Do you know what your credit card number or your NIE or DNI number is worth on the black market?   You may be surprised to learn that the going rate is about 6 cents per credit card number rising to up to 1000 US dollars for PIN numbers that provide access to bank accounts, and that each number may be sold on up to 10,000 times among identity thieves that lurk on the internet.

The practice of trawling for identities on the internet goes by the name of “phishing”.  This can occur either by hiding software in internet web pages to steal information saved in computers, or enterprising but crooked web-designers may create dummy pages that look legitimate so as to inveigle computer users to provide crucial information directly.

 A study by software company Symantec has revealed that such pages can be rented out by crooks for a fee of 40 US dollars a week plus a “commission” of between 8% and 50% of the amounts stolen in this way.

This black market has bucked the trend of the global economic crisis, especially as robbery over the internet carries less inherent personal risk for the fraudster.

In Spain your most valuable piece of personal information is your DNI card or NIE number.  With this a criminal can steal your identity to pass themselves off as you to government and commercial organizations, obtain your personal and financial information, open bank accounts, obtain credit, etc.  If your number gets into the wrong hands even applying for a new number may not solve resolve the problem.  You should only reveal this number when it is absolutely essential and not use it simply as a password for your bank account, car insurance policy, or “I tunes” account.

The majority of victims do not realize that they have been the victim of identity theft until they attempt to apply for credit, take out insurance, or apply for a new mobile phone, or draw money out of their bank account and find it has been emptied, or even attempt to give notice to the Registro Civil when they want to get married!

Apart from taking the personal steps to protect yourself, your computer, and your valuable personal information what are your rights as a consumer under Spanish Law should you find yourself the victim of identity theft and fraud?

Firstly, Art. 6 paragraph 4 of the Spanish Civil Code states that the use of fraud invalidates any act, and this would apply to both transactions carried out “face to face”, over the telephone, or electronic transactions at a distance.  

Secondly, under Articles 386 and 387 of the Spanish Penal Code, cloning or copying credit or debit cards is treated as equivalent to counterfeiting and subject to severe penalties.   A transaction carried out with a cloned or copied card is by definition fraudulent.

This leads on to the third consideration relating to the provision of credit and other services such as credit and insurance.   Article 12 of law 22/2007 which deals with the provision of financial services  states that the fraudulent use of a card renders the transaction null and void and the card-holder can demand the immediate cancelation of any charge made to their account.  Article 17 of this law states that it is for the person or company providing the credit or other service to prove that the consumer genuinely entered into the transaction.

None of these provisions relieves us of the duty to safeguard our personal information:  if we keep our bank or credit card and PIN numbers together and they are lost or stolen and misused we are responsible for any loss and cannot seek compensation from our bank or credit card company.

If your believe that your DNI card or NIE number is lost or stolen you must report the theft or loss immediately to the nearest police station.  This will then absolve you of any personal responsibility if it is misused later, and you will be issued with a new number.  

Regularly change the PIN numbers for your bank and credit cards, and if the cards are lost or stolen report it immediately.  Check your bank and credit card accounts frequently to watch for any suspicious transactions which might have been carried out by those who have cloned your card or by “phishermen” on the internet.  Finally, if shopping on-line only use known and secure websites which can be indicated by “https” in the address bar rather than just “http”.