Identity theft Happens Predominantly Offline

prostoalex writes "Worried about identity theft online? Relax, say the Feds. You're much more likely to have your identity stolen offline (72% of the cases). In half of all the cases, it's the friendly relatives, neighbors and friends who steal the identity of the victim. Moreover, those watching their financial accounts online lose approximately $551 per incident. The average rockets to $4543 for those relying on paper statements from their banks and credit card companies."

this is why

[greechneb]

The best purchase you can make is a paper shredder, preferably a cross-cut model. When you get your mail, either shred it, or file it right away. A pile of mail sitting around is an easy target, especially if it isn't opened - you probably won't miss it if you haven't opened it. Shred everything, even those credit card applications. You don't want any information easily available!!!

Re:this is why

[ad0gg]

Problem isn't people going through trash, its people stealing your mail from the unlocked mailbox most people have. Best solution is getting a lock for you mailbox.

Re:this is why

[Xzzy]

> Which is why I now always pay at the pump, and try
> to avoid any situation where my card will be in
> the hands of someone else.

There's another option: pay in cash. People that try to steal that stuff generally get caught a lot quicker, and even if they don't get caught it doesn't hurt you in the slightest.

Credit cards are handy things, but using them to replace cash for day to day purchases is asking for trouble.

I suppose if one is constantly getting mugged the above may not be sound advice. For the rest of us, it's much safer.

Re:this is why

[gellenburg]

Yes, but the difference is with a CC the funds aren't immediately taken out of your checking account if there's fraud.

Weouldn't it suck if you bounced your rent or mortgage payment because someone racked up fraudulent charges against your DEBIT card dropping your bank balance to near zero?

And, have you ever tried to get your money back in that case? It can take upwards of sixty days with some financial institutions.

The parent poster is right. NEVER use your debit card unless you absolutely have to.

Re:this is why

[miskatonic+alumnus]

One could, of course, build one.

Phishing?

[homer_ca]

Do they count phishing as online identity theft? That's really taken off the last year, and it's a lot more efficient than dumpster diving.

Yes but...

[kawika]

Identity theft was ALL offline 10 years ago. So are we supposed to ignore the phishing problem until it reaches 50 percent? The rate of growth in the crime is no doubt much higher online, the same way that the growth in Internet ecommerce was much higher the past holiday season.

Plus, there are some sorts of identity theft that really only make sense online, such as eBay and PayPal scams.

Stats and FAs

[bartok]

Yeah but if it's 20 million people who lost money enough to average 551$ and onlt 500 000 people who lose a few grand, there's still cause to worry. Statistics can mean anything... especially if like me, you haven't RTFA.

I blame lazy CC industry

[Ars-Fartsica]

Are you telling me the best they can do is a card with my password embossed right next to my name? As fas as I am concerned the CC number is a password since that and the expiration date are all that are needed to pilfer funds.

The CC industry needs to create a secure credit card. Until they do, fraud cannot be stopped.

Re:It amazes me how bad retailers are

[kaustik]

I've worked in retail before and have seen many people do this. Personally, I find it amusing. Nowhere in either the store policy, or state law, did it mention anything about following cutomer direction on the back of a credit card. You are not only wasting your time, you are causing potential confusion for the poor $5/hr kid behind the counter.
Maybe I should start writing things on the back of my card - "Give 5% discount", "Shake hands and smile", or "I'm 17, too babe, it's legal".

Cow Orkers and Cube Farms

[Tackhead]

> I'm actually surprised that co-workers aren't a bigger piece of the statistical pie on this one. They often have access to records, PCs, the all important "work number" and so on. I've run across those incidents, and am amazed they're not more common.

You forgot the most important factor: cow orkers overhear everything within a 3-cube radius.

With the web, it's not too bad -- but sometimes you have to deal with IVR (interactive voice response) systems, and that's when you get into trouble.

I can't tell you how many times I've heard a cow orker enunciating a credit card number (or SSN, or bank number, and sometimes both), one digit at a time, into an IVR mechanism.

Adding insult to injury, the IVR system is sometimes used as a front-end to enter the "numbers" data without human input before the call gets sent to India. I can tell when this is happened when I hear a pause between the numbers, the usual "Hi, I'm calling about... (pause) ...her name was Florence."

Thanks, buddy! Now I've got your mother's maiden name, too!

Keyloggers = offline?

[Kentsusai]

Hey /.tters
Sorry to go off on a tangent.

But when they say "offline" does that mean "not on a computer" or "not on the internet"?

Because the other day I was at a public terminal and I noticed someone had installed a keylogger. Guess they wanted to collect everyone's information (i.e. passwords and usernames) and return for them at the end of the day.

Technically, that is not online. Is it?

Correct me if I am wrong

Thanks :-)

Not quite the nightmare you portray

[coinreturn]

It's not as bad as you state. I've been a victim of identity theft / credit card fraud / check fraud on several occasions. Each time, I was able to straighten things out without the gigantic hassle the urban myth pushes. My credit remains as stellar as it was before the incidents.

Re:It amazes me how bad retailers are

[hal2814]

You do not have to ask for id just because it says to on the card, but every credit card merchant account agreement I've ever been part of (as a tech consultant for several clothing stores) states that we must verify that the signture on the back of the card matches the one on the receipt and/or check for proper identification. It might not be store policy, but the store did agree to do either check the signature or id and as a consumer, I'd like to do all I can to ensure that the store lives up to their part of the bargain.

Re:It amazes me how bad retailers are

[LetterJ]

The flip side of pretty much every cardholder agreement is that unless the card is signed, it's not even valid. So, technically, the merchant should be entirely refusing the transaction for all of the "see id" crowd.

When I worked in retail, I often didn't check the ID (because I'd already checked it for a given customer 3-4 times before and have a pretty good memory) and occasionally would get yelled at with the exact argument you mention, i.e. the store in violation of their merchant agreement. They didn't like it when I threw the fact that they were also in violation each and every time we even ran the card through our store.

Good God! DONT ASK FOR PAPERLESS STATEMENTS

[Dark+Coder]

Most of the financial and insurance institutions who implement paperless statements send it UNENCRYPTED over SMTP protocol.

DON'T DO THIS STEP.

Only extract the statement from the institutions' secured web pages.