The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, November 03, 2005

What Can Really be Done w/o a SSN? 

Slashdot is an online community of self-confessed nerds. Many of the nerds care a lot about privacy, know a lot about technology and have some interesting discussions about it from time to time. Most recently, a user asked what sort of identity-theft/fraud mischief one can get into without a social security number:

Slashdot | Identity Theft-What Can Really be Done w/o a SSN?:

"TheItalianGuy asks: 'Many of us that work in the financial sector are bombarded with daily security threats. One of the biggest these days is Identity Theft. My fellow comrades and I have been really grilling each other on differing scenarios on what could be done with what information. However, it all seems to come back the the Social Security Number. Financial companies have other controls in place (customer service verification checking, account passwords, etc) to ensure identification. But in order to be of any use, a bad guy would really need someone's SSN. Absent of that, other information would be useless. Right? That's what I would like to ask Slashdot folks. What could be realistically done with customer information without a SSN? Account numbers, address, maybe a phone or payment amount. Is that really dangerous to the customer if only those get compromised?' "

Perhaps the most interesting and chilling response was from an anonymous user:

As part of my studies on "How easy is it to steal you"... I walked the UT Quad in Austin on the first day of school with some fake credit card apps... I had 100 apps in the first hour all with SSN, mothers maiden name, birthdays, the whole shebang. we found out that all you have to do is offer a t-shirt and some candy and these kids will give you anything you ask for. We tried asking for absurd stuff like bank account numbers,"This card can also act as a debit card if we have your bank information...", paypal info, "We can tie your new credit card into your paypal account too... all we need is your username and password."... we got everything we needed to totally rob someone... Here is the best part... you know all the disclaimer text on the CC apps... we worded ours to say EXACTLY what we were doing... Not a single person read the information... had they they would have seen that...
"I certify that the information above is correct and that this application is not a real credit card application. I hear by grant the final holder of this document all rights to this information to use as needed to assume my identity. All information requested on this document can be used to assume my identity. Never give our your personal information out to anyone who does not have direct cause to have this information known."

its insane what you can get people to give you...

Labels: ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs