Identity Theft - Online Banking is Safer
I just got back from a ski vacation (more on that in a later post). I’d like to talk about online banking and identity theft.
Many consumers fear online banking and shopping online because of identity theft. I’m always very confused by this. Buying something online is more secure than buying something in a store, assuming you’re buying from a reputable place (in either case).
Let’s make a quick comparison. In both cases, I’m assuming you’re making a purchase at a reputable company that you know to be legitimate. In most brick & mortar stores, you physically hand over your credit card to the merchant. They usually swipe your card in some sort of card-reader or worse yet, manually type it into some sort of computer. Most places have gotten rid of the old carbon copy swipe devices but I still come across them now and then. At any rate, the credit card number, name, expiration date, and the additional number (usually on the back of most cards) is in plain view! On the carbon copy devices, your number is permanently visible! The clerk can simply jot down your name and credit card number without difficulty. Another common scenario is at restaurants. You not only hand over your credit card to the server, but they take it away, out of sight for several minutes at a time. They can easily copy the information down, or even swipe the card with their own reader. How is this secure? No matter how much you trust the company, unless you personally know the people handling your credit cards, you cannot inherently trust all the employees of said company.
Compare that to buying something online. You personally put in your credit card name, number, and address. A lot of websites now require the security code as well (e.g. on MasterCard, a 3-digit code in the signature strip). So far, only you see your personal information. When you hit submit, your web-browser encrypts the information. It essentially scrambles it up so that it’s not readable by a human, and would take an extremely long time for any computer to interpret it. Once the information is scrambled, it is sent over the Internet to the merchant. A computer on the merchant’s end receives the information and processes the order. If it’s a good company, they will also automatically check with the bank that issued your credit card to make sure the billing address you entered is on file. So far, no human has seen your personal information. In order for a human to intercept the information, they would first need physical access to some point along the internetwork of routers, switches, computers, or wires between your home PC and the merchant’s. Once they had access, they would need to filter out only packets between you and the merchant. Next, the high-tech thief would need to identify portions of specific packets of data that were involved with the transaction. If they got that far (which is pretty unlikely), they would then need powerful computers (or a lot of time) to decrypt the data. Remember, the information sent in the packets is all scrambled up. Even with fast computers, they would still need a lot of time to finally arrive with the final info.
Let’s say that the would-be high-tech thief managed to accomplish all of that. In a lot of cases, you would still be safe. Many sites now offer to "remember" your credit card info. Your credit card information is no longer sent every time you place an order. At most, the thief would only get what you ordered and maybe your account name. (The down-side to this would be if somehow they got your account name and password, they would be able to place orders in your name.) Yet another security measure you can only use online (to my knowledge) is "temporary numbers". Many banks offer a feature where you can get a temporary one-time-use credit card number. It’s linked to your account and works just like your normal credit card number, except for the fact that it can either only be used once, only be used within a particular time period, only be used at one particular merchant, or all of the above. Even if a thief discovered your "credit card number", they wouldn’t be able to use it.
One of the biggest advantages to online banking is the fact that you can review your statements in real-time. As soon as something is posted to your account, you can log-in and see it. According to an MSNBC article, people that spot fraud online lose on average $500. People who wait for their banks to send paper statements lose $4,500!
A study
commissioned by the financial industry concluded 9.3 million consumers were victims to identity theft. That’s one in ever 23 people. In the study, only 12% of victims believed their information was stolen or obtained "electronically". Most identity theft, according to the article, is done offline, either by stolen wallets, checkbooks, or by "dumpster driving". Never throw away bank statements without shredding them first with a good cross-shredder. You’re just asking for someone to steal your identity if you do, regardless if you shop online or not.
A growing concern of many should be phishing e-mails and sites. Basically, a phishing site tries to trick you into giving away personal information online. They’re usually pretty easy to figure out but lately, they have gotten to be more and more sophisticated. Some good security tips: Never click on a link in an e-mail asking for personal information, even if it appears to be from your own bank or website you have an account at (eBay or PayPal, for example). If you think an e-mail is legitimate, open up your web-browser and manually type in the merchant’s address. Don’t click the link.
Think of it this way, if someone you didn’t know came knocking at your door with a "Hello, my name is: PayPal Security" sticker on, handed you a form and asked you to fill out your login name, password, credit card account, social security number, bank account, pin, etc. you would not even think twice about shutting the door and perhaps calling the police. The same thing happened with phone scams. No company will ever call you and request personal information. Phone scams are just easier to track down and prosecute. Banking online is the same as doing business in person, or over the phone, in this regard. You have to drive to the bank and talk to someone before they will ask any information of you. You have to call the company yourself before they will ask personal information of you (usually to verify your identity). In the online world, you have to visit their website yourself before they will prompt you for personal information. No company will visit your home, call you, or e-mail you asking for personal info.
All in all, just use common sense.