Tuesday, March 22, 2011

Bank Details and PIN's Left Behind on Second-Hand Mobiles

YORK, EnglandMarch 22, 2011 /PRNewswire/ -- People are unsuspectingly selling their personal information to complete strangers as a new report from CPP finds half (54%) of second hand mobile phones contain extensive personal data.
Second hand mobile phones and SIM cards purchased on eBay and used electronics shops by life assistance company CPP were examined in a live experiment to see what personal information was available on the handsets and whether it constituted a threat to their former owners' identities.
The experiment revealed 247 pieces of personal data* that had been carelessly left on a range of mobile phones and SIM cards. The personal data included credit and debit card PIN numbers, bank account details, passwords, phone numbers, company information and log in details to social networking sites like Facebook and LinkedIn.  
In research that supported the experiment, half of second hand mobile owners said they have found personal information from a previous owner on mobile phones and SIM cards they have purchased second hand. 
Worryingly, the vast majority (81 per cent) of people claim to have wiped their mobiles before selling them, with six in ten confident they have removed all of their personal information from them.  However, the experiment revealed that 54 per cent of mobile phones and SIM cards contained sensitive personal information putting people at unnecessary risk of identity and card fraud.
The variance could be explained by the fact that most people who claimed to have 'wiped' their handsets tried to erase the data manually – a process that security experts acknowledge leaves the data intact and retrievable.
And it seems personal information comes cheap with individuals selling their old handsets and SIMs for an average price of 47 pounds Sterling.
As people rely heavily on their mobile phones to store personal data such as e-mail addresses, social networking log in details, banks account details and even debit and credit card PIN numbers, CPP is calling on people to make sure they remove all of their personal and financial information from their mobile phones and undertake adequate security measures to protect themselves fromidentity theft.
Mobile data expert from CPP, Danny Harrison said: "This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data.  With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data.
"If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so."
Senior Vice President of CRYPTOCard Jason Hart, who was commissioned by CPP to carry out the experiment said: "The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications."
CPP's top tips on wiping your mobile phone of personal information:
  1. Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data
  2. Remove your SIM card and destroy it  
  3. Delete back-ups -  even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else
  4. Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications.  Once you are logged out make sure you delete the password and connection
  5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password
  6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side
  7. Don't store vast amounts of personal information on your mobile phone / SIM
  8. Make sure you check your bank statements regularly to monitor for suspicious transactions
  9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
  10. If you want more information on how to protect yourself or see how these experiments worked, please visit CPP's blog

Disqus for ePayment News