Free Money Finance

Here's a guest post from IdentityTruth.

With Black Friday and Cyber Monday fast approaching, consumers are entering into the most active spending period of the year. Reinforced by the soft economy, this is "high season" for identity theft with identity thieves seeking to take advantage of shoppers. Identity theft generally rises during the holidays because thieves assume that consumers aren't paying attention to their credit card purchases, debit card purchases, receipts etc. as closely.

IdentityTruth, the leading provider of a new breed of services to help consumers safeguard their privacy and identity, is offering basic tips to help consumers avoid putting their identity at risk during the 2008 holiday season. In addition to watching budgets this season, consumers also need to be vigilant in the face of possible identity theft.

• Use credit cards instead of debit cards:  Under the Fair Credit Billing Act, Credit Cards provide consumers protection again fraudulent charges and your liability is limited to $50. You also have the right to dispute charges and withhold payment during investigation. However, debit cards are entirely different.  Although they market themselves to deliver the same protection, they are not required to by any law.  Bottom line, your liability for fraudulent charges is the entire amount in your checking account as well as the credit line you have been authorized to receive.

• Use a single credit card to consolidate your purchasing: The more credit cards open in your name, the greater the risk that a thief will obtain the account information for one (never mind that having numerous cards with big lines of credit can be a bad temptation and can actually drag down your credit score--even if you don't have balances). It's also easier to monitor a single statement for signs of fraud, and you won't incur the annual fees associated with having multiple cards. Make sure to cross-check all your receipts against your statements to see that they match.

• Be sure to write "SEE ID" on the back of credit cards: This simple step can help to foil thieves if the card is lost or stolen, and might even help to catch the thief if your card is taken.

• Shop on secure sites and be wary!:  While the majority of identity fraud occurs offline, identity theft is also a problem online. You must exercise caution when shopping on the web. Stick to sites that you know are legitimate, and if you are trying a new site for the first time, here are a few things to look for: the URL should have "https" in the shopping cart; there should be a lock icon on the bottom right hand side of the window and look for icons that indicate site safety (the Better Business Bureau, VeriSign and Hacker Safe icons).

• Watch out for "phishing" and "vishing" scams: These scams can be a real problem, as identity thieves try to play on people's generosity during the holiday season. Phishing emails often take the forms of requests purporting to be from a bank or credit card company; they ask you to "verify" account information such as login and password or they request a donation or assistance for the less fortunate during the holidays. Vishing scams--which involve fraudulent calls—seek to exploit consumer concerns over fraud by seeming to offer fraud prevention assistance. The bottom line: no legitimate vendor will ask for your login and password via email or on the phone.

• Be careful when using ATMs: Only use ATMs with monitoring cameras, such as those in bank lobbies. Avoid kiosk ATMs, those freestanding units often do not have cameras and are statistically more likely to be infected by skimmers (electronic devices that allow thieves to record account and PIN numbers). "Shoulder Surfing" can also be a problem at a crowded mall. While you assume that the man behind you is uncomfortably close because of mall crowding, he may actually be looking over your shoulder trying to get your login.

• Place fraud alerts to prevent new credit card accounts from being opened: Free fraud alerts placed on your credit report are good for 90 days (if you can demonstrate that you've been an identity theft victim, they can be set for 7 years) and, in combination with other proactive measures, can be used to help to prevent identity theft.

Here's a comment someone recently left on my post (over a year old now) titled Mvelopes Backs Up Its Product:

Just wondering about the security of Mvelopes. It asks for ALL financial institutions plus password, which obviously, I understand they need to make this work. But, concerned that my information might get into the wrong hands.

I've had many people leave positive comments about Mvelopes (including Quicken users) but this comment brings up a good point -- is your online data truly safe?

If you ask any service like Mvelopes, they'll assure you that your data is 100% safe and can't be stolen. But isn't that what all the banks, credit card companies, retailers, and the like tell us? And how often do we hear of another million names/data stolen? Almost daily, isn't it?

Personally, I don't use online services for just this reason -- too much vital information in one spot is just too risky for me.

How about you? Are you fine with having vital financial information online? Anyone ever been a victim when one of these sorts of services has been hacked or compromised in some sort?

The Simple Dollar just posted three tips on what to do if you lose your wallet as follows:

Tip #1: You can take preventative action right now to make the loss of a wallet easier. Just clean out your wallet down to the bare minimum, then photocopy or scan both sides of everything in your wallet. This will help you to easily remember everything that was misplaced and easily deal with the consequences of card cancellation and replacement.

Tip #2: Carry minimal identification in your wallet as a preventative measure. Try to avoid having your Social Security number in there if at all possible, as that will make identity theft much easier if you were to lose it. You’ll probably have a driver’s license in there, but make sure that it doesn’t include your SSN and has only minimal identifying information on it.

Tip #3: Keep your wallet clean. The “Costanza wallet,” overstuffed with receipts and notes and junk, is a personal security concern. Get rid of all of the junk you don’t use regularly - your wallet is not your briefcase.

I follow these rules except for the photocopying (which I need to do.) Here's what's in my "wallet" (which is really a money clip with a slot to hold four credit-card-size cards):

• Cash -- usually have between $60 and $100 on me since it's assumed in my family that I'm the bank
• Costco membership card
• Driver's license
• Blue Cash from American Express card
• Chase Freedom Cash Visa Card

That's it. So if I ever lost it, there would be a minimum amount of damage.

My wife's purse is another matter completely. I think there are things from the '70s in there (I'm afraid to look), so who knows what we'd lose. I need to ask her to clean it out for safety's sake.

Imagine that your laptop computer is stolen. Think it has anything of use on it to identity thieves? Yeah, probably -- like EVERYTHING!!!!! So, what should you do if your computer is taken? Here's what Yahoo suggests:

• Change every password you can think of. If you have a copy of your bookmarks file (hopefully you've made a backup), go through and systematically change every login password on the list. Remember it's not just banks and email accounts that will need the update, but also shopping sites like eBay and Amazon.com and even social networking sites, too.

• Cancel and replace your credit cards, at least any that you've ever used online.

• Add a fraud alert message to your credit report, which can help protect you in case someone tries to open a new account under your name.

• File a police report and get a copy of it (critical if you're filing an insurance claim).

• Keep an eye on Craigslist and eBay for your laptop. You'd be shocked how many stolen laptops are unloaded here, and often very quickly.

I don't have a home laptop, but I have a work one. I take it with me when I travel, and while I'm not a freak about it, I do keep it close at all times while traveling from one place to another. If it was ever stolen, my goose would be cooked!

For more thoughts on identity theft, see these links:

• How to Keep Your Child's Identity Safe

• Keep Identity Thieves at Bay during the 2008 Tax Season

• A Consumer’s Guide to ID Theft Awareness and Avoidance

Here's a guest post from Family Secure, a service from Experian that alerts parents of key changes in their credit file and their children’s that could be a sign of identity theft.  The product has a $2 million guarantee. They had asked me to review their site and instead I asked them to provide a guest post that would tell Free Money Finance readers what they should do about protecting their child from identity theft. Here's what they had to say:

Identity theft has become an increasingly common problem in the last few years.  A recent survey conducted last year by the Federal Trade Commission reported that there were 8.3 million victims of identity theft in 2005.

What many people do not know is that child identity theft – stealing a minor’s personal information and establishing lines of credit in his/her name – is also increasing at an alarming rate.  Some sources estimate that up to 500,000 children per year become victims of identity theft. In many instances, parents and children don’t realize that the child’s identity has been stolen until he or she applies for credit much later in life. By this time, the child’s credit history is already tarnished. 

A 2007 Experian-Gallup poll showed that while 72 percent of the respondents felt it would be “very easy” or “somewhat easy” to steal a child’s identity, 68 percent knew “only a little” to “nothing at all” about child identity theft.

Instances of child identity theft will likely continue to grow as minors become more active online and on other information sharing platforms. Parents should consider the following precautions to help protect their children from becoming victims of identity theft.

• Educate children about the importance of keeping personal information private. Teach them to come to you should any person or organization ask for their social security number and address.

• Closely monitor a child’s online activity.  Many sites ask for personal information such as last name, address, etc., which can open the door for identity thieves. 

• Monitor the type of mail a child receives. Credit card advertisements, unexplained merchandise or collection notices could all be indications of identity theft.  Also, the more mailing lists a child’s name is on, the more exposed he or she is to identity theft. Whenever possible, sign up for items like magazine subscriptions under your own name rather than your child’s name.   

• Think twice before giving out a child’s social security number.  Giving a child’s social security number is voluntary even when directly requested. When signing children up for programs such as daycare, basketball camp, etc or filling out medical forms at a doctor’s office, parents do not need to provide social security numbers. If someone insists he needs a child’s social security number, parents can ask why the number is needed, how the number will be used, what law requires them to provide a social security number and what the consequences are if you refuse.

• Don’t give out even the last four digits of a child’s social security number. These last four numbers can be easily used to obtain the full social security number, creating numerous opportunities for a child’s identity to be stolen. 

• Do not let children carry their social security card in their wallet.  Keeping their card locked in a deposit box ensures that their social security number will not be compromised if their wallet is misplaced or stolen.

The following is a guest post from Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions.

The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why?  In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information. 

These “phishing” schemes can take a variety of forms, the most common of which involves an identity thief who calls or e-mails a consumer pretending to be an IRS employee.  The consumer is promised a sizable rebate if they file their taxes early.  All the caller needs in exchange is the consumer’s bank account number to deposit the check. 

The bad news is that schemes like the one described above are common; the good news is that falling victim to one is avoidable – as long as consumers get smart on the facts and follow the proper precautions.

Preparing Your Taxes

• Beware of phishing schemes.  The IRS never contacts consumers by e-mail or phone to request sensitive personal information (SSN, checking account information, etc.).  If you receive a phone call or e-mail that you suspect may be a “phishing” scam, file a complaint with the Anti-Phishing Working Group and contact the IRS immediately.

• Avoid shopping mall kiosks or pop-up preparers who offer to assist you with tax preparation.   Considering the amount of sensitive personal information involved in the tax preparation process, you probably don’t want to hand over your files to someone whose experience and background are unfamiliar to you.  Ask a trusted friend to introduce you to his/her tax preparer or consult a local CPA association for trustworthy members.

Filing Electronically

• Avoid using wireless networks.  Use of wireless networks means your data is being transmitted over open airwaves, similar to a radio transmission. If not properly secured, data can easily be picked up by an uninvited party.

• Don't prepare your taxes on a public computer.  Public computers can contain “keylogger” spyware, which records every keystroke including passwords and account information.  Keyloggers make it possible for an identity thief to steal any information entered into the computer during your session.  Preparing your taxes on a public computer also increases your vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe what you are doing and, more importantly, collect the sensitive data you’re entering. 

• Only keep a record of your tax claims as long as necessary.  Thieves can't steal what you don't have. Purge the data once the need for it has expired. Suggested guidelines for individual recordkeeping are available online through the IRS.

Filing by Mail 

• Don't put your completed claim in an unlocked mailbox for pick-up.  Instead, deposit outgoing mail at a post office. 

• Take it one step further and opt for delivery tracking.  That way you can be certain that your information has gotten to the IRS safely.

• Waiting for your tax rebate? Promptly remove mail from your mailbox after delivery.  The longer your mail sits in an unsecured mailbox, the greater your chances of it falling into the wrong hands. 

• You may also choose to have the IRS deposit your tax rebate directly into your bank account, further minimizing the risk of theft.

The following appears courtesy of Kroll Fraud Solutions.

The FTC estimates that as many as nine million Americans have their identities stolen each year, so chances are high that you or someone you know has fallen victim to what has become one of America’s fastest-growing crimes.  While there are no guarantees as far as prevention, there are certain steps every consumer can and should be taking – before and after the fact – to greatly reduce their potential risk. 

ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, has unique frontline experience helping today’s businesses and consumers safeguard against and respond to data breaches.   

Below he offers some important advice that every consumer should know about protecting themselves from the damages of fraud.   At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators specializing in supporting breach victims and restoring individuals' identities to pre-theft status. 

1. Beware the word ‘prevent.’ No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information. 

2. There are no ‘guarantees.’  This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.

3. Watch for ‘shoulder surfers’ and ‘skimmers.’ Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.

4. Keep your Social Security card safe at home. Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.

5. Destroy before you dump that old computer. Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details. Our company is often called upon to recover data from an erased or damaged drive; we’re very good at it – and so are some professional thieves.

6. Choose ‘forget me’ instead of ‘remember me.’  How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.

7. Don’t rely on fraud alerts or credit freezes alone. Fraud alerts are meant to stop an identity thief from opening new accounts in your name. Credit freezes let you restrict access to your credit report, which would also make it hard for someone else to open new accounts. But, neither one will stop a thief from trading your SPI for cash, or using it for tax fraud or in any of the countless other ways fraudsters exploit stolen identities.

8. Practice prudent posting.  Social networking sites on the internet enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property, and more. Because the Web makes it possible for any posted document to link with another, any data you put out online have the potential to stay there for what amounts to electronic eternity.

9. Keep that key. When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that the card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?

10. What’s in your wallet? Make photocopies of the personal material in your wallet: Driver’s license, credit cards, insurance cards, all of it – front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place.

Ok, maybe I'm hyper-sensitive. Then again, maybe I'm just more aware of what can happen to a person these days when it comes to credit card/identity theft. Either way, here's an interesting situation I found myself in recently.

A couple weeks ago I detailed my three-day travel nightmare courtesy (at least in part) of Midwest Airlines. Around noon on the second day when it became clear that ALL flights were canceled to almost everywhere you can imagine what happened. After all, what is the first thing you'd think of (other than "I have to spend another day in these same clothes") when you found out you weren't going anywhere until the next day? Right -- "where am I going to spend the night tonight?"

So a mad rush ensued to see who could get into the hotels first before they booked up. The hotel I had stayed in the previous night (the night Midwest put me up because it had a plane with a flat tire) was the one I wanted to stay in again for several reasons:

1. I knew it was acceptable to my taste.

2. It was close to the airport (4 minutes.) I had a 6:50 am flight the next day and I didn't want to get up too early. Plus there was a huge snowstorm going on and I didn't want to drive (or even ride in a shuttle) when a 15-minute ride under normal circumstances could be an hour or more in the weather chaos.

3. The hotel had a full-scale restaurant, so I didn't have to go outside to eat. I was in Nashville, after all, the previous day, so let's just say I wasn't dressed for a snowstorm.

4. The hotel had free wireless internet -- so at least I could get some work done while I hunkered down.

So I raced to the hotel information section of the airport and saw that my hotel charged $199 to $249 a night for rooms. Yikes! I knew that these were the "retail prices" but I wasn't sure how far they would come down -- especially in the midst of a storm. If there was ever a time to only take customers at retail price, this was it.

I called the hotel on my cell phone while others jockeyed for the courtesy phones. I asked if they had any rooms for the night and what their prices were. They said they did and linked me through to their reservations desk. Ian came on the phone and said they had rooms available for $199. Just great.  Now I was going to have to price shop in the middle of a snowstorm. Then he said, "Oh wait, I'm sorry, I mis-spoke. The rates are $99 a night." Sold! I told him I'd take one for tonight and he started to process my request.

At the end of the transaction, he said, "All I need to reserve this room is a major credit card." Yep, that's normal. What was not normal was that I'm usually not in a crowd of people reading my credit card information ALOUD for all to hear when I reserve a room. In a split second, I thought, "I'm going to have to read my credit card information out loud for all to hear in order to reserve this room. What if someone is listening and wants to steal my information?"

I glanced around. There was sufficient commotion to take most people out of the "card stealing" realm, but I saw a few people looking at me (by this time, I had my card out.) Were they just curious or looking to take my information? Is it a legitimate concern or am I taking all this way too seriously.

I didn't have much time to think about it -- Ian needed the name of my card, my number, and my expiration date. And he wasn't going to wait 10 minutes while I figured out what to do.

I decided that it was better to be safe than sorry, so here's what I did:

1. I started walking to the least crowded section of the airport. Fewer people there plus someone trying to steal my info had to be walking/following me -- they couldn't be stationary or they would miss part of it as I walked away.

2. As I was giving the number, I spoke as lowly as I could.

3. While walking/talking, I turned around a couple times (casually) so my voice was not projected in any one direction for the entire reading of the card number. It would make taking the information much more difficult.

4. I put the card away as soon as Ian had all the information.

I got the reservation completed, caught the shuttle, and was in the hotel a few minutes later. And so far, my credit card appears to be fine. ;-)

Like I said, maybe I'm just hyper-sensitive, but if nothing else, it was interesting that the issue came into my mind and did so very quickly -- and at a time that I had plenty of other things to think about.

So, what do you think? Did I react the right way? What would you have done? Would you have even thought about it?

Here are some handy tips on how to protect yourself from identity theft from USA Today:

• Monitor bank and credit card accounts regularly by phone, ATM or over the Internet.

• Reduce the amount of paper in your life. Mailboxes containing credit card bills and other sensitive financial information are prime targets for thieves. Shredding sensitive documents is a good idea, but "it's not enough just to shred," Van Dyke says. "Most criminals go to your mailbox, not your trash." His advice: Arrange for electronic delivery of bank statements and bills.

• Lighten your wallet. Nearly 40% of identity theft stems from lost or stolen wallets, checkbooks or credit cards, according to Javelin's survey of victims who know how their information was stolen. Rid your billfold of credit cards you don't use, along with other documents, such as your Social Security card, that you don't need on a regular basis.

• Secure online accounts with difficult-to-guess personal identification numbers and passwords. Keep PINs and passwords in a safe place and change them often. Update your anti-virus programs and firewalls frequently.

• Take advantage of your right to obtain free credit reports.

Here's how we handle each of these:

1. I do monitor our bank account via the web, but not our credit cards. On the cards, I reconcile them through Quicken every month to make sure what we think we have spent matches what the credit card company says we've spent.

2. We shred like fiends, only put mail in our box the day of delivery (never overnight), and we pick up our mail with an hour or two of delivery. We have a fairly active street, so it's not like someone could easily take mail without anyone noticing. That said, we may need to be a bit more aggressive in this area.

3. I carry two credit cards, my driver's license, my Costco card, and some cash. That's it.

4. What? You mean a pin of "1234" isn't good enough? ;-)

5. I get one free credit report a year. I should do at least two.

Here are some thoughts on taxes/ID security courtesy of ARA Content:

Most Americans view their tax return as a document that represents all things financial to them -- containing both personal and financial information for all household members. As the Internal Revenue Service (IRS) attempts to motivate Americans to electronically file their tax returns, the future can seem a little scary for the millions of taxpayers who have continued to prepare their tax returns manually. Of those taxpayers who have decided to take the plunge and use Web-based tax preparation software this year, many wonder, “How secure are my tax records?”

There are several things you should know to help keep your information safe as it relates to using a computer to prepare and e-file a tax return.

1. Update your computer’s virus protection software -- install patches for its operating system and software programs to defend against intruders, viruses and spyware that can compromise files and passwords. While doing this, you may even want to consider scheduling automatic virus scan updates.

2. Only store financial information on your computer that is necessary; and, protect access to your programs by using something called a “strong” password -- a combination of letters and numbers (upper and lower case) to ward off possible identity thieves. A good way to create a strong password is to come up with a memorable phrase. For example, “I ward off danger, by practicing safety first, becomes 1W0DBPSf.

3. Never use an automatic login feature to populate user name and password fields -- features such as these help thieves gain access to your personal information.

4. Use a firewall program if you use a high-speed Internet connection like cable, DSL or T-1 that leaves your computer connected to the Internet 24 hours a day. Without it, hackers can take over your computer, access the personal information stored on it, or use it for other fraudulent purposes.

5. Never open files, click on hyperlinks or download programs from people or companies you don’t know. Also, be aware that some popular file-sharing programs can make your computer vulnerable -- enabling others the ability to capture passwords and other information you type from your keyboard.

6. Prior to sharing information or making a purchase, look for indicators that the site is secure. For example, at the bottom of the data entry screen, check to make sure a lock icon appears on the browser’s status bar (usually located at the lower right-hand portion of your screen) or the URL for a Web site is displayed as “https:” (the “s” stands for secure).

7. Always type the URL of the Web site you want to visit into your browser -- don’t click on links that are sent to you. Another precaution is to click a site’s VeriSign Seal. By following these two guidelines, you can be confident you are trafficking an authentic site -- not the work of some imposter trying to deceive you into divulging your confidential passwords or other information.

Stephanie Behrends, spokesperson for 2nd Story Software, Inc., makers of the popular TaxACT tax preparation software and Web-based services advises, “Before you share any information or make a purchase online, take time to read that company’s privacy and safeguard policies. A Web site should answer questions regarding: security, how information collected will be used and maintained, if information will be shared with third parties, as well as who controls and has access to information collected by the site. If you find a site’s policies to be confusing or it fails to specify information upfront, follow-up is necessary or consider doing business online elsewhere.”

The IRS warns taxpayers to be on the lookout for fraudsters who use the agency’s name to further their schemes. If you receive an e-mail that appears to have been sent by the IRS, think again. The IRS does not ask people for PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts -- by phone or e-mail. The bottom line: The IRS does not solicit this information -- don’t share it!

So, what should you do if you suspect your identity has been stolen? Visit the Federal Trade Commission’s Web site for detailed instructions about how to handle the aftermath of identity theft.

Here are some tips for keeping your ID safe during tax season courtesy of ARA Content:

Each year consumers spend many hours preparing taxes hoping they don’t owe the government money. But what many fail to realize is that the government isn’t the only one who may collect their hard earned cash -- so may identity thieves.

In a time where one man’s trash is another man’s treasure, it’s important to ensure that the multitude of documents used to prepare taxes are appropriately stored or destroyed. In 2005, consumers lost nearly $57 billion to criminals who stole their identities. Although this statistic is alarming, there are ways to protect yourself from the crime, especially during tax season.

While it may appear easier to file everything, paper trails are still an identity thief’s dream. Recent research conducted by Fellowes, Inc., the leading shredder manufacturer; shows nearly 40 percent of Americans believe identity theft is most likely to occur through online exchanges. In reality, Internet fraud represents only nine percent of the crime. The majority of identity theft crimes occur through paper documents and stolen information, making it crucial to properly store or destroy the sensitive documents used during tax season.

“Tax season can leave consumers with mountains of paperwork, which makes them more vulnerable to identity theft," says Kristen Gehrig, director, global marketing for Fellowes, Inc. “Shredding is one of the easiest ways to ensure your information doesn’t end up in the wrong hands, but you also need to be conscious about what documents are important to keep.”

Simply knowing what needs to be filed or shredded will quickly alleviate potential problems.

• Tax returns: The IRS has three years to challenge information in your return and six years to conduct an audit based on unreported income. Keep tax returns and supporting records, like W-2s and 1099s for at least seven years.

• Investment statements for taxable accounts: Most brokerage firms and mutual fund companies send annual statements summarizing the year’s transactions. Once you have these, you should shred your monthly and/or quarterly statements.

• Bank statements: Keep statements that back up information on your tax returns for up to seven years. Other bank statements can be shredded after reviewing for errors.

• Credit card statements: Keep statements for big purchases like jewelry or large appliances. You might need them for warranties. If you put charitable contributions on your credit card, keep the statement for your tax records. Other monthly statements can be shredded once you’ve reviewed them for errors or unauthorized purchases.

• Pay stubs: While many people say to save these, it’s a huge mistake. They contain everything an identity thief needs to open an account. Keep three months of history only if you are applying for a mortgage.

• ATM receipts: Shred all receipts after you balance your bank statement.

• Canceled checks: With no significance for tax or other purposes, these should be destroyed after one year.

• Retirement plan contributions: Keep records of contributions to non-deductible individual retirement accounts, such as a Roth IRA, indefinitely. Without them, you may find yourself paying taxes again when the money is withdrawn. Some financial institutions keep records of IRA contributions, but it’s best not to count on it.

• Insurance policies, wills and other legal documents: These documents should be kept indefinitely.

For documents you need to keep, consider storing them in a safe and accessible place, such as a fireproof box that is well hidden in your home. When destroying records, it’s best to use a shredder that can slice credit cards and CDs and has confetti-cut capabilities, such as the Fellowes PS-77Cs. Confetti-cut shredders ensure that private information is reduced to small, unidentifiable pieces, making it nearly impossible for a would-be identity thief to piece the information back together.

As shredders become a necessary household product, it’s important to choose a shredder that not only protects your family’s identity, but also its safety. The Fellowes PS-77Cs alleviates shredder safety concerns with its SafeSense technology, which shuts down the shredder when it senses that hands are too close to the paper opening.

Additionally, a few more protective measures against identity theft should be taken during tax season. If you’re filing your tax returns over the Internet, make sure your computer has updated anti-virus, anti-spyware and firewall software. It is also imperative to shred all paperwork used to calculate taxes such as receipts, bank records and various forms. Finally, pay particular attention to W-2 or 1099 forms because they contain your Social Security number, which is a would-be thief’s dream. A missing form may leave you vulnerable to the crime.

For additional identity theft prevention tips and information on how long to keep financial records, visit www.IDconfidence.org or check with your tax professional.

Here's some advice courtesy of ARA Content on how to protect your identity:

The Information Age has produced extensive benefits for society. We can now shop online for everything from groceries to insurance policies. Students can instantly access a wealth of information that used to take weeks to find in the library, and banking is easier than ever. Unfortunately, criminals continue to find new ways to leverage technology, such as hacking into online databases and phishing in an effort to commit identity theft.

Chances are good that either you or someone you know has fallen victim to what is now the fastest growing crime in America. The Javelin 2006 Identity Fraud Survey Report estimates that 28.3 million, or around 13 percent of adults in the U.S., have been targeted by identity thieves in the last three years.

The National Crime Prevention Council deems the problem so significant that the focus of its Crime Prevention Month this October is “Crime Prevention in the Information Age.” Its Web site www.ncpc.org offers resources addressing identity theft and how to prevent it. You can also find useful educational materials at the Federal Trade Commission Web site, www.ftc.gov, and Equifax’s site at www.equifax.com.

One of the most important steps you can take to prevent identity theft is to protect the valuable data that criminals seek. Here are some suggestions from the resources mentioned above:

• Do not give out personal information over the phone, through the mail, or over the Internet unless you have initiated the contact. Identity thieves will pose as bank representatives, Internet service providers, and even government officials to get you to reveal identifying information.

• Guard your Social Security number. Ask to use other types of identifiers when possible, and don't carry your SSN card. Be sure to keep it in a secure place. Do not put your Social Security number on your checks.

• Minimize the identification information and the number of cards you carry. Take only what you will need.

• Safeguard personal information in your home, especially if you are having service work done in your home, employ outside help, or have a roommate.

• Protect your mail. Deposit outgoing mail in post office collection boxes or at your local post office. Promptly remove mail from your mailbox after it's delivered. If you plan to go away, contact the U.S. Postal Service and request a vacation hold.

• Shred all documents you are discarding, including pre-approved credit applications received in your name, insurance forms, bank checks and statements, and other financial information.

You can also take advantage of some high-tech ways to fight identity theft. Consider monitoring your credit file for potentially fraudulent activity by signing up for one of Equifax’s Credit Watch programs. Take steps to detect identity theft early – which helps minimize its impact – for only $4.95 a month to $12.95 a month depending on the features you select. To learn more about the tools Equifax offers to help protect people from identity theft, log on to www.equifax.com.

Here's some advice courtesy of ARA Content on what to do when your personal data is exposed and potentially stolen:

It seems like there’s a new headline every day about another stolen laptop, a hacker attack or a lost data tape. And the impact of these incidents is widespread. One organization estimates that over 91 million data records of U.S. residents have been exposed due to security breaches since February 2005.

You may have received a notification letter, in which an organization alerts you to the fact that your personal information has been exposed. After reading the letter, you may still have some questions about what it means for you and what steps you should take.

Identity theft is the most significant risk you face following a data breach, and the severity of the risk is determined by how the data is stored and what kind of data it is. When stolen data is encrypted – or stored in a scrambled fashion that requires a “key” for someone to unscramble – it is much more difficult for the criminal to access. Identity thieves can use your Social Security number, credit card numbers and bank account numbers to make purchases or to open new credit accounts. Your name, address and date of birth are also valuable pieces of information to criminals.

The safest course of action is to take precautions if you suspect that your personal data is likely to be misused. Studies have shown that acting quickly can minimize the financial impact and time to recover from identity theft. Place a fraud alert on your credit file before the criminal has a chance to apply for credit in your name. It can save you a lot of hassle down the road.

A temporary fraud alert, placed on your credit file for 90 days, lets credit grantors know that you may have been a victim of fraud and that they should take extra steps to verify your identity before extending credit in your name. To place a fraud alert on your credit file, contact one of the three national credit reporting companies:

• Equifax: (800) 525-6285
• Experian: (888) 397-3742
• TransUnion: (800) 680-7289

You will need to provide personal information for authentication purposes. The company you contact will notify the other two credit reporting companies, who will add a fraud alert to their files. Your confirmation will include instructions for requesting a copy of your credit report.

Often organizations provide assistance to their customers or employees who have been impacted by a data breach. In fact, many companies have offered their customers and employees free credit monitoring, which alerts them to key changes in their credit file. For example, the addition of a new credit account or a significant increase in the balance on an existing card might signal that an identity thief has struck. The sooner you contact creditors to alert them to any fraudulent activity, the easier it is to resolve.

When a company offers you free credit monitoring after a data breach, you will be given a promotional code and directions for online enrollment. You will need to provide identification information, including your Social Security number, for authentication purposes. If the free monitoring is provided through Equifax, you will not be asked to enter a credit card number to enroll for the free offer.

If your data has been improperly accessed but you have not been offered free credit monitoring, consider purchasing Equifax Credit Watch Gold with 3-in-1 Monitoring to protect yourself. It provides comprehensive credit file monitoring and automated alerts of key changes to your credit files at all three national credit reporting companies.

Here are some good thoughts on protecting yourself from identity theft courtesy of ARA Content:

The image of retirement and retirees has changed a lot during recent years. Today’s retirees are taking advantage of being free of day-to-day work responsibilities and enjoying the freedom to pursue their interests via travel, revisiting long-forgotten hobbies or even going back to school.

Retirees have earned the time to fulfill their dreams by working hard and planning wisely for their financial future. That is why it is so important to carefully manage your finances during retirement as well.

Protect Your Credit

When you retire, your lifestyle may change enough to warrant a big transformation such as renovating your house, buying a vacation home, RV or boat, or even downsizing to take advantage of the lower maintenance cost of a condo or townhome.

Any of these options likely would involve a loan to help pay for the project. Before you apply for that loan, check your credit report and your credit score so you’ll know where you will stand with lenders. “The better your credit score, the better the interest rate you can expect to receive from lenders,” notes Maxine Sweet, vice president of public education for Experian, a global information solutions company.

Web sites like www.experian.com give you quick and easy access to your credit report and credit score. “Even if you have an unblemished payment record with your credit card companies, it pays to check your credit report for inaccuracies that could affect your standing,” says Sweet.

Travel Tips

If your retirement plans lean more toward seeing the world than remodeling your home, you need to be a savvy traveler. Identity thieves prey on travelers, finding personal information in mail left uncollected while you’re gone, by hijacking PIN numbers or by old fashioned methods such as stealing your wallet.

In order to enjoy your travels without worrying about these matters, follow these tips.

At home:

• If you are receiving pension or social security checks, take advantage of direct deposit so checks won’t be waiting in the mail.

• If you have a trusted neighbor, friend or family member, ask them to collect your mail while you’re gone. Otherwise, have the post office suspend delivery while you’re away. “Your mail can contain information that could help identity thieves victimize you, such as your Social Security number, name, address and account numbers,” says Sweet.

• When you return from your travels, check your credit report for any unusual activity. To make checking your credit report even easier, sign up for a credit monitoring product to help protect you while at home or away. Knowing that your credit report is being monitored daily and that you will be alerted if key changes are detected gives extra peace of mind.

On the road:

• Carry only the one or two credit cards you use regularly. Keep the others either at home in a secure place, or even better, in a safety deposit box at your bank.

• Protect your PIN number when you use your bank card or credit card at ATM machines or store registers.

• Use credit or debit cards instead of cash whenever possible so that you aren’t carrying a large amount of cash with you when you travel. Remember to take all of your receipts when paying by credit card so your account information doesn’t get into the wrong hands.

These common-sense precautions will help you protect your finances so you can relax and enjoy your retirement.

For more information on learning about your credit, visit www.experian.com 

Here's a list of six ways to avoid identity theft from financial expert David Bach:

1. Keep your private information private.

2. Get a copy of your credit reports.

3. Find out if your state has a credit freeze law.

4. Check your bank statements weekly.

5. Be computer savvy.

6. Be aware of "deleted" data.

My thoughts on each of these:

1. I guard my private information like it's my life at stake (it is, after all.) I recently had a company ask for a copy of my driver's license for no reasonable reason (at least not one they could give me.) I told them I wasn't giving that out and they said they didn't need it after all.

2. I do this at least once a year -- though I should do it more often.

3. Mine does. I recently had some information "lost" by a company and had a 90-day freeze put on my reports as a precaution. Yes, you can do all you can do and then some stupid company mishandles your information.

4. I reconcile my statements monthly, but also look online regularly to make sure everything's ok.

5. It still amazes me how easily people fall for some of the traps on the web. And it amazes me how sophisticated the crooks are getting.

6. I'm going to face this problem later this year as we're looking to give away an old computer. I want to make 100% sure there's no data left on it. Can anyone say "format c:?" ;-)

Finally, the piece ends with this bit of good advice:

Don't waste a minute once you've discovered suspicious activity -- go directly to the website of the Federal Trade Commission to file a complaint and access their comprehensive guide on the steps you'll need to follow to resolve the situation.

Here's the next item I wanted to cover from Kiplinger's "The Best List". Today, we're highlighting the best way to avoid ID theft:

The Best Way to Avoid ID Theft: Fellowes P-57Cs Shredder

The most popular shredders cut paper into thin strips that a determined thief could reassemble. Your identity will be safer if you choose a "cross cut" shredder, which turns paper into unreadable confetti. Our top pick is the Fellowes P-57Cs, which showed its chops by dicing credit cards and stapled bills without jamming. We also liked the easy-empty wastebasket. And the price is right -- $60 starting this fall at OfficeMax and other retailers.

I shred religiously -- even stuff that probably doesn't need to be shredded (it doesn't hurt to be safe, does it?) To me, it's the first (and a great) defense against ID theft that's simple and not time-consuming. I think protecting my ID is certainly worth the time and effort.

For more on the topic of identity theft, see these posts:

• What to Do If Your Identity is Stolen

• How Long Does It Take to Clear Your Name if Your ID is Stolen?

• Identity Theft Statistics, Part 1, How Much Money Does the Typical Victim of Identity Theft Lose?

• 10 Ways to Stop Identity Theft Cold

Here's the next item I wanted to cover from Kiplinger's "The Best List". Today, we're highlighting the best place to report ID theft:

The Best Place to Report ID Theft: Federal Trade Commission

The FTC's ID-theft Web site offers step-by-step instructions for reporting identity theft. To keep an eye out for suspicious activity, order a free copy of your credit report from each of the three credit bureaus every year at AnnualCreditReport.com. For updates on security breaches, see the Web sites of the Privacy Rights Clearinghouse and the Identity Theft Resource Center.

I'll save you my usual rant on ID theft and how the government is ignoring this crime -- at least for this post. ;-)

But I would like to second their suggestion to check your credit report regularly to make sure you haven't been taken advantage of. I just did this last month myself (and do so at least once a year -- though I like to do it more often.) With a free credit report from the three credit reporting agencies each year, you can (and should) space them out every four months and keep a revolving check on your credit report status.

Here are two simple suggestions from Kiplinger's on what to do if your identity is stolen:

• If your personal information has been compromised because of a security breach, check your credit cards for suspicious charges.

• If your name and Social Security number are stolen, contact the three credit bureaus and put a fraud alert on your account, which requires lenders to verify your identification. Call the Federal Trade Commission's ID Theft Hotline (877-438-4338) and visit the agency's identity-theft page for instructions on reporting ID theft.

After writing on this topic for some time (including the useful posts How Long Does It Take to Clear Your Name if Your ID is Stolen? and Identity Theft Not that Big of a Deal (And What to Do If You're a Victim)), it seems like one key to how painful the loss will be for you -- at least one key that you can control -- is the speed at which you contact the appropriate organizations and tell them about the theft. The faster, the better. So once you suspect your identity has been stolen or mis-used, don't delay in acting. The sooner you stop it in its tracks, the sooner (most likely) the thief will move on to an easier mark.

In Identity Theft Not that Big of a Deal (And What to Do If You're a Victim), I highlighted a couple of comments where the posters said it took them only a few hours to clear their names after their identities being stolen. In response, I said:

I guess the learning here is that identity theft doesn't necessarily sentence you to an extended trip to financial purgatory.

Here's how a couple people responded to this thought:

Both my wife and I had out IDs stolen this year (we bought a house in Feb, and figure somewhere along the line our data was stolen/sold). Let me give a plug to Citibank later on, the first card was opened in my name at Sears (whose credit is run by Citi) and the thieves spent $2400. Citi thought that this was unusual, so they red flagged it, and found out that the phone number the thieves put down didn’t match the one on my credit report. They called me to ask if I had opened an account in Phoenix that morning. Living in Oregon, I told them I hadn’t. They closed the account and advised me to call the credit agencies, which I did, and put the fraud alert on my account. Good thing too, I stopped these bastards from opening 3 more cards in my name. This was on a Saturday.

On Sunday, I thought it might be a good idea to put a fraud alert on my wife’s credit report, just in case. Turns out that was a smart thing to do, the thieves opened 2 accounts in my wife’s name (spending close to $5000), but we stopped them from opening 2 more accounts before they gave up using our information.

Now my accolades for Citi, They did a great job in contacting me, on a Saturday nonetheless. But that’s not all, I have had a CitiCard sine 1994, and they have an ID theft department open to any Citibank customer (I never noticed the commercials until after this event, you know the ones with a guy working out, but he’s got the voice of a valley girl). Let me tell you how great this service was. The lady who helped me got all my information about what had happened, called three-way to TransUnion and did all the talking while I listened to her clean up my credit report. While they only work with TU, it was helpful to listen in and learn the things I would say to the other 2 credit agencies. I just can’t say enough good things about Citibank.

All in all, it took a good 15-20 hours to clean up our ID theft, which wasn’t really that bad since we were able to stop the thieves the same day. I would have hated to have received the cards and statements later on and try to fix it from there. Final word: get a CitiCard - no annual fee, good rates, decent rewards programs, and Citi Identity Theft Solutions.

So, another vote for "not that long" to clean up a problem. Seems like one must-do is to contact your banks and the credit agencies quickly. Also a good plug for Citibank credit cards. Sounds like they really do work.

But not so fast. Here's what the next commenter had to say:

Your situation was pretty simple, but the FTC says it takes on average 600 hours to get your life back to normal once your ID has been stolen. Your situation is more credit card fraud than ID Theft.

Ok, maybe that's the point we need to highlight -- the difference between some credit cards being stolen and someone's total ID. Maybe the former doesn't have to be that long, but the latter can be a real mess. Does this sound like a viable explanation?

For more on identity security, see these posts:

• Protect Against Net Threats

• Assessing Bank Safety

• Identity Theft is Worse than You Think It Is

• Don't Get Hooked by a Crook

After writing several posts on identity theft, I penned Identity Theft Statistics, Part 1, How Much Money Does the Typical Victim of Identity Theft Lose? to discuss how much the typical victim loses when identity theft happens to him/her. On this post, I received two surprising comments. I had always thought that one of the major hassles of your identity being stolen was that it took hours and hours (if not days and even weeks) to correct. After all, we've all heard the horror stories, right? Well, these two commenters paint a different picture. Here's the first:

I was the victim of identity theft last year. The balance charged in my name was around $600, and it took about 3 hours to get everything straightened out with all of my creditors and the Big Three reporting agencies.

Of those three hours, I don't think a single second was spent during "worthwhile" time. It was all early evening hours when I would have just been watching Jeopardy. I certainly didn't have to adjust my schedule or work or miss a beat there. Everyone I needed to talk to was available 24/7 or close to it.

I think identity theft is so common these days that the powers that be have really streamlined the process for correcting it.

Maybe it is so common that companies have handling it down to a science, but this was a real surprise to me.

The process was even easier for the next commenter:

I was a victim of identity theft a few years ago. Whoever stole my identity wasn't able to charge anything. I spent about an hour contacting the three credit bureaus. It was a hassle but not that big of a deal.

Ok, color me very surprised.

I guess the learning here is that identity theft doesn't necessarily sentence you to an extended trip to financial purgatory. And as far as what to do if you're a victim, it appears the best bet is to act fast and contact the credit bureaus and your credit companies. If that happens, the process can be not that bad at all.

How about the rest of you -- anyone else out there who's had his/her identity stolen. Was it easy or hard to get corrected? Any tips for the rest of us?

Here's part 5 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:

What age group is most susceptible to identity theft?

The answer:

25 to 34. Contrary to popular belief, seniors had the lowest rate of ID theft, while 25- to 34-year-olds were most at risk. Why? The lifestyle of many Gen X-ers--going out often and trading personal information on MySpace.com and other social networking sites--creates more opportunity for identity thieves.

My thoughts:

1. Again, I'm very surprised at this finding (I guess that's the purpose of this piece, huh?). I would have guessed seniors all the way. But now that they explain it, it does make sense.

2. Add ID theft to the list of financial topics you teach your kids about. Then, when they are young adults, they'll be more guarded with their data and less likely to get into trouble.

Click here to read part 1 in this series.

Here's part 4 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:

Identity theft on the Internet is growing.

The answer:

False. Online fraud made up 9% of ID theft cases in which the source was known last year, down from 11.6% in 2004. People who bank online typically uncover fraud in 22 days vs. more than a month for paper accounts.

My thoughts:

1. I'm not sure I buy this information. Online may be down as a percentage, but the total number of cases could still be up (may the other forms of ID theft have grown at faster rates). I can't tell the true story from these stats though, there's not enough here.

2. Either way, I am surprised that Online ID theft isn't skyrocketing. With all the pfishing going on, I thought it would have been much, much higher.

3. Looks like there's another advantage of banking online -- faster detection of ID theft.

Click here to read part 5 in this series.

Here's part 3 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:

What type of identity theft is the most difficult to detect?

The answer:

Fraudulent accounts opened in your name. It takes an average of 152 days for victims to find out that a new account has been opened in their name. That's because only a credit report or notice from the lender or a collection agency will alert you to the new account's existence.

My thoughts:

1. I would have thought "charges to a credit card you already have" would have been the "winner" here.

2. This is why I have checking my credit reports as part of my New Years resolutions.

Click here to read part 4 of this series.

Here's part 2 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:

What is the most common way your identity is stolen?

The answer:

Among victims who could pinpoint the source of ID theft, 30% blamed a lost or stolen wallet, checkbook or credit card. Dumpster diving, in which your personal info is lifted from documents you throw out, made up less than 1% of cases, down from 2.6% in 2004, as some 70% of people now shred paper files (keep shredding!). However, in 8% of cases, info is stolen out of mailboxes before you have a chance to shred. Since credit-card offers make it easy to open an account in your name, call 888-5-OPTOUT to stop unsolicited card applications.

My thoughts:

1. So, if 30% can be traced to a lost or stolen wallet, checkbook or credit card, 8% to stolen mail, and 1% to dumpster diving, what happens in the other 61% of cases? Am I missing something here?

2. I shred religiously, though it does create another problem -- my kids want to scatter the confetti all over the house. ;-)

3. We've stopped putting our flag up when we put mail in our box (out-going) and we usually pick up mail within an hour or so of its arrival.

4. I opted out last year and my credit card mail offers has dropped DRAMATICALLY. It really works.

Click here to read part 3 of this series.

I've written a lot about identity theft over the past year (see my identity theft category for a listing of posts), but not much recently. So I thought I'd make up for lost time by doing a short series on the topic.

I found an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so let's start with the first question:

How much money does the typical victim of identity theft lose?

The answer:

More than two-thirds of ID theft victims didn't lose a dime last year. (Of course, that means some people did end up out of pocket: The average loss was $422 vs. $675 in 2004.) Why? Federal law limits your liability--$50 for credit cards; $500 for debit cards--if you report the fraud within 60 days. And most issuers offer even stronger protections, guaranteeing that you won't be on the hook for any of the bill. The real cost to you is time and stress: It takes the average victim 40 hours of effort to restore his or her good name.

A few thoughts here:

1. Wow. I would have guessed a few thousand dollars would have been the average. $422 seems low, but I guess it makes sense as explained by Money.

2. 40 hours basically doubles your cost if your time is worth $10 per hour. If it's worth more, like I'm guessing is the case for most of us, this will be even a bigger cost/frustration than the actual money lost.

Click here to read part 2 of this series.

If you're like me, you do a good deal of your shopping online. And, if you're like me, you want to be sure you're shopping safely and that your financial and personal information isn't at risk. Money Central helps us all out in this article, giving tips for shopping safely online. Their thoughts:

• Bigger names equal better protection.
• When in doubt, check them out. If you go with an unknown merchant or Web site, contact someone there who can verify the company's privacy policy for you before you make a purchase.
• Encryption doesn't equal security.
• When sharing is a bad thing. Shared computers, such as the ones available to multiple strangers at computer centers, are a big no-no, says Branigan.
• Pay with a credit card. We got a resounding answer from the experts: Credit cards are the safest method for online purchases.
• Suspect the suspicious. If you're at the checkout page and the site asks for your date of birth and Social Security number, be very careful.

Good tips. I use them all. In particular, I like #1. And since I do most of my shopping with Amazon.com, I'm in the heart of "Safe-ville." ;-)

As long as you're careful, shopping online is actually SAFER than shopping offline. At least according to Money Central:

Shoppers should be aware that as long as they are dealing with reputable companies, online transactions are far more secure than the face-to-face transactions people perform every day, says Stickley. Online transactions eliminate the middle man, such as the waiter who processes your credit card payment, so there are fewer people to physically see your private information.

How about you? Are you an online shopper? If so, how much of your total spending? Where are your favorite (recommended) places?

Here's some news no one will find surprising, identity theft topped the list of FTC complaints last year. Here are the facts:

For the sixth year in a row, identity theft tops the annual list of consumer complaints collected by Federal Trade Commission. But the number of consumers victimized via wire transfer has skyrocketed, tripling in the past two years, the FTC said.  And child ID theft cases have nearly doubled in that span.

While the number of complaints only edged up about 5 percent from last year, the dollar losses appear to be rising rapidly. In 2005, 49 consumers reported losing $1 million or more during 2005, the FTC said, compared with 42 in 2004.  Nearly 14,000 victims said they'd lost over $5,000 to a con artist, a steep jump from just over 11,000 in the previous year. Average losses were $2,400 per victim; median losses were $350. In 2004, the average was $1,846 and the median was $263.

This is what I was talking about when I posted that identity theft is worse that you think it is. It's bad. And it's not going away. And now they are targeting children. Yet the laws protecting information and punishing criminals are not there yet. Isn't this a crime? When are we going to see some action to make the punishment for stealing IDs a serious offense?

Here's an article from Kiplinger's that promises how to secure your PC from worms, viruses and hackers in less than an hour. Their tips:

• Use security software.
• Patch your OS.
• Secure your browser.
• Be alert while you surf.
• Handle e-mail with care.
• Read all messages in text-only format, not in HTML or rich-text format, and turn off the preview pane in your in-box.
• Raise a firewall.

Good tips! Identity theft is an issue we're all going to have to deal with for a long time to come. It's best if we take as many precautions as possible -- especially since the current identity theft laws aren't that strong and certainly aren't deterring criminal activity.

For more information on this topic, see these posts:

• Beware 'Debt Elimination' Scams
• Assessing Bank Safety
• Identity Theft is Worse than You Think It Is
• Don't Get Hooked by a Crook

Here's a piece from Money Central that gives us 10 ways to stop identity theft cold. It starts out by telling us how bad identity theft is:

The numbers associated with identity theft are beginning to add up fast. A recent General Accounting Office report estimates that as many as 750,000 Americans are victims of identity theft every year. And that number may be low, as many people choose not to report the crime or, for that matter, even know they’ve been victimized.

But the heart of the article is the set of tips they give. The tips for stopping identity theft are:

1. Destroy private records and statements.

2. Secure your mail.

3. Safeguard your Social Security number.

4. Don't leave a paper trail. Never leave ATM, credit card or gas station receipts behind.

5. Never let your credit card out of your sight.

6. Know who you're dealing with.

7. Take your name off marketers' hit lists.

8. Be more defensive with personal information.

9. Monitor your credit report.

10. Review your credit card statements carefully.

My thoughts:

1. I have a shredder and use it religiously.

2. We mail our bills from home but never put up our mailbox flag. However, I am converting more bills to electronic pay options.

3. We don't do this.

4. We don't do this either. I keep track of EVERY receipt.

5. This is hard to do, especially at restaurants (the card part). Not sure what the solution is.

6. I don't give out this information unless I see a need that they have it.

7. Did it awhile back. We still get some calls.

8. Isn't this the same as #6? My answer is the same.

9. This is one of my New Year's resolutions.

10. I reconcile every credit card statement and review all bills carefully. Not only does it help identify potential identity theft issues, but can also save you a bunch of money.

For those personal finance bloggers out there looking for some free promotion for your site, the MoneyBlogNetwork has an opportunity for you.

We're naming a Site of the Week every week -- a spotlight on one specific personal finance blog. If you want to be considered, stop by AllThingsFinancial and email JLP. He's collecting the applications.

Speaking of AllThingsFinancial, I have to say a public thank you to JLP. He's answered a few tax-related questions that FMF readers have had and he's always done a great job -- very thorough. Thanks, JLP!

Finally, AllThingsFinancial has a post on how Ameriprise Looses Data on 230,000 Clients and Advisors that you may want to check out. Here is an overview:

Ameriprise Financial, the investment advisory unit spun off from American Express last year, said today that lists with the personal information of about 230,000 customers and financial advisers were potentially exposed to fraud.

The breach occurred in late December after a company laptop was stolen from an employee's car. It contained lists of reassigned customer accounts that were being stored unencrypted on a computer in violation of Ameriprise's rules.

The information on the laptop included the names and Social Security numbers of more than 70,000 current and former financial advisers and the names and internal account numbers of about 158,000 customers. The data was being stored in separate lists, but it is possible that there could be some overlap between the two.

Are these companies crazy!!!!???? This info is on a laptop -- in a car -- unguarded? When will they learn????

Add Ameriprise Financial to the identity theft blacklist.

It seems like everyone wants an easy way out of everything. People spend like maniacs for years, then want to pay someone a simple fee to get rid of all their debt. It doesn't work like that, folks!

Here's a piece from Bankrate on debt elimination scams and how to handle them:

Eliminating debt is kind of like losing weight by not eating for two weeks. Firstly, it doesn't work and secondly, you get unintended consequences from trying, like injuring your health. Same thing with debt -- you have to earn more and spend less if you really want to eliminate debt from your life. There really are no quick fixes for either problem.

Of course, the scams abound, and you've run across one. One is that credit card lending is really illegal, so if you stop paying them and they take you to court, you'll win with the secret, and expensive, legal strategy you will be sold. Yours is a variation on that theme -- it's a scam, pure and simple. They probably want a big upfront fee. Don't pay it.

The piece ends with some very good advice:

My advice is to be very careful when strangers approach you with offers. They could well be identity thieves. Ignore these claims and work on getting yourself out of debt the old-fashioned way. Take a good, hard look at your income and expenses and look for ways to either increase the income or decrease the expenses until you can lighten your debt load.

If you want to get out of debt, check out some of these posts -- they may be of help to you:

• Get Out of Debt
• Nine Ways to Pay Off Debt
• 8 Ways to Consolidate Debt
• The Two Dumbest Ways to Pay Down Your Credit Card Debt
• Alarming Credit-Card Tricks

If you weren't scared enough of by the ways someone could get your money, this piece from Market Watch that details additional ways your bank can help you lose your money. They start by listing several ways banks can lose your money that aren't covered by federal insurance:

• Deposits of more than $100,000 per person, with certain exceptions -- often based on the way you structure account ownership. Pending legislation soon could increase retirement account coverage and index deposit insurance to inflation.
• Errors and omissions of bank directors.
• Internet fraud.
• Embezzlement by employees.
• Securities losses.
• Unauthorized access to your account.
• Contents of safe deposit boxes.
• Notes or debt obligations of a bank.
• Losses due to robberies.
• Catastrophes.

Yikes! Who would of thought all these things weren't covered? Ahhhhh, but they are -- just in a different way:

Fortunately, banks carry a "blanket bond," which may provide protection for some of these perils. This is a multipurpose insurance policy a bank purchases to protect itself from fire, flood, earthquake, robbery and embezzlement.

So, now that we're feeling secure again, they hit us with more bad news:

It's a good thing banks carry extra insurance. The fastest-growing area for claims is employee dishonesty, according to experts at two of the more prominent bank blanket-bond providers -- Progressive Group and Chubb Specialty Co. In fact, both report banks have been increasing insurance deductibles lately as they seek higher coverage limits.

The piece ends with some tips on what you can do to make sure you and your money are safe at a bank:

Call 1-877-ASK FDIC or visit www.fdic.gov to make sure all your deposit accounts are fully FDIC-insured in the event of a bank failure.

If you use a bank safe deposit box, don't expect the bank to insure its contents. Make sure your homeowners insurance covers anything valuable.

Consider avoiding bank branches during opening or closing times.

When you visit your bank branch, see different employees. Employee embezzlements frequently involve those who are most trusted.

Monitor your account statements.

Good advice to follow. Another option to consider is banking online -- at least as much as you can.

Overall, I don't think you have to worry about a major bank losing your money (for any reason) and not making you whole again. If they didn't, word would get out, their reputation would be ruined, and their business would really be hurt. However, you still need to monitor and take responsibility for your own financial security. A bank, no matter how protective, will never be as concerned with your finances as you are.

Here's part 4 of a piece from Bankrate listing ten things to stop doing in 2006:

7. Stop identity theft.

8. Stop phishing.

Identity theft is a topic that (unfortunately) will continue to be in the financial news for quite some time. Here are some of my posts on the topic that will help you combat this evil:

• Let It Rip
• Identity Theft is Worse than You Think It Is
• ID Theft: It's Only a Matter of Time
• Consider Security when Downloading Bank Information
• Don't Get Hooked by a Crook
• Online Banking is Still Safe

Click here to read part 5 of this series.

Free Money Finance recommends Emigrant Direct.

Here's part 3 of a piece from Bankrate listing ten things to stop doing in 2006:

5. Stop counting on Social Security.

6. Stop leaving checks in your mailbox.

My thoughts:

1. I'm counting on NOTHING from Social Security. If I get $1, that will be $1 more than I expect.

2. We still leave checks in our mailbox, but we don't put up our red flag. We get mail every day anyway, so the mailman already stops at our box -- no need for the flag.

3. For more information on saving for retirement, see these links:

• The World’s Best-Kept Retirement and Investment Secret
• Getting Rich is Simpler than You Think
• 10 Tips to a Prosperous Retirement
• How Average Joes Can Retire Rich

Click here to read part 4 of this series.

Here's an update from MSNBC on some future changes to online banking:

By the end of next year, it may take more than just an ID number and password for bank customers to access their online accounts. In the face of increasing online banking fraud, federal agencies announced they are requiring all financial institutions in the country to beef up their Internet security measures by the end of 2006. That means customers may soon have to navigate through more security screens.

A couple banks are already in the lead in this area:

Bank of America is the first out of the gate with its new SiteKey picture-recognition service, which it will require all customers to use starting in early 2006. Customers choose a picture when they first visit and are presented their choices in subsequent visits to assure them the site is not fake.

This month, Washington Mutual announced that it now uses a version of computer fingerprinting that analyzes every online login and transaction, scores the potential risk of identity theft based on a broad range of criteria, and invokes additional authentication methods if needed.

Here's a word of caution (and some reassurance) if you bank with a smaller bank:

Because big banks are bulking up their online security measures, phishers and scammers are reportedly moving down the chain to medium-sized and small banks, but Litan said many of them are well prepared to meet the threats.

Finally, someone is doing something about identity theft and the security of financial information. For more on this topic, see these posts:

• Mortgage Data on Two Million People Lost
• Let It Rip
• Fewer Americans Banking Online

I had heard this news the other day and assumed everyone was up to speed on it, but a note from a reader (thanks, Dan) suggested I share it with everyone since blog coverage seemed light. So here's the bottom line from MSNBC:

A subsidiary of LaSalle Bank Corp. said Friday a tape containing information of about 2 million residential mortgage customers around the country was lost as it was being transported from Chicago to Texas.

ABN AMRO Mortgage Group Inc. said that it has had no indication the information was misused in any way, but that it is notifying residential mortgage customers and has arranged for them to enroll in a credit monitoring service for 90 days at no cost.

Data on the tape include residential mortgage customer names, their social security numbers, payment histories and account information, according to ABN AMRO. LaSalle Bank spokesman Shawn Platt also said the tape is not something a person could take home and look at on a computer.

According to the company, a package containing the tape was picked up at its data processing center in Chicago by express mail company DHL on Nov. 18. But the tape never reached its destination — a credit bureau facility in Allen, Texas.

1. How does this happen???!!! Two million people impacted?! This is simply criminal. AMN AMRO and/or DHL needs to compensate the people impacted if, for nothing else, the fear of potential identity theft. It's simply careless and there's no reason for it.

2. This sort of loss seems to be more and more common. We need to fix the system somehow. I'm generally not a proponent of legislating penalties against corporations for this sort of stuff (my feeling is that the market will handle it as consumers flee companies that allow this to happen), but it appears that companies are not taking the issue seriously.

3. Thankfully, I don't do business with ABN AMRO. If I did, I'd be moving as soon as possible.

Update: The tapes have been found.

Every year I do at least one check of my credit reports and 2006 will be no different. I do it mostly for security purposes -- to make sure there is no inappropriate activity in my name -- but it's also good to review the various credit cards I have not used for years that are still "open". I usually take action to close them when I locate one, but like weeds in summer, they just seem to keep popping up. ;-)

If you're not checking your credit reports at least once a year (if not more), you are leaving yourself open to the possibility of having your identity stolen and not realizing it for a long time. You should resolve with me to check your report(s) this year.

For more on the subject of identity theft, check out these posts from Free Money Finance:

• Let It Rip
• Keep Your Identity Safe During the Holidays
• Net Scams Can Snag Those Who Bank Old-Fashioned Way

Here's a piece that discusses a simple but effective way to guard yourself against identity theft: shred documents that you are tossing that contain personal information (subscription required).

Here's Money's case for shredding:

Everyone's been warned about identity theft. The idea that some hacker can snoop around your hard drive, obtain some account numbers and passwords, and clean out your funds has Americans reaching for the nearest Internet-security software. But it is far less likely that someone is going to break into your computer than that someone will sift through your garbage to get the same information.

One of the best ways to foil trash-picking identity thieves is to shred all sensitive documents before throwing them out. But which shredder to buy?

They wanted to know what the best shredder was, so they conducted a test:

I tested five of the top consumer cross-cut shredders on the market, which range in price from $40 to $380--as I wanted to know if a shredder that is 10 times the price is 10 times as good.

And the winner is:

The Fellowes 8-Sheet Cross-Cut shredder is an ideal at-home machine.

Because:

• Low noise levels when operating
• Auto stop/start, so you don't have to keep switching the machine on or off
• A paper-bin window so you can easily see when it needs to be emptied

The piece then ends with a vital shredding tip:

Make sure you get a cross-cut shredder. Strip-cut shreds are much easier to put back together.

Here's part 2 of a piece from Smart Money that offers several tips for keeping your identity safe this holiday season. Today we'll cover their online tips:

• Beef up your computer's security.
• Don't link to sales and offers through your email.
• Shop at trustworthy sites.
• Make sure the site is secure.
• Limit yourself to one credit card for online shopping.
• Get a temporary credit-card number.

I guess you learn something new every day. I didn't know about the temporary card numbers. Good info!

However, I will use the previous tip instead -- putting all my charges on one card. Not only is it safer, but it helps me maximize my cash back reward as well.

Identity theft does not take a holiday just because the rest of us are celebrating. Here's a piece from Smart Money that offers several tips for keeping your identity safe this holiday season. We'll cover it in two parts -- the first dealing with tips to take offline and the second dealing with online tips.

Here are their offline ideas:

• The first and perhaps simplest advice is to hang onto your receipts.
• Streamline your wallet. Only bring with you to the mall those items you must have.
• Keep track of your credit card.
• Safeguard your purse or wallet.
• Pay attention to your surroundings.

Some good tips here. In particular, I found the last tip very helpful. I often put my card down on the counter for the clerk to take (and for the whole world to see in the meantime). I'm going to stop doing that.

Click here to read part 2 of this series.

Here's a stat from Business Week about older Americans and online banking:

21% of Americans 55 or older are banking online, down from 26% in 2004. Many feared their data might be sold by the bank or stolen.

Reasonable fears, as I've covered before:

• Identity Theft Issues Everywhere
• Identity Theft is Worse than You Think It Is
• ID Theft: It's Only a Matter of Time
• Consider Security when Downloading Bank Information

Here's part 5 of a piece detailing very bad financial happenings Bankrate.com readers have suffered:

Morbidly mistaken

I moved to a different state, so I went to get a new driver's license. I had a real rude awakening when I found out I was not allowed to get a license in that state or any other. I looked into the matter further only to be told, months later, that I could not prove that I wasn't a guy (which I am not) with many warrants against me in California, or that I didn't have outstanding debts in two other states, charged up by two different guys! They all had been using part of my name and my Social Security number. As I attempted to contact all the places I apparently had issues with, I was given the runaround. After I convinced the banks and a county attorney that I was not the person they were looking for and I could prove that the Social Security number I had did legally belong to me, these agencies cut off communication with me. Then I had to go through Washington D.C., to get a license in the state I currently live in. It has taken me a whopping seven years to obtain one! All in all, the matter has been going on for 10 years. My credit score has dropped considerably and I have even applied to have my Social Security number changed.

How did this happen? My Social Security number was the same as someone else's tax ID number in another state. I also found out that if you have a person's name, address and Social Security number, it's pretty easy to get any of the three credit bureaus to send you a credit report -- which is what had happened to me. When I sent for a credit report at my lawyer's suggestion, I found out that one of the agencies had already sent my report to the party who had the same tax ID number! Not much can be done once they send out your credit report to another person. That party has all my private information; he knows all my account numbers from every financial institution I have used, as well as all my previous names, addresses, etc. All this happened even after the identity theft notification was listed with all three bureaus.

Now THIS is a horror story!  Identity theft is certainly a nightmare.

For more thoughts on this issue, see these posts:

• Identity Theft Issues Everywhere
• Identity Theft is Worse than You Think It Is
• ID Theft: It's Only a Matter of Time
• Consider Security when Downloading Bank Information

Click here to read part 6 of this series.

Free Money Finance recommends Emigrant Direct and You Need a Budget.

Here's a piece from USA Today that highlights the fact that you aren't safe from identity theft simply because you bank offline. Here's one person's story:

Scott Cummins prefers to bank and shop the old-fashioned way. The 45-year-old insurance company manager from Columbus, Ohio, has never used online banking services and only occasionally shops on the Internet. So Cummins was perplexed when collection agencies began demanding payment for online purchases made on a Wal-Mart MasterCard and a Gap store credit card issued to one C. Scott Cummins.

It took Cummins a month and a half to establish that he identifies himself as Scott Cummins — not any other variation of his legal name, Charles Scott Cummins — and that he was a victim of personal data theft and online fraud.

Cummins' Social Security number was sucked into a thriving online market where crime rings wheel and deal in personal data for millions of individuals.

Here's how the criminals work:

Thieves make online purchases with stolen credit cards, or, as in Cummins' case, go online to create new accounts by associating a slightly altered name with a stolen Social Security number.

The basic scam is not new. But data thieves and scam artists have begun using the speed and anonymity of the Internet to dramatically extend their reach.

"Criminals find gaps in the system and exploit them by intentionally manipulating identities," says Terrence DeFranco, CEO of security software firm Edentify.

And the criminals are organized:

ID Analytics of San Diego recently analyzed a sample of 300 million applications for credit, debit and new loan accounts submitted to companies using its identity risk-management software from 2002 through 2004. It found evidence of dozens of fraud rings operating across the USA.

One ring submitted 100 loan applications for 50 stolen Social Security numbers, two per number, in an attempt to avoid suspicion. In each instance, the victim's name was submitted along with a new billing address, a cellphone as a home number and the main line to a Los Angeles-area hospital as a work number.

What can you do? Here are a few posts that may help you protect yourself:

• Don't Get Hooked by a Crook
• Consider Security when Downloading Bank Information
• ID Theft: It's Only a Matter of Time

Free Money Finance recommends Emigrant Direct for its 4.0% yield and You Need a Budget for its power, easy of use, free offers, and 60-day money-back guarantee.

Identity theft isn't going away. That's why I like to post regularly on the topic -- to remind people to be careful and offer suggestions for keeping yourself safe.

Here's a post from Kiplinger's that detail five ways to avoid becoming an identity theft victim. First, let's start with the statistics:

Becoming the victim of online identity theft is like playing the lottery. The odds are long, but if your number's up, there's a lot of money involved. A recent study by Javelin Strategy & Research says that although there were as many as 9.3 million identity-fraud victims in the U.S. in 2004, fewer than 2% of them were victimized by phishing. Javelin estimates losses to phishing last year totaled $367 million.

Here's a definition of phishing for those of you not aware of it:

Phishers are pirates who try to steal your personal information by casting millions of phony e-mails out on the Web that purport to be from well-known institutions (two of the most commonly used are online-payment vendor PayPal and auction site eBay). Embedded in the message is a link to a fake Web site that looks like that of the real company. Often the e-mail reports a problem with your account and instructs you to click the link to fix it. Once you're at the fake site, you're instructed to enter your user name, password, identification number and other personal data. As soon as you do, the phishers can drain your accounts or make unauthorized purchases.

Unfortunately, these guys are getting better at being bad:

These schemes are becoming more sophisticated. The latest phishing ploys use the simple act of opening an e-mail to get their hooks in you. Once you click on the message, pernicious software is installed on your computer, such as a keystroke logger that monitors your online activity. As soon as you log on to a bank site, for instance, it records your keystrokes -- and so grabs your user name and password.

Another slick trick: personalized phishing. The bad guys hack into a merchant's database and copy e-mail addresses with names and account numbers. They then send you personalized messages that appear legitimate because they include your name and account number. The e-mail directs you to a Web site to fill in forms for "security reasons," says Amir Orad, of Cyota, which sells anti-fraud systems to financial institutions.

Here's what Kiplinger's says you can do about it to protect yourself:

• Don't click the link. Even if an e-mail looks official, don't respond to it. Close the e-mail and log on to the merchant's or bank's site to contact customer support. Or phone the institution and ask about the e-mail query.
• Load anti-virus, anti-spyware and firewall software on your PC. This simple step will help prevent criminals from installing keystroke loggers and other harmful programs on your computer.
• Vary your passwords. Many of us use the same password for multiple sites, including those with poor security. If a less secure site, such as a local mom-and-pop retailer, is hacked, the crooks can gain access to your other accounts. To avoid the hassle of remembering a host of different passwords, consider Pass2Go ($40; www.roboform.com), a product that will remember them all for you and input them with the click of a button on your browser. Pass2Go saves your passwords to a USB flash drive (for an extra $10, the company will sell you the drive). It's simple to unplug the gum-pack-size drive and drop it in your pocket, keeping the passwords stored on it out of hackers' reach.
• Protect your social security number. Never use your SSN as your login ID. Phishers can cause all kinds of mayhem if they get your number.
• Wipe the disk. Before tossing an old computer, overwrite all the files on the hard disk, which may contain plenty of personal information. (With the right software, deleted files are easy to recover.) Many software utilities overwrite disks, including Eraser, a free program available at www.heidi.ie.

Good advice -- tips we should all follow.

For more on identity theft, see these posts:

• Celebrate Shred Day!
• Consider Security when Downloading Bank Information
• ID Theft: It's Only a Matter of Time
• Identity Theft is Worse than You Think It Is

Here's a fun and interesting article from Yahoo news about Shred Day:

Residents of Columbus, Neb., will be setting Shred Party protocol this Saturday when they're invited to cart up to 100 pounds of their most sensitive documents to the Columbus United Federal Credit Union for confidential and free shredding, provided by "Shred-it" of Omaha.

The event is designed to teach about the dangers of identity theft (and keeping old high school yearbook photos around).

Destroying documents with personal information -- such as old credit card and utility bills, trash-worthy tax documents, brokerage and bank statements -- is one way to thwart identity thieves.

This is a GREAT idea! Not only does it highlight a topic that needs to be brought more to the forefront, but you just have to admire the person marketing Columbus, Nebraska. What an innovative and creative way to get his/her town noticed!

Looking for a great gift that has an almost infinite investment return? Here are three recommended by Free Money Finance:

• The Millionaire Next Door
• The Richest Man in Babylon
• The Automatic Millionaire

FYI: FMF Ad Policy (Only Things I Use/Believe In; All Goes to Charity)

Yesterday we talked about how you can avoid fees when downloading bank data with Money or Quicken. At the bottom of this piece, Smart Money advises us to consider security when downloading financial information. Here's why:

If you opt to download your financial information, you open yourself up to security concerns. Should someone hack into your computer, all of your financial information could be stolen or exposed. "It would make impersonating you very easy," warns David Maynor, a security researcher at Atlanta-based Internet Security Systems Inc.

Here's what the software companies are doing about it:

Microsoft and Intuit say they take security seriously. Both programs use complex encryption, and never keep all of your information on your hard drive. So, for example, a program might store your bank username and account number, but not your password or PIN.

But you're still at risk:

Maynor says that's not enough — many viruses, spyware programs and worms target Quicken and Microsoft Money files. He advises you to take precautions when downloading information and storing it.

Here are his suggestions:

Downloading. It's less common for thieves to capture information in transit, called a man-in-the-middle attack, but it does happen. Download your account information only at home, where you can control the security. Even at work, your employer might be monitoring your computer use, and might inadvertently capture some of your personal data.

Storage. To keep your information safe, make sure you stay up to date with your computer system security patches. You should also install a good firewall and regularly update your virus program. Your best bet is not to store the financial information on your computer at all. Instead, keep it on a secondary storage device such as a disk or a flash memory plug-in.

Good advice for us all to follow.

With all the news about ID Theft (just see the "Identity Theft" link on the right of this blog under "Categories" for a few posts), you may be thinking that everything online is unsecure. Fortunately, this is not true.

I ran into an article from Money magazine titled Online Banking: It's Still Safe that advises:

"Don't let all the news about data loss scare you away from the convenience of online banking."

Their reason for this statement is pretty straightforward:

"Reports of rampant Internet fraud and identity theft have led many to conclude that the convenience of online banking and shopping isn't worth the risk. That would be the wrong conclusion. The majority of ID theft occurs outside cyberspace. Banks, credit-card issuers and online retailers are rolling out more effective security features."

However, they still recommend you take the following precautions when banking online:

Sign Up for Security -- Some banks have made it harder for a crook to access your account even if he's stolen your card number or your user ID and password. In many cases these programs are optional, so be sure to opt in. Note: The longer and more complex your password, the harder it is to hack -- so mix in numbers, random letters and symbols.

Lock Down Your Browser -- Make sure you regularly download Windows updates, which often include security patches. Use current antivirus and anti-spyware programs like Norton AntiVirus 2005 and Spybot Search & Destroy (free at www.safer-networking.org). And release your credit-card info to an online retailer only if you see a locked padlock icon in the lower corner of your browser window, as well as "https" in the URL, not just "http."

Don't Take the Bait -- Phishing attacks -- in which an e-mail poses as a message from a bank or commerce site and lures you into divulging information -- duped more than 2 million people in the past year.  No legitimate financial institution will ask you to supply personal info via e-mail. When in doubt, call customer service. Never click on links or pop-ups or send back personal info.

Use Credit, Not Debit -- The pay-as-you-go ethos of debit cards is good financially, but for security purposes, credit cards have the edge. They act as a buffer: If your card is misused, you won't be out actual money before you resolve the situation. Credit-card issuers also have greater legal obligations when it comes to how much they can hold you responsible for and how quickly you have to report fraud before you're on the hook.

Keep Watch -- The beauty of online accounts is that you can monitor them almost in real time. That means you can catch crooks long before a statement arrives in the mail.

An article at Money notes that "the odds are increasing that [ID theft] could hit you." Here are the stats:

• The personal data of nearly 50 million Americans have been exposed this year.
• As many as one in six people are now vulnerable to identity theft.

And it's time to face the music:

"It's time for all of us to concede that our data ultimately cannot be defended -- which is why it's only a matter of time before your identity is compromised in some way, big or small."

What's the solution? Money says:

"The solution doesn't lie in better corporate security or more vigilant card issuers, although those would help. It's in making sure that if your data does go missing, it can't be used against you. You should have the simple right to request a credit freeze, which stops anyone from looking at your credit report, making it next to impossible for a thief to open a fraudulent account."

But will this happen? Not likely:

"Congress has been pounding tables to look responsive but to date has shown little appetite for giving you that ultimate protection: a credit freeze any time you want one. This may have something to do with the fact that the financial services industry, which generally opposes freezes, ranks first in campaign contributions to House and Senate members."

So what can you do? Here are some simple steps to take:

• Get a free credit report -- As of Sept. 1, residents of all 50 states can get one free credit report a year from each of the three credit bureaus. Request one every four months, not all three at once, to create your own free credit monitoring service. Go to www.annualcreditreport.com.
• Guard your number -- When a business asks for your SSN, offer your driver's license number instead. If you carry a Medicare card, make a photocopy and black out all but the last four digits.
• Shred -- Invest in a crosscut shredder, making it harder for dumpster divers to put your records back together again.
• Bug Congress -- This may be one of those rare moments when voters could overpower lobbyists. www.Financialprivacynow.org has a sample e-mail you can send that demands more control over your own data. Your plan of attack couldn't be any easier.

Update: It's time to post to the Beltway Traffic Jam.

As regular readers of this blog know, I follow events relating to identity theft pretty closely. In fact, I post on it so often that many of you probably think the name of this site is Free Money Identity Theft! ;-) 

But Even I was shocked when I ran onto a post by Trey Jackson that detailed how bad it was. She documented every incident she could find in the last 100 days where a company has compromised sensitive consumer data.  This is what her study has yielded to date:

• 1 out of every 6 people in the U.S. has had their personal information breached in the last 100 days. US population = 296,689,763.
• 1 out of every 4 people over the age of 18 have been exposed to identity breaches in the last 100 days. US pop. over 18 = 209,128,094 - That's 24%.
• At this pace, every consumer record in our country will have been exposed/breached/stolen in less than two years.
• 50 million consumers have had their private information breached since 4-08-05

She goes on to list 20 different exhibits that show the range of ID theft -- from hospital records to financial institutions to federal employees and everything in between.

She concludes with the following solutions:

1. We need to require that all consumer data is encrypted. (Currently only 10 percent of businesses encrypt their data.)

2. Stop people from walking around with laptops that have thousands of consumers' information on them.

3. Better computer security to prevent hacking.

4. Shred paper documents.

5. Have strict screening procedures in place for all companies that are applying to pull credit reports and/or use any consumer database.

What do you think needs to be done? What are you doing personally?

Smart Money reports that the Senate recently introduced a bill to protect against ID theft. Details are still a bit vague, but here's the Washington-speak version:

"Under the bill, known as the 'Identity Theft Protection Act,' the Federal Trade Commission would come up with rules within one year requiring companies to develop data safeguards. The FTC would also enact credentialing procedures for third parties seeking personal information as well as procedures for disposal of data."

Seems like somebody in Washington has wised up to the fact that this is a major issue:

" 'With the problem of identity theft reaching epidemic proportions, a bill designed to protect Americans is absolutely essential,' said Senate Commerce Committee Chairman Ted Stevens, R-Alaska, one of the co-sponsors of the bill."

News flash: a real-world issue has finally hit Washington, D.C. It seems to me that they should have been working on this a long time ago.

The article also reports that:

"The legislation, which would preempt state and local laws on data security, would also make it easier for consumers to put security freezes on their credit reports and make it tougher to obtain Social Security numbers."

I'm going to keep track of this one and see what happens. I'm hopeful because at least they're talking about it but doubtful because many powerful companies don't want to be held responsible for actions like losing data, handling it inappropriately, etc.