Slashdot Mirror
All The World Over, Your Stolen I.D.
MSNBC is running a story about a massive identity theft which is apparently traceable to people who ordered wireless service from Verizon. If you've gotten service online from Verizon, you might want to check your credit card bill post-haste. And make sure to cancel your Social Security number and date of birth too.
When Texas transitioned to it's new license format, they apparantly decided that instead of migrating the database, they'd just have the clerks reenter everyone's information as they came in for renewal, and this time the clerk got it right, and just like that, my manhood was restored.
Weird, huh? I've still got a copy of my old license around here someplace.
Don Negro
Don Negro
Perl 6 will give you the big knob. -- Larry Wall
Y'know, America could salvage its image -and- make a real impact on crime, if "System Admining Under The Influence" and "Data Warehousing, Without Due Care And Attention" were hanging offences.
(Brings a whole new meaning to "Blue Screen Of Death".)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I've seen many entities out there like "Trust-e" which review privacy practices and policies for e-commerce sites, but I really don't think any of them out there is big on auditing network and systems security practices. Even if they do, those companies are hired at-will by the sites conducting e-business to give themselves more credibility.
Face it people, I really am starting to believe that statements like "This is a secure site because it uses SSL and strong encryption and ... [insert heart-warming buzzwords here]" are nowadays flat out lies for too many e-commerce sites. Those sites are not secure. They store passwords and social security numbers in clear text in databases that reside on the same machine as the web server, which prolly runs way more services than it really needs to because "hey, we can get a pretty fast server up and running in no time and for really cheap, by getting ourselves a cheap pentium and sticking red hat linux on it". "OK, well it looks like the red-hat installation went fine ... let's connect to localhost on port 80 ... ooo see the pretty Apache default page? Great! Well Sir, looks like we're good to go and ready to stick a shopping cart on this puppy!"
The danger doesn't lie in "packet sniffing" anymore. There has been such a hype over the whole "eavesdropping" over a transaction as it is being made, that it looks like this is the only thing irresponsible systems administrators ever worry about: "Well, we need a secure server that does that SSL thing. To do that we need to shell out a couple hundred bucks and apply for a Verisign ID so people don't get nagged by their browser when they hit our site. Verisign will tell people we are who we say we are."
Big deal. Am I supposed to feel good now? In light of what I've been reading for the past few years ... I'll say NO.
The danger truly lies in HOW and WHERE sensitive consumer data is being stored. *This* is what matters and what should get thoroughly audited.
If a site possesses an SSL certificate from Verisign, it should be illegal for the owners of this site to request a consumer's highly-sensitive,permanent and personal data like a Social Security Number (credit card numbers don't apply here as those can easily be changed), unless their SSL certificate also comes with some kind of SEAL of approval from some government-sponsored network and systems security auditing.
I do realize I'm going a little far with government involvment, but we're talking about protecting data issued to every citizen by the government in the first place. You're talking about people's lives: their ability to buy a house, open a 401k account, even get work! I have been victim of identity theft in the past after my mail was stolen, fortunately it didn't go too far as I think they didn't get their hands on my SSN, but it truly poisoned my life for a while. I came back from christmas vacation only to find someone had gone on a shopping spree courtesy of me with several of my credit cards and realized they had applied for and shopped with a couple others in my name! Yes some credit-yielding entities don't even ask for your SSN to open an account.
If government involvment isn't the solution, then users should somehow get educated and notified with a message along the lines of "Although this site encrypts all its transactions, its network and systems security practices have not been audited by [INSERT GLOBAL ENTITY NAME HERE]-approved party and may be exposed to security holes".
Better yet, the W3C could work on amending the HTML specification to define a new type of form input field: INPUT type="secure-ssn" name="userssn", which browsers would ONLY display if a site's SSL Certificate contains information stating that this site's security practices were audited and approved. If that is the case, the browser could 'automagically' display the field as [][][]-[][]-[][][][] with a 'secure key' near it which could be clicked to explain what this all means, and possibly remove that field from any scripting-bound client-side Document Object Model so that data could not be evilly manipulated within sites open to cross-site scripting vulnerabilities. The browser could further insure that the value of this field could only be submitted to a form whose "action" attribute points to a secure protocol. The browser should have built-in validation of this field to compensate for its lack of access thru scripting. Browsers should not allow this field's value to be pre-populated on page load unlike other input fields so users would have to re-enter their SSN every time they see the field.
Now with that standard special-looking "social security" form input field, people could be educated to only enter their social security number in such an input field. If they do enter their SSN on any other type of form input field, then they should know they're further exposing themselves to identity theft.
These are just initial ideas, but further brainstorming should help finding a solution that would work to protect people's privacy on-line.
What do you guys think?
Extraordinary Vacations. Exceptional Prices
I mean, really, FDR promised us that Social Security #'s would never mutate into national ID cards...
That's what we get for giving Big Brother a new toy.
And to top it off, SocSec is a pyramid scheme.
Those things that come around every year are birthdate anniversaries, by the way. You only get one birthday, and you're really too young at the time to properly appreciate it.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Or as a drug dealer, and since you'll probably be carrying all your available money on you in cash (being afraid of not being able to get it out of a bank), that will be considered as further "evidence" that you're traveling for the purpose of dealing drugs and that the money is intended to be used for drugs, so even if they can't actually haul you in front of a judge and jury on charge of "looking like he was fixin' to go deal drugs", they can arrest your money, and you have to prove that your money is innocent.
Before you can go to court to do that, you have to put up a cash bond of an equal or greater amount, but that doesn't actually bail your money out, so now you've got twice as much money being held hostage.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
>I personally think the ending to "Fight Club"
>would solve this problem once and for all.
Killing yourself during a grandiose delusion?
-fb Everything not expressly forbidden is now mandatory.
Well, the original problem was stated in the (perhaps implied) context of birthdays excluding the year.
In that context, 367 people guarantees that two of them will share the same birthday, excluding the year.
If we expand this to a human lifespan of 120 years, then you only need on the order of (120 * 366 + 1) = 44,000 to get a birthday collision, including the year of birth.
If you want to count stinking rotting corpses, or the not-yet-born in your million, piss off.
pooptruck
Now when my RealDoll shows up at the house, I can just tell my wife "Damn identity thieves are playing with my Visa card!"
Trolling is a art,
Here's a good post on fool.com about how one woman went about recovering from the theft of her identity.
Any central point of control reflects a problem in the system design. Your proposed solution, "Some trusted third party", creates a new niche for contol hungry psychopaths to operate. Creating such niches is bad system design. The person who inhabits it now may be trustworthy, but that says nothing about the person who will occupy that position in 50 years. Or 5. Or 1. People move about. Management changes. Boards or directors realign their positions. Beancounters look for ways to trim expenses. Any of these can severly damage a proposed measure of protection, which will prevent the office from getting out of control. So don't design it in, in the first place.
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
This goes to show you that there needs to be controls over what sort of information a company can ask from an individual. Sure the are probably exceptions to the rule, but date of birth and social security numbers should not be necessary to open an account with anyone, but a bank.
Maybe this is where we need to use the approach of trusted third party authorization. Basically the only person you share this trusted information with is your bank and it is the bank who gives to a unique, time based, validation id to share with the company you are buying the service from. If a bank is incapable of keeping your details secret, then you know that you don't want an account with them.
Jumpstart the tartan drive.
Now maybe we can get some legislation making it illegal for companies to ask for a social security number or use it as any sort of identifying number for accounts. TECHNICALLY, it IS illegal for anyone other than financial institutions and the government to use it as an identifying number but companies currently get around asking for it by saying it's for credit approval. Then they just use that number for your account.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
Uhh, what paperwork is necessary to smuggle illegal immigrants? does the government have a form for this?
-- "In order to have power, I must be taken seriously." -Mojo Jojo
I'm glad you put out this warning. I've discovered that over 16,000,000 people around the world are claiming my birthday as their own!
--
Sheesh, evil *and* a jerk. -- Jade
Deal with good banks, good credit card companies and good stores and you shouldn't have any problem.
Give up on online banking as well, just isn't worth it. I can't imagine the risk of having fraud and not knowing if it is the online bank problems or simply the fact you don't have anyone to see other then people over the phone if you do have problems!
It cost me over 5,000 in lost charges, but luckily Visa has a 0 tolerance on fraud charges. For those with "Stolen Identity" change your SSN and DL # NOW because they can effectiley call your bank and change your PIN number or obtain existing PIN #'s and Mac/ATM withdrawals are NOT guranteed nor protected.
Firecash.com is an offshore billing company that does transactions for 3rd party billing companies so this is ONE WEBSITE TO WATCH. I have already filed complaints for both the casino, the casino's processor and firecash.com because they allowed charges with incorrect name, address, phone number AND expiration date to post.
It took over a month to get my money back, every check i wrote bounced, i couldn't pay my mortgage and i didn't get to do shit for my birthday. DON'T LET THIS HAPPEN TO YOU.
Keep 2 seperate banks. Be it as simple as a 2nd savings account or something with your work or local credit union. Don't put all your eggs into one basket. Since i had reported fraud the bank was required to lock ALL MONIES Until the dispute was processed and that alown takes days since they have to file affidavites and work with security departments of visa and such.
This sucks for alot of reasons, and i feel sorry for those who will be screwed for years to come.
Basically cost me my job since my credit cards put me on old because the payments bounced and i traveled 100% of the time.. airlines don't accept cash or promises to pay for tickets. Even my corporate card was locked because i had made a payment with a check that bounced because the account was locked before they deposited it.
So now i have disputes with check authorization companies, letters to my creditors, affidavites to my mortgage company, copies of statements and official letters to my car loan companies and letters to the 3 major credit departments just to fix up MY credit.
Take care of yourself, and don't put all your eggs in one basket. I never used my visa check card online, and now i don't even let my bank link my check card to my savings for rollover protection because that is how i lost every dime i had since the charges kept coming and the bank kept on transfering from savings to pay for them.
scary world we live in when people can generate numbers, steal your identity and post the charges and make out.. if it takes a bank 1 month to investigate that is way to long in the history time since website logs are archived or gone, ip's have long changed (on dhcp or dynamic dialups) and well, you should understand how things work.
Actually, yes. It does please me that these problems are becoming widespread.
It's the same as releasing an exploit to crash webservers. If script-kiddies take out a bunch of high-profile sites, like amazon or the whitehouse, it'll force people to beef up security. This prevents someone with a more insidious motive from doing the same thing later. (ie bn.com DoSing amazon (or paying kiddies to do it.))
Similarly, if a large number of people get their identity stolen by small-time crooks, it'll force us to fix the system before someone organizaed gets into it and really fucks us up.
Hmmm. Would be an interesting DoS... Automate identity theft, rack up huge charges to overseas companies for non-refundable products. Because the order was with a valid card, Visa/MC wouldn't be able to reverse the charges to the company. Hit them with a few billion in bad charges all in a month.
You know, we're almost at the point where a skilled hacker could wipe out a good chunk of the western economic world. The benefit is that the hardest hit would be those with the least real value, companies whose holdings are mostly stock, or debts, etc.
It won't be all that long...
If not worse!
I should know-- I've just had my identity stolen. Somebody opened up a credit account at Gateway (in addition to other places) and bought a computer for himself! All in all there are $2000 worth of fraudulent charges-- fortunately they're not on my credit cards, so I won't have to pay them in order to conduct daily business.
The Credit Bureaus are a PAIN in the butt to deal with-- I've had to re-open the investigations on my accounts several times-- becuase Gateway and others report that the account is "under investigation," the credit bureaus interpret that as saying the account is mine!
The police are even worse-- it's been 6 weeks since I originally filed my complaint, and only this week have I actually recieved a call from a detective! These things just SIT there until they either get lost or fall onto somebody's desk.
I could have been completely screwed over by this if my circumstances were a little different-- I have been looking for a place to live, and almost all landlords in NYC require credit checks on all applications. With those nasty adverse items on my report (even with a victim statement), I would never have stood a chance getting an apartment. I decided to rent a room instead until things settle down a bit with my credit (and my job), so it hasn't kicked me in the ass yet.
Identity theft is REAL! I'm really surprised more testimonials haven't been posted here... I know of three other people off the top of my head who this has happened to.
I still don't know how they got the information-- a security breach, a disgruntled university employee, intercepted mail... no idea. I haven't lost my wallet or anything.
Maybe that detective will be able to tell me something useful... we shall see.
http://www.tracfone.com
You buy the phone outright, with no preset plan (or credit check,
or SSN/bdate divulgences), then pay for minutes as you need them
using your credit card, for which you've already established
respectable credit/identity. There seem to be less points of failure
with such a system.
IANAS - I Am Not A Shareholder; I just like the company...
Who cares about SSL? SSL is important for maybe one billionth billionth of the time your data is in someone elses hands. Ok, so the data is encrypted in transfer. Who cares, when the recieving company is happily saving away your data on a NT machine running It Isnt Secure? Every script kiddie and their grandmothers little dog can wait until two seconds after you press submit and dig the data out of there after that soooo secure SSL transaction.
To protect yourself:
Never enter nondisposable data. Use a disposable email address. Use a disposable CC number (or at the very least a low-limit creditcard). Never enter Social Security numbers (fake one, or use another option). Avoid using your real name. Avoid entering your real phone nr. Dont enter your age. Dont enter your profession. Make the data worthless and corrupt.
In my opinion the only way to handle this problem is to make it illegal for any company to store any sensitive information at all. They need the information? Fine, they get to have it for the 5 minutes they need it, then it MUST be wiped.
Hackers stealing the data is just one simple way the data gets out. Social engineering to disloyal employees through mergers acquisitions etc etc are other ways.
If you ever give out the information it will be stolen and misused.
Most states, but not Virginia (it's an opt-out in Va) and Utah, use the SSN as the drivers license number. So when someone steals your wallet, they've got your SSN and birthday. Then all they need is mothers maiden name (probably on your birth certificate) to complete the ID theft.
Best Slashdot Co
Every time we get a story about another bust.com doing the big sleep and selling it's customer info, the wails and gnashing of teeth are thunderous. Slashdotters love anonymity, and hate being profiled.
Now imagine if identity theft becomes commonplace - this will result in all that "personal info" becoming worthless, and will make demographic profiling useless. Massive identity theft will wind up increasing real anonymity - because anyone could be using "your" ID numbers and passwords.
No longer will you have to worry about someone connecting your nick to your "real name", and fearing repercussions over your "free" (as in speech) speech. "I didn't post that, some stinking pinko identity stealer did!" I'd think the cypherpunks should be breathing hard by this point. Heck, they may try to encourage identity theft!
Doesn't this make you happy? Those big companies won't be able to treat you like a number anymore, because that number could be a bunch of people. We'll finally be able to cast off the oppressive yoke of corporate pigeonholing and catagorization of people!
...and get back to actually going to the store with cash in hand for your CDs, DVDs and blank CD-Rs. Ah well, that's the price you pay for progress, right?
One victim - $4000 lost - "Most of the charges were at Network Solutions".
Another victim "was called by his bank Monday and told a criminal had charged $1,000 on his card over the weekend at Network Solutions"
Now, I'm just speculating, but what kind of criminal do we Slashdotters know of that has a need to register lots and lots of domains, and has a use for lots and lots of credit card numbers, (that is, has a use for lots of CCs, a few of which would be used to register bogus domains, but the majority of which would be used to sign up for $20/month throwaway dialup accounts that get nuked within hours of signup...)
If my hypothesis is correct, all we need to do is follow the trail from the CCs to the domains to the dialups to the whackamole users.
Y'see, if the $KILOBUCK charges are going to domain registrars, it'd be pretty easy to figure out what domains were registered, and if they were appearing in spams.
And if we find the domains in spams, we can get the spammers' general geographical location by looking at reverse DNS from the throwaway dialups with which he spews. We can also learn from the "Send money to" snail-mail dropboxes (usually a Mail Boxes Etc. type of place) in the spams. Follow the money.
If there's only one or two spammers, I'll bet we also find that he and/or his associates have (in addition to the domain registry carding) been doing credit fraud on lots of cards the $TWENTYBUCK range to sign up throwaway dialup accounts. (Umm, and mailboxes at MBE ;-)
Or maybe our Bad Guy is hiring others to spam on his behalf. In this case, we have 100 "work at home" suckers, most of whom lost money to the ringleader, and we only need one to turn state's evidence.
Of course, all of this is mere speculation. But it would account for much of what's appeared in our inboxes over the past year, wouldn't it? There are probably only a few spammers who would have the capacity to run such an operation, and their real-life identities are known. In my more paranoid fantasies, I imagine that this identity theft might have been done on behalf of one or more of them.
The wheels of justice grind slow. But they grind fine.
Read the article all the way before submitting, sheesh. While its in vogue to knock Verizon Wireless, notice that it is not by any means limited to them.
Numerous times they mention the AT&T connection, and the URDigital.com connection. In fact, URDigital is the name of a folder specifically listed in the IRC transcript.
This looks to be a multiple vendor issue, not limited to one company.
These views are mine, not my employers.
GPL'd web-based tradewars themed space game
You can't cancel your Social Security number. Date of birth would be an obvious one that is impossible.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
No, there needs to be regulations. If there aren't, a company can say 'no account for you' for not wanting to provide any information they want. They need to be told what information can be collected to establish an account, and not allowed to refuse service to anyone that doesn't want to give out more.
The problem is that if there are not restrictions, there will be no companies that don't require an SSN for example. Thats your first problem. The second problem isthat you can't read. What i said was that companies should not be allowed to refuse service if you don't want to give up more information then they absolutly need. I didn't say they couldn't ask for an SSN, i just said they shouldn't be allowed to turn you down if you choose not to give it to them. Thats not telling you waht info you may or may not give, its tell the companies what info they may REQUIRE for you to establish an account. You say its not my place to decide how much info you give away? Well, you're basically deciding how much info i must give away. It also amazes me how stupid people can be. You're will to sell your private information for a cheap watch, or a few cents off your pepsi. Its stupid b/c not only are you giving up your privacy (a dangerous thing to do), you're also selling yourself short. Think how much the companies pay for your info...and you get that cheap watch? How about i exchange a pencil for your wife's wedding ring? You enjoy the pencil, i'll sell the ring for a few hundred.
Actually you aren't legally required to give that number to anyone except the social security agency. If any company attempts to deny you service based on refusal to give out your social security number they will have violated the social security act and will be liable for time in a federal prison.
Also, you don't have to pay into it. It's a voluntary program just like over 90% of federal income tax. For more information on the opt in programs the IRS wants you to believe you're required to pay read Title 26 of the United States code. Unless you are a non resident alien, working for a foreign corporation, received a petition from the secretary of the treasurey, or manufacture producst susseptible to excise tax, You aren't required to pay federal income tax.
Request your IMF file from the IRS. Most of the time you'll see yourself classified as 4035, working for a foreign corporation. You don't have to file, you don't have to pay. Any employer that witholds tax is guilty of fraud, and the IRS's notices violate section 9b of RCP US code title 18 so you can refuse them for fraud. The law scares them. Enjoy!
I am the penguin that codes in the night.
A few weeks ago my brother saw some statistic on television that in your entire lifetime, the chances of someone stealing your identity are like 1 in 5. While I thought this was a ridiculously high number at the time and laughed at him, maybe this story can lend some viability to it.
http://www.redpolygon.com
http://www.hyperpoem.net
hyperpoem.net
Giving Your Number To Others
If a business or other enterprise asks you for your Social Security number, you can refuse to give it to them. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for your Social Security number, but do not need it; they can do a credit check or identify their customers by alternative means.
Giving your number is voluntary even when you are asked for the number directly. If requested, you should ask:
why your number is needed;
how your number will be used;
what happens if you refuse; and
what law requires you to give your number.
The answers to these questions can help you decide if you want to give your Social Security number. The decision is yours.
Our primary message is this--be careful with your Social Security number and your card to prevent their misuse.
If you think someone is misusing your number, ask us for the leaflet, When Someone Misuses Your Number (Publication No. 05-10064).
Originally your SS # was never supposed to be given out to anyone! But big business beat up big brother and started using it to profile each and every American. In fact, the business community forced the Government to require *all* citizens to have a SS #. So now from the second you pop out of your mother's private parts, you have to be registered with the SSA.
I personally think the ending to "Fight Club" would solve this problem once and for all.
Strange women lying in ponds distributing swords is no basis for a system of government.
Yech. Not at all. I was actually thinking of attempting to tamper with the delivery of the baby.
I guess that's only slightly less weird....
-jKarma: T-rexcellent.
You are number six?
Karma: T-rexcellent.
Wow. There's a story.
But, you know, if you had a time machine, you could keep all that from happening.
-jKarma: T-rexcellent.
Gosh, here in Maryland, it takes the act of a surgeon to change your sex.
...oh. Legal document. 8)
-jKarma: T-rexcellent.
and date of birth too.
Quick! To the time machine!
("no, listen you have to hold on for at least *checks watch* two more hours. no, i can't tell you why. oh, damn. nurse!")
Or something....
-j
Karma: T-rexcellent.
half of almost nothing is still almost nothing. I haven't been following it all that closely, but didn't George W.'s social security task force say recently that without reforms the social security system was going to start going broke in 15 years or so? And that they'd have to cut "your benefits" to keep the system solevant? Another argument for not "investing" 15% of your yearly wages with "the government". (What's that you say? "it's only 7.5%?" Tell me all employers would keep their matching 7.5% if they didn't have to pay the social insecurity tax, i'll laugh at you).
---
Learn the rules so you know how to break them properly.
www.teslabox.com
There are some good suggestions under "GENERAL ADVICE ON OPERATING WITHOUT A SSN" towards the bottom of this page..
---
Learn the rules so you know how to break them properly.
www.teslabox.com
And make sure to cancel your Social Security number and date of birth too.
From the linked article:
Experts say the victims could be dealing with the potential identity theft for years; unlike credit card numbers, Social Security numbers and date of birth information cannot be canceled and reissued.
So much for that idea...
--
wow...
I think the first thing that should be done here is that the requirement of a SSN on any application for a credit card or phone number, etc should be out right banned.
Second, these phone companies should run a two week advertisement announcing the thief of this data and that all people should check with their credit card companies and credit rating companies. The hacked companies should also report this to the credit reporting companies!
I also think the companies should be libel for a million dollars of damage per incident (person).
Finally a quick google search on legal uses of social security numbers turns up quite a few things worth reading: SSN FAQ
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
did anyone else get an ad of OfficeXP for this article? I took a screen shot of mine: "For Identities, One Password." Maybe it's just the lack of sleep but I find this very amusing :)
-----
09
Its also AT&T Wireless. It seems to come from haivng a credit check run when you're purchasing online. So far, one bankrupt background checker is suspected.
I'll just encrypt my social security number using the strong ROT13 encryption that Adobe uses.
Er, I may have to put more thought into this. Let me get back to you on that.
If there aren't, a company can say 'no account for you' for not wanting to provide any information they want.
And why exactly is that a problem? How does that violate your rights? Or mine? If a company won't give you service without an SSN, then go somewhere that will. Or buy one of those "prepaid" phones. Pay with cash instead of credit cards. Buy in person instead of over the phone. But don't get the government involved in telling me who I can and can't give information to. If I want to give my SSN to a company for a discount or for a higher class of service, why shouldn't I be allowed to do that. Telling companies what they can and can't ask for is ultimately a restriction of MY rights to "life, liberty, and the pursuit of happiness"; it isn't your place to decide for me what I can and can't give away.
At both institutions I went to, you can refuse to provide it (I did). Many applications say something like "If you don't want to give us your SSN, we'll give you an ID number to use instead." As a consequence, my student numbers started with 993 and 999, respectively.
There ARE other options.
-Corvidae
Agreed, but what good does that do when a company chooses to move ALL its customer data gathering applications to the web? Would anyone like to comment on this scenario?
The result, it seems to me, is that the user is less and less able to protect themselves from personal data being stolen. Maybe I'm being paranoid, but I'd expect that SSL and the like was being used for the Verizon (and AT&T) web applications, too, yet this theft has occurred nonetheless. Could it be that we are once again running into the dangers of monocultures (put it all on the web) and the prolifieration of diseases (hacking web sites with larger and larger stores of data)? What can the average user do to protect themselves in such situations?
These guys should really put fraud alerts on their credit report. Fraud alerts are short statements that you can ask Experian, Transunion and Equifax to put on your credit report telling anyone who would be reviewing your application for a credit approval of a credit card or some other product that you have been the victim of identity theft. They usually ask to call a certain phone number and verify information with the individuals before proceeding.
http://www.cpsr.org/cpsr/privacy/ssn/ssn.structure .html
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Steve Magruder
Steve Magruder, Metro Foodist
Windows XP RC1 works just fine without passport enabled. I can check my e-mail, browse the web, use web servers, publish web pages, and even send error reports--all without sending MS a single fact about me.
.Net, etc) I could use them. But if I don't want to, then WinXP is just like what Win2k should have been--the product of putting NT and 9x in a room with some spanish fly and waiting nine months.
Passport's just integrated, so if I *wanted* all of MS's shiney new toys (MSN Messenger,
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own!
*checking statement* "What the hell is this monthly charge from Verizon? They've been doing this monthly, like clockwork! Someone has to put a stop to this.
I love the smell of Karma in the morning
I don't think there should be any regulation on what companies can be allowed to ask, if that's what you're implying. If a person is willing to give out personal info, then so be it. But at the same time, people should be smart enough to know not to give just anyone their most personal info. If everyone said, "No, I'm not giving you my social security number; you're not the social security department of the US." then no companies would be asking for it. Companies require it because it's helpful to them (guaranteed unique ID) and people are willing to give it out. It's the general population's fault for giving out too much info and the company's fault for not being secure enough. But I'll bet neither problem is going to stop Verizon from making a lot of money selling phone service.
---
Developers: We can use your help.
THink about the hell you'd go through changing SS#'s the next time someone asks for it! :) I used to be more laid back aout it - but am quickly starting to challenge companies that want my SS# - too bad - get another ID to use.
I'd have to rate changing SS3's above the nightmare of getting a new checkin gaccount or switching to a new health plan!
But beyond that - I'm a Cingular customer - so I'll have ot wait my turn to have my info sold er stolen.
Top Most Bizarre/Disturbing Error Messages
A buddy of mine recently got new wireless service through Verizon, but in the last week he's looked different... about half a foot shorter, maybe 50 lbs heavier, too.
Whatever... he's spending money like water and treating everybody at happy hour, so it's all good...
God bless those Albino Ninjas...
First they assimilate Bell and GTE, now all the users shall also be assimilated.
Behold! Witness the founding of the Borg collective!
"I drank what?" - Socrates
A few months ago, the company I work for made me switch my mobile service to Verizon. I insisted on doing all business at one of their stores, paid cash for the phone and setup fees, and absolutely refused to give them my social security number. In addition to all this self inflicted inconvenience, Verizon went to great efforts to make the whole process more of a huge pain in the ass because I refused to give them my SSN. It took two weeks, three visits to their store, one letter, and a lot of grief from my boss (only some of which was directed at Verizon) before my phone was finally turned on. Moreover, getting warranty service from them without giving them my SSN was also quite annoying and tedious.
Now, after reading this article, I'm damn glad I went to all that trouble, and I'll definately do exactly the same in the future.
Never give the bastards any more information than they absolutely need. And they never need your Social Security Number. If Verizon spent as much effort protecting the personal information of their customers as they did trying to get the same information out of me, they might not have had this problem. They say they need your SSN to make sure they can trust you, but the real question any time someone wants your SSN is whether or not you can trust them.
...you *can* legally change your SS# *if* you can prove that your current one has been used in ID theft and exposes you to similar crimes in the future.
.sig really belongs to my purusa
Link here.
this
...then two months ago there were $4,000 in false charges on his Visa card. "Most of the charges were at Network Solutions," he said.
Thats a lot of #####sucks.com's to be registered. I wonder how many it takes to rack up $4000. It has to be a few.
DocWatson
MessEdUp
#/var/www/v
Try doing an internet search for you social security number - that will show if it has been posted on any websites (once there has been enough time for your search engine of choice to do the necessary spidering)
Of course, the story is about details being posted to a chat room so this might not help in this case...
Most people will quickly notice additional charges on the credit cards... the more important thing is getting a Credit Report. Having gone though this several years ago... You need to get a credit report from each of the 3 Credit Agencies, look for both new accounts and new Inquiries into your credit report. It takes a while before a new account shows up, but as soon as credit is applied for, an inquiry is added.
Contact each company that has requested a report. Try to determine if an account was created(can be tough for some of the major companies that have alot of different types of credit accounts, to determine with line of business an account was applied for.
Get them to fix any other problems on the credit report and send you a new copy... this should all be free.
They will refuse to remove the inquiries even though they are frauduelent, but if anything is else is wrong (address, employer, etc) that was place on the report from the credit applications the thief use can be removed. Sometimes it will take several cycles to get everything fixed up, but this can work to your benefit. One of the inquiries, claimed no account was open... after getting the third report an account for that company showed up. Now with an account number it was easy to track down and contact the proper people to get it removed.
If accounts where opened and used, you will likely be required to sign Noterized letters saying you did not open or authorize these accounts.
Also be sure to add a statement to all three of the credit agencies reports. It should contain that you have been a victim of identity theft, and if they've acquired the report to grant credit, contact me a home xxx-xxx-xxxx, or work xxx-xxx-xxxx, to verify that I have request it before opening any credit. This will prevent the instant credit at some of the stores, but it is much safer.
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Now, from Verizon Wireless: We know you're busy. Sometimes you don't have time to enjoy the money you're making. That's why we at Verizon have come up with PERSON-FORWARDING. We forward your identity to a less busy person who can spend your money on your behalf. Just another service to make your life easier from Verizon Wireless.
</James Earl Jones voice>
Hey wait a minute. Bell Atlantic became Verizon. I used to have them. Crap.
m00.
Such incidents only make you wonder how long it will be before we are all victims. ... Instant Messaging, reading e-books, reading e-mail ... the list is endless. XP will keep hounding you for signing up for a passport. ... as of now. But isn't it conceivable that sooner or later, Microsoft will tie up with online service providers that DO require a social security number. And then ... Whammo! you HAVE to give up another piece of critical info to store on Microsoft servers.
With the release of Windows XP, you will *REQUIRE* a passport to get any meanigful work done
Now I know that passport does not require your social security number
If Microsoft Passport ever takes off, it could be a huge target for Identity thieves and given Microsoft's track record at security one can only wonder how long it will be before *YOUR* identity is stolen.
Some privacy groups are going after XP and trying to stop this massive hole from being created. One can only pray that they succeed. Read this article.
What's even worse is when companies go under. Consider this: You give your confidential info to a company to sign up for their service. They go bankrupt and try to salvage what they can by liquidating everything they still have ... including lists of personal info. So some vulture comes along and buys their lists with your name and personal info and in turn sells it to several other companies just drooling over the new people to spam.
That's Mr. Eradicator to you.
That's Mr. Eradicator to you.
trance-port