It’s said that only death and taxes are inevitable, but scammers are doing everything they can to put identity theft on the exclusive list. With the latest JP Morgan security breach, on top of the Target incident earlier this year, more than 200 million personal records have been compromised. As long as we exist, transact, and communicate in today’s world, no one is immune to the devastating financial and personal consequences of identity theft.
So how should you deal with the constant risk of having your personal information fall into the wrong hands? And once you suspect or know that your information has been hacked, what can you do, both immediately and in the future?
Your first step is to think through every situation or event where your information can be seen or heard and who is doing the seeing or hearing. Once you understand your exposure, you can do what’s necessary to limit it.
At Home: If you keep important financial information in hard copy form, and have frequent visitors or guests to your home, consider investing in a small storage safe or safety deposit box. For information you do not want to keep, make sure it is thoroughly shredded before it is put in the trash. Use a locked mailbox.
Out in the Marketplace: Be selective about the ATMs you use. Avoid ATMs at convenience stores, and be particularly careful when you use a debit card at self-serve gas pumps. These access points are popular locations for skimming attacks. Only carry necessary identification and one credit card. If you use checks, do not have your phone or Social Security numbers printed on them. And when asked for a Social Security number on a form, do not automatically supply it. Ask why this is necessary. In many cases it’s not.
Online Entry or Access to Information: A recent blog by Jennifer Lane, CFP® in this site’s Experts’ Corner covers the most important measures for keeping information safe online, such as hiding your IP address and creating strong, unique passwords for every online account. Security experts recommend a minimum of 14 characters for creating a secure password. Even an eight-character code can be broken by a professional hacker in just minutes.
Private Data over Public Web: Avoid accessing any important personal information on public Wi-Fi sites, such as those you find at Starbucks, hotels or restaurants. Your phone should be treated like your computer: password protect it, too.
Email: When sending and receiving files with sensitive information, consider using a cloud storage provider to hold the files rather than attaching them to the email. When you get an email from an unknown source, never open an attached file or click on an embedded icon. And even when you think you know (and trust) the source, think again. It is now common to get fraudulent emails seeming to be from household name businesses like UPS, PayPal or Apple. One give-away can be poor grammar or spelling. (You can be certain, for example, that the monolithic Apple Computer doesn’t make the mistake of sending emails out from “Appel”, as was the case in a recent email I received.) Finally, no matter how urgent that IRS email appears to be, you should know that the IRS NEVER uses email to communicate with taxpayers.
Detecting and Responding to Identity Theft
Identity theft is generally a silent and invisible crime. Unlike a house break-in or a hit-and-run where the evidence is generally abundant and immediate, most of us have no idea when we’ve been struck by an identity thief. Even in the sensational cases of a huge database compromise, customers are not necessarily told that they have been affected, at least not immediately. It takes time for major firms targeted by hackers to assess the situation, and to determine how many of its customers are affected, and how severely.
We must be our own detectives, constantly on the watch for this crime. This means paying regular and frequent attention to a variety of key statements and reports.
Be sure to review bank and credit card statements when received to detect erroneous debits or charges.
After seeing a medical provider, check the ensuing Explanation of Benefits (EOB) for any discrepancies in services, insurance coverage, and charges.
Don’t just file and forget those annual Social Security statements: if they show larger earnings than you in fact received, it may be that someone is using your Social Security number.
Of utmost importance is requesting your credit reports from the three major credit bureaus, ideally every four months, but at very least annually. Go to annualcreditreport.com where you can get a free report from each bureau once a year. Every four months, you can request a different agency’s report at no charge. Be on the lookout for suspicious activity on these reports, and contact the credit bureaus immediately.
If your identity has been hacked and financial damage has been done or could be, place a fraud alert and credit freeze with any one of the three credit bureaus. Once you have notified one bureau, it is obligated to inform the other two. You should also direct all asset custodians (banks, credit unions, brokerage and credit card providers) to freeze your accounts. Make sure you are aware of how long the alert or freeze stays in effect, in case you need to renew it.
The Federal Trade Commission should definitely be your go-to federal agency when identity fraud occurs. The website offers step-by-step advice, such as what you should do the minute you realize you have been victimized.
Finally, a frequent question from consumers regarding preventing and detecting identity fraud is whether it makes sense to pay for an ongoing monitoring service that takes care of most of the steps mentioned here. Though most credit cards insure against fraudulent charges, these services are relatively inexpensive. At approximately $100 - $300 per year, they are worth considering if you have many accounts and credit lines, your financial exposure due to identity theft is large, and/or you do not monitor these accounts on a regular basis.
Remaining vigilant and knowing how to effectively respond when your assets have been compromised is absolutely key to having healthy finances. Enlist the help of a CFP® professional who can help you protect your assets from this type of crime and help you pick up the financial pieces if your information falls into the wrong hands.