Why you need a paper shredder.

I just got in from walking the dog, out in my travels I saw a piece of paper in the gulley where she was sniffing around and I noticed the Amex logo. It was a credit card statement. Yesterday was garbage day and after a few days of high winds, I figure it blew out of a recycling container somewhere in the area.

Don’t ever do this. Never throw your paper credit card statements into the garbage or recycling. While “dumpster diving” is a largely thing of the past for those early era hackers and phreakers, today’s incident shows it would still be viable at the residential level.

While most merchants require the CVV security code to be used online, not all do, including Amazon and Western Union (a.k.a “Scammer’s Choice”). Beyond that, the credit card statement contains enough information to launch an identity theft or online attack against an unwitting target. I remember reading “Your Secrets Are My Business” many years ago, before ecommerce exploded online and began to understand how much personal information can be gleaned from the most cursory information (the author could work wonders, for example, just from a momentary glimpse inside the target’s car).

A credit card statement can convey volumes: in this case that the user had an Amazon account. Recall Mat Honan’s “Epic Hack” wherein his life was turned upside down by an attacker who merely wanted his Twitter handle. That all started by gaining access to his Amazon account using the last four digits of his credit card.

I also could tell that the user paid his balance in full every month and did so in-person at the bank. That could infer some basic premises about age (doesn’t use or is suspicious of online banking?) and financial means. The irony is even though this person eschews using online banking to pay this bill, here I was standing in the street holding in my hand enough information to commence an identity theft or other fraud against him.

In all, a disaster waiting to happen. I brought the statement home with me and shredded it, which is what should have happened in the first place.

Buy a shredder and use it on all personally identifiable paperwork that passes through your household.

Leave a Reply

Your email address will not be published. Required fields are marked *