Twitter account @NeedADebitCard collects pictures of debit and credit cards that people post to Twitter. Seriously? I’m guessing these people aren’t on top of their Facebook privacy settings, either, which makes them sitting ducks for identity thieves.
People, don’t be stupid. If you have to take pictures of your debit and credit cards, put them in the same place you keep your sex tapes.
Debt collection agency knew WAY more than it should have about hospital patients’ medical conditions: bit.ly/w4JF6X
— Kashmir Hill (@kashhill) January 20, 2012
According to Felix Salmon, Mint.com, the popular personal finance website, may be benefiting from playing outside the regulatory rules that govern banks. At a Banking 2.0 panel at SXSW, Mint’s Aaron Patzer explained why:
For instance, he said, he can see pretty much in real time how much money his huge database of customers is, in aggregate, spending at Blockbuster vs Netflix vs Redbox, or any other set of retailers — and that kind of information would surely be extremely valuable to hedge funds. It was clearly something he’s talked a lot about, and he never said that he wasn’t already selling that data to the highest bidder.
If I am to do my banking online, I need to be confident that my financial information is being kept secure. This is not like Google, where I can stomach giving up a bit of anonymized usage data in exchange for great software. No, when it comes to my financial information, I do not want my data sold to the highest bidder.
After reading Salmon’s column, I deleted my Mint account.
Take a moment to look over your Facebook profile, and consider all the information your friends have access to. Your name, address, and date of birth? How many of the answers to your “security” questions for your financial websites are contained within your profile or updates?
Only friend people you know. Nearly half of Facebook users will apparently accept any friend request! Or learn to use Facebook’s privacy settings to keep people you don’t know from discovering personal information about you.
A hacker with $250 of easy-to-obtain equipment drove around San Francisco grabbing users’ personal information from passports and drivers’ licenses equipped with soon-to-be-mandatory radio-frequency identification (RFID) cihps.
The government has been pushing for tagging most identification with RFID chips, claiming it would be impossible or unlikely for hackers to do just what Chris Paget did with $250 of equipment he bought off eBay.
Passport RFIDs cloned wholesale by $250 eBay auction spree | The Register (via BoingBoing)
The above quote is from Terrence DeFranco, chief executive of Edentify, speaking about the recent appropriation by malicious hackers of information from 45.7 million credit and debit cards from TJ Maxx and Marshalls. The only way to prevent identity theft is to stop using modern means of commerce. Pay with cash, get rid of your mobile phone, and never give out any personal information. Even then, you have a fighting chance, at best.
Or, realistically, you keep a close eye on your credit report, bank accounts, and credit cards, and react quickly when something does happen. My credit card was cloned two years ago, at a gas station, I think. I noticed the charges within a few days, and MBNA cancelled the card and reversed the charges within about 30 minutes. All in all, it was a pretty good experience, considering.
Also, note that a cloned credit card is one thing. This happens when, as is likely for many people after the TJX breach, a thief obtains enough information about your credit card to use it to make other purchases. This can be done online or, in some cases, a duplicate physical card can be made. This is pretty easy to fix. Cancel your card, close your account, and open a new one. Your bank should reverse all charges. Done.
Full-on identity theft is an altogether different thing. This is where an identity thief obtains enough personal information about you to duplicate your identity produce fake identifying documents that the thief can use to open new bank accounts, make online purchases, and even purchase real estate in your name in some cases. It can take years to reverse the damage caused by identity theft.
To prevent this, be very careful of who gets access to your personal information. One of the most important things you can do is buy a shredder and use it to shred any documents with bank numbers, social security numbers, or other sensitive information.
Hotel key cards are a bit of an enigma, it seems. Though Snopes.com and Computerworld both put considerable effort into debunking the idea that hotel key cards hold more than just innocuous information about hotel guests, the idea persists. And, potentially, with good reason.
At least one California detective found a veritable treature trove of personal information on a card from a major hotel, including name, length of stay, and credit card number. In other words, more than enough to make it easy for someone to steal your identity.So it isn’t clear whether or not hotel cards do or do not hold risky personal information, but it does seem worthwhile to take some basic precautions. For starters, keep careful track of your key card during your stay, and take it with you when you leave the hotel, then shred it.