The fourth largest bank in the United States by assets, Wells Fargo, admitted last week that many of its customers received statements with other customers’ banking information included. In this security breach, those affected might have received a statement with a stranger’s account number, transaction detail, and in some cases, Social Security number. Other affected customers might have had their information compromised, with their details included on other customers’ statements, without their knowledge.

Wells Fargo through its spokesman Josh Dunn blamed the error on a “malfunctioning printer.”

The biggest threat is that with an account name and number, and a bank’s routing number which is public information, anyone can easily print a check. When presented, if the signature isn’t checked, could result in a withdrawal from the compromised customer’s account. For those whose Social Security numbers have been shared, the potential fraud could be worse.

My first reaction is to encourage customers to turn off paper statements opting instead for online statements only, but that won’t prevent every potential bank error. Online statements are much more secure than mailed statements.

If you’ve been affected, I would suggest changing your account number at Wells Fargo. This may be a significant process, particularly if you have direct deposit enabled or automated debits scheduled with outside vendors. It will be worth the effort, however, to ensure the compromised account number is no longer linked to you. If you Social Security number has been shared with a stranger, you should contact one of the credit reporting bureaus to freeze your credit. Your Social Security number can be used to open accounts in your name, using your credit history, so by working with the credit agencies you can opt to be notified if anyone tries to open a new line of credit.

Considering Wells Fargo’s error, the bank should offer to pay for credit monitoring services for affected customers.

Is this extra motivation for moving your money out of a big bank? There are many reasons to switch to a credit union, but this may not be a reason on its own. Mistakes like this one can happen at any institution, regardless of the company’s size.

I’ve used Wells Fargo for my primary banking services, ever since Wells Fargo acquired Wachovia, since Wachovia acquired First Union, since First Union acquired CoreStates, since Philadelphia National Bank merged with New Jersey National Bank forming CoreStates Financial Corporation.

If you’re a Wells Fargo customer, do you plan to close your account after this incident?

Photo: MoneyBlogNewz
BusinessWeek (AP)

The original version of this article, Wells Fargo Sent Statements to Wrong Customers, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.

The latest big business security breach affected Citigroup and about 1% of the company’s credit card customers. Hackers were able to access the customer database, finding customers’ names, credit card numbers, and email addresses free for the taking. The hackers were not able to gain access to other personal information, like Social Security numbers, card verification numbers, or birth dates. The company has started contacting affected customers.

It’s unlikely that customers whose numbers and names are significantly more susceptible to identity theft as a result of this breach, because Citi kept the more sensitive information secure. It may still be a god idea to change your password if you have online access to a Citi credit card. In cases like these, there is little that customers can do to avoid being included in a data breach short of opting out of the finance industry overall. If you never sign up for a credit card, you prevent hackers from stealing your information. Once you’re in “the system,” you have to rely on banks to protect your information appropriately.

As a result of this breach and the continual development of technology, financial institutions may soon find new regulations that require even stricter security for online access. Some financial institutions now offer options for their customers to authenticate via a SecurID — technology that uses wireless networks to provide a unique code over the air that must be verified before you can access your account. In my role at my former job, I accessed banking institutions on behalf of the company, and every bank required a different wireless device. This could be where the consumer market is heading — and if it is, it’s going to make even more sense to simplify your finances.

Additional information: According to the Wall Street Journal, Citigroup waited up to three weeks after the incident before notifying customers. The delay was due to an investigation into the issue.

Update: Of the 360,000 accounts breached, only 3,400 accounts were subject to fraudulent charges by the hackers. Customers are not responsible for fraudulent charges, though the total loss on Citi’s side due to the fraud is $2.7 million.

Yahoo Finance / AP, CNN Money

The original version of this article, Updated: Hackers Steal Credit Card Numbers From 360,000 Citi Customers, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.

I have a fascinated/disgusted relationship with targeted advertisements. On one hand, I’ve seen enough Playtex commercials in my lifetime that I could probably draw you their logo from memory, and I’ve never been in the position to decide, “should I buy the Playtex version, or a different brand?” All those ads in my face have been a complete waste of my time, and the advertiser’s dollars. So, I think it would be really neat if I only saw advertisements that would interest me.

On the other hand, even though I’m blessed with A.D.D. and therefore daydream my way through most ads, I’ve read enough studies about how ads work, and I know that in some cases I’m more likely to buy a brand I’ve heard of. In other cases, a simple Google search will suffice, and the recommendation from people I trust is worth more than a hundred well-produced ads.

Since the seminal work on the subject—Minority Report—came out in theaters, I’ve been waiting to see just how close we’ll get to individually-targeted ads. And this morning I see that Germany is beginning to place video cameras inside of street-level billboards, designed to recognize people’s emotional reaction to specific ads. If the advertisers sees that more people are smiling, or at least interested, than sneering, they’ll feel encouraged to keep the ad going.

Granted, this is quite far from a commercial that speaks to you or knows your habits, as in “Hey, Bill Braskey, it’s been 8 days since your last vanilla latté. Don’t you think you deserve one?” And I’m thankful for that. At present, I don’t feel like an advertisement that judges my emotional state is an invasion of privacy, but if they start to recognize my identity, I certainly will.

We do, however, already see ads based on our habits. Google and its advertising partners have the ability to show you ads that other visitors won’t see, because your Internet browsing habits are not exactly private. They call it “interest-based advertising”, and because Google is Google, they were very open and up-front about it, and have provided permanent methods for anybody to opt-out of the program.

Billboards shouting out your name aren’t a reality yet for a couple important reasons: 1) recognizing an individual face isn’t foolproof yet, and 2) advertisers don’t have access to a database of, say, driver’s license photos. Although, there may be a way around that last requirement, if Facebook starts selling access to names tagged in photos. In any event, you can rest assured that we’ll keep on top of this for you and help you protect your brain.

Big Brother is watching you shop, Michael Fitzpatrick, BBC News, Oct. 2, 2009

Photo credit: rpongsaj

The original version of this article, Facial Recognition and Billboards, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.

This week, TechCrunch made a big to-do by publishing internal Twitter business documents that they apparently received from an enterprising hacker. The access to multiple networks apparently began when the hacker accessed the GMail account of the wife of a co-founder.

If you, like Twitter employees, store any sensitive information in your Google Docs, or even have other people’s passwords hanging out in your GMail archive, then yes, it’s important to pick a unique password for different services, and make sure they’re all strong passwords. But that still leaves a hole in your security strategy: using the “forgot password?” feature in your Google Account.

1. Log into your Google Account settings (don’t worry, that link isn’t really for your account), and you’ll see an area for “Personal Settings”:

Click on “Change password recovery options”. This is the feature that lets you get your password back when you’ve forgotten it, or when someone who isn’t you wants to get at it.

2. Google will ask you to verify your password for added security.

3. On this screen, there’s an option for “Security Question”:

If someone that you don’t trust implicitly can guess the answer to the question you’ve chosen, you need to change this. Even if you’re not the spouse of the co-founder of the most popular and secretive company of the last few years. Sensitive personal data is retrieved through social engineering all the time, and if someone has access even just to your e-mail, you’re a prime candidate.

Better Than Your Old Phone Number

More people than I probably know about may have my old home phone number in an address book somewhere. I had that phone number for over 20 years. Anyone could have it. So, instead, I’m going to use the write my own question option:

Here’s the novel part: come up with a fake answer. Even better: come up with an absurd answer to a reasonable question.

For example:

Question: What’s your husband’s mother’s name?

Answer: banana bread

This question/answer combination is memorable, provided that you love your mother-in-law’s banana bread. You know more than anybody about how your brain works, and how your brain will likely still be working in the future. Spend some time on it, and come up with something truly unique, but outwardly ridiculous at the same time.

For what it’s worth: no, I’m not a big fan of banana bread.

The original version of this article, Lie to Yourself for Better Security, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.

Most of the time when you hear the term “facial recognition,” it’s used by people trying to attract you to a new digital camera, or software, or a plugin for Facebook.

On an individual level, it’s little more than a way to help your camera focus, or group and search your photos. But if you’re using it on a larger group level, you can make it do all sorts of nifty, and possibly dangerous, things.

Deterring Crime

For example, in Indiana recently, a convicted forger was caught trying to establish a sixth fake identity by a facial recognition system used by the motor vehicle department.

Airports are trying to use it to catch suspicious people when they appear in huge crowds. It shouldn’t shock you if I say that airports detain many people every week for doing nothing wrong. I’m a little worried that this would lead to even more false alarms.

YouTube has got a way to detect celebrity faces in their videos, which can help them, among other things, find videos that are breaking copyright law. There’s no reason, however, that it can’t also learn your face, and find you in other videos it has indexed.

Convenience

Some Windows-only laptops are using it to bypass the need for a startup password. I’m eagerly looking forward to the day when it might replace all my passwords, but there are a few kinks to work out first: most importantly, the Internet is not particularly secure, and I wouldn’t want just anybody to be able to activate my computer’s camera and look around. It’d have to be more of a system where, say, the bank’s Web site asks the local machine, “are you sure it’s really him?” and my computer replies Yes or No.

But if we could get that to work, I’d be a much happier man. I sit down, I’m logged in. I walk away, I’m logged out. Instantaneous, foolproof (?) security.

Toshiba is also working on creating fewer needs for drivers to take their hands off the wheel. One line from this article is kind of ridiculous, though:

Toshiba has found a way to make changing the radio station in your car as easy as blinking your eye.

That had better not be the trigger for changing the music. We, as a people, do a lot of blinking.

Beyond the Face

Microsoft is wanting to combine face recognition with voice recognition and movement tracking (and maybe more) with their new Project Natal. I am so far a big fan of the XBox experience, even if Windows drives me batty, so I have high hopes for this. I can’t help but think that background noises, like a dog barking, will cause a significant amount of trouble.

Conclusion

My American dream relies heavily on the notion of being able to go through an entire work week without anything in my pockets, or hanging off my belt. If facial recognition can be proven to be more than, say, 99% effective, sign me up.

But it also depends on a lot of trust in the authorities we place in power. I’ve seen corrupt behavior. You probably have, too. Do you imagine these technologies will help or hurt?

The original version of this article, Facial Recognition is for More Than Your Photos, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.

Jocelyn Kirsch and Edward K. Anderton live in Philadelphia but they’ve been spending their time in Paris, London, Hawaii, and Seattle thanks to their neighbors. The neighbors aren’t quite as happy, however. The two were using their expensive apartment to assist in stealing the identities of the other people living in their building as well as other individuals.

Police started investigating Nov. 19 after one of the couple’s neighbors reported that she thought her identity had been stolen. A day later, the woman heard from a local UPS store about a waiting package, although she had not ordered anything.

Police kept an eye on the store and arrested Anderton and Kirsch on Friday when they walked in to pick up the package, detectives said.

A weekend search of the couple’s $3,000-a-month apartment turned up a cache of tech toys: four computers, two printers, a scanner and an industrial machine that makes ID cards. Police also found $17,500 in cash, dozens of credit cards and fake drivers’ licenses, and keys to unlock many of the apartments and mailboxes in their upscale Rittenhouse Square apartment building. Police are not yet sure how they got the keys. The search also turned up a book titled, “The Art of Cheating: A Nasty Little Book for Tricky Little Schemers and Their Hapless Victims,” as well as a newspaper article on “How to Spot Fake IDs.”

How did they think they would get away with this scheme for long? The article mentions private-school upbringing and supportive parents. Something went wrong. Why are otherwise intelligent people capable of doing something so amazingly stupid?

For more information on identity theft, visit the FTC’s Identity Theft Site. It is a comprehensive guide about the issue of identity theft, including tips for prevention and handling the theft after the fact. While I believe the dangers of identity theft are a bit overplayed in the media, it is an important issue and even the most cautious individual can still be susceptible to identity theft.

Image credit: AP Photo/Philadelphia Police Department, HO

The original version of this article, Livin’ it Up: Young Philly Couple Charged With Identity Theft, is copyrighted by Consumerism Commentary.

If you enjoyed this article, follow @flexo on Twitter and visit Facebook for more updates.