Dumpster-Diving for Your Identity 344
The NYT magazine has a story titled Dumpster-Diving for Your Identity - the author interviews two convicted identity thieves talking about their methods and successes.
Ya'll hear about the geometer who went to the beach to catch some rays and became a tangent ?
Re:OK..... (Score:1, Insightful)
This is because back in the day (~1985) when people used to go 'trashing', they were usually buying various techno goodies (anyone remember the Prometheus modem with the clock?) for even more mischief. If the early hacking/phreaking geeks didn't invent trashing, they certainly brought it to a higher level...or lower depending on your perspective.
Not advocating btw, just relaying...
a little while back (Score:5, Insightful)
Honestly, if people would just be a bit more paranoid, and not worry about being casual with risk as a fashion statement, these guys would have a lot less to go on.
That's with regard to personal papers. Businesses should know better, and should get their asses sued for failing to protect sensitive information that was entrusted to them by their clients.
Punishment != Harm Caused (Score:5, Insightful)
I'd argue that was nothing but a slap on the wrist, and not much of a deterrent to future fraudsters.
Important add-on (Score:5, Insightful)
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
Jason
ProfQuotes [profquotes.com]
Well, who cares about them (Score:1, Insightful)
Re:The solution is easy (Score:3, Insightful)
You throw these out!?!? Never, in my wildest imagination would I consider taking such critical records and disposing of them. I've got my account histories (at the touch of a lock) form three banks over 15 year - I've even got records fom companies that closed, long before the whole 'get it online' rush. This is why I request paper copies of those records: so I can keep them.
Certainly, someone can break into my house, ignore all the shiny, expensive and portable things and got straight for the heavy, ugly, locked boxes obviously full of useless paper that are being used as a table for dirty laundry and AOL CD's (same really). But I degress.
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
That's one of the reasons the military and (some) government agencies have adopted standarized protocols to deal with this kind of stuff and generally are quick to reprimand those who violate policy.
Many security problems these days have to do with the fact that people for some reason refuse to apply common sense -- requiring people to wear ID tags at all times and conducting thorough background checks is not going to do any good if you just dispose of confidential documents into some backyard alley dumpster.
Three Stacks of Paper: (Score:1, Insightful)
accounts payable
accounts incinerable
Re:Shredding doesn't offer much protection either. (Score:4, Insightful)
The cost of having every employee or department having their own shredder isn't restricted to the initial $30/seat investment. There's also the time involved in shredding documents.
Probably not a good example, but:
I once had a job which involved faxing purchase orders to suppliers. When I first started, the process was:
COST: 2 to 3 hours employee time per day.
SAVINGS: $100 one-time cost of fax machine
Upper management greatly improved the situation when they donated a fax machine from their office for my desk...because it didn't meet their needs - it didn't automatically identify the sender in the page headers.
COST: 45 to 60 minutes employee time per day; plus additional 40 minutes of long-distance calling per day for the header page.
SAVINGS: $100 one-time cost of fax machine; 2 to 2-1/4 hours employee time per day.
Although it saved the daily trip to the accounting office, faxing now required a header page identifying where the fax was coming from. At least I could be mostly-productive while doing the mindless hours of fax work.
Eventually, we did end up with a fax modem which was connected directly to the mainframe which saved even more time.
COST: $300 for the fax modem; software written in-house in about an hour
SAVINGS: 2 to 3 hours of employee time per day
Queue batch of purchase orders.
Time is money - even if it is 15 minutes.
Re:Shredding doesn't offer much protection either. (Score:4, Insightful)
Another reason is liability. Having a company you can sue is nicer than having to cut your own throat by firing someone who screws up.
We don't need to abolish it... (Score:5, Insightful)
...because something even more invasive would be put in its place. The Devil that ya know, and all that.
We don't even need to pass new laws to restrict the use of the SSN, because we already have them. It's not supposed to be used for any identification purpose other than actual Social Security.
Once again, the problem is not lack of laws. It's lack of enforcement. (Look at Bush and Kenny Boy, and tell me if you're surprised.)
As long as banks can write off 100% of loss (Score:3, Insightful)
Why should they? It's a 100% writeoff.
Start changing the writeoff to 95% next year, 90% the year after that, 85% 3rd year, and see how fast they change their attitude.
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
The man who picks ours up is a toy short of a happy meal. He rarely says more than an incoherent mumble or two. Something usually about the damn lock on the door (I share his frustration).
We started using them after we shred about 5000 pounds of confidential data. I filled 12 large bins that they provided for us. These were probably 3.5 feet tall and large enough for at least two of my fat asses to fit inside easily.
Why do we use them? Because it would take me two or three days to destroy a single box of paper records that we have. I don't have time for that.
It's something like $500 for 5000 pounds. You do the math... Pay an employee $15/hr to shred documents for 3 days ($15 x 8) x 3 or $500 for 5000 pounds.
how to find out? (Score:1, Insightful)
How would I go about finding out if someone else has some form of credit opened in my name?
Would a credit report indicate all of my accounts? (even the ones opened by fraud?)
College Anyone? (Score:5, Insightful)
(all sarcasm aside, really what could one do?)
Re:Dumpster diving old home directories (Score:2, Insightful)
The real lesson there is not to have personal information on work-machines to begin with.
Re:avoid recycling bins for financial mail (Score:2, Insightful)
So that won't work for me.
link=http://seattlepi.nwsource.com/local/152676_re cycle16.html
Just wondering (Score:3, Insightful)
Liability (Score:3, Insightful)
Re:Compost them, don't burn them! (Score:2, Insightful)
There's an old saying: "I don't have to run faster than the bear. I just have to run faster than you." I presume that someone else's trash will be pilfered. Mine is rather unappealing.
Re:Shredding doesn't offer much protection either. (Score:3, Insightful)
If someone happens to get ahold of your sensitive data, it's nice for the bigwigs to have someone to blame other than themselves....
Think about it. Someone forgets to shred some confidential documents in their own personal shredder, and they get into the dumpster intact. That would be a whole lotta egg on the company. But, if the shredding company acidentally let a document "leak", then they'd probably lose more than just face... they'd probably lose a lotta money!
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
And there lies the answer. You don't have to perfectly destroy the papers. Just make it cost more to get the data than the data's worth. Even the most basic methods (straight shredder) will deter most thieves. Unless you're being specifically targeted, there's always the idiot down the street (or next door) that's an easier target.
It seems to me (Score:5, Insightful)
Somebody who knows me is better qualified to say "That is the real ajs318" {or not} than some piece of machinery ever will be. A human being can check subtle things like signatures far more reliably than a machine. But the corporate mentality seems to be far too trusting of machines and far too distrustful of human beings. It's well known that humans make mistakes, but who designed and built the machines?
In Britain, we have a National Insurance Number as a unique per-person identifier, but it is only used for taxation purposes. Also, your employer is responsible for stopping your tax right out of your wages before you ever see them, making it physically impossible for the working classes to commit tax fraud.
With no national identity card, anyone requiring ID has to seek it from multiple sources
Now, your name and address are published in the telephone directory. So places insist on official letters. Of course these could be forged
It seems the problem in the USA is that the social security number {which uniquely identifies a person} is treated as though it were a secret, unknown to any entity beyond the person it identifies. That clearly is not the case. Look at how PGP works
The other thing is, when you go into somewhere like a newsagent's shop, you are recognised by the regular staff there. {Kids in my old village used to shoplift from the local newsagents' once at most. The items they took got added onto their parents' slate.} The point is, the main identity used in that situation is the person themself, which is hard to forge. In a large impersonal supermarket, there is less potential for recognition, so if you pay by payment card or credit card then they require a signature {though trials are underway where the shopper will merely have to enter a 4-digit PIN, thus relieving the cashier of the responsibility to check a signature and not at all paving the way for brand new opportunities in crime}; on the Internet, none at all.
If you want security, stick with old fashioned pound notes, because they can only steal as many of those as you actually have. And, until they get RFID in money, it's untraceable. You can't look at a 20 note and see it was won in a poker game, for instance.