Thursday, July 06, 2006

PROFILE OF AN IDENTITY THIEF

The New York Times describes Shiva Brent Sharma as Hollywood handsome who saw to it that he had enough gel on his mane of black hair for this in-prison interview with Tom Zeller Jr. of The New York Times.

He was barely out of his teens back in 2002 when he began picking the locks on consumer credit lines using a computer, the Internet and a deep understanding of online commerce, Internet security and simple human nature, obtained through years of trading insights with like-minded thieves in online forums.

This New York Times article, Stolen Lives, featured Shiva Brent Sharmaan, an identity thief who is currently serving time at New York’s Riker’s Island correctional facility. On his third arrest for identity theft, at the age of 20, he had taken in well over $150,000 in cash and merchandise in his brief career. He had victimized many credit card holders very much in the same way as Dondon had experienced.

While in Japan for his post-doctoral research, our fellow-Pinoy blogger, Dondon, was horrified to have discovered that $500.00 worth of online purchases were charged on his credit card. He frantically called his bank to have it terminated immediately. He said that “it was certainly Japanese language calisthenics for me trying to explain that I never purchased those items except if I had quantum power to exist in several continents at the same time.”

Dondon was but one of the many unwitting credit card holders who were victimized by identity thieves these past years. It used to be that such modus operandi would start from a lost wallet full of identification and credit cards, or carelessly tossed out bank and credit card statements. Nowadays, the baits often used to facilitate data theft are e-mail solicitations, online phishing, and phony Web sites. And every year many more get fleeced; oftentimes unknowingly until they receive their latest credit card or bank statements.

When I mentioned this to my bank manager, she suggested not using my credit card online. However, if it is absolutely necessary, request for another credit card with a much lower credit line — like no more than $200.00 — and use that for your online transactions. She admitted that a number of their clients started seeing fraudulent charges on their cards as soon as they’ve started using them online. A good rule of thumb here is always take extra precaution when using your credit and debit cards.


Photo credit: Tom Zeller Jr./The New York Times

19 comments:

  1. Hello! Thanks for this informative post. I suspect that my credit card info leaked from the database of one Japanese company that reported a huge theft of their clients' identities last year. Or, it could have been due to the unprecedented Visa/Mastercard card information fiasco that swept the US almost two years ago.

    ReplyDelete
  2. I'm glad it's all over now, Dondon. I trust your bank didn't hold you accountable for any of those fraudulent purchases.

    Ingat!

    ReplyDelete
  3. Good thing I've never used my credit card for an online transaction before.

    Oh wait! I don't have a credit card yet, hehehe

    ReplyDelete
  4. And you don't need one, yet, Jhay! :)

    ReplyDelete
  5. Clearly, using that credit card online would always be risky. The best antidote to this is perhaps maintaining a card that has credit limit. There is just no way to know how these hackers could gain personal infos. There'd be time where all they need to do is hack that bank database and voila, they can steal hundreds of identities.

    ReplyDelete
  6. Goodness, I should've made a record of it -- that the database containing PIN codes of debit cards were compromised; hence exposing customer data, debit card number and access codes. This made me stop using my debit card altogether, Major Tom.

    ReplyDelete
  7. Hello guys!
    It seems that the guy was really good in exhausting what he knows from internet; having been in a prestigious school to study such a crime. Tsk! Tsk! Well, what can we do about this? More and more people are really gaining access to other people's lives. The best solution is to acquire the idea PREVENTION IS BETTER THAN CURE.

    According to http://www.linkverve.com, a directory whose prime concern is to make us aware of the things we don't know yet and develop those things we already know about the internet more than anything else, "Start adopting a "need to know" approach to your personal data. Your credit card company may need to know your mother's maiden name, so that it can verify your identity when you call to inquire about your account. A person who calls you and says he's from your bank, however, doesn't need to know that information if it's already on file with your bank; the only purpose of such a call is to acquire that information for that person's personal benefit. Also, the more information that you have printed on your personal bank checks -- such as your Social Security number or home telephone number -- the more personal data you are routinely handing out to people who may not need that information."

    ReplyDelete
  8. Thank you, Anonymous, for your suggestions. You're right, anyone calling and asking for too many personal information should be a major concern.

    May I also add investing on a cross-cut shredder to dispose bills, bank statements, and any other sensitive documents that could facilitate data theft.

    ReplyDelete
  9. O my. He was like cutee boy but deep inside of him has his hidden agenda.Thanks for the concern and information about these. Yeah there are a lot of emerging stores on line and they dont have the security package to where and what extend to it... be sure to be careful and you always confined with site area.. and check immediately your account in such a way you could avoid the fraude..

    ....we must all be careful..

    ReplyDelete
  10. But you know what, Neil? This guy didn't have to use his good looks to con anyone because he did most of his work through a computer and online connection.

    And you're right, we must be cautious whenever making online purchases with our credit cards. However, what's even more frightening is when hackers are able to get inside a bank's database.

    ReplyDelete
  11. i dont transact online. i was almost lured into it. as much as possible, i would avoid making transactions online.

    it make me feel uneasy when credit card agents call me up and seem to know so much info about me. i always reply with "how did you know that?" and i will get a response, "you are recommended by so and so.." or "you are one of the list with good records..., etc."

    ReplyDelete
  12. I had been duped twice - one for $1700 and another for $400 on two separate cards but in both cases, the credit card company foot the loses.

    On the $1700, I demanded the receipts and lo and behold, they were not mine! But then, I noticed that the thief wasn't smart at all. On one of the receipts, there was a 20% employee discount showing the employee's id. I called up the card fraud prevention unit and reported the incident. The employee certainly knew the fake card holder. I'm quite confident that the police made headway in the case.

    the $400 was all related to gas bar purchases. Someone was joyriding with my credit card. The credit card company issued me a new card and foot the losses.

    Nowadays card companies won't even deliver online purchases if they're not addressed to the customer's how address on their file. One time I was hopping all over downtown and used my card for parking, the company called me to check if I did the transactions. For any unusual trends the card company calls the customer to verify.

    But we know the truth or in fact, the paradox. The perpetrators of this crime are likely the same people who designed the systems!

    ReplyDelete
  13. This problem normally starts from the person himself and his pc. Most often than not, we are too trusting and too careless with our important pesonal information. Identity thief happens because we give them the opportunity by making our information available to them.

    Our internet habbit has to do with it as well especially if we use peer to peer connection (p2p) like kazza, limewire, etc. and visiting untrusted or unsigned sites.

    A friend of mine who works with an IT company told me that thieves can target anyone anytime and we have no control over them. However, we can do
    small thing at our end as precuationary measures (although not a full-proof solution) when we do online transactions. Activate your firewall,
    anti-spyware and malware softwares and clear the computer cache of our pc after we've done with our transaction. If possible verify immediately with your bank or credit card company how much was charged to your account. Help
    desk and customer care are normally open 24/7.

    Please check this site at http://www.us-cert.gov/. There are loads of valuable informations about this topic. Just type 'identity thief' in their search box.

    For list of hoaxes, spams, etc,and what are they, visit this: http://hoaxbusters.ciac.org/

    I feel sorry for Dodon and BW.

    Thank you.

    ReplyDelete
  14. Like you, Bing, nowdays, I shy away from using my credit card on any online transaction. But in NYC, I had one card I used exclusively for online purchases. It got to the point that groceries were the only stuff I don't buy online -- it was that convenient.

    Unfortunately, until our tech community comes up with a more theft-proof systems most people will never experience the convenience of online shopping.

    But alas! Like what you said, BW, sometimes the perpetrators get into the act themselves. Canada and America have laws that protect credit cardholders and restrict their liability to $50.00 for any stolen or fraudulent use of their cards. I just don't know if the same applies here in the Philippines.

    And what happened to you was far worse than Dondon's experience, but glad that you were never made to pay not even a cent by your bank/credit card company.

    Many thanks for the link Myepinoy and for the additional suggestions on how each one of us could further protect against ourselves from identity thefts.

    There was a time when I was very much into Napster but had stopped altogether, especially nowadays when most of these p2p connections have become major threats. And it's true, with some of these tech savvy guys, just knowing your IP address is enough to start breaking into your hard drive.

    What I do with my laptop is store personal documents in memory sticks or CD, not in the drive itself.

    BTW, a hacker tried taking over two of Sassy Lawyer's blogsites.

    ReplyDelete
  15. YOu might be surprised that banks here in Canada write off hundreds of millions of credit card fraud. In my case, the banks took the losses for the fraud and I did not have to pay anything. I think the bottom line here is if banks try to one up the customer, they'd get sued like crazy. THey would avoid at all cost a nasty class action suit which would be way more expensive.

    Ignorance on the part of the customer is one of the main reasons why these thieves are making headway. Likewise, system security with banks and financial institutions need to get tighter and the government is doing its best through legislation to enforce tighter security. The government is now auditing banks to ensure that their system security is top notch. Case in point, a big US bank lost tapes containing 300,000 customer records becuase the courier company was sloppy. Some banks are no longer sending back-up date to their offsite storage. They have invested in high speed replication technologies to minize the risk exposure.

    The success of thieves are the result of customer ignorance where they hijack the user's accounts through phising or spoofing or stealing record information. Most banks have employed tighter intrusion detection systems that have made it extremely difficult for thieves to hack thrir systems.

    ReplyDelete
  16. sorry - back-up tapes not date.

    ReplyDelete
  17. I've a feeling, BW, that in some way or another, the consumers absorb some of those losses as well through the high interest rates and yearly fees that they get charged by their credit card companies. I pay 2,500 pesos a year for mine. Can you imagine if they have a million Filipinos as card holders? Whoa!

    I also suspect that there were more cases of database hacking that the banks would let us know. Perhaps, the banks would rather keep mum about it because they're afraid of possibly losing their customers' confidence. But I'm glad to know that government regulators constantly urge the banking industry to develop formidable defense measures against data theft. Must be great to be working in that field as a specialist.

    Thanks for the info!

    ReplyDelete
  18. The annual fees plus the whopping interest charges ( 19 % for credit cards and up to 28% for dept store cards) reflect the kind of risk that banks take in this business. There are low interest credit cards that would charge you 9% but they will apply interest upon purchase! They would not give u the usual 30 day grace period to pay up without interest. Depending on your financial need, the 9% can actually save you some bucks. Given the risk due to fraud and the huge write offs, the credit card business is still profitable.

    Accurate credit info is also a tool that financial institutions in North America share amongst each other. In the past, banks in RP do not share customer credit info with each other so you can default on a credit card issued by one bank and still apply for a credit card from another bank! I hope they have remediated this situation in RP already.

    The fall of ENRON is something that the U.S. govt is wary about. It could not afford this to happen with a huge financial institution. The damage would be catastrophic and that's the reason why it aggressively monitors the controls and risk assessment methods banks employ in their day to day operations. In Canada the OSFI
    ( Office of the Superindent of Financial Institution) monitors this activity.

    System audit is a hot field to be in nowadays. Security analysts are likewise in demand. It is a growing discipline and the race between high tech thievery and secure technology is non-stop and ever tightening so these security specialist jobs will be around for a while.

    ReplyDelete
  19. Your knowledge in this lending business is quite impressive, BW. I'm sure it will be a big help to those trying to decide which is a better card for them to apply for.

    Although the banks do not make money on those who pay in full, credit cards, ideally, should be used as such -- in lieu of cash but to be paid in full when the bill comes. But we do run into emergencies and must dip into our credit line, which is good to have in such occasion.

    Yes, that ENRON accounting fiasco is one, if not the worst fraudulent act in corporate America, which adversely affected not only many investors, but those employees depending upon their pension.

    I was once very much interested in network security. System audit I'm not that familiar with but will look into it -- sounds intriguing.

    Thanks for the valuable info, BW!

    ReplyDelete