Community Newsletter: Q&A forum: 12/03/04 Protect yourself from identity theft and fraud

****** HONORABLE MENTIONS**********

Answer:

There is no one set answer regarding the issues of protecting one's personal information when making either an on-line or off-line purchase, but there are some basic important measures you can take to minimize the risks.

1. Only make on-line purchases at sites that use encryption. You'll see a lock icon in the lower right corner of the browser window if your're using IE Explorer.

2. Never transmit personal or credit card info via an unsecured on-line order form or via email.

3. Don't choose to have your credit card info stored on a merchant's site.
While all merchants who provide this convenience take great precautions, they cannot protect themselves completely. I trust myself more.

4. Use credit cards like that provided via Visa or Mastercard in conjunction with an on-line validated purchase procedure in which you log in via another window provided by Visa or MC to validate the purchase.

5. If possible, use complex passwords for logging into a site containig characters like ; # zz % or $. Store these passwords in a password protected document that only you can open.

6. Don't provide personal phone numbers, business addresses, personal email info, or anything else that is not absolutely required at an on-line purchase site.

7. Only shop at sites, if at all possible, that use security services such as Versign and the like.

8. NEVER provide your SS # or bank account numbers!!

9. Setup and use a free Internet email account for use when making purchases. You cannot possibly read all the small print in a site's terms and conditions and you will likely miss something important. Using the free email account protects your personal email account.

On-line purchasing is probably safer than making a purchase via ones telphone and it is certainly as safe when compared to making a purchase at a physical store. Many, many retail businesses transmit your credit card info for approval via the same type of connection you have, that is the Internet; albeit some via more secure lines than others.

Submitted by: Ronlad N.

**********************************************************************************

Answer:
While shopping online is a great convenience, it does not come without risk. Here are some useful tips to minimize the risk of identity theft when making purchases online.
1) Know the company you are dealing with. Check to ensure that the company is legitimate.They should have a posted phone number and physical address.
2) Check for an online privacy policy. If you are about to hand over personal information to a web site, they should disclose what information is being collected and how it is to be used. If they require acceptance of an online agreement before processing an order, make sure you print it out and actually read it.
3) Look for independent third party organizations "stamps-of-approval" that the web site uses good online business practices. These can include digital certificates (Verisign), privacy seals (TRUSTe) and reliability seals (BBBOnLine).
4) Check to see if their web transactions are secure using either SSL (Secure Socket Layer) or SET (Secure Electronic Transaction) to encrypt the personal information that you are sending to them. Generally you can tell if the transaction is secure by checking for the existence of an unbroken key, a lock or a padlock at the bottom of the browser window. Also, some sites use "https" instead of "http" at the beginning of the web address to indicate that the site is secure.
5) Always pay with some kind of a credit card. Federal law (the Fair Credit Billing Act) makes it much easier to resolve a conflict in which you do not get what you ordered, you never receive your merchandise, etc.
6) Keep a record of all of your online purchases. Check for confirming email messages from the online merchant. Match your printed invoices with your monthly billing statement when you receive it in the mail (or online).
7) Never respond to web links imbedded in email messages to you that promise fantastic deals. Many of these deals are scams and link back to phony web sites. Their sole purpose is to get you to enter personal information that they will use to steal your identity. Remember, if a deal looks to good to be true, it probably is!
8) Here are some additional tips for using credit cards - both online and in person. Consider using a single credit card with a low credit limit for all online transactions. Or, use a service like PayPal instead. Put a password on your credit card. Put your photograph on your credit card. Sign your credit carad. Finally, avoid using a debit card online. It is usually directly tied to a savings or checking account and the funds are withdrawn almost immediately after a transaction is complete. Once someone has gotten your funds, it can be difficult to get them back.
There are also a number of great web sites that give much more information on identity theft. They are worth checking out.
Federal Trade Commission - www.ftc.gov
Identity Theft Resource Center - www.idtheftcenter.org
Privacy Rights Clearinghouse - www.privacyrights.org
Submitted by: Jerry B. of Manchester CT, US

**********************************************************************************

Answer:

Gloria S. asked "Is there anything I can do prevent identity theft?"
My answer YES, but...
If by "preventing identity theft" you mean preventing somebody from getting in your name a driving license, a mortgage, a car loan, or transferring all your money from your bank account to his/her bank account abroad, that requires much more than caution during your online experience, but I understand your concern is basically limited to shopping online.
In my opinion, you can pretty safely do shopping online (I do it both for my own needs and for my company) if you (1) do your homework, (2) exercise caution, and (3) abide by a self-imposed discipline.
1. - I would recommend you to read (and apply!) the basic rules, like those offered by the following:
http://www.nipc.gov/warnings/computertips.htm
http://www.bbb.org/alerts/article.asp?ID=153
http://iisw.cerias.purdue.edu/home_computing/topten.php
2. - Don't invite theft; when visiting New York (I see you live in New Jersey) you wouldn't leave your purse on the back seat of your car, even with the doors locked -- or would you?
Same thing with your personal data: purge your hard drive -- remove (or edit) any file containing your Social Security Number, driver licence number, date and place of birth, credit card numbers, etc. If you frequently need such files, better save them on removable storage medium (diskette, CD, etc.). Keep in mind also that your SSN is not intended for serving as an identity card, and it's not everybody's business.
3. - If (like most Americans) you have several credit cards, use only one of them for online shopping -- ideally, use it only for online shopping. This way you have better control on your charges, and in case of theft, you limit your exposure to $50.
- Never use a bank card linked to your bank account (those credit/debit/ATM cards).
- If your bank is serious about protecting your identity, it could probably offer you for free a special service -- Virtual Account Number.
- Stay away from offers coming through unsolicited e-mail -- the more appealing they are, the more suspicious and risky. Keep in mind that nobody offers something for nothing. Preferably, it's you who should initiate the search and select the vendor.

I could go on and on, but I'm sure you understand that security is not only a matter of technical means, it's of good judgement too, and I wish you a pleasant online shopping experience.

Submitted by: Stefan

**********************************************************************************

Answer:

You're wise to be concerned about identity theft! There are many different ways your information can be compromised, but there are some steps you can take, both online and offline.

Online

1) If you shop online, only reputable sites and companies. There are several ways you can verify this:
a) http://www.Bizrate.com allows you to search for various online stores and see how other shoppers have rated them on timely delivery, customer service, products meeting expectations, and whether they would shop there again. Click on 'Store Ratings' at the top of the screen, and you can either search by category or search all stores. You can sort the results by store name or by customer satisfaction.
b) Look at the website (often at the bottom of the page) for a yellow circle that indicates the site is a VeriSign secure site. Click on the circle, and you should get a pop-up with a URL that begins with http://digitalid.verisign.com. Verify the information on this page matches the website you are visiting. This designation indicates that the site belongs to a legitimate company and that your information will be encrypted to prevent other parties from intercepting and using it.
c) Visit http://www.bbbonline.org/consumer/index.aspx to search for sites registered with the online Better Business Bureau. I've found it easiest to browse the list alphabetically because some businesses may not be listed as I type them.
d) Keep in mind that a business may still be legit, even if it is not registered on any of these websites.

2) Check the URL. If it starts with https:// instead of the normal http:// this means encryption is used to keep your information more secure.

3) If you use Internet Explorer, you should see a picture of a closed padlock along the bottom edge of the screen, close to the right corner. This means the information you send is secure.

While it is still possible for your information to be misused, following these steps makes shopping online relatively secure.

Other Tips

So much has been written about protecting information, so I'll just go over some of the basics here.

1) Never give out more information than required. Be especially careful with your Social Security number. If you think the company is trying to learn more than they need to, do not be afraid to ask for an explanation. Do not be afraid to take your business elsewhere if you feel uncomfortable.

2) Keep your official and personal documents hidden in a safe place when you do not intend to use them. Don't carry your Social Security card and extra credit cards unless you know you will be using them, and put them away when you're done.

3) Photocopy both sides of your credit cards, and keep this copy in a safe place. This will make it easy to find your account numbers and contact phone numbers if the cards are stolen. Call customer service and the police IMMEDIATELY if this happens.

4) If your information is stolen, contact the three major credit reporting agencies (Equifax, TransUnion, and Experian) right away so a fraud alert can be placed on your account. This requires that you be contacted if anyone applies for credit with your information, and it can stop identity thieves with minimal damage to you and your credit. Here are the numbers:

Equifax: Customer Assistance 800-759-5979 http://www.equifax.com
Fraud Division 888-766-0008
TransUnion: Customer Assistance 800-916-8800 http://www.TransUnion.com
Fraud Victim Assistance 800-680-7289
Experian: 888-397-3742 http://www.experian.com

I could go on with more information, but these basic steps should protect you. However, if you would like to learn more, the websites for the credit reporting agencies listed above are excellent resources. You may also obtain more information from http://www.bbbonline.org/idtheft/protect.asp.

Happy shopping!

Submitted by: Kim B. in Louisville, KY

**********************************************************************************

Answer:

I would be more concerned with prevention and the vendors records than doing a transaction online. Going to the physical store, using your credit card and taking your merchandise is a pretty comfortable process these days. Most people are not aware that bank records have been compromised and this is where credit cards come from. Then we have merchants like BJ's Whole Warehouse. They had a 1/2 million records plus stolen from their data center from unsuspecting customers. When we heard this, we cancelled and requested all new credit cards since we shop there. Here is a few things you can do to reduce risk and make things safer :

On your computer:

Make sure your host record on your computer is not filled with IP addresses pointing to fake web sites like a pretend "Ebay". Your computer looks there first for an address before anywhere else.

Run anti adware and spyware on your computer on a regular basis to remove spying eyes.

Do not let your browser save your password or user name on websites as this can be compromised.

Never answer an email with a link to a web site in it. It might be fake. Always go to your browser and type the address in.

Verify your vendor before doing business with them. If its too good to be true, it most likely is.

Print off any pages and records so you can trace things back with the vendor if needed. When all done with them take the next few steps below:

In your home or office "The key word is SHRED!"

Receipts and invoices- shred if there is no need to save

Shred any credit card offers rather than throw them in the trash. People can steal your identity

Bank statements and credit card statements and used checks - Either keep them filed away or shred before throwing out

Beware of hand operated credit card machines and always get the carbons.

Without doing the things above, you are opening your front door for thieves. Bottom line, there is far more risk not taking preventive measures than doing a transaction online.

Kind Regards,
Submitted by: Bob A.

**********************************************************************************

Answer:

Dear Gloria,
I can understand your trepidation. However, incorporating some simple practices into your shopping routine, you'll find that shopping online can be just as secure, if not more so, than any other form of shopping.

I would suggest first of all, if you are using Internet Explorer, switch to an alternative browser, such as Mozilla's Firefox or Opera. And do it now. IE is world famous for it's security vulnerabilities.

Your computer's security from hackers who might steal your personal information starts with making sure you have up-to-date virus protection and a solid firewall. I use Sygate Personal Firewall. (It's free for personal use). However, there are plenty of good ones out there. A helpful place to check the security performance of your firewall is Steve Gibson's website, http://grc.com/default.htm. This is an excellent place to test most of the avenues of intrusion into your computer.

Next, check that email...make sure you never respond to one of those bogus emails from "your" bank, that is really a phishing attempt. (I'm sure as a CNET reader you know this already, but others may not).

Fourth, buy from REPUTABLE online retailers who utilize the highest security and privacy practices. You want to read those privacy notices...how do they handle your information once they obtain it? Look
for the various seals...BBB online, Veri-Sign, eTrust, etc. You can
click on those seals to verify the company's good standing with each of those issuing organizations. Read the feedback from other customers (if offered). Although not always a safeguard, and not necessarily an indicator of web security, it is an extra comfort shopping with a company for whom you have a "brick-and-mortar" address.

Many online retailers will offer a profile service for you to make shopping easier the next time. I recommend developing a strong password (letters AND numbers...no dictionary words) if you intend to use this service.

Lastly, when making that purchase, check your browser for indication of Secure-Socket Layer (SSL) encryption. Check the little lock at the bottom of your browser...is it closed or open? If it's closed, then some measure of encryption is offered. You can also check the address bar of your browser. Does the address start with http:// or https://?
The https:// ("s" for secure) is the only one safe to enter your personal information in. If you use Mozilla, you can also check the security status of the site. Click on the lock at the bottom of the browser for information about the company's security certificate, when it was issued, when it expires, and the level of encryption employed.
128-bit encryption is the industry standard for personal information traveling the web. If a retailer wants your business, they will make the necessary investments to secure your personal information.

One other thing...most credit card companies and banks offer you online access to your account information. I recommend utilizing this service to keep a check on your daily account activity. In this way, you will be immediately aware of any inconsistencies associated with your account. The above-mentioned security principles apply to this online activity as well.

Combine these efforts with vigilance in protecting your personal information outside the Internet world and you'll have a better measure of peace about shopping online.

I hope you'll benefit from my advice...although, once you've experienced online shopping in all it's glory, you run the risk of becoming addicted to it! (Like me!)

Best wishes,

Submitted by: Monica E. of Middle-of-nowhere Ohio

**********************************************************************************

Answer:

Identity theft can never be truly prevented, whether it is online or off-line. While online shopping is generally a safe experience that is likely no more or less dangerous that not shredding important documents before you discard them or persons coming into contact with your credit card (e.g. waiters, salespersons, etc) writing somehow recording the details, there are a few solutions, technical and non-technical, that you can take.

Actions that Involve Technology:
1. Single-use credit card. Discover Card (and I believe Mastercard and Visa) have developed "single use credit cards numbers" which are generated and available for use only one time. That way, if the money can still come from your account, but if someone were to get a hold of your credit card, the number doesn't exist in your credit records or other places.
2. Only shop at "Secure HTTP" sites. These sites, beginning with "https:" mean that a secure link has been established between your browser and the website. If the website is asking for payment or personal information from a non-https website, I personally would not provide it.
3. Install a browser with 128-bit encryption. Internet browsers such as microsoft explorer probably already have this encryption level installed (called Cipher Strength in Internet Explorer. You can check this for yourself by going to Help > About Internet Explorer)

Actions that You Can Take:
1. Browse on-line, pay by phone/fax/etc - most companies - especially the reputable ones, usually allow you to place an order on online, but contact them with the payment. Most online retailers will explain the different ways you can pay.
2. Only shop at stores that we well-established, use a certification authority such as TRUSTe, or have a certification by the Better Business Bureau.
3. Limit your online shopping to one credit card. Many people use this option. By using one credit card to shop online, you have the receipts in hand and will know more quickly if there are irregular charges.
4. Buy a credit monitoring service. Companies like Equifax offer such services that show you your credit scores as well as alert you to any new accounts or credit reviews, often on a monthly basis.
5. Understand the privacy policy for the company you are buying from if you complete a purchase or provide personal information online. Understand whether or not you have to opt-in (explicitly agree) or opt-out (explicitly disagree) to have your personal information shared. Generally speaking, the more information that passes through multple computers and companies, then bigger the opportunity for theft.

Basically, by taking the same care in the off-line shopping world as you would in the on-line shopping work, it should be a relatively safe experience. Good luck!

Submitted by: Rodney C.

**********************************************************************************

Answer:

Preventing identity theft when online-

FIRST- make sure that your computer is clean! Viruses, Trojans, keyloggers (especially), spyware, and other malware will compromise your security! ALL of this garbage must go, and be prevented from returning.

SECOND- Implement and use a strong layered security approach on your computer! At a minimum, you need a mechanism to keep your OS patched and updated, an antivirus solution- which also must be kept updated, a strong firewall (Win XPs firewall is NOT adequate! I recommend Zone Alarm, as it not only blocks outgoing traffic from suspect applications, it also fingerprints all apps on the computer with CRC checksums to prevent malware from spoofing the firewall), and a good anti-adware program.

The more security layers you have, the better- NAT routers and hardware firewalls are inexpensive, and well worth the investment.

THIRD- Now that your local machine is secure, you can be confident that its not leaking your private data. But what about the web site you wish to do business with? There are a few general rules here that insure your safety. First and foremost, you must be sure that the web site you see on the screen does indeed belong to the merchant you think it does! NEVER follow a link from an email! It is too easy to spoof URLs with HTML, and you can easily wind up on a counterfeit website that looks exactly like the merchant you think it is, but is really owned by a criminal out to rob you! Manually type the URL of the merchants web site into your browser- this eliminates that threat. (There is one consideration here, and it is why you MUST have a good anti-spyware solution installed: it is possible to modify the HOSTS file in Windows to redirect your browser to anywhere on the Internet. You type in one URL, and due to a malicious entry in the HOSTS file, this URL is redirected to wherever the bad guys choose. Good anti-spyware applications lock down the HOSTS file, preventing this exploit.)

Once you are where you want to shop, and have made your selections and are ready to pay, then you must double check the security BEFORE entering any personal info. Make sure that the URL begins with https:// , indicating that you are using an encrypted link through SSL. This way, no one in the middle can read the data as it goes by. Secondly, ALWAYS check the security certificate! Dont trust your browser here, do it yourself. In IE, on the right-hand side of the status bar, you will see a padlock icon- it should be locked when you are using a secure link. Double click the padlock icon to open the security window, and check the following: The web address that the certificate is issued to MUST match the address you see in the address bar of your browser, the certificate must not be expired or not yet valid (check the dates), and lastly, insure that the certification path traces to a reliable certification authority. Some of the more popular CAs are Verisign, RSA, and Thawte, but there are others. An additional step, which is overkill, in my opinion, is to manually validate the certificate at the CAs web site. However, if the certificate was bogus, your browser would detect this immediately. It is more important to insure that the addresses on the web page and certificate match, the certificate dates are valid, and that the certificate is traceable to a trustworthy authority.

If all this checks out OK, you may be confident that you are indeed dealing with who you think you are, and that your data will be encrypted as it travels over the Internet. You are safe from prying eyes, and only the merchant you are dealing with can read your data.

If, however, there is any question, just dont do it! Better safe than sorry.

And, of course, always deal with reputable merchants!

Best regards,


Submitted by: Mike B.

**********************************************************************************

Answer:

Gloria-

If you really are concerned about identity theft (paranoid might be more the word), then your only choice is to destroy all your credit cards, close all your bank accounts, stop using the internet, and get rid of your telephone. Maybe quitting work and moving to a desert island would help, but you'd have to purchase an airplane ticket to do that.

Since none of that is really practical or possible, and while you are gone on the desert island your identity can still be stolen and used to collect Social Security, the approach is really quite simple: use your head. First, be careful where you shop online, if you are going to shop online at all. Just as you wouldn't head down into the heart of the city and spend your time shopping around for bargains in a seedy part of the city, you shouldn't do the same thing online without expecting to get mugged. Places like online auction sites where individuals rather than businesses are doing the selling are a prime example. Would you give your credit card to a guy on the street offering $12 Rolexes? Second, make sure that any online store you use has a secure shoppping cart, and read their privacy policy. Look for an indication that they take care to keep your information secure and private. Third, never shop online using a computer which is available to others or a laptop.

Then there are some things which can protect you while shopping online.
Choose a credit card which is designed for online use. Some cards limit any online liability for stolen cards to $50 or even $0. Some cards have an available feature where you are given a onetime-use only card number from their website to use to purchase online. Thus your actual card number is never given out. American Express offers this, among others.
Cards with a Smart chip embedded like Blue from Amex can make this process easier. In addition, even if used conventionally, when the card information is sent from a card reader, a keystroke logger can't pick up the number. You do have to give a billing address which matches your credit card's billing address when ordering online (to protect against card fraud). But using your home address for billing means you are sending your home address around the internet. A Post Office box for billing address can get around that, but it also means you have to be able to receive your packages somewhere other than at home, like at work. There are other payment methods like PayPal which can insulate your bank or credit card accounts by another layer of anonymity as well.

When shopping offline, you need to be careful as well. Traditional mail order allows for much easier theft of credit card numbers than online since your card number is actually being recorded on a piece of paper.
As of January 1, 2005, it is illegal to give customers a receipt on which more than the last 4 digits of a credit card number are printed, but until then, you need to be careful where such receipts end up. Never give your credit card to someone who takes it out of your sight to process the charge. This would mean not using the card at most restaurants. Never give anyone else your PIN number for ATM cards, and be careful nobody else can see you when entering it on a keypad.

Identity theft does exist, perhaps not to the degree sometimes made out on TV, but enough that if it really happens to you it can be a real problem. The more common problem is not identity theft, but just credit card theft. There are things you can do to protect yourself from that such as never leaving your credit card in gloveboxes, unattended purses, coat pockets, etc. Likewise, while online, don't leave your card number littered around unnecessarily. As I said above, use your head, and just be careful.


Submitted by: Steve S. of Osage Beach, MO

**********************************************************************************

Answer:

Hi,

In answer to your question about how to prevent identity theft, here are just a few suggestions I've learned while working for an Internet Web Hosting company:

1) Buy a paper shredder. Many times people think that identity theft only occurs on the internet, but fail to realize that by throwing away old receipts, credit card statements, etc., they also leave the door open for identity theft. Shredders are available at economical prices today, so there really isn't a reason not to have one. You can shred those old receipts, billing statements, etc. and keep a copy of them in a safe, or a safety deposit box. Most financial documents are now being kept electronically, such as in .pdf files, and you can also keep those documents in disk media such as CD ROM, floppy disk, zip disks, etc. with relative ease if you have a computer at home.

2) Firewall, firewall, firewall!!! With spyware on the rise, you'll need to get a trusty firewall software for your computer while surfing the internet. With broadband internet access, many people fail to realize that although they may not be actually surfing the internet, if there computer is on...they are connected to the internet! This means that a hacker can get access to their computer via the internet and, if there is any information, such as financial information in the form of account statements, etc., they can be retrieved and ultimately be used in identity theft. A trusty firewall, and not just a firewall that may come with your operating system, such as Zone Alarm or Nortons Personal Firewall from Symantec (to name a few), can deter this type of activity.

3) Secure sites only please! When ordering online, make sure that the site on which you're entering your credit card information is a secure site. You'll notice that the site you're on is secure when your browser shows a "https://.." as part of the URL in the address bar and a little "lock" in the lower right hand corner. What this means is that the site you're surfing on is on a server with a Secure Certificate installed, or SSL certificate, which ensures that the information you're entering is encrypted and not viewable by others for which it isn't intended. If the site requesting said information doesn't have this, DON'T TRUST IT, since said information won't be encrypted and can easily fall in the wrong hands.

Many credit cards today are working towards detecting identity theft since this type of criminal activity becomes very costly for them. Keeping a clear track of your expenses with credit card statements, receipts, etc., will allow you to detect any fraudulent activity early and stop any future damage to your credit. Also, you can run a credit report to verify your credit history periodically to ensure that it is accurate.

Submitted by: Nelson F.

**********************************************************************************

Answer:

About ID theft during online purchases:

This is a very serious concern by all PC users. There is no single way to "make it safe" but a combination of solutions are needed since there are several ways to obtain personal data from a PC. A holistic approach is really best. First make sure that your version of Windows is up-to-date by running Windows Update. Do so by using the Update icon on your computer. Don't use any received emails claiming to be from Microsoft to "patch" your system, etc, due to the fact that these are usually not from Microsoft but from sources of viruses. Or you can go directly to Microsoft's site and get to Update from there. Downloading the latest security patches and version of Internet Explorer will enable your browser to be the most secure version with encryption. This makes a big step to your online purchase security. But it's not complete yet.

Various spyware can contain keyboard loggers that send packets of information back to it's source while you're online. Information such as passwords, user names, credit card numbers and other personal information will be gotten by others through these. So you should keep the popular anti-spyware programs on your system and scan your system with them before you make purchases online. The two most popular ones are Adaware SE and Spybot Search and Destroy. I recommend supporting their developers.

A firewall is important as well to block intruders from getting into your system. A hardware firewall is best but software based ones are available too. Zone Alarm has a free one as well as a Pro version that you can purchase. XP has a built in one. Using both will make your system more secure. Using one is not near as secure. A firewall can detect things coming as well as going, actions that you don't know that's happening in the background. Several are also recommending Microsoft's Service Pack 2 for system security. This can be found in your Windows Update process as well.

Even though not directly related to ID theft, you should always keep your antivirus software up-to-date and manually scan your system at least once a week after updating. I even recommend using an online scanner such as House Call or Panda antivirus from time to time. Some viruses can actually disable your antivirus software and you can't tell until it's too late. An online scanner will confirm a clean system. Viruses, trojans & variants can be designed to do a variety of things to your system, so such things should not be left out when discussing security of your system.

This seems like a lot to do to keep your system safe, but once in place, it's not as bad as you might think. The spyware scans don't take long on most systems, firewall works in the background as well as antivirus. I do my manual scans for viruses at night when I go to sleep, but the average system can usually be scanned while you go to lunch.

To check your system's security you can go to a site called Shieldsup and it can detect the level of security and any openings your system might have.

Be cautious of ad sites received in your email. It's possible that they are not genuine. If the ad looks appealing and appears to be from a well known company. Don't use the links in the ad. Go to the site's address directly using your browser manually. If the offer is legit, then the offer will be on their site for you to find. There is a recent method called "Phishing" where ID thieves try to get users to click on links of their fake emails that appear as the "real deal" of well known banks, credit card companies, etc. They've designed such pages to look like the real thing but link you to them instead and trick you into varifying your personal information thus giving it to them on a silver platter. If you find such a thing, you might want to call your bank, etc to report or confirm the posting.

Submitted by: Stuart G.


**********************************************************************************

Answer:

I think a lot of this fear stems from what we hear on TV and read on the web. I'm not saying it doesn't happen, but what is the usual outcome? How many people end up like Sandra Bullok in the thriller "The Net"?

I would suggest you contact your credit card company or bank and find out what they will do for you if you are a victim. How long will it take to get your money back? Check with the BBB on-line and see if the company you plan to buy from has a good rating. Finally, be sensible about who you share information with. I've gotten hundreds of e-mails from someone posing as Citibank asking for my credit card number and PIN. I would be a real moron if I fell for that one. Pay attention and listen to your gut before you make a purchase on the web and you should be fine.

If you are really worried about your information, you can pay a number of sites to monitor your credit file for you. For a fee, they will send you alerts and updates when anything changes. I don't subscribe to any of these services as my credit card company and bank do the same thing for free. I do order my 3-in-1 credit report about every 4-5 months just to make sure everything is as it should be. It sets me at ease to see it with my own eyes. I have yet to be surprised by anything I find.

Happy Holidays,


Submitted by: Todd S.

**********************************************************************************

Answer:

don't think any precautions are 100% foolproof. But this doesn't stop me shopping online, as there are many dangers when you shop in person too (if you use anything other than cash).

Here are the rules I follow:

1. Only shop online where there is also a bricks and mortar address and telephone number.
2. Try to verify that the site has existed for a year or more.
3. Do a google search to see if there are any complaints about the shop.
4. Never, never, never provide my details unless the page uses a secure protocol (ie https:// in the address bar) and a locked lock in the status bar.
5. Clear all temporary (cache) files from my browser after every transaction.

I also use Spybot Search and Destroy and Ad-aware, to keep my machine free of spyware (keyloggers are of particular concern), and a good firewall (currently Norton Internet Security 2005) to make sure my computer doesn't send out any information where I don't want it to go - the firewall in XP SP2 will still only stop baddies from getting in, but it won't check what your computer sends out.

Of course, I also use anti-virus software, regularly updated.

Although Internet Security has a facility to type in your personal details so it can advise you if any attempt is made to send them over the internet, I don't use this facility because I think it's best never to store such information (particularly credit card information) anywhere on your PC.

These rules have served me well so far - hope they help you too.

Submitted by: Francine M. of Canberra, Australian Capital Territory. Australia


**********************************************************************************

Answer:

Hi:

Well, I understand why Gloria is not comfortable with e-commerce and e-information of her personal information. Among the reasons are: ID Theft, Credit and Banking Information, and how to contact the person (physical or mail address, e-mail, telephone, and so on).

Unfortunately, she is right. Give any personal information over the Net is not 100% secure and invulnerable. Anyway, I will give her and anyone interested on this the following advice:

1 If you decide to make shopping online, verify the following items on the site you are going to give information:
- The address of the website you are going to use begins with HTTPS:// (not HTTP://).
- A padlock locked anywhere on the screen.
- Sometimes, it either also shows SSL-Secured Page or SSL-128 Encrypted.

If you see one or more of the items above on a website, it means you are on a Secured Website. The HTTPS:// on the address; the padlock; and the SSL phrase tell you are Secured to make transactions using credit/debit cards.

2 Make purchases on recognized and trusted companies (Recognized stores, banks and credit card companies)
3 Make transactions on a seldom basis. Actually the credit card companies have a temporary credit card for certain number of transactions. After the transactions allowed are completed, the card expires.
4 If a field is required, and you do not want to give that information, fill it with N/A. If the N/A doesnt work in numeric fields, fill with zeros (i.e. telephone # 000-000-0000). If this doesnt work either, cancel the transaction closing the browser.
5 Be careful with e-mails that you receive. For example, last year I received and e-mail from Best Buy telling me that I have ordered two DVD players for $800. As I continued to read it, it told me to contact the company with a NYC address and a telephone from Seattle, WA!! (I recognized that immediately because I knew NYC area codes and the area code they gave me was 206).
6 As you advance from page to page clicking the Continue button, make sure that the padlock is visible on screen.

Some Donts:

1 Do not give your SS for any reason
2 If you do not see one of the items listed for Secured Transactions, dont make any transaction

I hope this will help you to understand and decide to make some online transactions.

If after this advice you are unsure or still uncomfortable to make transactions, simply do not use it.

Submitted by: Luis A.

Answer:

Your browser should indicate a secure site with small closed
lock in the status bar of the browser. If the page you are ordering
from does not have one, it is not secure. That does not mean you
will automatically be nabbed but you are more vulnerable.

There are really two issues the question poses. One, purely about
identity theft, the other about secure online transactions during the
holidays.

Firstly Here is an article on identity theft:
http://www.technewsworld.com/story/32622.html#related

Secondly here are some articles (one by yours truly) about eBay Security.
This will give you insight into shopping online and some of the problems
and why they happen.

http://news.com.com/2100-1017-870959.html

http://www.looksmart.com/cgi-bin/go/t=LSSitelist:1-26-2-US;g=strak;ref=1/http://news.com.com/2100-1017-966835.html

http://ca.prweb.com/releases/2004/10/prweb172457.htm

So the issue really boils down to this. Is the website you are buying from secure
and is your pc secure. You will need to educate yourself a little bit about online
security. Once you do, you will see that it simply a matter of being informed
and not being unduly afraid due to lack of information.

"The first thing you've got to learn is not to be afraid of it."


Submitted by: Dan M.

**********************************************************************************

Answer:

Here are my suggestions:
1. Do NOT carry SSN in a wallet or purse.
2. Do not carry credit cards in a wallet or purse.
3. Do not ever carry a PIN no. in a wallet or purse
4. Set up a separate container for credit cards and only carry it when you intend to use it at a certain time. Otherwise, leave it home.
5. Make a list of all credit cards (& nos.), debit cards, and a list of ALL agencies to contact, i.e. Soc. Sec Admin,; Dept. of Motor Vehicles,; Federal Trade Commission,; Credit Bureaus (3),; banks that you have accounts with,; Commercial creditors that you normally do business with, etc. Besure to have their tel. numbers on these lists.
Also, it might be a good idea to have
local Police numbers handy to make a report (depending on local procedures).

Hope that this is some help. I have been thru it and it took me 6 hours to put fraud alert on all !

Submitted by: Bob A. of Oakhurst, CA

**********************************************************************************

Answer:
In answer to Gloria's question, rather concerns, I have a few suggestion that may put her mind at ease. Knowledge is key.

One of the reasons identity theft occurs is when you use the same password for every site you frequent. What I have learned (the hard way) is to have a special note book handy so whenever you log on to your favorite sites, (emails, banking, bill payment sites, ebay, yahoo, any site) or purchase anything where you have to enter a User Name & Password to log on, you can look up the necessary information quickly; website address, email address you logged on with, if you have more than one, any contact info about the company without having to memorize them all. I always keep the same user name for everything, that doesn't seem to matter.

Secondly, change your passwords, yes all of them, every 30 days, it's a pain but it has to be done. Write the changes in your note book. (Make sure this is done through the company's website, not through an email request.) You should use capitol letters, small letters, numbers, all different for each password so a hacker cannot figure it out.

Thirdly, whenever making a purchase, make sure the site is secure. Meaning, at your address box in your task bar, the address of a secure site will always start with https://------. A secure site means all transactions are encrypted.

I pay everything I can through PayPal. There are other sites to handle your personal banking on line, and I belong to a couple, but my favorite is PayPal. PayPal goes through an extensive process to sign you up to assure you are you and they will never give out any personal information to a seller when you make a purchase using their services. When the process of this sign up is over, you then can shop at any site, with a couple of clicks, you are done and all purchases are debited from you checking account, or credit card and you have a permanent record of each transaction, just the same as your personal home banking statement.

When I have to give credit card information to a company that does not use PayPal, ClickBank, StormPay, etc. again, make sure the address box states https://, never give anyone your social security number or personal PIN# to your home bank account under any circumstances (no one needs to know that information) they only need your exact billing address, shipping address, credit card #, expiration, and the three code #s" on the back of your card. PayPal will ask for your checking account number only during their sign up and it is alright to give it to them so they can continue the process of enrolling you in their account. (There is no fee to use PayPal.)

If you ever receive an email requesting an update to your account from anyone you have purchased from in the past, from you notebook with website and password info, click out of your email, and go directly to their site, don't click on the site through the email site given. This way you know any info requested is truly from that company. They should never request your credit card information because they already have it. What they may ask is if this credit card is still active or up to date and they will give you only the last four digits, never the entire number; maybe confirm your other personal information as well but you should never have to give any of that information to them again they should give it to you, remember to only confirm this info from their direct website. Don't forget to check the address box for the https to make sure it is a secure site.

I have been taught all of this by PayPal, EBay, and my personal home town bank because hackers have tried to access my account information through emails and web sites I have visited. Knowing the security they taught me early on, I contact them with a suspicious email as they have requested, and the email I sent them were, in fact, were all bogus.

So, if you go about this the right way, you should have no problems at all. Have fun shopping, as I do, with confidence.

Janet Woods

P.S. Below I have copied one of the security alerts from PayPal.

Protect Yourself from Fraudulent Emails
________________________________________
At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit.

Please use the following tips to stay safe with PayPal:
Safe Log In: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/
Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member".
Email Attachments: PayPal emails will never ask you to download an attachment or a software program. Attachments contained in fraudulent emails often contain viruses that may harm your computer or compromise your PayPal account.
Request for Personal Information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account.

Often, fraudulent emails will request details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or mother's maiden name.
If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

To learn more about protecting your PayPal account, please review our Security Tips.

Submitted by Janet W.
**********************************************************************************

Answer:

One item I have Seen But not tried yet is a loadable debit/ credit card.
I cannot recall the company name but it is essentially a mastercard issued for a fee with each deposit ($ 5.00 for the one I've seen) You deposit the amount you plan to spend so if the card no. is stolen you are at least limmited in the possible amount of loss.

They are available at some telephone and utility payment centers and business shipping/ support outlets

Submitted by: David M.

**********************************************************************************

Answer:

There are several things that you can do to prevent identity theft, starting with a good firewall program and a couple of spyware applications. I like Zone Alarm Pro, it is an excellent program with a simple interface and a lot of good qualities. For spyware applications you can look at Lavasoft's Ad-aware and Webroot's Spy Sweeper, these programs will help you avoid pop-ups and multiple types of malicious Trojans, worms and tracking applications that may want to steal the information stored in your computer, but remember, these applications are only as good as the file definitions that they use to recognize treats, so it is necessary to update them frequently. One good thing is that you can set them up to automatically look for updates when a connection to the internet is in use and this way you will not forget to do it.

As for personal identity theft, I will suggest to shop online only in websites that provide secure transactions and that are well known and reputable. Also, look for site that will allow you to create some type of personal account that you can use to store your information so you do not have to enter it every time you want to purchase an item.

When you go into these sites or for that matter into any other site that you wish to browse or shop into, use your browser and type the address yourself, do not use links provided in other web pages on emails you receive, because you do not know if the links are actually taking you to the real website you are trying to access or if you are being redirected to some other server that may be displaying a page or site similar to the one you are trying to access, this is called "phishing".

Last but not least, never and I mean never provide your personal information or any other information like bank accounts or credit card numbers to any site that you feel it is not legitimate. A lot of scams going on the internet are from people that send emails with links to pages or information that looks like the original websites, requesting information or account updates. If you have created account on these websites, look for telephone numbers and contact their account department to see if such updates are required.

You can also type the website address in your browser and look for a "Contact Us" link or button and email a request for confirmation of the email you have received, try attaching the original email you received so it can be reviewed by them and see if it was original.

I hope this will help you.

Submitted by: Jaime L.

**********************************************************************************

Answer:

I don't have any specific suggestions for entering information at shopping websites, but do have a suggestion for testing out a suspected "phishing" email, or at a website you suspect may be a scam. At such a suspect website where you are asked to enter your username and password, deliberately enter false information -- a False username and password. If the website accepts the username and password, you should probably not continue, since these scam websites will accept whatever information you enter. A real website would reject the false information.

Submitted by: Timothy L.

**********************************************************************************

Answer:

for Gloria S. New Jersey
The best way that I can think of protecting your identity while shopping online
is to set up a free account with paypal.com and clickbank.com once your set up
you don't have to fill out any information for credit cards. There are over 40,000
thousand stores and other vendors that use these two systems for payment. Once the account is setup all you have to give is your user name and password they
handle the payments usually in a matter of seconds. Good Luck.

Submitted by: Merle D. of Mesa, AZ

**********************************************************************************

Answer:

I would suggest a layered approach to protecting yourself against identity fraud, which would follow these basic steps:

1. Never submit your sensitive personal information onto any webpage via a publicly-accessable computer, i.e. In a library, from a company computer, at an airport terminal etc. As you information could be accessable by the next person who logs onto that computer.

2. Be sensible. Don't go typing in sensitive information into any website you find on the internet, make sure it's from a respectable company, and into a Secure (SSL) Website - these "secure" websites can be identified by a small gold padlock appearing in the address bar, or bottom right hand corner depending on what browser you are using.

3. Use good, updated anti-virus as viruses and trojans can often monitor what you are typing into a website, completing avoiding the websites secure protection altogether.

4. Use good spyware/adware protection (Lavasofts' Ad Aware, and
Spybot: Search and Destroy are among the best) as spyware can also often track what is input into websites, and send it back to a third party.

5. And last of all, if you're really paranoid, the latest version of Zonealarm Pro (5.5.062.000) has an inbuilt ID Fraud Prevention function, to help protect your personal information when it's input into a website.

Submitted by: Tiran D. of
From a tiny, tiny village called Dollar, Scotland UK

**********************************************************************************

Answer:

I do a lot of shopping online. I use a two way method of shopping online.

First, like Gloria, I am wary of giving personal information. What has worked for me is to establish a limited debit account for shopping online. I only maintain sufficient funds in it for the shopping I do. It's easy to transfer money in to cover purchases.
The credit card company guarantees fraud protection but it can still be a mess to straighten out. If my account is ever compromised, only the limited funds in it are in danger.

Second, If I feel uncomfortable with an online order, I call the customer service number. Usually, you can place your order through them. That way your information is not being transmitted over the net. It may still be maintained on their computer database so check first and make sure you are comfortable with that. You may not want to use a company that keeps your numbers in a database.

There is a big increase in fake companies that advertise great buys on the internet. All they are really looking for is your credit information. These companies are "phishing" or just trying to steal from you. Be intelligent and limit everyone elses access to your accounts with a limited debit card. They can't run up a bill on money that is not available.

Submitted by: Phil H. of Maryland

**********************************************************************************

Answer:

Citi master cards has a great solution for this. I have been using it for over a year. It is called a virtual credit card. It has several different version but the basic purpose is to limit exposure of your real credit card information.
The basic virtual credit card works like this.
You go to a web site that requires credit info.
Instead of putting in your real credit card information. You create a virtual credit card. This can be done on the Citi web site or from an icon on your task bar.(which by the way pops up when you need the info on a webpage and has autofill) After putting your citi user name and password a virtual credit card is created. This card number is linked to your real card at citi.

The basic virtual card is only good for one time use. Once your purchase is made the number can not be use for anything else. If someone tries citi refuses the card.
There are options for the cards like limiting the amount of money on the card vice single use. This is good for when you want to use the card for monthly payments on the web. Set it up with a limit to cover the number of months you want to pay at a time.
For example you have a monthly fee of $9.75 a month, and you want to pay it for a year. You set the card for $120. After a year the amount is used up, you give them another number if you want to continue. If someone gets the card number it has less than $120 limit.

Virtual cards can be tracked through your Citi web cite or an app installed on your computer.


Submitted by: Gary N.

I put together a free resource called, "Stop Identity Theft" a few months ago after several people that I know became victims. One person now owes a ton on money after someone took out a loan in their name. I too was a victim when someone attmepted to use my info to make a $700 auction purchase. I found ot that there was a Key-Logger on my system (spy application that stores keypresses and sends info to thief) It, the guide, was downloaded by hundreds of people and covers topics like:

-Preventive and Counter Measures to protect yourself against hidden SpyWare

-Keyword loggers and Trojan Viruses that are probably sitting on your computer even as you read this.

-Quick tips and advice to detect and avoid threats

-Online and real world examples of how this crime is commited

-Links to free downloadable security and privacy software

-Tells you what to do if you have become a victim

-Helps you to identify hidden dangers of the Internet

It is by no means the ultimate guide, since this is an ever changing battle field, but it does expose some sneaky ways that Identity Theft/Fraud can be done.

Please visit: http://www.clientbydesign.com/danger

I will keep it updated from time to time.



Rich

Well first i have to say i was also worried about people stealing my info when i first started net shopping but ya know what......i should have been watching my mail and my credit report because i was the victim of identity fraud and not that long ago either.Apparently someone got a hold of one of my credit card bills before i got it and had a replacement card and every thing sent. They charged over $3000.00 on this credit card both on-line and off,strange thing is they were actually making payments til this past july.I basically had to do the hoop dance to straighten it out which took about a month so best suggestion is to keep track of your credit history and as soon as you notice something wrong start making calls to get it straightened out. most sites i goto have encryption as well as most browsers so to be honest i feel safer shopping online.

Lee if you're really concerned about revealing your personal card details to shop online you should use a virtual credit card service such as www.entropay.com

This is how it works: You register for an account with www.entropay.com, register your personal card details with them and start making use of their virtual credit card services. Essentially what their service allows you to do is to create unlimited virtual visa cards and load just enough funds on the card as required. The big advantage of this is you never have to reveal your card details to any third party merchants, can use a separate card to pay different merchants and there's no possibility of credit card theft or 'accidental overcharging'

Of course, there's a fee for the service but to my opinion this service is great and I've been using them for more than 6 months now. More details available on their help section: http://www.entropay.com/userfaq.html

No one should ever use any e-mail link to go directly to any financial institution. Any message from a bank that has a link to connect is very likely a fraud. Any time you see a message telling you of a problem or special service, you should go directly to the known site from your browser. NEVER sign into a site using an email link!

I am afraid of identity theft and fraud.
I want to present what it happened to me.
I received an e-mail from a "spanish bank" that inform me I won a lot of money. To send me the money they need my personal acccount and bank.They insisted to send my personal information, but no information about them.
I did not know and I had no contact with that bank. I thought it was an attempt to use my personal information to steal money from my account.

I am in the IT industry, and 90% of my work is digging spyware/thiefware out of home and small business computers. There is no "anti virus" of the sypware world, that is no one program gets all of it. I use two spyware finders and removers, these are Spybot ver.1.3 (spybot.de)and Ad-AwareSE (from lavasoft.de and lavasoftusa.com) I also use zonealarm (from zonelabs.com). These are free, but I suggest you purchase them, and keep them updated (any form of protection is only as good as the last update). Don't rely on the firewall that comes with XP (even the SP2 one). Don't keep any passwords on your computer (I have a little utility that finds them in about 5 seconds, and any hacker can do the same).


Inspite of my precautions I had a keylogger installed on my machine and was hacked, this resulted in my e-bay sellers account being taken over. The problem with spyware is it missuses the OS to do it's dirty work and is sometimes very hard to work out how this is done. There is some spyware that is unremovable from XP machines once installed and the machine rebooted.

If you don't have a spyware blocker installed, run your spyware checks BEFORE you shut down your machine.

Don't download any "free" toolbars or "internet boosters", these are some rather nasty bits of spyware as a rule.

Finally if you should lob onto a porn site disconnect from the net immediatly (if your modem is external, turn it off as that is the quickest way) and then clean your machine before shutdown.
Jim Forayter

Jim, or anyone
About storing passwords on the computer--Is it safe to have them on the computer if they are encrypted and can only be opened with a password that is not stored on the computer?
thanks

Citi Cards has a program that generates a one time use CC number. expirations date, and the 3 digit number you find on the back of your cards. These number can not be used again.

Pay Pal is another way to generate one time payments for items for those companies that use Pay Pal.

Bank of America Credit Cards offers a login prior to authorizing online use of their Credit Cards.

Of the 3 I perfer using my Citi Card. I like the one time use number which supposedly can't be back traced.

I use almost everything mentioned in this discussion string, including checking my accounts regularly on secure sites for fraudulent charges plus having multiple spyware, firewall & virus programs. My original question, though, specifically addresses a program called Identity Theft Protector by Broderbund. Has anyone had any experience with this program? Is it safe to use & reliable or will I just be wasting my time and exposing myself to more fraud? Thanks to everyone who has contributed to this discussion & I'll appreciate a specific reponse to my Identity Theft Protector querie, if possible.

Gary, thanks for all that information.
I read the article about the difference between identity theft and identity fraud. I was surprised to read that the writer believes identity fraud to be "well handled" by the financial industry. I think that it is a growing epidemic, spreading rapidly. I have recently been experiencing such attacks, and it seems that whenever I mention it to someone, either they or somone they know has been through it to one degree or another.

I don't know what the article means when saying that identity fraud is being well handled by the industry.

I just read a synopsis of the Fair Credit Reporting Act yesterday. There really seems to be nothing in the way of enforcement provisions to protect the consumer against the failure to protect their personal information by the financial industry and the credit bureaus.

While at least in theory, consumers have zero liability for fraudulent purchases on their credit and debit cards, when my debit card was used to make about $400 worth of purchases in a two week period, my bank first issued a temporary credit to me pending the outcome of their investigation, and then sent me a letter saying they concluded their investigation and determined the charges were authorized by me, and so they were going to reverse the temporary credit and remove the $400 from my bank account.

They never interviewed me. I had no access to commuicate with my investigator. I was only permitted to speak to representatives who would then email what I said to the investigator. I was able to fax a response to the investigator, but not to receive any feedback from the investigator. It was a one way communication. The card that was used for this theft is called a platinum debit card, and on my bank's website, is advertised as coming with zero liability for unautorized use if reported promptly. This is false and misleading advertizing. When my bank concluded that the charges were authorized by me, the reason given to me for that was that I had done business with the two merchants involved. This, i was told, according to the rules governing such things, meant that by definition, those charges made by someone unknown to me and without my permission, were NOT fraudulent, and i was liable for the $400 spent by the thief.

Their advertisement should say "Our cards come with zero liability for unauthorized use, unless you have done business with the merchants before the unauthorized use, in which case the unauthorized use will be considered authorized."

I could give many more examples, and every person who goes through this kind of identity fraud/theft can give many such examples.

When you are a victim of identity theft or fraud, you are supposed to contact the credit bureaus and have them place a fraud alert on your file so that when creditors look at your report when considering extending credit, they will contact you first to make sure you are the person applying for credit.

Transunion did this accurately and responsibly, and timely. Experian on the other hand, put the fraud statement on my report with NO PHONE NUMBER! How could a creditor contact me if they don't have contact information? I called Experian and asked them to add a phone number. Later, I saw my revised report. They had put my phone number, but WITHOUT THE AREA CODE! I am surprised that our legal system allows an agency that handles such important information to use such incompetent people. I called and asked that my area code be added. Later, I saw my new report and an area code was added, but IT WAS THE WRONG AREA CODE. I dont' know if it was a real area code at all. Months went by while i was under attack by thieves and this Bureau placed no priority on playing its role in the effort to protect my credit and the creditors who would be defrauded. I called Experian to ask them to correct the wrong area code, and i was told that I had put the request in writing and mail it to them, attach my phone bill and give them 30 days to decide whether to correct the wrong area code they placed on my file. This began in September and at this writing, is still not corrected, despite my efforts.

This bureau has NO accountability. Each time I talked to them, I wrote down the name of the person I was talking to, the date and time of the call. The people refused to give last names. They refused to give any employee number. Later when I was told that they "never" change fraud statements over the phone and only do it in writing, when I told them I spoke to Cassandra at their fraud number on such and such a date, and she told me she was making the phone number change on the computer, I was told only that this does not happen. When I asked to speak to Cassandra, I was asked for her last name! I was told they have a lot of employees and the person I was talking to does not know any Cassandra. I asked speak to a supervisor. I was told that they would have a supervisor call me back. I asked the name of the supervisor. I was told "Ms Johnson." I said "What is her first name?" I was told "We don't give out that information." I said that Johnson was a very common name and how would anyone know who I meant if i called back and asked for her. I was told that they would know.

I was told I could not have the name of Ms Johnson's supervisor.

When the writer of the article says that the financial industry is managing identity fraud well, they are not speaking from the perspective of a victim. I don't really know what they mean. The financial industry is in need of strong government regulation, based on my experience. They are totally unaccountable and whether or not they behave responsibly is up to them. It is not required of them. A consumer has no real recourse, thanks to the new laws that just went into effect, signed by President Bush, which took away the right of the states to pass stronger laws with real enforcement that could really protect consumers. The right to sue financial agencies that abuse consumers was taken away.

yes, the financial industry is handling identity fraud very well, for the industry, allowing them to be unaccountable, incompetent and it's no wonder that identity fraud is a rapidly spreading epidemic. The article seemed to blame the consumer for this increase, saying that consumers often unwittingly create the problem by giving their credit cards to waiter or not shredding financial documents before putting them in the trash. These are long term practices that have always been relatively safe in the past. Consumers haven't developed any new negligent behaviors that can explain the explosion of identity theft and fraud in recent months and years. What's new is that creditors are overly eager to grant credit to a degree in which they negligently ignore signs that the applicant is fraudulent, and they are negligent in this way because they know they can't be sued and there are no sanctions, no motivation to be more careful. They write off their losses and pass the costs on to the consumer. It's a win/win situation for them.

Meanwhile, the victims endure terrible ordeals, and only part of the ordeal is caused by the criminal. Many who go through this will tell you that the treatment by the financial industry is at least as painful, and that is what takes the time which costs we victims so much, the time we miss from work, from our families, from our chores and responsibilities, the stress this lack of time causes--trying to repair and stop ongoing attacks of identity theft/fraud is a full time job. You find yourself wishing you could hire someone to do it, while you continue at your regular full time job that you have to work at in order to pay your bills. but you can't afford to hire a full time employee to work on your identity theft. And again, it's not the criminal who takes all your time. It's the financial industry and the system ostensibly set up to help you clear up the problems that costs you your life. The hours you spend on hold waiting to talk to the person you need to talk to at a bank or credit bureau or government agency is somehting youwould not believe or be able to conceive of until you have gone through this. The letters you have to write, the trips to the post office, the toll calls, the follow ups the fielding new attacks, the affidavits, the faxes, and the knowledge that if you leave it to chance, if you don't follow up, you will end up paying the price, hanging over you, draining you, exhausting you, the frustration, the loneliness, the sadness and the anger.

I don't think identity fraud is well handled at all. If legislators and the president really cared about the victims, we would have a different system than what we have.

I don't think there is much difference between identity theft and identity fraud. Identity theft, as the article defines it, is one kind of identity fraud, where someone impersonates you for financial and other purposes, for illegal gain. Identity fraud is where one or more people use your personal information so that they can pretend to be you for the purpose of illegal gain. I don't really see any meaningful difference.

I need to know, for total security, what one must have to protect security all around: Firewall, adware/spyware software, anti-keylogger software? Some antispyware has antikeylogging - but the anti keylogging software advertises that it does not use "signature bases" which will prevent even new keyloggers from accessing your information. I currently have a firewall and antispyware. Do I also need anti-keylogger software as well for identity theft protection? Thanks, SK