PDA

View Full Version : Be Careful Out there



oldriverat
08-26-2003, 10:31 AM
Last week during all the confusion with the virus attacks, our credit card number was stolen from a website. I really don't know if the worm or viruses had anything to do with it or not. The bank said some 800 to 900 numbers were stolen and they know they will try to use them overseas. We're lucky because ours was blocked before it could be used and the number canceled. The bank won't tell us what website it was. :confused: I don't think it's safe anymore to give out confidential numbers over the internet.

diver
08-26-2003, 10:53 AM
you most likely already know this, but I'll throw it out here anyway...
did you get a letter saying that they were from abay and wanted you to click on a link and fill out a form? I got a few of them and wrote Ebay and they said the emails were not from them and and the links (even though it said somthing like ebayprofile@ebay-help . com) was not to their site. I'm sure other sites are having the same problems, but don't know it yet.

High C
08-26-2003, 01:27 PM
The good news about credit card fraud, not that it's a happy subject, is that Federal law limits personal responsibility for fraudulent credit card use to a mere $50. That's the most you can be made to pay if your card or number is stolen and misused. Some companies will not even charge that.

The theft of your number, Mike, was not related to the worms going around. It was more likely an inside theft of some sort. Though it makes for exciting movies and books, the state of computer hacking is nowhere near as advanced is it is oft said to be. Security of critical data is pretty damn good, overall, and can be secured TOTALLY, by any company that puts a reasonable effort into it.

Meerkat
08-26-2003, 02:05 PM
JT; I had no idea you where an expert in computer security and hacking! I'd sure like to hear more about how it's not as much of a threat as some people say it is!

High C
08-26-2003, 02:41 PM
Originally posted by Meerkat:
JT; I had no idea you where an expert in computer security and hacking! I'd sure like to hear more about how it's not as much of a threat as some people say it is!I thought that might get a rise out of you, Meer. ;)

I'm sure you know that most of the crap that goes on is more "denial of service" type stuff than data theft. Stories of actual data theft are pretty rare. Most of the time data theft is done from the inside, not by some 15 year old in Korea.

Many virus scares are exagerated, and few are capable of doing much other than reproduce themselves. There have been a couple of noteworthy exceptions the last couple of weeks, however. To now, these have been the exception rather than the rule.

My main point is that I think our data is quite safe, overall. And it can be even more so with a bit of vigilance and care on the part of those responsible for that data.

Here's an interesting site for those interested in the computer security issue. V Myths Site (http://vmyths.com/)

Bruce Hooke
08-26-2003, 03:00 PM
Based on what I've read and heard here is my take on credit card numbers and the Internet:

- All, or virtually all thefts of credit card information happen when the data are "at rest" in a database, rather than while the data are being transmitted across the Internet. Data sent from a secure website is really quite safe while it is in transit.

- If you place an order by telephone, the credit card number you give over the phone in most cases probably ends up in the same database as if you had submitted it over the Internet, so it is just as exposed to theft either way.

- I would guess that by far the largest part of Internet fraud related to credit cards has to do with fraudulent companies rather than theft from updstanding companies. The Internet has made it a lot easier to set up fraudulent companies. So, do your research before your order from a company you are not familiar with.

All things considered I would say that handing your credit card over to a waiter or a gas station attendant is probably a lot more risky than handing it over to a web site or a telephone order taker. I'd guess that many more credit card numbers are stolen via in person transactions than via phone or Internet purchases.

Meerkat
08-26-2003, 03:36 PM
The government is pretty serious about hacking and not just about credit card numbers. They are a lot more concerned about hackers being able to cause events such as the recent eastern blackout by hacking into the right computer. I'm not suggesting that that particular event was caused by a hacker and there is no evidence to support that idea, but there have been and are incidents where hackers have suceded in hacking into computers which can cause such events or worse. One teenager hacked into the floodgate control computers for Hoover Dam for example and other(s) have done the same for the computers controlling the electrical grid in the southwest. An Aussie hacked into the local district's sewage control system and caused backups and overflows for some few weeks until he was caught.

According to a Frontline episode a couple of months back, there are a large number of control computers that have vulnerable public interfaces. They're working to fix the problem, but there are a LOT of computers needing fixing.

John of Phoenix
08-26-2003, 04:45 PM
For what it'worth, I'll pass this along...

"A corporate attorney sent the following out to the employees in his company and it seems like sound advice. You may want to keep a copy for your files in case you need to refer to it someday.

Anti Fraud Precautions

The next time you order checks have only your initials (instead of first name) and last name put on them.

If someone takes your checkbook they will not know if you sign your checks with just your initials or your first name but your bank will know how you sign your checks.

When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.

Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. Never have your SS# printed on your checks (DUH!) you can add it if it is necessary. But if you have it printed, anyone can get it.

Place the contents of your wallet on a photocopy machine, do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel.

Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad.

We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards, etc.

Unfortunately I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information on-line, and more.

But here's some critical information to limit the damage in case this happens to you or someone you know:

We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them easily.

File a police report immediately in the jurisdiction where it was stolen, this proves to credit providers you were diligent, and is a first step toward an investigation (if there ever is one).

But here's what is perhaps most important: (I never even thought to do this).

Call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name.

The alert means any company that checks your credit knows your information was stolen and they have to contact you by phone to authorize new credit.

By the time I was advised to do this, almost two weeks after the theft, all the damage had been done.

There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away this weekend (someone turned it in). It seems to have stopped them in their tracks.

The numbers are:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289

Social Security Administration (fraud line): 1-800-269-0271

We pass along jokes on the Internet; we pass along just about everything.

Pass this information along. It could really help someone you care about."

High C
08-26-2003, 04:53 PM
Thanks John. I printed that out for future (I hope not!) reference.

Bruce Hooke
08-26-2003, 04:57 PM
That's a lot of good advice, John. Thanks.

I can add a couple of things about check signatures:

- I don't think banks, as a general rule, even check the signature at all. In other words they do not routinely compare checks that come in to them against the copy of your signature that they have on file. I know this in part because I know of a case where someone (with the OK of the account holder) signed one of their checks, without even trying the match the accound holder's signature, and the bank never said anything. It's pretty much left to the merchant to make sure the signature is valid.

- Based on my experience, there are at least some banks that will not accept a signature that is just first intial(s) and last name.

Bruce Hooke
08-26-2003, 05:21 PM
I'm about the same in terms of check-writing as Donn. I pretty much only use checks to pay my share of the bill with medical providers and to make donations to non-profits.

If I check online when I get back from the grocery store I can usually see my charge already in my account.

Based on a friend's experience I do keep the bulk of my savings in a separate account from the one I use the debit card on. He had someone steal his debit card information and clean out his account. While in theory he was not liable for the loss the bank basically wanted him to prove that the charges were not his. Of course it's a little hard to prove that you did not make a given purchase, so it took him a lot of time to get his money back. By keeping the two accounts separate I can at least, hopefully, protect the bulk of my cash savings.

John of Phoenix
08-26-2003, 05:29 PM
I think the signature verification depends on the bank and the amount of the check. I get calls from our banking department occasionally for what they call "signature violations".

New York - "This doesn't look like the signature we have on file. Please call your client to see if he wrote a check for $1000 to the Acme Massage Parlor."

Me - "Yes, he says wrote it, he was just a little shaky at the time. It's ok to pay." ;)

I had a card stolen once at a car wash. Dumbass left his Daytimer in the glove box and someone cleverly lifted a SINGLE card out of it. Never missed it. The bank called ME the next day and said some of the charges weren't "typical of my spending habits" and asked if I had the card. "Sure, right here. Uh, well, hmmm? Thanks for calling." They spent $900 in one day and I paid nothing.

Some banks are better than others, I guess.

Bruce Hooke
08-26-2003, 05:51 PM
That makes sense that they would focus on larger checks. I believe the check in question was for a small amount of money.

I once got a call from my credit card company questioning a $300 charge in St. Paul, MN (I lived in Kansas City at the time). I quickly confirmed that YES, I had just spent $300 at Tools-On-Sale -- I had just ordered a new portable thickness planer! :D

clancy
08-26-2003, 06:24 PM
I write about 2 checks a month now. Pay everything with a debit or credit card. Recently got screwed by bank while trying to use debit card. In June Springsteen tickets were going on sale at Ticket Master for Giants Stadium. I was ordering online. Pre-registered info with Ticket Master to speed up process. Bank allows up to $3000.00 in purchases in 24 hour period using card. Tickets went on sale at 09:00 got in at 09:05. Eight tickets on the floor! Then I got bounced. Bank shut down debit card because of "High volume of sales on card."
The bank pointed the finger at Ticket Master. Ticket Master blamed the bank.
On Monday tried to purchase gasoline on debit card and card was denied. Went to bank and they blamed the problem on a third party security firm that they employ to watch out for my best interests. They suspected a fraudulent use of the card. This was a roughly $800.00 purchase I was trying to make.

Nicholas Carey
08-26-2003, 07:11 PM
Originally posted by Bruce Hooke:
That's a lot of good advice, John. Thanks.

I can add a couple of things about check signatures:

- I don't think banks, as a general rule, even check the signature at all. In other words they do not routinely compare checks that come in to them against the copy of your signature that they have on file. I know this in part because I know of a case where someone (with the OK of the account holder) signed one of their checks, without even trying the match the accound holder's signature, and the bank never said anything. It's pretty much left to the merchant to make sure the signature is valid.I can attest to that. I've had the bank cash checks I've written and not signed :eek:

I'd forgotten to sign them prior to putting them in envelope. Huge no-no.

oldriverat
08-26-2003, 09:51 PM
Thanks for taking the time to write that John. It's very informative.