Comments on: Identity Theft Hits Home

By: Dave F.

Dave F. — Wed, 31 Dec 1969 17:00:00 +0000

D’Arcy –

Nothing but empathy from me… first the frustration of the theft, then the continuing uncertainty over charges still in the pipeline, then the nuisance of cancelling the account and replacing it.

I had a similar experience, though the thieves were stupider: after stealing my Visa number, they ordered a laptop computer — from a site that shipped to the mailing address associated with the card.

I spent three weeks thinking that someone near and dear had splurged on a computer for my birthday (which fell the week after the computer arrived)… until the credit card statement arrived, with charges not only for the laptop but for subscriptions to three or four porn websites.

My credit union was extremely helpful in getting the charges taken off. Of course, I did have to return the laptop.

By: Chuck Baker

Chuck Baker — Wed, 31 Dec 1969 17:00:00 +0000

I keep a close eye on my cards with my online banking and an eye on my credit report through my Identity Theft Shield.

If someone is using my card number or looking at or changing my credit report I know about it right away.

By: davidicus

davidicus — Wed, 31 Dec 1969 17:00:00 +0000

open source currency! no more theft.

um, forget it. bad idea.

By: dnorman

dnorman — Wed, 31 Dec 1969 17:00:00 +0000

d – the other solution is to just make everything REALLY crappy. no more theft.

also a bad idea

By: SK

SK — Wed, 31 Dec 1969 17:00:00 +0000

http://www.computerworld.com/blogs/node/5026

Seems like the companies pass the buck onto the merchants. No wonder the mechanisms suck!

By: Brad

Brad — Wed, 31 Dec 1969 17:00:00 +0000

At least this seems to have been caught quickly before it could balloon into more of a problem.

What bugs me about the system is that your credit card info is indeed public information. You give it out to anyone you purchase things from. Even your bank account number is written on your checks. You have to trust anyone you do a transaction with that they won’t turn around and steal your money. Doesn’t seem like a very good system.

Instead of system that are based on sharing numbers that represents sources of money to be drawn from, maybe it should work with numbers that represent account to be credited. So, instead of sending a check to the guy who painted my house, He gives me his acct number and I send instructions to my bank to transfer money to his account. This account number can only be used to accept payment, no withdraw. Communication between me and my bank do not run through a third party every time I make a purchase. Technology would have to be developed to make this all seamless and instant.

By: Sami Khan

Sami Khan — Wed, 31 Dec 1969 17:00:00 +0000

With the billions that banks make out of hidden fees, you’d think that this would not be a problem in the world anymore. I would be extra vigilant with my bank account for the next few months, D, they may have more information than _just_ your credit card. Biometrics is ideal, but then again they can steal your finger print or hack a device to transmit it or the hash or whatever… PayPal is coming out with a new device to help with the security somewhat.

By: chris garrett

chris garrett — Wed, 31 Dec 1969 17:00:00 +0000

This is so annoying, I’m glad they caught it before they could have caused you more trouble. The only time my cc has been misused was a computer parts salesman trying to boost his end of year results in order to grab a bigger bonus.

I think the best idea would be for us to move to the system of generating one-off credit card numbers that expire when they have been used. Although there is still the problem of what happens if somebody steals the number generator … biometrics is all well and good so long as the system is 100% proof against the thief cutting the body part off ala hollywood …

By: dnorman

dnorman — Wed, 31 Dec 1969 17:00:00 +0000

The solution could be as simple as not providing the full transaction information to any individual vendor. Like PGP, with a public key and a private key. Both are needed to complete the transaction, but vendors are only provided with the public key. Not sure how the workflow would work for such a thing – we’re all addicted to the seamless ease of the current transaction system, so adding much to that would be problematic.

It doesn’t need to go as far a biometrics – it could be just a smart card that never leaves your possession, and the vendor doesn’t get the full key.

Part of the problem we just had here in Canada was the theft of hundreds of thousands of credit card transaction records from a parent company’s database. They should have no reason to store that info in the first place, but we should have no reason to give them (or anyone who gains access to their database) cart blanche to process further transactions.

By: Sami Khan

Sami Khan — Wed, 31 Dec 1969 17:00:00 +0000

It would make a lot of sense for them to use something like PGP or a hash even (simple) instead of the credit card number, etc, and then perhaps a bit of salt from your personal information to create the hash for your card… That could be securely stored without any additional information. I do think though they’ll get on it once they realize how much more money they could pocket when they introduce better security.