Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combating Identity Theft

Posted by ryuzaki0 on from the who-am-i dept.

An anonymous reader writes "Net-Security is running an interesting article about some of the problems facing organizations when it comes to identity theft. From the article: 'Identity theft is the major security concern facing organizations today. Indeed, for the banking industry, it is the number one security priority for 2006. Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users. While easy to do, this approach is extremely hard and costly to scale upwards and offers no interoperability with other authentication networks.'"

13 of 204 comments (clear)

  1. Um... by ShaniaTwain · · Score: 4, Informative

    Can't they just use 'whois'?

    --
    Starsucks
  2. They're not helping themselves by Kombat · · Score: 5, Informative

    A big part of the problem is that the banking industry isn't always taking advantage of their own safety checks. For example, take a look at these stories to see how merchants pretty much ignore the signatures on the back of credit cards.

    --
    Like woodworking? Build your own picture frames.
    1. Re:They're not helping themselves by duffbeer703 · · Score: 2, Informative

      The signature has nothing to do with security. Your signature is proof of your acceptance of the cardmember agreement. That's why merchants reject cards from asshats who write stuff like "See ID" on the back of the card.

      Theoretically, if you buy stuff with an unsigned card, you are not on the hook to pay the bill in some states.

      --
      Conformity is the jailer of freedom and enemy of growth. -JFK
    2. Re:They're not helping themselves by Bogtha · · Score: 4, Informative

      Here in the UK, we use the Chip and PIN system, which has been in effect for a while and practically mandatory since Valentine's Day.

      --
      Bogtha Bogtha Bogtha
  3. Combating ID Theft is easy... by digitaldc · · Score: 3, Informative

    ...just buy a deserted island, build a house and NEVER leave.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  4. Identity theft protection here by CrazyJim1 · · Score: 1, Informative

    Prepaid legal does IDentity Theft, it just costs money.

    --
    God spoke to me.
  5. ID theft sucks and it's only getting worse by bogie · · Score: 4, Informative

    I was just an ID theft victim. Some douche in Philly opened up a cell phone account with all my info. Now I have to constantly watch my credit for the next year. It's bad enough knowing that your name,address, SS#, etc, all are floating around in 50,000 different legitimate locations, but it really sucks when someone with malicious intent gets ahold of that information. There really isn't anything anyone can do for you either once your information is stolen. You can only file a police report and then notify the credit agenices. Real damage gets done and peoples lives have been completely turned upside because of ID theft. Sadly many people end up battling ID theft for years and years. It's only going to get worse.

    --
    If you wanna get rich, you know that payback is a bitch
  6. Lenders are liable for ID theft, not victims by max+born · · Score: 5, Informative

    I was a victim of ID theft 5 years ago. A credt card company (Next Card IIRC) gave someone a credit card who had only my name and SS#, wrong date of birth and wrong address. Anyway this guy went to Vegas and ran up quite a bill. It was only when the card remained unpaid that the company bothered to track down the real me.

    They wanted me to sign an affidavit. I told them I wan't signing anything, it wasn't my problem. I quoted the following from CHAP. 41, SUBCHAP VI, sections b and e of U.S. Code TITLE 15 which states:

    (b) Burden of proof
    In any action which involves a consumer's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized or, if the electronic fund transfer was unauthorized, then the burden of proof is upon the financial institution to establish that the conditions of liability set forth in subsection (a) of this section have been met, and, if the transfer was initiated after the effective date of section 1693c of this title, that the disclosures required to be made to the consumer under section 1693c(a)(1) and (2) of this title were in fact made in accordance with such section.

    (e) Scope of liability
    Except as provided in this section, a consumer incurs no liability from an unauthorized electronic fund transfer.

    Anyway, they took care of everything after that. Including my credit rating.

  7. Re:Useless information by Anonymous Coward · · Score: 4, Informative

    The functionality is already available as far as the credit reporting agencies not providing your information for marketing purposes.

    You can protect yourself from identity theft by taking your name off of the credit bureaus mailing lists. The credit bureaus are one of the biggest offender when it comes to selling your name and information to the credit card companies who in turn send you all those pre-approved applications. One call to the Opt Out Request Line (for Equifax, Trans Union, Experian and Consumer Credit Associates) is all it takes to permanently remove your name from all marketing lists that the credit agencies supply to direct marketers. You can also opt for a two-year period, renewing your request at any time in the future.

    1-888-567-8688

    To get rid of most other junk mail, write a letter giving your complete name, name variations and mailing address to:

    Mail Preference Service
    Direct Marketing Association
    P.O. Box 9008
    Farmingdale, NY 11735

    1-800-407-1088 Opt-Out from all mailing and telemarketing lists

    Other sources:
    http://www.dmaconsumers.org/cgi/offtelephonedave
    http://www.dmaconsumers.org/cgi/offmailinglistdave
    http://www.dmaconsumers.org/optoutform_emps.shtml

  8. Re:Measuring the risk by mrsev · · Score: 2, Informative

    ........er how can this be +5% insightful.

    10% of 1.5 bilion British Pounds is 150 million Pounds NOT 1.5 million.

    Bad mods, naughty mods.

  9. Merchant rules require sig and ID. by fahrbot-bot · · Score: 3, Informative
    I too was once irked at having to present my ID for a credit card purchase, but then I actually did some research (stops to hear Slashdot audience gasp) and found the following:

    According the merchant rules, for MasterCard anyway, the merchant is suppose to check the signature and request ID as part of their compliance (section 2.1.1.2).

    If a card is not signed, the merchant is suppose to obtain authorization from the card issuer, request ID and have the customer sign the card then and there (section 2.1.1.3).

    MasterCard Merchant Rules

    --
    It must have been something you assimilated. . . .
  10. not ID theft in the cool high tech sense, but... by Anonymous Coward · · Score: 2, Informative

    My grandmother was recently taken by a telemarketer scam. She doesn't have internet access, doesn't even have a computer, but the scammers already had her checking account number (I guess it's been on every check she's ever written) and by being recorded saying her account number, she had, in Washington Mutual's view, authorized a legitimate transaction. She never saw or signed the check -- which the scammers just printed up themselves!

    She was ready to throw up her hands but online security is a big part of my job so I took up the cause for her. I don't expect to get her $700 back but I want to make it a little more difficult at the very least for the unclever scammers.

    What shocked me is how lax WM's security policies are. According to the reps I spoke with, WM will cash any automated check with the right readily public account info on it. And they won't even categorize it as fraud so long as -- according to the manager in WM's Fraud Dept I spoke to -- the scammers have recorded the account holder saying nothing more than her account number. I'm still flabbergasted and wonder if this is true of the industry at large.

    Not quite on topic, except perhaps in pointing out how excessive talk of encryption codes and integrated authentication platforms is when banks like WM won't even exercise the most basic security measures (or at least take responsibility when their poorly secured system gets played.)

    In any event, all the blood and gore can be found here:

    http://wamublamesgrandma.blogspot.com/

    And if you have less id-paranoid friends or family members (esp. senior citizens) out there, it's probably worth a couple minutes of your time to alert them to the perils of identity theft/fraud. I'm not naive, but this was an eye-opener even for me.

  11. Re:Useless information by Todd+Knarr · · Score: 2, Informative

    The lockdown doesn't work quite that way. No proof of identity is required to remove the lockdown (normally, at least). What is required is a specific code that's given out when the freeze is put in place and only to the party requesting the freeze. If the request for a report's accompanied by that code the report will be issued, otherwise the request is refused. Makes it very hard for an impersonator to override a freeze unless they were the ones who placed it, since if they didn't they wouldn't have gotten the code.

    And yes, there's procedures for dealing with false freezes. They aren't trivial because it's supposed to be hard for an impersonater to remove a freeze, but an attempted DoS on your credit report can be dealt with.