Community Newsletter: Q&A forum: 12/03/04 Protect yourself from identity theft and fraud

by: Lee Koo (ADMIN) November 29, 2004 3:41 PM PST

Like this

0 people like this thread

Staff pick

12/03/04 Protect yourself from identity theft and fraud

by Lee Koo (ADMIN) ModeratorCNET staff - 11/29/04 3:41 PM

Thank you Gary and everyone who participated in this past week's Q&A!

Gloria, I hope this week's members' advice and recommendations give you some direction to your concern about online shopping and identity theft/fraud.

Members, if you have more questions, or additional advice on this topic, by all means feel free share them with us in this discussion thread below.

Thanks again everyone!
-Lee Koo
CNET Community


Question:

I am not comfortable submitting personal information online
when making a purchase. I know more and more people who are
victims of identity theft, and with the shopping season fast
approaching, I want to protect myself. Is there anything I
can do prevent identity theft?

Submitted by: Gloria S. of Vineland, New Jersey


Answer:

Hi, Gloria,

First of all, the term identity theft is often confused with identity fraud, and while you should protect yourself against both activities, I think your concern about using the Internet to make online purchases is mostly regarding identity fraud; that is, you are concerned that someone else will use your credit card or login information to make purchases on your credit card or to gain access to your financial accounts. This article titled Identity Theft and Fraud Debates Slow Financial Service Industry Response at was recently brought to my attention by www.merchant911.org, and it explains the differences between the two types of fraud.

There is a lot of advice on the Internet on how to protect your personal information. Here are three articles from reputable sources.

- U.S. Federal Trade Commission
- The U.S. Department of Justice
- Consumer Reports

They all pretty much say the same thing, that there are many ways thieves can steal your personal data; from your mailbox,from your employers records, from fraudulently obtained credit reports, or even by dumpster diving. While your computer can be a goldmine of personal information, there are many ways for a competent thief to steal that information, only one of which is to tap into your on-line transactions. For example, a hacker can steal personal information from your computer using a virus that lets him take control over your computer, or to send your personal information to him while you use your computer. This is why you should keep your antivirus software up to date and install a personal firewall like ZoneAlarm (www.zonealarm.com) to counteract these viruses. A new technique that puts you at risk when you use a public computer is a keystroke logger that can monitor everything that you type into the computer, including your login and passwords. Every now and then the hacker will replace the logger, an unobtrusive device between the keyboard and the computer, and use the information to log into your account. Yet another way you are at risk is if you dont destroy (not just erase) information on your old computer before you dispose of it, which lets a hacker browse your private information at their leisure. Likewise, if someone steals your laptop the information that is stolen may be worth way more that the laptop itself. I am not saying you shouldnt be diligent when shopping on line you should take the proper precautions. I just want to put into perspective that on-line shopping is just one way that you can become a victim of identity fraud.

It is easy to understand how a thief, for example a waiter in a restaurant, can copy your credit card by "skimming" the information on the card with a handheld magnetic reader that is easily obtained on the Internet. This is why more and more people are making a habit of walking to the pay station so they can observe their credit card being handled. It is also easy to understand how a thief can glean your PIN number by watching you use a bank machine through binoculars, or more simply, by looking over your shoulder. This is why you should cover your hand when entering any pin numbers. However, the general population has less understanding about how transactions flow from one computer to another, or the technical details about how financial information stored on computers can be protected. This, combined with the many sensational stories about the many computer-related viruses and other attacks, has given the risk of identity fraud resulting from on-line purchases a higher profile than it deserves.

That being said, here are some tips for protecting yourself when making on-line purchases:

If you store financial information on your computer, use a program to encrypt and protect the information. A good program will force you to use a password to access your information on a recurring basis, say at least once a day.

I dont recommend using conveniences like Microsoft Wallet or Googles AutoFill to enter credit card information for you. Because of their prevalence they represent an attractive target for hackers.

Make sure that when entering sensitive information like your credit card that the information will be encrypted as you send it over the Internet. Dont rely on assurances by the store that the transaction is secure. Your only guarantee is the little lock icon on the bottom of your browser that indicates a secure link. However, be aware that this is still no guarantee that the complete round trip for your transaction will be encrypted it only guarantees that the first step between you and the store will be encrypted. You are still relying on the integrity and technical skill of the store owner that they have secured the next step of the transaction between their store and the credit card processor, and that the credit card processor has secured the transaction between them and the credit card issuer.

If you double click on the lock icon, it may be able to help you identify who the real website owner is by looking at the security certificate that is displayed. However, be aware that for about $100 anyone can purchase a security certificate with any information they want. You can only rely on a certificate if it is issued from a trusted source that is prepared to vouch that the owner of the certificate has proven their identity, and will back this up with a bond.

Dont put sensitive information into e-mails or into fields at a store other than the credit card field. E-mails are inherently insecure, and even a reputable store owner will not be trying to protect information entered into fields not intended for sensitive information.

Dont provide more information than seems reasonable for the type of transaction you are performing. For example, be wary if you are asked to supply your Social Security Number or any passwords or PIN numbers that are not related to the store you are dealing with.

Be wary of sites that store your credit card information for future visits. The risk that this stored information can be stolen is much greater than the risk that a thief can decrypt your transaction. Only store your credit card information with companies that you trust have the resources to protect your information properly.

More important than the technological safeguards is the integrity of the company you are dealing with. All the technology in the world wont protect you from a corrupt employee who steals your information from their employers database. Nor will it protect you from an otherwise honest company that doesnt have the technical expertise to protect your information, say from an unscrupulous employee at the company that hosts their on-line store. If you are dealing with a less known company, search the Internet with Google to see if anyone has posted a complaint. On the other hand, dont overreact to isolated complaints there are always some customers who will complain even though you have bent over backwards to satisfy them. Also look for dated postings to help you identify if the company has been around for a while a good sign since unscrupulous companies do get shut down when enough people complain to the authorities.

A technique known as phishing involves the creation of fake stores or imitations of legitimate companies to fool you into entering your financial information into a thiefs database. Be careful about using links in unsolicited e-mails to start your shopping or banking session, or you may be unwittingly supplying your financial information to a fraudster. Ensure your browser is up to date, since there was a bug that permitted a phisher to create a URL in an e-mail that would open a page on their illegitimate site, while displaying the URL of a legitimate site in the Address field. Some tip-offs that you are not on the legitimate site are that the little lock indicating a secure link is missing, links on the displayed page (other than the login link) dont work, or pictures are missing however the phishers are getting better and better at duplicating the real thing. If you dont know how to verify the validity of the web links in your e-mail (a good subject for another question), your best precaution is to open the website by typing he URL into the Address field of your browser, or by using a shortcut in your favorites.

Yours truly,
Gary B.
http://www.lblossom.com/

Submitted by: Gary B.

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted and will appear on our site shortly.

Close