-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<!-- 2009-05-11 -->Today I got a charming letter in the mail from Citibank informing me that:

<img src="http://philosecurity.org/wp-content/uploads/2009/05/paper_trail_bigger.jpg" alt="paper_trail_bigger" title="paper_trail_bigger" width="432" height="35" class="center size-full wp-image-1642" />

<em>"A paper trail is an identity thief's best friend. Sign up for paperless statements and you can rest easy knowing all your account information is locked away safely online." </em>

Ahahahahaha!...ha... ha... When's the last time you heard about millions of credit card numbers being stolen from the <em>mail</em>? Somehow I don't recall identity theft being such a big deal before online financial systems started taking off. In much the same way that the Bush administration linked Saddam Hussein to 9/11, credit card companies are now campaigning to link "identity theft" and... paper.

This brilliantly twisted marketing campaign:
1) Fuels the "identity theft" fear-mongering, increasing identity theft protection sales.
2) Reduces the number of individuals who will be able to independently verify and access statements down the road
3) Saves Citibank money on paper (which also benefits the environment, but that isn't Citibank's motivation)
4) Instills a false sense of security regarding the safety of web-based account management systems
5) Increases customers' risk of identity theft by promoting the use of insecure, online web based account management systems (which will subsequently lead to more "identity theft protection" sales... yay!) 

<a href="http://philosecurity.org/wp-content/uploads/2009/05/citi_envelope.jpg"><img src="http://philosecurity.org/wp-content/uploads/2009/05/citi_envelope-300x156.jpg" alt="citi_envelope" title="citi_envelope" width="250" height="130" class="right size-medium wp-image-1649" /></a>I'd feel a lot safer if all of my account information were locked away in my own fireproof filing cabinet.  Unfortunately, it's clearly not. Less than a month ago Citibank sent me a new card because one of <em>their</em> payment processors lost millions of people's account information, including mine.

An identity thief's friends are the vast legions of computers running Windows with Internet Explorer that people use to login to their online accounts (with re-used passwords such as "fluffy2009"). Identity thieves are also pretty chummy with payment processors such as Heartland, who recently lost over 100 million of credit card numbers. 

Identity thieves' best friends in the <u>world</u> are the credit card companies themselves, who have created a system rife with holes, and subsequently profit from their own systematic failures through scams such as "identity theft protection" services. 

What chutzpah.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.5)

iEYEARECAAYFAkoHzqsACgkQSAUOoW73R4zh2QCcDPjXulPt1MHky26B/mTAMiwm
8UoAni7EVxJqSXQLOEVJO4/lMMe6cN9M
=gcLI
-----END PGP SIGNATURE-----