It's so easy to collect this information from people, for example those nice direct debit blaggers that hang around the streets and work for a different charity each day. We all assume they work for a recognised charity and not for themselves. Well on the street you give them your bank details and home address, your date of birth and I have been told they also ask for you credit card details just in case the bank refuses the direct debit. Richard Talbot Data Protection Adviser -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent Sent: 04 March 2005 08:10 To: [log in to unmask] Subject: [data-protection] Identity Theft - Nightmare scenario Now I know Identity Theft is fats becoming a media buzzword. I saw the survey that says that one in four of us "Has had their identity stolen" or "Knows someone who has had theirs stolen". I laughed at the second element because I thought it was like the people who know someone who knew the person who microwaved her poodle to dry it after a walk. I think I have joined that one in four. A few things conspired to make me think it may well be much more serious that the TV programmes have shown us TV last night showed a programme on traffic wardens and their "secure" disposal of credit card details in a wheelie bin that often overflowed. The news item about "one in four of us" germinated and sprouted. And I was contacted by someone who had been arrested because his credit card details appeared in 2003 on a Danish web site that touted illegal and deeply unpleasant imagery and was scared witless because he had never been there, but had, not unreasonably, had his home entered and a great deal of potential evidence seized for examination. I am not going into the morals here. He is either guilty or innocent. But it struck me forcibly how easy it is for someone to do this to someone else. To anyone else. For me to do to you or you to do to me. To do it to you I just have to visit that wheelie bin and get your card number and name (and I have your address because it's there, on the paperwork), the expiry date and that three digit number that I am told is intended for web transactions but that every phone based business records as well. Then I look for the material I want, probably by cruising in a car with a laptop until I find an insecure wireless network to log in through, which will make the IP address a random person's. It could even be yours at home. Then I put your credit card details into "averynastyplaceindeed.com" (it didn't exist this morning, but I bet someone registers it by this afternoon) and download the stuff that the police will later arrest you for. It may never appear on your credit card statement, either. There may actually be no charge (yeah, right!). But, if it does, it will slip under your radar because the sum will be named something innocuous. A reasonable question here, and I expect we have a financial institution or so on this list to help answer it, is how can the ordinary person know that this has happened (until the 6am knock on the door, of course. I understand one notices that in a highly stressful manner), how can they protect themselves from it, and most importantly, how can they defend themselves against it? Tim Trent - Consultant Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618 email: [log in to unmask] <blocked::mailto:[log in to unmask]> Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell, United Kingdom, RG12 1BP <blocked::http://www.marketingimprovement.com/> http://www.marketingimprovement.com This message is for the intended addressee's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The Information contained in this E-Mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). For those other than the recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful. Emails and other electronic communication with QinetiQ may be monitored. Calls to QinetiQ may be recorded for quality control, regulatory and monitoring purposes. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^