“Someone got my credit card!"
I didn’t expect that statement from my sister a couple of years ago while we were running around the mall doing some holiday shopping.
When I asked her how she knew, my sister said her husband had noticed some Yahoo! charges the previous month. That wasn’t the worst - she also had a credit check listed.
How much information can be gleaned from one credit check, especially in the wrong hands? Unfortunately, this is not a stand-alone case. With our world of immediate access and possible innumerable breaches of our private personal information, it is a miracle anything is safe.
It must be a family thing because something similar happened to me. Prior to the use of NCR credit forms, the only problem with identity theft was the misuse of a charge card. I remember receiving a phone call one summer, many years ago. It was VISA, asking me if I had been to Brazil recently. I said no, but apparently my charge card had. Someone had taken the carbon copy of the credit card (my best guess was it occurred while I was at an international tennis tournament in Miami) and spent oodles of dollars, including mucho dinero at a dental office! The irony did not escape me. The good news: VISA said I was not responsible for the charges. The bad news: The problem still continues.
Identity theft is one of the biggest personal safety issues of our time. Identity theft, in addition to consumer fraud, affects millions of unsuspecting people each year. They are having their privacy invaded in a personal manner. According to the Identity Theft Protection Information and Resource Center, every 79 seconds someone becomes a victim of identity theft. One in 23 Americans will be a victim this year. And the costs are high. The Federal Trade Commission estimates the price tag of identity theft to be $52.6 billion.
HIPAA is trying to protect personal private health information. With all the laws in place to prevent unwanted access to medical records, one corner of our lives is secure - in theory. What about the rest of our information? Our social security numbers? Our bank accounts? Our passwords? It’s enough to say you will never sign up for a free television in the mall, join an e-mail list for recipes, or subscribe to a magazine. You have no idea what information is out there being shared, how it is disseminated, and by whom. Who is receiving all this personal stuff?
Identity theft occurs every day. Apparently, it is incredibly easy. In 2001, 42 percent of all consumer complaints to the FTC were from identity-theft victims. From rummaging through trash cans and finding an unused credit card application, to a disgruntled employee giving away that credit card you so trustingly allowed him or her to use, it occurs at an alarming rate. Thieves use this information to buy cars, computers, real estate, whatever they please. They establish their own credit with your funding. You’ve seen the TV commercials - the biker guy in a spa - meant to amuse, but the scenario is real.
The main method of obtaining personal information is still the old-fashioned way: theft of wallets and mail, and theft by friends and relatives. According to the Better Business Bureau, computer identity theft is 11.6 percent of the total crimes committed. The crime is more often committed less esoterically. Aside from the apparent bad guys rummaging through your garbage cans or pilfering a credit card application from your outside mail box, things do go missing in private homes. We tend to lower our personal radars in our homes and leave private materials on kitchen counters, dining room buffets, or even living room tables. Half of identity-theft criminals are friends, relatives, and in-home employees of victims.
What about the other half? According to Ray Williams, a former detective from the Lincolnwood, Ill., Police Department, a more recent trick being used is to grab information from people in public places. The bad guys are using newer cell phones that have motion-picture-capture capabilities and pointing them at unsuspecting people using public phones to record passwords of calling cards as they are tapped into keypads. You can only begin to imagine what a creative mind is capable of with camera phones. Yes, hackers are out there. They do get your passwords, but some are not sitting at their computers trying to discover number and letter permutations.
Did you realize you could have your identity silently ripped off during a dining experience? After a meal in a restaurant, we think nothing of tossing a credit card on the table to pay the bill. Once we give our card, the server heads over to the register to charge our meal. But there is a small, hand-held machine called a skimmer. This device takes only a few seconds to scan the magnetic strip on the back of a credit card. The strip contains all personal data, such as name, address, credit limit, and PIN. The information is then used to create new duplicate credit cards. Unfortunately, there is no way to determine if your credit card has been skimmed, so check your statements with due diligence each month.
Here is a frightening concept: Imagine just doing your normal business and having your cell phone’s database hacked. In Europe, Bluetooth subscribers were prey to a virus that scanned data from cell phones and retrieved them into a laptop. Sound crazy? The system used is a simple one that allows cell phones, computers, and other digital devices to “talk to each other.” Cell phones now are so advanced they function as multi-communication devices. The program, called “bluesnarfing,” is able to copy addresses, photos, calendars, anything stored on a phone. Some of these cell phones have credit card information stored to purchase small items, similar to the pass cards at your local McDonald’s. The problem lies in the fact the Bluetooth system is continuously on, and therefore, always vulnerable.
Cell phones can also be taken over in a system called “bluebugging.” The phones may be completely taken over by another phone without a person’s knowledge. When one phone rings, the thief’s phone rings. All conversations may be heard. This is a perfect tool for corporate spies. Again, the address book and contact list may be rewritten, but it takes a more difficult connection between cell phones to establish.
The hacking has become downright creative. “Phreakers,” as they are called, find ways to send out a different caller ID number after stealing it from a victim. They call the cell phone company and notify the company that they want to have their cell phone connected to their computer, and a connection is established. Unbeknownst to the Internet phone company, the number is another person’s cell phone. But, with that new fraudulent number, access to personal banking accounts and ATM is now available and new credit cards can be created - not to mention a new bank account with the victim’s money.
Vacation is another time we might be at risk. Our personal warning defenses may be down because we are in relax mode. It might not be obvious: your wallet goes missing from a pocket or purse. As my experience testifies, once that credit card receipt is gone, you have no control over where it goes. Some establishments still list the entire credit card number on all receipts.
A few vacation tips: If you are gone for a long time, have home mail held at the post office, carry minimal checks and credit cards, and apply all due diligence regarding personal information lying around the hotel room. Consider making a list of any personal identification pieces (passport, credit cards, and insurance cards) that you are bringing with you and leave a copy at home in a safe place.
Identity theft is a federal and state crime. There are several laws protecting citizens. The Identity Theft and Deterrence Act of 1998 is also known as the identity theft act, making it a federal crime to steal someone’s identity (www.ftc.gov/os/statutes/itada/itadact.htm). If your identity has been stolen, the Fair Credit Reporting Act will allow for a correction to a credit report (www.ftc.gov/os/statutes/fcra.htm). Electronic banking transactions are protected through the Electronic Funds Transfer Act. Lost or stolen ATM or debit cards are not liable for more than $50 if reported prior to unauthorized use (www.ftc.gov/bcp/conline/pubs/credit/elbank.htm). The Fair Credit Card Billing Act protects consumers from billing errors.
But what can we do to be proactive to protect our identity? Purchasing a shredder for home and your business is a small piece of insurance. Shred charge card applications that you have no interest in keeping. Request copies of your personal credit history. Frequent checking of online credit card and bank accounts is a must, especially if any have electronic access. By calling (888) 5-OPTOUT, you can opt out of receiving annoying applications for every credit card available. By contacting The Direct Marketing Association Mail Preference Service, you can remove your name from direct mailing lists (www.the-dma.org/).
What happens if you are a victim? The FTC’s Web site (www.consumer.gov/idtheft/) is where Williams sends many of the victims with whom he has dealt. The site lists what a victim should do and who to call after discovering a problem.
Your identity is an important piece of your life. If someone takes this information from you, your life could be irrevocably altered. You could become a victim of a federal crime. Being proactive will protect this valuable personal asset. If you do become a victim, report it immediately. Getting your life back together is key. Not allowing a theft to happen in the first place is crucial. Much is at stake.
The author wishes to thank Ray Williams, Lincolnwood Police Department 911 coordinator or police network administrator, and Guy Ballard, director of technology, Niles Township High School District 219, in Skokie, Ill., for their invaluable experience and assistance.
What They Want
Date of birth
Driver’s license number
Credit card account number
Bank account number
Social security number
How They Get It
taken from www.identity-theft-protection.com
1) Dumpster diving: looking through a victim’s trash for discarded personal information or unwanted, pre-approved credit offers
2) Stealing incoming and outgoing mail
3)Stealing a wallet or purse
4) Shoulder surfing: watching what PIN is keyed into an ATM machine
5) If you keep information such as your income taxes or account numbers on your PC, a hacker may be able to extract that information from your system.
6) A disgruntled employee may sell personal information to a thief.
Recommendations from www.identity-theft-protection.com
1) Choose a password with at least eight characters. Mix up the password with letters and numbers.
2) Change your password regularly and use different passwords for different services.
3) If you are going to keep a written reminder of your password, keep it far away from your computer.
4) Never use a password that is too easy for anyone to find out. Passwords hackers first attempt are “blank,” “password,” and “administrator.”
5) Never use a password that would be easy for someone who knows you to figure out. Easy passwords to find are birthdays, children’s names, maiden name, favorite team, last name, place of birth, model of car, vacation spot, or a pet’s name.
6) Never share your password with anyone, even family members or people you can trust. Encourage family members to get their own accounts.
7) NEVER use your login as your password!
Sheri B. Doniger, DDS, is the editor of Woman Dentist Journal®, a sister publication of Dental Economics®. She has been in the private practice of family and preventive dentistry for more than 20 years. A dental hygiene graduate of Loyola University prior to receiving her dental degree, Dr. Doniger’s current passion is focusing on women’s health and well-being issues. She may be contacted at email@example.com.