Archive for the 'Credit Cards' Category

“Mike,” the owner of a midsized web-hosting company, talks about the effects of the Payment Card Industry Data Security Standard (PCI/DSS) on web hosting companies and small online merchants who are his customers. s: If PCI/DSS were enforced today, what would happen? m: Well, all the small businesses would lie. Right? If you’re a small […]

Read Full Post »

Recently, a friend of mine received a letter from Bank of America informing her that “some credit card information on your Bank of America account may have been compromised at an undisclosed third-party location.” The letter went on to state that BofA had reviewed her account and saw “no evidence that your account has been […]

Read Full Post »

If your medical data, credit card number, Social Security number, personal email, or other information were stolen, would you even know about it? After ten years handling incident response and forensics, I’ve been repeatedly shocked at the number of times that organizations sweep data breaches under the rug. When upper management is notified of a […]

Read Full Post »

Here’s a real copy of an American citizen’s DHS Travel Record retrieved from the U.S. Customs and Border Patrol’s Automated Targeting System (ATS). This was obtained through a FOIA/Privacy Act request and sent in by an anonymous reader (thanks!) The document reveals that the DHS is storing the reader’s: Credit card number and expiration (really) […]

Read Full Post »

Here’s where you can download my “scary” DEFCON presentation: Reverse of the United States Great SealNovus Ordo Seclorum“A New Order of the Ages” “Death of Anonymous Travel”DEFCON 2009 – PDF MD5sum: c772681c37c9ad5d210c19c12eb43095 Thanks to everyone who sent in comments, suggestions, and encouragement. (Special thanks to the EFF lawyers for reviewing this beforehand– you guys rock!) […]

Read Full Post »

Chase Identity Theft FAIL

This week I discovered that someone had opened up a new Chase card in my name. Scouring the Chase site for the appropriate number to report fraud, I stumbled onto their “Identity Protection” page and received this rather ironic pop-up.  (Click to enlarge) Sherri Davidoff PGP-signed text: 2009-07-02 (current)

Read Full Post »

Credit Cards == ID

Saw this sign in the Baltimore airport last week: “Self-Service Check-In: You Will Need a Major Credit Card” and then in small print: “For Identification Only” Yes, apparently American Airlines will only give boarding passes to individuals who have been thoroughly vetted according to the strict standards of American Express, Mastercard, or VISA (and perhaps […]

Read Full Post »

Today I got a charming letter in the mail from Citibank informing me that: “A paper trail is an identity thief’s best friend. Sign up for paperless statements and you can rest easy knowing all your account information is locked away safely online.” Ahahahahaha!…ha… ha… When’s the last time you heard about millions of credit […]

Read Full Post »

Credit bureaus and credit card companies have direct control over the risk of identity theft. They control the systems for granting and rescinding credit, including fundamental mediums for communication and related security features. Oddly, that doesn’t stop them from trying to profit when things go wrong. Credit companies strongly push their identity theft “protection” services, […]

Read Full Post »