I'm Adam Levin, consumer advocate and expert in privacy, digital security, and identity theft. AMA.

Whats your favorite Maroon5 song?

I am not Adam Levine, but I still like the band. Move Like Jagger.

I feel like I hear more about credit card numbers getting stolen lately, why do you think that is?

Great question - Because it's a crime of opportunity and it's easier to pull off. It's considered low-hanging fruit in the realm of ID theft. Retail sector has not been as secure as for instance financial services. Also: there's access to a large quantity of data, and of course chip and PIN cards aren't used here yet (they will be next year) and magnetic strip technology is relatively easy to exploit.

What's the most common credit mistake you see people making?

Closing accounts. You need those accounts open. Close them and you lower your available credit, which lowers yours score.

Can you explain this one better please

Let's say you have 5 credit cards, each with a $2000 limit, that's $10,000 in available credit. In total, you are carrying $4000 in debt spread across the cards. You are in debt for 40% of your available credit.

Now you have a look at the cards, and decide that 2 of them aren't as good as the others. Maybe they have higher interest rates. Maybe they have fees that you aren't comfortable with. So you cancel them.

Now your $4000 debt is spread across $6000 in available credit, and you have just injured your credit score by jumping to 66% of your available credit, without going an extra dime into debt.

A better plan would be to contact the issuers of the 2 cards you don't like, and threaten to cancel the cards unless they offer you more attractive terms, or to convert the card to a better type. They will often be willing to do this because they track "retention" as one of their statistics. Losing a customer is a big no-no, and reflects poorly when it comes time for them to apply for a promotion or a raise.

This way, you maintain your available credit, keep your usage of that credit to a lower percentile, and save some money on the terms.

Exactly.

How often do you change your email password?

Trade secret. :) (Monthly or more when required).

• Do you think new digital currencies (like bitcoin etc) are more adept at handling theft/privacy issues as opposed to current conventional products?
• Do you think cryptocurrencies and/or other such innovations in the realm of tech/finance will permeate into the mainstream any time soon? Or rather will the current guardians of financial transactions (traditional banks, govt's and central banks) allow these technologies to be widely used as they will eventually challenge their respective monopolies?

I'm skeptical about alternative currencies, but it's also admittedly pretty early in their development, so we'll have to wait and see.

It has become very common in european law, especially in germany (I'm a german law scholar), that privacy issues and identity theft are becoming subjects of criminal law.

How is it done in the united states and do you think this problem should be solved by private law and compensatory damages or by criminal law and legal actions from the state?

It's handled both ways in the US and it should be that way. There are criminal laws against ID theft (both federal and state).

How has the Sony data breach affected the way people do business?

It hasn't affected people yet, but it has officially scared businesses to death.

I'll bet - but what do you expect will come about as a result of it?

Well I think the following: studios in particular and all companies in general are going to be much more concerned about security and privacy. And I think this will change people's attitude toward open expression via email. This really was a near extinction level event, and a wake-up call for everyone. Sony is the poster child for the need for encryption.

What's new and different about the Sony breach ? Seems like just the latest in a long series of breaches.

The scope of it - it's not just a list of credit cards or social security numbers, it's movies, correspondence, personal information about employees (actors and otherwise), and so on.

What's something important that people should do to protect their identities that may not be super obvious?

Don't use your email address as a user id - that's pretty huge. Second thing, do NOT save passwords or user ids on applications on your smartphone. Never let stores put your receipt in a bag, make sure they hand it to you.

What data is sensitive on store reciepts?

Almost everything on the receipt can be used by a clever thief - for instance, your name, the amount of your purchase, the last 4 digits of your credit card number, the date of purchase, the expiration date of your card. Remember, an identity thief's job is to be you - the more information they have, the more successful they will be.

[deleted]

Unless you need them for tax purposes, shred them.

What is Shakira like?

I've never met her, but I'm sure she's delightful.

Where do you project America's economy will rank in next decade? And what will the job market be like for internet security in the U.S based on your projection?

I think security will certainly make up a larger portion of the economy, but as for the economy itself…Your guess is as good as mine.

What was the cleverest scam you ever discovered?

Come to think of it, the most clever scam I've seen is Wall St.'s poisoning of the CRomnibus act that Elizabeth Warren has fought so vigorously against in the last few days.

The cleverest scam I ever came across might be the Sony Pictures hack. I've seen so many. The majority of scams are very clever and very hard to detect. When income tax fraud first started, it was novel. The same goes for malware. When scammer made calls to known Microsoft users claiming to be customer service but were actually doing an IT support scam—again, it got a lot of people. There are also the old standards like the call you get at a hotel in the wee hours of the morning claiming to be the front desk needing your credit card number again because it didn't go through. That one still works way too often.

When it comes to scams, remember that you can always look it up on Snopes.com.

Is there any way to protect my Social Security number?

No, your social security number is in many different hands. The best thing you can do is 1) Don't make it worse. Only give you SSN when you absolutely must. 2) The best protection against having your SSN used illegally is monitoring your financial and credit accounts regularly. You might also consider a credit freeze, but bear in mind, you'll have to unlock it every time you want to shop for new credit.

In the UK at least, banks currently refund virtually all customers who lose money by way of credit card fraud, and when customers' identities are used to obtain credit they are not actually required to pay it back - in most cases, the banks foot the bill and do very little to investigate the crime. As a result, nobody ever feels hugely put out once they get their money back, and the law enforcement agencies get no pressure at all to deal with the frauds the same way they do with burglaries, robberies, etc.

Do you foresee a time when banks do not refund the money as willingly, and therefore people expect a more robust effort from the police in finding the fraudsters? (And if so - how far away are we from that?)

It's pretty much zero liability in the US as well. However, with the new Chip and PIN technology coming out in 2015, retailers are going to be more on the hook if they don't switch over to the new technology. (If that happens, retailers will just pass the expense on to the consumer.)

Coming out in 2015 bahahaha. Can't believe the US is so far behind when it comes to consumer protection. Why hasn't chip and pin been implemented sooner?

Money. It was chicken-and-egg. Banks didn't want to spend the money on the cards until retailers had the readers, and vice versa. With Target we finally reached a tipping point.

Doesn't the government have any say? Forgive my ignorance on US laws but isn't there a government body that works in the interest of consumers/citizens? Businesses will always look to use the cheaper option but it's the government that should be keeping them in line no?

Should? Yes. Does it? No. In this case, it was Visa and Mastercard that got the ball rolling.

[deleted]

The most important is having a budget and sticking to it, and building an emergency contingency plan into that budget.

In my mind, i've always made a distinction between privacy and security online. I leave this intentionally broad so you can fill in the parts that you think is important.

In your professional opinion, is this a false distinction on my part? If it isn't, do you have differering philosophies or ways of approaching the two ideas on a practical level?

Where there are privacy issues, there must be security. With privacy issues online, you have some choice in the matter - you can decide what you'd like to share, or opt in. With security online, you have no say in what happens - you're at the mercy of the company or entity that has your information.

On a practical level, there are things you can do to protect your privacy and things you can do to ensure your security. When it comes to data that you're provided to a company online, often times it's more important to have consistency than veracity - in other words, you can lie about your birthday as long as you remember what you said. That's the practical approach to the privacy conundrum. Basically what you're trying to do is secure your privacy.

My spouse thinks that because he has some bad credit, he doesn't need to worry about protecting things like his Social Security number and personal information. He said 'it's not like they could get a loan or anything' when he carelessly lost his wallet or when he uses easy passwords. Can you please give me the simplest explanation of why this is a bad way of thinking? I've tried to explain that this could hurt him 10 years down the road after his credit improves, to no avail.

Seriously, dumb it down as much as you can. Maybe you can help him see the light of reality.

Protection of your social security number goes way beyond credit. If your identity is compromised, your bank account can be improperly accessed. You could end up on a no fly list, be the target of criminal enforcement because crimes were committed in the name of the victim. False tax returns could be filed, tax refunds could be diverted, illegal employment could occur (where the earnings are attributed to his social security number). Someone could obtain medical services, prescriptions or treatment in his name. His medical insurance could be drained. In the event the thief is examined using his identity, their medical information could become mingled with his and an incorrect course of treatment could be prescribed, allergies disappear, new allergies appear, etc.

Wow... Thank You!!

You're welcome.

What are some methods you use routinely to protect your credit and accounts? Do you routinely change credit card numbers annually?

I check my accounts at annualcreditreport.com. I get monthly credit score reports for free from Credit.com and I subscribe to Lifelock. I check my accounts every day and I get automatic notifications when there's any activity in my bank accounts.

[deleted]

There are several programs for monitoring and damage control that are either free or provided through your insurance company, HR from your work, or other financial services. There are comprehensive programs out there that can handle either monitoring or damage control as a paid service - ultimately whether or not to go with a paid service depends on what your peace of mind is worth to you.

[deleted]

The first thing is to see if you can be named an additional credit card holder of somebody's credit card. Second, see if someone might be willing to co-sign a credit card application with you. Third, go into a store and see if you can get a store credit card. It's not something you should stay with, but it can help build credit. Fourth, a secured credit card, which is where you deposit money in a bank, and they give you a card with a credit line from the money you deposited.

Is any digital data really safe?

If it's offline, encrypted, and in a secure storage facility, you have a shot. Otherwise...

I'm late so I apologize and hope you find time later to get back to me. Looking at the history of data and consumer security (immense over generalization I know) has a trend to be seen as expendable and unnecessary. Arguably every development in tech hardware and software has intentionally dismissed enhanced security. Users have a embedded belief that security is just a bunch of hype and just install Norton security "anything else is Microsofts fault".

These are incredibly reckless and costly trends, how do you think we can change the consumer and business mentality of digital security?

Ps. Sorry to focus just on this but in our modern world it's the core of all commerce.

I think the change in mentality is already happening... if you look back over 2014, breaches and identity theft have been consistently dominating the headlines. The breaches to Sony, Target, Michael's, the USPS, etc. have been incredibly damaging to their respective brands and has shaken the confidence of customers and investors - at this point, businesses have to step up their efforts to either keep from being the next major breach, or to restore trust in the aftermath of one.

I'm not incredibly good but for childish interest I did learn a little hacking, network cracking, and using packet collecting to traffic. What surprised me was a seemingly basic flaw in our legal systems and the industry's approach, how incredibly easy it was to download programs and scripts for malicious use. These programs are debatably useful in certain situations but to be so freely accessible seems like something to address. For the same reason I can't go to a gun store and buy c4 I shouldn't have access to utilities that are created for the use of circumventing security whether present or implied.

Do you think we'll ever see any attention to this?

If there's one thing that we've learned this year, between the celebrity phone hacking scandal and the Sony Pictures hack is that it's incredibly difficult to take something offline (if not impossible) once it's on the internet. To take your example, if someone buys c4 that doesn't mean that can distribute copies of it all around the world in a relatively short span of time - there are limitations to physical objects that just aren't there with digital ones, be it hacking tools, leaked information, or pirated content.

Opinion on 'Swatting'?

If you define swatting as causing first responders to scramble for a fake emergency, I think it's outrageous. Also: it has nothing to do with the kinds of scams I look at.

Do you know Paul Oster? If so, what are your thoughts about him?

I know of him, but we operate in two different worlds.

I heard him on a radio show on Long Island 103.9FM on Saturday and he spoke of a technology that allows someone to pick up the heat from your fingers on the pad when you enter your pin (and for up to a minute after you entered your pin) for your debit card and this allows them to steal your credit information and possibly your identity. Is there any truth to that? He also said this holiday season will be the worst ever seen for identity theft.

What are your tips on avoiding identity theft, especially during this holiday season?

Avoiding identity theft can be especially difficult - even if you're doing everything you can to keep safe, there's always the possibility of retailer breaches along the lines of what we saw with Target and Home Depot. The best thing to do is to track track of your accounts and monitor activity on them.

Thank you for your responses :)

Certainly - and thank you.

whats ur fave thing to put on a hotdog and why??

hot dog: mustard and sauerkraut. i like it spicy.

edit: sauErkraut