Sunday, June 19, 2005

Identity Theft, Credit Cards, and You: Part I

  • Credit Card Fraud - Approximately 54% of consumers reported credit card fraud -- i.e., a credit card account opened in their name or a "takeover" of their existing credit card account;
  • Communications Services - Approximately 26% reported that the identity thief opened up telephone, cellular, or other utility service in their name;
  • Bank Fraud - Approximately 16% reported that a checking or savings account had been opened in their name, and/or that fraudulent checks had been written; and
  • Fraudulent Loans - Approximately 11% reported that the identity thief obtained a loan, such as a car loan, in their name.

Chart and information take from: Prepared Statement of the Federal Trade Commission on ID Theft

So as to not allow you the opportunity to obtain ANY comfort from the numbers you see above (i.e. you may be thinking they're low, except maybe those for credit card fraud), I must point out that this is from a presentation given in July 2000. Trust me, be assured, these numbers are LOW for now when the numbers are higher, and surely this past Saturday's article in the Times MasterCard Says 40 Million Files Are Put at Risk makes the case that this is a very real problem. If that doesn't bring you around, know that the problem is such that we now have Preventing Identity Theft for Dummies - if there's a dummies book about it, it's clearly something to be paying attention to.

So how concerned should we be? VERY. Here's a tidbit from an article, Personal Data for the Taking by Tom Zeller, that ran in the Times back on the 8th of May (it's not available for free online from the Times, but you can get it from The Hearld Tribune and you can also Google for the article and find it from other sources as well):

Senator Ted Stevens wanted to know just how much the Internet had turned private lives into open books. So the senator, a Republican from Alaska and the
chairman of the Senate Commerce Committee, instructed his staff to steal his identity.

"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.

His staff, Mr. Stevens reported, had come back not just with digital breadcrumbs on the senator, but also with insights on his daughter's rental property and some of the comings and goings of his son, a student in California. "For $65 they were told they could get my Social Security number," he said.

That would not surprise 41 graduate students in a computer security course at Johns Hopkins University. With less money than that, they became mini-data-brokers themselves over the last semester.They proved what privacy advocates have been saying for years and what Senator Stevens recently learned: all it takes to obtain reams of personal data is Internet access, a few dollars and some spare time.

Working with a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on citizens of Baltimore, but whole databases: death records, property tax information, campaign donations, occupational license registries. They then
cleaned and linked the databases they had collected, making it possible to enter
a single name and generate multiple layers of information on individuals. Each
group could spend no more than $50.

Although big data brokers can buy the databases they crave - from local governments as well as credit agencies, retail outlets and other sources that
students would not have access to - the exercise replicated, on a small scale, the methods of such companies.

Getting enough information about you such that a person can open up accounts in your name, which you would never know about, is not hard at all for someone committed to doing so and if someone's willing to put up some money, as little as $65 as Senator Stevens tells us, you can get everything needed to become you, to include your social security number. If that's not a little bit frightening to you it should be, honestly.

I myself haven't had a case of identity theft hit me (not that I'm aware of at least.) I have had a credit card compromised, and in my case in a very unusual way or at least in a way I hadn't thought about before. Feri and I were out getting her a pair of snow boots a little over a year ago --- if you live in RI during a bad winter you know why we were out buying snow boots. Anyway, I put the boots on my credit card and off we went to see a movie. Within 24 hours I'm getting a call from my credit card company asking me if someone who has my card is in Australia going on a shopping spree? No, indeed not. Apparently what happened was that when I used my card someone behind the counter double swiped it, once to allow me to make our purchase, and then again into a portable scanner:

that they likely had attached to their own laptop behind the counter (similar scams have been rigged at ATM machines, and gas stations.) They captured my credit card information and later that night the information was sold to someone on the other side of the world where the cyber-savvy thief or thieves went on a shopping binge. Fortunately my credit card company scans for suspicious activity (I'm sure that they have computers with special programs that look for odd activity on member cards, like how is it a guy who bought snow boots in Rhode Island is six hours later buying luggage and what not in Australia?) and quickly killed the card. I normally check my credit card account online just about every day, but it takes anywhere from 48 to 96 hours, sometimes longer, for a purchase to post to my online account and God only knows how much damage these people could have done to a card that's paid off every month and with a respectable limit on it before I would have seen what was going on.

So I am now a full-fledged member of Club Paranoid when it comes to information related to myself and my card use. I routinely use a shredder to destroy any documents with personal information (it really should be a cross cut shredder or one that makes confetti, but my old straight cut/ribbon cutter works well enough and you'd have to be a pretty darn industrious thief to put together my records, especially after I mix them up with the house trash), I'm more mindful of to whom I give my social security number (I'm still amazed at the number of places that expect you to give it up, or institutions, like colleges and universities, that think it's a great idea to use your SSN as a student identifying number --- aaarrrrrrrrrrgggggggggh!). I also try to be more mindful of where and with whom I use my credit card, but in all honesty that's a lost cause as I would never have suspected losing my card information where I did, how I did, but my credit card company security representative (a nice guy, we had many conversations on the phone) assures me that this type of scam is on the rise so we best all be mindful.

Tomorrow: What to do to minimize identify theft and erroneous financial information.

3 Comments:

Blogger GrrlScientist said...

Job hunting is a great way to have your identity stolen, by the way! Especially if you post your resume on on-line job searching services.

GrrlScientist

11:07 AM  
Blogger James said...

Whooooooa ... as soon as I read this I had a moment of deja vu. You posted something about this way back when, didn't you? And indeed, this is one of those things I would never have thought of. This goes into tomorrow's post, with the proper attribution, as always. Thanks!

12:09 PM  
Blogger Unknown said...

I read an article on this the other day, which can be found here:

http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P116528.asp

I rarely make online purchases, but when I do, my (French) bank has a very nifty program which generates a "one time only" card number for a specified amount (maximum amount, it doesn't have to be exact). If that number is stolen, it is completely useless.

Our credit card is in fact a deferred debit card, everything is deducted from our bank account at the end of the month and since we can check what has been charged to it over the course of the month BEFORE anything is deducted, it's relatively easy to spot things before you are out of pocket. The nice thing about debit cards too is that you don't end up living above your means, if you don't have the money in the bank, you don't buy it period.

As for setting up bank accounts in France, you have to provide a lot of documentation including electricity bills in your name at your stated address, water bills in your name, paycheck stubs etc etc etc. If you aren't working or don't have the proper documentation, then someone who already has an account at that bank needs to vouch for you. There is no just walking in off the street with a SS number and a name and opening up whatever you like.

4:12 AM  

Post a Comment

<< Home