As featured in The Wall Street Journal, Money Magazine, and more!

Privacy and Security

Wells Fargo Sent Statements to Wrong Customers

This article was written by in Banking, Privacy and Security. 8 comments.

The fourth largest bank in the United States by assets, Wells Fargo, admitted last week that many of its customers received statements with other customers’ banking information included. In this security breach, those affected might have received a statement with a stranger’s account number, transaction detail, and in some cases, Social Security number. Other affected customers might have had their information compromised, with their details included on other customers’ statements, without their knowledge.

Wells Fargo through its spokesman Josh Dunn blamed the error on a “malfunctioning printer.”

Wells FargoThe biggest threat is that with an account name and number, and a bank’s routing number which is public information, anyone can easily print a check. When presented, if the signature isn’t checked, could result in a withdrawal from the compromised customer’s account. For those whose Social Security numbers have been shared, the potential fraud could be worse.

My first reaction is to encourage customers to turn off paper statements opting instead for online statements only, but that won’t prevent every potential bank error. Online statements are much more secure than mailed statements.

If you’ve been affected, I would suggest changing your account number at Wells Fargo. This may be a significant process, particularly if you have direct deposit enabled or automated debits scheduled with outside vendors. It will be worth the effort, however, to ensure the compromised account number is no longer linked to you. If you Social Security number has been shared with a stranger, you should contact one of the credit reporting bureaus to freeze your credit. Your Social Security number can be used to open accounts in your name, using your credit history, so by working with the credit agencies you can opt to be notified if anyone tries to open a new line of credit.

Considering Wells Fargo’s error, the bank should offer to pay for credit monitoring services for affected customers.

Is this extra motivation for moving your money out of a big bank? There are many reasons to switch to a credit union, but this may not be a reason on its own. Mistakes like this one can happen at any institution, regardless of the company’s size.

I’ve used Wells Fargo for my primary banking services, ever since Wells Fargo acquired Wachovia, since Wachovia acquired First Union, since First Union acquired CoreStates, since Philadelphia National Bank merged with New Jersey National Bank forming CoreStates Financial Corporation.

If you’re a Wells Fargo customer, do you plan to close your account after this incident?

Photo: MoneyBlogNewz
BusinessWeek (AP)

{ 8 comments }

Updated: Hackers Steal Credit Card Numbers From 360,000 Citi Customers

This article was written by in Privacy and Security. 14 comments.

The latest big business security breach affected Citigroup and about 1% of the company’s credit card customers. Hackers were able to access the customer database, finding customers’ names, credit card numbers, and email addresses free for the taking. The hackers were not able to gain access to other personal information, like Social Security numbers, card verification numbers, or birth dates. The company has started contacting affected customers.

It’s unlikely that customers whose numbers and names are significantly more susceptible to identity theft as a result of this breach, because Citi kept the more sensitive information secure. It may still be a god idea to change your password if you have online access to a Citi credit card. In cases like these, there is little that customers can do to avoid being included in a data breach short of opting out of the finance industry overall. If you never sign up for a credit card, you prevent hackers from stealing your information. Once you’re in “the system,” you have to rely on banks to protect your information appropriately.

As a result of this breach and the continual development of technology, financial institutions may soon find new regulations that require even stricter security for online access. Some financial institutions now offer options for their customers to authenticate via a SecurID — technology that uses wireless networks to provide a unique code over the air that must be verified before you can access your account. In my role at my former job, I accessed banking institutions on behalf of the company, and every bank required a different wireless device. This could be where the consumer market is heading — and if it is, it’s going to make even more sense to simplify your finances.

Additional information: According to the Wall Street Journal, Citigroup waited up to three weeks after the incident before notifying customers. The delay was due to an investigation into the issue.

Update: Of the 360,000 accounts breached, only 3,400 accounts were subject to fraudulent charges by the hackers. Customers are not responsible for fraudulent charges, though the total loss on Citi’s side due to the fraud is $2.7 million.

Yahoo Finance / AP, CNN Money

{ 14 comments }

Facial Recognition and Billboards

This article was written by in Consumer, Privacy and Security. 6 comments.

I have a fascinated/disgusted relationship with targeted advertisements. On one hand, I’ve seen enough Playtex commercials in my lifetime that I could probably draw you their logo from memory, and I’ve never been in the position to decide, “should I buy the Playtex version, or a different brand?” All those ads in my face have been a complete waste of my time, and the advertiser’s dollars. So, I think it would be really neat if I only saw advertisements that would interest me.

On the other hand, even though I’m blessed with A.D.D. and therefore daydream my way through most ads, I’ve read enough studies about how ads work, and I know that in some cases I’m more likely to buy a brand I’ve heard of. In other cases, a simple Google search will suffice, and the recommendation from people I trust is worth more than a hundred well-produced ads.

Privacy LatchSince the seminal work on the subject—Minority Report—came out in theaters, I’ve been waiting to see just how close we’ll get to individually-targeted ads. And this morning I see that Germany is beginning to place video cameras inside of street-level billboards, designed to recognize people’s emotional reaction to specific ads. If the advertisers sees that more people are smiling, or at least interested, than sneering, they’ll feel encouraged to keep the ad going.

Granted, this is quite far from a commercial that speaks to you or knows your habits, as in “Hey, Bill Braskey, it’s been 8 days since your last vanilla latté. Don’t you think you deserve one?” And I’m thankful for that. At present, I don’t feel like an advertisement that judges my emotional state is an invasion of privacy, but if they start to recognize my identity, I certainly will.

We do, however, already see ads based on our habits. Google and its advertising partners have the ability to show you ads that other visitors won’t see, because your Internet browsing habits are not exactly private. They call it “interest-based advertising”, and because Google is Google, they were very open and up-front about it, and have provided permanent methods for anybody to opt-out of the program.

Billboards shouting out your name aren’t a reality yet for a couple important reasons: 1) recognizing an individual face isn’t foolproof yet, and 2) advertisers don’t have access to a database of, say, driver’s license photos. Although, there may be a way around that last requirement, if Facebook starts selling access to names tagged in photos. In any event, you can rest assured that we’ll keep on top of this for you and help you protect your brain.

Big Brother is watching you shop, Michael Fitzpatrick, BBC News, Oct. 2, 2009

Photo credit: rpongsaj

{ 6 comments }

Lie to Yourself for Better Security

This article was written by in Privacy and Security. Add a comment.

This week, TechCrunch made a big to-do by publishing internal Twitter business documents that they apparently received from an enterprising hacker. The access to multiple networks apparently began when the hacker accessed the GMail account of the wife of a co-founder.

If you, like Twitter employees, store any sensitive information in your Google Docs, or even have other people’s passwords hanging out in your GMail archive, then yes, it’s important to pick a unique password for different services, and make sure they’re all strong passwords. But that still leaves a hole in your security strategy: using the “forgot password?” feature in your Google Account.

1. Log into your Google Account settings (don’t worry, that link isn’t really for your account), and you’ll see an area for “Personal Settings”:

google personal settings

Click on “Change password recovery options”. This is the feature that lets you get your password back when you’ve forgotten it, or when someone who isn’t you wants to get at it.

2. Google will ask you to verify your password for added security.

3. On this screen, there’s an option for “Security Question”:

google security question

If someone that you don’t trust implicitly can guess the answer to the question you’ve chosen, you need to change this. Even if you’re not the spouse of the co-founder of the most popular and secretive company of the last few years. Sensitive personal data is retrieved through social engineering all the time, and if someone has access even just to your e-mail, you’re a prime candidate.

Better Than Your Old Phone Number

More people than I probably know about may have my old home phone number in an address book somewhere. I had that phone number for over 20 years. Anyone could have it. So, instead, I’m going to use the write my own question option:

google question

Here’s the novel part: come up with a fake answer. Even better: come up with an absurd answer to a reasonable question.

For example:

Question: What’s your husband’s mother’s name?

Answer: banana bread

This question/answer combination is memorable, provided that you love your mother-in-law’s banana bread. You know more than anybody about how your brain works, and how your brain will likely still be working in the future. Spend some time on it, and come up with something truly unique, but outwardly ridiculous at the same time.

For what it’s worth: no, I’m not a big fan of banana bread.

{ 0 comments }

Facial Recognition is for More Than Your Photos

by Smithee

Most of the time when you hear the term “facial recognition,” it’s used by people trying to attract you to a new digital camera, or software, or a plugin for Facebook. On an individual level, it’s little more than a way to help your camera focus, or group and search your photos. But if you’re ... Continue reading this article…

1 comment Read the full article →

Livin’ it Up: Young Philly Couple Charged With Identity Theft

by Flexo

Jocelyn Kirsch and Edward K. Anderton live in Philadelphia but they’ve been spending their time in Paris, London, Hawaii, and Seattle thanks to their neighbors. The neighbors aren’t quite as happy, however. The two were using their expensive apartment to assist in stealing the identities of the other people living in their building as well ... Continue reading this article…

16 comments Read the full article →