In From ScamBusters!
Digital Passport Use Fuels Identity Theft Concerns
Gotta digital passport card? Well, at the last count, more than a million Americans have already been issued with the new security cards, called U.S. Passport Cards, introduced in July of last year.
And no sooner had they arrived, than stories started hitting the [COLOR=blue ! important][COLOR=blue ! important]Internet[/COLOR][/COLOR] warning that the microchips on the devices could be read by scanners from 20 or 30 feet away.
In one YouTube clip, a guy describing himself as an "ethical hacker" is seen driving around San Francisco reading off the numbers on people's digital passports from inside their pockets and purses, onto a notebook computer in his car.
He notes new chips on other cards in the future, like [COLOR=blue ! important][COLOR=blue ! important]driver's[/COLOR][/COLOR]
licenses and even credit cards, could also be read remotely, enabling the crook to assemble all the information needed for a full-scale identity theft.
This isn't going to be a technology lecture, but we do need to get to the bottom of just how safe these new devices are and what we can do to protect ourselves from yet another route to identity theft.
First, a couple of simple points:
There are two new types of passports containing microchips that help identify us:
The difference is that the U.S. Passport Card isn't a true international passport at all. It's only usable for travel in North America -- that is, between Canada, the US, Mexico and the Caribbean -- and can't be used for other international travel.
- The U.S. Passport Cards we discussed above, and
- A more complex card, which was introduced in August 2007 in the US and is also being introduced and used in many other countries, called a "biometric passport."
It has been introduced to beef up border security between these countries, without the holders needing to carry a full-blown passport. And it's only available to US citizens.
U.S. Passport Cards
The chip on this digital passport (called an [COLOR=blue ! important][COLOR=blue ! important]RFID[/COLOR][/COLOR] chip, if you're interested) actually transmits a signal, so your movement across the borders can be automatically recorded, and that's what has some people alarmed.
Well, here are two reasons we are somewhat less concerned about these cards:
Important Action: If you have a U.S. Passport Card, make sure you keep it in the sleeve. Don't get careless.
- The chip carries only a number, and that can only be matched against a secure [COLOR=blue ! important][COLOR=blue ! important]database[/COLOR][/COLOR] on government computers. There's no other transmittable identifying information. (Naturally, there is the valid concern about the security of government databases, but that's a different issue.)
- The card is issued with a sleeve that prevents it from being read when not in use.
Of course, the actual card (not the chip) itself does contain personal information and your photo printed on it, just like your driver's license, and, indeed, is being touted as a replacement for the license in situations where you need to confirm your identity, including employment applications.
You can see one and read more about them at Travel.State.Gov.
So that means you need to apply all the other safety rules you would use to protect it from being stolen, when it really would spell trouble for you in the hands of a thief.
Biometric passports, officially called U.S. Electronic Passports (or e-passports), are a different kettle of fish. Most countries, including the US and much of Europe, now issue only these, replacing the old-style passports as they expire.
Different types of data are stored on chips inside the passport booklet depending on the country -- some have facial or iris recognition information, others fingerprints and so on. In the US, the chip stores the same data visually displayed on the photo page of the passport, and also includes a digital photograph. As you go through passport control, those features are electronically checked against the information on the chip.
Many security experts claim the technology is just too complicated, while others say it's not secure enough and is susceptible to identity theft, especially since they can be read from about 20 to 30 feet away.
It is true that the chips used in biometric passports are encrypted (the information is jumbled) and they don't transmit their information in the same way the US digital passports do.
However, a British newspaper did show how they could be read through a sealed envelope.
Important Action: Keep your biometric passport in a protective sleeve at all times. Don't be careless about this.
We share the privacy and security concerns of this new technology raised by many experts in the field. However, these passports are here to stay, so we want to make sure you know the issues and actions to take to protect yourself.
And just as we wrote about digital passport cards above, we definitely need to do all we can to ensure they don't fall into the wrong hands.
When Cheap Airfares Turn Expensive
Staying with the travel theme of this week's issue, here's another question: Have you ever bought or thought of buying one of those ultra-cheap companion air tickets?
You know the sort of thing: You buy one air ticket for a regular fare and get a second one for your traveling companion for a knock-down price, like $99. These are often given as a supposed perk for an expensive [COLOR=blue ! important][COLOR=blue ! important]airline [COLOR=blue ! important]credit [/COLOR][COLOR=blue ! important]card[/COLOR][/COLOR][/COLOR].
But all is not as it seems, as one of our Scambusters team members confirmed from a recent travel planning experience. It was, she says, a huge mistake.
"First, it's not really a $99 fare," she explains. "You need to spend at least $250 on the other fare for it to be valid. Then, it doesn't include taxes, fees etc., so ours actually cost more like $125."
OK, all that's in the fine print. But that's just the start. What happens when you need to change your flight plan, as our Scambusters team member did?
It's bad enough that for all non-refundable changes that airlines demand $150 per ticket just to do the swap -- even when it's the same flight, just on a different day. And they also expect you to make up any difference, if there is one, between what your original ticket cost and what the new one runs to.
Our experience has been that the regular price ticket usually costs more or less the same on both flights, so there's "just" the $150 change fee.
But with the companion ticket, the $150 change fee wipes out the original $99 deal and you get no credit whatsoever for this ticket against the new one, now offered at full price.
In this example, without explaining the math, this would have changed the charge for the companion ticket from the basic $99 plus taxes to not far short of $1,000!
"So the lesson learned," she adds with a sigh, "is never to use the $99 companion fares if you believe there is ANY chance that you'll need to change your reservations. I wish I had known that."
These days, traveling is not much fun at the best of times. Somehow, the airlines have contrived to make it even more painful.
One the other hand, the security issues related to a biometric or digital passport are real, and require more serious evaluation by top experts. And as users, we need to make sure we keep our new passports in protective sleeves at all times.
That's all for today, but we'll be back next week with another issue. See you then!