Which!!! fraudster is using your Facebook to obtain false credit cards in your name...
Social media is supposed to be fun. Ish. A way to connect with childhood sweethearts and a means for potential employers to decide whether you are the right fit for their company before they hire you. But now Which!!! have found a new, less amusing use for your Facebook profile- a way to get a free credit card.
As an experiment, and using volunteers, Which!!! mined some personal details from Facebook, and then used this information to cross check to other publicly available records, like telephone directories and electoral roll details. Which!!! then used these details to apply for three credit cards who do not require bank account details on an application (as presumably even the most muppety Facebook muppet wouldn’t post their bank account number on Facebook). While the applications with Santander and Nationwide ultimately proved fruitless, it seems it is possible to get a Capital One credit card in someone else’s name relatively easily.
Now, the application did require the correct home address for the person whose name was being used, but apparently this is a minor setback that is relatively easy to solve. Cifas, the UK's card fraud prevention service, said so-called ‘current address fraud’ accounted for 75% of identity frauds recorded between January and August of this year. Typically, fraudsters target victims who live in blocks of flats where post can be nicked from a communal area, or apply for a credit card while the victim is on holiday (because you’ve been boasting about that upcoming trip ALL over Facebook), making it easier to surreptitiously retrieve the card.
Another sticking point could be your date of birth, and some silly folks still have their full date of birth showing on their ‘about’ tab. However, even if you don’t have this information showing, Facebook helpfully tells all your friends when your birthday is, so that they can write all over your wall, notifying potential identity swindlers of the date. And all you have to then is complain about being “30 next year” or something and they’ve got the year too.
The three card companies Which!!! identified told us they take credit card fraud and online security very seriously and each has various sophisticated measures and checks to prevent fraudulent applications and to verify each applicant's identity. And to be fair to Santander and Nationwide, their measures seemed to work.
However, Capital One, the one whose checks failed to spot a fraudulent application, told Which!!! without a trace of irony that it “leads the industry both in preventing fraud and in assisting the victims of fraud” but that it advises customers to protect their data and to restrict access to their profiles on social media sites.
Which!!! do have further guidance about how to protect yourself on social media, which includes never mentioning your birthday, and never telling anyone where you are or where you’ve been, and by protecting your tweets so only 17 people can read them. Which all seems to kind of defeat the purpose of social media really…