The Hindu Business Line : Guard against ID thieves

How often have you received unsolicited calls from credit card salesmen or insurance agents from call centres with all your personal data at their fingertips? Hardly a day goes by without our hearing of someone becoming a victim of identity theft or learning about another data breach. Recent findings in the US by The Privacy Rights state that over 230 million records have been compromised due to security breaches since January 2005. We have no such data for India but th e reported and unreported credit card frauds and unsecured online transactions present a major risk to consumers.

Criminals, using a variety of methods, steal PAN (permanent account number) details, driving licence, credit card numbers, ATM cards, telephone calling cards, and other pieces of individuals’ identities. They use this information to impersonate their victims, spending as much money as they can in as short a time as possible before moving on to someone else’s name and identifying information.

Here are some of the tactics they use:

“Account takeover ” occurs when a thief acquires your existing credit account information and purchases products and services using either the actual credit card or simply the account number and expiration date.

“Application fraud” is what some experts call “true name fraud.” The thief uses your PAN and other identifying information to open new accounts in your name.

Victims are not likely to learn of application fraud for some time, because the monthly account statements are mailed to an address used by the impostor. Victims learn of account takeover when they receive their monthly account statement.

Stealing wallets, mails, letter box skimming used to be the best way identity thieves obtained PAN number, driver’s licences, credit card numbers and other pieces of identification. Besides these, they now use a variety of means:

“Dumpster diving” in trash bins for un-shredded credit card and loan applications and documents containing PAN number, Passport number, bank details, etc.

Stealing mail from unlocked mailboxes to obtain newly issued credit cards, bank and credit card statements, pre-approved credit offers, investment reports, insurance statements, or tax information.

Unfortunately, even locked mailboxes may not stop the most determined thief, especially in a large apartment complex.

Impersonation: Accessing your personal information fraudulently, for example, by posing as an employer, loan officer, or landlord.

White collar crime: Obtaining names and PAN number, Bank Account number from personnel or customer files in the workplace.

“Shoulder surfing” at ATM machines and phone booths in order to capture PIN numbers. Smart thieves use cell-phones to video record while you are at the ATM inputting your data.

Social Networking Exposure: Finding identifying information on Internet sources, via public records sites and fee-based information broker sites.

Phishing: Sending e-mail messages that look like they are from your bank, asking you to visit a Web site that looks like the bank’s in order to confirm account information.

Hacking into unsecured and unencrypted data files of financial institutions, retailers, and credit card transaction processing companies.

Accessing unsecured Web sites that contain sensitive personal information such as PAN numbers and financial account numbers.

You cannot prevent identity theft. Criminals can commit suchtheft relatively easily because of lax security practices and careless information-handling in the workplace.

But you can reduce your risk of fraud by following a few counter measures.

Ten Golden Rules

Here are some vital do’s and don’ts:

Reduce the number of credit and debit cards you carry in your wallet. We recommend that you do not use debit cards because of the potential for losses to your savings account. Instead, carry one or two credit cards and your ATM card in your wallet. Report evidence of fraud to your bank immediately.

When using your credit and debit cards at restaurants and stores, pay close attention to how the magnetic stripe information is swiped by the waiter or clerk. Dishonest employees have been known to use small hand-held devices called skimmers to quickly swipe the card and then later download the account number data onto a personal computer. The thief uses the account data for Internet shopping and/or the creation of counterfeit cards.

Do not use debit cards when shopping online. Use a credit card with lower credit limits because you are better protected in case of fraud..

Keep a list or photocopy of all your credit cards, debit cards, bank accounts, and investments — the account numbers, expiration dates and telephone numbers of the customer service and fraud departments — in a secure place (not your wallet or purse) so you can quickly contact these companies in case your credit cards have been stolen or accounts are being used fraudulently.

Never give out your PAN, credit or debit card number or other personal information over the phone, by mail, or on the Internet unless you have a trusted business relationship with the company and you have initiated the call. Identity thieves have been known to call their victims with a fake story that goes something like this. “Today is your lucky day! You have been chosen by the Lotto Lucky Prize to receive a free trip to the Singapore. All we need is your PAN number, credit card number and expiration date to verify you as the lucky winner.”

Always take credit card receipts with you. Never toss them in a public trash container. When shopping, put receipts in your wallet rather than in the shopping bag.

Never permit your credit card number to be written onto your cheques as it puts you at risk for fraud.

Watch the mail when you expect a new or reissued credit card to arrive. Contact the issuer if the card does not arrive.

Order your credit card summary report at least once a year. If you are a victim of identity theft, your credit report will contain the tell-tale signs – inquiries that were not generated by you, as well as accounts that you did not open.

Never send your card through your driver/servant to a shop and sign for you.

When online, don’t click on virus-laden e-mail attachments (or any attachments for that matter unless you’ve verified their arrival with the sending party), and be careful about clicking on links contained within instant messages or even on trusted sites.

Before you click, right-click on those links to see if their URL addresses match the name of the business or organisation.

In some cases, you might not learn that your data was stolen until the company or organisation that was affected informs you about the breach. The government should make it mandatory for banks, enterprises, and firms that do business in India to notify consumers when a data breach has occurred, regardless how that information was or was not used.

Data at rest can be protected by hardware based and software-based encryption and documents can be protected by Digital Signatures for authentication. As soon as you discover that your personal information might be at risk, take steps immediately to secure your privacy and your information. Even if you discover later that your information remained safe, the steps you take now can provide you with the skills you need to remain secure.

The author is CEO of Secude Solutions India.