Image: Credit card © Mike Kemp, Getty Images(Image: Credit card © Mike Kemp, Getty Images)

Related topics: identity theft, financial privacy, credit card, banks, fraud

We've all heard the standard tips about preventing identity theft and credit card fraud. But what would a real identity thief tell you if he had the chance? Dan DeFelippi, who was convicted of credit-card fraud and ID theft in 2004, says simply this: You can't be too careful.

DeFelippi, 29, mostly made fake credit cards with real credit card information he bought online. "I would make fake IDs to go with them, and then I'd buy laptops or other expensive items in the store and sell them on eBay," he says. DeFelippi was also involved in several other scams, including phishing schemes that exploited AOL and PayPal customers. Committing credit card fraud is still "ridiculously easy to do," he says. "Anyone with a computer and $100 could start making money tomorrow."

After his conviction, DeFelippi faced eight years in prison, but under a plea deal he agreed to perform community service and pay back more than $200,000 in restitution. He also worked for the U.S. Secret Service, helping infiltrate the online underground and training agents in the latest fraud techniques. His help led to the arrests of as many as 15 people over two years. Today, he's a Web developer at a graphic design company in Rochester, N.Y. He agreed to take an hour with CreditCards.com to share his story and his top tips on how to protect yourself.

Q: How did you get started?

A: When I was in middle school and high school, I was into what I would call innocent hacking. I wasn't trying to be malicious or make money. I was just interested to see what I could do. In college, I started selling fake IDs to make a little extra money. I was pretty active in online chat rooms where people would talk about this stuff, and I began to realize there was a whole world of credit card fraud where I could make a lot of money with very little effort. From there, it was just a huge downward spiral.

Q: You said you bought credit card data online. Tell me about that.

A: Every credit card has magnetic stripe on the back with data on it. There are people out there who hack into computers where that data is being stored. There are also people like waitresses and waiters with handheld skimmers who steal the data that way. Then they sell the data online. I'd pay $10 to $50 for the information from one card. Then I'd use an encoder to put that data on a fake card, go into a store and purchase stuff.

Q: Do identity thieves like some credit cards better than others?

A: Well, a lot of American Express cards have no set limit, so you'd be able to buy a lot more. However, the downside is that a lot of merchants require more security for American Express than for other cards. They may ask you to enter the four-digit code on the front of the card or your ZIP code. That information usually isn't in the magnetic stripe information. So if a card is skimmed, if someone has its magnetic stripe information, they would still need the number on the front or your ZIP code to commit fraud.

Q: What about debit cards?

A: I always recommend against them. With debit cards, it's your real money in your bank account you're playing with. So if someone gets your debit card information and uses it, your cash is gone until you fill out a lot of paperwork and persuade the bank to give it back to you. Credit cards are much better at protecting you against fraud. And if you're worried about debt, you can always pay them off every month.