Identity theft/ family history - Police warning

[Gartag]

Security is over rated, the more difficult you make it the more of a challange and a target it becomes.

Years ago I worked distributing information and updating same in a large office with about 20 other people.  We were given strict instructions to have a password that no one would work out and it had to be changed monthly.  Of course this meant friendly 'hacking' going on, accessing a collegues computer and leaving silly messages on it for when they came back from lunch.  The early days of passwords being any length and any characters.

Mine was ,._ (commer  dot  spacebar)  and each month the first would rotate to the end.  As added security my thumb would tap the rim of the keyboard while fingers poised over various keys so it sounded like a 7 character code.  Although I rarely cracked anyones password we had some good hackers on board but mine was the only one never broken, until....   Suddenly they upgraded security and we had to have at least 7 characters which included at least 1 number and 1 letter.  Within 5 months mine was broken 3 times.

Garth

[Guy Etchells]

Guy, we've discussed this many times before..... but here we go again.....

In the UK, both major UK credit card suppliers use a system where you have to use a password when making online purchases (Verified by Visa and Mastercard Secure Code).  You can choose the password, so nothing wrong with that, EXCEPT that if you forget the password, you can reset it by answering some questions, which include your mother's maiden name, and your DOB.

Since many people who apply for credit cards are worried about not getting credit, they are quite likely to supply the true answers to the questions when they apply for cards.

When someone fraudulently used my Virgin credit card a few years ago, they did it with the 'lost password' technique. 

Whilst discussing the problem with Virgin customer services, they agreed that the system was poor, but they could do nothing about it because they are only agents of Mastercard, and Mastercard make the rules.

Once the criminals have established that the card is working, they can then use it again and again online, or make clone copies which they will use abroad to obtain cash from dispensers where there is no Chip and Pin.

As I have explained before in answer to mother's maiden name you call her XhTvrjxwPP493?bk or another random selection known only to yourself.

Why use a name?

Only the naive do that.
Cheers
Guy

[Trillium62]

I've recently had to do a couple of updates in the event that my password has to be verified or recovered.  None of the questions now are about DOB or mother's maiden name.  There were three or four drop down menus, such as "Where did you go on your honeymoon?"  "What was the name of your first pet?"  Questions that were very specific, in other words, you wouldn't mix it up with your most recent pet.  On each drop down, you could choose your own question and fill in your own answer.  A fraudster who came along later would have to know you very well to have all three answers correct. 

[Nick29]

As I have explained before in answer to mother's maiden name you call her XhTvrjxwPP493?bk or another random selection known only to yourself.

Why use a name?

Only the naive do that.
Cheers
Guy

And as I have explained before, some people who fill in forms tell the truth, for fear of rejection.   In other cases, cards are issued by banks, who know DOB's and mother's maiden name.  I've been with my bank for 27 years (long before computer or the internet), so I told them the truth - why wouldn't I in those days.

Lastly, I wouldn't say that people who tell the truth are 'naive' - why should we have to go to such lengths to cover the mistakes of the banking sector ?   It's they who are being naive, but hey, we pay for their mistakes, so why should they worry ?

I've recently had to do a couple of updates in the event that my password has to be verified or recovered.  None of the questions now are about DOB or mother's maiden name.  There were three or four drop down menus, such as "Where did you go on your honeymoon?"  "What was the name of your first pet?"  Questions that were very specific, in other words, you wouldn't mix it up with your most recent pet.  On each drop down, you could choose your own question and fill in your own answer.  A fraudster who came along later would have to know you very well to have all three answers correct. 

My comments were about Mastercard Secure and Secured By Visa transactions on the internet in the UK.  They were not about other banks, or other countries.  If the rest of the world adopted chip & pin, which, although not perfect is much more secure than a magnetic stripe, there would be a lot less card crime.

[mlrfn448]

The problem arises when you are expected to memorize many different passwords, for different organisations.
Even the GRO ask you to register with a password for ordering certificates.
However, we are all gradually becoming more security conscious. I now shred all waste that includes my name and / or address.
I have also noticed that now most often, instead of entering your password, or internet number, you are often asked to select from a drop down list, ie the 1st 4th, etc. This is presumably a security measure in case anyone has cloned your PC.
One bank asked me to memorise a date, name and place, and it was suggested I use a memorable occassion in order to remember the answers
regards

[Gartag]

If offenders were more severely punished and faster  dealt with we wouldn't need such tight security.  I'm a little tired of the onus being on the victims.

I also believe that tighter security presents more of a challange and actually encourages offenders in many cases.

[Nick29]

Seems to me that the majority get away with it.

When I phoned Customer Services at Virgin Credit Cards, they refused to tell me how someone had managed to change the details on Mastercard Secure, but they assured me that I would not have any of the fraudulent transactions charged to my account.  However, this only means that we all end up paying.  It has been estimated that 3% of the cost of everything we buy pays for losses due to fraud.

Banks won't own up to the size and scale of the problem.

[Kaybron]

I recently went to pay for something online using my Visacard and the transaction was rejected. Message came up to contact the card provider which my husband did. The account is in his name and I have a card. My husband rarely uses the card but I use often. The provider had picked up a transaction which they thought was a bit suspicious and had therefore stopped further use of the card. When my husband phoned the card provider they passed him to the security section and they said they believed someone else had used the card and started asking him some questions. They asked about recent transactions on the card which my husband could not tell them. They refused to cancel the card and issue a new one unless he could tell them recent transactions.  When I got home from work I was able to give details about recent card transactions but then had to pass the phone over to my husband who was then able to cancel the card and have a new one issued.
I was impressed with the initial security re picking up on an unauthorised transaction but then not so impressed when dealing with the cancellation of the card.  Husband could give all password details but could not tell the provider recent transactions.
Kaybron

[Nick29]

The quickest and most effective way to get a card cancelled is to phone up the CC company and tell them that you think that your card details may have been 'compromised' (i.e. someone was looking over your shoulder on a PC screen, or overheard a phone purchase).  They will be forced to cancel the card immediately.  However, if you do this, you may have to fight to get back any purchases made fraudulently on the card before you informed them.