Your credit card privacy may not be as secure from identity theft as you think.
It’s a popular diversion: type your name (or a friend’s name) into an Internet search engine like Google and see what results pop up. You may find your MySpace profile or some news clippings. But occasionally, with no hacking required, a simple Google search could turn up your credit card number, along with your address.
Often, credit card and other data may appear on the Internet as a result of identity theft, and the criminals who traffic in stolen identities for their own illegal gain. These identity thieves are able to snatch cardholder information from online businesses that take credit card orders but do not employ proper security measures to protect customer information from hackers.
Identity thieves then traffic in your personal data, attempting to buy or sell it online, along with thousands of others. They may sell information that includes a debit card PIN and credit card numbers, Social Security number, home phone number, e-mail address and password and a mother’s maiden name — enough information for a multiyear identity theft outing. Your data could crop up on a website established for just such a purpose, although, more often, stolen credit card information is traded behind closed doors in Internet chat rooms where information is more difficult to trace.Criminals may post stolen credit card and other personal information online for a number of reasons. They may want to provide a sample of the information they are looking to sell, allowing others to test the goods to prove they are valid before making a purchase. Or, the thief may be seeking to make it more difficult for law enforcement to trace illegal use of the credit card back to him — muddying the waters by allowing others to get hold of the data which they too can use to make charges. Additionally, the thief may be trying to simply improve his status in the underground community.
Administrators who run the chat rooms where credit card and other personal data is traded have the ability to kick people out of the room and set passwords, in addition to loading programs onto the page which enable online criminals to check the authenticity of stolen credit card data in real time. Administrators can use hacked merchant credit card accounts to verify the information before posting it in the room. Generally they do not actually charge the credit card, instead running authorization transactions, which do not cost the cardholder anything but confirm whether a specific card is usable. The merchant is charged the minimum transaction fee (generally about 10 cents), and the consumer remains unaware their credit card account is about to be compromised.
To prevent your credit card information from becoming another items floating along the information superhighway, be wary of fraudsters employing phishing scams or other techniques that try and get you to reveal personal information. The credit card data that shows up through an online search may have been derived from a phishing scheme. Separately, be sure that you only conduct online transactions through secured websites, with Internet addresses that begin “https” and often display a lock icon.
If searching Google for your name does produce a result containing your credit card number, you can take action. Cancel the credit card, look over statements from your other credit cards for unusual transactions, and get a copy of your credit report from each of the three national credit bureaus: Equifax, Experian and TransUnion. Additionally, you can ask the three credit bureaus to have a freeze or fraud alert put on your account.
Additionally, you should file a report with the Internet Crime Complaint Center (www.ic3.gov). The IC3 will refer your case to the appropriate law enforcement agencies.
While doing a search for your name alone does not put you at risk, the same cannot be said for Googling your credit card number, according to cyber-security experts. Search engines could keep tabs on the search and thus your credit card data. AOL recently ignited an uproar when it provided researchers with the search terms used by over 50,000 subscribers — including Social Security numbers, medical conditions, and other information that could be used to identify a Web surfer. It pays to remember that once personal information enters cyberspace, it is impossible to know where it will end up.