The Scary Reality of Identity Theft

One of the most basic philosophical questions stems from attempting to identify oneself, with the first step of proving you actually exist. René Descartes provides a proof with

Cogito ergo sum

meaning, “I think, therefore I am.” The intuition is that the mere fact of thinking forms a proof that you exist. But who or what are you exactly? What identifies you? How can we definitively prove you are what you claim to be? Who you claim to be? The problem of identity is an incredibly hard one—how do you know a letter in the mail is from the person that signed it? How do you know a text was written by the owner of a certain phone? How do you know an email comes from the person that owns an email address? This is a fundamental problem that faces the fields of computer science and cryptography, and it is incredibly hard to solve.

We’ve all encountered spam emails or emails laden with viruses from friends whose accounts or computers became compromised. People have broken into the accounts of well known celebrities online and sent messages in their name [0]. News items featuring databases of personal information from compromised firms as large as Sony and the PlayStation Network occur with striking regularity [1]. Protecting your identity is a losing battle, and in your lifetime it is almost guaranteed that your identity will be stolen at least once, if not multiple times.

What does identity theft look like?  I don’t want to post personal information directly on this blog, but click through this link [2] I’m referencing to see real identity theft from a sample left by criminals for people that buy credit cards.  Yes, in the seedy underworld of the Internet, credit cards are a form of currency and they are traded in quantities of a thousand to millions at a time.

Faced with the certainty that your identity will be stolen, what can you do? Banks and credit card companies use statistics to identify questionable transactions and automatically freeze your debit or credit cards if they detect something odd. Clearly, there is an incentive to stop identity theft as early as possible. But that’s what the big corporations do—they build computer systems to monitor transactions of all their customers. What can you do? The only thing you can do is to minimize the damage when an identity theft occurs. There are multiple methods of doing this, but here are three quick tips I follow:

  1. CCD – use cash over credit, and credit over debit
  2. Credit Reports – check your credit reports regularly throughout the year, it’s free [4]
  3. Statements – check your credit and debit statements as often as possible

The first tip, CCD, is a proactive tip and the other two are reactive tips, but all of them should be used together to help minimize damage when identity theft occurs.

CCD: The idea here is to limit exposure to your primary asset: your money.  When someone steals your information, make sure they can’t steal your money.  If you only dealt in cash, you would never expose your identity.  But that’s infeasible in today’s world of online transactions which are predominantly card only.  So, my recommendation is to use a credit card whenever you can’t use cash.  That way, when your information is stolen, a financial institution’s money will be stolen—not your money.  Credit cards create short-term loans between you and a financial institute.  At least initially, your money is never involved.  As a last resort, use a debit card when you have to.  But, understand that when your information is stolen your bank account balance will drop to zero or go negative.  You will no longer be able to pay bills, checks will bounce, and your life will be hell until you hopefully get the money back.

This entry was posted in Security & Privacy by Wolfgang Richter. Bookmark the permalink.

About Wolfgang Richter

Wolfgang Richter is a 5th year PhD student in Carnegie Mellon University’s Computer Science Department. His research focus is in distributed systems and he works under Mahadev Satyanarayanan. His current research thread is in developing technologies leading to introspecting clouds. tl;dr: Cloud Computing Researcher

Leave a Reply

Your email address will not be published. Required fields are marked *