Total Secure Shredding | (619) 295-5474

Tag Archive | "Credit Card Information"

Tags: , , , , , , , , , , , , , , , ,

Paper Shredding Paranoia

Posted on 07 September 2010 by Total Secure Shredding

“I always feel like somebody’s watching me… ” (Rockwell)

Hey Folks,

I often get questions about what should and shouldn’t get shredded…

Actually, I get that question on a daily basis!

It’s funny that sometimes customers will come in for shredding down at our facility and actually make the excuse that the stuff they are shredding isn’t even that important – However they still want to watch and make sure it all gets shredded.

And for sure, not everything that is or should be shredded is just old tax returns, utility bills, bank statements, and cancelled checks.

We see a lot of old business cards, holiday cards, and the mailing addresses ripped off of old magazines.

Perhaps this is where customers get the notion that the stuff they are shredding isn’t all that important.

First of all, I don’t judge what my customers do and don’t deem important enough to shred.

I for one shred everything. I even had a customer that brought in multiple boxes of old Playboys for shredding… Go Figure!

Second of all, there’s a very good reason to make sure everything that has your name plus any sort of contact information should be properly destroyed…

That reason is called Social Engineering.

You may or may not have heard of social engineering.

… But is goes something like this:

Let’s say you throw away a bunch of old copies of Business Week or your subscription to the Wall Street Journal.

And let’s say that this old magazine or newspaper has your name and address – Sometimes they’ll even have your phone number listed.

Now, let’s say some Jerk finds your old magazine or newspaper, with your contact information, and decides to give you a friendly reminder call…

Maybe he’ll say that your subscription is about to expire and if you would like to provide your credit card information he can continue sending your subscription without interruption.

Maybe he’ll be so cunning as to ask if you want to extend the subscription for another year for only 50% more. Or maybe he’ll even throw in the free football phone!

And on top of everything, there’s a good chance you’ll hastily pull out your credit card and provide him exactly everything he needs in order to make the charge.

If this Jerk is smart, and you’re lucky, he’ll only make a small charge on your credit card so you won’t even know you’ve been scammed.

If you’re unlucky, he’ll run up your credit card so there will be no doubt you’re the victim of I.D. Fraud.

Or perhaps, he will just put a small charge on your card and then sell the information to someone in Nigeria who will max it out.

Don’t think these Jerks exist?

… Here’s one…

His name is Kevin Mitnick and apparently his biggest problem is “Staying Legal.” Here’s the full article.

This guy spent 5 years in the hoosegow for calling up employees of various large companies such as Novell, Motorola, and Nokia and using his “schmoozing” skills “to get source code and other sensitive information.”

To good news is that this guy uses his infamous reputation to make a living as a consultant, speaker, and author (sarcastic tone).

Here’s the deal…

This guy was able to talk his way into some pretty sensitive information from people who really should have known better.

I guarantee there are loads of just as sophisticated people out there trying to pry you from your hard earned money. All they have to do is get enough contact information, with just enough relevant personal information, in order to sound believable… and then it’s just a matter of making enough phone calls.

Just this year I had someone from a cell phone company call me to settle a small bill (about $35) that supposedly was overdue. I told them to send me a bill. They wouldn’t until I confirmed some more personal information. I refused and they got upset and eventually hung up – never to call back.

So indeed, these jerks are out there (it’s not always a “he”; in my “phone company call,” it was a “she”).

But there are some precautions you can take. In a recent blog, I listed 10 Identity Fraud Prevention Tips

Tip “Two” specifically discusses how not to fall victim to Social Engineering.

Another good tip is to shred anything that may contain your personal information… even if at first glance it may seem silly or paranoid.

In the end, I won’t think any less of you for bringing in as much as you see fit to ensure you remain free from I.D. Fraud.

Actually… Welcome to my world of Paper Shredding Paranoia!

Until next time…

Keep Totally Secure,

Mike

Comments (1)

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

10 Identity Fraud Prevention Tips

Posted on 02 August 2010 by Total Secure Shredding

Hey Folks,

Mike Here…

Identity Fraud (also commonly known as Identity Theft), is one of the fastest growing crimes in the United States that affected more than 11 million adults in 2009.

We are talking about a crime that totals $54 Billion annually.

That’s not “Chump Change” but there are some very simple precautions you can take in order to greatly reduce your chances of becoming a victim of I.D. Theft.

Here are 10 tips I put together to help you protect yourself, your family, and your business from the dangers of I.D. Fraud:

  1. Properly shred or otherwise destroy all old bank statements, cancelled checks, old tax returns and other documents containing sensitive personal information prior to disposing of them. Personal information you should be on the lookout for is an individual’s First Name, or First Initial and Last Name linked with any of the following data elements:
    1. Social Security Number
    2. Driver’s License number or State Identification Card Number
    3. Account Number or Credit or Debit Card Number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
  2. Be extremely cautions of anyone calling and asking to verify your information. Even if the person says they are from your bank, utility company, or other service provider. The safest bet is to not provide any information (especially social security and credit card or bank account numbers) and tell the person you’ll call them back using the phone number that is listed on a previous statement, invoice, or other correspondence. If the person on the phone gets upset and tries to push the issue, hang up immediately.
  3. When recycling electronics, make sure they have been properly sanitized before disposal. This includes computer hard drives and other memory capable devices such as smart phones.
  4. Do not email sensitive personal information (including credit card information). Most email is not encrypted and can be accessed if the sending or receiving computer has been breached by “Malware” (Trojans or Key Logging Software).
  5. Do not keep sensitive passwords and account information on your computer, laptop, or phone unless they have been properly secured. One free program you can use to securely store this type of information is “Keypass” http://keepass.info/
  6. Never give out your ATM PIN to anyone… Not even to close friends or relatives. Once you give your PIN away you are basically authorizing that person to have free access to your account. At that point, there’s not much that can be done if that person decides to take more than originally planned.
  7. Be cautious about online shopping. Only shop with recognized vendors that have good on-line reputations with proven secure websites. One thing to look for is that the webpage you’re putting your credit card information on has been encrypted. Once you get as far as putting in your credit card information, take a look in the website address window and make sure the website is prefaced by https. The “S” in “HTTPS” stands for secure and ensures a SSL/TLS protocol is in place to provide encryption so that no “eavesdropper” or “man-in-the-middle” can intercept your credit card information.
  8. Install an antivirus and malware software on each of your computers. A good antivirus program is called “Avast.” You can download a free version of at http://www.avast.com/lp-upgrade-4-5-free#. If you’re looking for a Malware program, checkout a program called “MalwareBytes”. Learn more about MalwareBytes and download a free version at http://www.malwarebytes.org/. And Finally, one of the best methods for preventing unauthorized access to your computer is to Update, Update, Update. It’s critical that you make sure all your software has been updated. Many times, these updates patch potential vulnerabilities hackers are using to access your computer.
  9. Review monthly checking, savings, and credit cards statements for unauthorized transactions. Even a relatively small monthly transaction can add up over many months or years.
  10. Perform an annual review your credit reports from the three credit reporting agencies so see if any unauthorized lines of credit have been opened. The Fair Credit Reporting Act guarantees you can access your credit report free of charge every 12 months from each of the three credit reporting agencies – Experian, Equifax, and TransUnion (read more at http://www.ftc.gov/freereports). The ONLY authorized site to get your free credit reports is www.annualcreditreport.com.

Feel free to comment below about any tips you may have that can help prevent I.D. Fraud.

Until Next Time…

Keep Totally Secure,

Mike

Comments (2)

Tags: , , , , , , , , , , , , , , , , ,

You’re Asking Me For WHAT!

Posted on 09 December 2009 by Total Secure Shredding

Combo Lock Credit CardHey Folks,

Last weekend I was getting a new hosting account set up with a new web site hosting company that was recommended to me. I’m starting to get things set up for a new Internet project that I’m working on – unrelated to Paper Shredding… But I Digress.

Everything went smooth with entering all my details on-line including my credit card information.

This actually took place last Saturday so I figured I would hear back from the company the following Monday that everything was now set up and I could start using my account.

But strangely enough I received an email from a “technician” which stated the following:

Hello,
Before we can approve your new hosting account,
please fax the following into our offices:
1.) Credit card used to sign up the account
2.) Photo ID of the person's name on the credit card
Please fax this to:
ATTN:  New Accounts
Fax#:  xxx-xxx-xxxx
Once we receive this information we will immediately
process this order.
If you do not have access to a fax machine, you can
also scan this information and attach it to this email.
Thank you.

A number of things immediately started coming to mind about how weird this is…

I’m not new to ordering stuff on-line… As a matter of fact, I do it all the time – sometimes for large dollar value items.

Strange enough, this purchase was actually a relatively low cost item.

And since I run a Secure Paper Shredding Company, I’m so stranger to ID Theft – I hear these stories all the time. Not to mention my company checking account was hacked for a few grand last year!

So here is how I responded:

Why do you need this information?

This email seems odd… Real close to losing the sale!

Mike Krauss

The next day, Sunday (which I also found surprising), I received the following response:

Hello Mike,
Thank you for contacting us back
This is to protect both the security of "COMPANY NAME"
and of it's customers (or soon to be customers in your case)
to prevent fraud orders. If you are worried due to security,
you can cover up all the numbers but the last 4 digits on
the credit card as they are the only ones we need for
verification. I hope that helps and if there is anything
else we can do for you please feel free to let us know. We
are here to help with anything else you might need.
Thank you for your time.

At this point, this company gets kudos for having some pretty good customer service. But still being worried about their security measures, I replied with the following on Monday:

I’m hesitant to even send a copy of the credit card with the account number blocked out except the last 4.

In No Way will I send a copy of my driver’s license.

Just to let you know, I’m the owner of a Secure Shredding Company in San Diego and I take ID Theft Extremely Serious.  Also, I’d like to think I am a little more knowledgeable about ID Theft and the laws that are in place to prevent it.

I suggest you take a look at your company’s written “Red Flag” rule policy for preventing ID Theft. This policy is Mandated by the FTC and since you are requiring such sensitive items from customers, there has to be a written policy in place ensuring these documents, once received, are handled properly and then destroyed.

Also, if your Visa/MasterCard Merchant Account agreement is anything like mine, you also know that requesting picture ID to accept a credit card violates that agreement. I assume you take a lot of credit card payments via the Internet, putting your merchant account in jeopardy doesn’t seem like a wise idea.

There must be other ways to verify the legitimacy of a new account – the way you decided on is extremely inappropriate.

When I opened a hosting account on GoDaddy this wasn’t a requirement. I see a big billboard behind my office for Host Gator and I wonder if they also require this type of account verification.

In any event, you’ve given me “fodder” for my next blog entry on ID THEFT.

Depending on how you respond to this email will determine whether I can trust your company any further or simply ask for a refund. (The amount is already pending in my account.)

Regards,

Mike Krauss

CEO & President

Total Secure Shredding, Inc.
When Security Matters Most

3584 Hancock St.
San Diego, CA 92110

Toll Free: (800) 536-4832 x750
Office: (619) 295-5474
Direct: (619) 889-7518
Fax: (866) 669-0729

MKrauss@TotalSecureShredding.com
www.TotalSecureShredding.com

www.Twitter.com/PaperShredding

Since I’m sure they don’t get many emails like this from Owners of Shredding Companies, this email was followed up with a phone call from the company from a live person who simply asked to confirm the last 4 digits of the account number on the credit card I used to purchase the web site hosting account – Nothing more, Nothing Less – Which seemed to be a reasonable request without me having to give up valuable personal information.

Again, I give this company credit for having some pretty impressive customer service…

The point of all this is that nobody should ever ask you for a photo copy of your ID and your credit card when making any type of credit card purchase. And even if they do, they better have damn good reason for asking

With ID Theft being so rampant these days, you cannot take any risks with your personal information – no matter what you may be purchasing – the potential costs of ID Theft are way too high.

I hope this serves as a good reminder to you all to protect any and all of your personal information…

And also, maybe my email served as a good lesson to this company, which appears to be a very good company and in the end earned my business, to not take requests for personal information so lightly.

Until Next Time…

Keep Totally Secure,

Mike

Comments (0)

or Call Today

(619) 295-5474

Local San Diego Shredding
Experts are waiting
for your call

 
Advertise Here

Photos from our Flickr stream

See all photos

Advertise Here