in Search

ID theft

All about how it happens and how you can keep it from happening to you.

July 2009 - Posts

  • Online job scam turns job seekers into "money mules" for Ukrainian cybercrime ring

    Bullitt County, Kentucky lost $415,000 to cyber crooks in the Ukraine assisted by a keylogging Trojan virus and at least 25 “money mules” in the U.S. At least two of the co-conspirators became involved in the scheme after replying to job ads on Careerbuilder.com.


    Pack muleWashington Post reporter Brian Krebs was able to contact two of the stateside intermediaries with the help of a cyber crime security expert investigating the Bullitt County attack. The following information is from his column in the Washington Post.

    Both mules are Florida women under the age of 35 who claim they became involved in the scam unwittingly. They say they responded to an ad on the Internet job site Careerbuilder.com recruiting editors to improve the grammar, punctuation and flow of letters. The women told Krebs the letters--purportedly from Fairfield Delivery Service--seem to be intended to recruit other editors, and seemed to have been written by someone for whom English was not a native language.

    When one of the women asked when she’d get a paycheck, and received an explanation that the company had trouble getting money to its clients overseas, and offered her a position with the company to help with that process.

    Both women said deposits of almost $10,000 from Bullitt County’s bank account were made to their own bank accounts, with instructions to keep 5% commission, and wire the remainder to a bank account in Ukraine.

    One of the women grew suspicious and wired only $3,000; the other woman followed through as directed and wired almost $9,200 to the Ukranian scammers.

    Shortly after the money was wired, Bullitt County’s bank traced the fraudulent withdrawals to the women’s accounts and had the deposits reversed, leaving the women responsible for any money they’d withdrawn: $3,000 for one of the women, and nearly $9,200 for the other.

    And, somewhere there are at least 23 other “money mules” who fell for the same scam.
     

    Posted Jul 31 2009, 02:50 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Dozens of boxes of Code Blue Staffing Solutions' records found dumped

    I’ve said in other blog posts that of all the ways data breaches happen, nothing riles me as much as the careless, contemptuous—maybe even criminal—dumping of records into publicly accessible dumpsters.

    And, here we go again. This time the thousands of records contain personal and financial information of nurses who used to be associated with Code Blue Staffing Solutions—the company’s name and logo are present through the 30 to 40 boxes or records found dumped behind India Tree Spices in Seattle.Dumpsters

    Code Blue, formerly headquartered in Albuquerque, has been out of business for years, but used to place traveling nurses in jobs. Andrew Turner, the company’s founder, moved from Albuquerque to a Seattle neighborhood only three miles from where the boxes of records were found.

    Each Monday morning for at least three weeks running, India Tree Spices employees came into work and discovered the boxes in the business’ unlocked trash receptacles.

    Eric Dillon, an India Tree Spices employee, told Amy Clancy, a reporter with Seattle TV station KIRO, the files include medical records, Social Security numbers, driver’s licenses, financial records, legal documents, bank records and W2s.

    On the KIROTV.com website, Clancy reported that despite several attempts to reach Turner by phone, he never returned the calls.

    She did, however, make contact with nurses whose information was within the files. One said she felt vulnerable. Another said she was angry. Yet another said she was extremely upset and that she assumed her records would be safe.

    Apparently, none of us can any longer assume that our records will be safe.
     

    Posted Jul 30 2009, 06:03 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Criminal ID theft: Florida ID theft victim wrongly arrested as prostitute.

    Most identity theft victims struggle to sort out the bills their impostors run up. Illegally obtained credit card accounts, cell phone bills, home mortgages, retirement benefits and even medical care can ensnare identity theft victims. But Linda Norris’ identity theft woes—though not unique--are more humiliating and infuriating than those.

    Norris was arrested July 7 on charges of violating the terms of probation stemming from her 2004 prostitution arrest. Which is all well and good, except Norris isn’t a prostitute and was never arrest as one—until this month.

    The woman Florida Highway Patrol troopers thought they were arresting was Colleen Wehunt, a woman who’s been using Norris identity since 1993. That’s when the women rented rooms in the same house, but they didn’t know each other and weren’t friends, Norris said.

    That’s also the same year Wehunt was arrested for theft, and gave Norris’ information to the cops for the first—but not the last--time.

    As awful as Norris’ story is, it’s not uncommon among ID theft victims, according to those who participated in the 2008 Aftermath Survey conducted by the Identity Theft Resource Center:

    • 56% said a warrant had been issued in their names for crimes committed by their impostors
    • 56% said their impostors were arrested, booked or arraigned using their victims’ names
    • 33% said their impostors were prosecuted using their names, resulting in their having criminal records.


    Norris spent five hours in jail before her identity was confirmed, and knows she might face the same ordeal again some day.

    “It’s very embarrassing—very embarrassing. I want it to stop,” she said.
     

    Posted Jul 29 2009, 04:39 PM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Three stories of child ID theft

    Shiloh Puckett, Diamond Daye and Jason Truxel have probably never met, but they have a lot in common--each of them has been a victim of child identity theft.

    At least one in 20 children--one child in every elementary school classroom--is an identity theft victim, according to a study by Javelin Strategy and Research. In nearly all child ID theft cases, a parent or other family member who has easy access to the child’s Social Security number commits the crime.

    In Shiloh Puckett’s case, it was her mom.

    The first credit card account in Shiloh’s name was opened when she was only five years old. By the time she was 10, 17 credit card accounts had been opened using her information and she’d been approved for a $42,000 loan.

    “I did it because I had to, as a means of necessity,” Cindy Puckett said. “I feel bad I did it, and I shouldn’t have done it. At the time, I didn’t really think it was wrong in the sense I was hurting my child.”

    Puckett served six months in jail after police discovered hundreds of pieces of evidence against her, including credit cards, unpaid bills and loan applications in her daughter’s name.

    Diamond Daye’s story is pretty much the same. Her mother, Maurine Walter, used her daughter’s Social Security number to apply for apartments and utilities, cable TV and cell phone service because her own lousy credit made it impossible to pass credit checks.

    Many parents claim they had to use their children’s identities because they were stuck between rock and a hard place: When there’s not enough money to cover essentials, they use a kid’s name and SSN intending to pay the bills and make everything right before the child grows up.

    In other cases, the crime is just too easy, and the loot is irresistible. That seems to be the case with Michael Truxel, whom his son, Jason Truxel, says used his personal information for lavish spending.

    Jason Truxel’s credit record shows he took out the first of 23 credit cards when he was 13, bought a house at 14 and, at 17, bought a timeshare condo in Daytona Beach. Jason said he found a dresser full of bills at his father’s house. In the same dresser, he said he found 15 credit cards in his name.


    Posted Jul 28 2009, 02:49 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Network Solutions data breach: 573,000 online business owners and their customers to be notified of hacking

    If Network Solutions registered your domain name, hosted your website or processed the credit card payments from your online business, bad news might be coming your way--Network Solutions is sending out 573,000 data breach notifications this week.

    Hackers broke into the company’s web servers and delivered malware that copied transactions that took place from March 12 to June 8, 2009. Personal and financial information was stolen, including the credit and debit card account numbers from customers who made online purchases from any of the websites Network Solutions hosts.

    To their credit, Network Solutions is “doing the right thing” in response to the data breach. Rather than leaving the expense and burden of notification to each of the small business owners, Network Solutions is sending the notices to consumers themselves via U.S. mail and email.

    “We feel terribly about it to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute,” Network Solutions spokeswoman Susan Wade said.

    So far, 45 states and the District of Columbia have passed legislation that requires businesses and government entities to notify consumers if their personal or financial information was exposed or compromised in a data breach.

    The company is also offering to pay for 12 months of credit monitoring service through TransUnion for anyone whose personal or financial information was compromised because of the data breach.

    Network Solutions is cooperating with federal law enforcement and a commercial data breach forensics team in their ongoing investigation to determine the source of the attack and the security weakness that allowed it.
     

    Posted Jul 27 2009, 04:41 PM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • College students at high risk of ID theft--so are their parents

    No big surprise: College students don’t worry about safety as much as their parents do. It’s that oft cited thing about invulnerability, and it applies to their assumptions about ID theft, too, as evidenced by a recent survey conducted by the Identity Theft Resource Center.

    Even though 30% of all identity theft victims are between the ages of 18 and 29, only 21 percent of 1,000 students said they thought ID theft was even a moderate risk. In contrast, 74% of the 1,000 parents included in the survey said they thought students’ are at a moderate to high risk of becoming ID theft victims.

    And, though ID thieves victimize young adults more often than their parents are, college students may be putting their parents at risk.

    College students commonly use their parents’ personal and financial information for things like student loans, leases, credit cards and tuition and housing checks, and likely don’t keep the related documents locked up securely. Worse, 40% of ITRC’s survey respondents said they don’t lock their doors; 10% of them said they’ve let strangers into their apartments, dorms or houses.

    So, what’s a parent to do? The ITRC recommends adding the following to the already-long list of things kids need for college:

    • Crosscut shredder
    • Lock box big enough to hold a laptop
    • Security software for the laptop
    • Pens with specially formulated ink that can’t be washed from a check


    The survey also revealed that less than one-third of students reconcile their bank or credit card statements, so are unlikely to discover identity theft early on before significant damage occurs.
     

    Posted Jul 24 2009, 05:28 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Stupid criminal stories: "He looked like that every f**king morning. Of course I didn't know he was dead."

    I have to say up front this isn’t a new story, but since I missed it last year, maybe you did, too. At any rate, these guys are so delightful they deserve an encore.

    David Daloia and James O’Hare insist they didn’t know Virgilio Cintron was dead when they loaded his body into an office chair so they could wheel him into a check-cashing store and cash his $355 welfare check.

    The two were stymied when they tried to cash the deceased’s welfare check without him, so—geniuses that they are—they went back to Cintron’s Hell's Kitchen apartment to get him. A cop in a nearby restaurant intervened when he happened to spot the unwitting pallbearers and the exceptionally pallid Cintron en route to the Pay-O-Matic.

    Daloia’s comments following the international sensation their stunt provoked: “He looked like that every f**king morning. Of course I didn’t know he was dead.” And: “I’ve robbed banks and I didn’t get that much coverage.”

    James O’Hare--apparently the more sensitive and reticent of the duo--said, “I love him and I miss him. We were friends for 50 years, and I miss him already.”

    Daloia and O’Hare were charged with larceny, attempted larceny and failing to properly bury a body, but charges were later dropped because prosecutors couldn’t prove Cintron wasn’t alive when first loaded into the chair.

    Cintron had been sick for some time and apparently died of natural causes. In fact, Daloia said in court that their buddy had been in a coma for “days upon days,” and just a few days before they’d helped him out by lugging him to the same Pay-O-Matic where they successfully cashed another check.


    Posted Jul 23 2009, 01:36 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Ponemon Institute study shows CEOs overly optimistic about data breaches

    After spending a year eating my way through Italy, I caught a glimpse of my reflection in a store window one evening and saw that my dress had bunched up over my butt. How shocked I was when I tried to smooth it away, only to find that what I'd seen in my reflection was actually my newly-large butt.

    A new study by the Ponemon Institute reveals the same dissonance among CEOs and their vision of their organization’s security.

    Ponemon’s researchers asked 213 CEOs and other C-level executives about attacks on their companies’ data, and came up with the following disparate responses:

    When asked, “How often is your company’s data attacked?”

    • C-level execs: 33% said their data is attacked hourly or more often
    • CEOs: only 17% said their data is attacked hourly or more often
    • C-level execs: 20% said their data is attacked daily
    • CEOs: only 15% said their data is attacked daily
    • C-level execs: 32% said their data is rarely attacked
    • CEOs: 48% said their data is rarely attacked


    “The CEO knows that, by some functioning metric, work is being done, but people in the trenches know it’s a constant rush to get the sandbags up in time,” said Jack Danahy, founder and CTO of Ounce Labs.

    Danahy also speculated that the C-level execs might not always be giving their CEOs the whole picture when it comes to data attacks unsuccessful or otherwise. Which, I guess, in my world is the equivalent of going a year without a full-length mirror.

    Posted Jul 22 2009, 05:27 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • FTC "Red Flag Rules" August 1 deadline

    There’s been a lot of confusion about the FTC’s definition of creditor, with many people assuming it applies only to financial institutions, mortgage brokers and finance companies. But it turns the definition is much broader.

    If you’re still confused about whether or not the Federal Trade Commission’s “Red Flag Rules” apply to your business, here’s a simple quiz to help you sort it out: Do you provide goods or services and defer payments or accept partial payments toward the total balance? If so, you’re a creditor and have 10 days to meet the FTC’s August 1 deadline and get your ID theft prevention program together.

    If you own a dry cleaning business that allows customers to run monthly tabs, or you’re an attorney who accepts a down payment for total services to be rendered, you’re a creditor. Orthodontists who set up payment plans for kids’ braces? Yep.

    The good news is most creditors are small businesses, and meeting the requirements shouldn’t be a huge undertaking. The red flags are only common sense warning signs; they just need to be documented and your employee trained.

    What to watch for

    • Be on the lookout for fake documents. Does the photo look authentic and match the customer’s appearance? Does the address match the information you have on file?
    • Watch for unusual use of an established account. If a normally reliable customer is months late on payments, or making uncharacteristically expensive purchases, it might be a sign of account takeover.
    • Fraud alerts and credit freezes are placed on credit files by consumers who are already ID theft victims, or think they might become victims—for instance, someone who’s lost a wallet. If you run a credit check on someone and find a fraud alert or freeze, take extra steps to confirm identity.


    All that’s left is to put your plan in writing, discuss it with employees and determine who among your staff will be the go-to person.
     

    Posted Jul 21 2009, 03:05 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Lucid Intelligence created database of information from 40 million ID theft victims

    Few know about it, but there is a massive database containing 120 million stolen personal records, and they’re all for sale. Lucid Intelligence-a Britain-based company—has created the massive database representing the stolen information of roughly 40 million people, mostly Americans.

    All the information was found on the Internet, and forwarded to Lucid Intelligence from sources including the FBI, British police, and anti-hacking and anti-phishing campaigns around the world. The database was established by Colin Holder, a retired Metropolitan police officer who spent years working in the fraud department.

    It’s long been know that cyber criminals use the Internet as a marketplace for buying, selling and trading their stolen wares. Much of the information is stolen through phishing attempts, a technique of sending emails purportedly from a trusted, authoritative source, and tricking the recipients indo divulging passwords, account numbers or other information.

    The online marketing of stolen information received widespread attention when Max Ray Vision, hacker extraordinaire, was arrested in 2007. Vision was the mastermind and ruler of CardersMarket.com, the preeminent online forum for hackers and ID theft criminal rings. At the time of Vision’s arrest, CardersMarket had more than 6,000 users from all corners of the globe.

    For now, people can perform a free online search of the Lucid Intelligence database—the largest of its kind in the world--to see if their information has been stolen, but the makers intend to charge for the service somewhere further down the road.
     

    Posted Jul 20 2009, 05:15 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • "I’m as mad as hell and I’m not going to take this anymore!"

    The actor Peter Finch spoke those immortal words in the 1976 movie Network. Playing a TV news anchor driven mad by crime, recession, pollution and punks, Finch’s character soon has thousands of likewise enraged viewers throwing open their windows and joining him in his rant: “I’m as mad as hell and I’m not going to take this anymore!”

    I read and write about identity theft every day, and have seen so much that it seldom pisses me off anymore. But, once again someone has brazenly—in fact, criminally—dumped their customers’ records into an unlocked Dumpster where anybody who wants them can have them.

    This time, Pastor Franklin Clark found hundreds of records from a home improvement company, Home Solution Pros, in a Dumpster behind his Charlotte, NC church.

    The paperwork included customers’ names, Social Security numbers, bank account numbers and credit histories.

    “For people who sell stuff like this here, just think about it—this is a gold mine,” said Pastor Clark.

    Home Solution Pros abruptly left their leased space in Cornelius, NC last December, according to the landlord. And, when they left, he said they left behind equipment, files and a mess big enough that it recently cost him $5,000 to get it cleaned up.

    He told a reporter from a local TV station, WSOC, he took the files abandoned in the office to a shred even last weekend, and wonders if they’re the same records found in the Dumpster—as if the shredding company collected documents and dumped them behind Pastor Clark’s church when no one was looking.

    Whether Home Solution Pros, the shredders or the landlord dumped the records, somebody has violated North Carolina’s Identity Theft Protection Act, and could be fined $5,000 for each record—not each incident, each individual record.

    That means, if Pastor Clark was right, and there were, say, 500 records in the trash, and if the North Carolina Attorney General's office followed through, the fine could be as much as $2.5 million. I’d still be mad as hell, but I’ll bet in the future there’d be a lot fewer records criminally pitched into Dumpsters.
     

    Posted Jul 17 2009, 03:54 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Ponemon Institute study reveals 85% of businesses have had data breaches in past year

     You’d think they’d learn, but 85% of all businesses have had data breaches in the past year. That’s up from 60% in 2008.

    The numbers come from the Ponemon Institute’s most recent of four annual Encryption Trends Survey, for which nearly 1,000 U.S.-based executives were asked about the security of the information they hold.

    Thirteen percent of the respondents said their organizations had suffered five or more data breaches. Not surprisingly, these were the same organizations.

    “A data breach is defined as the loss or theft of confidential or sensitive data including information about people and households, “ said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

    The organizations don’t seem to particularly care about hackers or competitors capturing their information, nor do they seem to particularly care about bad publicity and customers leaving in droves.

    If nothing else, you’d think the skyrocketing costs of data breaches would be enough to encourage them to better secure the records they hold. Another recent study by the Ponemon Institute found that data breaches cost businesses an average of $6.6 million, or $202 per record.

    The only bright spot in the study is that more organizations are being forced by state and federal legislation to adopt encryption policies and to report data breaches.

    The Ponemon Institute conducts independent research on privacy, data protection and information security policy. The 2009 Encryption Trends Survey was sponsored by PGP Corp., a provider of email and data encryption software.

    Posted Jul 14 2009, 01:46 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Dumpster diving for ID theft

    What’s the first thing on any how-to guide for preventing identity theft? Use a shredder. But what good does it do if banks and retailers aren't doing the same?

    When Jonah Nelson, 30, was arrested a couple weeks ago in Sacramento, he said he got all the information he needed to steal more than 500 identities by dumpster diving behind banks and businesses.

    Nelson made more than 1,000 fake IDs by first visiting local banks, then using a computer to make the ID cards, blank checks and credit cards, according to the criminal complaint filed against him.

    He allegedly admitted to stealing between at least $1 million with this scam, and maybe as much as $2 million.

    A local TV station, CBS13 tried some dumpster diving of their own behind a bank close to the station and found processed deposit slips with names and account numbers on them and junk mail with the names and addresses ID thieves need to begin constructing a new identity.

    And, last week in Salt Lake City, a man found 20 boxes of medical records in a dumpster while throwing out the trash from work.

    The files contained names, addresses, birth dates, Social Security numbers and canceled checks.

    Anyone could have taken the files, and it’s possible someone already did--just because 20 boxes were found, doesn’t mean there weren’t more initially.

    “They could steal a lot of identities,” said Daron Breinholt, the man who found the files. “A lot of identities were in there.”
     

    Posted Jul 13 2009, 04:24 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • "I wish an ID thief would steal my identity and improve my credit score."

    Years ago when the steel mills in my rust belt hometown closed, my brother-in-law and thousands of others lost their good-paying, manufacturing jobs. A year later, my sister began joking that she wished identity thieves would steal their financial information; she felt certain they’d improve their credit scores.

    Luckily, her husband got another job and they were able to pay off their bills and pretty quickly boosted their slumping credit score to its original stature. Even luckier, no one ever stole their identities, or they might never have been able to recover completely.

    According to the Identity Theft Resource Center, ID theft victims spent an average of 165 hours cleaning up the mess of new accounts; doing so cost them an average of $950. But those figures don’t take into account that only 35% of the ITRC survey respondents said they’d successfully resolved all financial, medical and criminal issues.

    Financial recovery after identity theft fraud is hard enough, but imagine how harrowing it must be for the 56% of ITRC respondents who have had arrest warrants issued in their stolen names, or have actually been arrested for crimes their impostors committed. Criminal identity theft can result in the victims facing charges by the IRS, FBI, state and local law enforcement agencies; it can even result in job loss, or the inability to get a job or driver's license.

    And though those scenarios are grim, they’re not life threatening; medical identity theft, on the other hand, can be. Among the identity theft victims involved in the ITRC study, two-thirds discovered that someone else used their identities to receive medical care.

    For many of them, the resultant medical bills added to their financial problems. Of course, the bigger problem with medical ID theft is the danger of having incorrect information in medical files, or not being able to receive medical care because someone else took the insurance policy to its $1 million cap.
     

    Posted Jul 10 2009, 02:49 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Should you sign the back of credit cards or write "Ask for photo ID"?

    For years I’ve been advising people not to sign the back of their credit cards. I recommended that, instead, they write PLEASE SEE PHOTO ID in that blank space. And, for years, many identity theft protection experts thought this was the best way to keep someone from using your stolen credit card.

    The biggest shortcoming was that few sales clerks ever actually asked to see photo ID, but then again, not many of them checked the back of the card anyhow.

    Now it seems I’ve shot myself in the foot. (My apologies to anyone else left nine-toed because of my advice.)

    I’m among the millions of people recently issued new bank and credit cards in the wake of the Heartland Payment Systems data breach—in fact, I’ve had to have three cards replaced. Last week, right after I set up my new PIN for the newest card, I flipped it over and began writing PLEA …

    That’s when the bank employee assisting me snatched the pen from my hand and sternly warned me to never write that on the back of any card. The reason? Government offices, including post offices, won’t accept a card that isn’t signed. The reason? Better technology has made it too easy for identity thieves to create driver’s licenses with their own likenesses coupled with the ID theft victim’s name and license number.

    He offered to get me yet another new card, but I declined. So now I’m carrying around a wallet full of unsigned cards and wondering how soon one of them will be refused. I bought stamps at the post office last week, and offered my bankcard rather than paying cash. Once my card was accepted, I asked the worker about the policy.

    She and a coworker who’d overheard mumbled a lot, but finally confirmed what the bank employee said. Oddly, no one looked at the back of my card or asked for ID.
     

    Posted Jul 09 2009, 05:31 PM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
More Posts Next page »

This Blog

Syndication

Tags