Identity Theft, Credit Cards, and You: Part I

• Credit Card Fraud - Approximately 54% of consumers reported credit card fraud -- i.e., a credit card account opened in their name or a "takeover" of their existing credit card account;
• Communications Services - Approximately 26% reported that the identity thief opened up telephone, cellular, or other utility service in their name;
• Bank Fraud - Approximately 16% reported that a checking or savings account had been opened in their name, and/or that fraudulent checks had been written; and
• Fraudulent Loans - Approximately 11% reported that the identity thief obtained a loan, such as a car loan, in their name.

Chart and information take from: Prepared Statement of the Federal Trade Commission on ID Theft

So as to not allow you the opportunity to obtain ANY comfort from the numbers you see above (i.e. you may be thinking they're low, except maybe those for credit card fraud), I must point out that this is from a presentation given in July 2000. Trust me, be assured, these numbers are LOW for now when the numbers are higher, and surely this past Saturday's article in the Times MasterCard Says 40 Million Files Are Put at Risk makes the case that this is a very real problem. If that doesn't bring you around, know that the problem is such that we now have Preventing Identity Theft for Dummies - if there's a dummies book about it, it's clearly something to be paying attention to.

So how concerned should we be? VERY. Here's a tidbit from an article, Personal Data for the Taking by Tom Zeller, that ran in the Times back on the 8th of May (it's not available for free online from the Times, but you can get it from The Hearld Tribune and you can also Google for the article and find it from other sources as well):

Senator Ted Stevens wanted to know just how much the Internet had turned private lives into open books. So the senator, a Republican from Alaska and the
chairman of the Senate Commerce Committee, instructed his staff to steal his identity.

"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.

His staff, Mr. Stevens reported, had come back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "For $65 they were told they could get my Social Security number," he said.

That would not surprise 41 graduate students in a computer security course at Johns Hopkins University. With less money than that, they became mini-data-brokers themselves over the last semester.They proved what privacy advocates have been saying for years and what Senator Stevens recently learned: all it takes to obtain reams of personal data is Internet access, a few dollars and some spare time.

Working with a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on citizens of Baltimore, but whole databases: death records, property tax information, campaign donations, occupational license registries. They then
cleaned and linked the databases they had collected, making it possible to enter
a single name and generate multiple layers of information on individuals. Each
group could spend no more than $50.

Although big data brokers can buy the databases they crave - from local governments as well as credit agencies, retail outlets and other sources that
students would not have access to - the exercise replicated, on a small scale, the methods of such companies.

Getting enough information about you such that a person can open up accounts in your name, which you would never know about, is not hard at all for someone committed to doing so and if someone's willing to put up some money, as little as $65 as Senator Stevens tells us, you can get everything needed to become you, to include your social security number. If that's not a little bit frightening to you it should be, honestly.

I myself haven't had a case of identity theft hit me (not that I'm aware of at least.) I have had a credit card compromised, and in my case in a very unusual way or at least in a way I hadn't thought about before. Feri and I were out getting her a pair of snow boots a little over a year ago --- if you live in RI during a bad winter you know why we were out buying snow boots. Anyway, I put the boots on my credit card and off we went to see a movie. Within 24 hours I'm getting a call from my credit card company asking me if someone who has my card is in Australia going on a shopping spree? No, indeed not. Apparently what happened was that when I used my card someone behind the counter double swiped it, once to allow me to make our purchase, and then again into a portable scanner:

that they likely had attached to their own laptop behind the counter (similar scams have been rigged at ATM machines, and gas stations.) They captured my credit card information and later that night the information was sold to someone on the other side of the world where the cyber-savvy thief or thieves went on a shopping binge. Fortunately my credit card company scans for suspicious activity (I'm sure that they have computers with special programs that look for odd activity on member cards, like how is it a guy who bought snow boots in Rhode Island is six hours later buying luggage and what not in Australia?) and quickly killed the card. I normally check my credit card account online just about every day, but it takes anywhere from 48 to 96 hours, sometimes longer, for a purchase to post to my online account and God only knows how much damage these people could have done to a card that's paid off every month and with a respectable limit on it before I would have seen what was going on.

So I am now a full-fledged member of Club Paranoid when it comes to information related to myself and my card use. I routinely use a shredder to destroy any documents with personal information (it really should be a cross cut shredder or one that makes confetti, but my old straight cut/ribbon cutter works well enough and you'd have to be a pretty darn industrious thief to put together my records, especially after I mix them up with the house trash), I'm more mindful of to whom I give my social security number (I'm still amazed at the number of places that expect you to give it up, or institutions, like colleges and universities, that think it's a great idea to use your SSN as a student identifying number --- aaarrrrrrrrrrgggggggggh!). I also try to be more mindful of where and with whom I use my credit card, but in all honesty that's a lost cause as I would never have suspected losing my card information where I did, how I did, but my credit card company security representative (a nice guy, we had many conversations on the phone) assures me that this type of scam is on the rise so we best all be mindful.

Tomorrow: What to do to minimize identify theft and erroneous financial information.