[J]ust to show you how easy it is, and why it’s so commonplace, I decided to conduct an experiment: Would it be possible to check the balance of my credit card account using only information I can find on the Internet?
The first step is to call my bank to establish what information they require to make sure I am the real account owner. The bank employee asked me for my name, date of birth, address, and my personal identification number. Just to be sure he also asked me about my email address and some digits of my credit card and its expiration date.
You might think this would put off an identity thief. After all, it’s a lot of information to discover. But there’s so much information online, it’s not really that hard. The first thing I need to discover is my name. This is easy; my Facebook account displays it for all to see.
The next thing is date of birth. I didn’t complete this field for my Facebook account (but most people do). Even thought it is unlisted on Facebook, it’s not hard to discover. By looking through the pictures I’ve posted I find the hint I need. It’s a photo, saying: “Today is my birthday, let’s party!” And there slap bang in the middle of my lovely birthday cake is a figure that says how old I am.
The next bits of required information are home address and personal identification number. This seems like a real challenge. But it’s not. These details are posted on the Internet as part of an official document. You just need to know where to look. And the clever identity thief will certainly know where to look. My email address is very easy to find – it’s all over the Internet.
Up until this point finding the relevant information has been relatively easy. Now, it’s time for the difficult bit, to find out the credit card details such as the card number and expiration date.
The first thing to do is check the Facebook photos again. There’s a photo that’s very interesting – a beautiful and welcoming hotel where I spent my great vacation this year. It’s a great opportunity to find the details for my credit card.
I find the hotel’s number and call them impersonating someone from the bank. Armed with the information I’ve already collected, I say there’s a problem with the credit card payment used to make the payment for the room, and I need to check the card details. The person on the phone willingly obliges by providing the number and expiry date to help me double check. After all, he thinks I’m calling from the bank….