MasterCard’s security chief, Sergio Pinon got a nasty shock two years ago when his bank called to tell him that his own identity had been stolen. The Wall Street Journal told the story last week.
A Nigerian man had telephoned a Miami bank, identified himself as Mr. Pinon, and said he had lost his MasterCard and asked that a new one be sent to a new address. To prove his identity, he gave Mr. Pinon’s date of birth, Social Security number and mother’s maiden name.
Mr. Pinon, told the newspaper that, within an hour, he telephoned the police, the secret service, three credit bureaus and his bank, changing all of his passwords. The thieves had already opened bank accounts in his name, preparing to transfer funds from his credit card. He acted in time, so in his case the identity theft did no damage. It turned out that a girlfriend of a bank employee was involved in the scam.
Dishonesty of a bank employee is only one of many ways that your supposedly secret personal data can get into the hands of a scam artist. Anyone who handles your credit card can quietly make a copy of it. Any time you furnish your Social Security number, your bank account numbers, your credit card number, that little three-digit personal identification number on the back of your credit card, your mother’s maiden name or even the name of your first dog, you are banking on the honesty and security of some other person or institution. Some are sloppy, and some are outright dishonest.
A recent rash of security breaches has provided good reason for anxiety about personal privacy. Time Warner reported in March that a container of backup computer tapes containing Social Security numbers of 600,000 current and former employees went adrift on a truck ride to a data-storage facility. The storage company spoke of “human error” and said it had lost hardly any data in its numerous trips, with only three earlier losses this year.
Bank of America disclosed in September that it had lost backup tapes with credit card records on 1.2 million government employees including most U.S. senators, according to a recent summary by The Journal. There is nothing new about such lapses, but they are coming to light now partly because a recent California law requires disclosure and notification.
Social Security numbers, which can be a key to much other personal data on individuals, are on sale at $35 apiece in a thriving black market. Merchants find them valuable in targeting markets and planning production. Credit rating firms insist that free use of Social Security numbers is essential. But crooks can use them, too, in identity theft.
Actual losses through identity theft are rare compared with the huge stores of data that have gone astray. Banks often find it too expensive to reissue jeopardized credit cards and more reasonable to watch for any unauthorized use and reimburse a customer for any loss.
Some help is on the way. Companies are beginning to encrypt backup data before sending it off for storage ? something they should have been doing all along. But it is up to the individual to check his or her credit ratings frequently for any debts they haven’t incurred. They can do it free once a year under a new federal law, in Maine using forms available on the Internet from the Office of Consumer Credit Regulation, at www.state.me.us/pfr/ccp/ccpindex.htm