Slashdot Mirror
Identity Theft Countermeasures?
gbell asks: "Stories about reconstructing shredded documents and horrific tales of rampant identity theft (at least 750K victims/year) have me scared and wondering if I'm being careful enough. What are savvy Slashdot readers doing to protect their financial identity? I already have fraud alerts on my credit reports, which make sure I'm contacted if any requests for additional credit happen. I've called 800-5-OPT-OUT and stopped all the credit card offers. I use unique passwords on all of my online financial accounts. I shred and pulp-ify all documents. I order periodic copies of my credit reports (although I'm irked that I have to pay for them - they're only free if you've been recently denied credit). Is there anything else I should be doing? People spend years sorting out ID theft, and I'm wondering when credit-abusers will start crying 'fraud' just to get out of debt... making things even harder for the true victims. Cops don't have time to do anything, even if you find the perp yourself. The situation looks like it's going to get much worse, and I'm willing to take steps now to increase my security at the cost of convenience. Suggestions?"
...because of two simple reasons:
1) Social security numbers are being used as "unique identifying numbers" EVERYWHERE. When you've gotten someone's SS#, you're halfway to having their identity.
2) Corporations and government agencies now operate almost exclusively on "scripts" and set patterns of behavior. In other words, there is a system to how each and every corporation or government entity does each and every thing that it does. Once you learn the system, all it takes is a little clever social engineering to pass your way through the entity's "checkpoints" (say, the question "What is your mother's maiden name?" or "What are the last four digits of your social security card?") and voila, they believe you are the person you're trying to become.
Honey, I shrunk the Cygwin
In my experience, the cops don't act because the banks just absorb the cost of these crimes.
I've had two bad experiences; once a box of checks were stolen out of my mailbox and used fraudulently for about $300 total, and once my credit card number was stolen and used for about $300 also. Both times the bank refunded me the money, although I still had to go through various hassles to clear my name.
The first time there admittedly wasn't much to go on in finding who did it. The second time, the woman used the credit card to PAY HER UTILITY BILLS, so she tied her address to her fraudulent use of the card! I called the companies and got her address. The thief was someone in Provo, Utah.
When I called my local (San Jose, California) Police Department, they basically said there wasn't much they could do about it. And I believed them because they hadn't done anything about my stolen checks.
So I called the Provo, Utah police department. I figured they would care more about having a criminal in their city.
The policeman sounded genuinely concerned, but after a while he called me back and told me that since the bank had refunded my money, technically THEY were the victims. The prosecutors will only act if the victim wants them to, and the policeman said in most cases the banks won't act. It's just cheaper for them to absorb the cost.
So, basically this identity theft issue is a big problem, but the people who are doing it know that as long as they don't spend too much then they will never get prosecuted. I'm guessing the woman who used my credit card to pay her bills knew this--I can't imagine a criminal would be so stupid to do this unless they knew there would be no consequences.
And, by the way, I consider myself to be relatively anal about shredding personal documents, not using my credit card at web sites that I do not know anything about, et cetera.
(And after the stolen checks, I got a locking mailbox, though it physically hurt me to do this--to basically send out a signal of distrust in my front yard.)
Yet my credit card number was still stolen. My gut feeling? I think it was probably a waiter at one of the restaurants I have been to. There's not much I can do about that other than carrying around large amounts of cash.
Every time you request a copy of your credit report, your credit rating declines. Doing it several times a year will quickly put you on the wrong side of the credit game.
Xman is right.
I know of a family friend who it happened to and the worst part of it was that it too "so many months" of agravation and the other person treated it liek it was a joke ruining her credit and charging things on her credit card...
Sincerely,
xman
(I just took xman's identity! just kidding.)
I have two good tips for people- I recently had to get a rather large line of credit, and had a few tips from the banker:
1) Have all your cheques, and credit cards just use your first and middle inital, and of course your full last name. That way, if someone is trying to forge your signiture, (at least for cheques) they have no idea how you sign your name, ie do you include the intials ect...
2) Use a strange name/password on all your bank accounts instead of your mothers maiden name. With all the info available in a wallet, this is sort of a last line of defence for you, you're better off using something they can't figure out themselves by doing a little research. You dont need to make it a 'strong' password (I can just picture someone talking to the operators at visa:'lower case h, upper case J, 5, ') but make it difficult to guess or research.
"If we knew what we were doing, it wouldn't be called research, now would it?' -Albert Einstein-
I feel more comfortable having the card with me (it's a huge headache going to the emergency room without it and having to pay/submit the bills later--it happened to my partner).
What I have done instead is to cut out my social security number from the card. It hasn't phased any of the people I've given it to at hospitals or clinics, they just ask me to give them my social so they can write it on the photocopy of the card that they make.
Already. My wife sells telecom equipment for a major vendor, and they've had one guy try it. He bought something, and wanted to return it, but knew their policy wouldn't allow it. Instead, he claimed he never placed the order, that it was someone else stealing his card. Nice, huh?
-Looking for a job as a materials chemist or multivariat
IMO this is just another case of the media sesationalizing news to drive up ratings.
No... it isn't. Allow me to elaborate:
My employer uses an electronic payment system provided by iPay. The other day, I was required to "re-regster" due to some "security enhancements". A long story short: the registration process hick-upped and I was able to pull up some serious information (accidentally) on *other people*. I could have done some damage with this info. Much damage. But instead, I called up, reported the event and switched back to the old mail-it-to-me method of compensation. It is worth it.
Another event happeed recently - I registered for DTE Energy for auto-deduct/electronic billing. After I had some trouble with the freakin' way the site handles cookies, I would up calling tech support. It turns out that DTE simply uses CheckFree.com to provide these services. In the process of registration, DTE simply *stole* my MSN Passport (it did not notify me and I had no idea that I had a checkfree account until the tech told me). When the tech support agent told me that my logon to checkfree was *my freaking MSN passport*, I bitched like hell and asked him to cancel my account. I mean, WTF? Do they think that I'd be happy to trust *Microsoft* with my checking account?
I could go on... The bottom line is that nothing is safe anymore. Democracy and Capitalism are mutally exclusive.
Life is the leading cause of death in America.
You've obviously never worked with any police departments before.
/Qualif.
I work at a software company that builds CAD (Comptuer Aided Dispatch) software, and builds the systems for Dispatch Centers. I get to spend regular time with all sorts of emergency centers around the country.
These people are some of the most underpaid, underappreciated lot in our society (with the exceptions of teachers). They work long, hard, mentally-disturbing stints...in a community that probably doesn't even give a rats backside port about them.
They place their lives on the line, every day...even for somthing as stupid as a pull-over for a bad tail light.
Here's the kicker...Identity theft is a minor offense...with extremely limited resources (thanks Bush for cutting back on this), which would you rather have them pursue $Priorities?"Murder":"Petty Theft";
Meh...my $0.02
If you are required to provide a social security number for some purpose, consider using 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it.
See this page.
The first problem, that SSNs are used everywhere, isn't really a security problem. SSNs aren't secret by a long stretch. To use them as passwords (as in problem 2) is just not right. The problem with SSNs being used everywhere is that it makes it trivial to combine records from different databases, which would not otherwise be easily automated. Gleaning information from databases that are combined can benefit companies, and hurt consumers.
Your health insurance people sure would like to know if you're ordering books on amazon.com that were also ordered by people who bought "Advancing Smoker's Rights" or "100% LARD - gravy recipes for every day of the month".. If every database listed your SSN, a unique identifier, it's a hell of a lot easier than figuring out whether J.Doe at 31 Palacestreet is also John K. Doe at 31 Palacest.
Of course, SSNs do make it easier to access information in general, so an identity thief can make life easier on himself by using your SSN to get ahold of your credit report or medical records, but that's not a failing of the SSN itself. That's just not keeping things secret.
Mother's maiden name authentication schemes suck ass (donkey!). In general not a lot of thought is given to security, especially when everything is done on paper; it took the internet before credit cards got those numbers on the back that change when you get a new card (smartest thing ever; my CCnumber is on the invoices I get. Which also list the expiration date when the invoice is for the yearly fee.. I've not been asked for the CVC/CVV code yet..)
It's basically a choice for convenience over security.
SCO employee? Check out the bounty
Fake identity (either fabricated or stolen) is more common than most people think.
......
I don't have the figures to hand, but here in Australia, there are several million more tax file numbers (the equivalent to Socian Security Numbers in the USA, or NI numbers in the UK) than the census would lead you to expect. The 'extra' tax files are basically criminals laundering money, various tax frauds (the second job in a false name to avoid tax) etc.
Trust me, you don't want to have your identity stolen.
A USAian friend some years ago had no end of trouble with the taxman there. She lived in NY, someone in Montana was working in a gas station under her SSN. Guess who got the tax bill?
The IR seemed to believe she was commuting most of the way across the USA for a part time job at minimum wage, and were very persistent in chasing her for the money. Every attempt to reason with them was met with "but our records show..."
Now imagine that the identity thief is not some redneck low-life, but a cocaine smuggler, international terrorist, serial killer
Quidquid Latine dictum sit, altum videtur (anything said in Latin sounds important)
You're right about that SSN stuff. I bank at Wells Fargo and until a few months(2-3) back, I only had the option of using my SSN instead of a username.
:)
I've used a key logger on my computer for ~2 years now(legal reasons). Whenever my friends visited my apartment, they would ask me to login so that they could check their email etc. I used to flatly refuse and tell them my machine had a key logger in it.
One way to check if a machine has a keylogger is to type some stuff like "yakyak", reboot and do a search for text files containing that term.
I had to do this a few times to convince my friends and sometimes explain what a key logger was.
In my department, somebody had installed Half life and what not on computers running NT. It never occured to me at that time that somebody might also run keyloggers in the dept computers.
2 reasons. One- Eventhough the admin never came down to the basement lab(mostly used by MS, Phd students), he kept meticulous logs.
Two- I didn't think anybody was stupid enough to risk their freedom(expulsion, jail, maybe deportation) doing such stuff and again because of the logs.
So if your at a friend's house or some public library/cybercafe, its possible that a key logger might be installed.
So in this case you might have to "pulpify" somebody's head.
Also, if your bank/credit card company offers online only statements, definitely sign up. It's saved me the headaches of keeping them safe. I can always ask my bank for previous statements if I need them.
I cut mine into strips with scissors. I throw away only every other strip, and hold onto the others for a couple of weeks before throwing them away in a totally different load of trash. Also, I always throw them away in the kitchen trash, which is more, well, disgusting
--MM
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
Remember that ID theft is generally a crime of opportunity. Given the choice between reconstruct a credit card application from a crosscut shredder ($50) or just go into a apartment mailbox or dumpster, I think the latter is easier. Common sense helps a lot, no need to lecture the obvious.
The "See ID" and other misconceptions are usually worse. Think how easily a fake ID can be obtained from any college campus.
I moved to the Northwest a few years ago and was denied a driver's license due to "a suspended license for DUI in New Jersey." I'm from Texas. Some bloke in New Jersey with my exact name AND BIRTHDATE got his license suspended in New Jersey. Database matched me to his record and I was denied. So, thinking aloud, I told the clerk/officer that I am from TX and had never lived in NJ, never visited NJ, never flew over NJ nor had been to a neighboring state of NJ (*not completely true - I did visit Binghampton, NY once*). Then I asked a question: did his SSN match mine? "No." *WHEW* I got my license. Strange that my identity was proven by a number specifically bared from becoming an identification number (until the 1970's).
One other story...I went to open a checking account when I moved to CA. I was denied and the reason given is that I had used a fraudulent SSN#. Huh? I asked to see the report from their system and saw that, according to their check of Social Security Admin records my stated SSN was issued BEFORE I was born. I asked to see the date that their system said the number was assigned. Let's say I was born March 12, 1968 (I wasn't). The SSA's record for my SSN had Mar 0, 1968 as the assignment date. March ZERO? Turns out until sometime after the 1960's the day of issuance was not recorded. Unfortunately three things converged:
- SSA didn't record the day of issuance
- My dad, being a CPA specializing in Tax, signed me up for a SSN within days of my birth
- Bank of America's DBAs decided that Null fields in the Day of issuance were Zeroes and, ergo, my birthdate 19680312 was after the interpolated issue date 19680300
So, I had to traipse down to the SSN office and get a signed document validating my identity. *Sheesh*-- @rjamestaylor on Ello
It's not identity theft, but just today I got a call from the title company that is handling the closing on the sale of my house, and lo and behold there are three judgements attatched to my house. Apparently there is another couple with my exact name and my ex-wifes middle name. Apparently they don't pay their rent or the judgements against them. Unfortunately, the attorney's for the plaintiffs against them (on three separate occasions unbeknownst to me) did a simple name lookup and found property with a name similar to the deadbeats and said, "Hey, when they sell their house... give the money to us!" I spoke to the courthouse, and they had no idea how I should go about fixing it. Now, I have to pay for an attorney to get everything cleared up... for the county's mistake! Infuriating.
There's no place I can be, since I found Serenity.
I don't think he is overreacting. Identity theft is much easier and more lucrative than mugging. You MUST protect yourself because law enforcement don't care or know what to do about identity theft. I should know because my identity was stolen a couple years ago.
The culprit sent the Seattle Post Office a change-of-address form on my behalf, forwarding my mail to his personal residense (in another state). I quickly changed my address back. I tried to get the Seattle Postal Inspector to investigate, but he did not care. He literally showed me the change-of-address card. He had the guy's fingerprints, handwriting, and HOME ADDRESS in his hands, but he said there was nothing he could do. He gave me his business card and sent me on my way. When I called him the next week, he replied angerly, "how the hell did you get this phone number?!" I guess he must not like his job because he is certainly not doing it well.
The culprit must have received some of my mail with my stock brokerage statements. A few weeks later he contacted my stock brokerages and told them to my new address was his home address. Thanks a LOT, Etrade and DLJ Direct! He changed my brokage address about SIX TIMES before I transfered all my funds to a new brokerage. The police in my state did NOT care. The police in his state did NOT care.
By this time, I had canceled my credit cards and put an alert on my credit reports. This saved my butt! Six months later, I get a call from Sears Credit Services asking permission to issue a credit in my name. The guy was trying to use my SSN (from my brokerage statements) to get a Sears credit card. Finally, the police were interested.
They captured the guy and he did three months in jail. This was just for credit card fraud. He did no time for inter-state mail fraud or tampering with my brokerage accounts. The police officer told me that he was surprised the guy even got three months because he was a first time offender, claimed to have a drug problem, and (to quote the police officer) "he looked like a god-damned choir boy".
Unfortunately, the story didn't end there. Six months later, I got my credit report and noticed some unpaid long-distance phone bills to his home address. I had to jump through many hoops to prove to the debt collection agency that those debts were his and not mine.
The greated irony is that this guy and I went to the same university. We share the same first and last names, but different middle names. In school, I would occassionlly receive a few of his letters in my mailbox, including checks (made out to our shared name), angry bank letters, and a break-up letter. I returned all of his mail to him, with an apology for accidentally opening his letters. He never thanked me.
cpeterso
Oh, SHIT. 'Cuz I've had my identity stolen.
Jokes aside, the questioner is NOT being paranoid. The complete lack of interest that AOL, eBay, and others showed in my IDTheft case convinced me that it's a complete fuster-cluck. Jurisdiction is hazy, so the cops want nothing to do with it, either.
First, don't know what OP meant by shredding and pulpifying docs, but that sounds a step overboard. The joke about outrunning the slowest target is on par here... unless you're rich, don't sweat things THAT much.
Second, I haven't seen mention of passwording bank accounts. Call your bank, ask them if they'll allow a passcode that must be given before releasing info. Mine wouldn't even give my sister a standard receipt for a deposit 'cuz she didn't know my code. They hand-wrote one without account info.
Get splashID, S.T.R.I.P, or some other hard-encrypted storage means for secure/risk data like unique passwords and credit card info. These two are for the palm OS. Both are great. SplashID is flashy, STRIP has a keygen tool that I use for random 8-char alpha/num/symbol passwords at work. Both use AES or similarly-hard encryption.
When in doubt, make like the Reb's did in the civil war... leave a burned swath all the way to the freakin' sea. When I got hit, I took an hour to realize and internalize that Yes, this was really happening and then decided to damn well stop things in their tracks. I asked for cancellation and new cards on any and all accounts. I contacted everyone and everything I had a financial interest or account with that was big enough to concern me (savings, checking, mortgage, phone company, insurance, credit-reporting agencies, stock broker) and notified them via phone (with a written followup) the situation in enough detail to make damn sure that if anyone REALLY good took my life apart that I could sue the banks/etc. for negligence after due notice had been given them.
Then I put in a bit of effort to hunt down and destroy the cockroaches who'd done this to me. That's when I learned how poorly-handled this is by everyone involved. It was educational. How educational? Well, let's just say it's enough to make me consider a short life of crime followed by a long comfy life in some tropical nation without extradition treaties. A classic moment included eBay refusing to give me information (or even capture it and hold it in escrow for possible subpoena by law enforcement) about an account opened in my name once I'd informed them that it was being used for Identity Theft.
All said, I wasted a huge amount of time, have endured a lot of inconveniences and a couple grand worth of losses and expenses. The cockroaches got away and tried again to use my info six months later. That time, nothing worked and they went away hungry thanks to all the passcodes, new accounts, etc. I'd put in place.
Six months ago, I volunteered to help find lost classmates for a reunion. It took me a couple days of spare-time searching to get even more unnerved about the availability of data. Without spending $10-20 for more-detailed reports, I was batting .600 (60%, for non-baseballians) at finding people. If I'd spent cash, a marriage database was available that I suspect would have taken me to 95% success. Success = full name including middle name, address, date of birth, place of birth, and enough optional details like employer, children, spouse, a narrowed list to use to guess relative names from, etc. Free. And fast.
I'm not gonna go full John Doe by Choice, but I shred religiously and I'm tempted to keep cancelling/changing accounts gradually, just to thin out the risk further. I read EVERY credit-card flyer that mentions fraud/theft protections, looking for ways to protect myself, and I plan to use a disposable credit card if travelling internationally.
I'm no doubt forgetting a
Right, I was actually referring to my bank's security plan - among other things they guarauntee that even on my debit card they'll have a 24-hour reimbursement time on fraud cases after I report them. I don't take out a seperate policy - it's part of the agreement, along with the FDIC insurance and all that other fun stuff.
I write code.
I've been lucky on this subject. I've only had one genuine attempt at fraud attempted on me, and I was saved by using a Commercial Mail Receiving Agent (CRMA). Think The UPS Store (formerly Mail Boxes, Etc.) I get all my mail of any importance there, even the state is willing to send stuff there now.
One day I received a letter in the mail thanking me for changing my address to somewhere in Colorado, and by the way if you didn't do this CALL NOW! Well, I did, the account was regenerated with new numbers, and all was well. While the Post Office tries to portray CMRAs as one step up from a fraud shop, they are an answer to many postal deficiencies and have thier uses. One thing is that the Post Office will not process change of address orders for a CMRA customer. This removes mail intercept as an option unless the thief somehow scams your agent. Without diversion, security letters can alert you to the problem.
This also makes delivery interception difficult if they try to scam places that only deliver to the credit card address. Also, the card companies are getting better about checking. I applied for a card to shift to a lower APR, and the card company called back with questions about my credit report and my use of a CMRA.
Sigmentation fault - core dumped
One way to check if a machine has a keylogger is to type some stuff like "yakyak", reboot and do a search for text files containing that term.
Also, look behind it for something like this but keep in mind it's also very easy to install something like that inside the case, even to the back-side of the motherboard where youn can't readily see it.
Let's face it, if somebody wants to steal YOUR identity, it's so fucking easy there's really nothing you can do to prevent it short of living like the unabomber and having no identity to steal.
The best you can do is try to prevent yourself from ending up in a lot of databases, and try to avoid using your credit card in places like grovery stores and gas stations where it's just going to pile up in a stack of receipts behind the counter, guarded by some punnk making 4.75 who doesn't give a shit about your AMEX with the $100000 limit. Most identify theft is not targeted - these guys harvest stacks of receipts and computer printouts, test which identies or credit cards are useable, and go from there.
I was also the victim of identify theft a couple years ago. It was a very *long*, frustrating and at times intimidating process to have everything returned back to normal. I think the warnings above should be taken seriously - it is very un-fun to have your identity stolen.
In my case I was *very* lucky because one credit card company tracked me down through my employer to verify that I had applied for an account (which I hadn't). I'm not sure what prompted them to do so. At that point they informed me that I was likely a victim of identify theft and the steps that should be taken next (which was a huge help because at the time I knew *nothing* about how the credit reporting agencies, etc. worked).
I called all the credit bureaus explaining I was a fraud victim and promptly received free credit reports from all of them. When I received these, I looked through the list of "current accounts" and observed that 3 credit card accounts (not mine) had been recently been successully opened in my name. In addition, I looked in the section that lists who has been *looking* at my account, and called everyone listed there to make sure there were no *pending* accounts. I discovered one more and had that canceled before it was even approved.
Initially a little scary, it was actually pretty easy dealing with the credit card companies (fraud departments) to have the accounts closed. Among other things, each company sent me an affidavit to sign indicating I did not open the account or make any charges. Several required these to be *notarized*. One credit card company (Fleet) was particularly slow in sending the affidavit and one day after receiving it, I received a rather nasty and threatening letter from another department at that company billing me for the $7000 in charges to the account because they had not received the signed affidavit from me.
Dealing with the credit bureaus was another matter. They sent me the credit reports in a hurry, but would not let me correct any of the account information. I could verify my name and SSN, but the address and birthdate they had on file for me had been switched (indirectly) by the culprit. It turns out that when you apply for a receive a new credit card, that credit card company will update your credit report with whatever address AND BIRTHDATE you put on that application form. So this is what happened to me... I had to mail in a paystub and recent utilities bill to "prove" I was at my new address. Once they had that, they reluctantly corrected my birthdate on file as well. Fortunately only one bureau had incorrect information.
At the same time, I put fraud alerts into all my credit reports, and opted out of all junk mail. (Certain credit companies can access your credit report to see if you are a good candidate receive junk mail from them.) I found it very annoying that you cannot put a "permanent" status on any of these things. Even though I've opted out, the occasional credit offer still comes through.
My best guess of what happened in my case is that a credit offer (junk mail) was sent to my old address and intercepted by the culprit (perhaps from the garbage if the current resident just tosses mail addressed to other people). I'm not sure how they got my SSN... I suspect one of the credit card offers listed it, or perhaps just didn't require it to be verified on the application. In the future I will be careful to update my address at the credit bureaus (I didn't realize one should have to do this, but I now realize it is a good idea) if for no other reason than to make sure junk mail gets to the right place.
As I said above, I was *very* lucky because one of the credit card companies caught a bogus application early. If they had not, then I probably would have been dealing with collection agencies and had all kinds of negative entries in my credit history. The credit bureaus really don't seem to give a rat's ass about having valid info or about helping you to correct mistakes. Negative entries stay in your rep
I moved 3 years ago and had the druggie who moved in after me at my former address open a credit card with my bank in my name (not too hard, I was born, married, and bought a house in this state). I didn't find out until 6 months later, since they'd never gotten payment (it was opened with the old address and for whatever reason no bills were ever forwarded to me). I got a call at work, from the bank, wondering why I wasn't paying on my credit card. "What credit card, I only have an ATM/Debit card with you?" Found it he'd opened it 2 weeks after I moved, don't know how he got all the info. He tested it for a fill-up at the gas station right down the street, then went to SF and filled up one more time, then bought a $1000 digital camera, and never used the card again.
I took the rest of the day off to get things taken care of (file a police report, call all the places I had major accounts with, write them letters, etc.). Basically nothing came of it, it was marked fraud and removed from my credit report (but would have caused me problems if I'd not known about it and had been trying to buy a car or a house, fortunately I'd already bought both).
Since then I've had another credit card used fraudulently. It's a card I use exclusively for online purchases, nothing else. I was happening to check the balance and saw 3 charges the day before, two in England and one in France - two were expensive travel cruises and one was for a couple hundred dollars worth of sports gear from an online store (all of it booked online). I called my credit card company and told them I had no clue what the purchases were. They put a freeze on the account and none of the transactions went through (even though I'd not have been liable anyway), but that was just dumb luck.
What I really like about that credit card company (MBNA) is that they new offer a feature called "Shop Safe." It allows you to set a maximum amount for a purchase and an expiration date, and then generates a temporary credit card number. I love this idea and I cannot understand why more companies don't do it.
I really think credit card companies should allow you to specify that you won't allow the card to be used for online purchases. I've got 3 cards with photos on them, and that's how I'd have those set: no purchases that are not in person (ban both online and phone purchases). For those purchases I'll generate a random number thru MBNA with a cap set.
Even that wouldn't stop the places that don't have humans handling the cards (gas pumps, self-checkouts at Home Depot, etc.,) and even places with humans aren't helpful (restraunts never ask for ID even with it written on the signature strip, and some places with the VISA/ATM stand out for the customer to swipe it themselves).
My brother was recently doing credit checks and compiled the following info for those that wish to (if you're denied a job or credit, you're elibable to free report):
credit report info.
Actually been the subject of Identity theft? I have(well Actually my parents) anyways a couple of quick notes. They dont only go after the rich. Were in the true middle class on a good day. And to the best of my knowledge neither I nor any other parts of my family have ever entered credit card information from anywere besides the computer I'm typing from now, and the one in the other room. My parents were paranoid about this for years to so even before it happened they would shred or burn all sorts of diffrent documents we got in the mail. Luckily after a few large purchases we were notified by our credit union and the account was canceled, but in just over 2 hours some bastard got 5,000 dollars worth of electronics, gas, and movies using our cc.
On another note, when someone steals your identity, and rings up huge expenses, and you dont pay them because you didnt buy the stuff who pays it? Your bank or the store or uncle sam? How much money is wasted like this every year?
I've been the victim of identity theft, myself.
/. you really need to work on your reading comprehension skills). Apply some of that same caution to your identity and personal accounts.
In my case, it was an employee of the credit union which I used to bank at. They ordered a duplicate ATM card in my name, and picked it up from my mailbox while I was at work (about five years ago).
While they had the card, they would place fake deposits (empty envelopes) in affiliated credit union ATMs (all CUs in this area share ATM facilities) -- giving as much credit as the 'deposit' was listed as having available for withdrawal immediately -- and the credit union would be none the wiser for almost a week until the deposit slip made it into their hands.
I actually noticed what had happened before the credit union did. I noticed that my available balance was WAY higher than it should have been, but my daily withdrawal limit had been reached.
It took several months, a police report, several meetings with the bank and an indefinite fraud alert on all my credit reports to clear things up. The police began working with the bank. The bank gave me some clues to the effect that they believed it was an internal job -- but I was never able to find out the results of the investigation.
All that said, I make it policy to:
1. Only have vital mail shipped to a *secure* location. This means a locked mailbox, a P.O. box, or at the very least mailed to your work address, where you routinely are during delivery hours.
2. Bitch and moan until I'm blue in the face if I'm anywhere that prints the full number on credit card receipts. If you complain loud enough, even the corner Starbucks will make a call to their merchant account provider and have their unit reprogrammed.
3. I flat-out refuse to give out my Social to anyone, save employers or the government. No-brainer here. Potentially messy when renting an apartment, however.
4. I refuse to allow my ID card to be swiped for verification purposes (my state has a magstrip on licenses with all sorts of personal data), and I also refuse to give out any personal information to sales clerks.
They'll complain like hell at Radio Shack or the local liquor store ('I'm sorry, those are the rules') -- but after they start losing sales because you refuse to comply, they'll soften their corporate stance considerably.
5. I *read* all my bank and card statements, and I know within $10 or so how much I have available in every account. If things look weird, I investigate.
The short of it: identity theft, however big or small can happen to anyone. My practice is to apply some common sense to minimize my exposure -- but, let's face it -- it's easier for a disgruntled waiter to copy down your credit card number than for someone to outright steal your identity.
Be smart. You patch your systems religiously (if you don't and you're on
Sacrifice a little convenience (paying cash for dinner) for a little piece of mind, but don't go too overboard. Just be AWARE.
Don't bother buying a document shredder. This is not because documents can be reconstructed but because it is a distraction promoted by credit reference agencies. For example, the UK branch of Experian is run as a franchise by a retail group. Said retail group sells shredders. Said retail group has taken to advertising shredders. Said retail group cites Experian's figures in its adverts. Said retail group may also have shares in the company makes shredders.
So, I'm supposed to buy a shredder from a sibling company of a credit reference agency. Meanwhile, they distribute misinformation about me and deny liability. Yeah, right.
Transfer your money to any bank in Switzerland. They are required to performa proper cutomer authentication by the Swiss banking law. And they do it very well. Even a normal bank account is 'secret': They will not tell anybody that you are a client even if they ask directly. Nobody has access to your money except of you. A bank reprenstative who does not properly authenticate a client, goes to court. And penalties for insufficient carefulness in banking business are high in Switzerland. So as a bank rep. you better be very careful.
For the "pre-approved" credit cards, first remove any personally identifiable information, like the barcodes - you know, the ones right under where it says that you'll be subject to legal action if you tamper with the envelope. Seal it, and toss it in the mail empty. That part is just my revolt against the corporate thieves that charge 24.99% APR - $0.34 scored against them. Pretty lame, I know, but credit card debt is going to be the most likely thing to further damage our economy in the long run, IMHO. Of course, the contents of the credit offer are shredded.
You mention mail..
If you live in a rural area like I do where our mailboxes are simply conventional, lockless boxes at the end of the road (NOT in front of our houses, or in a super-mailbox), stuff very easily walks away.
I've had credit card bills go missing and the like; Viagra perscription charges appeared on the next bill.
Maybe it would be wise to take out a PO box or something..
Hey I love tangents as much as most people (*cough cough*) so could we please get back to the main topic:
What can we do to prevent/hinder ID theft?
Does anyone know of a good free way to check your credit rating? I think some banks give you a free anual report. All of those 'free' credit report companies just try to dupe your report and sell it.
Here are a few suggestions:
Don't use your full name on your voicemail/annc. machine.
I use a fake 'mother's maiden name'.
I live with roomates, so I know how easy it is to packet-sniff and reconstitute everyone's websurfing. They have free utilities that a two-year-old could use. I don't really know how to stop sniffing though. Any suggestions?
People (even people I trust) do use my computer without permission. Put a screensaver password on, don't use the admin account, use something like TweakUI to automatically clear your IE caches. I personally can remember my passwords and account numbers, but if you can't do that I'd suggest encrypting all of it (be sure to never write down or leave traces of your key).
Wear an aluminum-foil hat. The CIA reads your thoughts with satellites.
Ok that's my 2 cents, just IMO.
-Anonymous aluminum-foil hat Coward
The 'free checks' in the mail thing is something I can comment on. In addition to your bank, many revolving credit accounts (ever buy something 6 months - same as cash? - you opened a revolving credit account) send these checks. The revolving credit account is not closed when you pay off the purchase. YOU HAVE TO REQUEST THAT IT BE CLOSED ask for it in writing, so they are technically issuing credit on an existing account. I moved to a seperate state, got married, moved into a house, and was attempting to refinance the home when I discovered that a large financial institution had issued over $7,000 in loan checks (two seperate incidents) based on letters sent to a two year old address. The police were worthless. The bank wrote off the loss after it became clear that it was a case of mail fraud. I learned that you really do have to watch your finances closely. fuster cluck all around. I understand why it happens - it is easy money - low hanging fruit, with little chance of prosecution and little punishment if you do get caught. banks write it off and move on - I guess the financial sector makes a big enough profit to wrote these things off. BTW, it delayed the refinancing almost 5 months to get it all straightened out.
First, don't know what OP meant by shredding and pulpifying docs, but that sounds a step overboard. The joke about outrunning the slowest target is on par here... unless you're rich, don't sweat things THAT much.
ID theft doesn't always have to do with credit fraud or bank account withdrawals. A friend of mine recently had his SS# stolen by an immigrant who wanted to work in the US. My friend got a letter from the IRS saying he owed them $5,000 unless he could PROVE that he didn't work for a certain contractor in Dallas during 2001. Keep in mind the IRS didn't have any dates, so unless he can get this shady contractor to sign a document saying he doesn't know my friend, and never hired him, he is basically screwed out of $5,000. Because there are certainly some days in 2001 that he was not working, or cannot prove he was working, in San Antonio (where he lived at the time) -- so he could have been in Dallas. Of course this kind of thing is going to happen more when you live near the border....
So there are other ID theft concerns besides the obvious credit / bank account issues. I've also heard business owners complain (on Slashdot) that credit card companies generally take the side of the consumer who says 'I didn't buy that' as opposed to the business that says 'I just sent out merchandise and I'm not getting paid for it???'
Maybe partying will help...
Tip: Don't carry your Social Security number in your wallet. If your wallet is lost or stolen, the thief would have everything needed for any credit application, since your name, address, and birthday are on your driver's license.
Note that most health insurance companies put your SSN on your health insurance cards. If you're paranoid that you'll end up in the emergency room and they won't treat you because they can't find your insurance card, then make up a card with the carrier's name, the policy number, and a list of phone numbers of emergency contacts.
I won't bore you with the saga of my friend who had her identity stolen. It would sound like an urban legend. The theft not only resulted in horrible damage to her credit report (that lasted for seven years), but trouble with the law (because the theives bought a car that was used for drug running under her name) and hassles from the IRS (because her SSN was sold to others who were employed with her name and SSN, making it look like my friend had not reported income). All of this happened because of a purse-snatching.
It happened to me also, credit cards issued in my name (but not to me) my personal line of credit max'ed out, store cards issued in my name, my snail-mail redirected to get the cards, statements, and account information.
In all cases, I did just that, tool them to "prove it *was* me" and none could. In the base of my bank and the line of credit, they set up a new account transfered the missing funds back into it, and ask me *not to talk about it* and that the problem would just go away forr me.
They do not what to admit that thier security is SO BAD that a stranger could call them up on the phone and add new names to my line of credit account (as a new join member) have checks issued to a *different* mailing address and max out the $50K in less then a month.
Yes my account (line of credit) was frozen while the "internial investigation" was happing (about two weeks) but other then that little pain, no harm, no problems.
All of the credit card companies also just wanted the problem to be cleaned up without much noise. I have flaged my credit records as a victum of fraud and that stopped any new problems from coming up. And yes, pay or not, GET YOU RECORDS and check!
One last note: I asked my bank manager, how can I stop this from happening again, the answer was "you can't!"
Just got my pay stub today ... it has my name, address, job title, company name, company address, employee number, but NO bank account number or SIN (the Canadian equivalent of SSN) on it, and this is basically a receipt for direct deposit.* I'm a little more secure in that respect. It's actually illegal in Canada to use the SIN for any purpose except for ones related to reporting taxation information to the government, so it doesn't show up in a stupidly large number of places.
*(My pay stub is actually a deterrent to identity theft because it shows that I don't have enough money to be worth it ;-)
"Having someone's social security number is one thing. Having their current address and an account number or two is much worse."
Actually I have worked at a big bank (as a coder) and received actual anti-fraud training. The two most prized pieces of information by fraudsters are the SIN/SSN and date of birth. Using only those two things they can usually get government, postal service, credit bureau, etc. officials to 'confirm' tax information and then get your name, address and employer. Using that your identity is basically 0wnz0r3d.
So the moral of the story is that you should protect your SSN/SIN more strongly than your bank account number(s) because it can be used as a 'root-cause' for a whole lot devious actions where any stupid government official can set it in motion, where a name and bank number requires your bank and nobody else to be stupid enough to set it in motion.
If it's truly your signature, then you are liable for fraud, but that is a matter to be determined by the courts. The $50 limitation comes AFTER you call in the stolen card report. They cancel your card, and you are liable for a maximum of $50 from the moment of call-in)
The liability limit is a safeguard, but far from sufficient. I've known at least one person with stolen identity, and that took most of a year to work through the ramifications. To add to this, that person worked at the bank that issued the cards.
There are several problems (probably more then what I'm listing here....)
1) Credit Reporting information is not protected. You can be effectively cutoff from modern financial life with no recourse (no checks, no credit, and signifigantly reduced employability).
2) You need to discover the fraud before the liability waiver is invoked. This can often be extremely difficult (in more sophisticated thefts you will never be mailed a staement to check!)
3) The beauracratic wheels often are relentless regardless of legal constaints. This was the primary issue with my aquaintence dealt with. Reversing charges in one month does not mean those charges will not continue to keep reocurring in future statements.
Of course IANAL, but I've at least watched this issue for a while.