Some thoughts on identity theft and social media

There are three pieces of personal identifiable information (PII) that most organizations, especially financial ones, use to prove who you are in over the phone and electronic transactions.

These are:
1) Your Name
2) Your Birth Date
3) Your Social Security Number

The three of these are considered so interconnected that if you have any two of them, you can find the third. Quite often this can be done through web based resources that you can find using Google.

Now, one of the most common things popping up on Facebook these days are “games” that even if they mean well, are ripe for abuse by criminals.

“What is your rock band name?”
“Who is on your Harry Potter Zombie Apocalypse Team”
“Who is your ”

I am sure you have seen them around. They all use a simple formula where the first person/thing/name is based on the month you were born, and the second is based on the day. From there, if you have EVER said ANYTHING online in any public place about your age, they know your date of birth. If you are on FaceBook, then there is a pretty good chance that you are using your real name.

From there they can use that information to track down all kinds of things about you.

This brings me to another point. NEVER EVER EVER set the contact/biographical data on your Social Media profiles to public. If you want your friends to be able to see it, and you are selective about who is on your friends list, then letting them see it is generally ok. This is especially true if everyone on your list is friends and family that you think have (or should have) the information anyway. Don’t put it out where everyone can see it though.

If you are using a social network that doesn’t give you the option of hiding data, then there are three safe options (depending on how it is set up).
1) Leave the information blank.
2) Lie
3) Use another website, and leave that one alone.

To be honest, if they don’t have a way to lock down data, and they make you provide something, you are probably better off going elsewhere anyway.

Remember: This is the information age. This is the age in which your online presence means almost as much as your physical presence. This is the age in which financial institutions depend on data points to act as “finger prints” to prove who you are. What you know is who you are. What someone else knows, can allow them to be you.

How many of us have called up our bank and said: “Hey, I am trying to set up a direct deposit, and I forgot my account number?” and then two minutes later, after a few security questions (name, ssn, date of birth) had that information?

You can generally get the banks routing number from their website, usually with only a few clicks.

With those bits of information you can set up a deposit. You can also set up a withdrawal.

How many of us have online checking? How many of us use our check/debit card for pretty much everything? I know I barely carry cash any more. The result is hundreds of transactions on my account every month ranging from five dollars; up to almost two grand (my rent is on an auto-withdrawal).

Would you notice if a random transaction showed up in the middle of that madness for say, twenty dollars? Especially if it was processed through some random payment platform that looked a lot like the name of a bank ATM.

Then, after a few of these without gaining attention, suddenly the same organization does a withdrawal of five hundred dollars, or even more. That one gets your attention, but at that point it can be really hard to fight. After all, it was authenticated with your PII. As far as the bank knew, it was you.