Saturday, 27 June 2009

How Much Are You Worth?

Identity theft is a major and growing problem. What you may not know is that your identity may be worth just £10 to fraudsters who could sting you for much of what you are worth.

Just a few months ago, my bank, HSBC, sent me a new Switch Card. It was not due for renewal and I had not requested it. I phoned up the Call Centre to activate the card and asked why I had been sent a new card. They were evasive saying it was a routine security precaution which set my mind racing. Had my details been compromised? I asked the question and the telephone operative was adamant that they hadn’t but the seeds of doubt were in my mind. Recently I read a stunning article in New Scientist and realised why my card, along with many others had been changed.

Hackers had penetrated a company called Heartland Payment Systems in the US which is a middle-man company that clears over 100 million card transactions per month. For 4 months, the hackers had sat on their servers and collected untold amounts of data on people like me. As a result, the ‘wholesale’ market for personal data took a dive as a glut of product flooded the market and our data became a cheap commodity.

Unbeknown to us, there are chat rooms in the dark world of cybercrime where our data is openly traded like the floor of the Commodities Market. Change the lurid coloured jackets for weird pseudonyms and you are not far wrong. The rooms are carefully disguised so that they are virtually untraceable or if they are, they turn out to be hosted in countries who could not give a fig about whether we are ripped off – you know, like China and Russia.

Many companies who sell products to protect us like Symantec offer broadly anti-virus protection and some firewalls. But spyware and other products to protect us buying and selling things online are far more important. Few offer real protection.

The Market For Our Data

In the sinister trading rooms, buyers and sellers are rated much like eBay ratings of trusted trader. These people can trade our data freely and the buyers will feel confident they won’t get ripped off by scammers who even cheat the thieves interested in our data by selling what they haven’t got. It’s a funny old world and reminds of the Robert Vaughan line in Hustle, ‘I ripped him off in good faith’.

Suffice to say the number of our cards, the expiry dates, the security number and even the contents of the magnetic strip are openly traded for as little as £10, possibly more for higher credit limit cards. It’s a cheap end for what we think we are worth.

The figures involved are frightening. Buying our bank account details for somewhere between $10 and $1,000 yields an average take of $40,000 for the criminals, while the average take on credit cards is around $4,000 for an outlay of no more than $25. Clearly, I am in the wrong business.

Britain, sadly, is one of the Top Ten cybercrime countries which include US, Canada and Germany too.

Protecting Yourself

The nightmare of cybercrime revolves around passwords. The strong advice is to use hard-to-guess passwords and avoid personal links. If you are like me, then you will have tons of places where you need password access for cards, banking, online transactions and websites. Having a unique password for every entrance is a horror story and being able to remember not just the password but which site entrance it is associated with is virtually impossible except for The Amazing Memory Man.

But good passwords are rated to be a combination of upper and lower case letters, numbers and other characters. Ouch.

Then, to add to the complexity, it is advisable to change these passwords regularly. This is sounding less feasible by the minute.

The next most practical thing is to use an up-to-date browser, firewall and anti-virus software. To be frank, it is pointless using free products, even the new one from Microsoft will be less than useless. If you want protection that works and get regular updates automatically, then you will have to pay – it as simple as that. AVG ( offers one of the most comprehensive packages at a decent price and has products capable of protecting individual consumers and small businesses.

Finally, never download email attachments from people you do not know or trust. As a rule of thumb, never download an attachment your were not expecting. Further, be careful even if the mail comes from someone you know. Check the message as they often have stupid titles which your trusted network may not use. I would also be careful on instant messaging type packages where people offer links or ask to connect when they do not know you. At best it can be a source for spamming, at worst they can trick you into downloading nasty programs.

The D’Oh Factor

Famously, Jeremy Clarkson poured scorn on cybercrime and revealed his bank details in the Sunday Times. Just a short while later, someone showed him that simple things can backfire as they signed him up to monthly Direct Debit to a charity he knew nothing about. The fact is, criminals do not need much to go on. Rather like fake ATMs, there are many websites which squat on retail sites and look like the real thing. They take your card details and off they go.

There are many programs but a favourite is a keystroke recording one. This is sent to your PC and then records every keystroke you make – routinely, the hackers gather the data and extract what they need. It’s hard to legislate against things like that but beware of following every ‘cool’ link you are sent.

Google, Facebook and others would like to legitimately follow your web progress and monitor what you buy, where and when. Their motives are seen as ‘cool’ and also to help us buy more of what we want and for advertisers to pay more to target us. However, as the Heartland Systems experience shows, even the most robust security set ups are penetrable to the determined criminal. Be very wary for signing up to new conditions or services from companies like these until they have had time to ‘bed’ down and have been hacked a few times so that they make sure they are far more secure than they ever wanted them to be.

Your data is far more vulnerable than you think. Remember to drop your internet connection at night or when you are not using it and have access protected by passwords too. Don’t make it easy for these guys because it is our poor vigilance they are relying on and we have this bizarre belief that all that we do on the web is secure and private. Even the ISPs are recording your every communication as we speak.

Everyone wants to know what we are doing and saying, and it’s not always in our best interests to allow them to do so.

No comments: