Here’s the scenario: you’re at the shops, you want to buy that car / TV / walk in fridge freeze / Body-Solid CEXM4000 Multi Gym (maybe not!) and you hand over your flexible friend to the spotty faced sales clerk. There’s a bit of a delay and he rings your bank for authorisation, when the phone is passed to you, in order to authorise the withdrawal from your account, the bank ask you 2 or 3 questions, typically from this list:
1. What’s your birthday?
2. What’s your address?
3. What’s your mother’s maiden name?
4. What was the name of your school?
Here’s the problem, if someone had cloned your card and was trying to rip you off, I’m betting this security check isn’t that secure. Let’s see what the internet can do to help us find the answers.
First stop: facebook (or your social networking site of choice). The majority of people will accept a friend request from someone purporting to be a long forgotten school friend. And most people put their birthday on their facebook profile, so the first one is sorted. Even if they think they are being clever by leaving off the year, you can normally work it out by going back in their history to when their last birthday was, it’s likely they, or someone else would have blurted out their age. Or if they have a university, college or school down on their profile, a sneaky message along the lines of “Hey, did you go to XYZ in the year of 1988?” will reveal when they joined / left a school, from which you can infer their birth year.
Also it’s very common for people to say what town they live in on facebook, so using a service like http://www.192.com you can typically narrow it down pretty quickly, especially if they are married and link to their spouse on facebook, as their spouse’s name will show up as also living at that address. You can often get age from this site too.
192.com (and many other similar sites) also provide birth certificates and marriage certificates both useful for… you guessed it, number (3), your mother’s maiden name. Why? Because that will identify your mother, information which can then be used to plug into ancestor discover sites like http://www.genealogy.com or many others.
You might even get lucky and the person will have linked their facebook profile to their family members, including their mum, and you can then just ask with a message like: “Hey, didn’t you used to be Tracy Temple, before you got married?” followed by “Oh sorry, which Tracy were you then?”.
Of course nearly everyone has the name of their school on facebook, so number 4 is a no brainer. Or you can use similar ruses to ask, or pop over to http://www.friendsreunited.co.uk/ or similar to look up their school there.
My point to all this is that you need to start thinking about the kind of information that’s out there about yourself, stuff that only takes an hour or so of effort to find out and is exactly the information that you bank will ask you if they want to check whether you really are you when someone is emptying your bank account.
Tips to defending your identity from theft then include:
1) Don’t put your birthday on the web, certainly not facebook, and never give it to random websites that demand it in order to “prove” you’re old enough to use their site. I take my cue from Queen Elizabeth, she has 2 birthdays: her real one which is celebrated privately; and a public one. And so it is that I have 2 birthdays too: my real one which I give out only to organisations that really need it, like my bank; and a fake one which the rest of the internet that doesn’t need to know it gets. Of course you’ll have to abandon the vanity fest that is lots of people you barely know wishing you a happy birthday on facebook, but I’m sure you’ll cope, if not then you need to HTFU! (See this if you don’t know what I mean – Not WFS due to bad language!)
2) Don’t put your school on your facebook profile, or any other profile for that matter.
3) Don’t tag your family on facebook. I’m pretty sure your Dad knows he’s your Dad, and if he doesn’t then well, you know…
4) Register to be ex-directory so your name and address isn’t in the phone book.
5) Elect to be taken off the public electoral role.
6) There’s another good tip that very few people do: if your bank (or other institution) call you unexpectedly to discuss something, it’s normally preceded with “I just need to take you through a few security questions…” and you get asked some or all of the questions above, which you answer honestly, right? Wrong. Don’t give out your personal details to some stranger who’s just called you up out of the blue and who may only be pretending to be from your bank! Get their name, department and number and tell them you’ll call them back, once you’ve verified the number is legitimate by checking it on their website. This is actually quite a lot of fun because the poor call centre agents don’t seem to have a script for customers refusing to give out personal details from an unsolicited call and who actually question the callers identity! Perhaps that’s just my mischievous streak coming out.
7) It should go without saying that you need a shredder, preferably a diamond cut one. It’s not good just having one either, you have to use it. Everything with your address printed on should go through your shredder.
8) You can also sign up for an identity checking service like Equifax’s Identity Watch which will notify you every time someone applies for credit in your name.
9) Use a password manager on your PC to securely keep track of all your passwords (you don’t use the same password for everything do you?). This is a free open source one that I’ve used:
10) Finally though, just think. Every time you are asked for personal details, consider: does this person *really* need to know, and if not either refuse or lie, it’s up to you. In this information age, you have every right to withhold your personal details, guard them like you’d guard your wallet, because ultimately that’s what’s at stake.