On April 22 I was at the first dress rehearsal for Need to Know in New York City. Someone hacked my credit card, went looking for “always low prices,” bought something on eBay for $4.99 and paid a bill through a third party. Of course, my mind raced to remember if there was a shady guy standing behind me at my local ATM that morning. Had I ordered something online using public Wi-Fi and exposed my plastic?
Feeling frustrated but knowing that I am not alone, (according to the FTC 26% of all ID theft is credit card fraud), I called a former colleague, an expert in online fraud. Bob Sullivan wrote The New York Times bestselling book, “Stop Getting Ripped Off” and writes the Red Tape blog for MSNBC.com. I called him at his Seattle office.
Alison Stewart: So Bob, there are 20 different charges, all at Walmart, for around 60 dollars, right in a row. What do you think they bought?
Bob Sullivan: Those are likely gift card purchases, very well done online. The trick for thieves is how to turn it into money. It is not as easy as it sounds. Going into and using a card is obvious, but there are video cameras and then you (the thief) have to fence the item. You’ve put yourself at great risk. Buy a stereo and sell it on the street is the way it used to be, now they get gift cards. Then you can sell the gift cards online, even on Craigslist. And they can be transferred. This could have happened years ago and has just made it through the system. Sometimes they don’t use them right away. A guy was arrested for hacking millions of cards from 2006 to ‘09 and he couldn’t use them all at once. I think his name was Albert Gonzalez. (Note: It was, and he stole 130 million cards)
Stewart: Does using Wi-Fi expose me when I use my credit card?
Sullivan: No, not really. It is technically possible to do endless snooping. It is very, very hard. But I have never heard of anyone doing theft. I’ve seen demos on TV news.
Stewart: So, am I right to suspect the guy who was standing a little too close to me when I used my local automated postal center? Does that happen?
Sullivan: Yeah. But that’s hard work. Standing over someone is doable but most go online and hack sites. Plenty of people don’t use their card online and think they are protecting themselves but it all ends up online. Stores input your information into computers. When you call someone on the phone to order, what do you think the operator is doing — typing your information into a computer and maybe the store’s website.
Stewart: They also charged something to a bill paying service, a third party.
Sullivan: Again they want to monetize. That’s the trick.
Stewart: Is there anything I could have done and can do so that this wouldn’t happen?
Sullivan: Well, you can use mainstream sites. Using porn (laughs) or going to the deep dark shadows of the Internet or even smaller stores can put you at risk.
What I do is I have one credit card for all my “risky” purchases online (note: Bob is not referring to porn!). The card has a low limit. I check the bill extra carefully. What happens is, over time, someone (a thief) charges an extra 15 to 20 a month, and it goes unnoticed. That is realistic. I’d say, simply look more carefully [at the bill].
Stewart: So there’s nothing to do to really protect myself. Is it like walking across a New York street, you just might get hit by a car?
Sullivan: I’d say a better analogy would be parking on a New York City street. Some places you are more likely to get broken into. If you have $1,000 GPS on the dashboard, you are more likely to be broken into.
Stewart: Should law enforcement embrace hackers to learn from them how to stop this kind of crime?
Sullivan: A lot of law and order spend time in chat rooms. They are starting to crack down. But it is complicated to prosecute. You have to subpoena every Internet service provider. It is slow to grind through the system. For someone who stole a couple hundred dollars, it’s not likely to be prosecuted.
Stewart: After hearing about all the purchases made on my card, any thoughts on who it might be?
Sullivan: (Laughs) It used to be easy to say it was a 17-year-old kid in his parent’s basement buying video games. It’s bigger. Now it is lucrative. What I hear from cops is that ID thefts are safer [for thieves] and more lucrative.
P.S. In a bit of irony, Bob Sullivan recently has his own bank card “compromised.”