Good old identity theft as practiced in Chicago
The only time I have been a victim of identity theft (that I know of) was the time I took a couple of visiting Japanese engineers out to dinner at ChiChi's restaurant in Ann Arbor, Michigan. It was 1983 and I discovered the theft when I got my monthly bill and it told the story of a spending spree from the strip clubs of 8 Mile Rd. in Detroit to a $700 cash advance in Flint, MI. Someone at ChiChi's had kept a copy of my card info and probably passed it on to an accomplice just as a ring of hotel workers has been doing in the Chicago area recently. According to this article, Chicago police are working with an informant who claims to have purchased over 10,000 such identities over the last several years from employees at small hotels in the area. The going rate was $100 apiece and they were harvested in blocks of ten. The article stresses research findings that online data breaches are not the primary source of identity theft. Lost or stolen wallets or purses are still more frequently the case.
What's the lesson learned here? First of all, protect your credit cards! Even if the loss to you personally is the inconvenience of having to get a new credit card it still pays to take some precautions. I no longer sign the backs of my cards, for instance, causing many tellers to ask for an ID.
But the big lesson is the price-point for a stolen credit card. The highest figure I have heard of is one-hundred dollars. It probably reflects the risk the hotel employees were taking in order to steal the cards. But if there are buyers willing to pay that much for credit cards it only increases the likelihood of attack against the point of sale systems at the next Lowe's, BJ Wholesale, or DSW. If your organization is involved in handling credit cards it is time to review your practices for securing information about transactions. Look for opportunities for employees to grab the credit card info. Start by monitoring their activity and notifying them that they are being watched. And watch out for those database analysts. They own the keys to the kingdom!