I recall several stories that I’ve heard or read about over the last few years where someone had charges placed on a credit card or a debit card account that were the result of either identity theft or card number theft. Fortunately, most of the instances resulted in little loss to the victim either because of good banking practices, early identification of the problem or the thief got too greedy and was caught. Each year, this sort of thing takes place and costs banks and individuals millions of dollars. The common thread between these cases? No, it’s not the result of online banking or online identity theft. No, it is the result of a consumer throwing away a receipt with a credit card number on it, unscrupulous clerks who, very sneakily steal those same numbers or someone who threw away mail that was scavenged.
Think about it: we freely give wait staff our credit/debit cards, who then take them away only to return minutes later with a neatly printed out ticket. We sign the check and then leave. Two things here: we don’t know what that person did with our cards while out of site and then, when we leave, we leave the check-for the most part-on the table. Now, fortunately, federal and state laws now prohibit the entire card number from being printed on those tickets so it is not as big a risk as it once was, but when it was so, how many of you even thought about? Probably not many. I didn’t. For a long time. Until I had my card number stolen. Yes, I was one of those people I referred to above. It happened while we were on a Disney vacation in Orlando, Florida. At no time during our vacation were we doing any online purchasing and, in fact, had little or no Internet access during that 10 day vacation. We know when and where the theft took place, based on the timing of the charges that began appearing. Fortunately for us, my credit union was on the ball and actually alerted us to suspicious activity on our card. We had notified them that we were taking a cruise and would be out of the country for six days and in Orlando for four days. We were lucky and only lost about fifty dollars.
Why am I sharing this? Because I want to contrast it with an absurd set of stories that I read today. One was from Adrian Kingsley-Hughes of ZDNet and the other was a Washington Post story, which, admittedly, I quit reading after a few paragraphs because it was just so ridiculous. Both posts share a commonality: both say we should stop using Windows for all online transactions. Kingsley-Hughes actually quoted FBI Director Robert Mueller who had told a story about nearly becoming the victim of a phishing scam and that he now does not do any online banking. I saw that story too…Mueller’s wife is the one who ‘forbid’ him.
So, because the ‘Security Fix’ column in the Washington Post and the FBI director say online banking is bad, Kingsley-Hughes now says you should use (and it was the ‘solution’ that Security Fix suggests) a Live Linux CD to do your online transactions. WHAT? Mr. Mueller’s near miss could happen to anyone and it does not necessarily have to involve Windows or ANY online stuff. How many people were duped by phone and door to door scams every year before and after the advent of online banking and shopping? Remember the old days when you paid with a credit card? You handed the clerk your card and they put on a slab of metal or plastic, put a receipt WITH A CARBON and then slid the device over the card? You instantly had two or more copies of the card AND the carbon. We trusted that the carbon was thrown away, but how many of them were fished out and the numbers stolen?
While I am sure that there is a large number of theft that takes place on the Internet, of which more than a few are the result of a system that has some malware and runs Windows. BUT, what is to stop theft from a Macintosh or even a Linux system? Someone who is going to go through the trouble to steal identities online or steal credit / banking information on line will only be slowed by non-Windows systems, not stopped. Adrian says that because the Live-CD systems are read only, that will protect you. I don’t think so. Packet sniffing can happen no matter what. And, who’s to say that there isn’t someone in the bank/store/company who isn’t stealing that data?
I think the biggest problem I have with Adrian’s post is that he never really gives a good reason for NOT using a Windows computer for online transactions. He quoted Mr. Mueller and the Washington Post story, but didn’t offer his own reasons other than ‘the risk of using Windows outweighs the convenience.’ What a crock. And, please don’t misunderstand, I like what his columns even though I frequently don’t agree. I think Adrian is a decent writer, if a bit sensationalistic at times-for good reason, too.
My point is that this type of theft can take place with or with out the Internet or Windows PC’s being involved. And the majority of theft is still the old fashioned type. I am more concerned with what happens to that card when I am in a brick and mortar location than I am with my online transactions.