Thursday, July 12, 2007

CNBC program "American Greed" focuses on physical security

One of the major concerns I used to have in the good old days was just the risk of losing a checkbook. It would happen sometimes, and I would ponder recovering the manual handwritten register on the book, remembering the last check, the possibility of stop payments, etc. I never had a loss from it, but the idea that money could be lost if a teller was “careless” was very real.

Same with losing wallets to pickpockets. A couple times they have disappeared in movie theaters, sliding under seats, resulting in replacing all of the credit cards. Only once has anyone who knew me stolen anything (and that was back in 1978, in New York, a long time ago).

Today, the current advice is to no longer leave mail to be picked up by the USPS letter carrier (with the red flag), and to watch carefully if checkbooks or wallets are stolen from homes as well as in public. And, particularly, shred all junk promo mail. And never use your social security numbers. And less and less it has to do with security on a home computer (hotel and library computers are riskier), but more with 1970s style physical security.

Tonight, Thursday July 12, 2007, the CNBC Channel aired a major episode in its “American Greed” series. The website reference is here. The program was called “Meth Identity Thieves.” It starts with a woman getting stopped for speeding in Denver, and finding a bench warrant for check forgery. Apparently, she did not have online access to check her account frequently (but it is surprising that her account would be drained in less than one month). Counterfeited checks had been manufactured from her banking information. Her husband has to raise $10000 to bail her out of jail. Quickly, the police discover the forgery ring that has printed and cashed checks in her name. Apparently imposters even wore wigs to impersonate her going to the banks! The charges are quickly dropped for lack of evidence, but the record of her arrest remains (it’s not clear how important that is, as on employment applications she would normally only have to note convictions). She has to take months to clear her name. It’s not clear if she gets the bond money back. In the meantime, over several years, the police break the ring, but have to rearrest one woman on probation. Almost all of the thieves are addicted to methamphetamine.

The question remains, why don’t banks check more carefully. When printing new checks, they should always go to a preferred NCOA address. (Of course, banks send convenience checks as promotions, and that is another loophole. Another issue is online generated checks, and it seems that banks are not strict about reuse of check numbers. Debt collectors can also generate “check by phone” with debt collection software.

Some additional security issues have been reported for home users using peer-to-peer (Limewire was mentioned in the report), with thieves stealing from hard drives through lapses in P2P. Of course, we hear a lot about keystroke-watching spyware, and phishing sites, which can usually be identified by running a mouse over a link embedded in an email and see if it matches the spelling of the link in the email (HTML does not require that it match – don’t click if it doesn’t match!).

An identity monitoring and cleanup service mentioned in the program is IDWatchdog. I’ll check more into how it works.

No comments: