Identity theft Happens Predominantly Offline

prostoalex writes "Worried about identity theft online? Relax, say the Feds. You're much more likely to have your identity stolen offline (72% of the cases). In half of all the cases, it's the friendly relatives, neighbors and friends who steal the identity of the victim. Moreover, those watching their financial accounts online lose approximately $551 per incident. The average rockets to $4543 for those relying on paper statements from their banks and credit card companies."

Re:this is why

[Peyna]

The two times I've had my credit card number stolen it was traced to a clerk or cashier at a location I had used my card. When it comes down to it, your information is only as secure as the people you give it to, and in most cases, it's the person standing behind the counter that you hand your card to that becomes the liability.

Which is why I now always pay at the pump, and try to avoid any situation where my card will be in the hands of someone else. Most places where you swipe the card yourself, the cashier does not have access to that information. Although, I used to work a grocery store, and while the receipt didn't contain the full credit card number, the roll that kept the transaction log at the register did, and it would have been very easy for myself or any other employee to simply take the roll when we were heading to count our cash drawer and pick a few names and numbers to use.

I imagine that most cases of "identity theft" are simply credit card fraud, and usually is not the result of someone dumpster diving for information.

Re:this is why

[Peyna]

As a follow-up to this; I've also found that having online access to my account information (something many people are weary of due to supposed security issues), enabled me to catch the unauthorized charges almost immediately (in one case, before the charge had even cleared). If I had to wait around for a statement in the mail, I imagine they would have been able to charge a lot more to my account.

Another thing is that you should never use your debit card at a retailer, only at an ATM ran by your bank (unless you're really desperate for cash.) Very few banks offer the same sort of protection against fraud that credit card companies do. Most credit card companies will excuse any liability for any charges that you did not make.

Take steps to prevent it

[superid]

Our identity was stolen to the tune of $13K. Apparently the trail started with an inactive discover card account. Somehow the first person (there were eventually many) phoned discover and got them to change the billing address from my house to some place on staten island. As far as I knew this card was inactive and unused.

One thing all the credit card companies and bureaus (Equifax, etc) told us to do is to call their fraud hotlines and put a block on each card that keeps anyone from changing the mailing address. ( no I don't remember what happens if I actually DO want to move...I've been here 20 years and I aint movin...con sarn it)

Re:Phishing?

[null+etc.]

Phishing will really be a threat once phishers become more sophisticated. I receive about 10 phishing attempts per day, and almost always the scam is given away by one of the following:

1. The phishers attempt to scare me by saying if I don't respond within 24 hours, my account will be disabled. No financial institution would impose a deadline like this, since it's not guaranteed that people check email every day.

2. The phishers have atrocious spelling, like "we noticed some unnusual activity on your account, and we are going to temporally disable it unless you provide your authentication credintials."

Re:It amazes me how bad retailers are

[damiangerous]

A card that says "Ask for ID" is treated as an unsigned card. A merchant should make you sign the card before accepting it. Otherwise they're not eligible for "Card Present" protection.

Re:28% Is Still Online

[Ahnteis]

28% of identity theft happens online.
NOT 28% of online transactions result in identity theft.

The first statistic is pretty much completely meaningless unless you put in other facts.

Re:this is why

[afidel]

The only time I was the victim of credit card fraud my bank caught it before anything happened. They called me up to ask if I was attempting to make such and such large transaction, I stated that I was not, they said that they had thought not. Their fraud detection computer had flagged my account after another small value transaction had been recorded for a specific amount, aparantly the theives had starting making large numbers of purchases for small values and the repetition of those values had tipped the computer off that something wasn't right. Aparantly the thieves were testing to see if the cards would work. After telling me that she would decline the transaction and flag the account the nice lady at the CC company asked me if I could think of any time in the last week that the card had been out of my site, I told her that I could only recall one time at a restaurant where the waitress had taken my card away, she said that this fit the patern they were seeing. I guess a large organized group had persuaded waitresses at a number of national chains to skim cards by posing as bank security people testing a new system. The amazing thing to me was that despite the appearance of this being a large, organized plan with probably high potential impact I never heard anything about it in the media.

Btw if you have a Visa checkcard you are generally covered under the same $100 max liability as a normal credit card, but you should check the specifics with your bank and the written contract you signed, I know that the four that I signed up for or seriously looked at all had the same coverage.

Re:this is why

[damiangerous]

That was somewhat true when debit cards were first introduced (there was $50 or so liability then), but hasn't been the case for a very long time now. Any debit card with the Visa or MC logo has the same level of fraud protection as a credit card.

Re:I blame lazy CC industry

[afidel]

I'm with you, I've had a smart card for the past 5 years yet I have had a total of 3 places use it in their smartcard CC reader, this is with using my CC as digital cash for everything possible every day. Add to this the fact that we don't have photo's as standard features on all CC's and I've concluded that the credit card companies just don't care. It must not be a big enough problem for them to worry about. Amex's net profit for the fourth quarter of 2004 was nearly $1 Billion, and they are the smallest of the big three CC processors!

Re:this is why

[ShawnDoc]

My parents who live in rural Oregon have one. It's got a tray that opens up and has a slot for the mail to go into. To get the mail out you need a key to open a large door on the front. Kinda looks like a miniture version of the large blue post drops that you find in the city, only small and it fits on a mailbox pole.

BMO is worse.

[mopslik]

They limit you to a 7 CHARACTER PASSSWORD!

Bank of Montreal is worse -- all passwords are between 4 and 6 characters. In fact, their FAQ lists 6 characters as a "good" password. Scary.

Reduce Junk Mail.Reduce the Risk of Identity Theft

[$criptah]

1. Take out every credit card and call every agency. Tell them that you do not want your information to be shared with anybody. That will reduce the risk of id theft due to less junk mail.

2. Get a good shredder. Shred every piece of useless mail with your address on it.

3. Sing up for paperless delivery of credit card statements and loans. Most companies use secure servers and if your ISP uses SSL then you can safely get mail in your inbox. The inbox can be archived and encrypted in the future.

4. Sign up for electronic bill pay through your credit card. Your bills will be paid on time and you will get less mail. Remeber, somebody can get your address w/o taking your mail.

5. Inspect your credit reports from three major agencies at least 2 times a year.

6. Call credit report agencies and tell them not to share your info with any other institutions. CC agencies love to do that, especially if you have loans.

7. If you get junk mail, see if you can opt-out. If you can, do that; otherwise, the companies who send you this shit can be in trouble.

Picture on Credit Card

[digerati00]

Best option is to request your credit card company to have your picture printed on the CC. Citibank does this and hopefully all others will follow. I have had many cashiers commenting on how cool it is to have the picture on the CC.

Lemme do the math

[Dark+Coder]

Lets count the times that an identity theft occurred NOT by your close ones (relatives, neighbors, friends).

28% is on-line
39% is off-line by strangers (78%/2)
equals
67% by strangers.

So, 1/3 of the ID theft is by someone you know. 2/3 is strangers.

Tips to safeguard yourselves:

1. Look in your wallet/purse and remove SSN# from all ID cards
a) Medical card
b) Dental card
c) Old-man fraternity lodge
d) Military ID
e) and yes, your state drivers license (in dumb states only)

You can verbally give your SSN# to the cop/doctor/guard if and when you get challenged. And no, you won't be fined for tampering with the license. Three Federal Statues will protect you on this formerly malicious act (IANAL, but I did it).

2. Use shredders on the following containing account numbers, ID# or SSN#
a) bank statements
b) loan offers
c) utility bills
d) FAXes
e) virtually anything with your SSN# (and account #)

3. Perform lockout of your credit history. It is free to do. $10 to unlock it (how often do you apply for credits?)

4. Religiously apply for opt-out with insurance and financial institutions for your rights on Privacy Act. This hopefully eliminates sharing of your information.

Above steps goes a LONG WAY to drastically minimizing your vulnerability level and will go to bolstering your legal case against the identity theives, if and when, they get caught.

Carpa Diem!