Keep a Tight Rein On Credit Data To Avoid Scams
The scam is called ''account-takeover.''
Someone gets your credit-card number and enough information to impersonate you over the telephone. Then they call the credit-card company and say you're moving. Once they get the address changed - which is ridiculously easy if they have the right information - the mischief begins.
I know this happens because someone nearly succeeded in using my MasterCard account to steal a few thousand dollars. But by taking a few new precautions, you don't have to be victimized by information theft.
Account-takeover is one of the many scams that thieves use to bilk credit-card companies. About $1 to $2 of every $1,000 charged to credit cards falls into criminal hands, estimates RAM Research Group in Frederick, Md. And Americans use their cards so often that the fraud averages more than $2 million every day.
By law, credit-card holders are only liable for the first $50 if someone uses their credit cards illegally. The problem with account-takeovers is that untangling the scam and repairing your credit standing can take months or even years. A Phoenix man impersonated his adult stepson for four years, running up some $100,000 in charges before being sentenced last July to 17 months in prison.
The key to the crime is having the right information. Credit-card companies ask for personal information to verify who the caller is. But if the impersonator knows your Social Security number and your mother's maiden name, for example, it's likely he can get the address changed. Once that's accomplished, the scam can take several forms. In one scenario, the criminal forges a credit card and begins charging large purchases. You don't notice because the bill is sent elsewhere.
My impersonator got hold of my Social Security number, my wife's name, her Social Security number, and my mother's maiden name. Last October, he changed the address on my credit card from my home in western Pennsylvania to a spot in Los Angeles.
I didn't notice the first month that a bill hadn't come. That gave him enough time to order credit-card checks. Had the scheme worked, he could have written one of those checks for most or all of the credit card's $5,000 limit, cashed it, and disappeared before the credit-card issuer figured out what happened.
Fortunately, one of the credit-card company's sharp-eyed investigators reviewed the address change and the request for checks. Her suspicions were raised because my impersonator, for all his cleverness, misspelled Los Angeles. She called me in Pennsylvania, verified that I hadn't moved, and canceled the account before any money could be stolen.
It's still not clear how the impersonator got so much personal information about me. Often, they get it by stealing cards, intercepting bills in the mail, or teaming up with someone who has access to credit information. It's just possible my impersonator stole the information off the Internet (although very little credit-card fraud occurs there).
There are measures you can take to protect against such fraud. For example:
* Don't leave credit-card receipts at the store or office.
* Don't write your full credit-card number on checks you use to pay bills. (Just write the first few numbers so the company can identify you).
rGive Social Security and account numbers out only to people who really need to know it.
* If you'd like a little extra protection besides a mother's maiden name, give your credit-card companies a special security code that only you know and request that company representatives ask for that code before giving out any information.
* Send comments via Internet (laurentb@delphi.com) or to CompuServe (70541,3654) or America Online (LBELSIE).