Sunday, April 02, 2006

Identity Theft

A relative asked me if I was concerned about identity theft. Anyone in the world can access my blog which has pictures and descriptions of my life. So, I have decided to post this agreement which you must accept before continuing:

  • I promise not to use any information on this blog to steal Joseph Fluckiger's Identity.
[I accept] [I decline]

Ok, so that's probably as effective as the Microsoft software agreement which no one I know has ever read, not even my dad who is a lawyer.

Seriously, identity theft is real and I don't want it to happen to me or you. So I'll tell you what I know about it and how to prevent it and also identify it early so you can mitigate the consequences if it does happen.

Identity theft I think can be summed up as: Someone taking out a loan with your social security number. That's it, that is what identity theft is. If someone has a picture of me, or knows what my son's name, or knows that I used WD-40 over a camp fire last summer, it doesn't help an identity thief. Because when you take out a loan, they don't ask those things. They main thing they want to know is your social security number.

Never-the-less I do use caution in what I post to my blog. I won't post my birthday, or my address or my home computer's IP address for example. So I will be careful not to post those things on my site. But by far the main thing is the Social Security Number (SSN).

These are steps I take to protect myself:
  1. I cancelled my extra credit cards. I only have one, and it is an ATM/Visa card. I audit the trasactions several times each week.
  2. I don't fall for phishing scams. "Phishing" is when you get an email that looks like it is from a legitimate source and it really isn't, and they ask you to enter in your password or other sensitive information into their fake website. Always check the domain name after the "http://" if it says, you are ok, if it says you are not ok.
  3. I use paypal instead of a credit card as much as possible. With a credit card, anyone with your credit card number can take your money, with Paypal you have to send money to the merchant.
  4. ****important: check your credit report regularly. Watch for suspicous activity. They changed the rules specifically because of identity theft so that now it is free to get your own credit report once per year. This is how you will identify identity theft, it will show up as new loans/credit cards on your credit report, followed by lots of bad ratings.
  5. My password that I use for every website and bank account is "doublecheeseholdtheonions", which no one would ever guess. Ok, joking aside, I use punctuation in my passwords and that's all I'll tell you about my passwords because this is a public forum. Call me and we can chat about password strategies. More and more passwords are your identity.
  6. I use biometric authentication for my computers. That's a fancy word for fingerprint reader. It is reliable, and it works only for my finger. (I think we'll see bio-id built into most computers and electronic devices in the future. Your voice, fingerprint and passwords, and behavior will contribute to "evidence" which can reliably establish identity and flag impostors)

The dependency we have in the US on the Social Security number is seriously flawed. Lots of organizations use your SSN to identify you because it is easy. Your health insurance company uses it. (They are trying to shift away from SSN, but legacy systems still use it heavily) Funny story: my first BYU ID in 1998 had my SSN posted on the front of it for anyone to see, they have changed this practice fortunately. So these are the places you need to worry about your SSN being stolen from, because there are a lot of hands through which your SSN will pass. I know, because at a previous job, I had a database of SSNs. There really isn't anything you can do to prevent these things, so that's why step 4 above is important.

Interesting story: Sarah's classmate had her identity stolen. Someone was able to get her social security number. And they were able to take out several loans and credit cards. Sarah's class-mate didn't find out what had happened until she went to take out a credit card and it got denied because her credit was bad. So now she is having to go through this long, painful, paperwork intensive process of verifying her identity, and cleaning up bogus activity. Meanwhile, they are not going to restore her credit because they are trying to watch to see if the thief is going to make a move and get caught.

The research I did for this blog was really interesting, and I feel empowered against an otherwise fuzzy, ominous, evil concept. My conclusion is that blogging is safe. If I were running for govenor, I might be wary of arming my advesaries with incriminating evidence, but I don't plan on that. I have an action plan, so identity thieves, you'd better pick on someone else because this the the blog of Fort Knox.

-Joseph Ft. Knox Fluckiger