414	2%
14	Business Opportunities, Employment Agencies and Work-at-Home Plans	22,896	2%
15	Computer Equipment and Software	22,621	2%

You probably have a workout buddy. You might have a dieting buddy.  Maybe you are part of a moms' support group or a car pool. Perhaps you decided to run a half-marathon this year, but only after one of your friends promised to train with you.

So why don't you have a stop getting ripped off buddy?

---

We all know the power of social commitments and positive peer pressure.  It's oh so much easier to wake up at 6 a.m. and go running when you know a friend is waiting for you at the corner --- and you'll face her mocking wrath if you don't show.

We also know that everyone hates overpaying for credit cards, pay TV or cell phone service -- yet we're all busy and hate the hassle of fighting back. We're distracted, we dread all the time spent listening to hold music, we fear rejection.  We know we should, but we just don't get around to it.

Now's your chance to take a stand.

We're going to harness the power of public commitment to motivate one other to take on unfair fees and charges.  Today, we're starting a new msnbc.com feature -- the Red Tape Fight Pledge.  Click now to join a Facebook group devoted to helping you take on companies and monthly bills that just aren't right.  Pledge to spend one hour in the next 30 days fighting against a company that's trying to take you to the cleaners, then come back and tell everyone how you did.  Your stories will be part of upcoming msnbc.com Red Tape Chronicles reports.

But more important, you'll have made a public commitment to make that phone call or write that letter you've been putting off. To give up that one lunch hour to make sure your cable company isn't overcharging you. And you'll swap success stories and tips along the way.  Found a phone number that worked? Great. Have a Web site that helped you find the right customer service department?  Tell everyone. And if you hit a brick wall, share that too. You might find an answer from a compatriot here.

To kick start the effort, here's a few ideas:

*This month I will call my pay TV company and tell them I want the same discounted deal they give new customers. Why should I be punished for being loyal?

*I'll research a new credit card.  My bank has hiked my rate and lowered my limit, so it's time to shop around for new plastic. I tried 6 months ago, but I think it's time to try again. Things may have changed.

*I hate my bank, so I will research small community banks and credit unions.  I hear it takes a little effort to switch, but one solid lunch hour might be enough.

*I will carefully examine my 401(k) holdings. I've heard that some mutual funds have high expense ratios, and that those fees could eat up one-third of my retirement fund before I reach 65.  I will switch to low-cost index funds instead.

There are plenty of others.  So jump over to the Facebook group now and leave your pledge. And remember to come back within a month and tell us what happened.  We'll offer helpful reminders right in this space.

Now, fight for your money!

CLICK HERE TO JOIN THE 'RED TAPE FIGHT PLEDGE' on Facebook.

(In this case, comments won't be accepted on today's blog. Place your comments on the Facebook group, please.)

VANCOUVER -- "I NEED TICKETS" screamed the signs hanging from the necks of the scalpers, in the style of a homeless person asking for a handout or a hitchhiker looking for a ride to Manitoba.  They meandered in and out of the crowd in Vancouver's Robson Square, the center of Olympic fan activities in the host city.

You've seen this scene before, but its overtness – taking place right outside the official ticket pickup location -- was striking.  Scalping must be legal in Canada, eh?

I love ticket scalpers. As people they are often slimier than moss-covered rocks.  But as a student of markets and consumer behavior, they provide me with endless hours of amusement. Ticket scalping is one of the purest forms of a true marketplace you'll ever find -- buyers and sellers negotiating under extreme time pressure, both saddled with limited information and high risks, bidding on a commodity that is both perishable and scarce.  Fifteen minutes before game time, this market is extremely efficient.

---

Event holders hate scalpers, of course. They say they are trying to protect consumers from fraud. Counterfeits happen, as do lies about seat location, but given the complete anonymity of the transactions, I'm constantly amazed at the relative lack of fraud in scalping.  While related, scalping (a secondary ticket market) and fraud (counterfeit tickets) are really different problems.  In reality, I think promoters are just jealous. When scalpers sell tickets at well above face value, they embarrass promoters by revealing that the tickets were underpriced.

Naturally, the more amateurish the ticket buyers, and the more professional the sellers, the more money the scalpers make. And the more anonymous the transaction -- say, the more distance between hometowns of buyer and seller -- the easier it is to run a scam.

That brings us to the subject of Olympic ticket sales, which create ideal conditions for all manner of scams and overpricing.  The Olympics arrive only every four years and often play out in small venues, making tickets scarce and valuable. Buyers invest an outrageous amount of money and time just to get to the scene. If they come without tickets, the pressure to get some is immense.  So they usually come hat in hand to scalpers.  Moreover, would-be scammers who sell for local baseball or football games have at least a small chance of seeing their victims in the future. Olympian scams pose almost no risk to the criminal, who will probably be half a world away by the time the ruse is exposed.

Perhaps the largest Olympic ticket scam in history occurred two years ago. During the Beijing games, dozens of Olympic athlete families were scammed by a Web site, estimated to have stolen millions of dollars from would-be fans.

The Vancouver Olympic Committee set out to prevent a similar debacle, using the only trick that such agencies ever consider: making money off scalping. In Vancouver, neither scalping nor exchanging tickets is allowed. Resold tickets can be "deactivated" and made invalid for events, the Olympic committee warns. It says anyone who wants to sell tickets must use the "fan-to-fan" Internet marketplace set up by the Olympic committee. The good news: tickets are relatively easy to find. The bad news: the agency makes 10 percent off both the sale and the purchase of the tickets. Even worse: High demand tickets are being sold eBay auction style. This week, opening bids for tickets to the "preliminary round" Canada-U.S. hockey game were listed as high as $10,000 -- not including the $1,000 "marketplace" fee.

So how is state-sponsored scalping doing at tamping down illicit sales? I went to Vancouver without event tickets to have a look. Knowing about the ticket troubles in Beijing, I fully expected the organized Canadians to have beaten down the business. Far from it.

'Relaxed about things'
Placard-wearing sellers were easily found, yelling like carnival barkers at the crowd, just above the child skating rink and popular free rip-cord line set up for the Games revelers. Within earshot -- heck, close enough for a body check -- were uniformed sheriff's officers (provincial law enforcement) ignoring the activity. Tickets were going for double their face value, more in some cases. The scalpers showed no fear of law enforcement. It was easy to spot the ringleader, going from seller to seller, whispering something in their ears every few minutes.

Vancouver -- a city where people say "I'm sorry" for passing you on the sidewalk -- is trying its darnedest to be friendly for the World.  Volunteers in blue jackets that say "Ask me" are everywhere. So I asked. Is scalping legal?

"No. But you know, we are a bit more relaxed about those things here," said one, who for obvious reasons didn't want to be named. But he then warned me about the counterfeit ticket problem, before asking why Americans don't know where Manitoba is.

Ten minutes later, I spotted two men and a woman wearing electric yellow sheriff's jackets, standing about 20 feet from a man selling tickets. I turned my back to him, quietly showed them my press pass, and inquired: "What is the law in British Columbia?"  I discovered that I'd apparently stumbled on the Canadian equivalent of the Pentagon Papers.

"You'll have to ask the by-law people."

"You can't tell me what the law is?"

"You'll have to ask the by-law people."

"What if I don't ask you as a reporter, just as a person who might buy a ticket. Is it legal to do so?"

"You'll have to ask the by-law people."

Not among my best interviews.

I was about to ask the obvious question ("What's a by-law person?") when one of them spotted a polite way out of the conversation.

"Go ask him, that guy on the bike over there."

The guy on the bike was a Vancouver city cop.  He also didn't want to be quoted. But he was serious.

"It's illegal to sell anything without a permit in the city of Vancouver," he told me.  "You are subject to a $250 fine and seizure of the items you're selling."

The fine hardly seemed a big risk, given the potential financial rewards, but the officer assured me that he was not to be taken lightly.

"I have about 50 or 60 tickets right here," he said, pointing to his backpack.  "Some guys lost a lot of money today."

At this point, I scanned the horizon.  No scalpers were in sight.  Clearly, they were afraid of this cop.

He also warned about counterfeiters.

"The guys from France of Germany are long gone by the time you are at your event and can't get in," he said.

Despite this policeman's welcome clarity, my confusion over the legality of ticket scalping grew even more as the day wore on. While I was hearing about confiscated tickets, the Vancouver organizing committee was busy telling reporters that scalping was indeed legal.

"It's important for those of you who may not be from (British Columbia) to know that scalping is not illegal here," committee spokeswoman Renee Marie-Valade said at a news conference, according to a transcript provided by NBC. "So we are certainly aware that people may be selling tickets. We keep a close eye out for it."

She then went to great pains to steer prospective customers to her agency's Web site.

" The best advice to any consumer who is still looking to buy a ticket … particularly if you are thinking about buying from someone that's offering them on the street is to be very, very wary of that because that ticket may end up leaving you disappointed at the entrance to the venue," she said.

Almost scammed
Just how big a problem are counterfeits?

Joseph Rupolo of Long Island, N.Y., said he stopped his father on Tuesday, just moments before he was about to shell out $200 at Robson Square for fake tickets to a women's hockey game. Rupolo, an intern for the NBC Olympics team, had seen legitimate tickets at the office, with their trademark hologram logo. The tickets his father was about to buy were missing the logo.

"I checked the competition schedule later that day and found that Sweden wasn't even competing against Japan that evening," he said.

He then spent the afternoon pricing tickets on Craigslist and other online sources -- which are plentiful, if risky. A man named Cory offered to sell tickets to the men's hockey semifinal for $1,000.

"I have the hard copy tickets here in Vancouver and will exchange in person at my place or at a bank. I will provide full proof of purchase and validity upon exchange," he wrote in an e-mail.

Goal! Eventually
Robert Broughton of New Westminster, British Columbia, told me he actually managed to successfully buy scalped tickets earlier this week in the Vancouver suburb of Richmond, but not without a bit of agony. First, he tried to attend the women's 3,000 meter speed skating race, but prices ranged from $250 to $400 each. He headed back to the train, where a seller hard-pitched him a ticket for $300, even though the event had already started.

But over at Thunderbird Arena, where women's hockey is being played, he managed to buy a spare ticket from an "amateur" seller for face value at $50 -- after milling about for nearly an hour.

His advice: "Don't waste your time talking to professional scalpers, especially ones with thick English accents. Their sole objective is to cheat you."

Yes, many scalpers are pros. In fact, Broughton recognized some of the sellers from 1994, when he attended the Lillehammer, Norway games.

For obvious reasons, there is no good data on the amount of scalping at Olympic Games, and no way to know if Vancouver is doing better or worse than other games. With 1.6 million tickets for sale this time around, there's plenty of opportunity for mischief – and last-minute ticket purchases.  It's quite clear, however, that the Vancouver Olympic Committee's efforts to stamp out fraud and scalping by profiting off of it have not been an unqualified success.

Houston-based attorney Jim Moriarty, who was a ticket scam victim in Houston, now runs a Web site called Olympic Ticket Scam.  He blames continued ticket problems on the International Olympic Committee's convoluted process for purchasing tickets and the fact that it makes tickets so scarce that athlete family members have trouble getting into events.

"There is a Code of Points used in the judging system for gymnastics. Where is the Code of Ethics for ticket distribution?" he asked in a recent post on his Web site. "There are volumes of rules and regulations for each Olympic sport; for judging; and for procedures. ... The specifics for distributing tickets? Not so clear."

Broughton, the Canadian fan who bought tickets from scalpers, also complained that Olympic tickets are kept artificially scarce, with many going to corporate partners, leaving few for local fans and travelers. As evidence for his complaint, he pointed to empty seats at many events.

"After the game started, there were at least 500 empty seats at a supposedly sold-out event," he complained. "I'm still steamed about all the empty seats at the women's ice hockey game on Sunday. I would love to hear a reporter ask the' People In Charge' who holds these tickets, so that we all know that they were inconsiderate enough to leave them in a desk drawer."

Reporters did ask Marie-Valade about the empty seat problem.  She said the committee had a "ticket SWAT team" looking into the problem, and offered this explanation.

"It's a complex environment because we have tickets that are sold to the public. Typically, what we are seeing is those seats that are sold the public are being used. Some of the blocs that you are seeing may in fact be not used through a variety of different programs that we have," she said.  "We have an obligation to provide seats to athletes who may or may not be able to come watch the sports. There are a range of Olympic Family programs that provide seating. We are always looking at those and there's a whole team of people who go to each sport event and look at where the empty seats are and come back and analyze what we can do for the next one to make sure those seats are filled. "

Readers of Ron Paul would say that attempts to regulate ticket sales have predictably failed, and that a thriving black market has developed -- as always happens when any agency seeks to artificially control the distribution of goods and services. There is little argument that capitalism is alive and well in Vancouver.  Right next to the scalpers were tables of women selling the must-have fashion accessory of these games -- poofy red mittens that say "Canada" and include the familiar maple leaf.  They sold for $23 on Robson Square.  At the drugstore five blocks away, they cost $12.99.

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

If Google wanted to create a quick buzz around its new social networking service, it's certainly accomplished that. Last week, when the Web giant automatically signed up millions of Gmail users for its new Buzz social network, much of the Internet was sent into a privacy tizzy.

Google announced serious modifications to the service later in the week, but that wasn't enough for the Electronic Privacy Information Center (EPIC). On Tuesday, it filed a formal complaint with the Federal Trade Commission, asking the regulator to order more changes. EPIC also accused Google of violating federal consumer protection law and suggested the firm may have broken wiretap laws, too. 

---

While the details of the Buzz privacy dispute can seem esoteric, the main thrust of EPIC's complaint is simple: Google should never have pushed all 37 million U.S. Gmail users into a social networking service without asking, said EPIC Executive Director Marc Rotenberg.

"E-mail is one area on the Internet where we have a well-understood expectation of privacy," Rotenberg said.  "E-mail is for private messages. You sign up for social networking to communicate publicly with people, Google tried to turn e-mail into social networking, and that's where they ran into trouble."

The complaint lays out a series of alleged Google missteps that EPIC says constitute unfair or deceptive trade practices that violate the Federal Trade Commission Act. For starters, it says, all users who checked their Gmail account last week were suddenly signed up for Buzz.  While Google offered users a chance to "check out" the service, it didn't give them the option to avoid it.

"Regardless of whether a user clicked the button labeled 'Sweet! Check out Buzz' or "Nah, go to my inbox,' Google Buzz was activated," the complaint says.

Gmail account holders who then began using Buzz found their first public posting was essentially a list of their most frequent e-mail contacts.  Buzz decided for itself who users e-mailed most often, then put those users on a list as "followers" and made that list public. Quickly, nightmare hypothetical scenarios were published -- workers who had recently e-mailed about job interviews had their job hunt exposed, for example.   Cheating lovers or spouses were outed.

"Gmail contact lists routinely include deeply personal information, including the names and email addresses of estranged spouses, current lovers, attorneys and doctors," the EPIC complaint said. "Users were not explicitly warned that their lists would be automatically visible to the public. ... Anyone looking at a newly activated Buzz user's following list would know that the list indicated which people that user communicated with most often."

In addition to causing potential embarrassment -- or worse – Google may have broken the law by disclosing e-mail contacts, EPIC said.

"Improper disclosure of even a limited amount of subscriber information by an e-mail service provider can be a violation of both state and federal law," it said. "An attempt by an e-mail service provider to attempt to convert the personal information of all of its customers into a separate service raises far-reaching concerns."

In a statement to msnbc.com, Google rejected the claim that it had broken the law.

"The suggestion that Google Buzz may violate federal wiretapping laws is not correct, and so far EPIC has not elaborated on the claim. Google Buzz follows the law, as do all of our services," the statement read.

Google has already gone through two rounds of revisions with its service, and Buzz now tells new users that frequent e-mail partners will be "followers" unless the user prevents that.  New users now see a list of potential followers -- checked by default -- when they sign up for the service.

But on Tuesday, Rotenberg said that Google still hadn't gone far enough to address privacy concerns.  Buzz still ropes in Gmail users and their e-mail contacts by default, which can lead to unintended disclosure of personal information, he says.

Rotenberg said Buzz users should have to actively opt in before Buzz is activated, rather than opt out.

"It's always about the defaults," he said.

EPIC has called on the FTC to force Google to:

• make Buzz a fully opt-in service.
• cease using Gmail users' private address book contacts to compile social networking lists.
• give Buzz users more control over their information.

For a company that has already dealt with plenty of privacy related issues, Google's misreading of public reaction to Buzz is a surprise, said Larry Ponemon, a privacy researcher who runs The Ponemon Institute.

"It is astonishing to me that a decision was made to release a product that the average person would see as a potential privacy snafu," he said. "Things like this seem to happen because people making decisions just aren't thinking about privacy. … Sometimes companies don't when they are about to release something they think is really cool."

Ponemon did say that he was impressed with Google's quick response to the controversy, taking only a few days to make changes to the service.

"They did take it seriously, you could tell they had all hands on deck," he said.

Rotenberg said Google was more worried about stiff competition in the social media world than privacy.

"Google tried to take advantage of its market position" by dragging all Gmail users into Buzz overnight, he said, thereby giving the service a running start in the uphill battle to catch Facebook and Twitter in the social networking space.

That's why he wants the FTC to be more proactively involved in privacy policy.

"The FTC has had a hands-off policy, leading to some bad business practices," he said.

Google said in a separate e-mail statement to msnbc.com that it was working hard to make adjustments to its service based on user feedback, and will keep "user transparency and control top of mind.

"We also welcome dialogue with EPIC and appreciate hearing directly from them about their concerns," the statement continued. "Our door is always open to organizations with suggestions about our products and services."

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

 

 

At a recent gathering of amateur consumer advocates in New York City, discussion turned to this thorny topic: How do you focus the rage people feel about rip-offs on fixing the problem?  Consumers are quick to anger when a company unjustly charges a $35 late fee, but they seem far more reluctant to get involved as Congress debates legislation that would make the $35 fee illegal. Why? One obvious reason: Congress is slow and the legislative process is confusing.  

So here's a quick scorecard on the debate over creation of the proposed Consumer Financial Protection Agency, which would be the first new federal consumer protection agency since the 1970s.  While the congressional made-for-TV kabuki dance that will decide its fate won't take place for another several weeks, the real end game is happening right now, as Washington, D.C., appears to be slumbering under three feet of snow. So this is a good time to pay attention.

---

In case you missed the last episode, here's a quick background: Harvard bankruptcy professor Elizabeth Warren proposed a new agency several years ago that would regulate consumer contracts on financial matters like credit cards and mortgages. Warren, now a bit of a cult hero in consumer advocate circles, is currently chair of the oversight panel Congress set up to monitor the TARP bailout. Banks don't like her much, but she's the odds-on favorite to head the new consumer agency should it be signed into law.

During his campaign, President Barack Obama supported the idea of a new consumer protection agency, and he has called for its creation several times in the past year. In December, Rep. Barney Frank, D-Mass., ushered legislation through the House of Representatives -- barely -- that would create the agency. The Wall Street Reform and Consumer Protection Act passed by a 223-202 vote.

Note that this bill does much more than create a new consumer agency; it includes a full set of financial regulatory reform proposals. But creation of the consumer agency appears to be the most divisive issue.  Supporters say that only an independent agency could act as a worthy adversary to the banking industry. Opponents argue that it's folly to create a single-purpose bank regulator that has no interest in the safety and soundness of the institutions or the overall health of the industry.

Given the tight House vote, debate in the Senate was expected to be difficult,  and so far it has not disappointed.

Retiring Sen. Chris Dodd, D-Conn., is head of the Senate Banking Committee, which now controls the fate of the legislation. Last year, he'd indicated unflinching support for it. But in January, he flinched. Numerous reports indicated his willingness to negotiate away creation of the agency in exchange for other regulatory concessions from Republicans – specifically the senior Republican on the Banking Committee, Sen. Richard Shelby of Alabama.

The news sent consumer groups into a tizzy, with some predicting this meant the death of the Consumer Financial Protection Agency.

But turned out the obituaries were premature.  Last week, Dodd's office announced that he had reached an impasse with Shelby, and that he was abandoning efforts at a compromise. Instead, he said, he would propose legislation that resembled the House bill.

Warren, meanwhile, fresh from preaching to the choir during an appearance on Jon Stewart's "The Daily Show," penned an impassioned op-ed in the Wall Street Journal reiterating the need for the agency.

"The same Wall Street CEOs who brought the economy to its knees have spent more than a year and hundreds of millions of dollars furiously lobbying Washington to kill the president's proposal," she wrote.

On Wednesday, Senate reform talks got a jump start, when Dodd opened negotiations with a different Republican on the Banking Committee, Sen. Bob Corker of Tennessee.  Both made public statements about the renewed talks on Thursday.

"Senator Corker has proved to be a serious thinker and a valuable asset to this committee," Dodd said in his statement. "For that reason, I called him Tuesday night and asked him to negotiate the financial reform bill with me. We met in my office on Wednesday and given the importance of these issues he agreed. I am more optimistic than I have been in several weeks that we can develop a consensus bill to bring about the reforms the financial sector so desperately needs to prevent another economic crisis."

But does that mean creation of the agency is likely now?  Not at all.  Corker said Friday he is merely picking up where Shelby left off

"Like most Republicans I believe a stand-alone agency for consumer protection or separating those protections from safety and soundness are nonstarters," he said, according to Reuters.   

What are they taking so long talking about?

There appear to be two issues which have bogged down -- and might ultimately kill - the agency.  The first  is independence. The second, a bit more subtle, is an effort to protect the independence of state-level consumer protections.

By now, creation of a completely independent CFPA -- something Republicans have compared to the Environmental Protection Agency -- seems off the table. Most reports indicate that the agency will survive only if it is part of another regulator. It might be housed in the Treasury Department or be a part of the Federal Reserve, but could retain some independent rule-making authority.  And that's the sticking point.

In October, while there was a flurry of stories concerning the potential watering down of the new agency, Warren spoke to msnbc.com and appeared to draw a line in the sand. At the time, some areas of regulation, such as car loans, were removed from its purview by the House of Representatives. 

"I draw the line at independence," she said. "If the new agency isn't independent, it isn't worth doing."

But this week, a source familiar with the negotiations said consumer groups have warmed to the idea of the agency being housed in the Treasury Department, as long as it has full independence within the department, comparable to the Office of the Comptroller of the Currency, which is also technically part of Treasury.

Balber, from Consumer Watchdog, said the key distinction involves independent rule-making authority,

"It would depend on how something like that is structured," she said.  "The key is that no one would have veto power or some other form of power to weaken the agency's decisions. So a stand-alone agency that's part of Treasury could work," she said. "I don't think it would work if it were housed within a prudential banking regulator (such the Federal Reserve). They are looking first and foremost at bank profits."

Meanwhile, state officials are worried about an issue that rears its head every time Congress considers consumer protection legislation – pre-emption.  Nationwide firms and industry groups often argue that federal law should trump, or pre-empt, state law, so that they don't have to abide by 51 different sets of rules. For example, a new federal law to require 45-day notice when raising a consumers' interest rate would override an existing state provision that requires a longer warning period. Obviously, state lawmakers and attorneys general have bitter distaste for pre-emption, which reduces their power and ability to regulate.

Because of hang-ups over the independence of the agency, negotiators haven't even begun to deal with the thorny issue of pre-emption yet, according to another source familiar with the talks. That means there are still significant obstacles in its way.

Meanwhile, opponents continue to voice their objections to creation of the agency. The U.S. Chamber of Commerce is leading the public fight, airing commercials that say the agency would hurt small businesses and making its case at the Web site Stopthecfpa.com.

Noted Republican pollster Frank Luntz has even gotten into the act, recently publishing a talking points memo called "The Language of Financial Reform." In it, he advises opponents of the Consumer Financial Protection Agency to paint it with the broad brush of "big government."

"Creating another costly government bureaucracy on top of existing bureaucracy isn't a solution - it helped cause the problem," he advises, according to the memo obtained by The Huffington Post. He also instructs opponents to appeal to their voters by saying the legislation is full of "lobbyist loopholes" for industries like car dealers and pawn brokers.

There are two other x-factors that might become part of the discussion.  If a large U.S. bank supported creation of the agency, that would make it more palatable to Republicans.  Earlier this month, Bloomberg reported that Bank of America CEO Brian Moynihan has told White House officials that the bank was not "lobbying against the agency." The bank stopped short of supporting it, however.

Meanwhile, it's unclear how much the force of Elizabeth Warren's personality and popularity might be adding to the financial industry's aversion to the agency.  Banks are used to dealing with faceless, nameless bureaucrats.  A popular consumer advocate with a ready-made bully pulpit might be part of the reason they are digging in their heels. 

So the future of the agency, and the legislation, seems entirely up in the air, a moving target -- another reason that U.S. consumers might find it difficult to engage in the debate.  Most observers feel that Dodd has the votes he needs to pass even the most liberal version of the bill through the Banking Committee, and that he intends to bring some financial reform bill to a vote on the Senate floor, probably in March. There, it is likely to find the same fate as health reform -- it won't have 60 supporters and will die a parliamentary death unless at least some Republicans support it.  A source familiar with the discussions said Rep. Barney Frank wants to force a Senate vote, which would require Republicans opponents to cast a potentially unpopular vote against consumer reforms.  Balber is among many consumer advocates who would like to see issue come to a head.

"We are still concerned that something less than consumer agency will come out of this," she said. "Right now, things are constantly shifting. We are calling on Dodd to make his position clear. … Meaningful financial reform must make the marketplace safer for everyday Americans."

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

 

If you study hidden fees and price distortions for a living, Valentine's Day is your Super Bowl. Can you name another industry where the true price of an item is routinely more than double the advertised price? Yet that's precisely what you'll encounter this week, when you realize that Valentine's Day is Sunday and you'd better get your order in fast.

In fact, really fast.  Before we get to the nitty-gritty of the free market mess that is Valentine's flower shopping, let me tell you procrastinating lovers out there this important news: Because Valentine's falls at the end of weekend this year, price distortions are even worse than usual. To get a good deal, you're going to have to accept shipment on this Thursday , Feb. 11, a full three days early.  Most sites are applying weekend shipping rates to Friday, Saturday and Sunday.  So as we click through the thorny world of flower shopping online, know that you should really place your order immediately to avoid paying a serious procrastinator's premium.

---

On this romantic holiday, the stars align for confusion marketing and consumer gaffes. Unlike airline tickets or lingerie, which can be purchased at an early-bird discount, flowers are perishable, so there's really no way to avoid the last-minute price spikes.  Also, men aren't great comparison shoppers, and they feel quite a bit of pressure -- some real, some imagined -- to perform on this day. Finally, as the calendar clicks down, and the price of store-bought roses climbs, a swarm of radio and television advertising promising romantic rescue completes the perfect storm of consumer risk.

Are the advertisements legally deceptive? That's for the Federal Trade Commission to decide.  Do they smell bad?  I'll gladly offer my opinion here on the top florist sites, stated in the form of familiar scents.

FTD.com
Scent: Fetid Water. Remember, roses in a vase need fresh water every few days!

To the untrained eye, FTD.com might seem to have the best deal. There it is, right on the home page:  "Starting at $19.99," next to a beautiful picture of two dozen roses.

Finding something for $20 on the site is quite a quest, however.  On Monday morning, Clicking on "shop now" brought you to a page of roses and other Valentine's gifts sorted in apparently random order -- some costing $80 or more.  Clicking on sort by "lowest price" didn't bring up the $19.99 roses, but it did bring up the chance to buy a $20 teddy bear, then some more expensive boxes of chocolates.  Four rows down, the low-to-high price order reset, and the "Simply Cheerful" bouquet of roses appeared for $19.99.  The site apparently fixed its sorting order later that day, and by Monday afternoon the least expensive bouquet did appear atop the sort-by-price page.

Still, finding the $19.99 bouquet was just the beginning of the quest. Clicking on it immediately brought up a box offering "good," "better," and "best" choices. Good, including a “free” vase, cost $29.99.  The other choices were even more expensive.  There was no option to click on the original $19.99 flowers, which I can only assume would be considered "bad." But a little perseverance made the pop-up box go away, and a careful click brought up the option of actually purchasing the $19.99 flowers.  Sort of.

Next, I filled in the delivery zip code and pick a delivery date. So far, the flowers still seemed to cost $20.

On the subsequent page, when the purchase was added to the virtual shopping cart, came the first mention of fees and taxes -- not the cost, mind you, simply the fact that there are fees and taxes.

Next came the delivery address form, and the chance to personalize a card sent with the flowers.  Still, the price is was $19.99

Only after clicking "continue" did the punch line arrive.  On the same page that the a billing address and credit card were required, the true price was unmasked. In my case, I was told that my $19.99 flowers would cost $38.49 – or $42.77 if I wanted them delivered on Saturday.  In both cases, a $15.99 service charge and $2.51 in taxes were added to my purchase. For those keeping score at home, that's basically the same pricing structure I found at FTD.com in last year's column on the same topic.

A spokesman for FTD.com -- part of United Online, which owns other brands like Classmates.com and NetZero -- said the firm couldn't submit to interviews, citing an upcoming investor earnings call report. It did issue a statement, however.

"We sell a dozen roses starting at $19.99 as indicated on the Web site. The service fee like other similar charges such as taxes, shipping, etc. must be listed separately from the price of the product.," it read. "After we have received the necessary information to determine all charges for an order, some of which vary, we list those charges collectively in one location, which for us, is the checkout page. This practice is clear and consistent with other sites in our industry as well as with many other industries on the Internet."

Proflowers.com
Scent: Gingko trees (pretty before they begin to smell like dog poo)

You can't listen to or watch sports this week without hearing from Proflowers.com.  If you'd like to order from the site, listen carefully. The coupon codes you'll hear do work, and by using them you can turn a rotten deal into an average one.  Still, shop this site with your eyes wide open and your nose held shut --  it's the worst at revealing the true price, which isn't shown until after the customer enters their credit card number.

When going directly to the site's home page, the most economical rose bouquet shown there cost $39.99. The price included 18 roses and a "free" vase. It didn't include "care and handling," however, which cost $2.99. Delivery added $9.99 and shipping the free vase cost an extra $1.63.  Add $5.19 tax, and by the time you clicked your way out the door, the $39.99 arrangement cost $59.70.

To make for an easier comparison to FTD.com, I'll describe a click trail through a $19.99 offer of one dozen roses, using one of those ubiquitous coupon codes.

Entering the code on the home page led to a page full of featured offers, including the 12-rose deal. Clicking on that enabled me to select a free simple vase, or two other vases that cost $7 and $10. Then, I picked a delivery date from a handy calendar which made it clear that some dates cost more for shipping.  Letting Proflowers decide between Thursday and Friday shipping cost only the "standard shipping rate."  Specifying Friday delivery cost an extra $5.  Saturday delivery cost an additional $10, and actual Valentine's delivery cost $15 more.

More than what?  To find out standard shipping rate at this point, users must click the word "details" and dig through an imposing page of information. "Standard Express Delivery" (is it standard or express?) costs from $5 to $15.  Looking deeper, I found the care and handling charge, along with the vase shipping charge, buried within morning delivery fees, priority rush delivery fees, international delivery fees and white meat only fees.  (I made that last one up just making sure you were still with me.)

Naturally, the vast majority of shoppers would bypass that pop-up and proceed to checkout at this point. To keep costs down, I gave Proflowers the delivery option.

Then, I entered the delivery information and filled out the card.

Next came the billing information, including credit card number and expiration date.  Billing for what?  I still didn't know.

Against my better judgment, I clicked to see what the price might be, believing the promise that I'd  have a chance to review the order before it was final.  That turned out to be true.  But again, serious sleuthing was required to find the grand total.  The review order page popped up with a large button at the top giving users a chance to "confirm order."  To echo a line from Woody Guthrie's Alice's Restaurant: At the bottom of the page, away from everything else on the page, designed to require scrolling to see, read the following: Total: $35.28.

The good news: that was a bit cheaper than FTD.com. The bad news: the price was even more obscure.

Proflowers, which is operated by Liberty Media, did not respond to an interview request on Monday.

1800Flowers.com
Scent: One yellow rose

For a refreshing change, flower buyers should consider 1800Flowers.com. The site is running a special right now that promises shoppers no shipping or service fees.  Saturday delivery costs $7.99 extra, but that's clearly described in a large note atop the first page. Clicking through a purchase revealed that $29.99 purchases really did cost $29.99. The company deserves major props for separating itself from competitors on the hidden price issue.

"We want costs to be very visible, to be transparent to the consumer with what their total costs will be," said Joe Pititto, vice president of corporate communication. "This is a very confusing marketplace."

Pititto said the up-front pricing was "good for our brand," even if some consumers might be tricked by competitors' lowball advertisements.

So why does 1800Flowers.com rank only one rose?  On its home page is a picture of beautiful red roses, and the words, "starting at $29.99 ... roses, flowers, gift bundles, plants, chocolates."

Sadly, there are no roses for sale at $29.99. The least expensive roses listed on Monday cost $34.99.  Pititto said the $29.99 price applies to the entire list of gift options, and one floral arrangement is available at that price, so he didn't feel the page was misleading. And after msnbc.com's interview with the firm, a rose arrangement costing $29.99 appeared.

I'll let readers be the judge. At least the true cost of the rose arrangement was revealed in two clicks.

Lingering concerns over past practices also limit 1800Flowers' rating. Recently, former shoppers at 1800Flowers received notice of a class-action settlement around confusion over shipping fees. Those who bought from the site between March 2006 and February 2008 are entitled to $10 gift vouchers according to the terms of a recent settlement, still awaiting final court approval.  The firm denies any wrongdoing, but readers can read more about the settlement and reach their own conclusions.

(Details here: http://www.molnarsettlement.com/)

So a scorecard of our findings so far (before the cheapest arrangement at 1800Flowers was changed) reveals the bad news for consumers.

Least expensive roses:

*FTD.com: $38.49
*Proflowers.com:$35.28
*1800Flowers.com $34.99

Despite all that clicking around, and all that futzing over fees, the prices were virtually the same. Of course, each site offered dozens of floral choices, and your after-charges could vary widely from mine once your order is personalized.

So there is simply no way around this fact: Shopping around for Valentine's Day flowers requires a lot of clicking and a commitment to a lot of typing before you can truly make sure you get the right price.  Women (and men) lucky enough to receive flowers this week should appreciate the effort.

Fortunately, there are additional choices Teleflora.com (scent: a carnation. Pretty, but odorless) isn't cheaper, but it is delightfully simple. The site charges a $14.99 service fee that's clearly labeled.  The least expensive arrangement costs $29.  It takes two more clicks to find the total price is $44.98. Not bad, but not great. One very nice feature of Teleflora, however, is the ability to choose which local florist fulfills the order.

More adventurous shoppers could consider ordering from a small but growing list of direct-from-Latin America growers, who will ship stems right from their farms to U.S. addresses, such as Fiorentina Flowers in Ecuador. Minimum orders can be steep, however, at 100 stems or more.

And of course, the nicest (and often cheapest) thing to do is buy from a local florist. If you are sending flowers long distance, look up a nearby florist online, then call and ask what $35 will get you.

Or, if possible, head to the store on Wednesday or Thursday to beat the rush, place the stems in water, and deliver them yourself. Big box stores like Costco and Wal-Mart often have good deals, and so do local grocers. You'll know exactly what you're getting for the price, you'll probably save some money, and you'll be the one smelling like a dozen roses. Given the state of the economy, knowing how to get a good deal is pretty romantic.

Editor's note: An earlier version of this story incorrectly attributed a statement issued by FTD.com to ProFlowers.com. Msnbc.com regrets the error.

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

Lately, Internet users have been poking fun at each other at record rates, using sites with names like EPIC FAIL to chronicle technological foibles and missteps. Perhaps they are laughing to stop from crying.

Technology letdowns such as dying cell phone batteries or lost computer files can to lead to everything from pesky annoyances to computer rage, clinical depression, or worse. A growing body of research suggests that the invasion of the digital age is literally rewiring our brains, eroding skills once considered essential for a happy adult life. Gadgets were supposed to make our lives easier and save us time. Instead, we are more stressed and have less time than ever. What is the cause of this epic failure?

---

Millions of Americans were carried into the modern era by Walt Disney's "Carousel of Progress" ride, invented for the 1964 World's Fair.  The ride offered a quick look at five eras in American history -- beginning with a housewife complaining about spending five hours doing laundry. In the last scene, "The glories of today" are revealed, with clean modern living and "a kitchen that all but runs itself." The happy result: seemingly boundless leisure time.  Visitors left the ride humming "Great Big, Beautiful Tomorrow."

We're still waiting.

"Technology promised us extra time. Well, that didn't come true. We are shorter of time now, busier, then we've ever been as a society," said psychologist Michelle Weil, author of the book "Technostress."

Technology has filled our world with modern miracles -- instant global communication, frictionless commerce, information available to all for free and, most important, millions of lives saved and improved by medical science. But all this progress has not come without a price. It would be ignorant to argue that technology hasn't made the world better. But often we are blind to the fact that technology creates almost as many problems as it solves.

"We weren't prepared for that," Weil said. "We were prepared for a smooth ride literally. We were not prepared for more issues in our lives. We have enough issues."

Working in an office with a poor cell-phone signal. A laptop battery that won't hold a charge any longer.  A car charger that short-circuits when the oversized coffee cup falls out of the cup-holder and spills.  These daily headaches -- let's call them technoflubs -- have become a way of life. Stack them together in one bad day and you have something Weil called technology's version of a "bad hair day." String a few of those bad days together and you get something much worse.

"When gadgets let us down, we feel frustrated, stumped, upset, scared, we feel stupid, like we did something to mess it up, and we feel helpless," she said. "Those are all the same feelings you have when you are depressed. The issue is literally a dependency issue, and it works like any other kind of dependency on alcohol, drugs, gambling, sex. We have come to expect technology to do certain things for us, and when it fails -- which it does often -- and we have no clear answer, we become depressed."

And sometimes, says Professor Kent Norman of the University of Maryland, we rage.  Five years ago, Norman introduced the world to the term "computer rage," following the viral success of a series of YouTube videos showing frustrated users smashing their suddenly impotent PCs into bits.

Failure by the numbers
There isn't great data available on the number of technoflubs that U.S. consumers encounter every day, but the Pew Internet and American Life Project took a stab at an estimate two years ago. Here are the sobering results.

• Nearly half (48 percent) of adults who use the Internet or have a cell phone say they usually need someone else to set up a new device up for them or show them how to use it.
• 44 percent with home Internet access say their connection failed to work properly for them at some time in the previous 12 months.
• 39 percent of those with desktop or laptop computers have had their machines not work properly at some time in the previous 12 months.
• 29 percent of cell phone users say their device failed to work properly at some time in the previous year.
• 26 percent of those with Blackberries or other personal digital assistants say they have encountered a problem with their device at some time in the previous 12 months.

Can't be fixed
What can consumers do when their gadget breaks?  Generally nothing.  Unlike old-fashioned mechanical devices, few electronic devices have user serviceable parts, making consumers even more helpless and vulnerable to failures.

"Think about a car. Your grandparents could fix basic problems that a Model T had. In fact, a prerequisite of owning a car was that you could fix it," said Lee Rainie, a Pew project spokesman. "Now, you just have to take a (broken gadget) into the store and ask for help."

And break, they will. You may love your simple phone, and that basic PC might be good enough for your mom to type letters and e-mail, but the idea of owning an appliance until it dies a natural life is antiquated.  Given the perpetual upgrade cycles, software patches, network requirements and so on, gadgets are not built to last.

"If you have a phone you like and it breaks, you can't get that phone again; it's gone," Weil said. "You only have the choices they give you."

Even on days when our computers and gadgets don't fail us, the pressure is always there, Weil warns. Cell phone users spend many evenings glancing nervously at their battery strength, hoping the gadget will work long enough to accept that critical phone call on the commute home.

 "We think about looking at our batteries more than we think about eating," Weil said. "You constantly have to bring the charger so you can plug it in in the car. You have to make sure you plug it in at night or you are going to have difficulty. It's another thing you have to think about all the time."

There are varying degrees of failure, of course. When a car breaks down in your driveway, it's far less serious than a breakdown in the middle of the Arizona desert.  But if technostress seems to be growing, Rainie said, it's because we are taking far more trips through the digital desert these days.

"The problems that people have grow in urgency the more they rely on their technology," he said. "Our expectations for technology are growing. The frustration is in direct proportion to dependence on the instrument. Once you become used to perpetual contact with everybody, all of the sudden the loss of contact becomes a much more meaningful thing."

Constant conversation
Richard Ling, a technology professor at the University of Copenhagen, has been studying the concept of constant contact for a decade.  No longer do people call each other at home or at work, hoping to find them. Smart phone mean that calls, texts, and e-mails always find their targets. That means friends and family are never really separated.

"This is a constant conversation we are in, an ongoing dialog," Ling said. "I know what's going on with people I care about at a different level now. I know what's in the refrigerator at my friend's house."

Some consequences of this are obvious -- the drunken text or the raging e-mail that we regret moments after sending.  In the past, time and distance might have served the function of "taking a deep breath." No more. Instant communication means having to say you're sorry.

Other downsides might not be so apparent.  Being in constant connection with friends, family or employers can be both stressful and demanding.

But in a more subtle way, constant contact seems to be cheating people of the ability to plan, and to commit to plans, Rainie said. Witness a typical negotiation among teens or 20-somethings about Friday night fun.  The discussion begins with frantic texting during seventh period, or at 3:30 p.m.  Rendezvous places are picked and discarded, and meeting times considered mere approximations. Texting continues as the night begins. "Running late," "I'll meet you inside," and then, "It's lame here, let's go the other bar instead."   The mental satisfaction of having a plan come together never arrives.

'Continuous partial attention'
Some experts think these subtle changes are causing great harm to our neurological well-being.  Gary Small and Gigi Vorgan made a series of dramatic claims about the way digital devices are rewiring young brains in their 2008 book "iBrain, Surviving the Technological Alteration of the Modern Mind."  Most of their assertions aren't pretty. Given that adults commonly consume two, three or even more gadgets at once now -- all while carrying on conversations with people – they are beginning to lose their ability to focus and concentrate, they say. They describe a phenomenon called "continuous partial attention," a state of divided attention which leaves people unable to perform tasks that require concentration. Worse, it leaves its victims less and less able to connect with and empathize with each other, they said.

"When our minds partially attend, and do so continuously, we scan for an opportunity for any type of contact at every given moment," they wrote. "(People) no longer have time to reflect, contemplate, or make thoughtful decisions. Instead, they exist in a sense of constant crisis -- on alert for a new contact or bit of exciting news or information at any moment."  Under that kind of stress, the brain secretes cortisol and adrenaline, creating a temporary high followed by depression, leading to something the authors call "techno-brain burnout."

In children, the effects can be worse, they said.  When face-to-face contact is replaced by excessive digital media, a child's neural circuits can atrophy and the brain may not develop normal interactive social skills. Small and Vorgan believe this is a big problem, and that a class of young heavy media users they call Digital Natives are suffering from extreme antisocial tendencies.

"Several studies in both children and adults ... tie frequent technology use to conditions such as ADD, ADHD, autism, depression, anxiety and even sociopathic behavior," they said.

The Dumbest Generation
Emory University English Professor Mark Bauerlein sees other risks in this phenomenon, and laments them in his book, "The Dumbest Generation: How the Digital Age Stupefies Young Americans and Jeopardizes Our Future. " He's worried that technology that was supposed to make our kids learn faster and smarter is actually robbing them of the ability to think.

"The Internet doesn't impart adult information; it crowds it out," he wrote. Students -- even top college students -- read rarely now, and the slang used for online chatting is eroding writing skills.

Bauerlein's work was featured in a new PBS documentary "Digital Nation," which premiered this week. The show took on the issue of divided attention, quoting professors who struggle to keep the interest and attention of students they know are playing with Facebook during class.  While the professors complained, students asserted that they were perfectly capable of effectively multitasking.

Hardly, Bauerlein argues. Students may manage to pass tests in school, but thanks to distractions the students retain little knowledge required for culture, citizenship or good consumerism.  The reason Jay Leno's "Jaywalking" segment -- when random adults seem unable to answer basic questions such as how many stars are on the U.S. flag -- is so funny is because it's true.

Sticking up for tech
There are many valid defenses for technology.  It's just a tool, of course -- the Internet doesn't kill brains, people kill brains.  Obviously, a tool that allows people to find virtually any fact ever known within a few seconds can help make people a lot smarter.

Even Weil, the "Technostress" author, is quick to say that technology is not the problem: "The problem is the way people use technology, and the expectations they have for it," she said.

People have come to depend too much on gadgets, and fail to plan for the logical possibility that they will occasionally break down.  Having simple backup plans in place – in case my phone dies, I'll meet you at 8 – can relieve much of the dependency-related stress.

Meanwhile, too much alcohol, too much chocolate cake, too much exercise  -- all these things can be bad for people, just like too much digital exposure. Most technology reporters who cover the dark side of the Web -- porn, gambling, privacy, electronic crime -- eventually come around to the notion that technology changes nothing.  All those bad habits existed before the Web and continue to exist in spite of the Web.  It's fair to ask, then, where the fault lies for "The Dumbest Generation" -- with overexposure to digital media, or with adults who don't force the kids to turn off the laptops and listen once in a while.

Blaming youth would be a mistake, too, as brain studies show the deleterious effect of too much digital media impacts all ages.  In fact, older people are less equipped to deal with overstimulation and hyperconnectivity.

Meanwhile, Ling offers this reminder: Global connectivity creates millions of small success stories every day. Unlike television, which can be isolating, cell phone technology can help create feelings of true intimacy.

This week, his daughter bought her first computer and called him on her way out of the store.

"I was able to share that exact moment with her, even though she was 2,000 miles away (at school). Now that was wonderful," he said.

Note: An earlier version of this column said the transistor was invented in 1964.  As readers have correctly pointed out, that was an epic failure -- it was invented in 1947.

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.

 

For years computer security experts have been preaching that users should never share the same password across their connected lives -- at online banking sites, at Amazon, on their Web mail services, even on their cell phones.

Apparently, most people ignore that advice.

A new study by security firm Trusteer found that 73 percent of Web users take their online banking password and use it at other Web sites.  And about half of all consumers utilize the same password and user name at online banking sites and other sites.

"I must say I was very surprised," said Amit Klein, chief technology officer of Trusteer. "It is surprisingly sad that such a large portion of users use their banking credentials at other sites. ... It exposes those users to attacks that would otherwise be impossible. I thought that people would take banking credentials more seriously, but it turns out that in this digital age, this is not the reality."

---

When consumers use the same password across multiple sites, hacking becomes trivially easy. If a criminal breaks into a smaller Web site -- say a site created by a local grocery store -- and grabs a cache of passwords, their next step is always the major banking Web sites.  When you consider that 40 percent of U.S. consumers' checking accounts are tied up in the four largest banks, odds are good that the stolen credentials will work for in one of them.

Password overlap also creates an easy end run around sophisticated banking security technology, which is only as strong as the weakest site where the password is used. Banks might enforce strong password creation requirements, for example. But if a consumer uses a bank password at a poorly defended small site, a hacker can break into the small site, steal the log-in information and essentially crack the bank's high-tech system.

"This is something that should be of huge concern both to banks and to users," said Klein.

Trusteer unearthed the data through use of its Rapport security software, which is designed to warn users when they are about to enter a critical banking password into a site where it doesn't belong -- a phishing site, for example. The tool was used to examine the behavior of 4 million computer users during a 12-month period. During that span, the firm found that 73 percent used their online banking password on at least one non-financial Web site.

And it didn't help much when the banks enforced strict password controls. When a bank allowed consumers to pick a user ID, 65 percent used it on other sites. When a bank assigned a customer ID, 42 percent used it at other sites and 42 percent used both the ID and the password on at least one other site. 

'They don't think it's worth the trade off'
Last year, analyst firm Gartner released a survey that reported similar results. It said two-thirds of consumers use the same one or two passwords across all Web sites they access.

But Avivah Litan, who directed the Gartner survey, said that choice might not be as unreasonable -- or as unsafe -- as it seems.

"They are making a choice for convenience over security," she said. "They are using a cost-benefit equation ... and they don't want to try to remember 10 different passwords for everything they do. They don't think the trade-off is worth it, honestly."

While password sharing isn't a safe practice, Litan said, complicating your life with multiple passwords isn't exactly a cure-all.

"The truth is criminals steal your passwords lots of ways, such as recording keystrokes, and if they do that, it doesn't matter whether your password is 15 characters and unique or 7 characters and the same for every site. People have figured this out," she said.

Using multiple passwords is a good idea, but Litan said it is important that consumers understand the risks that remain even if strong passwords are used.

"It is another lock on the door but a lock that is easily picked," she said. "Still, it's always better to put as many blocks in the road you can."

Large banks don't rely on simple user/password combinations to identify users anymore, she added.  Numerous technologies are used to prevent fraud through a strategy called "layered security."  Device fingerprinting of PCs is a key tool, she said. Web sites tag computer hardware by monitoring unique characteristics, such as exact processor speed or time and date settings. Sites that use device fingerprinting see fraud rates drop 15 to 20 percent, she said.

Banks also look for suspicious behavior, such as attempted transfers to unusual accounts. Another hacker giveaway: clicks through Web sites that occur at high speed, showing an automated PC -- and not a person -- is attempting a transaction.  Humans take, on average, about 10 seconds before they click "confirm payment."  Computers controlled by hackers racing through stolen login accounts barely wait at all.

"That's best-of-breed security," Litan said.  "If you as a bank are relying on passwords for security then you have a poor security system."

RED TAPE WRESTLING TIPS
It should be comforting to know that your user ID and password are not all that stands between a hacker and your money. Still, that's no reason to let your guard down. Your banking passwords should be handled with great care, and shouldn't be shared with other Web sites.

And remember, many Web firms that store your critical personal information do not use best-of-breed security on their back end -- meaning you are still at risk.  A criminal who stole your Facebook credentials could easily wreak havoc with your life, so protect those accounts, too.

Klein concedes that the vast majority of computer users will never create unique user/password combinations for all their sites. As a more practical goal, he recommends maintaining three "families" of passwords -- one for critical financial sites, a second for sites that store your personal information, and a third for generic log-ins.

"And you don't want to mix those passwords," he said.

Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.