Security Watch | Matt Hines » Why everyone needs a shredder

August 23, 2007 | Comments: (0)

Why everyone needs a shredder

TAGS: Security

Ever wonder what you should do with all the free credit card offers that you receive in the mail from Visa, MasterCard, AMEX and everyone else?

Well, the answer is simple -- you should shred them or burn them or do anything that you can to destroy them in a manner that won't allow for them to be used by someone else who wants to hijack your identity and destroy your personal credit rating. Seriously!

Most people (myself included) have likely deferred to the time-honored "fold it up and rip it up" approach over the years, as it's the easiest way to dispose of the seemingly endless parade of offers without going to much trouble.

And, logic would follow, once you've sufficiently mangled one of the junk letters by ripping them up there's seemingly little chance that someone could put all the pieces back together and get the resulting carcass accepted by any legitimate credit card issuer. Right? Wrong!

In his latest project, terminal prankster Rob Cockerham, operator of the Cockeyed.com site -- which has previously detailed everything from the best ways to fight back against spammers to a scientific process for predicting the ingredients of a typical bag of mixed nuts -- illustrates just how stupid and greedy and willing to ignore an individual's privacy these credit companies really are when it comes to dealing with their own junk mail offers.

In a series of photos posted on Cockeyed, Cockerham shows off how he ripped up such a credit card offer, taped it back together, and mailed it in to the good folks at Chase MasterCard -- who apparently ignored the physical condition of the application and sent him a new card without so much as a phone call to ensure the paperwork wasn't duped.

On top of that, Cockerham had the card shipped to an address different from the one the offer was originally mailed to, and arranged for it to be activated from a cell phone number that was different from the number the company had listed in the original letter.

Chase Mastercard's own advice on dealing with the credit card offers is almost comical in light of the exercise, as the company specifically recommends that you should simply tear them up (or shred them… at least they were half right).

Now maybe MasterCard has some secret wealth of personal data that allowed them to figure out that Cockerham was having the card mailed to his parent's house and that the number he gave them is that of his real mobile phone, but even if that is the case, should they really accept tattered credit card applications pieced together with tape without so much as calling the involved customer to make sure there's no sign of fraud? No way!

Credit card companies can enforce PCI and host security symposiums and do all they want in the name of good PR around improving security, but the fact of the matter is that if they did a better job of protecting their customers by using common sense and policing their own business practices they could probably eliminate a lot of fraudulent activity.

My take on this one is that it seems they don't really care after all, especially if it means slowing down their business, which is pretty sad indeed.

(Matt Hines will be on vacation from Zero Day until after the Labor Day weekend.)

Posted by Matt Hines on August 23, 2007 01:44 PM

RATE THIS ARTICLE: