Data Oversharing

'Whenever I buy something over the phone I am giving a total stranger the means to clean out my current account'

This scam took in a perfectly savvy friend of mine, and I’d have fallen for it myself:

You get a phone call from the police. An authoritative-sounding man claims that your credit card details have been misappropriated. But the officer understands that you have to confirm his identity. So he provides his name and badge number and suggests you ring 999. Ask for the police, then quote the name and badge number, and you’ll be routed to his extension.

His concern that in these perilous times you need to verify he’s really a cop makes him seem authentic — and the process he recommends sounds foolproof. Yet as you follow his instructions, you may not realise that phone calls are only terminated by the caller, who in this case stays on the line — the better to play a recording of a dial tone (nice touch). When you ring 999, an accomplice ably mimics emergency services, then hands the phone back to the first man. Certain this is legit, you don’t hesitate to provide your credit card details, and you’re thankful when the “officer” offers to cancel the card for you.

Fortunately for my friend, she receives a text alert whenever her credit card is used, so when a £400 charge came in the next morning she rang 999 and asked for the police, objecting that Officer Whatshisface had promised to cancel the card. Of course, they’d never heard of Officer Whats-his-face, and had no idea what she was on about.

All that scam required was a telephone and a tape recorder. At £400 a pop, these ingenious crooks could easily rake in five grand a night while watching TV and only working during the commercials. But given the wild disconnect between the paranoid caution we’re told to exercise to protect our data and the blithely lax protocol of a host of transactions in daily life, I don’t know why they bothered to be so inventive.

Whenever I buy, say, a case of wine over the phone, I provide my debit card number, its security code, and the expiry date, along with my name and my address. Although I’m dealing with an established vendor, I implicitly have to trust this particular employee. I have no idea who this person is, how long he or she has been working for the wine club, or who the employee’s friends are. Yet I have just given a total stranger the means to clean out my current account.

It’s no safer online, is it? Putting charges through “secure servers” entails having faith that all that encryption folderol is the real deal. The impression of security is created with an image or two and a sequence of fluctuating dots that any half-competent hacker could conjure up with his hands tied. 

Surely Amazon’s dominance isn’t solely explained by the site’s range of products. It feels safer to keep buying from the same website than to enter all those dangerous details into multiple websites you’ve never used before. But in the name of convenience, Amazon itself stores so much information in your account that if some ne’er-do-well steals your laptop and runs a program that randomly generates your password (the name of your dog), he’s got the keys to the kingdom.

My husband shreds any paper with our names and addresses on it, while I claim that if it takes that little to steal your identity we’re all doomed: our names and addresses are on every piece of mail that enters the house. But then, the post isn’t safe. Mail fraud is rife. Yet postal workers continue to handle card replacements and bank statements, and we still bung cheques and tax documents merrily into that bright red maw.

More and more, government interfaces with citizenry online, and in filling out forms for permits, licences, and passports, we’re meant to pony up national insurance numbers, dates of birth, addresses, and credit card details for fees — all the while keeping an eye out for fake websites. But when an imitation is skilful, how can we tell that a site is bogus? Besides, government   databases can be hacked, and public employees have left information-laden computers behind on trains.

We still conduct our fiscal and bureaucratic lives with a trust that now seems moronic. I am repeatedly asked in the conduct of everyday business to provide often low-paid employees whose ethics I have no reason to trust a tranche of data that in the wrong hands could ruin my life. Something’s got to change. Credit cards, for example, are really no longer functional (in having become too functional). Yet absent any substitute we keep using them. Rather than tighten up protocol, we invent still easier methods of spending money — like waving a mobile at a till — and thus even easier ways to steal.

An autumn note

“For many, the end of this uneasy year cannot come quickly enough”

An ordinary killing

Ian Cobain’s book uses the killing of Millar McAllister to paint a meticulous portrait of the Troubles

Greater—not wiser

John Mullan elucidates the genius of Charles Dickens
Search