ID Thieves' New Tricks (page 3 of 4)

Change Text Size

Change Text Size
|
Bookmark

Bookmark

Del.icio.us
Digg
Reddit
Facebook
StumbleUpon
TwitThis
|
Print
|
E-Mail

Crime in the Cards

As my experience shows, PCs aren't always involved in digital identity theft. The Bureau of Justice Statistics' April report found that three-quarters of the 2004 incidents involved existing credit cards or other accounts.

How does it happen? Thieves target account information embedded in ATM, debit and credit cards by breaking into or otherwise compromising the equipment and systems used for processing payments.

In March, for example, Citibank announced it was reissuing an unspecified number of ATM cards in Canada and overseas. The cards had stopped working for withdrawals.

Avivah Litan, a Gartner analyst, says the culprit was most likely "PIN block" card fraud, which she expects to see a lot of in the near future. In a PIN block theft, hackers break into computer servers used by retailers to store and process debit-card PIN codes collected when purchases are made. At the same time, and off the same servers, thieves swipe the key codes necessary to unlock the encrypted PIN data. With that information, they can easily create counterfeit debit cards, which they use to clean out bank accounts. The reason Litan sees debit- and ATM-card theft rising? It's simple: Compared to credit cards, "they're better for getting cash."

That doesn't mean credit card data isn't at risk. It is -- often via similarly porous processing systems. FBI cybercrime unit chief Dan Larkin says that's one possible explanation for my Visa problem. Or it could be that my account information was skimmed with a handheld device that can pull data straight from a gas pump. However it happened, it's likely multiple crooks formed the chain that broke with that call from Visa. The person who stole the data could have sold it to someone on one of the online forums where thieves meet. Yet another person might have created a counterfeit card using my info, and sold it to the person who tried to buy the money order.

But that's just one scenario: Larkin notes that with ID theft, "the trail is becoming more and more complex."

Unwanted Guests
Another ripe target for identity thieves: the wireless networks that more and more computer users are setting up at home. A failure to block access to these networks can allow prying eyes into your hard drive, where you may store financial information in programs like Quicken. Even people who are diligent about regularly updating their firewall and spyware software don't always enable encryption of their Wi-Fi devices.

Last November, Symantec personnel conducted an exercise in New York City. With a laptop running free software and a simple antenna affixed to their car, they drove through six different residential neighborhoods. Of the 5,700 wireless access points they found, 52 percent had no encryption whatsoever, making them available to anyone who wanted to hop on.

An unsecure wireless access point can open the door to more than just data theft. Last April, a St. Petersburg, Florida, man grew wary after spotting someone parked near his house using a laptop. Worried this person might be tapping into his wireless network for unsavory reasons, he called the cops. On arriving, they found that the man in the parked car, Benjamin Smith III, was using the homeowner's Wi-Fi service. A search of his laptop, police say, indicated he'd downloaded child pornography. (Smith has pleaded not guilty and is awaiting trial.)