Friday, November 11, 2005
With news reports of industry facing more and more scrutiny over identity theft, fundamental change in protection from this crime may be on the horizon. The development is welcome, but the temptation to let others handle a seemingly intractable problem is strong and plays into thieves’ hands.
We hear about multifactor authentication technology and laws forcing companies to inform the public. And it’s not that these are bad ideas, but the temptation is to view them as panaceas, which just isn’t true. Nothing done from the top down will be a cure-all for identity theft. We must accept responsibility for our own identities.
I suggest the following for consumers wondering how to protect themselves against identity theft and other security threats of the high tech world:
1) Use a free e-mail address for transactions. This will make it a lot tougher for thieves to trace your name back to financial information. As an added bonus, the practice provides added protection against online stalkers.
2) Track your identity before something goes awry. Tools are available. MyPublicInfo (MPI), for instance, provides the Public Information Profile (PIP), a tool that helps to trace the public "threads" that run through our lives. The PIP aggregates public information from disparate sources into a complete and legally conforming personal profile. Through my Web site, I provide a link to more information about the PIP.
3) Avoid following links or buying from e-mail spam, which could really be a message from phishers, those who send “spoof” e-mails that masquerade as legitimate messages.
4) Enter your personal information only at familiar Web sites. Charlatans known as pharmers can redirect a DNS to a fake site designed to steal information. Exercise extra precaution by making sure the site features https—not simply http.
5) Use a double-blind, untraceable 800-number if you date online or must post a phone number to the Web or to a classified ad. Thieves and online stalkers can find out where you live and just about anything else from a home phone number. Companies such as PrivateTel (www.privatetelsolutions.com), NetworkIP (www.networkip.net), and others provide applicable 800-number services.
6) Never provide your Social Security number. Most of the time, the information is unnecessary, making any request for it suspect. Exceptions include when you call your credit card company for information, and the organization asks for the final four numbers of the number.
7) Beware social engineers, identity thieves who gain victims’ trust before stealing personal and financial information. Social engineers use psychological techniques to give themselves a veneer of legitimacy. For instance, they may claim to work for charitable donations. Typically, they solicit via phone.
8) Whenever possible, use a credit card instead of a check. Should thieves get hold of your credit card information, you will encounter far fewer obstacles as you rectify the situation. With your checking account information, thieves can get your money for good and leave you bereft of recourse.
9) Avoid the use of a cordless phone to communicate details of your personal and financial information. Thieves can easily intercept conversations from cordless phones, which are susceptible to widely available eavesdropping technology.
10) Vary the passwords you use. By having only one or two passwords for all your online access, you make the identity thief’s job easy.
BONUS TIP: One of the major ways identity thieves obtain your information is by infiltrating your computer with spyware and viruses that record keystrokes and lift data from your hard drive. Install at least one anti-spyware program and run a sweep once per week. Run an effective virus shield at all times, and use a reliable firewall.
By taking a number of simple steps, you can greatly reduce your risk of becoming a victim of identity theft. Nothing thwarts the identity thief like the well-informed, cautious consumer.