Your Information is for Sale!
With the recent IRS related fraud issues (IRS imposters, and IRS security issues) I have been thinking and reading more about fraud, identity theft, and methods of protecting clients from such problems.
Identity theft occurs when someone uses your name, Social Security Number, date of birth, or other identifying information, without permission, to commit fraud. For example, someone may have committed identity theft by using your personal information to open a credit card account or get a loan in your name.
Last Sunday on 60 Minutes, the program highlighted the problems at the IRS which allowed countless criminals to participate in identity tax refund fraud, thereby collecting (at least) $5.2 billion dollars in unrecoverable tax dollars. Per Steve Kroft, "Proving once again what every con man already knows: there is no underestimating the general dysfunction and incompetence of government bureaucracy." The IRS commissioner seemed to blame the outdated systems that the IRS is built upon.
Just in the last year, the Office of Personnel Management (twice), JP Morgan Chase, and Home Depot have also had well publicized data breaches. However, these were just the big ones. Worse, the Identify Theft Resource Centerreports that in 2014 there were actually 783 major data breaches. See the following link for an outstanding visual of major data breaches over time: VISUAL
It also may not be the major breaches that get you. As mentioned on 60 Minutes, con artists buy patient names from office workers in small dental offices (and likely other similar small offices) with access to very sensitive information.
So, it is obvious that our information is not safe, and worse, that it is already for sale! Therefore, since our information is already out there, what can we do to protect ourselves? Most of the following tips come from eitherKrebsOnSecurity website or ConsumerReports:
- Place a security freeze on your credit file at all of the credit reporting agencies (Equifax, Experian, Innovis andTrans Union). A security freeze stops anyone from obtaining credit information from the agencies, thereby stopping banks from opening accounts in your name by fraudsters. They may still try to open credit accounts, but won't be successful since the bank can't obtain any credit information. Once frozen, you can apply for credit by lifting the freeze for any desired credit reporting agency using a PIN number provided by each agency. There is generally a fee of $0-$20 (based upon age, or if you are a victim) to place a credit freeze. This must be done for each individual (you and your spouse) for ALL credit reporting agencies. If you don't open credit accounts frequently, this may be a relatively easy method of helping to prevent identity theft and the corresponding challenge of cleaning up the mess. To learn more, go to the following link:
Krebs: Embrace the Credit Freeze Article
- Fraud alerts (which are similar to a security freeze) can be placed (at no cost) on your credit file with each credit agency, but only last 90 days until they need to be renewed. Therefore, this is not a viable long-term protective solution. Consider a security freeze instead.
- In addition to placing an "alert" on your credit file, you can also do the same with ChexSystems. Banks rely on data from ChexSystems when opening checking or savings accounts, just as banks rely on the credit bureaus when opening credit accounts. This can prevent savings/checking accounts from being opened without your consent. Naturally, as with a credit freeze/alert, this will delay your ability to open accounts yourself. You can learn more at the following link:
ChexSystems Security Alert Info
- The credit monitoring services are not terribly valuable unless you have been a recent victim of identity theft, or don't have time to monitor your credit file yourself.
- Monitor your own credit report from each bureau at www.annualcreditreport.com. I use Credit Karma to do so. Monitoring your report is one of the best ways to spot signs of identity theft, such as errors and suspicious activity and accounts or addresses you don't recognize.
- Another great way to spot suspicious activity quickly is to set up alerts (online) with your credit card accounts that will text or email you in the event the account is being used without the card being present, or if the card is being used overseas. I was able to do this with both my American Express and Mastercard.
- Opt out of all unsolicited credit card or insurance offers for the next seven years by going towww.optoutprescreen.com or calling 888-5OPT-OUT. This stops crooks from stealing valuable information from your mailbox, and stops a flood of irritating mail. This is free.
- Young children's names and Social Security numbers are also out there (schools/doctors) and may also be stolen and used. Therefore, as your child gets close to age 16, it is a good idea to check whether they have a credit report (which may be a sure sign of fraud), so that it can be cleared up prior to their need for a job.
- When sending any personal confidential information to Mallard Advisors, use our secure ShareFile link(located in every email from us).
- Shred all personal confidential information.
- Are you on Medicare? If so, your Social Security number is on your Medicare card and may be in your wallet. This is a problem in the event of a lost wallet! My father gets around this by carrying a photocopy of his Medicare card, but with the first six digits of the card blacked out. If the doctor's office wants the first six digits, he gives it to them verbally.
- Be suspicious when providing any personal identifying information over the phone or internet.
- Change your password (make them strong), e-mail address, and usernames regularly.
- Monitor your on-line accounts. I use mint.com to monitor all my accounts in real time from one website.
- Use anti-virus, anti-spyware/malware, and a firewall on all computerized devices.
- If an organization other than a financial institution, utility company or employer asks for your Social Security number, ask whether you can provide only the last four digits or an alternate form of identification.
- If you have an account with a company that has a breach, change your password immediately. If you use that same password for other accounts, update those accounts too. Also delete any stored credit card information from these online accounts.
- If you receive a notification letter from a breached company, follow any instructions for securing your identity (such as signing up for free credit monitoring service) and stay on alert for the signs of identity theft.
If any readers have any other suggestions, please pass them along!