The Art of the Steal (27 page)

•   Your SSN is printed on an employee badge that you wear (10 points).

•   Your SSN or driver’s license number is printed on your personal checks (20 points).

•   You are listed in a
Who’s Who
guide (5 points).

•   You carry your insurance card in your wallet and it contains your SSN or your spouse’s SSN (20 points).

•   You haven’t ordered a copy of your credit report for at least two years (10 points).

•   You don’t believe that people root around in your trash looking for credit or financial information (10 points).

If you scored more than 100 points, you’re at high risk. You should purchase a paper shredder, become more security aware in document handling, and start to question why people need your personal data. If you scored 50–100 points, your odds of being victimized are about average, though higher if you have good credit. If you scored 0–50 points, my congratulations. You’ve got a high security IQ. Keep up the good work and don’t let your guard down now.

A NEED TO KNOW BASIS

As you can see from that test, to steer clear of identity thieves you really need to adopt a “need to know” approach to all of your personal data. In the future, someone had better prove to you why he must have any of your information before you give it to him.

You have to memorize key numbers like PIN numbers and Social Security numbers, rather than carry cards around with you. If you’re making a phone call that requires you to convey personal information, don’t do it at an open booth where someone can overhear you. Ever more popular cell phones are even more susceptible to eavesdropping, so be especially wary of passing along personal information on a phone.

It makes sense to keep a minimum number of credit cards, so that it’s easier to keep track of them. But no matter how many or few you have, make sure you check all of your financial statements carefully. So often we take a quick look at our credit card statements, and if the total seems about right, we just pay the bill and toss the statement aside.

If you don’t receive a monthly statement for any account, that could be a tip-off; call immediately and ask about it. If you’re notified that your statements are being mailed to another address that you haven’t authorized, tell the financial institution what has happened and that someone may have accessed your account. And maintain your own records of your spending. Then if you need to dispute a transaction, your records will support you.

When you order checks, refrain from putting any additional information about yourself—your address, middle name or initial—on them, since checks can be lost or stolen. I’m amazed at how many people put their Social Security number on their checks. You ask them why and they say they do it because they’re always asked for the number when they cash a check in the store, so they want to make it easy. Sure, for crooks.

Have your personal information deleted or kept private in listings such as phone books, driver and motor vehicle records, direct marketing solicitation lists, and listings by the major credit reporting bureaus.

When you’re traveling, even for brief periods, you should have your mail held at the post office or ask a friend or relative to collect it for you. Mail letters with checks and personal information in them from an office mailbox rather than from your home mailbox. My feeling is the post office ought to ask for ID before granting change of address requests, and they should at least send a card to the current address to confirm the request. Meanwhile, you should write your credit card companies and advise them not to accept any notification of an address change without verifying the change with you.

Don’t ever enter unfamiliar contests or sweepstakes, and I’m not crazy about entering even familiar ones. Any information you give to contests or charities may be sold or reproduced in ways you can’t imagine. If you get an unsolicited call offering you a credit card or prize but wants personal data like your Social Security number, ask for a written application. If they say they can’t do that, hang up. If they do send you an application, look it over carefully and make sure that it’s from a recognizable organization.

I recommend that everyone get a shredder. I have one in my house and one in my office, and I shred everything that goes into the wastebasket, no matter how innocuous it seems, but especially everything that contains any personal information about me. I assume what appears unimportant to me could be very important to a criminal. You should assume the same.

And you really have to stay on top of credit agencies, because for the most part, they take what’s fed to them and don’t verify it. And it’s all one-sided. Anyone who’s a client can send in something bad about you. But you never get asked about it. That’s the biggest problem I have with how they work. They don’t get anything from you; they get it all from who you buy stuff from. In addition, my impression is the error rate of these agencies is horrible. My name is Abagnale. That’s hard to mess up. But what if your name is Smith or Jones? A problem Joe Smith has may end up on Jim Smith’s credit report. And it’ll take a Dream Team of lawyers to get it off.

You ought to get your credit report several times a year and thoroughly check it. Michelle Brown told me she gets hers every month. There are services like Credentials Services International and Inquiry Notification Service that cost about $25 a year, that send you a collated credit report from the principal agencies—Equifax, Experian, and TransUnion—three times a year. Also, when anyone applies for credit in your name, they send you a letter notifying you. I belong to two of these services, so in case one misses something I’m hoping the other one will catch it.

Unfortunately, it’s almost impossible to get a fraudulent entry removed from your credit report. Even if you prove something is wrong, they don’t delete it. They put an asterisk next to it, and a note at the bottom that says the customer disputes this entry. How helpful.

In 2000, the government approved a bill that allows consumers and businesses to sign contracts online and know that their e-signature is just as binding as one in ink. This gives electronic signatures the legal weight of paper signatures, and makes a contract binding immediately. The law took effect on October 1, 2000, and already we have completely electronic mortgages available. I’m against the whole idea. I fear this will lead to still more identity theft. It’s too easy to steal or duplicate a e-signature. Who is going to have the signature? Who is going to store it? How will they protect it?

Under the law, a digital signature could take any of a number of forms—a string of numeric code that is encrypted or thumbprints or irises read by special devices. Because of identity theft, many Florida banks currently require non-customers to leave a thumbprint when cashing a check, and some large banks in the Orlando area are taking thumbprints from all new customers. California, Texas, and Georgia are among states that require drivers to give a thumbprint or fingerprint when they come in to get or renew a license. But if you give your thumbprint to an organization and they put it in a database, and someone breaks into that database, as they will, and steals that thumbprint, are you going to go out and get another thumbprint?

Additionally, there are ways to get around fingerprints. Impostors will coat their fingers with airplane glue, which, when it dries, covers the skin’s ridges and makes for useless fingerprints. Or they’ll spray their fingers with clear lacquer or hair spray, which congeal in the grooves and spaces of your prints.

Maybe a system that scans your iris sounds impenetrable. But what if someone knocks you unconscious and then holds your eye in front of the scanner? What if someone points a gun at you and forces you to sit in front of the iris device?

The idea of giving thumbprints or copies of your iris raises the hackles of many people, myself included, because of the privacy issues involved. We could end up with a national identity system that tracks and monitors people, and that gets me to wondering if the cure is worse than the disease. The Internet has already irrevocably altered the nature of privacy and turned us into a culture of transparency. Why make it worse?

You have to decide at what point is your personal security coming at the expense of your privacy. E-signatures mean that you’re giving out more of your identity. You have to ask why? Why do you have to surrender something else just for convenience? Why can’t you wait to overnight something? Why does everything have to be instant? Instant breakfast. Instant camera. Instant mortgage. You can’t wait a day? It has to happen in ten seconds?

WHAT THE GOVERNMENT CAN DO

If we’re serious about combating identity theft, it’s going to take a federal solution, beginning with changes in the way the Social Security number is used and the free and easy access businesses have to people’s credit reports. At the moment, the Social Security number has been ruined. When I was growing up, no one knew your Social Security number. Now it’s everywhere, and so it’s worthless for identification purposes. But it’s still being used that way.

There are steps everyone can take to safeguard their own number. Whenever someone asks for your Social Security number, you ought to make sure you know who you’re dealing with and that they absolutely need the number. If a business requests it to confirm your identity, ask if there’s an alternative number that can be used.

But these steps aren’t enough. The government needs to pass a law that will clamp down on the use of the Society Security number as a uniform identifier. A measure that would do just that has been introduced in Congress and defeated several times. It won’t help me or anyone my age or older, but it will ensure that the number will be more secure for my kids and grandchildren.

We also have to force credit-granting agencies to require more identification and buttress their credit card policies. We need to restrict the selling of personal information by credit bureaus, state and federal agencies, and marketing firms. The federal government has to take this issue up—and soon. If it doesn’t do something, so many people are going to be running around claiming to be the same person that we won’t know who anyone is.

WHERE THERE’S A WILL

In a world of wolves and sheep, I look on myself as a sheep dog. I try to make people think about things. Fraud, as it continues to grow, will really test our society. It will challenge us to decide, what is enough? We’ve come to tolerate fake luggage and an occasional fraudulent purchase assigned to our credit card, but now, with our very selves being stolen, it’s getting to crunch time.

Twenty years from now, there will be entire categories of frauds that the best science fiction writer couldn’t even imagine, just as decades ago no one would have imagined Internet fraud because no one imagined the Internet. As more and more gets done electronically, I think you’re going to see an explosion in crimes where there’s no human face you can identify. There won’t be any line-ups; who are you going to line up—e-mail addresses?

There is an undeniable appeal of scams. I understand that better than anymore. When you discover the way they work, it’s like being taken backstage at a magic show. But scams aren’t entertainment. They gnaw at the fabric of society and ruin lives. We have to look at white-collar crime as being every bit as dangerous as armed robbery.

Every day, I hear of a new fraud. I recently learned of a famous soccer star who never uses his real signature to sign checks or business documents, because so many people know his autograph that thieves are continually forging his signature. So he signs checks by printing his initials. He’s lost his signature to crooks.

I was talking to a highway patrol officer in Tennessee who specializes in automobile fraud, and he told me there are roughly twelve million classified ads run each year in the United States for used cars. About three-quarters of them are believed to have been placed by “curbstoners.” Curbstoners are con artists who buy wrecked cars and cosmetically repair them and sell them as if they’re new, or else buy leased vehicles that are only a couple of years old, but have maybe a hundred thousand miles on them. They roll back the odometers to 29,000 miles and sell them for much more than they paid. They’re called curbstoners, because if you reply to their ad, they make a point to come to you and sell you the car at the curb outside your house or office. The curbstoners are slick. They always have a story: “I just had my first kid, so I’ve got to sell this Honda so I can get a station wagon.” It’s become an enormous problem, because the titles are forged and it’s nearly impossible to trace these crooks. And when I hear that three-quarters of the classified ads for cars are frauds, that tells me there’s no way I’d ever respond to one.

I read about con artists who scan newspapers for pleas for lost dogs. They call up the distraught owners and tell them they found their pet while they were traveling and took it home with them before learning of its true home. They offer to ship the dog to them as soon as they wire the airfare. People are so ecstatic to hear that their dog has been found, they send the money.

On and on it goes, but we don’t take it seriously. Once, as a TV demonstration, I went up to a cashier at the express lane of a Kroger’s store and used the store manager’s driver’s license to cash a check. The store manager obviously had a different name. I’m white. He was black. Why bother to ask for an ID if you’re not going to take it seriously?

We sorely need stiffer penalties and real jail time for white-collar criminals. I think it’s ridiculous that if I have drugs on me I’ll get five or ten years in prison, but if I rip off $20 million I’ll probably get probation. I’ll give you another solution that I’ve been propagating without success for years. Companies don’t care enough about losses from fraud, because in most cases they can deduct a hundred percent of their losses from their income taxes. By lowering their taxes, that write-off cuts their losses significantly. Well, if Congress passed a law that said from now on businesses can deduct only half of their losses from fraud, companies would wake up and get much more proactive and fraud would decline. But who’s going to introduce such a bill, and who would vote for it?