“So, just so I’m clear, I’m telling you that someone stole $1,000 out of my account, and you’re telling me that even though I’m a customer of your bank, and even though the ATMs belong to you, the only way you’ll look at the film in your cameras, so I can prove it wasn’t me, is if I go to the police and get a subpoena?”

“That’s right. The only way you can see the picture is with a subpoena.”

“Okay, but you’re still my banker, right?

“Right.”

“That’s okay, because as my banker you can just look at the film in your camera for me?”

“No. My supervisor says you’ll need a subpoena for that, too.”

Unlike most people, I know that my financial institutions don’t protect me from all identity theft. They only protect me for the accounts I have with them. In fact, my bank makes a big deal out of some of their services in their advertising.

Here’s what they say on their web site:

“If you’re a victim of identity theft or account fraud, you should notify your bank(s) immediately. If your account(s) is with us you should call your customer service representative immediately. We will work with you in an effort to make appropriate corrections of unauthorized transactions in your accounts and to correct any incorrect reports submitted by us to credit bureaus, and will attempt to help protect you from any future identity theft or account fraud.”

They also told me to place fraud alerts on my account and file a report with the police.

All of which I did (or LifeLock had already done for me). So you can imagine my surprise when after reporting that I had apparently been the victim of Skimming, my bank informed me that they found nothing wrong with they were recognizing as an “authorized transaction.”

Skimming is when identity thieves create a new card by stealing your credit and debit card numbers using a special storage device when processing your card (see Wayne Ivey’s blog of November 24, 2008). They also stole my PIN. The thieves then proceeded to withdraw the maximum daily amount. Luckily I caught them on Day 2 and reported the two thefts to my bank.

When the bank denied my claim, they told me I’d be able to view the material used to review my case, so in lieu of a subpoena forcing them to look at the ATM footage, I asked to see the material.

“What documents?”

“The documents used to review my claim. The denial notice said I could see all the material used to review my claim.”

“My supervisor says that’s just a form letter and there are no documents.”

“Then how did you review my case?”

“We have a series of guidelines.”

“Fine. Send me a copy of the guidelines.”

“Well, they’re not actually written guidelines.”

So, to make a long story only slightly less long, the first phase in my bank’s efforts to “help me” is actually a Denial Procedure. I know because two of the representatives I spoke with told exactly that. That is to say that, rather than help me recover my losses, the bank first looks to see if they can simply justify not helping me at all.

But I have LifeLock.

For three days my bank refused to help me in anyway. Forty minutes after LifeLock got involved, the bank agreed to review the footage, without a subpoena, and less than 24-hours after that my $1000 was back in my account.

LifeLock works. My soon-to-be-former-bank, not so much.

Everyone saw it coming the moment she was announced as John McCain’s running mate. It didn’t matter if you knew nothing else about Gov. Sarah Palin, the moment you saw her you knew this: Tina Fey would be playing her on SNL. The resemblance is uncanny, the impression hilarious, and even though you can’t seriously classify Fey’s caricature of Palin as identity theft, what happened to Palin’s Yahoo Mail account may be.

Using social engineering, hackers exploited known weaknesses in Yahoo Mail’s password-recovery feature. What is social engineering? Social engineering is the term used to describe when we use social skills, like lying, deception and persuasion, to manipulate people into doing what we want or giving out confidential information. Online, it usually refers to someone posing as a legitimate user in order to gain privileged information like passwords or usernames.

How did they get Palin? Like most web accounts, Yahoo allows you to reset or recover your username and password. Usually this is allowed after you’ve provided personal information that would identify you as the authorized user. How hard was it to get into Palin’s email account?

According to published news reports:

• It took just 15 seconds on Wikipedia to answer the prompt for Palin’s birthdate
• The prompt for a ZIP code took little more time considering Wasilla, Alaska, only has two
• Palin’s personal security question, ‘Where did you meet your spouse?’ took a few attempts before the correct answer was successfully guessed: Wasilla High School.

I’m not well known like Palin, but it still won’t take much more time to learn that I was born in Brooklyn, NY or that my mom’s maiden name was Beck. I went to a lot more grade schools than the average person, so that may slow you down a little, but once you realize my childhood hero was Batman, I’m screwed.

The problem for Palin is that her personal information is, well, public. The problem for the rest of us is that even for a relatively unsophisticated identity thief, ours is too.