Credit Card/Identity theft

Hey y'all,

As some of you know, my boss (who is also my friend), Deb, is also a member of this site as Despina. She's currently out of the country and not posting....

However, in the past few days Despina has had her identity stolen, someone hacked into her personal/business account and spent a great deal of money. :(

I know this had also happened to a couple other members here....and it's such an awful thing to go through.

So, on behalf of Despina, I am just posting to remind everyone to be really careful what you use your credit cards/debit cards to pay for on the net, be careful with your receipts, etc...be careful of emails asking for information and phone calls doing the same. There are a lot of scam artists out there....

A neighbor of mine a few months back got an email that looked like it was from Ebay, asking her to update her account information etc. In return she sent them all her credit card and bank numbers etc...and shortly thereafter had 2,000 dollars worth of charges. She had to put a freeze on her accounts, and because she doesn't have much, the time it took for them to straighten things out was really difficult for her.

Be careful... ((hugs))

Its scary.. I know so many people this has happened to.. I worked in Banking for about 8 years or so and I've had to help those it's happened to.

One big thing is DO NOT PUT YOUR SOCIAL SECURITY NUMBER on your Licence... SO many places you can do that . BAD MOVE...

Second.. No one can force your to write your SS number on things ... Like instant credits at a store to get a credit card... all they have to do is enter it in the system it does NOT need to be written in......

just a couple of things...

OH YEAH AND SCRED ALL YOUR MAIL WITH PERSONAL INFO!!

You know, I've received that email from "Ebay" three times....and I ignored it every time...there are so many slick operations out there, don't do anything unless you are 100% sure of what you are doing, and even then, question it.

I just talked to Chase Bank the other day because they sent me a letter, and I have nothing with Chase Bank.....so I called them. They asked me for my SS # to track why I got the letter. I said, "If you can't figure it out from my name, never mind."

It is a real problem. A doctor's office in my town just had an employee busted and hauled off by the police because she was selling names and SS#'s of patients to someone who was paying her to do so. It's frightening what goes on.

You know what confuses me....

These people get your card number...and then they do things like charge gas.

I can see how they can buy things off the internet with just your number or whatever...but how in the world do they buy things from stores or charge gas or whatever without the actual card to slide through the machine?

Maybe it's not like this everywhere, but where I live you have to swipe your card and put in your PIN number......

Are there places where you don't have to do this?

Ugh...it's just awful that people get away with this stuff. I wonder how many of them ever even get caught.

once they have your name and SS, they can APPLY for a credit card. that's how it works.

I've read that not a lot of these idenity theives get caught...cuz this is kind of a low victim crime. I think the thought behind this is because most credid card companies nowadays have plans in place for stolen credit cards and fraudulent charges.

Of course I could be wrong...in fact...I HOPE I'm wrong!

How horrible to have someone steal your idenity and spend your hard earned money or ruin your credit.

I hope Des gets everything straighted out and back to good. *hugs*

Nadine.

At my husbands work they just arrested a bunch of employees who would steal customers Credit cards. THey used to use the credit cards for paying for their purchase... and the Employee would INTENTIONALLY forget to give it back.. and if the customer didn't remember to ASK for it back it would be gone...

Funny thing is they did charge Gas on the cards!!

Around here you need the card to charge your gas...

Hey gang,

I was just talking to a great friend about this yesterday. I bought myself a shredder just to screw up the dumpster divers. Important to shred any of your bank account statements you get each month or any documents like paycheck stubs that has you account number on it etc.

I sure most of you have seen this, if not here is some pretty good advice about protecting yourself against identity theft ;) Cheers everyone!!! :D

http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P33715.asp

I was talking to my girl last night and she just got popped for two AmEx travelers checks for like $250 each on her card.

3 weeks ago, her boss got popped for a pair of round trip plane tickets on her card.

The connection, they both made the transactions on the same unsecured, non-encrypted wi-fi network they use in the office.

Moral: Wi-fi networks, no WEP encryption...bad. Don't use your on line banking at a coffee shop like they do in the commercials.

It's not difficult for criminals to buy equipment to make credit/debit cards, I saw it on a documentry, they get a load of blank cards with the banks logo printed on it, and with a piece of equipment, small enough to fit in your pocket, they can stamp names and numbers on it, and put the required information on the card swipe.

I hope Despirina gets reimbursed for the money she lost.

Bleh....this certainly has been a huge learning ordeal. There has been a lot of paperwork and interviews regarding this loss - and the time involved also needs to be factored. It has been a substantial disruption on all levels - and although the monies will be returned eventually - this one account remains depleted for now.

Bottom line when somebody steals your money by fraudlent use of your ATM or credit card, the funds do post and the money is withdrawn from your account! So take heed of Ray and Otto's advice cuz their suggestions are extremely excellent and valid!

Seems lotsa ppl assume that once the fraud is discovered the money is automatically reimbursed. It is not. What does happen however, is your bank card is cancelled, your account is frozen - for me I hate the not swiping the card thing at the gas station - bleh - i hate leaving my car and walking in to get gas - and although the excercise is good for me - irkes me no end! :mad: We forget how convenient these cards are!

Estimates have been given of 2 wks to 3 months :eek: for the investigation to be finalized and the funds reimbursed. I'm trying to be optimistic. Very true GTsnapper - cards are easily duplicated - all theives need are the numbers.

Finally and ultimately, I think the even bigger problem looms down the road for all of us - as we tend to overlook this "minor detail" - I've had stolen about 1/2 of what it costs to buy that M3 that GTsnapper is showing on his avatar...and sure insurance pays for it...but ultimately we as consumers and clients of the bank get to pay for this theft in the form of increased bank charges and fees. Donchya just hate it!

This is why I check my bank account balance and credit card balance online, at LEAST every other day...so I can see all transactions and make sure nothing fishy is going on. Identity theft is scary.... :eek:

Also be careful when Web sites ask you for personal information when you sign up. For example, this Web site asks you for your birthday when you sign up. NEVER give information like that to anyone unless it is required for business purposes and there is a a logical justification for them to need it. An entertainment Web site should never ask for your birthday, it's a bad security practice (at least) and can have outright criminal intent in some cases.

Naw...sorry man. Its a Federal Law now, since 2000 I think, the Childrens Online Privacy Protection Act (COPPA) makes it illegal for any website to collect information from anyone who declares they are 13 years old or under. Every forum or chat site is required to ask for a birthday for age verification. Which is fairly silly. If you are a savvy 13 year old and know the law, you can just enter any birthdate you want...but at least it gets the webmaster off the hook. This is in addition to any end user agreements or terms of usage agreements.

You can always enter a fake birthday as long as you don't say you are 13 or under...or in Ageless Love's case, under 18.

Whoa...apparently a website can collect personal information of someone 13 and under as long as their parent mails or faxes a form to the site administrator saying its ok? I didn't realize that, I thought they just couldn't do it entirely. Livejournal booted all the kids off! I don't have kids, but I can't imagine any parent in their right mind would actually fill it out, sign it and fax it back so someone can have their pre-teen's personal information!!!! All you parents out there....what's up with that? Goodness...

Anyway, it depends on who you talk to. Most people I know that script php for fun or for freelance do a birthdate verification thing. A cookie usually collects your IP address and if you mess up, the script prevents you from changing it and trying again. I'm assuming any "dynamic feedback" coders, so to speak. use the same thing. Every general interest site almost collects personal information, and php message boards are particularly touchy because they are nice scripts, and adults love them, but they all make use of profiles and avatars and even php chats etc. But maybe if you get busted with that kind of information on your server for someone under 13...like if some parent goes nuts or something, the FTC might not give you a long hard look if you have a decent age verification script for registration, versus if you just have "over 13 click here, under 13 click here" Probably if you are running a list server that's super basic, where the subscription information is only an email address...well...even email adresses might not fly...not sure....you might feel comfortable as a webmaster with a simple click through thing...or a drop down, pick your age thing with no cookies.

Its really a question for Dan. He'd probably be able to answer why they ask for the birthday better than I could, since he is the site's tech guy and all. Really, it could be as simple as the collection of php scripts were bought as a package...and it was just there. Actually...Flanker is coder...Flanker would know! LOL! Flanker...where you at?

Seriously, I don't remember any age verification anything...maybe porn sites.. since php and asp and all those low overhead scripts became popular around the turn of the millenium when people like my grandmother started using the web! And I been hanging out on the net since 96, messin' around with IRC. Hmmm...

And while we are talking about online identity theft ...Dan and Flanker...my bank uses and SSL 128 bit encryption CGI login in screen. Is this safe with IE? I don't code...really at all, know a little basic dose of meta languages, and can incorporate CGI code with a D&D editor, but I certainly can't write it. But I hear sometimes people say that CGI as compared to ASP, JSP and anything built on say ColdFusion as "low hanging fruit" but I'm not entirely sure why. I'm just paranoid now, because I use a small, old labor bank that seems to run out of a cigar box, and I'm worried that their IT dept. may not be as...sophisticated as a large multinational bank! If I went through what Despina is going thru with my checking or savings acct. I'd seriously be homeless!

Sorry if someone else has said this, but when it comes to online transactions, the customer is always right in the eyes of visa and mastercard. A merchant MUST refund your dollars if you did not authroise a transaction.

Bleah - I hate this topic but it's an extremely important one! I use paypal and, until this past spring, have never had any problems. But back in April or May, some guy in CAIRO, EGYPT hacked into my account and stole over $1,000 in about an hour. I change my password often, use nonsensical letters & numbers, and he still hacked in.

For those of you who aren't familiar with Paypal, you have to activate your account by providing a valid link to a live bank account. Thankfully, I do check my regular bank account twice daily -- imagine my surprise when I watched this guy literally draining my account right before my eyes!! He was able to buy a porn program and about 30 games before we were able to stop him. It took a week or so to restore everything to normal.

Yeesh. That was a pain.

What a nightmare! I use Paypal once in a while and also check my bank account frequently. I received an email not too long ago from Paypal explaining how they had updated their system and improved security features - and they were asking me to verify my password. I forwarded it to customer service and asked if it was a legit request but never heard anything back from them...guess it wasn't!

Bad security feature my anal crevice...

Once again...people read more into something than needs to be read into. It's not just this site that does the COPPA deal, and not just this site does the birth date deal. I'd say more than 75% of the message boarsd out there, collect the birth date...

As long as you don't give pertinent information out...just putting a birthday down is not going to spell, "DANGER WILL ROBINSON! DANGER! DANGER! DANGER!"

As for Coppa: http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

The birthdate, is not a big deal...
TRUST ME...

I'm not going to go into a long rambling blithering message...
If you really think it's a bad deal? Give me your address...I'll send that person a tin foil hat to put on to keep those secret brain scanning microwaves from penetrating your noggin.

The birthdate is done for entertainment....hey, it's nice to have your birthday recognized, isn't it?

Christ...
Someone always has to spoil happiness.

Bad security feature my anal crevice...

Once again...people read more into something than needs to be read into. It's not just this site that does the COPPA deal, and not just this site does the birth date deal. I'd say more than 75% of the message boarsd out there, collect the birth date...

As long as you don't give pertinent information out...just putting a birthday down is not going to spell, "DANGER WILL ROBINSON! DANGER! DANGER! DANGER!"

As for Coppa: http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

The birthdate, is not a big deal...
TRUST ME...

I'm not going to go into a long rambling blithering message...
If you really think it's a bad deal? Give me your address...I'll send that person a tin foil hat to put on to keep those secret brain scanning microwaves from penetrating your noggin.

The birthdate is done for entertainment....hey, it's nice to have your birthday recognized, isn't it?

Christ...
Someone always has to spoil happiness.


LMFAO, Dan_Shues! You gotta love this guy.... ;)

I completely agree, of course... I have never heard of indentity theft based on one's birthday, after all, it's not a unique feature. Believe it or not, MANY people in the ENTIRE world share same birthdays... now social security number, that's the one you have to watch out for. :)

Well as far as I understand it, almost all prepackaged php scripts, open source or propietary do come with the drop down birthday script now due to the "over/under" click through being legally questionable.

This is from the Vbulliten forums, scroll to post #10 which address the question directly.
http://www.vbulletin.com/forum/showthread.php?t=24184&highlight=age+verification

I'm sure some prepackaged php forum scripts delete the form entry after it is run through the validation process, from the server. Don't know about VBulliten though, and don't feel like looking it up.

As to INCREASING your liability under COPPA by asking for the birthday to register...well, that doesn't really make any sense. If the script says only validate the registration for someone over 13, then how can the operator know that someone's under 13 using a false birthdate unless they know them in person?

I think TrueHeart was confused after he saw the birthday thing, because that information is added to the calendar from the field in the User control panel, not from the initial registration. I entered my birthday as everyone did to register, but the registration screen field doesn't impact the calendar...as my birthday is not in the calendar, cuz its not in my user profile.

Whatever...its doesn't even matter. I was just trying to tell you why they ask for the birthdate and it turned into a "debate." I can't believe I'm actually participating in a debate about COPPA. DMCA maybe...but wow. I'm gonna go take a nap! LOL!

For a website like Ageless...it's in it's best interest to do a COPPA and also for the birthdate. And do remember, a person has to be over 18 to post here to begin with...

Because, let's face it...w/o all of that....one could come on here and pretty much say, "HOLY CHRISTWAGONS!! It's a GIANT NAMBLA CONVENTION!" *LOL* And well, no one wants that...ya know?

If you HONESTLY...and TRULY think that a birthday is that bad?
I have a GOOD suggestion for you...
PULL your Network Cable or Phone Line going into your computer. Cause, guess what? Alot more can be found out about you, quicker...by your IP address, bud. And many sites, log that information. Even the lil image hosting company you and so many of us use...imageshack...does that...

You're just making a mountain out of a mole hill. That, or you get off on trying to scare people and show off how much you think you know.

PayPal will NEVER send an e-mail asking you to verify your password. Neither will any other site. Always ignore e-mails asking for passwords or asking you to verify your password. It's a scam.

Very true -- and what unnerved us was that we never, EVER answer those emails. We don't even open them! This jerk actually hacked into my account from Egypt.

The messed up thing, is my poor grandparents are just starting to use the web to pay their bills on line and stuff. They are so vulnerable to phishing scams because they think their email address is like...protected. They don't understand how they are collected and used...its just, I dunno. I worry about them, they are older, like late 70s, and just not of the tech generation.

Man, I really don't think you are getting this birthday thing. You have to CHOOSE to make your birthday available publically for someone to just get your birthday. The registration has nothing to do with it. If you don't make your birthday public...no one is going to mine it. For somone to steal your birthday, they will literally have to get into the shell level of the Unix server AL is hosted on, somehow...without being detected and either gain total remote control of it, or steal all the logs and dig through to find birthdates, if they are even STORED in a log. Not exactly an easy task, and not worth a hackers time if there's no credit card, financial information or SS# stored in the same logs, or server folders. I agree with Dan, that the IP logs and certain session cookies are worse. Look at RFID technology. NOW there's a privacy violation.

You clearly have no understanding of the concept of data mining. There are techniques available to match up this set of data with that set of data and put the pieces together to make a composite that can be used to steal an identity or commit a fraudulent act. This is done regularly.

Making a birthday available, so that it could possibly be matched up with other related data, to form a profile good enough to begin an identity theft is a bad practice.

No amount of snide comments made about me do anything to change these facts.

I think the cavalier attitude about security seen here contributes to the reason there is so much fraud on the Net to begin with.

Cute, TH... oh yeah, you are so much more informed than I regarding data mining... I should bow down, I supppose... but I won't. ;)

I have a real surprise for you, if you think birthdays are bad... well how about just your name? People can find out a wealth of information about you just on that alone. In the state I live in, there is a website for the courts that anyone can access... anything you have done, even a ticket for speeding is recorded there. Anyone can access your personal information, including address.

My best friend has access to EVERYONE'S personal information just by name alone... I have access to a wealth of personal info as well and I don't need your birthdate or social security number.

Anyone can do a search on anyone, if you want to pay a fee. There are many ways for people to commit identity theft and indicating that a birthdate is the real dowfall of it all, I'm sorry... but if you believe that, you are the one that is misinformed regarding data mining.

If you don't want to list your birthdate, I don't think you will be banned for not doing so... follow your own beliefs and don't worry about what everyone else thinks. You do not have to browbeat everyone to think like you do, we are all entitled to our opinions. :)

I don't follow you around, TH. I have only posted on three threads you were involved in.... sorry to obliterate your image of yourself as the hunted and wounded bird. I stated facts, I don't see anything in what I said to be unfactual.

If you feel so strongly about your personal information being compromised on this message board, you should take it up with Jo-Admin or Rob-Admin. You are barking up the wrong tree here, because no one has any authority to change it besides them. :)

.....

I gave a warning to inform other people here about what I perceive to be a potential problem for them. I believe that was the correct thing to do. I'll let them decide if what I said was useful or not.

Something Completely Unrelated: Admit it, TrueHeart.... You love this place, and would like to stay for the indefinite future. LOL

It's okay to "do an Enoch" and decide that we are just too nice here. :D

Oh...but you HAVE given them personal information...IP address...

But, I digress...

I'm done with this discussion. Since, it's pretty much curtailed off the original beaten path.

ROTFLMAO!! :D

Likewise, TH! It's all good. :)

It may be a lost cause to attempt to get back to the topic...but I am going to try....

This is actually the business I am in -- no, not identity theft ;)

I work in the credit card industry as a fraud analyst so I deal with this all day every day. I can tell you that in most of these cases, the credit card companies (banks) are the ones who end up losing the money in cases of ID theft. There are cases where the merchant business takes a hit too, but MOST of the time it is the bank. What typically happens when someone calls and says "hey, I didn't make all of these charges" is the bank credits the card back the amount (not the merchant) while they investigate the fraudulent charges. The cardholder, in cases of identity theft is left to deal with picking up the pieces in getting back their good name.....and this is no simple task. It can take years, depending on what the thief managed to accomplish. You have to notify all 3 credit bureaus and you will have to deal with this mess every time you apply for anything in the future that involves pulling your credit history.

I can only speak specifically about the credit card industry, but there are many ways to obtain your credit card information. There are websites out there where people sell lists of credit card numbers, in bulk, to anyone willing to pay for them. I'm sure you've all heard of 'skimming' by now, which is a VERY easy way that theives obtain ALL the information from your credit card and sell it. These things can happen to anyone anywhere. Counterfeit cards can be created relatively easily with the right equipment. The newer 'thing' out there is to use fraudulent/counterfeit cards/card numbers to purchase gift cards. Why? Because they cannot be traced. Once you purchase a gift card, in most cases it is not attached to any original source of payment as a check, credit card, or money order would be, and you don't have to present ID to use them. Especially these days, when you are able to buy VISA gift cards, for example, that can be used anywhere.

I could go on and on....I see it day after day, and unfortunately none of it suprises me anymore. I am not trying to scare anyone or get people riled up -- but any of this really can happen to anyone, no matter what you do. Yes, if you take precautions, chances are slimmer for you. You should be careful with what information you give to whom. And you are smart to shred personal information and question those who want personal information. Just know that if it does happen to you, that doesn't mean it was necessarily something you DID or did NOT do that caused you to be a victim....that's all I am saying...

EXACTLY! Do I have to spell it out to help educate all the wannabe junior hackers? You should know better.

IP address is the linking field. Use that to link with name, address, etc. elsewhere. Now you get the associated birthday field too, because it is provided courtesy of AL. This is elementary stuff.

I'm done with the discussion too. I made my point. And I think it is a valid one.

The point of this thread wasn't to irrationally scare anyone into not buying things on line. Or worry about who's logging their IP address, or worry about joining a forum site where they ask for your birthdate for COPPA compliance reasons...the point of the thread was to beware of phishing scams, and to not use personal info on non encrypted wireless networks, and to update you vulnerabilites for your OS and brower when you are supposed to.

TrueHeart, just out of curiousity, do you work in tech? Or code/hack? Cuz trust me, you are not spelling out anything that's educating junior hackers, its all good. Hackers spends days trying to pass commands to buffer overflow vulnerabilities remotely, with browsers that they write by hand specifically for that purpose (now, that's elementary stuff)...they don't worry about your birthday on AL.

And to Love4Life's point...she's so right about the gift card thing. Can't say enough about how bad non-encrypted wireless networks are for sumbitting credit card info. And totally shred everything before it goes in the trash...this is the #1 way for people to get your info.
Another thing that should be mentioned that hasn't....IP logging and cookies are entirely bad things either. I'm sure everyone has gotten a least one call from your credit card companies fraud dept. informing you of suspicious purchases. The "pattern" of your purchases is created from collecting that personal information and its used to protect you...AND the assets of the credit card company. The company doesn't want to lose millions a year to fraud or hackers either. That's why they collect all this stuff on you. Yeah, for marketing purposes as well of course."
There's nothing wrong with limiting what you give out for personal info on line. But as long as you deal with reputable merchants, shred your statements, and update your patches...Love4Life is totally right...its not something you did or didn't do...it can happen to anyone, just by somone generating numbers via a credit card companies pattern until it works.

Hell I saw I guy on tv, cheat vegas with slot tokens he made in his basement...now that's some skill. If people can cheat Vegas, the technology evolves so fast, that to pretend there's a way to make Joe Q. Consumer, 100% protected is just fooling yourself. Eventually, there will be a biometric element to purchasing consumer goods...and I guarantee, before its even in use, people are already working on how to break it.