118
I'm Adam Levin, consumer advocate and expert in privacy, digital security, and identity theft. AMA.
Hi Reddit. I’m Adam K Levin, a consumer advocate with a focus on data security, identity theft and personal finance. I founded an identity theft resolution company called IDT911, and I co-founded Credit.com. My goal is to educate people about maintaining their privacy, building credit, avoiding common mistakes that result in identity theft and bad credit, and highlighting new identity-related scams. I write a weekly syndicated column and appear regularly on cable and broadcast news, including ABC Nightly News, Fox Business, MSNBC and Bloomberg TV.
**UPDATE: I have to get going, but this has been fun! Thanks for your questions and the discussion - if anyone has any other questions, feel free to contact me at Twitter or Facebook.
Thanks again, Reddit!
Proof: My twitter feed: https://twitter.com/Adam_K_Levin
Facebook: https://www.facebook.com/levin.adam.k
And my personal website: http://www.adamlevin.com
Frajer8 karma
I feel like I hear more about credit card numbers getting stolen lately, why do you think that is?
Adam_K_Levin3 karma
Great question - Because it's a crime of opportunity and it's easier to pull off. It's considered low-hanging fruit in the realm of ID theft. Retail sector has not been as secure as for instance financial services. Also: there's access to a large quantity of data, and of course chip and PIN cards aren't used here yet (they will be next year) and magnetic strip technology is relatively easy to exploit.
Adam_K_Levin2 karma
Closing accounts. You need those accounts open. Close them and you lower your available credit, which lowers yours score.
PJMurphy4 karma
Let's say you have 5 credit cards, each with a $2000 limit, that's $10,000 in available credit. In total, you are carrying $4000 in debt spread across the cards. You are in debt for 40% of your available credit.
Now you have a look at the cards, and decide that 2 of them aren't as good as the others. Maybe they have higher interest rates. Maybe they have fees that you aren't comfortable with. So you cancel them.
Now your $4000 debt is spread across $6000 in available credit, and you have just injured your credit score by jumping to 66% of your available credit, without going an extra dime into debt.
A better plan would be to contact the issuers of the 2 cards you don't like, and threaten to cancel the cards unless they offer you more attractive terms, or to convert the card to a better type. They will often be willing to do this because they track "retention" as one of their statistics. Losing a customer is a big no-no, and reflects poorly when it comes time for them to apply for a promotion or a raise.
This way, you maintain your available credit, keep your usage of that credit to a lower percentile, and save some money on the terms.
Adam_K_Levin3 karma
It hasn't affected people yet, but it has officially scared businesses to death.
Adam_K_Levin2 karma
Well I think the following: studios in particular and all companies in general are going to be much more concerned about security and privacy. And I think this will change people's attitude toward open expression via email. This really was a near extinction level event, and a wake-up call for everyone. Sony is the poster child for the need for encryption.
billdietrich11 karma
What's new and different about the Sony breach ? Seems like just the latest in a long series of breaches.
Adam_K_Levin2 karma
The scope of it - it's not just a list of credit cards or social security numbers, it's movies, correspondence, personal information about employees (actors and otherwise), and so on.
asymptoto3 karma
What's something important that people should do to protect their identities that may not be super obvious?
Adam_K_Levin3 karma
Don't use your email address as a user id - that's pretty huge. Second thing, do NOT save passwords or user ids on applications on your smartphone. Never let stores put your receipt in a bag, make sure they hand it to you.
Adam_K_Levin3 karma
Almost everything on the receipt can be used by a clever thief - for instance, your name, the amount of your purchase, the last 4 digits of your credit card number, the date of purchase, the expiration date of your card. Remember, an identity thief's job is to be you - the more information they have, the more successful they will be.
themulethatkicked3 karma
- Do you think new digital currencies (like bitcoin etc) are more adept at handling theft/privacy issues as opposed to current conventional products?
- Do you think cryptocurrencies and/or other such innovations in the realm of tech/finance will permeate into the mainstream any time soon? Or rather will the current guardians of financial transactions (traditional banks, govt's and central banks) allow these technologies to be widely used as they will eventually challenge their respective monopolies?
Adam_K_Levin1 karma
I'm skeptical about alternative currencies, but it's also admittedly pretty early in their development, so we'll have to wait and see.
Richard-Rider3 karma
It has become very common in european law, especially in germany (I'm a german law scholar), that privacy issues and identity theft are becoming subjects of criminal law.
How is it done in the united states and do you think this problem should be solved by private law and compensatory damages or by criminal law and legal actions from the state?
Adam_K_Levin1 karma
It's handled both ways in the US and it should be that way. There are criminal laws against ID theft (both federal and state).
IlluminIll2 karma
What are some methods you use routinely to protect your credit and accounts? Do you routinely change credit card numbers annually?
Adam_K_Levin2 karma
I check my accounts at annualcreditreport.com. I get monthly credit score reports for free from Credit.com and I subscribe to Lifelock. I check my accounts every day and I get automatic notifications when there's any activity in my bank accounts.
Adam_K_Levin1 karma
There are several programs for monitoring and damage control that are either free or provided through your insurance company, HR from your work, or other financial services. There are comprehensive programs out there that can handle either monitoring or damage control as a paid service - ultimately whether or not to go with a paid service depends on what your peace of mind is worth to you.
Adam_K_Levin1 karma
The most important is having a budget and sticking to it, and building an emergency contingency plan into that budget.
IlluminIll2 karma
Where do you project America's economy will rank in next decade? And what will the job market be like for internet security in the U.S based on your projection?
Adam_K_Levin2 karma
I think security will certainly make up a larger portion of the economy, but as for the economy itself…Your guess is as good as mine.
Adam_K_Levin3 karma
The first thing is to see if you can be named an additional credit card holder of somebody's credit card. Second, see if someone might be willing to co-sign a credit card application with you. Third, go into a store and see if you can get a store credit card. It's not something you should stay with, but it can help build credit. Fourth, a secured credit card, which is where you deposit money in a bank, and they give you a card with a credit line from the money you deposited.
Adam_K_Levin3 karma
No, your social security number is in many different hands. The best thing you can do is 1) Don't make it worse. Only give you SSN when you absolutely must. 2) The best protection against having your SSN used illegally is monitoring your financial and credit accounts regularly. You might also consider a credit freeze, but bear in mind, you'll have to unlock it every time you want to shop for new credit.
_Pohaku_2 karma
In the UK at least, banks currently refund virtually all customers who lose money by way of credit card fraud, and when customers' identities are used to obtain credit they are not actually required to pay it back - in most cases, the banks foot the bill and do very little to investigate the crime. As a result, nobody ever feels hugely put out once they get their money back, and the law enforcement agencies get no pressure at all to deal with the frauds the same way they do with burglaries, robberies, etc.
Do you foresee a time when banks do not refund the money as willingly, and therefore people expect a more robust effort from the police in finding the fraudsters? (And if so - how far away are we from that?)
Adam_K_Levin1 karma
It's pretty much zero liability in the US as well. However, with the new Chip and PIN technology coming out in 2015, retailers are going to be more on the hook if they don't switch over to the new technology. (If that happens, retailers will just pass the expense on to the consumer.)
Mongolian_Hamster0 karma
Coming out in 2015 bahahaha. Can't believe the US is so far behind when it comes to consumer protection. Why hasn't chip and pin been implemented sooner?
Adam_K_Levin3 karma
Money. It was chicken-and-egg. Banks didn't want to spend the money on the cards until retailers had the readers, and vice versa. With Target we finally reached a tipping point.
Mongolian_Hamster2 karma
Doesn't the government have any say? Forgive my ignorance on US laws but isn't there a government body that works in the interest of consumers/citizens? Businesses will always look to use the cheaper option but it's the government that should be keeping them in line no?
Adam_K_Levin1 karma
Should? Yes. Does it? No. In this case, it was Visa and Mastercard that got the ball rolling.
Adam_K_Levin5 karma
Come to think of it, the most clever scam I've seen is Wall St.'s poisoning of the CRomnibus act that Elizabeth Warren has fought so vigorously against in the last few days.
Adam_K_Levin2 karma
The cleverest scam I ever came across might be the Sony Pictures hack. I've seen so many. The majority of scams are very clever and very hard to detect. When income tax fraud first started, it was novel. The same goes for malware. When scammer made calls to known Microsoft users claiming to be customer service but were actually doing an IT support scam—again, it got a lot of people. There are also the old standards like the call you get at a hotel in the wee hours of the morning claiming to be the front desk needing your credit card number again because it didn't go through. That one still works way too often.
When it comes to scams, remember that you can always look it up on Snopes.com.
Adam_K_Levin2 karma
If it's offline, encrypted, and in a secure storage facility, you have a shot. Otherwise...
BlueBrunswick2 karma
In my mind, i've always made a distinction between privacy and security online. I leave this intentionally broad so you can fill in the parts that you think is important.
In your professional opinion, is this a false distinction on my part? If it isn't, do you have differering philosophies or ways of approaching the two ideas on a practical level?
Adam_K_Levin2 karma
Where there are privacy issues, there must be security. With privacy issues online, you have some choice in the matter - you can decide what you'd like to share, or opt in. With security online, you have no say in what happens - you're at the mercy of the company or entity that has your information.
Adam_K_Levin2 karma
On a practical level, there are things you can do to protect your privacy and things you can do to ensure your security. When it comes to data that you're provided to a company online, often times it's more important to have consistency than veracity - in other words, you can lie about your birthday as long as you remember what you said. That's the practical approach to the privacy conundrum. Basically what you're trying to do is secure your privacy.
Bmorehon2 karma
My spouse thinks that because he has some bad credit, he doesn't need to worry about protecting things like his Social Security number and personal information. He said 'it's not like they could get a loan or anything' when he carelessly lost his wallet or when he uses easy passwords. Can you please give me the simplest explanation of why this is a bad way of thinking? I've tried to explain that this could hurt him 10 years down the road after his credit improves, to no avail.
Seriously, dumb it down as much as you can. Maybe you can help him see the light of reality.
Adam_K_Levin4 karma
Protection of your social security number goes way beyond credit. If your identity is compromised, your bank account can be improperly accessed. You could end up on a no fly list, be the target of criminal enforcement because crimes were committed in the name of the victim. False tax returns could be filed, tax refunds could be diverted, illegal employment could occur (where the earnings are attributed to his social security number). Someone could obtain medical services, prescriptions or treatment in his name. His medical insurance could be drained. In the event the thief is examined using his identity, their medical information could become mingled with his and an incorrect course of treatment could be prescribed, allergies disappear, new allergies appear, etc.
vollerkreis1 karma
I'm late so I apologize and hope you find time later to get back to me. Looking at the history of data and consumer security (immense over generalization I know) has a trend to be seen as expendable and unnecessary. Arguably every development in tech hardware and software has intentionally dismissed enhanced security. Users have a embedded belief that security is just a bunch of hype and just install Norton security "anything else is Microsofts fault".
These are incredibly reckless and costly trends, how do you think we can change the consumer and business mentality of digital security?
Ps. Sorry to focus just on this but in our modern world it's the core of all commerce.
Adam_K_Levin1 karma
I think the change in mentality is already happening... if you look back over 2014, breaches and identity theft have been consistently dominating the headlines. The breaches to Sony, Target, Michael's, the USPS, etc. have been incredibly damaging to their respective brands and has shaken the confidence of customers and investors - at this point, businesses have to step up their efforts to either keep from being the next major breach, or to restore trust in the aftermath of one.
vollerkreis2 karma
I'm not incredibly good but for childish interest I did learn a little hacking, network cracking, and using packet collecting to traffic. What surprised me was a seemingly basic flaw in our legal systems and the industry's approach, how incredibly easy it was to download programs and scripts for malicious use. These programs are debatably useful in certain situations but to be so freely accessible seems like something to address. For the same reason I can't go to a gun store and buy c4 I shouldn't have access to utilities that are created for the use of circumventing security whether present or implied.
Do you think we'll ever see any attention to this?
Adam_K_Levin1 karma
If there's one thing that we've learned this year, between the celebrity phone hacking scandal and the Sony Pictures hack is that it's incredibly difficult to take something offline (if not impossible) once it's on the internet. To take your example, if someone buys c4 that doesn't mean that can distribute copies of it all around the world in a relatively short span of time - there are limitations to physical objects that just aren't there with digital ones, be it hacking tools, leaked information, or pirated content.
Adam_K_Levin3 karma
If you define swatting as causing first responders to scramble for a fake emergency, I think it's outrageous. Also: it has nothing to do with the kinds of scams I look at.
tmfq191 karma
I heard him on a radio show on Long Island 103.9FM on Saturday and he spoke of a technology that allows someone to pick up the heat from your fingers on the pad when you enter your pin (and for up to a minute after you entered your pin) for your debit card and this allows them to steal your credit information and possibly your identity. Is there any truth to that? He also said this holiday season will be the worst ever seen for identity theft.
What are your tips on avoiding identity theft, especially during this holiday season?
Adam_K_Levin2 karma
Avoiding identity theft can be especially difficult - even if you're doing everything you can to keep safe, there's always the possibility of retailer breaches along the lines of what we saw with Target and Home Depot. The best thing to do is to track track of your accounts and monitor activity on them.
stevenemy170 karma
Whats your favorite Maroon5 song?
View HistoryShare Link