My wife showed the cashier her license, which was behind a clear window in her wallet. He said, “No, please hand it to me.” We both assumed he just wanted a closer look. Once he had it, he immediately picked up a barcode scanner and scanned the back of her drivers license. I asked him what that was all about, as I had never seen anyone do that before. Almost bragging that Target now knows, for example, exactly where we live, he explained that the scan “gets all the information off of the license.”

Thruhike98 wants to know why Target needs all of this data, and so do we. As he points out in his blog post, it's possible that by scanning the card they're creating verifiable evidence that they performed the required ID check—but in the meantime, the customer has just inadvertently given up all of his license data to a faceless corporation. (One that won't even respond to Thruhike98's email asking them about the practice.)

We'd like to know whether Target retains all of the data they scan off the license, and if so, why?

"Target Must Record My Organ Donor Status to Sell Me Wine?" [Thruhike98]
(Illustration: Getty)

Just wanted to let you know, armed with the Consumerist and a signed credit card, I thwarted the Best Buy minions who wanted to enter my driver's license information into their "fraud prevention database" in Virginia. When asked for ID, I pointed out the card was signed and that as a condition of their arrangement with Visa they could not demand identification. I demanded a manager who sided with me and processed the transaction without identification. Interestingly, I was not asked to sign at all (even the final receipt) which makes me less secure in Best Buy's transaction policy.

That's right. If your credit card is signed, retailers are not allowed to require any additional ID with your purchase. To do so is a violation of their contract with the credit card company. Violators can be reported by consumers to their credit card companies, and possibly have their accounts taken away.

With the high number of retail database breaches this year, do we really need to be giving these chumps any more of our personal information than we have to? I'd like to keep my digits out of the hands of the Russian hackers as long as possible, thanks.

(Photo: Getty)

No amount of security will stop a bit of social engineering, but this is a great strike against phishing. Now if only banks would start embracing DomainKeys.

From Google's Gmail blog:

Now any email that claims to come from "paypal.com" or "ebay.com" (and their international versions) is authenticated by Gmail and — here comes the important part — rejected if it fails to verify as actually coming from PayPal or eBay. That's right: you won't even see the phishing message in your spam folder. Gmail just won't accept it at all. Conversely, if you get an message in Gmail where the "From" says "@paypal.com" or "@ebay.com," then you'll know it actually came from PayPal or eBay. It's email the way it should be.

eBay and PayPal have worked hard to ensure that all their email is signed with DomainKeys and DKIM. Armed with this information, Gmail can easily reject as a fake anything that doesn't authenticate. We've been testing this for a few weeks now and it's working so well that few people really noticed.

"Fighting phishing with eBay and PayPal" [Gmail Blog]
(Photo: Stryker W@SP)

• $10 off a purchase of $50 or more
• $20 off a purchase of $100 or more
• $30 off a purchase of $150 or more

Stein Mart seems to think that when it comes to bad security, intention makes all the difference:

A representative for Stein Mart said the company is not aware that anyone's identity was stolen and that the company was a month away from having all their printing procedures corrected.

If you're really interested in those coupons, check out steinmartsettlement.com.

[WSMV Nashville] (Thanks to Martin!)
(Photo: Getty)

Allegedly, the following email was enough for Apple to hand over Marko's login information to a stranger with a yahoo.com email address:

am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com

The stranger then logged in to Marko's account and changed his password. Fortunately, the security question stayed the same and he was able to regain access to his account. Meanwhile, the stranger had access to:

- My personal details
- My personal email
- All the files stored on my iDisk
- Everything I've synchronized to .Mac, including my Address Book, Bookmarks, Keychain items, etc.
- My credit card details as stored in my Apple Store profile
- My iTunes Music Store Account
- My ADC Premier membership, including the software seed key and other assets
- The iPhone Developer Program's Program Portal, including details of our development team

Whoops.

Apple just gave out my Apple ID password because someone asked [Karppinen](Thanks, Ivy!)

• Take the place of an airline boarding pass.
• Contain personal information about the traveler.
• Be able to monitor the whereabouts of each passenger and his/her luggage.
• Shock the wearer on command, completely immobilizing him/her for several minutes.

Lamperd Less Lethal—oddly, that name doesn't make us confident about either the effectiveness or the safety of their products—has an entertaining instructional video on their site that explains why this is such a great idea. It opens with footage of the planes hitting the WTC towers, just in case you've forgotten, then describes how all the current solutions are ineffective—biometrics can't spot "new" terrorists who aren't in the database, Air Marshalls can inflict friendly fire on nearby passengers, etc. But they've got an answer in the EMD Safety Bracelet! Check out these handy graphics if you don't believe them:

Okay, we doctored that last one, but you know there'd be a technical glitch at some point that turns everyone on the manifest into a herky-jerky bag of twitching muscles. Pretzels everywhere! Plastic drink cups flying! You have to admit, it'd be funny to see (so long as your own EMD Safety Bracelet didn't go off at the same time.)

Lamperd Less Lethal insists that this is a great idea, and that passengers won't mind being figuratively collared like slaves out of a bad sci-fi movie:

Wearing an EMD safety bracelet for a few hours during a flight is a small inconvenience to ensure their safe arrival...many if not most passengers would happily opt for the extra security of the EMD safety bracelet.

We'll admit, it would certainly make it easier for flight attendants to take care of drunks, fashion victims, unruly children, and the occasional masturbator. But if DHS wants to take security this far, why not just anesthetize passengers and load us up on gurneys, where we'll remain blissfully unconscious as we're shipped like freight across the globe? It would be more dignified than wearing a stun bracelet.

"Want some torture with your peanuts?" [Washington Times] (Thanks to Capt Janeway!)
EMD Safety Bracelet video [Lamperd Less Lethal]

The Ponemon study indicates that most airport laptop losses occur at the security checkpoints or at the departure gates, where it's easy to leave things behind. More than 70 percent of business travelers say they feel rushed when trying to get on their flights, and 69 percent said they are usually carrying too many items while trying to catch their flights.

Los Angeles's LAX reported more laptop losses than any other airport, about 1,200 per week. Most of the airports said they generally keep the laptops for some period of times, then destroy them if they are unclaimed.

Sixty-five percent of the business travelers admit that they do not take steps to protect the confidential information contained on their laptops when traveling on business, according to the study. Forty-two percent say they don't back up their data before going on a trip. Fewer than 20 percent of respondents said they have whole disk encryption or file encryption on their machines.

Interestingly, only 1 percent of the respondents admitted personally losing a laptop computer. However, 84 percent say they know someone who has lost a laptop while traveling on business.

The UK's The Real Hustle shows how security checkpoints offer thieves an unrivaled opportunity to poach laptops from unsuspecting travelers:

Next time you travel, keep an eye and hand on your laptop. And don't be ashamed to admit if it's stolen. Clearly, you're not alone.

Laptop Losses Total 12,000 Per Week at US Airports [Dark Reading]
The Real Hustle - The Airport X-Ray Steal [YouTube]
(AP Photo/M. Spencer Green)

A reader named Ben writes,

Chase.com doesn't know how to protect their customers passwords. Their login page does not use a secure connection
(see attached). It uses http instead of https. That means that your password is not encrypted when submitted, which is pretty bad for a financial site. (However, they do care enough to include a meaningless, fake "secure" lock icon next to the login form.) I spoke with them a month ago, but they haven't changed anything.

Once you've logged in, everything is encrypted, but that initial password transmission on the home page isn't. Fortunately, if you're a Chase customer you can change the address manually to https (just add an "s" to the end of the "http" and hit your enter key) to trigger the encryption.

Note: A couple of initial comments were lost from this post, but we thought this one from beavis88 was good to know:

As long as the target of the form is an https url (and it is), the data will be encrypted. This is bad form, no question, but they are not total and complete idiots at least.

[The] undercover operation... at one point had Eastern European hackers chasing a female FBI agent through the streets of New York, trying to mug her for ATM-card-programming gear.

"Stakeouts, Lucky Breaks Snare Six More in Citibank ATM Heist" [Wired Threat Level] (Thanks to Robbie!)
(Photo: Getty)

The TSA says the program has been a big success and has expanded it to 21 airports. They claim the expert lanes move faster and families are receiving more assistance and sounding fewer alarms. There's even a "casual" lane for travelers who know the rules but don't like feeling rushed by those pushy "black diamond" people.

Since it appears to be here to stay, If you'd like to strap on your bureaucracy skis and give the "black diamond" line a shot, the TSA offers these helpful tips:

• DO: Wear slip-on shoes. Laces and zippers will slow you down.
• DO: empty your pockets and put loose items in your purse, jacket pockets, or carry-on bag while before you get to the checkpoint.
• DO: place magazines, snacks or souvenirs purchased in the airport in a carry-on bag or purse before you get to the checkpoint. Consolidating your items before they go in the bins will help you recompose quickly and clear the checkpoint exit area.
• DO: have your liquids baggie out of your carry-on, and make sure you don't have any loose liquid items in your purse or carry-on bag. Notify a security officer if you have any exempt liquids so an officer can provide additional screening if necessary.
• DO: put your shoes and coat in the first bin and any carry-on bags in other bins. Then after your bins go through the x-ray, you can slip your shoes and coat on while waiting for your other items to come out.
• DO: put your laptop bag in the bin before your laptop. Then as the bins come out of the x-ray, just slip it back in, zip and go.
• DO: put your bins on the belt for the x-ray machine vertically versus horizontally. This allows the security officers to view more than one image at a time, and helps speed up the process.
• DON'T: try to put shoes or boots with zippers or laces on right when you take them out of the bins. Move to the side to let other passengers take their items and go.

Black Diamond Self Select Lanes [TSA]
PREVIOUSLY: TSA Brings All The Signage Of Skiing To Security Lines, None Of The Fun

The average debit card transaction triggering an overdraft is for a $26 purchase. For this transaction,the bank makes an average loan of $19.95, or the amount overdrafted, and charges an average fee of $33 for each incident. This amounts to an average of $1.65 in fees per dollar borrowed. Thus, older adults pay more in fees than they receive in credit for the average debit card purchase triggering an overdraft.

Since Social Security payments are disbursed only once a month, a consumer on Social Security can rack up substantial daily balance fees waiting for her next check— trapping her in a cycle of overdraft fees and debt that's eerily similar to a payday loan scenario. If the consumers on Social Security were instead given a line of credit they could avoid this cycle of debt.

The Center for Responsible Lending illustrates this difference by sharing the story of Mary, a real consumer entirely dependent on Social Security:

Mary begins the year 2006 with $420.56 in her checking account, held at a large national bank. She makes a $380 ATM withdrawal and several smaller point-of-sale purchases on January 3, comes up short, and is overdrawn by January 4. She incurs a $34 overdraft fee for the initial overdraft. After two more purchases, and two more overdraft fees, she finds herself almost $200 below zero on January 9. For the next eleven days, Mary doesn’t spend any money from her checking account, but her checking account loses money, nonetheless. Her bank charges her a fee of $7 a day because of her ongoing negative balance. By the time a scheduled electronic withdrawal is made to pay a bill for $32.38 on January 20, Mary’s account is overdrawn by more than $300, and the bank rejects the transaction. Her bill goes unpaid, although the bank continues to charge daily negative-balance fees.

Finally, on January 25, Mary receives her monthly Social Security check of $904. However, her account is already $335 overdrawn and she still has an additional $500 in expenses for the month. Once these payments are made, Mary only has $31.09 left to live on until her next Social Security check comes in late February. Because of this, Mary almost immediately has a negative checking account balance again, once she makes three small ($20 or less) purchases on February 1. Over the next two days, Mary incurs two overdraft fees because of these purchases and conducts another transaction for $50, which also results in an overdraft.

Mary does not make any more purchases between February 8 and February 17. However, the bank again continues to charge her a fee of $7 a day because of her ongoing negative balance. On February 18, an automatic bill payment causes Mary’s account to go even farther into the red—a transaction that the bank approves even though her account is already below zero and she cannot even repay the $7 daily negative balance fee. Once Mary’s account dips to $314.91 below zero, the bank finally begins to refuse additional transactions, rejecting a utility bill for another month. The $7 daily negative balance fees continue to be assessed through February 21.

Finally, on February 22, Mary’s Social Security check comes in, and the account balance ends up above $400 once the bank subtracts the overdraft fees. Unfortunately, because Mary still has to pay her end of the month expenses totaling about $410, she is left with only $18.48 to tide her over until the end of March. This meager sum—even less than the $31.09 she had to make ends meet after being charged for overdrafts in February—virtually guarantees that Mary will continue to remain trapped in a cycle of accumulating overdraft fees month after month. In January and February, Mary paid $448 in overdraft fees in return for receiving $210.25 in credit from her bank, and was forced to live on $20 from a Social Security check of nearly $1,000. If Mary’s bank had instead offered her an 18 percent APR line of credit to cover overdrafts, she would have only paid about $1 in total fees for her overdrafts.

As you can see in the graph above, if Mary would have been offered a line of credit, she would have ended up with $420 at the end of two months and would have been able to pay her utility bills.

The Center for Responsible Lending is working to stop banks from being able to automatically drain Social Security funds from checking accounts, but the important takeaway for us is this: It's important that you or your family consider switching to a bank that allows you to link a savings account or offers a less expensive line of credit so that you can avoid these fees — particularly if you or your loved ones are retired and on a fixed income. There will likely be a fee for this service, but when you consider the alternative, it may be a wise choice.

Here's some basic information about overdraft protection from Bankrate. You can also compare accounts and overdraft fees with Bankrate's checking account finder.

Shredded SecurityOverdraft practices drain fees from older Americans (PDF) [Center For Responsible Lending via CL&P Blog]
(Photo: michael.kinne )

The new regulation doesn't apply to those passengers who claim to have forgotten their ID— so essentially you are barred from claiming that you have a constitutional right to refuse to show ID to get on a plane. Here's how the TSA explains it:

Beginning Saturday, June 21, 2008 passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports. This change will apply exclusively to individuals that simply refuse to provide any identification or assist transportation security officers in ascertaining their identity."

This new procedure will not affect passengers that may have misplaced, lost or otherwise do not have ID but are cooperative with officers. Cooperative passengers without ID may be subjected to additional screening protocols, including enhanced physical screening, enhanced carry-on and/or checked baggage screening, interviews with behavior detection or law enforcement officers and other measures.

It turns out that "and other measures" include questions about political party affiliation and other questionable invasions of privacy, according to David:

So you know how the new TSA regulations went into effect yesterday, where you can only fly without ID if you "cooperate" with the TSA? Well, it turns out you also have to take a test about your personal life. They call up a service to administer it, and the last question they asked was which political party am I registered under (I correctly answered "democrat" and they still let me on board).

Anyway the full story is that I had to go Florida for a funeral, and accidentally left my driver's license in my apartment in Manhattan. I made it through LaGuardia on Thursday the 19th in about 3 minutes, but when I tried to fly back through Fort Lauderdale Airport yesterday, it took about 45.

When I first approached security, I told the initial guard screening all passengers for ID that I had none. Instead of immediately calling the supervisor over like at LaGuardia, he paused and asked if I was sure I didn't have any ID on me, like a social security card or something. I said I only had a credit card, so he then radioed for the area supervisor. She arrived in just a few seconds. Her name was Brenda, and she very politely and apologetically informed me that things had changed, and that the TSA supervisor for the whole airport needed to handle this situation because of the new regulations.

Luckily I had arrived an hour early so had plenty of time. I chatted with Brenda while we waited for the main supervisor to arrive. I started to get a little nervous that I wouldn't be allowed on board, and Brenda repeatedly assured me it wouldn't be a problem — they just had a few additional steps to go through.

After about 15 minutes, the main supervisor, Laurie, arrived. Again, Laurie was exceedingly nice and professional, but seemed a little more concerned than Brenda. She asked if I was sure I didn't have photo ID, like a credit card with my picture on it, or even a CostCo card. I wound up going through my wallet in front of her to show that I didn't, and she pointed to various cards and receipts in it to ask if they were IDs. I wound up showing her everything to prove I was telling the truth. She repeatedly said they had no way of "verifying" that I was who I said I was, and that someone could have stolen my credit card and traveled under my name. I didn't want to mention that they shouldn't need to verify who I am, because I was afraid they could then say I wasn't cooperating and deny travel on that ground. In fact, I even mentioned several times that I wanted to fully cooperate with them because I was aware that was a component of the new regulation, and they assured me that I was.

Finally satisfied that I didn't have ID, Laurie took my boarding pass and went away. She came back a few minutes later having photocopied it, and also had an affidavit that she requested I sign. It asked for my name and address, and stated in small print at the bottom that I did not have to fill it out, but if I didn't I couldn't fly. It also said that if I choose to fill it out and then provided false info, I would be in violation of federal law.

After filling out the affidavit, Laurie called a service to verify my address. The service needed me to then correctly answer three questions about myself, which Laurie relayed to me. The first was my date of birth, the second was a previous address (which I only got right on my second try), and the third was "You are registered to vote. Which political party have you registered with?" I got all three right, and only then did Laurie clear me to go through security.

Of course, I still had to submit to secondary screening, including a full-body pat-down and total luggage search. Brenda and Laurie stayed with me to make sure the process went as quickly as possible, and were again incredibly helpful and nice. They kept explaining over and over how necessary it was to "verify" who I was, and how times have changed, and how these new regulations must have been as a result of someone trying to get away with something, because there's always a reason for these thing but they don't always know what those reasons are. They were so nice and considerate that I waited until the very end before I finally said that I do not agree with the new regulations, but that I was thankful that the two of them acted so professionally and considerately to me. Laurie actually seemed a little dejected when I said this, because I had been playing along the entire time out of fear that I would not appear cooperative otherwise.

But I made it onboard my flight, and am back in Manhattan. I have flown without ID in the past, a couple years ago, and it was no problem. I almost preferred it because I got to skip the line. This time around though, it was incredibly burdensome, and involved the full attention of two high-level local TSA employees for a considerable period of time. I kept wondering if Laurie and Brenda were so busy with me for so long, what if someone really bad was doing something in another terminal or area? So even though I cannot say enough good things about how these particular TSA employees handled it, I still feel the new regulation is entirely inappropriate and unnecessary. Why do you need to provide a home address to fly? And what if I refused to answer the question about my political party allegiances? Luckily I kept my cool and even befriended the screeners just so they couldn't resort to the subjective lack-of-cooperation carve-out, but 45 minutes of standing at security not knowing if you'll make your flight seems specifically designed to test people's mettle and upset them. The TSA has turned flying without ID into an overly cumbersome and almost unmanageable chore.

We agree with CNet's Chris Soghoian when he says that this new rule is just more security theater— at the cost of your privacy.

While TSA's announcement stated that the goal of the change was to "increase safety," this blogger disagrees. The change of rules seems to be a pretty obvious case of security theater. Real terrorists do not refuse to show ID. They claim to have lost their ID, or they use a fake.

TSA's new rules only protect us from a non-existent breed of terrorists who are unable to lie.

Your papers please: TSA bans ID-less flight [CNet]
(Photo: Kevin Dean )

I was at the Germantown Wal*Mart to buy four bags of sugar because earlier in the day I had been at Butler’s Orchard picking 10 pounds of strawberries to turn into delicious jam. And to make delicious jam, you need lots of sugar. I grabbed four bags and headed to the checkout, where I also decided I could use some refreshment. I grabbed a Mountain Dew from the cooler, but the cashier had already processed my card for the four bags of sugar. He apologized and rang up another transaction for the Mt. Dew. At that point, he crumpled up my receipt for the four bags of sugar and handed me the receipt for the Mountain Dew. I headed for the exit, and was greeted by Wal*Mart security who wanted to check my receipt. I produced the receipt for the Mountain Dew and explained that the cashier had tossed the other receipt for the sugar. I would repeat this explanation 6 more times before this affair ended.

At this point, I attempted to leave, but was told I could not. I immediately asked if I was being detained. I was told “no” but that I wasn’t allowed to leave unless I walked back to the cashier to get a receipt. I said that I was “happy to let the security guard talk to the cashier, but that I was heading home with my sugar.” I attempted to leave again, and the door was blocked. I asked again if I was being detained, and was told “yes.” I asked on what grounds, and the security guard said “Because you stole.”

I informed the guard I had done no such thing, that the sugar was my property, and I was leaving with it. This time I pushed passed him and left the store, with him following me demanding I stop. As I left, he grabbed my bags, ripping them open. As he followed me he attempted to grab my bags, and grab the items inside of my bags. At one point, he told me that he should “kick my ass.” As I reached the end of sidewalk outside the store and headed towards my car in the parking lot, another employee came running and blocked my path. Soon afterwards a manager arrived. I again asked if I was being detained. I was informed by the manager that I was. I again asked for what reason, and was told by the original security guard that it was for stealing. I once again informed them that I hadn’t stolen anything and that I was leaving.

At this point, the manager informed me that Wal*Mart policy did not allow me to leave the store without showing a receipt. I said that I had paid for my merchandise, that it was in fact a store employee that had thrown away my receipt, and that I was not compelled to prove that items that I legally owned belonged to anyone but me. Again I inquired whether I was being detained, and was told my only options were to go back in the store to talk to the cashier or have the police called. I informed the manager that she was welcome to call the police, because I had done nothing wrong. At tht point, she radioed for someone to call the police. Once again, I started to walk to my car as the two security guards again attempted to block my path in the parking lot.

At this point, and off duty police officer came to the scene (he appeared to be heading into Wal*Mart to shop, not the one called by the manager), showed his badge, and asked for an explanation. Everyone was calmed by this, and tensions visibly eased on the faces of the Wal*Mart employees. I explained my side, and Wal*Mart employees explained their side. After the explanations, I asked the police officer if I was being detained, and he said yes. I asked on what grounds, and he said “suspicion of theft.” The officer told me I could give them “their merchandise back” and leave at that point or I could go inside and talk to the cashier. I indicated that since he was detaining me, I was willing to go back into the store and speak with the cashier, but that the merchandise belonged to me. At this point, one of the bags of sugar fell from my ripped bags and split open on the pavement. It was an accident, but I could tell no one believed me when I said so.

On the way into the store, the officer informed me that it was his day off, he had important things to do, and he didn’t want to take me to jail. But I had one last chance to give them their merchandise back and just leave, because if I wasn’t telling the truth, he would personally drive me to the station. I agreed wholeheartedly with him, and told him so. I’m fairly certain he thought I had actually stolen the sugar at this point. He then asked what I needed so much sugar for anyway. At the time, I was literally covered with strawberry juice. It had stained my shorts and shirt red, and I thought it was fairly believable that I was going to make strawberry jam. He still seemed skeptical, asking where I had been picking strawberries, and only seemed to believe me after I was able to name Butler’s Orchard. He then asked if I had ID, what my name was, and how old I was. Upon telling him this, he said “You better not be lying to me,” so perhaps I was too quick to think he didn’t assume I was guilty.

Of course, upon re-entering the store and speaking with the cashier, he informed everyone that I had paid for the sugar and the receipt was found in his trash can. His story differed slightly in that he told them he had given me the receipt but I had thrown it into his trash can. That was impossible based on where his trash can was from the checkout counter, but it didn’t matter. The original security guard was cordial, shook my hand, and apologized. The Wal*Mart manager and police officer lectured about how next time if I just cooperated and gave up my rights at the beginning, it would have been much easier on everyone. Trust me, Wal*Mart, there won’t be a next time.

If you defend Wal-Mart for this treatment of an average customer, you are a slave. There are other ways to prevent shoplifting. How about the security guard follows the suspected shoplifter to his car to take down his license plate while radioing someone in the store to confirm whether or not his story is legit? Besides that, Ben had four bags of sugar in Wal-Mart branded plastic bags—the likelihood that he was shoplifting them was low, and the value of the sugar to the store was virtually nonexistent compared to other merchandise that was and is probably being stolen from Wal-Marts all over America this weekend. No matter how belligerent a customer is in this situation, the guard, manager, and officer should remember that if the customer is innocent, he has a right to be belligerent and offended that he's being harrassed to such a degree—especially over something as trivial as four bags of sugar.

Update: Ben wrote back to us, "To their credit, they did replace the bag of sugar."

"Detained by Montgomery County Police For Buying Sugar" [Metblogs] (Thanks to everyone who sent this in!)
(Photo: kaibara87)

As provided Rule 5.6.3, Additional Cardholder Identification, of the MasterCard Rules manual, a MasterCard merchant must not refuse to complete a transaction solely because a customer who has presented a valid MasterCard card refuses to provide additional identification information, such as a personal ID, except as MasterCard specifically permits or requires.

A merchant may require additional identification if the information needed to complete the transaction, such as for shipping purposes. For transactions at unattended terminals such as card-activated gas pumps or transactions conducted on the Internet, by phone, or by mail, a merchant may request address information in order to use the MasterCard Address Verification System (AVS). By using AVS, the merchant can confirm that the address information provided matches the information that the card issuer has on file. Additionally, if the MasterCard card is unsigned, a merchant must request personal identification (but not record it) and require the cardholder to sign the card before completing the transaction.

If a cardholder encounters a MasterCard merchant that refuses to honor a MasterCard card without additional identification information, the cardholder may complete the Merchant Violation form found in the FAQs/Contact Us section of www.mastercard.com. The MasterCard Rules manual is also available at www.mastercard.com(click on “MasterCard Worldwide Rules”).

Regards,

Daniel F. Balistierri
MasterCard WorldWide

(Photo: Sam Wilkinson)

The kill switch guidelines:

The primary focus of the “divert an aircraft” task is to control the airspace and enforce no-fly or restricted flight zones. Effects should be focused on the aircraft, not the pilot or other personnel on board. The capability should enable the enforcement of flight restriction zones (e.g., metropolitan Washington, D.C.), protection of critical infrastructure and other high value assets from a possible aerial threat.

For aircraft on the ground, “stop” requires the aircraft to come to 0 mph at some point between when it starts to taxi and when it reaches abort speed. The requirement to “disable” includes actions to render inoperable, deny use, and/or deny access to an aircraft on the ground. Successful accomplishment of either objective results in keeping the targeted aircraft from becoming airborne.

So far, nobody is quite sure how to design and implement such a device. Additionally, the government would like to see this magical device on boats too. They wish to have a device that could, from 100 meters, "safely stop or significantly impede the movement" of vessels up to 40 feet long, with "minimal collateral damage."

Even if such a device could be properly engineered and implemented, would you be at ease with flying on an airplane that had a government-controlled kill switch which could suddenly take control the aircraft at a moment's notice? Instead of preventing harm, it seems to us, that such a device would only create another avenue for terrorists who could exploit such a device to their advantage. Furthermore, it seems reasonable to believe, like any piece of technology, that this device could malfunction and potentially activate itself. Do you think a kill switch on airplanes is a good idea? How would you go about inventing such a thing?

Pentagon Wants Kill Switch for Planes [Wired]
(Photo: Getty)

The article says,

While it allows the security screeners — looking at the images in a separate room — to clearly see the passenger's sexual organs as well as other details of their bodies, the passenger's face is blurred, TSA said in a statement on its website.

The scan only takes seconds and is to replace the physical pat-downs of people that is currently widespread in airports.

TSA began introducing the body scanners in airports in April, first in the Phoenix, Arizona terminal.

The installation is picking up this month, with machines in place or planned for airports in Washington (Reagan National and Baltimore-Washington International), Dallas, Las Vegas, Albuquerque, Miami and Detroit.

But the new machines have provoked worries among passengers and rights activists.

"People have no idea how graphic the images are," Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, told AFP.

The ACLU said in a statement that passengers expecting privacy underneath their clothing "should not be required to display highly personal details of their bodies such as evidence of mastectomies, colostomy appliances, penile implants, catheter tubes and the size of their breasts or genitals as a pre-requisite to boarding a plane."

Besides masking their faces, the TSA says on its website, the images made "will not be printed stored or transmitted."

"Once the transportation security officer has viewed the image and resolved anomalies, the image is erased from the screen permanently. The officer is unable to print, export, store or transmit the image."

Lara Uselding, a TSA spokeswoman, added that passengers are not obliged to accept the new machines.

"The passengers can choose between the body imaging and the pat-down," she told AFP.

Even if we trust the TSA to blur the faces of travelers and properly dispose of the naked images, and we don't, we believe the TSA has reached yet another milestone in violating our privacy. We appreciate the fact that the TSA is allowing us to choose between the full-body-scan and a pat-down, as if giving us some choice absolves them from any criticism. So which would you prefer, being groped by the TSA or letting them take your naked picture?

Scanners that see through clothing installed in US airports [AFP] (Thanks to Bladefist!)
(Photo: Getty)

It's alleged that while Jackson worked at Time Warner, she received a payment on a customer's account through a credit card and kept the victim's credit card numbers. This allegedly happened at a call center located in Blue Ash, according to a Time Warner representative.

In the following weeks, Jackson allegedly ordered items over the internet and over the phone using the numbers.

Investigators said Jackson had the items sent to her home, but it is not yet clear whether that led to her arrest.

Wait, she used the stolen info to shop and mail things to her own address? We're going to allege that Jackson was an idiot.

"Former Time Warner Cable Employee Arrested For ID Theft" [WCPO News]

Remember TJX's gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn't. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store's security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.

According to The Register,

Benson's May 8 posting was prompted by news that managers had changed the password for employees to access the store server. Inexplicably, it was set to blank. When Benson first began working for TJX, his password was the same as his user name, he said. Then came word in January 2007 that unknown hackers had brazenly intruded on the company's network over a 17-month period. For a time following the disclosure, TJX employees were required to use relatively strong passwords. The change to a blank password clearly represented a step backward, Benson thought.

TJX says the former employee divulged confidential information, but Benson claims that he's acting as a whistleblower to get them to improve their security:

"My information is still on that server," he continued, referring to the machine that sits in an office at the TJ Maxx where he once worked. "So if their network is insecure, then my information is insecure. I'd prefer they get it fixed."

"TJX employee fired for exposing shoddy security practices" [The Register] (Thanks to Will!)
(Photo: crazytales562)

Currently, laptops must be removed from their cases so that security screeners can search for weapons or explosives, a delay responsible for significant slowdowns at airport security checkpoints. The TSA is currently testing several laptop case prototypes that when unopened would allow screeners to get clear look at the laptop without the clutter of cords and accessories that typically disturb an x-ray image. The new cases employ a clamshell design which travelers would unfold and lay flat on the conveyor belt, thus separating the laptop from cables and accessories.

Targus and Skooba will be the first two companies to offer the new design. Targus has designed 4 prototypes thus far. "Heavy travelers will be the first adopters of this," said Al Giazzon, Targus' marketing chief. Michael Hess of Skooba said, "Anything that speeds up the process and reduces the burden on travelers and screeners will improve the deteriorating travel situation."

We're pleased to see that efforts are being made to reduce security delays. To us, these new cases make sense. Not having to remove the laptop from the case means less chance for accidental damage and tampering, an added benefit.

Have laptop, will breeze through security? [USA Today]
(Photo: Getty)

He writes:

Hello, I am writing to "vent" in a way about my latest experience with Bank of America. So last Friday I made a deposit of $2019 into my check account and had my balance printed out to see what kind of shenanigans BOA was going to try and pull this time. Well I apparently had access to roughly $366 if I remember correctly. I figured as much because apparently this is standard for any large deposit, but hey I figured I could live on that for the weekend. Well the next day I went to seven eleven to buy myself a pack of cigarettes and when I swiped my card the cashier says "cards been denied" and I didnt think twice about it because there was a post it on the register saying the debit was not working and I never use credit. So I bought my cigs with some cash and headed to the hardware store. I picked out about $21 of nuts and bolts and went to the register. Can you guess what happened? Card denied!!! So I had the cashier run it through again. Same result so I had to leave the store with nothing.

I get home and decided to give BOA a call to figure out whats going on. While I was on hold I logged onto my online account access and saw in bold red letter "HOLD". When I finally did speak with someone he verified that indeed my account was on hold. So I didn't have access to any of my money not even what was in there before my large deposit. I was told that Tuesday at 9:00 AM my money would become available. I was frustrated but I had to deal with it.

So an hour ago about 8 hours after the hold was released I check my account to find I have 3 overdraft fees and immediately call BOA. After waiting 15 minutes to speak to someone I was told that as a "courtesy" they would remove the charges for me today. Wow, what happened to "sorry we made a mistake". Which is all i was really hoping to hear. Then when I asked why it was a courtesy to remove unwarranted overdraft fees, the phone operator told me it was my fault? Just WOW! Then she said that there was never a hold and that the credit just hadn't been applied yet. Then I asked her well why was my card denied? Why did it say my account had a hold on it online? Why did the phone operator i talked to the other day tell me there was a hold? Why couldn't I access the money I already had in the account? All I heard was dead silence, followed by "As a courtesy I have removed the charges from your account today." Bank of Americas wonderful service is about to lose another customer...

Bank of America doesn't want your service nearly as much as they want to win our Worst Company in America contest. Ditch the monolithic banking monster in favor of a friendly local credit union.

RELATED: How To Find And Join A Credit Union

(Photo: meghannmarco)

You might have a harder time finding kosher meat in the coming weeks, because the country's largest kosher meat packing plant, Agriprocessors, was raided this past Monday. At least 300 of its nearly 1000 employees were arrested for using fraudulently obtained Social Security numbers, and immigration officials have said they expect the number to go as high as 700.

Agriprocessors is located in Postville, Iowa, which might seem like an odd place for the nation's largest kosher meat packing plant:

About 200 Hasidic Jews arrived in Postville in 1987, when butcher Aaron Rubashkin of Brooklyn's Crown Heights neighborhood reopened a defunct meatpacking plant with his two sons, Sholom and Heshy, just outside the city limits. Business boomed at the plant, reviving the depressed economy while pitting the newcomers against the predominantly Lutheran community.

"Iowa meatpacking plant raided in ID theft investigation" [USA Today]

RELATED
"Immigration Authorities Arrest Hundreds in Raid on Nation’s Largest Kosher Meat Plant" [Forward]
(Photo: Getty Images)

The article says,

Since the Sept. 11 attacks, the U.S. government has been concerned about counterfeit documents being used for fraudulent purposes.

"She said the only way I could get it was to send her proof that I am a legal resident here," said Bustos, who works at a McDonald's in Fort Myers. "She wanted me to e-mail her a copy of my green card."

Bustos said she has lived in the United States for 15 years, became a legal resident and received her green card in 2002.

"I told her I thought that was ridiculous," Bustos said. "She represents a private company. She's not an agent for the immigration service, and I have no obligation to show her my immigration status.

"We paid to have those documents sent, and they should deliver them to us. There is nothing illegal in that envelope."

UPS claims that they are only following procedures outlined by the government which is trying to prevent counterfeit documents from entering the country that could potentially be used by illegals to gain citizenship or some other right. The article says,

"Many people are involved in sending fraudulent documents to the U.S. for the purpose of stealing identities," said Zachary Mann, spokesman for Customs and Border Protection in Miami.

Some attorneys have insisted that the procedure violates the U.S. Constitution's Fourth Amendment guarantee against "unreasonable search and seizure."

Customs officials disagree. They say there always has been an exception to that law: People at U.S. borders can be searched and belongings can be seized without the usual warrants and legal prohibitions.

Because the courier hubs are where international packages enter the country, they qualify for the border exception, the officials say. Airports also qualify, they contend.

It seems that UPS isn't doing anything illegal in asking her to "identify herself further," but do they have a right to know her citizenship status? Should the government be flagging 2 simple birth certificates over security concerns? Or should Cristina just roll over and get with the system? Let's hear your opinions, Consumerists.

Florida woman's fight with UPS touches nerve over security level [Palm Beach Post] (Thanks to Steven!)
(Photo: Maulleigh)

Geoff's wife tried to mail a padded envelope full of love to his mom for Mother's Day, but the post office returned it to Geoff's house the next day with the above label, which says the item could not be delivered due to "heightened security requirements." That's all well and good, but what Geoff wants to know is, if this envelope is potentially dangerous, why would you bring it to the person named on the return address?

By Geoff's estimate (and ours), either it's a huge flaw in their security plan, or the USPS doesn't really believe in their own rules.

The whole process makes no sense to me. In fact, I'm so confused why the Postal Service is doing this, I asked them to comment.

The rule actually predates 9/11, going back to the mid-90s. The weight limit, recently lowered to 13-ounces, complies with the weight limits for Priority Mail.

In an email response response, Doug Bem from the US Postal Inspection Service included this all purpose line:

"Unfortunately I won’t be able to get into the specifics of those security issues because someone who could misuse that information might be a reader of your blog; all I can say is that the issues still exist today."

When he posted this story on his blog, it got picked up by a USPS-related website and he received several comments from possible postal service insiders. This morning, someone calling himself "VaguelyPostal" (which is a troubling name in itself) wrote:

I believe your basic concern is why if your wife's package was considered suspicious or dangerous was it returned with the carrier as a regular piece of mail.

I agree, the explanations you are getting are not logical. But, to make it logical to you would require revealing information that would detract from postal security.
Being intentionally vague, I will tell you that your package was returned through normal delivery channels only because it violated the 13 oz. rule, not because it was deemed suspicious, dangerous, or hazardous. If the package had been classified as those latter categories it would not be entered into mailstream.

So the final, vague summary seems to be: if you get an item returned to your address for violating security rules, odds are high the USPS doesn't really think it's dangerous, but rules are rules and they can't accept it.

If you don't have a scale at home, an unopened can of soda weighs between 13 and 14 ounces, so you can use that as a rough guide.

"My 13-Ounce Dilemma" [GeoffFox.com]

Until recently, the law said that unwarranted computer searches constituted an "intrusion of the mind", but those days are now over in light of the new rulings. The latest rulings stem from a case where airline passenger, Timothy Arnold, was pulled aside for secondary questioning upon his arrival into LAX from The Philippines in July, 2005. Customs agents searched his laptop and found images depicting child pornography. Initially, it was ruled that agents didn't have reasonable suspicion to search his laptop, however, that ruling was overturned. Arnold was later charged with possessing and transporting child porn and with traveling to a foreign country with the intention of having sex with children.

U.S. Attorney Thomas O'Brien praised the decision, "The government needs to have the ability to restrict harmful material from entering the country, whether that be weapons used by terrorists, dangerous narcotics or child pornography." However, many disagree.

Travelers now have new concerns about the security of their private and corporate data. Some fear that poorly trained officers could accidentally corrupt or erase data during such searches. Also unknown, is where and how long data will be stored, perhaps making it vulnerable to theft or breaches. As it stands, all retrieved data can be kept indefinitely.

Despite the governments' new far-reaching power into your privacy there are a few things you can do to help secure your data when you travel. CNET offers a handy article that outlines different types of encryption and other techniques that can help keep your data secure.

The added delays and headaches seem almost insignificant when considering how much our personal liberties are being systematically revoked. We can understand the need to search for weapons and contraband but suspicionless searches of data is a bold new level of privacy invasion. Our laptops and personal information, once considered an extension of the mind, are now considered luggage. We wonder how long it will be until our minds are also considered luggage and subject to search without suspicion.

Border Agents Can Search Laptops Without Cause, Court Rules [Information Week]
9th Circuit OKs Border Guards' Search of Traveler's Laptop [Law.com]
Security guide to customs-proofing your laptop [CNET news]
(Photo: Getty)

We've done a bunch of posts on how it's a violation of their credit card merchant agreements to ask for additional ID in order to complete a purchase. An IHOP threatened to call the police on one reader when he wouldn't show additional ID. A Walmart tried to hold a man's ID and credit card hostage. Debate erupted amongst Consumerist commenters. Like a scythe through ripe wheat, here is an official VISA statement on how stores can't do this, unless the credit card itself is unsigned:

Merchants may not refuse to honor a Visa card simply because the cardholder refuses a request for supplementary information. The only exception is when a Visa card is unsigned when presented. However, "See ID" is not considered a valid signature. In these situations, a merchant must obtain authorization, review additional identification, and require the cardholder to sign the card before completing a transaction.

To report any merchant practices that you feel are inappropriate, please notify the disputes area at the financial institution that issued your card account. Your card issuing bank has access to the appropriate Visa rules and regulations as well as to the Notification of Customer Complaint forms which should be used by your bank to document and file merchant complaints.

As an alternative, you may contact the Global Customer Care Services to report merchant practices that you feel are inappropriate. Please contact the Global Customer Care Services at 1-800-VISA-911 (1-800-847-2911). Please advise them that you were referred to file a complaint. The staff will be able to initiate a complaint form over the phone.

(Photo: Getty)

Once again, the lesson is to keep a separate hard drive just for stuff you don't want people in the repair shop to see.

Geek Squad: A matter of trust [Star Tribune]

Statements + Lawsuit (PDF)

Here's Cole's email. We're going to pull out the actual URLs so we don't encourage more snooping, but we tried Cole's method and were able to pull up customer infor screens on our own:

My friend pre-ordered GTA4 from BestBuy.com and since he doesn't have a printer he forwarded me the confirmation email of his purchase so I could print it out. The confirmation email contained a link to print out the page if you were having trouble viewing the email from within your email client. I was (since the message was forwarded to me the styles and images were all messed up), so I clicked the link which took me to [redacted]. I was curious how random the &e parameter was so I decided to play around with it and discovered it isn't really random at all and by incrementing a certain part of it I was able to find home addresses of other users of BestBuy.com who had packages shipped to them.
 
This seems like a pretty serious privacy issue as I am now able to find full names and addresses of people that have bought something from BestBuy.com and had it shipped to them.
 
Cole

Here are a few more signs from the list:

4. The suits begin holding frequent "secret" meetings.
Confidential meetings among executives are commonplace at most companies, but more closed doors and hushed voices than normal should serve as a warning. For instance, if most of your department suddenly disappears for an impromptu two-hour meeting that you weren't invited to, you should at least ask questions — and be prepared to hear lies.
 
10. The email deluge suddenly dries up.
A sudden, pronounced and prolonged drop in the volume of email you receive may be a welcome respite from communication overload, but it also might mean that key projects that would have normally been assigned to you are being handled by employees that the company sees as key to its future. Meaning, not you.
 
13. You notice unfamiliar security guards around the premises.
Companies often hire extra security personnel on days that employees are let go, ostensibly so that those who blow a gasket can be manhandled off the premises before they cause a ruckus and that those with access to important company data don't walk out the door with state secrets. If a couple of 275-pound bruisers start hanging around the break room, you or one of your colleagues may have a shorter-than-expected work week.

I too like other readers had signed up for this service. After a few months (and a few $14.95) charges, I decided their service wasn't worth it. I have no issue with the money spent, that is my fault..
 
However, when I went to cancel my monthly subscription, the first thing the operator asked for was my SSN... not the last 4, but the full SSN.. Why in the world would a company who's job it is to alert you to credit issues ask for something like that? I mean, one of their services they offer is related to identity theft.
 
But it gets worse...
 
After the CSR was able to (through some sort of magic or wizardry) pull up my account via my phone number, in oder to "verify" who I was, she wanted my mother's maiden name !!!! After being on-hold for 20 minutes while she escalated to a manger, the call was disconnected..
 
Can you imagine the audacity of a company who's job it is to "protect" your credit report and help with identity theft asking for full SSN and Mother's maiden name? Keep in mind, all I was trying to do was cancel a subscription to a credit monitoring agency I was able to register on-line with...
 
I then called back in, and this CSR was able to cancel my account with my phone number and birthday (yes, he too asked for my SSN and mother maiden name, but again, through some magic he pulled my account using other info. I will say, while he tried to up-sell me, (Sir, I realize you think this service is ineffective, but for only 29.95 a month you can add this service and get more info) and then tried to convince me that I still had some time left on my account, and I should call back closer to my billing date to make sure I got full utilization , I stood strong and insisted on canceling my account..
 
I think I will be checking my credit card to make sure they canceled it...

I've never heard of Certegy, until April 6. I went to K-mart to purchase some items, wrote a check (which I have done there dozens of times before), and it was declined. Huh? I mean WTH?! I've never had a bounced check, I have over draft protection anyways. I called the toll free number, of course it's automated, they won't give you a reason, the recording just said "Precautionary Measures", sooooo, what the heck is that all about? I cashed a check elsewhere a few minutes later, just fine.
 
I emailed K-Mart complaining about being the embarrassment it caused me. I emailed Certegy also, all I received from both was a form letter giving me instructions how to obtain more information about my particular situation. OK, so, I requested a letter through USPS which was suppose to explain WHY my check was declined. This is the response I received (you guessed it, another form letter).

Dear Ms. XXXXX,   This letter is written in response to your inquiry regarding our recent inability to authorize your check. Initially, we want to assure you that we understand the concern this can cause, and we apologize for any inconvenience you may have experienced.   Certegy Check Service (CCS) is a check authorization service. Our clients throughout the United States utilize the service to help reduce losses incurred through retail practice of check acceptance. For many CCS clients we assume liability should an authorized check subsequently be dishonored. CCS maintains a computerized file containing both returned check information and driver's license or checking account number. In addition to this information, over 40 years of check authorization and resulting loss experiences CCS has developed guidelines for authorizing acceptance of checks. Our system determines the potential risks associated with with checks. Many proprietary factors are evaluated and in making decisions for check approvals. We also track check writing based on many factors, including check sequence number,, check writing activity and check amounts. This process is designed to protect consumers and retailers and to prevent unauthorized individuals from writing checks on otherwise valid accounts. Unfortunately, valid check writing patterns can occasionally overlap with these patterns resulting in out inability to authorize a valid check such as yours.   Regarding our inability to authorize your check, although there were no returned checks on file, the check fell outside of approval guidelines. Unfortunately, we did not have any addtional information at the time to override the concern, and we again sincerely apologize.   In closing, we do appreciate and understand your concerns. Please contact our Customer Care Department at 800-352-5970 if we can be of further assistance.   Sincerely, CERTEGY CHECK SERVICES, INC. Customer Care Department

The check fell outside WHAT approval guidelines? Does this scream discrimination or am I being just plain stupid?

• they keep a "computerized file containing both returned check information and driver's license or checking account number"
• they've used "over 40 years of check authorization and resulting loss experiences" to develop guidelines for authorizing checks
• some proprietary factors!!!
• some sort of pattern matching based on things like "check sequence number, check writing activity and check amounts."

• "Regarding our inability to authorize your check, although there were no returned checks on file, the check fell outside of approval guidelines. Unfortunately, we did not have any addtional information at the time to override the concern, and we again sincerely apologize."