Forgot your password?
typodupeerror
Security

Identity Theft Countermeasures? 609

Posted by Cliff
from the don't-keep-your-identity-in-your-back-pocket dept.
gbell asks: "Stories about reconstructing shredded documents and horrific tales of rampant identity theft (at least 750K victims/year) have me scared and wondering if I'm being careful enough. What are savvy Slashdot readers doing to protect their financial identity? I already have fraud alerts on my credit reports, which make sure I'm contacted if any requests for additional credit happen. I've called 800-5-OPT-OUT and stopped all the credit card offers. I use unique passwords on all of my online financial accounts. I shred and pulp-ify all documents. I order periodic copies of my credit reports (although I'm irked that I have to pay for them - they're only free if you've been recently denied credit). Is there anything else I should be doing? People spend years sorting out ID theft, and I'm wondering when credit-abusers will start crying 'fraud' just to get out of debt... making things even harder for the true victims. Cops don't have time to do anything, even if you find the perp yourself. The situation looks like it's going to get much worse, and I'm willing to take steps now to increase my security at the cost of convenience. Suggestions?"
This discussion has been archived. No new comments can be posted.

Identity Theft Countermeasures?

Comments Filter:
  • by feed_me_cereal (452042) * on Tuesday August 12, 2003 @07:24PM (#6680850)
    when you get a receipt, tear out your credit card number and tear it into smaller pieces. People can pick them out of the trash. I'm always careful to do this, many places put your number on your receipt.
    • Alternatively, you can just check your credit card statement each month for suspicious activity. Since you have practically no liability for fradulent charges (the Fed mandates a maximum liability of $50 but many banks have set it to $0), you should worry too much about the number getting out. Sure, it's a pain to have to get a new card issued, but it's a small price to pay to not be liable for things that are out of your control anyway.
    • Many receipts no longer display the entire card number. I'm not so sure I would shop anywhere that did display the whole thing anymore. My only experience with ID theft was when my card was stolen by a clothing store employee via the receipt, but this was 12 years ago or more.

      My latina friend had her identity stolen to provide papers to an illegal immigrant.

      If your identity is stolen visit the ftc.gov website.

    • by Maditude (473526) on Tuesday August 12, 2003 @07:39PM (#6680977)
      Or just dump something suitably gross in with 'em. I just dump out my chaw-spit cans.

      (-1, disgusting)
      • My solution: the remains of 2 weeks of cat excrement. Anybody that gets something outta my garbage is gonna pay a hefty stanky price.
  • Cops don't act (Score:2, Insightful)

    by afreniere (611999) *
    Cops don't have time to do anything, even if you find the perp yourself.

    I would just like to point out that this is not necessarily a problem of "not having time" as much as it's a problem of incentives. Cops are not incentivized to reduce the quantity of crime. Legislators are somewhat incentivized to reduce crime, or at least appear to be trying, but almost none of that actually trickles down to the department itself. Certainly there are plenty of honest individuals in the police force - but an insti

    • Re:Cops don't act (Score:3, Interesting)

      by bug506 (584796)
      In my experience, the cops don't act because the banks just absorb the cost of these crimes.

      I've had two bad experiences; once a box of checks were stolen out of my mailbox and used fraudulently for about $300 total, and once my credit card number was stolen and used for about $300 also. Both times the bank refunded me the money, although I still had to go through various hassles to clear my name.

      The first time there admittedly wasn't much to go on in finding who did it. The second time, the woman used
    • So your saying a wet T shirt contest in front of the precint in the summer months and a couple of kegs of beer should make my block a whole lot safer?

      Sweet.
  • Well... (Score:3, Insightful)

    by cliffy2000 (185461) on Tuesday August 12, 2003 @07:24PM (#6680853) Journal
    Something similar happened to me, when someone changed their name to exactly the name of my father, and our credit reports got mixed up. (They lived in the same town, so it was odd.) All it took was a call to the credit company to get it straightened out, but we need to call occasionally to make sure that the credit gets fixed. 'das all.
  • by Anonymous Coward on Tuesday August 12, 2003 @07:25PM (#6680857)
    1. Delete your identity. I mean, really, do you need one? Just pay with cash and work for money under the table!

    2. Steal someone elses and use it as your own. Then, if it's stolen, your real identity is still safe, and you can go steal another one.
  • by JessLeah (625838) on Tuesday August 12, 2003 @07:26PM (#6680873)
    ...because of two simple reasons:

    1) Social security numbers are being used as "unique identifying numbers" EVERYWHERE. When you've gotten someone's SS#, you're halfway to having their identity.
    2) Corporations and government agencies now operate almost exclusively on "scripts" and set patterns of behavior. In other words, there is a system to how each and every corporation or government entity does each and every thing that it does. Once you learn the system, all it takes is a little clever social engineering to pass your way through the entity's "checkpoints" (say, the question "What is your mother's maiden name?" or "What are the last four digits of your social security card?") and voila, they believe you are the person you're trying to become.
    • I was incredibly annoyed when my health insurance company printed my social security number on my health insurance card. I no longer carry that card with me. :P

      - Amit [stanford.edu]
      • I feel more comfortable having the card with me (it's a huge headache going to the emergency room without it and having to pay/submit the bills later--it happened to my partner).

        What I have done instead is to cut out my social security number from the card. It hasn't phased any of the people I've given it to at hospitals or clinics, they just ask me to give them my social so they can write it on the photocopy of the card that they make.
    • by wfberg (24378) on Tuesday August 12, 2003 @08:03PM (#6681146)
      The first problem, that SSNs are used everywhere, isn't really a security problem. SSNs aren't secret by a long stretch. To use them as passwords (as in problem 2) is just not right. The problem with SSNs being used everywhere is that it makes it trivial to combine records from different databases, which would not otherwise be easily automated. Gleaning information from databases that are combined can benefit companies, and hurt consumers.

      Your health insurance people sure would like to know if you're ordering books on amazon.com that were also ordered by people who bought "Advancing Smoker's Rights" or "100% LARD - gravy recipes for every day of the month".. If every database listed your SSN, a unique identifier, it's a hell of a lot easier than figuring out whether J.Doe at 31 Palacestreet is also John K. Doe at 31 Palacest.

      Of course, SSNs do make it easier to access information in general, so an identity thief can make life easier on himself by using your SSN to get ahold of your credit report or medical records, but that's not a failing of the SSN itself. That's just not keeping things secret.

      Mother's maiden name authentication schemes suck ass (donkey!). In general not a lot of thought is given to security, especially when everything is done on paper; it took the internet before credit cards got those numbers on the back that change when you get a new card (smartest thing ever; my CCnumber is on the invoices I get. Which also list the expiration date when the invoice is for the yearly fee.. I've not been asked for the CVC/CVV code yet..)

      It's basically a choice for convenience over security.
    • by abhisarda (638576) on Tuesday August 12, 2003 @08:11PM (#6681196) Journal
      You're right about that SSN stuff. I bank at Wells Fargo and until a few months(2-3) back, I only had the option of using my SSN instead of a username.

      I've used a key logger on my computer for ~2 years now(legal reasons). Whenever my friends visited my apartment, they would ask me to login so that they could check their email etc. I used to flatly refuse and tell them my machine had a key logger in it.

      One way to check if a machine has a keylogger is to type some stuff like "yakyak", reboot and do a search for text files containing that term.
      I had to do this a few times to convince my friends and sometimes explain what a key logger was.

      In my department, somebody had installed Half life and what not on computers running NT. It never occured to me at that time that somebody might also run keyloggers in the dept computers.
      2 reasons. One- Eventhough the admin never came down to the basement lab(mostly used by MS, Phd students), he kept meticulous logs.
      Two- I didn't think anybody was stupid enough to risk their freedom(expulsion, jail, maybe deportation) doing such stuff and again because of the logs.

      So if your at a friend's house or some public library/cybercafe, its possible that a key logger might be installed.
      So in this case you might have to "pulpify" somebody's head. :)

      Also, if your bank/credit card company offers online only statements, definitely sign up. It's saved me the headaches of keeping them safe. I can always ask my bank for previous statements if I need them.
      • One way to check if a machine has a keylogger is to type some stuff like "yakyak", reboot and do a search for text files containing that term.


        Also, look behind it for something like this [keyghost.com] but keep in mind it's also very easy to install something like that inside the case, even to the back-side of the motherboard where youn can't readily see it.

        Let's face it, if somebody wants to steal YOUR identity, it's so fucking easy there's really nothing you can do to prevent it short of living like the unabomber an
  • by Ryokos_boytoy (259245) on Tuesday August 12, 2003 @07:26PM (#6680875) Homepage
    Just do what I did ...ruin your credit and stay unemployed. I couldn't give my identity away.
    • Re:Worried? bah ... (Score:3, Informative)

      by evilpenguin (18720)
      You beat me to it. I was going to say what my secret was: Bad credit! Just like my defense against being cracked: 386SX CPUs! (and a 50MHz Sparc).

      Seriously though, the original submission raises the spectre of people crying fraud to erase their real debts. I don't know if anything has changed, but I had a checkbook stolen a little over a decade ago. When I went in to deal with it, I had to fille out an affadavit (a witnessed, sworn statement) of forgery for every single check the miscreant wrote. Su
  • by Dancin_Santa (265275) <DancinSanta@gmail.com> on Tuesday August 12, 2003 @07:27PM (#6680883) Journal
    Tin, not aluminium.
  • Easy (Score:3, Funny)

    by platypus (18156) on Tuesday August 12, 2003 @07:31PM (#6680914) Homepage
    Just steal an extra identity and use that.
  • Two men... (Score:5, Insightful)

    by hiryuu (125210) on Tuesday August 12, 2003 @07:32PM (#6680918)

    are about to be pounced upon by a man-eating tiger. One man starts to properly lace up and tighten his running shoes. The second one looks at him and says, "Do you think you can outrun a tiger?"

    The first man replies, "I don't have to outrun the tiger - I just have to outrun you."

    You're taking all the right steps to protect yourself - short of becoming an unperson, you can't become totally secure. People who resort to breaking the law to get what they want, as a general rule, are not interested in working any harder than necessary. Make sure that stealing your identity is quite a bit tougher than that of the guy next door, and let diminishing returns work for you.

  • by mr.henry (618818) * on Tuesday August 12, 2003 @07:32PM (#6680921) Journal
    I've been thinking about investing in a good one. One interesting piece of trivia I found is that Oliver North used an Intimus [intimus.com] 007 to shred the Iran-Contra stuff back in 1987. The current incarnation of this model appears to be the Intimus 0077 SX [intimus.com]. This thing cuts pieces down to 1/32" x 1/2". A quick search on Froogle [froogle.com] says it goes for around $4500!!

    They make some much cheaper models ($200-300), but the Olie model would be pretty cool to have.

    • You can actually justify $4500 for a personal shredder?

      I just keep all my personal stuff for a year, then burn it during the annual camping trip.
  • by Theodore Logan (139352) on Tuesday August 12, 2003 @07:33PM (#6680931)
    Is there anything else I should be doing?

    Consider getting one of these [c2.com].
    • At second thought, perhaps that was uncalled for, given that ID theft really is a serious problem. However, like several posters have already suggested, it does seem like you're overreacting. Shredding documents in particular is probably completely unnecessary. The likelyhood of someone actually going through your trash to find documents to use for ID theft is so low as to be neglectable.

      The 750K figure and others mentioned in the Washington Post link probably includes people merely "taking" the identity b
      • Re:Countermeasures (Score:4, Informative)

        by H1r0Pr0tag0n1st (449433) on Tuesday August 12, 2003 @08:05PM (#6681158)
        Shredding documents in particular is probably completely unnecessary

        One of my best friends is a Secret Service agent. If you heard the stories he tells, you would not say this.

        how about an example? On one fraud case he was on when they busted into the criminals house, they found piles of Checks, Credit card and utility statements. Most smelling of trash. They had conned over 200K using this information. If you think that just because the crooks were caught, it was skippy fun time for the victims you are quite wrong. Regardless of the circumstances one victim was evicted from their house, because of a bounced rent check (the thieves took the money) and then had a very hard time finding another place because of the damage the crooks had done to their credit report.
        If I were you I would get a LOT more paranoid. On second thought don't. That way I only have to outrun you....(see above)

  • by pshuman (68722)

    Do not use your social security number for anything other than taxes and social security. Once someone has your name and SSN, they can sign up for credit cards in your name.

    Health insurance, higher education organizations, etc. love using SSN because it is unique. These organizations can not require you to give your SSN.

    When signing up for new service, write Please assign number in the SSN box. Most places I have done this with are happy to comply. If you already have accounts with your SSN as your id,

  • Is just under 1/3% based on 2000 census data [census.gov]

    Based on your current practices I calculate that you are more likely to be eaten by a grue than to have your ID stolen.

    -Peter
    • Re:750k (Score:2, Funny)

      by seraph93 (560551)
      Based on your current practices I calculate that you are more likely to be eaten by a grue than to have your ID stolen.

      So is preventing identity theft just a matter of keeping a lantern handy at all times?

      "It is pitch black. You are likely to have your identity stolen."
  • Do like I do, don't use my real identity. If someone starts using one of my identities, I stop using it, and continue with another one.

    Just kidding. But some people do this..

  • Credit reports (Score:5, Informative)

    by jerrytcow (66962) on Tuesday August 12, 2003 @07:37PM (#6680964) Homepage
    If you live in one of the following states you are entitled to one free credit report/year:
    Colorado, Georgia, Massachusetts, Maryland, New Jersey, Vermont.

    As far as getting one when you are denied credit, all it really takes is an inquiry. The credit agency doesn't know if the credit card, loan office, etc. approved or denied you. So if you've applied for anything recently you can call up and get a free report.

    Call these numbers and follow the prompts for having been denied credit:

    Experian 800.353.0809

    Equifax 888.567.8688

    TransUnion 800.680.7293

    • by nuggz (69912) on Tuesday August 12, 2003 @08:09PM (#6681187) Homepage
      Credit reports are free in Canada. (if you mail/fax in) Online reporting costs.

      Why not suggest they make them free in the US?

      It really is in the your, the credit bureaus and the creditors best interest to have accurate information.

      The smarter identity theifs actually pay the minimum payment to keep sucking money without alerting you.

      BTW my favourite financial advice site is fool.com. They have many intelligent and well written articles that give guidance on these topics.

  • by Raul654 (453029) on Tuesday August 12, 2003 @07:40PM (#6680983) Homepage
    Common sense. Use it.

    Just this week, I was registering to take the FE exam (for engineering certification) in October. DAPE [dape.org] (who adminsters the test) then sends you a packet including a pre-addressed card that has to be sent in immediately (You've already sent them all this information. I don't understand why they want it all again) You put your information on it and mail it back to them. They actually want people to put their SSN on the card (no envelope) and mail it back. I sent it back to them (in an envelope, of course) with a little sticky-note telling them that I didnt think it was wise sending my SSN in plain sight through the mail.
  • by ad0gg (594412) on Tuesday August 12, 2003 @07:41PM (#6680996)
    I love how the credit agencies are fear mongering so they can sell their credit alert services. If they were really concerned about indentity theft they would allow us free acess to check our reports. Instead of making us spend $65 a year to notify us about credit changes. And BTW that $65 is for one credit agency there's two others as well. Such a scam.
  • by 1010011010 (53039) on Tuesday August 12, 2003 @07:41PM (#6681000) Homepage
    The number is actually 1-888-5-OPT-OUT. It changed recently, according to the recorded message.

    You have the option of getting "off the lists" for 2 years, or forever. You also have the option of getting back on the lists -- why you'd want to, I don't know.
  • by cjsnell (5825) on Tuesday August 12, 2003 @07:44PM (#6681014) Journal
    This aggrivates me to no end. The US Army requires its soldiers to put their SSNs on almost every official peice of paperwork relating to them. Home addresses are only a 201 file away. I'm pretty sure that identity theft is rampant in the US military. Officers and high-ranking NCOs are probably even more vulnerable because of their higher salaries. I wish we would abandon SSNs for a military-only serial number.
  • Two good tips... (Score:2, Interesting)

    by idgrad (137342)
    I have two good tips for people- I recently had to get a rather large line of credit, and had a few tips from the banker:

    1) Have all your cheques, and credit cards just use your first and middle inital, and of course your full last name. That way, if someone is trying to forge your signiture, (at least for cheques) they have no idea how you sign your name, ie do you include the intials ect...

    2) Use a strange name/password on all your bank accounts instead of your mothers maiden name. With all the info a
  • by rowanxmas (569908) on Tuesday August 12, 2003 @07:47PM (#6681048)
    So, if you have had the "fun" of dealing with credit in the USA lately you may have learned a few things:
    1. You are FUCKED if something happens to you, like your old wireless company charging you after you've ended your contract and then not contacting you, then reporting you, then having them not contact you, then finding out when you try to get a loan.
    2. It takes SEVEN years for a collection that you paid for to go off your record
    3. The only way to have good credit is to be in DEBT!!! Nevermind that you made it through college, and several years after with no debt, and no credit cards, since you shouldn't really need them.
    4. The credit reporting agencies seem to operate with no oversite, and there is no way to actaully contact a person at them.
    5. It is BULLSHIT that you have to PAY for your own credit report!! This has become a critical part of getting stuff ( i.e. fun new toys ), and it does NOT cost them $10 to send me an e-mail.

    If you are like me and really pissed off, and have some good advice on legislation that can be supported to change all this, please post it below.
    • The only way to have good credit is to be in DEBT!!! Nevermind that you made it through college, and several years after with no debt, and no credit cards, since you shouldn't really need them.

      I have a minor quibble with this statement -- having/using credit cards is not the same as being "in debt". It is pefectly easy to help your credit by using a credit card in an intelligent manner: simply pay it off at the end of the month. It mystifies me that many people are afraid of going into debt if they use

  • Ready just now? (Score:3, Informative)

    by Coventry (3779) on Tuesday August 12, 2003 @07:48PM (#6681053) Journal
    I'm willing to take steps now to increase my security at the cost of convenience.
    (emphasis mine)

    Not to rain on your parade or anything, but from the trouble you've taken (different passwords everywhere, spending money on periodic credit reports, premptive fraud alarms attached to your credit that will make applying for any sort of acredit a Pain for you) you already ARE at the point where you've given up a lot of convienence.

    That being said, the one thing I've done that is 'inconvienent' is I don't sign my credit cards. Now, I don't mean I leave them blank - thats asking to get ripped off (anyone who steals the card can sign your name) - I put 'SEE ID' in the signature area. Mind you, a few places don't even bother to check the sig area, so you're still SOL if someone steals your card and uses it at a lax restraunt or gas station, but having the guy behind the counter ask to see a photo ID every time I buy something expensive feels like a good tradeoff to me.

    Of course, someone could always make a fake ID with their photo and my name on it, but thats a lot of effort, and frankly, I'm not That paranoid. I have fraud insurance on all of my accounts, and have very clean credit. If I loose a card at an ATM (by forgetting it), or loose a imprinted recipt, I call the card company immediatly. Having a track record of getting new cards whenever something like that happens does wonders when there is something questionable on your statement and you call about it.
    Along that vein, a friend of mine recommends reporting your card lost once or twice a year, just to get new cards with different numbers.

    Then again, that friend is a little bit more paranoid then I am... He's about as paranoid as you are...
    Hey, wait a second, you're name isn't Bryan is it?
    • Re:Ready just now? (Score:4, Informative)

      by macdaddy (38372) on Tuesday August 12, 2003 @10:41PM (#6682033) Homepage Journal
      I do this. In fact this is highly recommended by a federal agency that I can't recall at the moment. Consumer something. I don't really care what people say about it invalidating your card. That's BS as far as I'm concerned (and yes I know what Visa and MC say and I don't care).

      I had a funny experience with this once. I bought a whole cart-load of stuff at a local Wal-Mart a couple years ago. The checkout girl ran it all through and I then gave her my Visa Check Card (before they had the card readers for the customers installed). The girl ran it through the card reader and had me sign the receipt. Then she compared my signature to the one on the back of the card. Well, on the back of my card I wrote "SEE PHOTO ID" in big bold letters that covered the full strip. This girl was foreign, Chinese I believe. She told me in very broken English that the "signatures" didn't match. Well duh. I tried explaining it to her for a good 2-3 minutes. She got louder. I got louder. She just couldn't get it through her head what "SEE PHOTO ID" meant. Finally our arguement attracted a manager. He asked her what the problem was to which she replied what she'd been saying for 2-3 minutes: "They don't match." I told the guy that he had 5 seconds to complete the sale or I was finished with the store. Remember not that I had a heaping-full cart load of stuff (large Wal-Mart with a grocery store inside). He took the receipt from the girl, handed me my copy, and that was that.

      I still think writing "SEE PHOTO ID" on the backs of my cards is the best thing to do. I have NEVER had a single person compare the signature to the signature I just wrote. If anyone ever had they would see that they DO NOT MATCH. Not even close. I write very quickly most of the time and my signature is usually illegible and never the same twice. I do have people look at my face after looking at my photo ID about 80% of the time though. I feel it is by far a better solution overall. The best solution would be to use a card that has your photo on the card itself.

    • by geekotourist (80163) on Wednesday August 13, 2003 @12:20AM (#6682696) Journal
      It would do about as much good, given how rarely they read the signature or compare it to the slip. With your SEE ID, how often has anyone asked for it? I agree with the other respondents- you should still have a signature. IDs are easy to fake.

      Read this account of how far you'd have to go to get them to reject a signature [zug.com] (answer: extremely far).

      • My favorite is the machines with digital signatures that the clerk never even sees. I always sign with a false name when I see these things, just to underscore the absurdity of it.

        Unless they think I really am Chuck D. I'm sure he often mascarades as a nerdy suburban white boy in a button down. I guess you'd call this "Security of the First World." Hope it doesn't make me a Public Enemy.
    • "Hey, wait a second, you're name isn't Bryan is it?"

      No, his name is now composed of unprintable ASCII characters that can't be stored in databases, and his middle-name is the Equifax end-of-record separator followed by two nulls.

  • by sevensharpnine (231974) on Tuesday August 12, 2003 @07:49PM (#6681059)
    It's important to remember that even though identity thieves are among the lowest of criminals, they aren't necessarily stupid. It's a common tactic for thieves to prey upon those who offer the greatest "return" on the investment of the thieves' time. Those most at risk are likely to have a number of common factors: high-limit or even limitless credit cards, excellent credit ratings, a complex network of high-balance accounts in various banks, a significant amount of money in savings and investments, etc. In order to best protect yourself and your loved ones, I recommend that you minimize your profile to the would-be thieves. There are a number of simple steps you can take to ensure your safety. For example:

    * Do you have student loans? If so, consider letting the payments slip a little. Nobody wants an identity that can't take out student loans!

    * Keeping up on your car payments? Stop. Thieves are less likely to steal the identity of someone who is being harassed by a repo man. As an added bonus, your chances of being victim to auto-theft just decreased significantly!

    * Do you have a mortgage? Possibly, but I doubt you have enough of them! No thief wants to inherit the wrath of a bank trying to track down three mortgages' worth of money!

    * How are your long-term investments? CD's? Mutual funds? Privately-managed portfolio? It doesn't matter; all of these glitter to the eyes of a veteran identity thief. You are much safer holding your money in an interest-free highly-liquid invesment account (coffee can). By reducing your apparent (and real) wealth, you become a much less desirable target.

    * Employed? Then why not just toss your credit cards out the window? Nothing says "bullseye" like reliable employment. And consider this: when's the last time your heard someone in the unemployment line complain about identity theft. Never? Nobody likes to go through the effort of stealing an identity only to be rewarded with food stamps and meager checks.

    In the end, identity theft will remain a significant problem in America--but only to those unlucky enough to ignore the above advice. The intelligent self-accountant will even find some more creative ways to be less attractive to thieves; consider child-support payments, court-ordered deportation, and terrorist sponsorship as well! Your safety in these trying times is only limited by your imagination.
  • When? Now. (Score:3, Interesting)

    by siskbc (598067) on Tuesday August 12, 2003 @07:49PM (#6681065) Homepage
    From Article: "and I'm wondering when credit-abusers will start crying 'fraud' just to get out of debt... making things even harder for the true victims."

    Already. My wife sells telecom equipment for a major vendor, and they've had one guy try it. He bought something, and wanted to return it, but knew their policy wouldn't allow it. Instead, he claimed he never placed the order, that it was someone else stealing his card. Nice, huh?

  • Most of the shredded document recovery things that exist work on the principle of long strips of shredded documents. You can get better ones that do cross cutting and essentially turn your shredded documents into confetti. Or hell, go to Home Depot and get an industrial grade garbage disponsal. Dump all your documents into one of those bad boys and nobody will ever reconstruct them.

    Or you can do what my old workplace did, any shredded documents were thrown away in cycles so you never have all of a docume
  • I've recently done some security work for a large collection agency. I asked him what they do when they get someone on the line who is the victim of Identity theft? He stated that they [the debtors] all say that they're innocent victims of identity theft, its become the excuse du jour. Therefore they treat each collection as though its a legitamate debt and that *you* are the legitamate debtor.

    Once you've been a victim, the onus is on you to clear it up. The dificulty is that once 'Joe Sixpack' discover

  • (Well, I'm 19, so read the above: about 6 years ago) I was hanging out with some of my young and stupid "friends" in a mall, and some lady had left her obviously expensive looking Visa card on the counter at an expensive store. Don't do this. (The lady had apparently cancelled it before it was of any use to the perpetrator, who tried to use it to dial 900 numbers of his liking).

    While I wasn't the one who picked it up, I've still never mentioned this account to anybody. It's really easy to lose your credit
  • by hugesmile (587771) on Tuesday August 12, 2003 @07:55PM (#6681106)
    If you are required to provide a social security number for some purpose, consider using 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it.

    See this page [cpsr.org].
    • Bullshit! (Score:5, Funny)

      by Anonymous Coward on Tuesday August 12, 2003 @08:59PM (#6681460)
      Why just the other day I was shopping and tried to use that exact same number! The clerk said that he thought it was a fake number, and that he heard it was passed around in wallets back during the 40's and 50's. Of course I had to weasel out of this. I explained to him that I felt giving me SS number was too much and I was worried about privacy issues. He then said I didn't need to worry since the free market would ensure companies would work hard to keep my info secret. I asked how, and he went on about the negative publicity a corp could receive if it was found out to be leaking personal info. Therefore, since they wanted my business, it was in their best interest to safeguard my data. I retorted with the fact that since so many computer crimes go unreported, his theory doesn't hold true for all situations. I said that until laws like the one passed recently in California go into effect nationwide, we all have to be careful with our data. The clerk responded that the free market would, in time, iron itself out and end up with a situation in which our data is safe. He went on to tell me he didn't believe in the protectionist role of government. I argued that the government wouldn't be protectionist, it would simply be enforcing the will of the people and not simply acting in their best interests. He was still leery of this proposition and said he was more comfortable with a system that didn't overburden corporations with unnecessary legislation. We finally agreed that this was primarily a wait-and-see issue, and laws or lack thereof would have to be determined at a future point when e-commerce and such had fully spread. Eventually I did get my Big Mac and fries from him, even though I disagree with him on principle.
    • by hugesmile (587771) on Tuesday August 12, 2003 @09:02PM (#6681483)
      Here are some more articles about the infamous number: Social Security Administration [ssa.gov], Snopes Urban Legends (True Story) [snopes.com], Wikipedia (whole list of invalidated numbers) [wikipedia.org]. Interesting stuff for a Karma whore like me! :)
  • by adrianbaugh (696007) on Tuesday August 12, 2003 @08:06PM (#6681162) Homepage Journal
    First things first, get your fingerprints removed. A good big bucket of nitric acid should do the trick. Next up: those pesky iris patterns. I recommend you gouge out your eyeballs with a spoon and use the sockets to mount a pair of webcams. There was a story on slashdot a while back about a neural interface for these puppies. Remember, if you don't have eyeballs they can't steal your iris patterns! So far, so good. The next problem is your DNA. The bad news is, this is a cinch to steal and there isn't much you can do about it short of going round in a giant body condom for the rest of your life. The good news is, it's quite hard to use. However, before the time when ATMs authenticate you by taking a cheek cell sample I recommend you look into the latest in DNA resequencing technology and splice in a good long GPG public key somewhere. You'll have to memorize the secret key, all 4096 bits of it, and then wear a metal Faraday cage round your skull to prevent people reading it right out of your brain. -- There's a bunch of loonies in here. Loonies, I tell you!
  • by The Famous Druid (89404) on Tuesday August 12, 2003 @08:09PM (#6681186)
    Fake identity (either fabricated or stolen) is more common than most people think.

    I don't have the figures to hand, but here in Australia, there are several million more tax file numbers (the equivalent to Socian Security Numbers in the USA, or NI numbers in the UK) than the census would lead you to expect. The 'extra' tax files are basically criminals laundering money, various tax frauds (the second job in a false name to avoid tax) etc.

    Trust me, you don't want to have your identity stolen.

    A USAian friend some years ago had no end of trouble with the taxman there. She lived in NY, someone in Montana was working in a gas station under her SSN. Guess who got the tax bill?

    The IR seemed to believe she was commuting most of the way across the USA for a part time job at minimum wage, and were very persistent in chasing her for the money. Every attempt to reason with them was met with "but our records show..."

    Now imagine that the identity thief is not some redneck low-life, but a cocaine smuggler, international terrorist, serial killer ......

  • by rjamestaylor (117847) <rjamestaylor@gmail.com> on Tuesday August 12, 2003 @08:17PM (#6681224) Homepage Journal
    I have a very common name: Robert James Taylor. Look in your white Pages and you'll find me (I'm stalking you ;). Anyway, this fact has led to a number of strange "mistakes."

    I moved to the Northwest a few years ago and was denied a driver's license due to "a suspended license for DUI in New Jersey." I'm from Texas. Some bloke in New Jersey with my exact name AND BIRTHDATE got his license suspended in New Jersey. Database matched me to his record and I was denied. So, thinking aloud, I told the clerk/officer that I am from TX and had never lived in NJ, never visited NJ, never flew over NJ nor had been to a neighboring state of NJ (*not completely true - I did visit Binghampton, NY once*). Then I asked a question: did his SSN match mine? "No." *WHEW* I got my license. Strange that my identity was proven by a number specifically bared from becoming an identification number (until the 1970's).

    One other story...I went to open a checking account when I moved to CA. I was denied and the reason given is that I had used a fraudulent SSN#. Huh? I asked to see the report from their system and saw that, according to their check of Social Security Admin records my stated SSN was issued BEFORE I was born. I asked to see the date that their system said the number was assigned. Let's say I was born March 12, 1968 (I wasn't). The SSA's record for my SSN had Mar 0, 1968 as the assignment date. March ZERO? Turns out until sometime after the 1960's the day of issuance was not recorded. Unfortunately three things converged:

    • SSA didn't record the day of issuance
    • My dad, being a CPA specializing in Tax, signed me up for a SSN within days of my birth
    • Bank of America's DBAs decided that Null fields in the Day of issuance were Zeroes and, ergo, my birthdate 19680312 was after the interpolated issue date 19680300
    So, I had to traipse down to the SSN office and get a signed document validating my identity. *Sheesh*
  • Weird timing... (Score:5, Interesting)

    by kasparov (105041) * on Tuesday August 12, 2003 @08:21PM (#6681245)
    It's not identity theft, but just today I got a call from the title company that is handling the closing on the sale of my house, and lo and behold there are three judgements attatched to my house. Apparently there is another couple with my exact name and my ex-wifes middle name. Apparently they don't pay their rent or the judgements against them. Unfortunately, the attorney's for the plaintiffs against them (on three separate occasions unbeknownst to me) did a simple name lookup and found property with a name similar to the deadbeats and said, "Hey, when they sell their house... give the money to us!" I spoke to the courthouse, and they had no idea how I should go about fixing it. Now, I have to pay for an attorney to get everything cleared up... for the county's mistake! Infuriating.
  • by Ranger (1783) on Tuesday August 12, 2003 @08:21PM (#6681250) Homepage
    In order for me to help you. I will need your full name, ssn, date of birth, and a major credit card.
  • by Katravax (21568) on Tuesday August 12, 2003 @08:22PM (#6681251)
    I am a victim of identity theft, and it is hell dealing with the fallout of it. Someone opened store credit accounts in my name, ran up huge charges, and never paid them. It doesn't take an AFDB to be worried about this. It happens, and it's not easy to fix.

    I have been round and round with the companies that were scammed with my identity. I am just now learning how to make sure my credit reports are annotated that the bad accounts are from identity theft. The bad info stays on the accounts, which as far as scoring goes, is just as bad if they weren't annotated.

    The difficult part in dealing with this is you can't prove a negative. The companies love to say "prove you didn't open the account." There is no protection for this, and plans I've had for home ownership are ruined, at least for the past couple years, thanks to identity theft.

    To those of you saying the poster needs an AFDB, think about what you'd do if you found false information, using your SSN, on your credit report tomorrow. That is what has happened to me.
  • by rogerborn (236155) on Tuesday August 12, 2003 @08:32PM (#6681310)
    I personally spent all my time over the past few years never paying bills on time, but at the very last minute. I especially did not pay any credit debts I had, but kept the merchandise and settled for a small payment with the credit company who loaned me the money for buying the items in the first place.

    This all gave me an excellent (unusable to anyone) credit rating. In fact it is so good that now no one will loan me money. I cannot even buy a house or a car on credit.

    You cannot imagine the peace of mind this gives me as no one will ever steal my credit identity for any reason. On top of all this, my present credit situation has saved me hundreds of thousands of dollars in credit interest over the past few years which I would have been paying had I still had good credit. It has allowed me to buy everything with cash, saving up for those things I really need. A small side effect of this is that impulse purchases, like that new sports car I really want, but which I do not need, are effectively impossible with my current credit standing. What a blessing!

    I did not start out to do all this, but having gotten cancer and being unable to work for a few years has helped me tremendously to achieve my current credit status.

    =)

    Roger "Dodger" Born
    writing.bonrgraphics.com
  • USE CASH! (Score:5, Insightful)

    by Kernel Kurtz (182424) on Tuesday August 12, 2003 @08:34PM (#6681320) Homepage
    Other than for big ticket items like a mortgage or a car loan, don't use credit or debit cards unless you absolutely have to (ie for emergencies).

    You may think the cashless society is more convenient (and in many ways it is unless you are in line behind ten people collecting airmiles and using their debit cards - if they could just pick the right account or PIN....), but the cashless society also makes tracking all your habits much easier for the IRS, the FBI, CIA, DARPA, or any other acronym you choose. Why make it too easy for them.

    Use cash (and the barter system is always good too, wherever possible), and give out as little personal information in any given transaction as you can. this helps to protect you not just from ID thieves, but from unwanted corporate data-mining or government intrusion as well.

    A thriving black market is a neccesary check against unlimited government control.
  • by wfberg (24378) on Tuesday August 12, 2003 @08:36PM (#6681333)
    Identify; to establish the identity - e.g. ask a user name (c.f. anonymous ftp).

    Authenticate; checking the proofs of identification are legit, e.g. check that photo ID isn't a fake, check credentials w/ password.

    Authorization; making sure this schmo you identified and whos id you authenticated is actually allowed to do what he's doing, e.g. permissions.

    Auditing; keeping records, i.e. logging.
    Non-repudiation; making sure some one can't claim "it wasn't me", e.g. videotaping ATM users. (Cryptographic non-repudiation often depends on keeping a secret, such as a secret key. Not a good assumption; "it was my 0wnx0r!")

    Confidentiality; keeping secrets, i.e. don't give out private information.

    Integrity; making sure stuff isn't changed (if it is changed, make sure it's audited)

    Accesibility; make sure legit users can actually use their stuff.

    Identity theft wouldn't be such a big problem if corporations and branches of government would authenticate properly. People's dogs are getting pre-approved credit card spam! If you know someone's momma's maiden name, banks will roll over and give you the key to the vault. Sure, they've got tons of money spent on all the other security features (except auditing of course. and integrity/accesibility, disaster data recovery people gotta make a buck to) but it doesn't help if you think someone's mom's maiden name is a secret!

    About the author Walther fon Bernstien is a 31 year old technical writer from Houston, TX. He lives a quiet life writing from the historical "McDuff's Castle" building on 33nd Elm Street, left to him in 1989 by his mother, an accomplished pianist who performed under her maiden name Mary Jane Smythe. His interests include golfing at the Nine Yards Club, his dogs Whisky and Brandy, and numerology; he beliefs it's no coincidence that his social security number is 696969, while both his VISA and Mastercard creditcards have 6969 as the last 4 digits as well! Send him a card on his birthday, the 9th of June!
  • by macemoneta (154740) on Tuesday August 12, 2003 @08:56PM (#6681436) Homepage
    Seriously. Hunt them down, and kill them. If they are going to ruin your life, you might as well have some fun with their entrails.

    After a couple of us crazies "settle accounts", I think you'll have a hard time finding someone willing to commit identity theft again.
  • by John Hasler (414242) on Tuesday August 12, 2003 @09:07PM (#6681527) Homepage
    > The situation looks like it's going to get much
    > worse, and I'm willing to take steps now to
    > increase my security at the cost of convenience.
    > Suggestions?

    Try being poor. Works for me.
  • by Darth_brooks (180756) <clipper377@gm a i l . c om> on Tuesday August 12, 2003 @09:34PM (#6681692) Homepage
    Go talk to a car dealer. Act interested in a car and have them run a credit report. They'll show you the results, and generally let you keep them. Since you don't care about the results unless your score has dropped 400 points in three months, you're just there for the fun of it. Plus you get to act like you've got money.
  • by phalanx (94532) on Tuesday August 12, 2003 @10:46PM (#6682050)
    The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your check book they will not know if you sign your checks with just your initials or your first name but your bank will know how you sign your checks.

    When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.

    Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box use your work address.

    Never have your SS# printed on your checks (DUH!) -- you can add it if it is necessary. But if you have it printed, anyone can get it.

    Place the contents of your wallet on a photocopy machine, do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel.

    Keep the photocopy in a safe place. Also, carry a photocopy of your passport when you travel either here or abroad.

    Here's some critical information to limit the damage in case this happens to you or someone you know:

    We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them easily.

    File a police report immediately in the jurisdiction where it was stolen, this proves to credit providers you were diligent, and is a first step toward an investigation (if there ever is one).

    But here's what is perhaps most important:
    Call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit knows your information was stolen and they have to contact you by phone to authorize new credit.

    The numbers are:

    Equifax: 1-800-525-6285
    Experian (formerly TRW): 1-888-397-3742
    Trans Union: 1-800-680-7289
    Social Security Administration (fraud line): 1-800-269-0271
  • My experience (Score:4, Interesting)

    by jroysdon (201893) on Wednesday August 13, 2003 @12:23AM (#6682714) Homepage
    I moved 3 years ago and had the druggie who moved in after me at my former address open a credit card with my bank in my name (not too hard, I was born, married, and bought a house in this state). I didn't find out until 6 months later, since they'd never gotten payment (it was opened with the old address and for whatever reason no bills were ever forwarded to me). I got a call at work, from the bank, wondering why I wasn't paying on my credit card. "What credit card, I only have an ATM/Debit card with you?" Found it he'd opened it 2 weeks after I moved, don't know how he got all the info. He tested it for a fill-up at the gas station right down the street, then went to SF and filled up one more time, then bought a $1000 digital camera, and never used the card again.

    I took the rest of the day off to get things taken care of (file a police report, call all the places I had major accounts with, write them letters, etc.). Basically nothing came of it, it was marked fraud and removed from my credit report (but would have caused me problems if I'd not known about it and had been trying to buy a car or a house, fortunately I'd already bought both).

    Since then I've had another credit card used fraudulently. It's a card I use exclusively for online purchases, nothing else. I was happening to check the balance and saw 3 charges the day before, two in England and one in France - two were expensive travel cruises and one was for a couple hundred dollars worth of sports gear from an online store (all of it booked online). I called my credit card company and told them I had no clue what the purchases were. They put a freeze on the account and none of the transactions went through (even though I'd not have been liable anyway), but that was just dumb luck.

    What I really like about that credit card company (MBNA) is that they new offer a feature called "Shop Safe." It allows you to set a maximum amount for a purchase and an expiration date, and then generates a temporary credit card number. I love this idea and I cannot understand why more companies don't do it.

    I really think credit card companies should allow you to specify that you won't allow the card to be used for online purchases. I've got 3 cards with photos on them, and that's how I'd have those set: no purchases that are not in person (ban both online and phone purchases). For those purchases I'll generate a random number thru MBNA with a cap set.

    Even that wouldn't stop the places that don't have humans handling the cards (gas pumps, self-checkouts at Home Depot, etc.,) and even places with humans aren't helpful (restraunts never ask for ID even with it written on the signature strip, and some places with the VISA/ATM stand out for the customer to swipe it themselves).

    My brother was recently doing credit checks and compiled the following info for those that wish to (if you're denied a job or credit, you're elibable to free report):
    credit report info [artoo.net].
  • by dr00g911 (531736) on Wednesday August 13, 2003 @01:23AM (#6682981)
    I've been the victim of identity theft, myself.

    In my case, it was an employee of the credit union which I used to bank at. They ordered a duplicate ATM card in my name, and picked it up from my mailbox while I was at work (about five years ago).

    While they had the card, they would place fake deposits (empty envelopes) in affiliated credit union ATMs (all CUs in this area share ATM facilities) -- giving as much credit as the 'deposit' was listed as having available for withdrawal immediately -- and the credit union would be none the wiser for almost a week until the deposit slip made it into their hands.

    I actually noticed what had happened before the credit union did. I noticed that my available balance was WAY higher than it should have been, but my daily withdrawal limit had been reached.

    It took several months, a police report, several meetings with the bank and an indefinite fraud alert on all my credit reports to clear things up. The police began working with the bank. The bank gave me some clues to the effect that they believed it was an internal job -- but I was never able to find out the results of the investigation.

    All that said, I make it policy to:

    1. Only have vital mail shipped to a *secure* location. This means a locked mailbox, a P.O. box, or at the very least mailed to your work address, where you routinely are during delivery hours.

    2. Bitch and moan until I'm blue in the face if I'm anywhere that prints the full number on credit card receipts. If you complain loud enough, even the corner Starbucks will make a call to their merchant account provider and have their unit reprogrammed.

    3. I flat-out refuse to give out my Social to anyone, save employers or the government. No-brainer here. Potentially messy when renting an apartment, however.

    4. I refuse to allow my ID card to be swiped for verification purposes (my state has a magstrip on licenses with all sorts of personal data), and I also refuse to give out any personal information to sales clerks.

    They'll complain like hell at Radio Shack or the local liquor store ('I'm sorry, those are the rules') -- but after they start losing sales because you refuse to comply, they'll soften their corporate stance considerably.

    5. I *read* all my bank and card statements, and I know within $10 or so how much I have available in every account. If things look weird, I investigate.

    The short of it: identity theft, however big or small can happen to anyone. My practice is to apply some common sense to minimize my exposure -- but, let's face it -- it's easier for a disgruntled waiter to copy down your credit card number than for someone to outright steal your identity.

    Be smart. You patch your systems religiously (if you don't and you're on /. you really need to work on your reading comprehension skills). Apply some of that same caution to your identity and personal accounts.

    Sacrifice a little convenience (paying cash for dinner) for a little piece of mind, but don't go too overboard. Just be AWARE.

  • by EmagGeek (574360) <gterich@aoMONETl.com minus painter> on Wednesday August 13, 2003 @05:51AM (#6683865) Journal
    I had my identity stolen in 1995 which resulted in financial catastrophe for me in 1996. Back then, identity theft was a more or less unknown crime and people affected didn't exactly have a willing ear on the other side of the phone.

    They finally did catch the person who had found a college transcript in the trash at the Administration building where I was going to college. The school had thrown out a whole bin full of transcripts that didn't print out correctly, but still had social security numbers on them.

    The person who stole my identity ran up almost $30,000 in credit card debt, bought two cars, and left me holding the bag. They had changed my address so I wouldn't get the bills, so it was 6 weeks or so before I started calling to find out what was going on. A week of investigating turned up all of these accounts, but it was too late. Even with an open case, the lenders were still unwilling to take the hit and instead put all of the accounts into collections. The credit bureaus were similarly unwilling to listen, and I sat for nearly 7 years (ending this November) with bad credit items that were not mine.

    So, here's what I did to protect my identity ex post facto:

    1) ALWAYS choose one of the following options:
    a) Elect to receive online statements INSTEAD of paper
    b) Buy a really good cross shredder that has a split bin, so any given piece of paper ends up split between two different trash bags.

    It is always better not to have important identity-related documents mailed to your home. A PO box is much better.

    2) NEVER carry your social security card or use your social security number for anything other than the administration of your social security account. It is actually against the law to use the SS# for any purpose other than to maintian your SS account. Get a TIN number instead.

    3) NEVER allow the state to use your social security number for your drivers' license. Since it also has your address and birthday, it's like carrying Carte Blanc for an identity thief

    4) Have checking accounts at more than one bank and split your paycheck direct deposit between the two. This isn't so much to protect your identity, but more to have a backup in case one of your accounts is compromised. (I actually have three)

    5) Never ever ever ever ever give your account information to ANYONE, EVER. If you're filling out an application on paper for a loan, just write "SEE CREDIT REPORT." There is absolutely no reason for anyone to ask you to write down your account information when you're applying for a loan. Remember, anything that you put on a piece of paper that is not under your complete control is ammunition against you. In general, you should never be filling out paper applications for credit anymore.

    6) Get a Sharpie and write "CHECK ID" in the signature panel AND ACROSS THE FRONT of all of your credit cards. This is obvious. Cards with your photo are a neat option, but are usually ignored. Here's the important part: if someone does NOT ask for ID, get their manager and make a HUGE stink about it. Hold up the checkout line while you ream him/her out for 10 minutes about identity and credit card theft. Teach them a lesson about paying attention.

    7) Demand that your creditors ask for a password or PIN from anyone who calls customer service. If they will not, close the account and find a lender who will. They do exist.

    8) Get Steganos Security Suite (Windows) or use an encrypted filesystem (Linux) if you use your PC to maintain your financial records. Of course, linux is the better solution, but hey, not everyone runs it.

    9) This is a new one, but in some places, the credit bureaus allow you to put a "HOLD" on your credit report. This causes the bureau to require your direct intervention to allow your report to be released to a lender. This is expensive ($40 for the hold, and $30 for each release, I think), but worth it if you are at risk of identity theft.

    Now, I know the Security Weenie section of the Slashd
  • by maiden_taiwan (516943) on Wednesday August 13, 2003 @10:15AM (#6685345)
    Just steal someone else's identity first. Then an identity thief who targets you will get the wrong one.
  • Don't carry your SSN (Score:3, Interesting)

    by Aidtopia (667351) on Wednesday August 13, 2003 @11:22AM (#6686063) Homepage Journal

    Tip: Don't carry your Social Security number in your wallet. If your wallet is lost or stolen, the thief would have everything needed for any credit application, since your name, address, and birthday are on your driver's license.

    Note that most health insurance companies put your SSN on your health insurance cards. If you're paranoid that you'll end up in the emergency room and they won't treat you because they can't find your insurance card, then make up a card with the carrier's name, the policy number, and a list of phone numbers of emergency contacts.

    I won't bore you with the saga of my friend who had her identity stolen. It would sound like an urban legend. The theft not only resulted in horrible damage to her credit report (that lasted for seven years), but trouble with the law (because the theives bought a car that was used for drug running under her name) and hassles from the IRS (because her SSN was sold to others who were employed with her name and SSN, making it look like my friend had not reported income). All of this happened because of a purse-snatching.

The universe does not have laws -- it has habits, and habits can be broken.

Working...