Stealing Your Life, by Frank Abagnale

I picked up a copy of Stealing Your Life, by Frank Abagnale, after hearing Frank speak at an IAPP conference in 2009. (He was a great speaker.) Several years later, I finally have gotten around to reading it. The book is a fast read and contains dozens of vignettes about identity theft illustrating every possible fact scenario. For the practitioner, these stories will make great fodder for presentations and trainings. Otherwise, however, the book doesn’t contain much insight for an experienced privacy or security pro that is knowledgeable about social engineering. But, this book does make for a great gift for friends, relatives and others who do not know anything about identity theft or social engineering.

The cornerstone of the book is 20 recommendations to lessen the likelihood of becoming a victim of identity theft.

  1. Check your credit report. Frank recommends Privacy Guard to monitor your credit report, a product he helped create. I think PG is fine, but I use All Clear ID, formerly Debix. My newborn twins are signed up as well. I check mine quarterly. One chapter that is particularly useful is the explanation of the terms and language used in credit reports. You can find good explanations online, but the chapter fits nicely in the context of the book.
  2. Don’t give out your social security number (or other national identification number). Good advice and anyone who doesn’t follow this is asking for trouble. It’s extremely unlikely that I will give my social security number out unless I am obtaining a financial service or product or dealing with the government. Contrary to many privacy professionals, I do think we need a national ID system. The widespread use of the social security number is a testament to the need (though most organizations should create their own unique identifiers).
  3. Protect your computer. We have to continue to make it easier and easier for consumers to protect their computers. Closely aligned with this is the need for companies to not be allowed to use a poorly protected computer as an excuse. Frank gives the example of a bank refusing to reimburse a commercial customer $90,000 after fraudsters transferred the money to an account in Latvia- a place that the customer had never transacted business before (in fact, there was no international transaction history for this customer). It is a disgrace that the bank’s back office fraud processes didn’t flag this transaction as suspicious.
  4. Keep track of your billing cycles. I have to admit, I don’t do this closely. I notice I start to look for bills around once a month, but I am not disciplined about it.
  5. Examine your financial statements like an obsessed accountant. I wouldn’t say I review my statements like an obsessed accountant, but I review each merchant and also look for patterns (e.g., two charges from a merchant when that type of pattern is rare). I also look for unusual charge amounts. This is very good advice and everyone should be reviewing their statements.
  6. Guard your mail from theft. By happenstance, we are at reduced risk for this. We live on a hill and our mailbox is on the side of the entrance-way. Although the outgoing mail is clipped to the outside, it’s not visible from the street. In fact, you would have to be right on top of it to see it.
  7. Invest in a shredder. It’s good advice though.
  8. Practice Safe Shopping. This is all about shopping at sites you know, looking for 3rd party trust seals, using credit cards and looking for https. This is good advice and it makes shoppers into more active participants in protecting their data and spotting potential fraudsters. More education should go into this.
  9. Avoid sketchy ATMs. I do this most of the time. The advice should probably be, “use bank ATMs only”.
  10. Be suspicious of unexpected calls or letters. This is important advice. I always follow-up on unexpected letters. It’s amazing how often this is an indicator of a mistake by a legitimate merchant. This practice is just good financial sense. My wife was hospitalized while pregnant with our twins. It’s amazing how many billing mistakes were made by the hospital and insurance company.
  11. Put real passwords on your accounts. Agreed. This requires little effort. I have a colleague who has five passwords and divides sites into five levels of risk. His toughest password is used on the highest risk sites. I personal use an app stored on a USB key that must be plugged into the computer I am using. the key also can run a browser depending on the permissions of the computer it is plugged into.
  12. Keep your credit card close when shopping or eating out. Easy to do as long as you are willing to break a few social etiquette rules. It’s so easy to skim card information (a few seconds only) that this control is not very effective in my opinion.
  13. Use Safe Checks and use them sparingly. I could’t agree more. I think businesses that write down additional customer information on the check are significantly increasing the risk of identity theft and that this practice should not be allowed.
  14. Secure the home front and office front. Definitely. We have a nanny and a weekly cleaning service. I keep my passports and checkbooks in a home safe.
  15. Carry only what you need. Don’t carry 20 credit cards in your wallet. Who needs 20 cards anyways? Don’t carry social security card.
  16. Spring clean your credit cards. Your finances will likely improve as well.
  17. Opt out. I always go.
  18. Read privacy policies. I always do, but I think it’s unlikely others will do this until policies are made much shorter and simpler. Personally, I don’t think anyone follows the clear and conspicuous requirements and am surprised that the FTC doesn’t enforce this.
  19. Protect a deceased relative. Luckily, I haven’t had to deal with this scenario.
  20. Place fraud alerts on your credit reports. It’s a great idea, but I don’t see many people doing this.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s