Q. What could a boarding pass tell an identity fraudster about you? A. Way too much

The Guardian Unlimited ^ | 5/3/2006 | Special Report

[cinives]

This is the story of a piece of paper no bigger than a credit card, thrown away in a dustbin on the Heathrow Express to Paddington station. It was nestling among chewing gum wrappers and baggage tags, cast off by some weary traveller, when I first laid eyes on it just over a month ago.snip

the paper - actually a flimsy piece of card - was a discarded British Airways boarding-pass stub, the small section of the pass displaying your name and seat number. The stub you probably throw away as soon as you leave your flight.

snip

If the expert was right, this stub would enable me to access Broer's personal information, including his passport number, date of birth and nationality. It would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.

[cinives]

Big brother marches on...

[theDentist]

Rule of thumb: If it has your name on it, SS #, a cred card #, address, then it gies into the shredder, then the fireplace.

[cinives]

In this case, the stub only had the frequent flier club number on it - and the number wasn't password protected. In other words, numbers you think don't have much significance very well may.

[the_Watchman]

This article goes on and on about data collection stipulated by the government, but the example given was enabled because British Air didn't require a password to access some person's frequent flier account.

[Antonello]

This article goes on and on about data collection stipulated by the government, but the example given was enabled because British Air didn't require a password to access some person's frequent flier account.

But then the article led up to the very real fear of what happens when that database gets moved onto passports and ID cards with RFID transponders. There's more to this story than concern over an airline website not requiring a password - it just highlights that the people that want to collect the data are more interested in disseminating it than securing it.

[Publius6961]

but the example given was enabled because British Air didn't require a password to access some person's frequent flier account.

The airlines that I use do require passwords, rendering the whole article useless...

[cinives]

Unless you think passwords of frequent flier clubs are unguessable or uncrackable even if you have the account number ...

The article has as much to say about how personal data is becoming ever more linked, even in areas in which you think there's no tie.

[manwiththehands]

A national ID card would solve all this, right?

(/sarc)

[B4Ranch]

"the people that want to collect the data are more interested in disseminating it than securing it."

BINGO We have a winner!

[ravingnutter]

That's easy to get past...if I were a crook, I would just call Customer Service and tell them I forgot the password or even better, tell them that my supervisor (you) asked me to contact them regarding that reservation. I do travel for our office, you'd be surprised how extremely easy it is to get past Customer Service.