Cringely on Identity Theft 630
Boiled Frog writes "Prompted by the theft of his mail, Cringely investigates how easy it is to steal identities from government publications. In this article he explains how he got the identities of 300,000 people which he calculates to be valued at $65 billion dollars. If Cringely can do it, anyone can."
Article is spot on. Happened to me.. (Score:5, Informative)
In San Francisco, when some people move out, they throw all this crap they don't need anymore on the curb. I saw this thoughout the city, time and time again, so when it came time for me to move, I did the same.
I got rid of almost everything! This included, tons of old papers - possibly old pay stubs. Big NO NO! At one point, I even noticed some people looking through the big pile. "Just people who like crap", I thought.
Six months later, the Postmaster General Attorney's office in San Jose calls me saying they've arrested someone on postal fraud that had my name and info in his little black book. It was under a section that basically was ready to have a drivers license and social security card issued in my name with this guy's picture!
To make a long story short, the guy went to prison and I had to notify all agencies where I had any type of id or credit/bank card to put a watch on them for the next six months.
My lesson learned: shread everything.
However, online, this is a totally different issue and the only thing I can suggest and do about that is to check into companies and try to make sure they are responsible about how they store your credit-card information. I've personally written to all the online companies I use to ask as how they protect my information. If it ever seemed like they weren't up to snuff, I explained my concerns and asked for some sort of reassurences. Although, I must admit, that's not the best thing and sometimes letters to the BBB and other groups/agencies are necessary.
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Good to hear this person actually went to jail. I should add that the other thing you should do is check your credit history and cancel all old credit cards that you may not even know are still active. A friend of mine had someone get access to three old credit cards that he had cut up, but had not actually cancelled the accounts. A couple of years later he was surprised to find the companies were telling him he owed $30k worth of charges.
Re:Article is spot on. Happened to me.. (Score:3, Informative)
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Re:Article is spot on. Happened to me.. (Score:4, Insightful)
It is all based on the way people were expected to use credit 25 years ago. The way people use credit, and the way they work has changed very much in the last 25 years.
Re:Article is spot on. Happened to me.. (Score:3)
Re:This is not correct (Score:4, Interesting)
This is not correct. Despite this, financial advisors repeat this like a mantra.
It's partially correct. By leaving a bunch of available credit around (unused credit cards), you increase your accessible credit. When deciding whether to extend credit to you, creditors usually look at this number. Old credit cards that you never closed => larger amount of available credit (that you don't use) => lower amount of credit that you do use.
How often they get caught (Score:5, Interesting)
So you have a much better than 99.9% chance to just do it to your heart's content and walk away with the money. That's pretty freakin' scary. A crime where you never have to see your victims, never have to face any consequences, and make tons of money. Can you imagine what would happen if a misguided Robin Hood decided to popularize the techniques and teach them to America's poor? Would the entire banking industry collapse at once? With a million people doing it simultaneously you would obviously overload the already overloaded investigative ability of the gov't and probably change the ration to 1 in 100,000 getting caught.
Re:How often they get caught (Score:5, Funny)
Can you imagine what would happen if a misguided Robin Hood decided to popularize the techniques and teach them to America's poor?
Tyler Durden?
Durden?
Durden?
Re:How often they get caught (Score:5, Insightful)
I've heard the rate at which people who commit identity theft get caught is around 1 in 7000.
So you have a much better than 99.9% chance to just do it to your heart's content and walk away with the money. That's pretty freakin' scary. A crime where you never have to see your victims, never have to face any consequences, and make tons of money. Can you imagine what would happen if a misguided Robin Hood decided to popularize the techniques and teach them to America's poor? Would the entire banking industry collapse at once? With a million people doing it simultaneously you would obviously overload the already overloaded investigative ability of the gov't and probably change the ration to 1 in 100,000 getting caught.
This is because the police refuse to even investigate these crimes. Most of the id thieves we hear about getting caught were actually caught committing some other crime (or pursued therefore). In one of the previous slashdot articles, they had a police officer in charge of ID theft investigations who essentially admitted he sat on his butt all day and answered the phone telling people they were SOL. He said that they even told him who or where the thief was and that did not get him out of his chair.
The big misconception is that ID theft is all the victim's fault, much like the oft-repeated myth that you can only get worms/viruses by clicking on attachments. The claim is that id theft only happens when people are carelesswith their trash. That is the old way, but it is easier than that now. As Cringely points out, you can get all the info you need for massive id theft for a minimal fee, like $20, or free.
Of course the most amusing part of all this is that Al Qaeda has been using id theft techniques for decades. If I were a terrorist, that would be the first thing on my list besides cashing in on nigerian spam scams. After all, what terrorist would not want billions of untraceable dollars, untraceable connections to the internet and cellular networks, and a free ride on the passport train to paradise? Yet our illustrious leaders are still keystone kopping it through life instead of actually doing something to fight these threats.
Re:How often they get caught (Score:3, Interesting)
Could happen.
Re:Article is spot on. Happened to me.. (Score:4, Funny)
Re:Article is spot on. Happened to me.. (Score:5, Interesting)
The scary part was that if I hadn't called these guys up, I never would have known about the identity theft. How often does something like that occur, where the situation gets resolved but the intended victim is never informed???
ATT Wireless (Score:3, Funny)
Three months later, I get a call from ATT wireless about my enormous phone bill. I told them they must be mistaken so they tried a couple of different things to verify that I was me, then called the cell phone to do the same thing. Obviously the person on the cell phone couldn't answer the questions.
How I Deal With Identity Theft (Score:5, Funny)
Re:How I Deal With Identity Theft (Score:3, Funny)
Ah, good. At least I'm doing something right.
Re:How I Deal With Identity Theft (Score:3, Insightful)
Re:Article is spot on. Happened to me.. (Score:3, Insightful)
A similar thing happened here in France.
But it was in a way more serious since the French have "Unfalsifiable" (yeah right), identity papers.
A guy got arrested for not paying his fines for travelling with the trains without ticket.. (If you get busted without a ticket they take your name and address and send you the fine.)
Problem was that he didn't live in France at all but in one of the former colonies, and had never actually been to those places where he was supposed to have been.
After a bit of
Re:Article is spot on. Happened to me.. (Score:5, Funny)
EXCEPT the DICTIONARY!
wait until this happens to you (Score:5, Informative)
With the key, you just drive it off the shopping mall lot. And there's no sign of forced entry, so the insurance company says "you left the key in the ignition, tough for your claim. Happened to us on vacation. And 10 year old clean cars are in more demand for the body parts, it isn't just the new Hondas.
Tape over that damned number.
VIN numbers (Score:5, Informative)
http://www.snopes.com/crime/warnings/vin.asp [snopes.com]
As stated in the link, I highly doubt anyone can just steal a car of the shopping mall lot. It takes too long to get a key made. You will be home by then. Also, I think covering the VIN number may be illegal in some states/countries.
Re:VIN numbers (Score:3, Insightful)
As stated in the link, I highly doubt anyone can just steal a car of the shopping mall lot.
So do it in an office park. People tend to go there every day.
Re:VIN numbers (Score:3, Insightful)
Re:wait until this happens to you (Score:3, Insightful)
Re:wait until this happens to you (Score:3, Insightful)
That story sucks and I feel bad for you, but I don't understand how there could be no sign of forced entry on a car that's been stolen. Not to sound like the Bloodhound Gang / Sherlock Bones / Encyclopedia Brown here or anything. Presumably you came back and the car was gone, and was reported as a theft.
Was the car recovered? And if so there's probably not much of a claim there...
Re:wait until this happens to you (Score:4, Informative)
Tape over that damned number.
Go ahead, if you don't care about violating federal law and giving the police a reason to believe that the car has been stolen. From U.S. Supreme Court case NEW YORK v. CLASS, 475 U.S. 106 (1986) [findlaw.com]:
Re:wait until this happens to you (Score:3, Interesting)
Whats interesting, too, is you can do the math on the number of colors of your car, and the average number of keys per model (generally 20) and figure out the odds of you accidentally driving off with someone else's car in
Re:wait until this happens to you (Score:4, Interesting)
We thought it was kind of funny until we realized that the owner of the other car could do the same thing.
Re:wait until this happens to you (Score:3, Insightful)
Re:Article is spot on. Happened to me.. (Score:5, Insightful)
It's the basic question of:
When someone is running a business, and profiting handsomely from it - should they, or should they not, be responsible for the safety of their customers?
It's already been established that Automakers should be responsible for defects in their products which compromise car-owner safety.
The airlines, of course, have dodged responsibility for the lax security they provided which enabled 9/11. Instead of a slap on the wrist, they were rewarded with hundreds of millions of taxpayer dollars in bailouts - and union-busting government arbitration - and, eventually, bankruptcy protection. Wow. I wish I had a business that the government was that generous to.
But I guess Alaska Air has been getting slapped around for negligent maintenance.
Now, if you spend $10,000 on a Microsoft server to protect your data, and it falls prey to a security glitch, we all know that Microsoft can't be held responsible.
Who's held responsible?
In the Old West - banks were often robbed. And stagecoach deliveries of funds. People were afraid to put their money into banks because if the bank was robbed, their savings would be lost with no recourse. Banks didn't take the responsibility of hiring enough security to prevent robberies. It would have made their business much less profitable.
Then the US Government created the FDIC insurace act, which insured bank deposits, and made bank robbery a federal crime, so robbers couldn't simply cross state lines to escape justice.
It was *not* a constutional duty of the government to do so - unless you check the preamble, and read the phrase ". .
The question here is - would government be overstepping it's constitutional boundries by going in and protecting our personal data in the hands of corporations?
That's a matter of opinion.
Would the government be overstepping it's constitutional boundries by mandating that companies, in posession of citizens' personal data, be responsible for taking appropriate measures to secure that data?
Possibly - but in today's political climate, it would definately NOT be a Republican to suggest such.
What problem would be solved?
Citizens would be protected - that's a nice thing. And falls right in line with "...provide for the common defense..."
Public faith in ecommerce would arise, which might stimulate the economy - which wouldn't be a bad thing.
A solution is out there. But there are right ways to do this, and wrong ways. I'm certain that the wrong thing to do would be the neoconservative lassez-faire approach. And that's probably the approach our current set of (s)elected officials will choose.
Re:Article is spot on. Happened to me.. (Score:5, Informative)
This is different from the "security alert" that most people tell you to put on your credit report when fraud happens.
With a "security alert," basically it's just a notification to creditors that they should be careful. They can still get your credit report. Apparently, many creditors ignore this warning so you are not guaranteed that someone else isn't applying for credit in your name.
With a "security freeze," no one can get your credit report (with a few exclusions such as the police with a court order). It's much much safer.
The credit report agency sends you a PIN that you use to temporarily or permanently remove the security freeze. For example, if you are applying for a mortgage in the next 15 days, you can remove the security freeze for 15 days, and it will be put back on once that period of time is up.
The credit report agencies do not want people to know about this option because if everyone takes advantage of it then their whole system fails.
Under California law, there is no charge for a security freeze on your credit reports IF you have ALREADY been the vicitim of fraud. (Someone used some of my checks and stole my credit card number before, so I qualify). If you have not ALREADY been a victim, you can pay some ridiculous amount to have it put on (on the order of $50/year).
I believe Texas may have a similar law (because my letter including the PIN from one of the agencies said "security freezes are only available in California and Texas" and that if I move out of CA then I have to notify them so that they can remove the security freeze).
For the last year, I played the credit report agencies' game. I PAID THEM $80/year to get access to MY OWN INFORMATION to make sure no one was using my credit fraudulently. When I renewed a couple of months ago, they changed their policy and limited the number of times a year you could view your credit report. So I dropped them, and was going to sign up with a competitor (still playing the game) when I found out about the security freeze.
For more info:
http://www.privacy.ca.gov/financial/cfreeze.htm
http://www.fightidentitytheft.com/legislation_c
Of course, if you are not in California (or Texas I think), then you can try seeing if your representatives in DC will make this a national requirement.
Joey
Re:Article is spot on. Happened to me.. (Score:4, Interesting)
Even worse is that they would fire, without fair cause, a person that was already underpaid (thus broke) without taking care to finally fix their security. If I was a thief I could be very well off. I'm sure a lot of other IT/programmer types have similar experiences. I'm sure that not all of us are behaving ourselves with the economy the way it is.
I still shop with vendors I know are storing my data but I'm careful with how much I give them. I don't use checks. I don't use credit cards. I do use a debit card but I was careful to get one that couldn't spend more than was actually in my account and I'm careful not to put more into the account than I'm expecting to use right away. That still leaves me open to damage but at least it controls the damage. I buy with cash or COD when it's possible (my last computer came from iDot.com because they allow purchase by COD).
This is really scary (Score:2, Informative)
Identity theft is indeed a big problem (Score:5, Funny)
Watch out - this could happen to you.
Are you dissing Cringely? (Score:4, Interesting)
Re:Are you dissing Cringely? (Score:2)
I thought that too...
Office of Redundancy Office (Score:5, Funny)
Come on editors, I know it's early on the West Coast, but really.
Re:Office of Redundancy Office -- RTFA (Score:3, Funny)
$65 billion dollars
Did you get it that time? Lets try again..watch closely now!
----> $ <----65 billion ----> dollars <----
Did that help?
I'm Robert X Cringley (Score:4, Funny)
Will the REAL Robert X. Cringely please stand up? (Score:5, Informative)
Re:Will the REAL Robert X. Cringely please stand u (Score:3, Funny)
Has he ever thought about a career in piracy? He'd make an excellent Dread Pirate Roberts.
Cheers,
Ian
Re:Will the REAL Robert X. Cringely please stand u (Score:4, Informative)
Which goes to show you... (Score:5, Informative)
Don't have to worry about such things.
Re:Which goes to show you... (Score:5, Informative)
Good idea but many places won't deliver to a PO Box as they've been used for fraud for eons. They want a brick & mortar delivery point.
Re:Which goes to show you... (Score:4, Informative)
123 This St. # 666
They'll take and sign for packages for you, too.
Re:Which goes to show you... (Score:3, Insightful)
$65 billion? Ridiculous! (Score:4, Funny)
Credit monitoring services (Score:5, Informative)
True Credit [truecredit.com] turned out to be the cheapest at $11/quarter for the basic service. This is not a referral link, and I'm not affiliated with them in any way. Just sharing information.
Not Correct (Score:3, Insightful)
That is not correct. The law places restrictions on how government agencies can use your social security number, but private companies are generally not covered by such laws.
The Privacy Act of 1974 requires government agencies to d
Murder is easy too (Score:5, Insightful)
Worried about ID theft? Keep a close eye on your credit card bills, credit scores, etc.. Buy a paper shredder. Shred all bank statements and whatnot before you throw them out. Internet-shminternet, dumpster diving is the fastest way to someone's finances. Get the carbons at the gas station, or stores where they still use the old carbon-thinger credit card machine.
Cringely is a blowhard trying to scare people, but frankly this isn't news. Using the 'net really doesn't make this easier - it's always been easy.
I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.
Re:Murder is easy too (Score:5, Insightful)
The article's point is that ID theft on a large scale requires more than dumpster diving or a crooked gas station, and he's pointing out that what ID Theives are doing to cause a 4 to 5 billion dollar problem one person at a time can be easily automated and there's a 300,000 name database of ssn's and dob's waiting to happen.
Did I already say RTFA?
Re:Murder is easy too (Score:4, Insightful)
OK, so when I leave my house in the morning, I shouldn't lock the door right? I mean, if someone is going to break in, that lock isn't going to stop them, so what's the point?
And if I see someone in my office parking lot monkeying around with my car, I should just leave them alone. I mean, if they're gonna steal it, there's nothing I can do to stop them, right?
And if I'm asleep at night, and I hear someone breaking into my house, I should just lay in bed, close my eyes, and go to my happy place. There's nothing I can do to prevent my house from being robbed or stop them from killing me.
That's a bunch of crap. Criminals prey on the weak, and they're oppertunists. The less oppertunities you give them, the less likely you are to be a victim. Not only can crime be prevented, but YOU PERSONALLY, can prevent crime if you have enough sense to do it.
Even a half-assed scheme could prevent most cases (Score:4, Interesting)
Sure you can, especially when the current security system is virtually non-existant.
My proposal is simple:
* 2 key-pairs are issued every individual by the DMV
* The first (public) key is freely given to everybody
* The second (private) key is stored on a chip in a credit-card sized pocket calculator like device, or smart card. ($5-$10 device which is paid by the driver upon issuance)
When you need to prove your identity, you will be challenged with a random number, which can only be encrypted with the private key and verified by the public key.
* Challenger gives you random number
* Your encrypt device encrypts number with private key
* Challenger verifies encryption with public key.
In the event a private key is comprimised, the corrisponding public key will be published on a public database (which keys institutions should be required to check) and a new private key will be issued.
The encryption community has come up with many solutions for this problem over the last few decades, and I know the consumer electronics and card issuance industry (which I used to work) would love nothing more than the government to stop dragging it's heels and select one of the many drafted standards.
We can solve this problem without creating another government institution or delegating it to one corporatation.
Why aren't nerds pushing for an open and honest solution to this problem? Aren't solving problems like this a nerd's wetdream?
Like I said before, even a half-assed scheme would be better than our current social-security passwords.
Don't like my solution? What are your ideas?
Wrong, stupid. (Score:3, Informative)
It's same philosophy as Car alarms. They dont prevent theft, they just encourage you to take the other guy's car because it's less trouble.
Money isn't the issue (Score:5, Informative)
You have to apply for coverage, and show evidence that your ID was in deed stolen. That can take months or years! And a lot of effort goes into all that. One of the worst parts is trying to restore your credit rating. While the whole process really shouldn't cost very much money ( $1000) it costs a quarter of your life to repair all the damage.
Re:Money isn't the issue (Score:2)
Re:Money isn't the issue (Score:4, Insightful)
65 Billion Dollars? (Score:5, Funny)
Sandra Bullock's in trouble now... (Score:2, Insightful)
I mean, come on, it *is* easy to steal someone's identity, but what doesn't get enough attention is the human factor. Not enough people are willing to actually query oddities and if a document looks vaguely official, they'll accept it. After all, if you were trying to sign someone up for a credit card, would you query their ID and lose the possible comission?
Avoiding the Post Office. (Score:5, Informative)
"Why would we replace your book?"
"BECAUSE YOU LOST IT????"
This is exactly why I use Fed Ex or UPS when ordering things. They can track your packages and they take responsibility when they screw up. Perhaps the Postal Service could take a lesson?
Re:Avoiding the Post Office. (Score:5, Informative)
Fed-Ex or UPS won't replace your item if you didn't get insurance, either.
We just got a PC shipped back to us from the field by UPS. The box was smashed, and the machine looks like CowboyNeal sat on it. Picking it up I could hear all the fancy shmance electromonical doodads rattling around inside the twisted case.
UPS won't do shit about it, because the fool didn't pay the 5 bucks for insurance.
Re:Avoiding the Post Office. (Score:3, Informative)
get it by paying a little more for it (note the "Declared Value" field
on the FedEx Airway bill).
Re:Avoiding the Post Office. (Score:3, Informative)
I nearly tripped over my new DVD burner on my way in the house the other day, and my wife had been home ALL DAY!
Re:Avoiding the Post Office. (Score:3, Informative)
I've had dozens upon dozens of packages from UPS (as well as Fedex) and had to give my signature on every last one of the packages that required it. Never has a single package been left, if it required a signature. You need to take this up with your local office, since it sounds like you just have a single UPS delivery person that isn't doing their job.
UK line of defence against Identity Theft (Score:5, Interesting)
http://www.cifas.org.uk
The service is operated on behalf of the UK financial institutions by Equifax; and will add a layer of authorisation to your name / address combinarion when arranging credit etc. It probably means that you won't be able to buy stuff on instant credit; but the for the hassle that identity theft can bring I think it's worth it. Registration costs 12 quid for 12 months.
Personally i'm amazed that institutions will lend large amounts of money without a definite proof of your identity; but I guess that's consumer forces for you - Dixons want you to be able to walk out of their store with that 32" wide screen TV purchased on instant credit. For all the sales that brings; they absorb the liability.
One Problem (Score:5, Insightful)
Why not photo id? (Score:3, Insightful)
All they ever ask to see is the bank book. Are bank accounts not tied to actual people, but instead are transferable, simply by giving away the bank book? If not, why don't they ask for my government or bank-issue photo ID?
Real Identity Theft (Score:2)
SSN used as identifer (Score:5, Interesting)
In the article it is mentioned that your Social Security Number is used as a universal identifier and as "proof" of identity.
This is not a good thing.
I work in the medical records/medical billing industry and a patient's SSN is one of the vital bits of information we collect and use to help index records.
Also the patient's date of birth.
For billing purposes, we need the patient's home address.
The health insurance company also needs all this information. In fact, if we don't supply all of the patient's personal information, they often don't pay claims.
We try to protect private information. We have yearly training, and monthly filers reminding us of the importance of protecting confidential infromatin. We have every bit of discarded paper shreded, and we have pretty good locks on our doors, and we have a fairly paranoid firewall, but the truly determined employee could always get their hands on thousands of patient records with everything needed for identity theft.
It's probably the same way at Hospitals and Insuance companies too. Too many people have access to private information, and the social and technological controls on it are too weak.
I hope that no one who has access to my personal information decides to do a bit of creative fundraising.
I don't have any answers, but we ought to think of solutions pretty soon.
Re:SSN used as identifer (Score:5, Insightful)
On par with your workplace, I did a contract gig for a major HMO around Minnesota last year. The amount of information I had at my fingertips was amazing, considering I didn't need ANY of it for my job (Desktop Analyst). A close friend of mine works for the same HMO doing data-entry, and since he's in the billing department, he has free reign to people's entire credit and medical history, along with all the other goodies that any peon could exploit easily. I've asked him before how easy it'd be to print out a file on someone and take over their identity. The answer? "Easier than you'd believe."
Scary shit indeed. One last thing that still boggles my mind is how many times I use my debit card and get the customer copy with my full account number on it. Seriously, it's usually at places where people throw them away right away...gas stations, grocery stores, and restraunts are the big 3 that I've noticed. Make sure to rip those little bastards to shreds once you walk out the door.
I have the solution (Score:5, Funny)
Then no one will want to steal your ID
Stealing bank details (Score:5, Interesting)
For instance, E-Gold members (and others) have been receiving emails like this
Dear e-gold user.
At 09.05.2003 our company was attacked by unknown
persons. Out administrators is working on the database restoring.
If you have an active account, please check if it is still active, your
current balance is right and all transactions can be processed.
If you find that your account is inactive, please letus know
immediately at e-mail service@e-gold.com
To check your account, please click on the link below:
https://e-gold.com/sci_asp/payments.asp
It looks official, doesn't it? And the link looks ok too. But it is an html email, and the actual link went to a page located at e-gold2.com, which looked exactly like the real e-gold site. Thus the fraudsters were able to get peoples log-on details. More here [e-gold.com].
In the UK, many people have been receiving emails that look as if they are from Barclays bank (one of the biggest in the UK). It is a similar scam to the e-gold one. More here [theregister.co.uk].
I myself have recieved and email asking me to update my ebay account details. Only on close inspection did I realise that it was a fraud.
I find this extremely worrying. Personally I am probably like many Slashdotters - paranoid about security and difficult to catch out. However most people aren't like that, and this new type of scam email is an extremely worrying development, because it could catch a lot of people out. People really need to be informed about this type of scam, but I've yet to see much in the press about it. Any journalists reading..?
Re:Stealing bank details (Score:4, Funny)
There are a lot of people in this world who aren't as intelligent and perceptive like you so obviously are!
This is no better than the usual spam.
I disagree strongly. Getting an email that looks as if it is coming from a bank or service you subscribe to is not the same as getting an email about enlarging your penis.
(I'm being generous letting them off w. the "unknown persons" bit b/c, while it's bad grammar (person == singular, people == plural), but "person or persons unknown" has made it into the vernacular)..
You, sir, are a bit of a twat.
Scary websites... (Score:4, Informative)
My wife and I tried buying something on the web on this one particular site. It asked me to register since I was buying stuff for the first time there. Filled up everything on the "new account" page and hit "register me". The page came back in error saying the id I was trying to register was already taken so I had to try another one. Not so bad. What was bad though was THE PAGE RE-LOADED WITH ALL THE FIELDS IN IT PRE-FILLED WITH THAT ALREADY-EXISTING USER ID's DETAILS! Address, phone number, first/last names everything on there for the taking.
Scaaary. We politely backed out of the site and decided to buy elsewhere.
Mobile Phone Companies Require SS# (Score:3, Informative)
Recently I signed a new cellphone contract and they *would not* allow me to sign the contract without giving them my SS# (which I imagine is for a credit check). What's the legality of that? Is there any way to avoid handing over SS#'s in these situations? Its terrifying that cell-phone services have huge databases of millions of Social Security numbers.
Anyone?
Re:Mobile Phone Companies Require SS# (Score:3, Informative)
I questioned the sales rep when I was in the same situation. He said that it's used for nothing but the credit check.
Then I got my first bill and saw that the first half of the account number was a significant portion of my SSN. I suppose that could be a 1/10000 coincidence.
Watch for Wrong Solution (Score:5, Insightful)
Public records are better if you want to be a crook because the Freedom of Information Act makes them completely available.
Cringely was quite correct when he identified two parts of the problem: the ubiquity of using SSN as both an identifier and as authorization (or using credit card numbers this way).
It would really be much better if the institutions we dealt with would accept identities and authorizations that were only valid for the specific transactions we conducted with them.
But no, "people can't remember all those numbers". Well, people ought to have a private key that is really private, and public keys that anyone can use to verify that person X really authorized some transaction Y.
But rely upon government to come out with a bad solution to this problem.
The FoIA safeguards, which are important to keeping government transparent and more accountable to the people, will be abolished (as they have already been for various cases deemed to involve national security or "terrorism"), to "increase security for the citizens".
We'll be trading a great deal in terms of liberty and knowledge of whether our government is acting properly for very little in the way of security.
It happens more than you think! (Score:5, Informative)
Xerox/scan all your bank cards, credit cards, drivers license, etc front and back. Write down all the contact info and make sure you keep a copy in a safe place. NOT YOUR WALLET! If anything is lost or stolen call immediately!
Open a second bank account to use for online transactions. I transfer only the amount of money I need to cover gas, lunch, online stuff to it. I don't use an ATM card on my primary checking/savings. If someone grabs a carbon, they don't get access to anymore than the few bucks I keep as a buffer.
And as many have and will say here: Don't give out your SSN, check your credit report regularly for new lines of credit and shred early - shred often!
approx $220000 each (Score:3, Funny)
Just let me make sure I get that email about creating a new credit file first!
Cause and Prevention (Score:5, Informative)
There is certainly a degree of catch-22 involved between convenience and security. When my wallet was stolen with license and SS card (dumb to carry both but I recently needed them starting a new job)a few years back, I was glad that I was able to get a new drivers license with no identification except a birth certificate copy I was able to get with just my SS number and no identification - but the ease of doing so certainly gave me pause for thought.
In addition to the sound advice of shredding, a good idea is to lock your credit reports from being issued without your consent and opting out of pre-approved CC offers. Instructions for both at this article - http://abcnews.go.com/sections/scitech/TechTV/tec
I'm just thankful my house has a mail slot that drops into an inaccessible bin inside the home.
Re:Cause and Prevention (Score:4, Interesting)
I'm not certain about all of what you said.
My mother worked in a state university admissions department in the 1960s and 1970s, and was a programmer and operator of their computer. One year, they had two applicants apply under than same social security number. They were able to verify that both people owned the same number! Turned out, the US Government didn't guarantee the uniqueness of the SSN-- it ALONG WITH YOUR NAME AND BIRTHDAY were your taxpayer unique ID. But the university had no way of admitting both students as they wanted to under the same SSN, so they asked one of them to get a new one. It wasn't hard once the Social Security Administration figured out why.
Times have changed and computers have proliferated, and I've only done some casual investigation, but I've never found any guarantee by the US government that the SSN is unique.
More ammo for Ashcroft (Score:3, Insightful)
What worries me is not so much the people that try to steal identities, because as most of us understand how its perpetrated, its easier for us to avoid and/or control the consequences, but when some crazy system gets put into place 3 years from now by the Republican cronies because of some silent passing of a Partriot Act clause. I for one don't feel like having to provide a blood sample to get into my office, or giving a sperm sample for a new home loan ala Gattaca.
Locking mailboxes? (Score:4, Informative)
I found this place that sells a "locking mailbox": http://www.oregontrailbox.com/
I think I'm going to get one from them. If you come across anything better, or have experience, please reply.
Re:Locking mailboxes? (Score:4, Interesting)
Stolen credit card number (Score:5, Insightful)
In conclusion I still don't know if the original number was real or not.It could have been the card thieves trying to trick me. After getting the new card, I checked my credit report an month later to verify nothing new had been opened. The lesson I learned is to never use a number you cannot authenticate when doing sensitive stuff like this.
We do not have identities. (Score:5, Insightful)
Are people really suggesting that this information be "secret"? The SSN is not meant to be secreat, can not really be secret, and every SSN card says explicitly that it is not meant to be secret.
Surely we are not suggesting that one's name, address, and telephone number be secret.
The problem is that this non-secret, non-unique information is used to identify people for many significant transactions. I.E. Driver's license, Mortgages, Credit Cards, etc...
The other problem is many people are opposed to instituting any kind of authoritative nation wide identification system.
Put aside your libertarian angst for a second and imagine if we did have a national DNA registry that positively and uniquely identified everyone. Sure we have all seen Gattaca and imagine ways of forging DNA derived identification, but it would be much harder.
Much harder than the current system where all the tokens we use to identify ourselves are from non-secret, non-uniquely identifying information sources.
Re:We do not have identities. (Score:3, Informative)
A. DNA is not unique -- consider identical twins, for example
B. DNA is not secret either; certainly no more secret than fingerprints. You leave piles of copies in the form of hair and shed skin cells whereever you go.
I don't understand. (Score:3, Interesting)
New passports are only given out by the city-hall, and you have to turn over the old one, or show signed police-statements that you lost the previous one. (I suppose that they will corroborate with my home-address which is also known at the city hall for lost passports)
How come photo-ids aren't required in the US?
These aren't the scooters you are looking for... (Score:4, Interesting)
I called the scooter merchant this morning, and sure enough, someone had used my wife's AmEx card number to order the scooters and ship them to an address just a few miles away. Thankfully, as the nice owner of the scooter co. informed me, they have a policy of only shipping to the billing address and the sweaty-toothed madman didn't get his precious scooters. Ha!
So since the nice owner of the scooter co. shared the IP address of the person who made the order, and being a huge internet nerd, I have already traced the origin (via nslookup) to an AOL user who was logged in and using AOL at 11:53am on 9/7/03. I might just have the means to track this guy down. I'm turning this over to the credit card company immediately, but the "sue everybody" American in me wants to go after this bastard for mental anguish, lost time returning the scooters, making this post, etc., and emotional damage to my 3 year-old daughter who was understandably excited about the scooters (perhaps even as excited as me!).
What do you think?
Story repeated at my blog [tarponcreek.com]
Compare with Europe (Score:4, Interesting)
And there are some obvious reasons for this:
- Nobody in Europe has mail boxes without a lock. European mailbox are usually flat, upright, rectangular boxes with a slit on the top of the front where the mailman drops the letters and they fall down a slide so you cannot get them out without using either very long pliers or, of course, the key to unlock the door at the back.
- No bank would give you a checking account or a credit without checking your ID card and making a photo copy of it and noting the number. (Remember that in most European countries (except e.g. the UK) every citizen is required to have a national ID card which you show whenever somebody has to be sure of your ID. (These cards have all kinds of witty security features to make them really hard to counterfeit.)
- All laws and courts agree that a reasonbable proof that somebody did make a business transaction is a signature on a piece of paper, or at least some computer record showing that the customer has entered a secret PIN. 'Secret' meaning, that nobody else should be able to know it. (PINs are printed out by the banks' computer systems and put in a sealed envelope without any employees being able to look at them.)
- Especially, if you told a court that a business transaction was valid because you checked the caller's identity on phone by asking for his SSN (or some lcoal equivalent of this), his date of birth or his mother's maiden name, the judge would probably only laugh at you.
While staying for half a year in California, I was quite astonished about the lax way of checking identities common in th US.
(For example, I got liability insurance for the used car I bought by just phoning the company. The guy asked for my Visa card number, then said 'Fine. Your car insurance is valid starting now, i.e. 4:13 pm.' That was great and convenient, but after all, I still prefer the European way, where they'll first ask 'So, how do we know, that this was your credit card number, and not taken from some receipt you picked out of a trash can?'. As the very least they would want proof of your address so that they can send you a court summons in case you tried a fraud.)
Let Me Guess (Score:3, Funny)
If you can obtain the information in an hour (Score:3, Insightful)
Don't blame the government, blame the banks (Score:4, Insightful)
They belong back in the 19th century!
We need to task the NSA, or a DARPA project, or any serious professional, with coming up with a secure banking id system, one that meets serious security standards, and just get the damn problem fixed. I think that if you picked any code breaker at random and gave him the task, he'd come up with something a hell of a lot better than what we got. If you held a nice contest, it would come out really nice.
If we got some modern crypto-spooks involved, if we could get to where the KGB had to sweat even a little to crack our identity system, identity theft would be a crime very few could give a try. Just try reading a few books about what the KGB and CIA have to do to crack each other's security, and then compare that to mother's maiden name and social security number.
That is the solution.
As a minor improvement, all credit cards should be required by law to have photos on them that were supplied by the government, and verified to be the unique current registered photo for that id.
All transactions not serious crypto-verified should be illegal to report to a credit agency.
Re:You want some wine with that cheese? (Score:5, Insightful)
Yeah, cause this will never come back to bite you in the ass. I'm quite sure that when your employer finds out that you gave them a fraudulent SSN, you'll all just have a great big laugh over it, and they won't be calling the Department of Homeland Security or anything.
or, more likely... (Score:2)
Re:You want some wine with that cheese? (Score:5, Informative)
Your employer is the one entity which is required to ask for your SSN -- it's used to pay your FICA and Medicare taxes, as well as to route your employer's contribution to your account. Those taxes? Well, if Social Security is still around when you retire, they're what sets your benefit level...
Re:You want some wine with that cheese? (Score:3, Informative)
Re:You want some wine with that cheese? (Score:3, Funny)
Oh, you forgot one thing. Make sure you never ever give out your true name, no matter who it is. Once they have your real name they
YANAL (Score:3, Informative)
An employer is not required by law to obtain an employees Social Security number. The law requires only that they ask for it. (How can they be required to obtain an employees SSN, when in fact, there is no legal requirement that a person obtain an SSN in the first place?)
Take a look at this [networkusa.org].
Here's a relevant excerpt (And please