Identity theft Happens Predominantly Offline

prostoalex writes "Worried about identity theft online? Relax, say the Feds. You're much more likely to have your identity stolen offline (72% of the cases). In half of all the cases, it's the friendly relatives, neighbors and friends who steal the identity of the victim. Moreover, those watching their financial accounts online lose approximately $551 per incident. The average rockets to $4543 for those relying on paper statements from their banks and credit card companies."

this is why

[greechneb]

The best purchase you can make is a paper shredder, preferably a cross-cut model. When you get your mail, either shred it, or file it right away. A pile of mail sitting around is an easy target, especially if it isn't opened - you probably won't miss it if you haven't opened it. Shred everything, even those credit card applications. You don't want any information easily available!!!

Re:this is why

[Rosco+P.+Coltrane]

The best purchase you can make is a paper shredder, preferably a cross-cut model. When you get your mail, either shred it, or file it right away.

You're so right! I do that with email too: print them, then shred them thin. No more spam or viruses, nosiree.

Re:this is why

[ad0gg]

Problem isn't people going through trash, its people stealing your mail from the unlocked mailbox most people have. Best solution is getting a lock for you mailbox.

Re:this is why

[Peyna]

The two times I've had my credit card number stolen it was traced to a clerk or cashier at a location I had used my card. When it comes down to it, your information is only as secure as the people you give it to, and in most cases, it's the person standing behind the counter that you hand your card to that becomes the liability.

Which is why I now always pay at the pump, and try to avoid any situation where my card will be in the hands of someone else. Most places where you swipe the card yourself, the cashier does not have access to that information. Although, I used to work a grocery store, and while the receipt didn't contain the full credit card number, the roll that kept the transaction log at the register did, and it would have been very easy for myself or any other employee to simply take the roll when we were heading to count our cash drawer and pick a few names and numbers to use.

I imagine that most cases of "identity theft" are simply credit card fraud, and usually is not the result of someone dumpster diving for information.

Re:this is why

I tried that, but it didn't work out right. I locked my mailbox shut, but the mail carrier hasn't delivered any of mail since then. Strange...

Re:this is why

[Peyna]

As a follow-up to this; I've also found that having online access to my account information (something many people are weary of due to supposed security issues), enabled me to catch the unauthorized charges almost immediately (in one case, before the charge had even cleared). If I had to wait around for a statement in the mail, I imagine they would have been able to charge a lot more to my account.

Another thing is that you should never use your debit card at a retailer, only at an ATM ran by your bank (unless you're really desperate for cash.) Very few banks offer the same sort of protection against fraud that credit card companies do. Most credit card companies will excuse any liability for any charges that you did not make.

Re:this is why

[afidel]

The only time I was the victim of credit card fraud my bank caught it before anything happened. They called me up to ask if I was attempting to make such and such large transaction, I stated that I was not, they said that they had thought not. Their fraud detection computer had flagged my account after another small value transaction had been recorded for a specific amount, aparantly the theives had starting making large numbers of purchases for small values and the repetition of those values had tipped the computer off that something wasn't right. Aparantly the thieves were testing to see if the cards would work. After telling me that she would decline the transaction and flag the account the nice lady at the CC company asked me if I could think of any time in the last week that the card had been out of my site, I told her that I could only recall one time at a restaurant where the waitress had taken my card away, she said that this fit the patern they were seeing. I guess a large organized group had persuaded waitresses at a number of national chains to skim cards by posing as bank security people testing a new system. The amazing thing to me was that despite the appearance of this being a large, organized plan with probably high potential impact I never heard anything about it in the media.

Btw if you have a Visa checkcard you are generally covered under the same $100 max liability as a normal credit card, but you should check the specifics with your bank and the written contract you signed, I know that the four that I signed up for or seriously looked at all had the same coverage.

Re:this is why

[damiangerous]

That was somewhat true when debit cards were first introduced (there was $50 or so liability then), but hasn't been the case for a very long time now. Any debit card with the Visa or MC logo has the same level of fraud protection as a credit card.

Re:this is why

[Xzzy]

> Which is why I now always pay at the pump, and try
> to avoid any situation where my card will be in
> the hands of someone else.

There's another option: pay in cash. People that try to steal that stuff generally get caught a lot quicker, and even if they don't get caught it doesn't hurt you in the slightest.

Credit cards are handy things, but using them to replace cash for day to day purchases is asking for trouble.

I suppose if one is constantly getting mugged the above may not be sound advice. For the rest of us, it's much safer.

Re:this is why

[nikai]

Haha, where I'm living (Austria), everyone has locked mail boxes at the moment. Only the mailman has got a second key to the box.

However, our mail system is getting privatized, and the new mail services demand access to these locked boxes, so they can deliver mail as well. Now legislation has RULED to replace our locked mail boxes with UNLOCKED ones, in order that everyone can access them.

May those idiot politicians rot in hell.

Re:this is why

[ikkonoishi]

Thats why I think the credit cards should work with a preapproval system.

Basically for any purchase larger than say $50 you have to call the company and get the purchase approved. The company then gives you a transaction number that will charge to your card number once, but then never work again.

The phone system could have a voice identifier and maybe a limit to what numbers could call to approve things. (Home phone only so people would have to break into your house or at least hack your lines to accomplish much.)

The phone system would be a point of failure for security, but at least it would be a centralized point of failure rather than trusting basically everyone on the planet not to steal your card.

If my bank had put this much thought into their system I would certainly pay to use it if I made many credit purchases.

Re:this is why

[ShawnDoc]

My parents who live in rural Oregon have one. It's got a tray that opens up and has a slot for the mail to go into. To get the mail out you need a key to open a large door on the front. Kinda looks like a miniture version of the large blue post drops that you find in the city, only small and it fits on a mailbox pole.

Re:this is why

[Jaycatt]

My father put a padlock on the front of the box, and leaves the box open with the unlocked padlock inside. He worked out with the mailman so that when the box is filled, the mailman locks the padlock on. After my father gets the mail, he puts the unlocked lock back in the mailbox.

Works great, except that he's lost two locks in three years. But, he bought about six locks all keyed the same way, and they're pretty inexpensive.

Re:this is why

[gellenburg]

Yes, but the difference is with a CC the funds aren't immediately taken out of your checking account if there's fraud.

Weouldn't it suck if you bounced your rent or mortgage payment because someone racked up fraudulent charges against your DEBIT card dropping your bank balance to near zero?

And, have you ever tried to get your money back in that case? It can take upwards of sixty days with some financial institutions.

The parent poster is right. NEVER use your debit card unless you absolutely have to.

Re:this is why

[miskatonic+alumnus]

One could, of course, build one.

Re:this is why

[4of12]

Tips in restaurants can be calculated to the exact penny.

Sounds a little imprecise to me.

I've found that waitresses are much more impressed when you leave the exact 15% tip, which is why I carry penny wedges cut into slices of US$0.0005 denomination.

Add three of those twentieth of a penny wedges on the table and it really says you care.

Now is the time..

[Norgus]

To start stealing IDs online, you guys are WAY behind your quota!

It amazes me how bad retailers are

[hsmith]

I worked in retail for awhile, I learned a trick for myself. I write "ASK FOR ID" on the back of all my credit/debit cards.

RARELY do i have someone ask to see my identification, no matter where I go. it amazes me how easily it is to get away with small things like this.

But I do urge everyone to do that with their credit cards, it may not always be checked, but it is better than a scribble on the back. But while in london, I almost had a pub owner take my CC because my name was't "ASK FORD ID", arg.

Re:It amazes me how bad retailers are

[Rosco+P.+Coltrane]

I worked in retail for awhile, I learned a trick for myself. I write "ASK FOR ID" on the back of all my credit/debit cards. RARELY do i have someone ask to see my identification, no matter where I go. it amazes me how easily it is to get away with small things like this.

Personally, I write "THIS CARD IS STOLEN!" on the back of mine. That way, I'm extra sure it'll be reported the very minute it's used after it's stolen.

Re:It amazes me how bad retailers are

[kaustik]

I've worked in retail before and have seen many people do this. Personally, I find it amusing. Nowhere in either the store policy, or state law, did it mention anything about following cutomer direction on the back of a credit card. You are not only wasting your time, you are causing potential confusion for the poor $5/hr kid behind the counter.
Maybe I should start writing things on the back of my card - "Give 5% discount", "Shake hands and smile", or "I'm 17, too babe, it's legal".

Re:It amazes me how bad retailers are

[hal2814]

I sign my name and then put ASK FOR ID next to it. Interestingly enough, I was in London on vacation back in 2000. I had one shop (or is it a "shoppe" over there?) request that I write out ASK FOR ID next to my signature so it matched what was on the card. Are the credit card companies just stricter over there or something?

Re:It amazes me how bad retailers are

[damiangerous]

A card that says "Ask for ID" is treated as an unsigned card. A merchant should make you sign the card before accepting it. Otherwise they're not eligible for "Card Present" protection.

Re:It amazes me how bad retailers are

[Osty]

My girlfriend works for a financial institution. She has also learned to do what you mention. However, there are places that will not accept your card if not properly signed, and ASK FOR ID is not a proper signature. Fortunately, these places are far and few between. If more people signed their cards in this manner, maybe they'd come around.

The problem is that most credit cards are not valid without the cardholder's signature (actually, I'm pretty sure all credit cards are invalid unless signed, but not all credit cards say, "Authorized Signature. Not valid unless signed," on the back). Unless your full name happens to be "ASK FOR ID", your card with that signature is no longer valid. Any place accepting credit cards as a form of payment can legally decline your card as payment if you have not properly signed it. That most places accept your card anyway is due to a number of reasons:

• Low-paid cashiers just don't care
• Poor employee education on the proper acceptance of legal tender
• Many places don't even look at the back of the card, so they don't know if it's signed or not

Even when you have "ASK FOR ID" on your card, 99% of the time you'll never be asked for your ID. That 1% of the time, you can just say, "Sorry, I don't have my ID on me," and I don't know of any cashier that would then turn down your sale.

A long time ago, I worked in a store that did refuse unsigned and "ASK FOR ID"-signed credit cards (it was a Best Buy store, and they had that policy for a few years -- I'm sure they've dropped it by now, but I thought it was a good policy). When I got an unsigned credit card, I asked the customer to sign it (and verified against a driver's license), or I would refuse them sale. When I got an "ASK FOR ID"-signed card, I flat-out refused it. In every single case, my supervisor backed me up. Unless the customer had another form of payment, they weren't leaving the store with the merch they wanted to buy. Now, I know Best Buy is not known for having the best customer service, but in this one instance I think they were right and the customer truly was wrong.

Re:It amazes me how bad retailers are

[hal2814]

You do not have to ask for id just because it says to on the card, but every credit card merchant account agreement I've ever been part of (as a tech consultant for several clothing stores) states that we must verify that the signture on the back of the card matches the one on the receipt and/or check for proper identification. It might not be store policy, but the store did agree to do either check the signature or id and as a consumer, I'd like to do all I can to ensure that the store lives up to their part of the bargain.

Re:It amazes me how bad retailers are

[Violet+Null]

It's not an order to the shopkeeper; it's in the shopkeeper's best interests to avoid credit card fraud. If a shopkeeper sells product and it turns out the charge was fraudulent, the shopkeeper gets no money and is out the product.

There's no law saying that the shopkeeper has to follow my orders if I wear a shirt that says, "Videotape me to make sure I don't shoplift," but they seem to do it alot anyways.

Re:It amazes me how bad retailers are

[hackstraw]

Nowhere in either the store policy, or state law, did it mention anything about following cutomer direction on the back of a credit card.

There is a thing called common sense.

I put in big capitol letters with a marker SEE ID on my credit cards, and I don't tell retailers its the law or store policy or anything else for that matter if they don't check it. I will say that I have noticed a much greater likelihood of the retailer checking my ID. I will also bet my signature on a napkin that the odds of a "bad guy" trying to use this CC at a retail place is about 0, and the likelihood that it will be used somewhere else is probably lower than having my scribble that noone on the planet is going to compare or question. See this link for a very funny investigation into how stupid a signature on a receipt can be without any question http://www.thescreamonline.com/cartoons/cartoons3- 3/

Lighten up a bit... Or, are you really 17 too?

Re:It amazes me how bad retailers are

[Joe5678]

I like how Visa's instructions for what to do when there is no signature, instructs the cashier to make the person sign the card, then check to make sure the signature matches that from the receipt they just signed...

Re:It amazes me how bad retailers are

[LetterJ]

The flip side of pretty much every cardholder agreement is that unless the card is signed, it's not even valid. So, technically, the merchant should be entirely refusing the transaction for all of the "see id" crowd.

When I worked in retail, I often didn't check the ID (because I'd already checked it for a given customer 3-4 times before and have a pretty good memory) and occasionally would get yelled at with the exact argument you mention, i.e. the store in violation of their merchant agreement. They didn't like it when I threw the fact that they were also in violation each and every time we even ran the card through our store.

Re:It amazes me how bad retailers are

[FuzzyBad-Mofo]

I believe that writing "please see id" on the back of a credit card is a perfectly valid signature, for the same reason initialing, checking a box online, or marking "x" on a contract is valid. A "signature" does not have to literally be your name, only your "mark." Or are you going to argue that electronic checkboxes do not represent a valid signature?

Re:It amazes me how bad retailers are

[Pig+Hogger]

I was an assistant at a company, and spent a lot of my time running around buying things with the company credit card. I'm very clearly male, and the name on the card was very clearly female. No one EVER questioned it, and i used it daily for over a year.

On my first job, my boss sent me do to some errands with the company credit card. At the fist store, it went fine, and at the second one, the store called the credit card company, and I eventually talked to the woman at the CCC. The purchase was declined. I then went to a third store, and they also called the CCC and I also talked to the very same woman at the second store. The said "I'm gonna cancel your boss's credit card!". I replied "go ahead!!!", and I left the store without making the purchases.

My boss called the credit card company (dunno if he spoke to the same woman) and gave them shit, but the card wasn't cancelled.

And I was never sent again to do the errands... :)

Re:It amazes me how bad retailers are

[LetterJ]

Then do you also sign the receipt with "please see id"? Because, given the ease with which many state ID cards are forged, checking the name on the card with the name on some sort of ID is less of an indication that the card is owned by the presenter than if the already signed card is signed in the same way as the presenter signs.

If I steal your wallet and the cards are signed "please see id", all I need to do is print out a quick fake ID with your name, but my signature of your name and my picture and unless someone's good at checking out of state ID's, no one will even notice. If your wallet is full of signed cards, I have to risk signing in front of the cashier and having it look nothing like the back.

Phishing?

[homer_ca]

Do they count phishing as online identity theft? That's really taken off the last year, and it's a lot more efficient than dumpster diving.

Re:Phishing?

[null+etc.]

Phishing will really be a threat once phishers become more sophisticated. I receive about 10 phishing attempts per day, and almost always the scam is given away by one of the following:

1. The phishers attempt to scare me by saying if I don't respond within 24 hours, my account will be disabled. No financial institution would impose a deadline like this, since it's not guaranteed that people check email every day.

2. The phishers have atrocious spelling, like "we noticed some unnusual activity on your account, and we are going to temporally disable it unless you provide your authentication credintials."

Yes but...

[kawika]

Identity theft was ALL offline 10 years ago. So are we supposed to ignore the phishing problem until it reaches 50 percent? The rate of growth in the crime is no doubt much higher online, the same way that the growth in Internet ecommerce was much higher the past holiday season.

Plus, there are some sorts of identity theft that really only make sense online, such as eBay and PayPal scams.

Re:Yes but...

[Ayaress]

The point they're trying to make in the article is NOT to ignore the problem. RTFA, mayhap? Meh, what was I thinking?

Anyway, the point they're trying to make is that the leading reason people who don't shop online give for not shoping online is that they're credit card will be stolen. Consumer's Power says that the reason few people use their online payment system is that they're afraid their credit cards will get stolen. The reason so many people say they won't use online banking is that - suprise suprise - their information will get stolen.

Those same people, however, have no compunction against handing their cards over to some random guy in a restaraunt and having it taken into another room and then brought back a couple minutes later. They don't think twice when the lady at the grocery store writes their driver's license number on the sheet with the check number. Doesn't worry them at all any time that the credit card is physically in another person's control during a transaction, and worst of all, they never even think that it might be a bad idea to throw away their bank statements.

The article is about perspective. You can do far more (and there is far more you SHOULD do) offline to protect your identity than you can and should do online.

Online: Don't fall for stupid phish scams.
Offline: Write ASK FOR ID on the back of the card.
Shred your statements.
Don't use your credit card at restaraunts.
Make sure your grocery store has one of the credit card scanners where YOU run it through the machine, and not the cashier.

Most of these come down to the whole thing where all the firewalls and encryption in the world is useless when somebody steals your computer. The weakest points are physical, not digital.

with friends like those...

[ScentCone]

friendly relatives, neighbors and friends who steal the identity of the victim

I suppose that relatives that dumb aren't smart enough to sit down and use those browser-cached passwords to access your PayPal account while you're in the bathroom and send themselves some money anyway.

I'm actually surprised that co-workers aren't a bigger piece of the statistical pie on this one. They often have access to records, PCs, the all important "work number" and so on. I've run across those incidents, and am amazed they're not more common.

Stats and FAs

[bartok]

Yeah but if it's 20 million people who lost money enough to average 551$ and onlt 500 000 people who lose a few grand, there's still cause to worry. Statistics can mean anything... especially if like me, you haven't RTFA.

Irrelevant statistics.

[physicsphairy]

The types of scam and identity theft are different. The comparison means nothing. "Don't worry about leaving stacks of money on your lawn! 99.9% of thefts are of a different type! Leaving your retirement fund in $20 wads on your front porch is completely safe!"

Consider that an online banking site may *not actually* be an online banking site. A physical bank, on the otherhand, is without fail, a physical bank. However, I don't have to worry about someone rooting through my garbage to find bank statements if all my data is online.

So both systems have their inherent vulnerabilities. The fact is that you are really paranoid, you are ultimately safest doing everything in person and taking proper measures to destroy relevant documents.

All this study says is that there is a higher incidence of paper based identity theft. Which is to be expected: how many low-level criminals do you think know javascript, for example?

I blame lazy CC industry

[Ars-Fartsica]

Are you telling me the best they can do is a card with my password embossed right next to my name? As fas as I am concerned the CC number is a password since that and the expiration date are all that are needed to pilfer funds.

The CC industry needs to create a secure credit card. Until they do, fraud cannot be stopped.

Re:I blame lazy CC industry

[afidel]

I'm with you, I've had a smart card for the past 5 years yet I have had a total of 3 places use it in their smartcard CC reader, this is with using my CC as digital cash for everything possible every day. Add to this the fact that we don't have photo's as standard features on all CC's and I've concluded that the credit card companies just don't care. It must not be a big enough problem for them to worry about. Amex's net profit for the fourth quarter of 2004 was nearly $1 Billion, and they are the smallest of the big three CC processors!

has your social security number been stolen?

[peter303]

Type your social security number here: _________________ and see if it is on the stolen number list.

ID theft through the mail

[Jere+H]

My brother had an incident of identity theft which happened through the mail. A gang drove around and picked up envelopes containing payment for bills and had checks printed using the correct checking account information. They even printed drivers licenses with their own picture and changed the birthdate to about 10 years older than my brother's age.
He caught the unauthorized activity by chance when he deposited a check at the bank and they told him he had a negative balance. Around $480 of unauthorized activity had taken place. They froze the account at that moment, he went and filed a police report, and the bank canceled payment of all of the fraudulent items.
He received calls and letters for months saying he had written bad checks and that he would have a warrent put out for his arrest if he did not pay. He had to mail dozens of copies of the police report and a copy of the notarized statement he made saying he did not write the checks or authorize electronic payment of the items purchased on the internet. The postage totaled about $30. The money from his account was eventually all returned to him, but all of the time spent on the phone with companies trying to get the issue straightened out is a huge hassle, and the money for postage and telephone calls to various out-of-state companies comes out of your own pocket.

Are they really "friendly" relatives?

[hal2814]

I had a friend in college whose dad opened up a credit card account in my friend's name, charged it up, and let it default. My friend talked to legal services on campus (I'm not sure how good our campus legal services is but our law school is pretty good for a public school). They basically told him that he sould either pay it off or claim fraud and let the credit card company haul his dad off to jail. I can't imaging putting my child in that situation. He asked me what he should do but I didn't know what to tell him. That's a pretty sorry situation for a relative to put you in, especially your own father.

Take steps to prevent it

[superid]

Our identity was stolen to the tune of $13K. Apparently the trail started with an inactive discover card account. Somehow the first person (there were eventually many) phoned discover and got them to change the billing address from my house to some place on staten island. As far as I knew this card was inactive and unused.

One thing all the credit card companies and bureaus (Equifax, etc) told us to do is to call their fraud hotlines and put a block on each card that keeps anyone from changing the mailing address. ( no I don't remember what happens if I actually DO want to move...I've been here 20 years and I aint movin...con sarn it)

Re:Take steps to prevent it

[Ahnteis]

That would undoubtably be the wife/significant other. Understandable confusion given this is Slashdot. :)

28% Is Still Online

[Plake]

You're much more likely to have your identity stolen offline (72% of the cases).

Well, 28% is still ALOT for identity theft. I'd still be careful of what you do on the internet that involves personal data.

Also, it's it kinda ironic that the top thread right now had one of those "Click for a free Mac Mini" sigs which are one of the main portals for this kind of stuff.

Re:28% Is Still Online

[Ahnteis]

28% of identity theft happens online.
NOT 28% of online transactions result in identity theft.

The first statistic is pretty much completely meaningless unless you put in other facts.

Cow Orkers and Cube Farms

[Tackhead]

> I'm actually surprised that co-workers aren't a bigger piece of the statistical pie on this one. They often have access to records, PCs, the all important "work number" and so on. I've run across those incidents, and am amazed they're not more common.

You forgot the most important factor: cow orkers overhear everything within a 3-cube radius.

With the web, it's not too bad -- but sometimes you have to deal with IVR (interactive voice response) systems, and that's when you get into trouble.

I can't tell you how many times I've heard a cow orker enunciating a credit card number (or SSN, or bank number, and sometimes both), one digit at a time, into an IVR mechanism.

Adding insult to injury, the IVR system is sometimes used as a front-end to enter the "numbers" data without human input before the call gets sent to India. I can tell when this is happened when I hear a pause between the numbers, the usual "Hi, I'm calling about... (pause) ...her name was Florence."

Thanks, buddy! Now I've got your mother's maiden name, too!

Experience with a Canadian government contractor

[westendgirl]

Following the dot-com bust, my husband and I both lost our jobs. We enrolled with an agency that has been hired by the Canadian government to help IT industry professionals find work. Three years later, we both received emails from that agency. Someone had broken into their office, stealing their computer, which had thousands of applications, resumes, social insurance numbers (social security), and other details. The agency claimed that the server was stolen for resale value only and not for the data on it. They said that there was no reason to change your SIN or do anything other than watch your bank and credit card statements. To top it off, the agency's emails to me and my husband said "Dear " -- and the names belonged to other people, so they had further compromised privacy. After talking to police and federal fraud investigators, I pushed the Canadian Privacy Commissioner and Human Resources Development Canada to force the agency to act responsibly. The agency had no right to tell people that their data was safe or that they only had to watch their bills. The police and fraud investigators recommended monitoring social insurance number data and credit reports and putting fraud alerts on our credit files. Of course, this was a real pain for us -- we were in the midst of buying our first home and all of our financial applications were delayed by the credit alert -- but better safe than sorry.

It irks me that the agency is still under contract to the government. The privacy policy they had us sign when we applied actually said that our data would be totally safe and secure. (Of course, that's an insane promise, but they shouldn't put it in writing!) And the agency completely bungled the way they told people about the data theft -- even counselling people to do nothing, which conflicted with the government/police recommendations. Thousands of people were affected, but I bet my husband and I were the only ones who knew to check with police, instead of doing nothing.

Keyloggers = offline?

[Kentsusai]

Hey /.tters
Sorry to go off on a tangent.

But when they say "offline" does that mean "not on a computer" or "not on the internet"?

Because the other day I was at a public terminal and I noticed someone had installed a keylogger. Guess they wanted to collect everyone's information (i.e. passwords and usernames) and return for them at the end of the day.

Technically, that is not online. Is it?

Correct me if I am wrong

Thanks :-)

Not quite the nightmare you portray

[coinreturn]

It's not as bad as you state. I've been a victim of identity theft / credit card fraud / check fraud on several occasions. Each time, I was able to straighten things out without the gigantic hassle the urban myth pushes. My credit remains as stellar as it was before the incidents.

Prevent fraudulent use of your Credit card

[servognome]

Keep them maxed out. Sure they can have my credit card number, but just wait until they get that look of shame when they try to use it.

I agree...

[Anita+Coney]

In work in a Court and every ID theft case I've seen in the last five years were committed by co-workers.

BMO is worse.

[mopslik]

They limit you to a 7 CHARACTER PASSSWORD!

Bank of Montreal is worse -- all passwords are between 4 and 6 characters. In fact, their FAQ lists 6 characters as a "good" password. Scary.

True Story

[temojen]

A guy came up to the counter where I was working at (big chain convenience store) and asked for 6 cartons of cigarettes. Each of them a different brand, and all of them were brands the teenagers smoke. The total would be just over $300 CDN.

I began to get them together (under the counter -- we'd had people grab & dash cartons off the counter the week before). Then the guy handed me a visa card. I read the card, looked at him, and said:

"So Susan, have you got any ID?"

His response was something along the lines of "It's because I'm black, isn't it?". Ummm, no, it's because I just saw you talking to those kids outside, and these are the brands they smoke, and this is not your credit card. He insisted that it was his wife's card; I insisted his wife could pick it up from the RCMP then (an RCMP car pulled up coincidentally), and he ran off.

Reduce Junk Mail.Reduce the Risk of Identity Theft

[$criptah]

1. Take out every credit card and call every agency. Tell them that you do not want your information to be shared with anybody. That will reduce the risk of id theft due to less junk mail.

2. Get a good shredder. Shred every piece of useless mail with your address on it.

3. Sing up for paperless delivery of credit card statements and loans. Most companies use secure servers and if your ISP uses SSL then you can safely get mail in your inbox. The inbox can be archived and encrypted in the future.

4. Sign up for electronic bill pay through your credit card. Your bills will be paid on time and you will get less mail. Remeber, somebody can get your address w/o taking your mail.

5. Inspect your credit reports from three major agencies at least 2 times a year.

6. Call credit report agencies and tell them not to share your info with any other institutions. CC agencies love to do that, especially if you have loans.

7. If you get junk mail, see if you can opt-out. If you can, do that; otherwise, the companies who send you this shit can be in trouble.

my ID theft merry-go-round

[peter303]

A "wife" I never met put her name on my checking account some years ago. I had to file a police report before the bank would cancel the bad checks. I lived in city #1, my bank was in city #2, and the band checks were passed in city #3. You wouldnt believe how hard it was to get oneof these three police stations to take a report. Forged checks are so commonplace that no one wants to bother.
I'd hate to multiple this by many accounts, if a larger identity was stolen.

Picture on Credit Card

[digerati00]

Best option is to request your credit card company to have your picture printed on the CC. Citibank does this and hopefully all others will follow. I have had many cashiers commenting on how cool it is to have the picture on the CC.

Dilbert

[GeoSanDiego]

Reminds me of a Dilbert cartoon from a few years back.

Guy in a restaurant as he is handing his credit card to the waitress says to his companion "I don't trust giving my credit card information online"

When he waitress comes back for his signature she is wearing a fur coat.

Dear mods:

[laughingcoyote]

Random garbage followed by a scam link is not "insightful".

Thank you.

True, but it's not the same.

[sideshow]

If you lose your credit card and someone charges 10k on it, Visa doesn't make you pay it unless they find out you're defrauding them.

If someone steals you debit card and charges 10k of your money, Wells Fargo doesn't give your money back untill they prove you aren't defrauding them.

The rules are the same and you are at the same risk, but in one case Visa is out the money during the investagation and in the other you are out the money.

Lemme do the math

[Dark+Coder]

Lets count the times that an identity theft occurred NOT by your close ones (relatives, neighbors, friends).

28% is on-line
39% is off-line by strangers (78%/2)
equals
67% by strangers.

So, 1/3 of the ID theft is by someone you know. 2/3 is strangers.

Tips to safeguard yourselves:

1. Look in your wallet/purse and remove SSN# from all ID cards
a) Medical card
b) Dental card
c) Old-man fraternity lodge
d) Military ID
e) and yes, your state drivers license (in dumb states only)

You can verbally give your SSN# to the cop/doctor/guard if and when you get challenged. And no, you won't be fined for tampering with the license. Three Federal Statues will protect you on this formerly malicious act (IANAL, but I did it).

2. Use shredders on the following containing account numbers, ID# or SSN#
a) bank statements
b) loan offers
c) utility bills
d) FAXes
e) virtually anything with your SSN# (and account #)

3. Perform lockout of your credit history. It is free to do. $10 to unlock it (how often do you apply for credits?)

4. Religiously apply for opt-out with insurance and financial institutions for your rights on Privacy Act. This hopefully eliminates sharing of your information.

Above steps goes a LONG WAY to drastically minimizing your vulnerability level and will go to bolstering your legal case against the identity theives, if and when, they get caught.

Carpa Diem!

Good God! DONT ASK FOR PAPERLESS STATEMENTS

[Dark+Coder]

Most of the financial and insurance institutions who implement paperless statements send it UNENCRYPTED over SMTP protocol.

DON'T DO THIS STEP.

Only extract the statement from the institutions' secured web pages.

spin it the other way

[nothings]

Ok, so if half of ID theft is friends & family, then half of it isn't. Friends & family probably do 99% of their theft offline, so let's call it 100%. What does that leave us for stranger-theft?

Friends & family theft: 50% of all theft; 100% occurs offline
Stranger theft: 50% of all theft; 44% occurs offline, 56% occurs online

(Why? Because 72% of all theft occurs offline, and friends and family accounts for 50% of the total. Given 100 thefts, 50 of them are friends and family, and (72-50) are offline non-friends non-family, or 22. That leaves 28 thefts to occur online.)

If that conclusion is really true, then you can spin these numbers in the entirely opposite direction; the headline could be More Identity Theft By Strangers Online than Offline.

However, the article also says that online theft of bank and CC information is only 12% of all identity theft. 72% + 12% = 84%; who knows where the other 16% really are (maybe they're online theft but not bank/CC). Ain't lying with statistics grand?