Syracuse University junior Adam Gerritsen says he’s paranoid.

‘You never know what people are thinking or planning,’ he said.

But Gerritsen’s mistrust doesn’t interrupt his everyday life, just the parts that have to do with online shopping. While the biology major will purchase almost anything from his own computer, he refuses to enter his credit card number on a public computer like those in SU’s computer labs.

According to a new report from the Federal Trade Commission, it’s with good reason that Gerritsen errs on the side of caution when using credit cards or giving out other personal information. The agency reported that identity theft complaints grew by 73 percent over last year, accounting for 43 percent of all consumer complaints.

After hearing these numbers, Gerritsen is even happier that he takes extra steps to protect himself from fraud.

‘I stay away from public computers because they are open to anyone, and it’s just not worth the risk,’ Gerritsen said. ‘My home computer allows me to keep track of all my purchases safely, because it’s on a machine that I control.’

James Tompkins, executive director of Computing and Media Services, said that although identity theft could be a potentially big problem at universities, where thousands of students use open computer labs each day, he has yet to receive any complaints about it at SU.

Much of this, he thinks, has to do with the security tactics companies use to protect customers who shop online.

‘My sense is that it’s not so much the process of putting in a MasterCard number. The act of doing a transaction like that is very secure and that’s not how and where identity theft occurs,’ Tompkins said.

Instead, identity theft is more likely to occur when users don’t log-off or restart the public computers on which they entered personal information, he said. Individuals who use university computers are instructed to log onto the machines using their own SUNIX account, and should log-off when they’re done, Tompkins said.

‘When you log-off the computer you’re wiping it clean of what was there before so none of the information is there anymore,’ Tompkins said. ‘Unless the person who’s there before doesn’t terminate they’re okay.’

According to the FTC, obtaining someone’s personal information over the Internet is the eleventh-highest cause of identity theft out of 16 categories reported by the agency. Obtaining someone’s credit card information by actually stealing the card, applying for a fraudulent account and other similar tactics are the most common forms of identity theft.

Despite Tompkins’ assurances and the FTC’s statistics, senior Ian Molloy’s online purchasing habits are a lot like Gerritsen’s.

Molloy, a computer science major, readily admits he’ll buy just about ‘anything and everything’ online. He just won’t do it from any computer but his own, and he refrains from using the most popular Web browsers because they have bigger security problems, he said. Instead of Internet Explorer, Molloy uses other commercial Web browsers that update security holes daily and give more detailed information about security connections to users.

To keep unwanted visitors away and to protect his computer, Molloy has firewalls on his machine and also scans his computer regularly to make sure no one is accessing his files through the Internet.

Gerritsen said he has multiple passwords on his computer. Living off-campus with four other students, trust is not an issue where his personal information is concerned, he said.

‘It’s not that I don’t trust them, I just don’t take the chance with anyone,’ he said.

In another report the FTC also found that in cases where the victim was able to identify the perpetrator, family members and roommates were the two groups most-frequently cited for the identity theft. Information being stolen from a workplace, or in a student’s case, from college, is the fourth highest course of identity theft, according to the FTC.

But just because workplace and educational settings aren’t the first place most thefts occur doesn’t mean Gerritsen isn’t extra cautious when using a campus computer. Not only does he refrain from purchasing products and services online, but when he uses passwords for instant messaging and e-mail on public computers, he often changes his password the next time he uses his own computer at home.

‘The machines at school or in the labs could have malicious software on them to record keystrokes, or send passwords to specified e-mail addresses,’ he said. ‘Software like this is all over the net. If somebody wanted to, they could easily plant this stuff on the school computers. That is why I won’t use them. I never know what’s going on in the background.’

Gerritsen also worries about the information storied in cookies, the files that store information about a user’s Web experience. Molloy said it’s possible for a Web browser or cookie to save a person’s information and allow another user to later obtain the information legally. But in order to do this the browser would have to be programmed to do so, and even then most won’t typically cache encrypted information like credit card numbers, Molloy said.

In addition, if the information was stored on a Web site’s server and someone broke into it, he could access personal information from anyone who ordered from that Web site.

But break-ins, Molloy said, aren’t necessarily easy to do, and aren’t usually due to security holes. Instead they’re usually the result of administrators using a common server password that computer hackers can easily guess.

Molloy admits that his knowledge of computers and Internet programming probably guides the decisions he makes about where to make his online purchases. But on the other hand, his purchasing habits may also be the result of a little bit of naivete as well.

‘I suppose I’m a little guilty of the thinking-that-it-wouldn’t-happen-to-me syndrome,’ Molloy said.

Published on January 29, 2003 at 12:00 pm