#JoinTheConversation with Frank Abagnale, Authority on Secure Documents at #HIMSS17
This #JoinTheConversation series is brought to you by our partner Experian Health and the episodes were broadcast live in Experian Health’s booth (#3503) at the The HIMSS17 Annual Conference and Exhibition. The interviews were recorded and published to the media player on this page. Please read more about why more than 60% of U.S. hospitals count on Experian Health.
Frank Abagnale, one of the world’s most respected authorities on forgery, embezzlement, and secure documents. View Frank’s website.
Joe Lavelle 00:31 All right. I am Joe Lavelle. Welcome to our special #JoinTheConversation show, right here from Orlando. I’m here with my co-host, Todd Eury, right here in experience booth, number 3503 at #HIMSS 17. Todd, let’s give a quick shout-out to today’s sponsor, Experian Health, what a great partner we have.
Todd Eury 00:47 Joe, I’m so excited to be here and what you might not realize about Experian Health, Best in KLAS for patient access in 2015, 2016, ’17 and its inaugural year eCare NEXT was named the KLAS category leader in claims management for 2017. These are just a few of the accolades that the great team from Experian Health has recently earned, what a tremendous thrill it is to be here and be working with such a great industry leader.
Joe Lavelle 01:17 Talk about a thrill Todd. We’ve got one coming up right now. We’re going to get right to it by introducing our very special guest Frank Abagnale, one of the world’s foremost experts on forgery, embezzlement and secure documents. You’ll know Frank from the great movie or book that tells a story of his younger years, Catch Me if You Can. Frank welcome to the show.
Frank Abagnale 01:35 Thanks Joe, thanks for having me.
Joe Lavelle 01:36 It’s so great to have you. Frank, our audience is surely well aware of your expertise. But would you tell us what you do now to help organizations of all types with fraud and security?
Frank Abagnale 01:46 Well, as many people know I’ve been a consultant to the FBI and for 41 years. I do work for some other companies as well, but a number of years ago, a gentleman and I, named Ori Eisen developed a technology called the 41st Parameter. It was a fraud detection technology. Experian purchased it a few years ago and now it operates in 80 countries around the world.
So about 5 years ago I came to work with Experian, actually on their data analytics side working mainly overseas, in their overseas countries around the world, and so they’ve asked me to come and take part and put a seminar on today about Identity theft for the healthcare side of Experian.
Joe Lavelle 02:23 Great.
Todd Eury 02:24 Frank, it’s a pleasure to meet you; it’s a pleasure to just be here with you. Someone with your background to see it where it’s grown into, what data means today for our culture, for healthcare. And it seems like the bad guys are getting smarter and bigger and more savvy as the years go by. Do you have an opinion on whether some industries are more susceptible to fraud and abuse than others?
Frank Abagnale 02:47 I’m a big believer having dealt with so many breaches over the last few years that, that every breach you look at and when you really look at it, it comes because somebody in that company did something they weren’t supposed to do, or somebody in that company failed to do something they were supposed to do. The truth is there really is no master hacker in Russia somewhere breaking their way into a bank or one of these companies, but what it is is they are waiting for the door to open.
And unfortunately if you’re a bank and you employ 250,000 people worldwide, there’s always going to be somebody who’s going to do something they’re not supposed to do. When you look at the breach like at OPM that occurred because they didn’t fix a problem they had they should have fixed several years earlier, and again they opened the door. I truly believe we have the technology to keep a lot of criminals out, but if companies don’t use them, don’t take the initiative to put them in place, then they’re going to be a victim and from that so are their clients or customers.
Joe Lavelle 03:44 Frank, do you have a sense for how bad the situation is in healthcare comparatively, is health care particularly susceptible to breaches?
Frank Abagnale 03:52 I would think so only from going to my own doctor. The way records are kept in a medical office, the way they’re kept on the computers in those offices. I would think it would be very simple. What we’re starting to see you know I’ve dealt with identity theft now since 1988 when I wrote my first book about the crime. That was before emails and computers.
And my last book Stealing Your Life in 2007. What I’ve noticed is that, every day there’s another form of identity theft. Because if I can become you, what I can do as you is only limited to my imagination. So we now have medical identity theft. I’m in Orlando I break my leg I have no insurance, so I go down to the hospital and I tell them I’m you, and I give them your information. They treat me, they fix my leg, they bill the insurance company.
The insurance company eventually notifies you, either because there’s a deductible; they just notify you that they’ve paid it. And you go oh wait a minute I was never in Orlando. I never broke my leg. But it’s not that simple when you look at all the people surveyed that have been victims of that crime, they have collection agencies after them, hospitals calling them. So it is so simple and if I can become you then it’s just me guessing what could I do as you and benefit from that.
Joe Lavelle 05:02 Absolutely.
Todd Eury 05:03 When I think of data hacking, I think of that CD dark corner with somebody with a laptop, with a high-powered internet connection. But hackers have become a lot more corporate like, they have a lot more resources. Who are these hackers?
Frank Abagnale 05:19 Well for example, I deal with a lot of Russian gangs. Some of those gangs in Russia bring in about 20 billion dollars a year. So they’re not a lot of American companies that makes 20 billion dollars a year. So yes, they have tremendous resources. Now you know I live in South Carolina, so about 3 years ago someone hacked into the tax revenue office,, stole 3.8 million tax returns of the citizens of South Carolina, including me.
When they first contacted me about it the media they said that the government of South Carolina said they did nothing wrong. I said that would be absolutely literally impossible, as somebody did something wrong. It turned out an employee took a laptop home that they weren’t supposed to take home. They went online that will open the door the hackers got in.
The Governor, Nikki Haley, who was the governor at the time offered one-year credit monitoring service through Experian for every citizen of the state, free, the state would pick up the tab. I didn’t know the governor, but I sent her an email the next day, and I told her that one year credit monitoring service is worthless. People who steal mass data warehouse it, and they keep it for at least 3 or 4 years before they ever bring it back out into the marketplace again. So right away even an idiot knows that if you told me you have one year of credit monitoring, then I’m not going to do anything with it for one year.
But if I steal credit card numbers and debit card numbers I have to get rid of that right away it has a very short shelf life, but if I steal your name your social security number, your date of birth, you can’t change your name, you can’t change your date of birth, you can’t change your social security number, so the longer I hold it, the more valuable it becomes when I go to sell it. So we’re just starting to see a lot of T.J.Maxx which occurred more than 10 years ago, so forget about Target, Home Depot, we haven’t even started to see a lot of the results of those hacks.
Joe Lavelle 07:01 Wow! Frank, last year at HIMSS one CEO over the security company told me there’s two types of companies, companies have been breached and companies that will be breached. Can you describe for us a recent data breach, the response given and maybe some of the damage that was caused?
Frank Abagnale 07:17 First of all I think you know you’d look at someone like Target cost them in excess of a billion dollars, it cost them a lot of customers. Again here is Target who had a tremendous infrastructure and great technology in place to keep the hacker out, but they had a vendor who took care of their refrigeration units in their stores. They didn’t know what the vendor had, but they allowed the vendor access into their mainframe, so the hacker said I’ll go to the vendor and get into Target.
So when they say there’s companies that have been breached, companies that will be breached, the one who’s been breached they’ve learned their lesson, they’ve gone and put in a tremendous amount of technology. The ones that haven’t been breached are the one’s sitting there, going well it wouldn’t happen to me, and I’m not going to spend the money, and those are the ones that are going to be breached, and I think there should be some responsibility. If I’m a bank and I allow someone to breach your information and then that information is used to soil your name or your credit, there should be some responsibility from that bank. And so you know you take a bank like Chase, they spend more than six hundred million dollars a year every year on technology to keep people out of their bank, but again they’re aware that it’s an everyday task. they’re on top of it every day and that’s what you have to do,
You have to be proactive not reactive and then wait till someone breaches you and then go, uh oh! I better do something about it. And these are breaches we know about believe me there are a lot of companies that have been breached they are not telling anybody, and every breach the minute I hear when they did the OPM breach, they said that they had two million federal government employees information stolen. On the same day the Wall Street Journal reporter asked me what about that? I said well whatever number they told you, take that number by 10 and that’s the true number. Well in the end it turned out to be close to 30 million federal government employees that had their information breached.
Joe Lavelle 09:00 Holy cow!
Todd Eury 09:01 I think of this and I look at some of the decision makers within companies underestimating the data breach capability of their companies based on someone taking a laptop home out of the VPN, or someone doing something with a memory stick, or something that no one’s really thinking about. So what do you think of like the human error facet of this all, what do you coach companies to do to ensure they have partners covered? That they have their networks covered? That they have there you know employees covered? What can you convey to the CIO’s per se to really hit home and make them realize the importance of this?
Frank Abagnale 9:40 Every point you made are the points I make, but beyond that I tell them the most important point I can make for you is to explain to you the most important job you have is to educate your employees about the most important job they have, and that is to keep the information entrusted with them safe. Whether you’re the janitor or you’re the CEO of the company, every company should educate their employees. So during cyber awareness month, every day, 5 days a week I’m at a fortune 200 company speaking to 5, 6000 employees about what their important job is about keeping that information safe, and when you explain to people how people get in, how they use this information, how it hurts their clients it can ruin their reputation, destroy their 100 year old company overnight.
People get it and then they understand that when they get that phone call and somebody starts asking a lot of questions, or they get an email to wire some money because the CFO sent them the wire and said wire this money today. They start asking questions and they start looking, but that is an education process and I think one of the bad things is that most companies don’t share that with their employees nor do they educate their employees about the most important thing they should be talking to them about.
Joe Lavelle 10:51 We’ve talked a little now about what companies should do to protect their data, are there anything that we individuals can be doing?
Frank Abagnale 10:58 Yes, I always ask people when it comes to protecting yourself to do just what I do myself. Now first of all I have a shredder. I shred everything. I use what’s called a micro cut shredder, that’s a shredder that turns paper literally into confetti or rice you would throw at a wedding. Same price as a crisscross shredder or straight shredder. But a straight shredder we can put back at the FBI laboratory in less than 50 minutes a document off a straight shredder like the front page of the Wall Street Journal. A crisscross shredder which is what most people use. We use a technology called The EPuzzler a software, that allows us to put that data back together again as we did in Enron, WorldCom, Tyco, Arthur Andersen. Even though the auditor shredded thousands of garbage bags, we put them all back together.
If we can do it, then the criminals can do it. So when you go to the store, you are not looking for who made the shredder: Fellows, Office Depot, Staples, you’re looking on the box for the terminology micro cut shredder, and that’s a shredder that you want because there is no technology to put that back together again. Two, I do use a credit monitoring service like Experian, not only for the fact that they’re monitoring my credit, but it gives me the ability every day twenty times a day to pull up my credit on my credit file and I can look at Experian. I can look at Equifax facts, I can look at TransUnion, here’s my score at the top of that day. I can look at all the inquiries made against my account and what my credits doing and in the same token they’re checking my credit and monitoring it for me at the same time.
Third, I don’t write a lot of checks in today’s environment. If I go to Walgreens tomorrow and write a check for $9. I have to hand the clerk the check, on the check is my name and address and phone number, my bank’s name and address, my account number at that bank, my routing number into that account. That’s your wiring instructions. My signature on the signature card at the bank, and then the clerk is written my driver’s license number and my date of birth on the front of the check. Well, we don’t get the check back we live in truncation, so I only get an image of the check. The check goes to the warehouse it gets stored until they get shredded.
Anyone who would see face of that check could draft on my bank account, wire money in my account. order checks on my account. And finally I don’t own a debit card, I’ve never owned a debit card. I have three sons I have never allowed them to have a debit card. A long time ago I learned a very simple rule. I do everything simply on a credit card, whether its American Express, Visa, MasterCard it doesn’t matter Discovery Card. Every day in my life I spend their money, I never spend my money, my money sits in a money market account, it earns interest no one knows where it is so no one can access it, and every day I use my card.
I will do everything to protect the number, but if someone gets my number and charges 1 million dollars on my credit card tomorrow by federal law, my liability is zero. I have no liability. When I use my credit card and I pay the bill every month my credit score goes up, so I earn credit. When you use a debit card every time you take it out you’re exposing your account and your money, and if they steal it, they are stealing your money. And of course you could use your debit card for the next twenty years 10 times a day and you will not raise your credit score by a half a point, so it does nothing for your credit. So the philosophy is very simple, if the bank said tomorrow hey there’s free airline tickets on your credit card for $3,400 I would say well I didn’t buy those tickets, I don’t know anything about them. They’re going to tell me to put a line through it, deduct it from my bank statement that’s the end of it. But if it’s my debit card they’ve taken $35 out of my account and I’m asking them to put it back and of course they’re going to say we have to investigate it could a month, two months, meantime I don’t have my money.
So the safest form of payment that exists on the face of the Earth is a credit card and I always recommend that people use their credit card. Those are the things that I do that to care of myself.
Joe Lavelle 14:45 Great advice!
Todd Eury 14:46 That’s incredible and that’s something I wouldn’t have thought about. I do have a debit card, I’m cancelling it today and I’m going to start just using my credit cards because that makes absolutely sense the way that you said that.
Joe Lavelle 14:57 Good deal. Frank, it looks like we’re running up against the clock. Before we let you go where can people go to learn more about what you’re doing today and the great thought leadership you put out there?
Frank Abagnale 15:07 My website is just my name abagnale.com, a-b-a-g-n-a-l-e. I sell no products, I provide no services, but it is an educational site. So if you go to the homepage and click the button marked publication, everything you want to know if you own a business or you’re a consumer, whether it’s a short change artist to how to spot counterfeit money, how to deal with identity theft, how to deal with embezzlement, check forgery ,whatever the subject matter you want you can click on it. I’ve written it in a very simple easy to understand format. Whenever I write a book I take that on the day of publication the four most important pages of that book and put them up on my website. So people will find a lot of information in there whether they’re a consumer or whether they’re a business trying to protect themselves.
Joe Lavelle 15:52 Frank it was a real thrill to have you on our show. Thanks so much for making the time today.
Frank Abagnale 15:55 Thanks Joe, it’s my pleasure.
Joe Lavelle 15:57 All right, it is our pleasure for sure. And that wraps this broadcast live from HIMSS17. Again we want to thank our sponsor Experian Health, and on behalf of our guest Frank Abagnale and my co-host Todd Eury, I’m Joe Lavelle and we hope you stay tuned for more of Intrepid Healthcare’s great #JoinTheConversation coverage from Orlando.
About Experian Health
More than 60% of U.S. hospitals count on Experian Health. These providers—along with thousands of medical practices, labs, pharmacies and other risk-bearing entities—are making smarter business decisions, boosting their bottom lines and strengthening patient relationships. Our clients have discovered the value of our revenue cycle management, identity management, patient engagement and care management solutions to power opportunities in the new era of value-based reimbursement.
Experian Health is powered by the strong healthcare heritage of our legacy companies, plus the deep data and analytics capabilities of Experian. This unique combination positions us well to help you succeed.
Revenue cycle management solutions automate orders, patient access, contract management, claims management and collections to improve efficiency and increase reimbursement.
Identity management solutions match, manage, and protect patient identities to enable accurate patient information and to safeguard medical information.
Patient engagement solutions connect patients with personalized portals to create price estimates, apply for charity care, set-up payment plans, combine payments to hospitals and physicians and schedule appointments.
Care management solutions organize and enable sharing of post-acute patient care information to help providers succeed in the new era of value-based reimbursement.
Latest posts by Joe Lavelle (see all)
- Project Management Executive Shares Advice on Project Success - July 21, 2017
- Velocity Health Informatics Ready for #HFMA2017ANI - June 24, 2017
- HFMA ANI 2017 Primer - June 19, 2017