Friday, 18 January 2013

Protect your identity

Your identity is perhaps the most valuable thing you possess. I don’t mean in some philosophical, existential way, I mean purely practically. Losing your identity could lose you every thebe you possess.

My wife, who is a banking expert, is understandably paranoid about her banking identity. While we’re both big believers in online banking, cellphone banking and, in fact, anything that means we don’t have to enter Hell itself (a bank at the end of the month) we’re aware of the risks associated with technology in banking.

Even the simplest form of banking technology, your bank card, is profoundly risky. Whether it’s a simple ATM card, a debit or a credit card, it offers crooks a great opportunity to steal all your money. Critically, you must understand that in most situations, if this happens, it’ll be all your fault. Most of the time your cards can only be used in conjunction with the PIN, the number that only YOU should ever know. A crook can’t do anything with a stolen card unless he knows the PIN. The bad news is that they often DO know your PIN.

I heard recently of a case where a bank customer stormed into his branch demanding to know why the bank had allowed a thief to withdraw a small fortune from his account using the ATM. They sat him down and showed him the pictures the ATM had taken at the time the withdrawals had been made. Oh, he had to say, that’s my daughter.

We’ve heard the same story many times. Children, siblings, nephews, nieces and friends all knew the PIN for the victim’s card. Most of them didn’t know that many ATMs take a picture every time the machine is used.

Other times it’s more conventional crooks, not a relative or friend. Quite often they place a secret camera on the ATM that watches and records the keys the victim presses on the key pad. Combine that with a simple card reader that they insert into the slot where you slide your card and the crooks can get both a copy of the magnetic strip on your card AND your PIN. Minutes later and they can have a replica card and your money will disappear as quick as a flash. And the bank will say it’s your fault.

Are they right to do that? Unfortunately they probably are. It wasn’t their fault that crooks stole your identity. You might argue that the banks should take more precautions to ensure that crooks can’t “skim” your card but that’s exactly what they ARE doing. Only a couple of weeks ago one of the biggest banks alerted customers to a slightly different way the ATM would behave to reduce the risk of skimming. I’m certainly no defender of banks but they ARE making some efforts to reduce the risk you and I face.

The simplest way to prevent all of this happening is to treat your PIN the way you would treat cash. Don’t let people you don’t trust look after it for you and, above all, don’t leave it lying around. Every single time you enter your PIN into an ATM or a point-of-sale device in a store or restaurant, cover your hand as you type in the number. Ideally you shouldn’t even be able to see your fingers yourself. If you can’t, then nobody else can and without your PIN a skimmed card is useless.

While my wife’s the big promoter of protecting your banking identity I’m the one paranoid about my online identity. I’ve seen too many friends lose their identity online to be complacent about it. Again, this isn’t some middle-aged, technophobic objection to new technologies of Facebook, Twitter and the web in general, I’m just very concerned about IDs and passwords and what can happen if they’re stolen.

Most of us will now have received an email from an acquaintance announcing that they suddenly left the country to attend a course or a conference, their wallet or purse was stolen and now they’re stranded in a foreign country and desperately need to borrow a few thousand. Can you assist?

Of course this is a scam. Your friend is at home watching TV, not stuck in a foreign hotel short of cash. What’s happened is that your friend’s email account password has been stolen. A crook persuaded your friend to disclose his email password and has now signed on, as him, changed the password and has now emailed everyone in his online address book with the story about the foreign trip and need for money.

This email is NOT really from Standard Chartered.

So how does a crook persuade you to disclose your password? That’s quite easy. He “phishes” for it. It’s really quite easy to do. Send an email to your victim, or perhaps a million of them at once, saying that the security of their email account has been compromised. Advise them to click on a link to reactivate their account. That link goes to a very cleverly crafted replica of the genuine email site, not the real one. Once there they’ll be asked to enter their user User ID, password and a whole range of other things including all the details often used to prove their identity like their address, date of birth and passport number. Not surprisingly many, many people naively enter these details, not realising that they’re giving away their online identity.

This is NOT really the Standard Chartered Online Banking web site.

Exactly the same thing happens with bank accounts. An email from “your bank” arrives with a similar story and including a link to a fake bank web site. Within moments people give away their online banking details to a total stranger. They often never realise that this is how a crook got their details and stole their savings. Yet again the bank is entirely within it’s rights to say that this wasn’t their fault, so they’re not going to compensate you. This was entirely your own fault.

Please, in 2013, make this your New Year Resolution, along with being more patient with your spouse and cutting back on the booze and pies. Protect your digital identity the way you would protect your real-life identity.

No comments: