In my last column in this series on identity theft, I introduced some statistical resources about the problem. Today I'll begin discussing some of the nasty techniques used for identity theft and how to defend against them.

Stealing physical credit cards and creating fake ones are part of the criminal technique called “carding.” One of the significant recent successful investigations and prosecutions of an international credit-card fraud ring began with the U.S. Secret Service's Operation Firewall in late 2004. The investigators discovered an network of over 4,000 members communicating through the Internet and conspiring to use phishing, spamming, forged identity documents (e.g., fake driver’s licenses), creation of fake plastic credit cards, resale of gift cards bought with fake credit cards, fencing of stolen goods via eBay, and interstate or international funds transfers using electronic money such as E-Gold and Web Money.

In October 2004, the Department of Justice indicted 19 of the leaders of Shadowcrew; by November 2005, 12 of them had already pleaded guilty to charges of conspiracy and trafficking in stolen credit card numbers with losses of more than $4 million. 

In February 2006, Shadowcrew leader Kenneth J. Flury, 41, of Cleveland, Ohio, was sentenced to 32 months in prison with three years of supervised release and $300,000 in restitution to Citibank. In June 2006, co-founder Andrew Mantovani, 24, of Scottsdale, Ariz., was fined $5,000 and also received 32 months of prison with three years of supervised release. Five other indicted Shadowcrew criminals were sentenced with him. By that time, a total of 18 of 28 indicted suspects had already pleaded guilty. 

One of the lessons we teach our “Cyberlaw & Cybercrime” students at Norwich University is that everyone with a credit card ought to check their statement immediately upon receiving it.

Every line should be recognizable; if it is not, call your credit-card company to find out what a particular charge is for and where it was charged. Tell your company to freeze your card account if there is any question of its having been compromised. Write down the details of every conversation with the credit-card company employees (date, time, name of employee, case number) in case you need evidence to clear your own name.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.