That is the question we ask in our most recent column in the New York Times Magazine. Along the way, we try to clear up some misconceptions about the subject, and get a guided tour of a hacker chat room where credit-card numbers, passwords, and PIN’s are bought and sold. Below is some of the research cited in the Times piece, along with some extras.
+ Steven Peisner is a veteran of the credit-card industry whose current company, Sell It Safe, helps merchants avoid fraud. Peisner spends a lot of time monitoring hacker chat rooms, and also sussing out fraudulent sites like this fake Bank of America website. A close look at the site reveals that its URL has nothing to do with Bank of America, but in fact reads “www.paypalacustomers.com.” “Even hackers get tired,” Peisner explained, “and sloppy.” The site will accept any keystrokes as a login and password; on the following page, a form asks for a complete array of personal information including – oops! – “Father Maiden Name.” (Warning: unless you really want to hand over your personal information to the hackers who created this site, don’t enter any real data.) [Addendum: a few hours after this blog post, the page described in the previous sentence was disabled; it had been in existence for at least two weeks.]
+ In this paper called “Why Phishing Works,” computer scientists Rachna Dhamija (Harvard) and J.D. Tygar and Marti Hearst (both at Berkeley) found that the best phishing sites were able to fool 9 out of 10 people.
+ In his forthcoming book Stealing Your Life, reformed fraudster Frank Abagnale (famous for Catch Me If You Can) argues that identity theft is extraordinarily easy to commit and very difficult to stop.
+ And yet a new report by Javelin Strategy and Research (which, admittedly, is funded by financial institutions) found that identity theft has actually leveled off. The full report isn’t available to the public, but this consumer version is, along with this summarizing press release; the Federal Trade Commission has also reported a leveling-off of identity theft.
+ Here is a Victim’s Guide for Identity Theft issued by the Los Angeles County Sheriff’s Department, which runs one of the most aggressive identity-theft task forces in the U.S. If you’re curious about your own vulnerability, take this safety quiz from the Better Business Bureau.
+ The TowerGroup, a research firm owned by MasterCard Worldwide, recently found that “banks are not yet ready to dedicate resources to solving any ID theft problem,” which leaves the onus largely on the merchants.
+ In this ingenious credit-card prank, the prankster wonders how crazy he would have to make his signature before someone actually cares.
and 
. You can also watch it on 
ah..er i do
ah..er i do
Canadian goverment has had to shut down it’s e-tax system was hacked on the week end , so they must care ….
Canadian goverment has had to shut down it’s e-tax system was hacked on the week end , so they must care ….
As a marketer I have found this issue as one that is increasingly becoming popular among companies who have access to this information. Many customers are putting this issue at the top of the list when choosing a bank, credit card, or any other process in which confidential information is necessary. A majority of my clients are banks, and at least 3 out of 4 messages to their customers in the past few months have been regarding identity security measures. Maybe this is all talk to make customers feel secure. Really there is no way that they can physically prove to their customers that their information will be safe. Their marketing message may not match what they are actually doing. I think I feel a new topic for my blog coming on. Thanks Stephen. (www.FreshPeel.com)
As a marketer I have found this issue as one that is increasingly becoming popular among companies who have access to this information. Many customers are putting this issue at the top of the list when choosing a bank, credit card, or any other process in which confidential information is necessary. A majority of my clients are banks, and at least 3 out of 4 messages to their customers in the past few months have been regarding identity security measures. Maybe this is all talk to make customers feel secure. Really there is no way that they can physically prove to their customers that their information will be safe. Their marketing message may not match what they are actually doing. I think I feel a new topic for my blog coming on. Thanks Stephen. (www.FreshPeel.com)
With respect to the credit card receipt signature issue, from what I understand the purpose of the signature is so that fruadulent charges can be later contested. I.e., you claim a charge isn’t yours, and the merchant and credit card company verify the signature as one means of checking out the issue. Note also that you can now purchase things with a credit card and never sign anything — such as online, at gas pumps, etc.
With respect to the credit card receipt signature issue, from what I understand the purpose of the signature is so that fruadulent charges can be later contested. I.e., you claim a charge isn’t yours, and the merchant and credit card company verify the signature as one means of checking out the issue. Note also that you can now purchase things with a credit card and never sign anything — such as online, at gas pumps, etc.