Preventing my identity from being stolen

Last year, my college goofed up, and somehow the bursar’s office managed to post a spreadsheet containing many students’ names, social security numbers, and account information on a public domain of the school website. They don’t have any IP address logs, so there’s no telling who had accessed the website. That was scary.

Today, I wanted to sign up for electric service for my new apartment, but they want my social security number for that. So I have to call the manager tomorrow and heckle with him until I get him to accept just my driver’s license number instead.

It seems that everyone wants your social security number these days. I learned that the DMV can require your SSN, but you don’t have to give it to other companies such as your cell phone company, utility company, etc. They will try to force you to give them your SSN, but if you heckle with them enough, they’ll just accept your driver’s license instead. I also ask landlords and such to shred and delete all records with my SSN on it after they finish their background checks.

Today I read that every year, 8 million Americans have their identities stolen, and this prompted me to sign up for LifeLock. It’s a service that monitors your credit and does damage control. If your SSN is stolen, it prevents anyone from using it to get credit in your name. That sounded like a great program, so I signed up for a whole year of coverage.

I just wanted to know if anyone else had any similar stories or experiences they’d like to share about identity theft.

Yes and No. It was credit card fraud.
I know the company responsible - But nothing ever was done.
I got all my money back via my Bank.

When I noticed, the Bank had already put a flag on my card. I had tried using it and it was declined. I went home and checked online. It had been used for several online purchases (including Muslim Aid). When I phoned the Bank, they were very helpfull - and explained they had flaged my card because the activity on it was unusual. I think it totalled about £200

This kind of thing is everywhere and a real problem. But don’t loose sleep over it. The world is full of loosers that just sap other hard working people. Two fingers to them.

In Canada, unless you’re a bank or employer or someone else similarly mandated to report income, it’s more or less illegal to demand SIN (our version of SSN) information form individuals. Though everyone and their uncle will still try. Up until our federal privacy regulations kicked in, there were video stores, etc. that even “requested” it as part of a membership agreement.

Protecting your information is important, but having said that, I think that the agencies that charge a fee are convenient, but offer nothing that consumers can’t do on their own. The credit agencies (both in Canada and the US) were mandated to lower the barrier for consumer to access their information, and prohibited from charging for it. They get around this by creating services for online credit file access, or credit monitoring, but it’s nothing that you couldn’t do on your own. You can access your credit information, and you can have notes placed on your file requesting verification or notification of credit requests (ie. for a new credit card or some such thing). The paid services simplify the process, but they’re only doing what you can do yourself. In fact, they can’t do anything you can’t do yourself. Certainly there’s value there, but don’t assume that they’re offering a higher level of protection.

The best thing you can do is simply be cautious about how you transact your business. Try to use official bank ATM machines, instead of third-party kiosks, if you can, and always cover the keypad when entering your PIN (cameras are often used to capture PIN numbers). When you use your credit card, watch for people that are potentially “double-swiping”. Often times people that are stealing credit card info will have a hidden device that they run the card through, under the counter or some such thing. Take a look at the receipt they give you, and make sure that it doesn’t display anthing more than the last four digits of your credit card number; if it does, you’re dealing with a merchant that is not PCI compliant and is in violation of the terms for the credit card companies. You’re far more likely to be a victim of fraud against your existing cards, than you are to have fraudulent cards opened against you. The credit companies are becoming more diligent now, in their handing out of credit. An SSN and birthdate isn’t necessarily enough any more, although it can still cause grief in the wrong hands.

Crime is so strife nowadays for credit card/bank fraud (since it’s a “victimless” crime with lesser penalties), that the bad guys are getting organized and intelligent. It’s very much like browsing the web. Be vigilant of where you are conducting business, and keep an eye out for suspicious things.

My wife is actually a PCI consultant, and works with credit card merchants to help bring them to compliance with PCI requirements. I’ve heard nightmare stories about the way personal/credit info is handled by some merchants, even large, brand-name ones. So as I said, vigilance is your best defense, although ironically, she recently had her bank card defrauded herself, despite knowing the measures to take.

Just be smart about how you’re presenting your information (whether SSN/SIN, credit card, whatever), and beyond that, don’t lose sleep over it, because there’s only so much you can do.

Just my 2c…

Cheers,
KV

Good advice I’ll try not to lose any sleep over it. Although I did get the electric service hooked up first thing this morning, without giving out my SSN. I had to jump through a few hoops, but eventually they used a password for me instead.

I agree that it’s all too easy for someone to steal your identity these days. A hundred years ago, the only way you could get robbed was if some outlaw held up the stagecoach you were riding in or robbed your house. Now they can rob you without ever meeting you.

This site has some good information for US citizens on who you need to
provide a SSN to: http://www.privacyrights.org/fs/fs10-ssn.htm

The two sections to look under are titled:

"Am I required to give my Social Security number to government agencies? "
and
"Must I give my Social Security number to private businesses? "

Yep, I read that one. I think the advice given there is good. There’s an even better way of protecting ourselves from identity theft, but it would require that the government take action, and that’s probably not going to happen since the government is so slow at doing things. If they gave everyone separate numbers for utilities, billing, tax paying, etc, then everything wouldn’t be tied to just one single number, and that would mean that a thief getting hold of one of your numbers wouldn’t wreak havoc. We wouldn’t have all the eggs in one basket.

I’ve set up a account, just for online. There is basically no money in it. I just dump some in when I need it. It has no facility to go overdrawn. Thought it was a little safer.

That’s a good idea. The trouble for us US residents is, if someone gets your social security number, they can open up new accounts using your ID, and then you have to pay back the bills after they buy stuff on those accounts.

BNG22908 wrote:
> That’s a good idea. The trouble for us US residents is, if someone gets
> your social security number, they can open up new accounts using your
> ID, and then you have to pay back the bills after they buy stuff on
> those accounts.
>
>
That is why you have to go with banks and credit card companies that
have better policies when it comes to identity theft such as what
American Express has.

I have a house in fl. and a US bank account.
My bank had to assign me with some kind of fake/temp SSN to set me up. The Bank at the time was South Trust - Now absorbed in to Wachovia.
Also have a US drivers licence, but that has to be renewed each time I go back to US now - Pain in *ss.

On 2008-08-12, BNG22908 <BNG22908@no-mx.forums.opensuse.org> wrote:

> I just wanted to know if anyone else had any similar stories or
> experiences they’d like to share about identity theft.

The very notion of identity theft seems so strange to me.
Do you really mean you identify with your SSN; just a number?

I’m trying to figure out how to compare this with the situation in European
coutries, but somehow it’s difficult to draw parallels.

–
The sand remembers once there was beach and sunshine
but chip is warm too
– haiku from Effector Online, Volume 1, Number 6

The term “identity theft” can be misleading from people outside the US and Canada, and parts of Europe. “Identity theft” doesn’t mean the loss of a person’s sense of self or well-being. It means the hijacking of personal information such as social security numbers, addresses, driver’s license numbers, and telephone numbers. If a criminal gets this information, especially a person’s social security number, the criminal can use this to take out loans and credit cards under an innocent person’s name, and inflict major financial damage on the innocent person as a result.

I can’t speak to the EU or other areas of the world, but the big problem in the US & Canada is the drive for automation in the credit-granting system. Determinations are based on a combination of identifiable-data and algorithms. There’s rarely human-interaction in verifying information, as far as “instant” credit goes.

An SSN/SIN number, combined with the person’s date-of-birth, and maybe a drivers license number, is often all it takes. Address doesn’t match the credit report? They don’t care, they’ll assume the individual has moved. Employment info doesn’t match? They don’t care, they’ll assume the individual has switched jobs. As long as there is a decent credit record, the credit grantors are more than willing to automatically grant credit, based on their computer-managed algorithms.

This is what the black hats have been exploiting.

You can walk into a Best Buy store with false credentials, and get instant credit to walk away with a new laptop or flatscreen TV. It simply becomes a mess for the victim to have to deal with. The sad part is that credit lenders are well aware of this, but they treat it as a cost of doing business. The victim is generally vindicated in these types of scenarios, but the onus is often on them to have to prove that they did not apply for the credit that is attributed to them. It’s a PITA, and it can cause grief for people in the process of trying to buy a house, get a job, or whatnot, due to black marks on their record.

The sophisticated gangs that know what they’re doing can even leverage that type of information into obtaining mortages or such from the banks. In fact, in Canada, we’ve had cases where identity theft has been used to actually sell homes, and the victim often doesn’t realize until the buyer shows up to move in. Sadly, due to loopholes in Canadian law, the victim can actually lose their property title this way; as opposed to the credit card companies that generally offer zero-liability for victims of fraud, the mortage companies are not so generous.

Anyways, it’s an ugly mess. Identity theft is an issue that causes hundreds of millions in loss every year. Sometimes the victims are indemnified, sometimes not.

Diligence is certainly the message here. Simply scanning your credit report every three months or so can help tremendously, it will alert you not only to new activity attributed to you, but will even report on organizations that have made inquiries into your record. That alone can often indicate when someone is trying to do something nefarious. And I believe that you can have your credit file with the various agencies “flagged” for manual verification on any attempt to extend credit.

It’s a brave new world we live in…

Cheers,
KV

> “BNG22908” <BNG22908@no-mx.forums.opensuse.org> wrote in
> message news:BNG22908.3e09wo@no-mx.forums.opensuse.org…
>
> Today I read that every year, 8 million Americans have
> their identities stolen, and this prompted me to sign up
> for LifeLock.

http://www.nytimes.com/2007/11/16/business/16venture.html

LifeLock, based in Tempe, Ariz., has about 400,000 customers and raised
$6.85 million last spring from three venture capital firms, including the
prominent Kleiner Perkins Caufield & Byers. For $10 a month, or $110 paid
annually, LifeLock places and preserves fraud alerts on a customer’s credit
reports with the big three credit companies and several smaller credit
firms. It says it also keeps customers’ names off junk mailing lists and can
clean up a credit history if thieves do manage to steal an identity.

Among its peers, LifeLock has attracted the most attention — much of it
negative. In radio and television ads, Todd Davis, chief executive of
LifeLock, gives out his Social Security number to demonstrate his faith in
the service. As a result, he has been hit with repeated identity theft
attacks, including one successful effort this summer in which a
check-cashing firm gave out a $500 loan to a Texas fraudster without ever
checking Mr. Davis’s credit report.

Last summer, The Phoenix New Times, an Arizona paper, reported that LifeLock’s
co-founder, Robert Maynard, had once spent a week in jail on fraud charges,
though he made restitution and was not convicted. Mr. Maynard later
resigned.

–
AZC

On 2008-08-13, BNG22908 <BNG22908@no-mx.forums.opensuse.org> wrote:
> The term “identity theft” can be misleading from people outside the US
> and Canada, and parts of Europe. “Identity theft” doesn’t mean the loss
> of a person’s sense of self or well-being. It means the hijacking of
> personal information such as social security numbers, addresses,
> driver’s license numbers, and telephone numbers.

Is was aware of that, thanks.

But it’s the hijacking of that personal information that seems (sorry) …
pointless. Any criminal can have my equivalent info, what could he do with
it?

OTOH, I’m starting to get some clues to that effect in other messages,
namely the possibility that giving a combination of personal parameters is
enough to ID you and obtain services.

> If a criminal gets
> this information, especially a person’s social security number, the
> criminal can use this to take out loans and credit cards under an
> innocent person’s name, and inflict major financial damage on the
> innocent person as a result.

That’s the weird part, for me.

We have long based our identity on an identity card, with photo on it. We’ve
had this for before I was born.

I guess it’s a little less easy to “steal”, even if a forgery is possible.

But there must be some combination of ID and procedures that makes it very
different.

I’m trying to figure out what…

–
The sand remembers once there was beach and sunshine
but chip is warm too
– haiku from Effector Online, Volume 1, Number 6

On 2008-08-13, else where <else_where@no-mx.forums.opensuse.org> wrote:
>
> I can’t speak to the EU or other areas of the world, but the big problem
> in the US & Canada is the drive for automation in the credit-granting
> system. Determinations are based on a combination of identifiable-data
> and algorithms. There’s rarely human-interaction in verifying
> information, as far as “instant” credit goes.

<snipped>

Thanks for the examples, it’s a bit more clear now.

It’s a bit like the difference between paying with a credit card (Visa, etc)
as oppopsed to paying the way “we” tend to do more often.

In the credit card model, we basically tell the salesperson “Here’s the key
to my bank account, please take only what I owe you. I’ll trust you not to
take more, and if you do, the CC company has an insurance (for which I pay
in my costs, of course).”

In our older model, we wrote a check. That included the amount and name of
the company we’re paying. Of course, check were easily falsified.

Today we pay using our bank card. The kind of card you can get money with
from a dispenser (ATM). At the cassier of virtually all shops, there is a
terminal, in which we insert the card, verify the amount on the screen and
enter our PIN.
For other types of purchase (even ebay), we ask the seller how much we owe,
to what account he wants it wired, and need to mension something in ref.
Then, we just wire the exact amount, eighter from a bank terminal, or from a
computer connection.

Ex: I just received a utility bill. A form to wire money is included, I
could fill in my account number, sign it, and deposit it at my bank. It will
be paid in 1 or 2 days, max.
I just fired up my connection to the bank, filled in an online form and
confirmed, using a hardkey generated code.

Only the fairly expert fraudsters could get away with faking that
connection. And the bank is responsible for a correct ID of their client,
so… Costs are minimal, or absent.

–
The sand remembers once there was beach and sunshine
but chip is warm too
– haiku from Effector Online, Volume 1, Number 6

You might check Wachovia at Bank Ratings from time to time. They are now down to 3 stars. Much of their mortgage division is closed and the Federal auditors are taking a close look at their brokerage division. And they are several billions USD down since they bought funny paper in the smoke and mirrors of the deriviatives/sub-prime slough. The bank gave you a Taxpayer ID number.

Most US identities have been stolen at least 3 times. Not actually stolen, but “given up” by banks and government agencies, including State governments. “Lost” laptops, etc. The US government (DARPA) attempted to get legislation allowing them to build a huge database on all citizens but the legislation was not forthcoming. So, they get it as they can. And, the huge database is compiled anyway.

The lack of identity security is deliberate. The latest passports with the RFID chips are so insecure that they are routinely cloned. When it gets intolerable, you will be given a chip implant. Like my little Weim, you Americans wag your tail and do what DHS tells you to do! Or, you won’t get your supper.

Many new laptops are being advertised with fingerprint identity control - could fingerprint technology be used to help secure these automated transactions?

Maybe make laws stating that the onus is on the lending agency to prove the individual actually did make the credit application if fingerprint ID was not part of the credit approval process in question.