Identity theft Happens Predominantly Offline

prostoalex writes "Worried about identity theft online? Relax, say the Feds. You're much more likely to have your identity stolen offline (72% of the cases). In half of all the cases, it's the friendly relatives, neighbors and friends who steal the identity of the victim. Moreover, those watching their financial accounts online lose approximately $551 per incident. The average rockets to $4543 for those relying on paper statements from their banks and credit card companies."

this is why

[greechneb]

The best purchase you can make is a paper shredder, preferably a cross-cut model. When you get your mail, either shred it, or file it right away. A pile of mail sitting around is an easy target, especially if it isn't opened - you probably won't miss it if you haven't opened it. Shred everything, even those credit card applications. You don't want any information easily available!!!

Re:this is why

[Rosco+P.+Coltrane]

The best purchase you can make is a paper shredder, preferably a cross-cut model. When you get your mail, either shred it, or file it right away.

You're so right! I do that with email too: print them, then shred them thin. No more spam or viruses, nosiree.

Re:this is why

[ad0gg]

Problem isn't people going through trash, its people stealing your mail from the unlocked mailbox most people have. Best solution is getting a lock for you mailbox.

Re:this is why

[Peyna]

The two times I've had my credit card number stolen it was traced to a clerk or cashier at a location I had used my card. When it comes down to it, your information is only as secure as the people you give it to, and in most cases, it's the person standing behind the counter that you hand your card to that becomes the liability.

Which is why I now always pay at the pump, and try to avoid any situation where my card will be in the hands of someone else. Most places where you swipe the card yourself, the cashier does not have access to that information. Although, I used to work a grocery store, and while the receipt didn't contain the full credit card number, the roll that kept the transaction log at the register did, and it would have been very easy for myself or any other employee to simply take the roll when we were heading to count our cash drawer and pick a few names and numbers to use.

I imagine that most cases of "identity theft" are simply credit card fraud, and usually is not the result of someone dumpster diving for information.

Re:this is why

[Peyna]

As a follow-up to this; I've also found that having online access to my account information (something many people are weary of due to supposed security issues), enabled me to catch the unauthorized charges almost immediately (in one case, before the charge had even cleared). If I had to wait around for a statement in the mail, I imagine they would have been able to charge a lot more to my account.

Another thing is that you should never use your debit card at a retailer, only at an ATM ran by your bank (unless you're really desperate for cash.) Very few banks offer the same sort of protection against fraud that credit card companies do. Most credit card companies will excuse any liability for any charges that you did not make.

Re:this is why

[Xzzy]

> Which is why I now always pay at the pump, and try
> to avoid any situation where my card will be in
> the hands of someone else.

There's another option: pay in cash. People that try to steal that stuff generally get caught a lot quicker, and even if they don't get caught it doesn't hurt you in the slightest.

Credit cards are handy things, but using them to replace cash for day to day purchases is asking for trouble.

I suppose if one is constantly getting mugged the above may not be sound advice. For the rest of us, it's much safer.

Now is the time..

[Norgus]

To start stealing IDs online, you guys are WAY behind your quota!

It amazes me how bad retailers are

[hsmith]

I worked in retail for awhile, I learned a trick for myself. I write "ASK FOR ID" on the back of all my credit/debit cards.

RARELY do i have someone ask to see my identification, no matter where I go. it amazes me how easily it is to get away with small things like this.

But I do urge everyone to do that with their credit cards, it may not always be checked, but it is better than a scribble on the back. But while in london, I almost had a pub owner take my CC because my name was't "ASK FORD ID", arg.

Re:It amazes me how bad retailers are

[Rosco+P.+Coltrane]

I worked in retail for awhile, I learned a trick for myself. I write "ASK FOR ID" on the back of all my credit/debit cards. RARELY do i have someone ask to see my identification, no matter where I go. it amazes me how easily it is to get away with small things like this.

Personally, I write "THIS CARD IS STOLEN!" on the back of mine. That way, I'm extra sure it'll be reported the very minute it's used after it's stolen.

Re:It amazes me how bad retailers are

[kaustik]

I've worked in retail before and have seen many people do this. Personally, I find it amusing. Nowhere in either the store policy, or state law, did it mention anything about following cutomer direction on the back of a credit card. You are not only wasting your time, you are causing potential confusion for the poor $5/hr kid behind the counter.
Maybe I should start writing things on the back of my card - "Give 5% discount", "Shake hands and smile", or "I'm 17, too babe, it's legal".

Re:It amazes me how bad retailers are

[hal2814]

I sign my name and then put ASK FOR ID next to it. Interestingly enough, I was in London on vacation back in 2000. I had one shop (or is it a "shoppe" over there?) request that I write out ASK FOR ID next to my signature so it matched what was on the card. Are the credit card companies just stricter over there or something?

Re:It amazes me how bad retailers are

[damiangerous]

A card that says "Ask for ID" is treated as an unsigned card. A merchant should make you sign the card before accepting it. Otherwise they're not eligible for "Card Present" protection.

Re:It amazes me how bad retailers are

[FuzzyBad-Mofo]

I believe that writing "please see id" on the back of a credit card is a perfectly valid signature, for the same reason initialing, checking a box online, or marking "x" on a contract is valid. A "signature" does not have to literally be your name, only your "mark." Or are you going to argue that electronic checkboxes do not represent a valid signature?

Re:It amazes me how bad retailers are

[LetterJ]

Then do you also sign the receipt with "please see id"? Because, given the ease with which many state ID cards are forged, checking the name on the card with the name on some sort of ID is less of an indication that the card is owned by the presenter than if the already signed card is signed in the same way as the presenter signs.

If I steal your wallet and the cards are signed "please see id", all I need to do is print out a quick fake ID with your name, but my signature of your name and my picture and unless someone's good at checking out of state ID's, no one will even notice. If your wallet is full of signed cards, I have to risk signing in front of the cashier and having it look nothing like the back.

Yes but...

[kawika]

Identity theft was ALL offline 10 years ago. So are we supposed to ignore the phishing problem until it reaches 50 percent? The rate of growth in the crime is no doubt much higher online, the same way that the growth in Internet ecommerce was much higher the past holiday season.

Plus, there are some sorts of identity theft that really only make sense online, such as eBay and PayPal scams.

with friends like those...

[ScentCone]

friendly relatives, neighbors and friends who steal the identity of the victim

I suppose that relatives that dumb aren't smart enough to sit down and use those browser-cached passwords to access your PayPal account while you're in the bathroom and send themselves some money anyway.

I'm actually surprised that co-workers aren't a bigger piece of the statistical pie on this one. They often have access to records, PCs, the all important "work number" and so on. I've run across those incidents, and am amazed they're not more common.

Irrelevant statistics.

[physicsphairy]

The types of scam and identity theft are different. The comparison means nothing. "Don't worry about leaving stacks of money on your lawn! 99.9% of thefts are of a different type! Leaving your retirement fund in $20 wads on your front porch is completely safe!"

Consider that an online banking site may *not actually* be an online banking site. A physical bank, on the otherhand, is without fail, a physical bank. However, I don't have to worry about someone rooting through my garbage to find bank statements if all my data is online.

So both systems have their inherent vulnerabilities. The fact is that you are really paranoid, you are ultimately safest doing everything in person and taking proper measures to destroy relevant documents.

All this study says is that there is a higher incidence of paper based identity theft. Which is to be expected: how many low-level criminals do you think know javascript, for example?

I blame lazy CC industry

[Ars-Fartsica]

Are you telling me the best they can do is a card with my password embossed right next to my name? As fas as I am concerned the CC number is a password since that and the expiration date are all that are needed to pilfer funds.

The CC industry needs to create a secure credit card. Until they do, fraud cannot be stopped.

has your social security number been stolen?

[peter303]

Type your social security number here: _________________ and see if it is on the stolen number list.

ID theft through the mail

[Jere+H]

My brother had an incident of identity theft which happened through the mail. A gang drove around and picked up envelopes containing payment for bills and had checks printed using the correct checking account information. They even printed drivers licenses with their own picture and changed the birthdate to about 10 years older than my brother's age.
He caught the unauthorized activity by chance when he deposited a check at the bank and they told him he had a negative balance. Around $480 of unauthorized activity had taken place. They froze the account at that moment, he went and filed a police report, and the bank canceled payment of all of the fraudulent items.
He received calls and letters for months saying he had written bad checks and that he would have a warrent put out for his arrest if he did not pay. He had to mail dozens of copies of the police report and a copy of the notarized statement he made saying he did not write the checks or authorize electronic payment of the items purchased on the internet. The postage totaled about $30. The money from his account was eventually all returned to him, but all of the time spent on the phone with companies trying to get the issue straightened out is a huge hassle, and the money for postage and telephone calls to various out-of-state companies comes out of your own pocket.

Are they really "friendly" relatives?

[hal2814]

I had a friend in college whose dad opened up a credit card account in my friend's name, charged it up, and let it default. My friend talked to legal services on campus (I'm not sure how good our campus legal services is but our law school is pretty good for a public school). They basically told him that he sould either pay it off or claim fraud and let the credit card company haul his dad off to jail. I can't imaging putting my child in that situation. He asked me what he should do but I didn't know what to tell him. That's a pretty sorry situation for a relative to put you in, especially your own father.

Re:Phishing?

[null+etc.]

Phishing will really be a threat once phishers become more sophisticated. I receive about 10 phishing attempts per day, and almost always the scam is given away by one of the following:

1. The phishers attempt to scare me by saying if I don't respond within 24 hours, my account will be disabled. No financial institution would impose a deadline like this, since it's not guaranteed that people check email every day.

2. The phishers have atrocious spelling, like "we noticed some unnusual activity on your account, and we are going to temporally disable it unless you provide your authentication credintials."

Experience with a Canadian government contractor

[westendgirl]

Following the dot-com bust, my husband and I both lost our jobs. We enrolled with an agency that has been hired by the Canadian government to help IT industry professionals find work. Three years later, we both received emails from that agency. Someone had broken into their office, stealing their computer, which had thousands of applications, resumes, social insurance numbers (social security), and other details. The agency claimed that the server was stolen for resale value only and not for the data on it. They said that there was no reason to change your SIN or do anything other than watch your bank and credit card statements. To top it off, the agency's emails to me and my husband said "Dear " -- and the names belonged to other people, so they had further compromised privacy. After talking to police and federal fraud investigators, I pushed the Canadian Privacy Commissioner and Human Resources Development Canada to force the agency to act responsibly. The agency had no right to tell people that their data was safe or that they only had to watch their bills. The police and fraud investigators recommended monitoring social insurance number data and credit reports and putting fraud alerts on our credit files. Of course, this was a real pain for us -- we were in the midst of buying our first home and all of our financial applications were delayed by the credit alert -- but better safe than sorry.

It irks me that the agency is still under contract to the government. The privacy policy they had us sign when we applied actually said that our data would be totally safe and secure. (Of course, that's an insane promise, but they shouldn't put it in writing!) And the agency completely bungled the way they told people about the data theft -- even counselling people to do nothing, which conflicted with the government/police recommendations. Thousands of people were affected, but I bet my husband and I were the only ones who knew to check with police, instead of doing nothing.

Prevent fraudulent use of your Credit card

[servognome]

Keep them maxed out. Sure they can have my credit card number, but just wait until they get that look of shame when they try to use it.

I agree...

[Anita+Coney]

In work in a Court and every ID theft case I've seen in the last five years were committed by co-workers.

True Story

[temojen]

A guy came up to the counter where I was working at (big chain convenience store) and asked for 6 cartons of cigarettes. Each of them a different brand, and all of them were brands the teenagers smoke. The total would be just over $300 CDN.

I began to get them together (under the counter -- we'd had people grab & dash cartons off the counter the week before). Then the guy handed me a visa card. I read the card, looked at him, and said:

"So Susan, have you got any ID?"

His response was something along the lines of "It's because I'm black, isn't it?". Ummm, no, it's because I just saw you talking to those kids outside, and these are the brands they smoke, and this is not your credit card. He insisted that it was his wife's card; I insisted his wife could pick it up from the RCMP then (an RCMP car pulled up coincidentally), and he ran off.

Reduce Junk Mail.Reduce the Risk of Identity Theft

[$criptah]

1. Take out every credit card and call every agency. Tell them that you do not want your information to be shared with anybody. That will reduce the risk of id theft due to less junk mail.

2. Get a good shredder. Shred every piece of useless mail with your address on it.

3. Sing up for paperless delivery of credit card statements and loans. Most companies use secure servers and if your ISP uses SSL then you can safely get mail in your inbox. The inbox can be archived and encrypted in the future.

4. Sign up for electronic bill pay through your credit card. Your bills will be paid on time and you will get less mail. Remeber, somebody can get your address w/o taking your mail.

5. Inspect your credit reports from three major agencies at least 2 times a year.

6. Call credit report agencies and tell them not to share your info with any other institutions. CC agencies love to do that, especially if you have loans.

7. If you get junk mail, see if you can opt-out. If you can, do that; otherwise, the companies who send you this shit can be in trouble.

my ID theft merry-go-round

[peter303]

A "wife" I never met put her name on my checking account some years ago. I had to file a police report before the bank would cancel the bad checks. I lived in city #1, my bank was in city #2, and the band checks were passed in city #3. You wouldnt believe how hard it was to get oneof these three police stations to take a report. Forged checks are so commonplace that no one wants to bother.
I'd hate to multiple this by many accounts, if a larger identity was stolen.

Lemme do the math

[Dark+Coder]

Lets count the times that an identity theft occurred NOT by your close ones (relatives, neighbors, friends).

28% is on-line
39% is off-line by strangers (78%/2)
equals
67% by strangers.

So, 1/3 of the ID theft is by someone you know. 2/3 is strangers.

Tips to safeguard yourselves:

1. Look in your wallet/purse and remove SSN# from all ID cards
a) Medical card
b) Dental card
c) Old-man fraternity lodge
d) Military ID
e) and yes, your state drivers license (in dumb states only)

You can verbally give your SSN# to the cop/doctor/guard if and when you get challenged. And no, you won't be fined for tampering with the license. Three Federal Statues will protect you on this formerly malicious act (IANAL, but I did it).

2. Use shredders on the following containing account numbers, ID# or SSN#
a) bank statements
b) loan offers
c) utility bills
d) FAXes
e) virtually anything with your SSN# (and account #)

3. Perform lockout of your credit history. It is free to do. $10 to unlock it (how often do you apply for credits?)

4. Religiously apply for opt-out with insurance and financial institutions for your rights on Privacy Act. This hopefully eliminates sharing of your information.

Above steps goes a LONG WAY to drastically minimizing your vulnerability level and will go to bolstering your legal case against the identity theives, if and when, they get caught.

Carpa Diem!