Who Cares About Identity Theft?
That is the question we ask in our most recent column in the New York Times Magazine. Along the way, we try to clear up some misconceptions about the subject, and get a guided tour of a hacker chat room where credit-card numbers, passwords, and PIN’s are bought and sold. Below is some of the research cited in the Times piece, along with some extras.
+ Steven Peisner is a veteran of the credit-card industry whose current company, Sell It Safe, helps merchants avoid fraud. Peisner spends a lot of time monitoring hacker chat rooms, and also sussing out fraudulent sites like this fake Bank of America website. A close look at the site reveals that its URL has nothing to do with Bank of America, but in fact reads “www.paypalacustomers.com.” “Even hackers get tired,” Peisner explained, “and sloppy.”
The site will accept any keystrokes as a login and password; on the following page, a form asks for a complete array of personal information including – oops! – “Father Maiden Name.” (Warning: unless you really want to hand over your personal information to the hackers who created this site, don’t enter any real data.) [Addendum: a few hours after this blog post, the page described in the previous sentence was disabled; it had been in existence for at least two weeks.]
+ In this paper called “Why Phishing Works,” computer scientists Rachna Dhamija (Harvard) and J.D. Tygar and Marti Hearst (both at Berkeley) found that the best phishing sites were able to fool 9 out of 10 people.
+ In his forthcoming book Stealing Your Life, reformed fraudster Frank Abagnale (famous for Catch Me If You Can) argues that identity theft is extraordinarily easy to commit and very difficult to stop.
+ And yet a new report by Javelin Strategy and Research (which, admittedly, is funded by financial institutions) found that identity theft has actually leveled off. The full report isn’t available to the public, but this consumer version is, along with this summarizing press release; the Federal Trade Commission has also reported a leveling-off of identity theft.
+ Here is a Victim’s Guide for Identity Theft issued by the Los Angeles County Sheriff’s Department, which runs one of the most aggressive identity-theft task forces in the U.S. If you’re curious about your own vulnerability, take this safety quiz from the Better Business Bureau.
+ The TowerGroup, a research firm owned by MasterCard Worldwide, recently found that “banks are not yet ready to dedicate resources to solving any ID theft problem,” which leaves the onus largely on the merchants.
+ In this ingenious credit-card prank, the prankster wonders how crazy he would have to make his signature before someone actually cares.