C.J.: A scary talk about security breaches with the subject of the movie 'Catch Me If You Can'

A talk with Frank Abagnale Jr. makes you long for the days your money was under a mattress earning no interest.

Happy Sunday after Black Friday, everyone!

Abagnale was the subject of the 2002 Steven Spielberg-directed movie, "Catch Me If You Can," starring Leonardo DiCaprio and Tom Hanks. It told the fascinating story of Abagnale posing as an airline pilot, attorney and doctor between the ages of 16 and 21, during which he cashed $2.5 million in fraudulent checks — checks he created — all over the world. The story is told from the perspective of the FBI agent who tracked him down, played by Hanks. After doing some time, Abagnale went to work for the FBI. The FBI job led to a career as a fraud prevention specialist working with law enforcement, corporations and financial institutions.

Abagnale was recently in Mankato at Verizon Wireless Center as part of the "Storytellers" series, presented by the Traverse des Sioux Library Cooperative and funded by Minnesota's Arts and Cultural Heritage Fund. I talked to Abagnale via phone, with the help of the library cooperative's legacy coordinator, Jessica Kreutter.

Abagnale's style is charmingly arresting. Much of what he had to say about the technology and computers filled with data about us was just plain disturbing. He doesn't apparently believe in online banking, debit cards, and as for taking a photo of a check for deposit …

Here's hoping the good U.S. computer experts can stay ahead of cyber criminals throughout the world trying to steal our money.

Q: If you have one piece of advice for Target, what would it be?

I have to believe if someone goes to Home Depot and [it] had malware in [its] system for six months and someone wanted to remodel their kitchen and the salesman says By the way, do you want to finance your project because we have 2 percent interest and we can finance it for six months to a year? [A customer says] Of course. So they sit down on the same computer they swiped the card on, entering all that data to do a credit background. They've got their name, address, where they're employed, their salary, their Social Security number, their date of birth. That's the information that concerns me. When there's credit card data they have to get rid of it very quickly on the black market because it doesn't have a long life expectancy. But if I steal your name, your Social Security number and your date of birth — [a theft] of that type of information is not going to show up for three years because the criminals, Russian gangs who steal that mass data are going to hold that data, what we call warehousing. So three years later, somebody says, "Somebody stole my identity, it must have happened when I went to the drugstore yesterday." But it could have been three years ago when you were at Target. People don't realize that.

Q: Will authorities ever get ahead of those bent on stealing identities?

A: No. Here's the problem. A lot of breaches you see come out of Russia. Young individuals who develop malware are basically Russian mafia, Russian gangs and those are $20 billion-a-year businesses. So they have tremendous resources; not so much is the Russian government behind them but the Russian government doesn't do anything about them. When these things occur we don't have a lot of relationships, especially now with the Russian government. Crime has become so global over the last 15-20 years, people are committing these crime from China, North Korea, Russia, Nigeria. We don't have the ability to go over there and arrest them or go over there and investigate. Because it's so global it's difficult to enforce, very unlikely when people have their identity stolen that they are going to catch and prosecute anybody.

Q: Which of the personas you adopted was your favorite?

A: Probably the airline pilot because I was 16 years old and got to fly all over the world. Beautiful girls and beautiful places. Of all the things I did, that probably was the one I liked the most.

A: Oh, absolutely. What I did 50 years ago as a teenage boy is now 4,000 times easier to do today just because technology breeds crime. It always has and always will. There will always be people using technology in self-serving ways. For example, for me to make up checks 50 years ago I used a Heidelberg printing press. There were color separations, there were negatives, there were plates, there was typesetting. Today one just opens a laptop and picks a victim, goes to that corporate website, captures that logo, prints it in color on the face of a check with a nice background. In 15 minutes they can go down to Office Depot, buy some security paper, put it in an inkjet printer and print beautiful checks. And that's the same way with ID and identification. I'm always amazed when I go to an airport and people who work at the airport just go through, just flash their badge. I mean, any idiot came make up one of those badges. Nobody really looks at them very closely, they flash them and go right on through security.

Q: In the movie, what was the greatest stretch of the truth?

A: I thought they stayed very close to the story. With Steven Spielberg, he was very careful to be as accurate as he could. He went out and found the three FBI agents who chased me. They were retired and in their 70s. He brought them on the set, so he used them basically as his advisers. As he's pointed out many times, he told the story from their point of view, not my point of view. When I watch the movie, the only thing I found that was inaccurate was in real life I had two brothers and a sister. He portrayed me as an only child. In real life my mother never remarried. In the movie he had her remarried with a little girl in the window at Christmastime. That didn't exist. In real life I escaped off the airplane but I escape off the service door, that kitchen galley where they bring the food on; in the movie they had me escape through the toilet. In real life I never saw my father once I ran away. In the movie they kept having me go back to see my father, played by Christopher Walken. They only thing I ever did was send postcards to my parents to let them know I was well. They had no way of writing back to me, nor did they exactly know where I was.

Q: What in your opinion is the best combination of letters and numbers for a password?

A: This is what's so amazing. When we looked at the Rock Tenn breach which occurred a couple of years ago, that was 250,000 passwords. We got to see what the passwords of those customers were. The most popular, thousands and thousands, were 1 2 3 4 5. [Another] popular password was the word "password." This the problem, if I breach into a bank and I have thousands and thousands of accounts. All I have to do is say, "Let's try the word 'password' and see how many people have that on their account." You're going to get into thousands of accounts. I always tell people you want to do a mixture of letters and numbers and you want do something no one would know about. You don't put in your birth date, address, mother's maiden name — something someone can easily Google. If you were a child and you visited an island off Maine on vacation and you remember the name of that island and it had an unusual name, you might want to use that island with a set of numbers following it so there's nothing anyone could ever find out on Google, like your pet's name. And if they tell you there's been a breach, you absolutely want to change your password.

A: I don't do online banking. Every form of payment has some risk associated with it. The only payment in the world that has no risk whatsoever with it is your credit card. That's why I don't have a debit card. I keep all my money in a money-market account. It sits there and earns interest. It's never exposed to anyone. I go to the dry cleaner and use my credit card. I get on a plane, I use my credit card. If somebody steals my number and charges $1 million by federal law my liability is zero. What I found happened during Target, Home Depot, all these breaches, I had people e-mail me, "Well, I had a debit card but my bank's telling me they're investigating and I may not get my money for a couple of months; this is MY money. I have to pay my rent, I have to pay tuition, car note." Everybody with a credit card says, "Oh, they canceled my credit card; I got [a new one] in five days or they overnighted it to me." So the safest form of payment you can use is a credit card.

Q: So you do not use a debit card?

A: No, I don't use a debit card. And when you use a credit card and pay your bill every month, your credit score goes up. Obviously, you want to have a good credit score. When you use a debit card, you do nothing for your credit. Unfortunately, a lot of young people like to waive security for the purpose of convenience, so they use a debit card. They go to college for four years, they use their debit card. They get a job in Minneapolis, they go look for an apartment to rent, they fill out the application, the landlord says: You have no credit. You're going to have to get your parents to cosign the lease. I gave my children a supplemental card off my credit card when they went off to college. So while they were away at college using that card, in their name, I could look at the bill every month and see how they were spending their money. Every month I paid the bill it went on their credit. By the time they got out of college they had a credit score in the 700 or 800s. They could buy their own car, rent their own house, rent their own apartment. So I tell parents one of the better things you can do for your children is give them a supplemental card off your credit card. They learn to use credit wisely and they build credit in their own name.

Q: Have you ever used this new technology that allows you to deposit a check by taking a photo of it?

A: That's a ridiculous technology, for this reason. You give me a check for $500. I snap a picture of it and deposit it in my bank. Then I take that same check and I turn around and go cash it. Now I've got $1,000. Again, a lot of these technologies people develop they don't think them through. The marketing people at banks develop these technologies and don't think: How can this be misused? I remember one [incident] where a guy closed on his house. They gave him a check for $530,000 at the closing. So he said to the young lady who was doing the closing, "Would you mind getting me a glass of water?" When she went to get the water he put the check on his iPhone, scanned it, deposited it into his account. She came back in two minutes and he said, "You know what, I feel funny carrying a check around for this amount of money. Let me just give you this check back and can you just wire me $530,000?" Convenience can manipulate the system and things come out like that.

A: What I do, again, is use my credit card. I am not accessing my money. Now they may charge me $3 to do that but I don't mind. I travel all over the world. So I'm not going up to an ATM and accessing my own bank account so someone else can get my bank information and access my own bank account with my money in it. I'm using Visa or MasterCard so if they steal somebody's money it's Visa's or MasterCard's money. So the people who went into Target and used a Visa card or American Express or MasterCard, Discover card and they got their number, it didn't cost them any money. They didn't have any access to their [bank] accounts. People who had a debit card, they actually got into their bank accounts and stole their own personal money.

Q: Do you get any looks from the TSA agents when they see your name?

A: I'm very lucky. Most people don't recognize me but they know my name. TSA people rarely recognize my name, ironically, and they are the security people. It's usually the people in the airlines, like the flight attendants and the pilots — [who] get a passenger list. A lot of times they see my name and know who I am. If I check into a hotel, a lot of times, they know who I am. I've never had a TSA guy say, "Hey, are you that guy in the movie?" So I don't know how well they are looking at the name or they just don't know.

Q: Now, how do I know this is really Frank Abagnale on the line?

A: [Laughter] I guess you never really know. That's what makes it sort of mysterious. Naw, I'm here. This is the real Frank Abagnale.