Identity theft
This article was reproduced from the PC Gurus newsletter
To subscribe to this newsletter just drop by www.thepcgurus.com (updated and now featuring RSS goodness) and sign up!
<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>
Identity theft has become a real problem over the last couple of years, with thousands upon thousands of people having their credit if not their very lives ruined by shameless thieves hijacking their name and credit existence.
A coincidental juxtaposition of an article on El Reg and an email from a reader concerning this problem led me to this week’s topic. I’ll warn you up front that I’m going to do something unusual in this issue and use extensive quotes from both the Register article and the email. Ordinarily I prefer to write my own pieces but I think this is very important and don’t feel like reinventing the wheel.
First up, the problem. http://www.theregister.co.uk/2005/03/23/id_theft_cannot_be_escaped/ reports that an astonishing amount of personal information was compromised just this month. To quote:
“In March 2005 alone:
California State University at Chico notified 59,000 students, faculty, and staff that their details had been kept on a computer compromised by remote intruders. The haul included names, addresses and Social Security numbers.
Boston College notified 120,000 of its alumni after a computer containing their addresses and Social Security numbers were compromised by an intruder.
Shoe retailer DSW notified more than 100,000 customers of a remote break-in of the company's computerized database of 103 of the chain's 175 stores.
Privacy invasion outfit Seisint, a contributor to the MATRIX government dossier system, now owned by Reed Elsiver, confessed to 32,000 individuals that its Lexis Nexis databases had been compromised.
Privacy invasion outfit ChoicePoint confessed to selling the names, addresses and Social Security numbers of more than 150,000 people to criminals.
Bank of America confessed to losing backup tapes containing the financial records of 1.2 million federal employees.
Payroll outsourcer PayMaxx foolishly exposed more than 25,000 of its customers' payroll records on line.
Desktop computers belonging to government contractor Science Applications International Corp (SAIC) were stolen, exposing the details of stockholders past and present, many of them heavy hitters in the US government, such as former Defense Secretaries William Perry and Melvin Laird, former CIA Director John Deutch, former CIA Deputy Director Bobby Ray Inman, former Chief Weapons Inspector in Iraq David Kay, and former chief counter-terror advisor General Wayne Downing.
Cell phone provider T-Mobile admitted that an intruder gained access to 400 of its customers' personal information.
George Mason University confessed that a remote intruder had gained access to the personal records of 30,000 students, faculty, and staff.”
To continue, El Reg says:
“While this is nothing new, there is an important observation here that's worth emphasizing: none of these cases involved online transactions.
Many people innocently believe that they're safe from credit card fraud and identity theft in the brick and mortar world. Nothing could be farther from the truth. The vast majority of incidents can be traced to skimming, dumpster diving, and just plain stupidity among those who "own" our personal data.
Only a small fraction of such incidents result from online transactions. Every time you pay by check, use a debit or credit card, or fill out an application for insurance, housing, credit, employment, or education, you lose control of sensitive data.
In the US, a merchant is at liberty to do anything he pleases with the information, and this includes selling it to a third party without your knowledge or permission, or entering it into a computerized database, possibly with lax access controls, and possibly connected to the Internet.”
To help fight this type of non-techy threat, reader Ken Marion forwarded this anonymous email he recently received. You know how I feel about email forwards (most of them are completely bogus) but a quick check on Snopes (http://www.snopes.com/inboxer/scams/credit.htm) shows this one to be almost completely accurate.
The advice:
“1. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.
2. Do not sign the back of your credit cards. Instead, put "PHOTO ID REQUIRED".
3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.
4. Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.
5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards.
Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information online, and more. But here's some critical information to limit the damage in case this happens to you or someone you know:
1. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.
2. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).
But here's what is perhaps most important of all : (I never even thought to do this.)
3. Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.
By the time I was advised to do this, almost two weeks after the theft, all the damage had been done. There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away This weekend (someone turned it in). It seems to have stopped them dead in their tracks.
Now, here are the numbers you always need to contact about your wallet, etc., has been stolen:
1.) Equifax: 1-800-525-6285
2.) Experian (formerly TRW): 1-888-397-3742
3.) Trans Union: 1-800-680-7289
4.) Social Security Administration (fraud line): 1-800-269-0271
We pass along jokes on the Internet; we pass along just about everything. But if you are willing to pass this information along, it could really help someone that you care about."
Other than the tip to use your initials because the bank would notice your signature changing, those tips are dead on. I can speak from personal experience that banks will often process checks that aren’t signed at all, so that tip sounds good but is only valid if you bank at a really small institution with no automated check processing.
Knowledge, preparation and forethought are your best bets in protecting your identity. Please be careful out there…
Kevin Mefford, Editor
pcguru@microdome.net
To subscribe to this newsletter just drop by www.thepcgurus.com (updated and now featuring RSS goodness) and sign up!
<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>
Identity theft has become a real problem over the last couple of years, with thousands upon thousands of people having their credit if not their very lives ruined by shameless thieves hijacking their name and credit existence.
A coincidental juxtaposition of an article on El Reg and an email from a reader concerning this problem led me to this week’s topic. I’ll warn you up front that I’m going to do something unusual in this issue and use extensive quotes from both the Register article and the email. Ordinarily I prefer to write my own pieces but I think this is very important and don’t feel like reinventing the wheel.
First up, the problem. http://www.theregister.co.uk/2005/03/23/id_theft_cannot_be_escaped/ reports that an astonishing amount of personal information was compromised just this month. To quote:
“In March 2005 alone:
California State University at Chico notified 59,000 students, faculty, and staff that their details had been kept on a computer compromised by remote intruders. The haul included names, addresses and Social Security numbers.
Boston College notified 120,000 of its alumni after a computer containing their addresses and Social Security numbers were compromised by an intruder.
Shoe retailer DSW notified more than 100,000 customers of a remote break-in of the company's computerized database of 103 of the chain's 175 stores.
Privacy invasion outfit Seisint, a contributor to the MATRIX government dossier system, now owned by Reed Elsiver, confessed to 32,000 individuals that its Lexis Nexis databases had been compromised.
Privacy invasion outfit ChoicePoint confessed to selling the names, addresses and Social Security numbers of more than 150,000 people to criminals.
Bank of America confessed to losing backup tapes containing the financial records of 1.2 million federal employees.
Payroll outsourcer PayMaxx foolishly exposed more than 25,000 of its customers' payroll records on line.
Desktop computers belonging to government contractor Science Applications International Corp (SAIC) were stolen, exposing the details of stockholders past and present, many of them heavy hitters in the US government, such as former Defense Secretaries William Perry and Melvin Laird, former CIA Director John Deutch, former CIA Deputy Director Bobby Ray Inman, former Chief Weapons Inspector in Iraq David Kay, and former chief counter-terror advisor General Wayne Downing.
Cell phone provider T-Mobile admitted that an intruder gained access to 400 of its customers' personal information.
George Mason University confessed that a remote intruder had gained access to the personal records of 30,000 students, faculty, and staff.”
To continue, El Reg says:
“While this is nothing new, there is an important observation here that's worth emphasizing: none of these cases involved online transactions.
Many people innocently believe that they're safe from credit card fraud and identity theft in the brick and mortar world. Nothing could be farther from the truth. The vast majority of incidents can be traced to skimming, dumpster diving, and just plain stupidity among those who "own" our personal data.
Only a small fraction of such incidents result from online transactions. Every time you pay by check, use a debit or credit card, or fill out an application for insurance, housing, credit, employment, or education, you lose control of sensitive data.
In the US, a merchant is at liberty to do anything he pleases with the information, and this includes selling it to a third party without your knowledge or permission, or entering it into a computerized database, possibly with lax access controls, and possibly connected to the Internet.”
To help fight this type of non-techy threat, reader Ken Marion forwarded this anonymous email he recently received. You know how I feel about email forwards (most of them are completely bogus) but a quick check on Snopes (http://www.snopes.com/inboxer/scams/credit.htm) shows this one to be almost completely accurate.
The advice:
“1. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.
2. Do not sign the back of your credit cards. Instead, put "PHOTO ID REQUIRED".
3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.
4. Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.
5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards.
Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information online, and more. But here's some critical information to limit the damage in case this happens to you or someone you know:
1. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.
2. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).
But here's what is perhaps most important of all : (I never even thought to do this.)
3. Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.
By the time I was advised to do this, almost two weeks after the theft, all the damage had been done. There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away This weekend (someone turned it in). It seems to have stopped them dead in their tracks.
Now, here are the numbers you always need to contact about your wallet, etc., has been stolen:
1.) Equifax: 1-800-525-6285
2.) Experian (formerly TRW): 1-888-397-3742
3.) Trans Union: 1-800-680-7289
4.) Social Security Administration (fraud line): 1-800-269-0271
We pass along jokes on the Internet; we pass along just about everything. But if you are willing to pass this information along, it could really help someone that you care about."
Other than the tip to use your initials because the bank would notice your signature changing, those tips are dead on. I can speak from personal experience that banks will often process checks that aren’t signed at all, so that tip sounds good but is only valid if you bank at a really small institution with no automated check processing.
Knowledge, preparation and forethought are your best bets in protecting your identity. Please be careful out there…
Kevin Mefford, Editor
pcguru@microdome.net
