Thursday, November 03, 2005

What Can Really be Done w/o a SSN?

Slashdot is an online community of self-confessed nerds. Many of the nerds care a lot about privacy, know a lot about technology and have some interesting discussions about it from time to time. Most recently, a user asked what sort of identity-theft/fraud mischief one can get into without a social security number:

Slashdot | Identity Theft-What Can Really be Done w/o a SSN?:

"TheItalianGuy asks: 'Many of us that work in the financial sector are bombarded with daily security threats. One of the biggest these days is Identity Theft. My fellow comrades and I have been really grilling each other on differing scenarios on what could be done with what information. However, it all seems to come back the the Social Security Number. Financial companies have other controls in place (customer service verification checking, account passwords, etc) to ensure identification. But in order to be of any use, a bad guy would really need someone's SSN. Absent of that, other information would be useless. Right? That's what I would like to ask Slashdot folks. What could be realistically done with customer information without a SSN? Account numbers, address, maybe a phone or payment amount. Is that really dangerous to the customer if only those get compromised?' "

Perhaps the most interesting and chilling response was from an anonymous user:

As part of my studies on "How easy is it to steal you"... I walked the UT Quad in Austin on the first day of school with some fake credit card apps... I had 100 apps in the first hour all with SSN, mothers maiden name, birthdays, the whole shebang. we found out that all you have to do is offer a t-shirt and some candy and these kids will give you anything you ask for. We tried asking for absurd stuff like bank account numbers,"This card can also act as a debit card if we have your bank information...", paypal info, "We can tie your new credit card into your paypal account too... all we need is your username and password."... we got everything we needed to totally rob someone... Here is the best part... you know all the disclaimer text on the CC apps... we worded ours to say EXACTLY what we were doing... Not a single person read the information... had they they would have seen that...
"I certify that the information above is correct and that this application is not a real credit card application. I hear by grant the final holder of this document all rights to this information to use as needed to assume my identity. All information requested on this document can be used to assume my identity. Never give our your personal information out to anyone who does not have direct cause to have this information known."

its insane what you can get people to give you...

No comments: