The following is a guest post from Mike at Miked Up Blog.
I had an email stop me completely in my tracks last week… I probably receive over 100 emails a day and this is the first one I can remember that made me stop what I was doing, re-read the text twice, and then take a deep breath. The emails reason for being? "After a search of the dark web, we found your email address and [other personal information] listed in multiple locations. Your person data are at risk. You should act quickly…” (that’s paraphrased)
And if this was one of the statements that were usually followed with - “Click here to buy our awesome product and you’ll be protected!!” I wouldn’t have given this email a second thought… But, unfortunately for me, that was not the case. Immediately following the Experian breach, I searched out a credit monitoring service, made a purchase, and started taking the steps to protect my personal information.
If I hadn’t completed the steps in my list below, my personal data could be floating out all over the dark web without me even knowing about it… That’s terrifying… But do you know what’s worse? More of my data could be at risk and even though I’ve paid for a monitoring service - I still may never know.
That’s why I take it upon myself to just assume all of my personal information is exposed… At all times.
So what are we to do - live in fear? Not quite… My personal philosophy is to take all reasonable and necessary precautions available so that we can continue living life as normal - just with a nice kit of body armor around our sensitive personal information.
In order to fight against being blindsided by stolen identity or financial fraud, these are the steps I take to keep my financial life as safe as possible:
Passwords (The Brains)
1- Use a different password for every account, change passwords frequently, and set up a password manager system
This isn’t 2005 anymore and the excuse of, “I can’t remember all of those passwords!!” May sound nice when it leaves your lips - but it doesn’t do you justice when it comes to protecting your accounts.
You know those passwords that certain sites make you create…? The ones with capital letters, symbols, and more than 11 total characters? Yeah - you need to be using a unique one of those for every password that’s protecting one of your accounts.
To take it a step further, you should be changing those passwords up at least quarterly… And, if we’re being honest, probably monthly.
Is that going to get confusing? Hell yes, it will. So that’s why I keep a list of our passwords for every account in a digital place that is secure and at the same time easily accessible to my wife and I. And when I do our regular password updates, it’s a simple edit for each account - then we can move on with our day and not have to worry about remembering a thing (as long as we have the key to the list, that is).
Where you keep that list is entirely up to you. And while I’m not going to divulge all of my secrets here, I will say that there are multiple free options in addition to specific products that are paid for and can address your needs. Either way - this (detailed) Step 1 is a must-do.
2- Use passcodes for your devices
Admittedly, this may be a review for the majority of readers… Regardless - it needs to be stated: Whether your passcode is of the biometric, numerical, or linear variety, every device you use should be protected by something.
What if your phone was stolen? What would they have access to? I could ask the same question for your laptop, tablet, or just about any other device you use on a regular basis. Using a passcode may be a hassle, but it’s sacrificing minimal time from your day and providing a disproportionately high rate of return - in the form of data protection.
3- Use Two-Factor Authentication
This is something that I honestly hated when it was first rolled out by my banking apps, but given a little more time - two-factor authentication (2FA) is an effective way to add an extra layer of protection to your financial data. Rather than just requiring a password or biometric check, 2FA takes your login a step further by sending a separate code to your phone or email (for example) that then needs to be inputted in order for you to successfully log on.
And as I said, the process was clunky and time-consuming in this instant gratification world I’ve become accustomed to, however, by requiring a separate passcode that is sent to a different device or location - you are making it considerably more difficult for evil-doers to gain access to your accounts. This way, if your password is compromised, a hacker would still need to obtain this second (and independent) code to gain access.
I’d rather walk the tightrope while having the safety net in place… And once you get familiar with taking this extra step to login, there isn’t much extra effort required on your part.
Physical Security (The Muscle)
I’m not talking about bodyguards here. Although, if you’re hiring… (I know a guy)
4- Don’t do business on community wi-fi
When you’re at the coffee shop and excited that you used an excellent frugal tip to score free coffee via a coupon, don’t get complacent about keeping your financial information protected. Sure the complimentary wi-fi is convenient - but it’s also incredibly dangerous. Just like it was easy for you to gain access, it is equally easy for someone to see, use, and steal your actions over that public internet connection.
As a best practice, I do not use complimentary wi-fi connections in general. However, if you are more adventurous, you’d be wise to only perform superficial tasks over public wi-fi. Browse the internet, check Twitter, etc. And if you’re in a position where you need to send a few emails or login to an account, it’d be wise to do so using a VPN - which routes your connection through a server and hides your actions. It’s not full-proof, but it’s definitely a step in the right direction.
5- Physically secure your devices
The strategy here is akin to age-old strategies of staying alert and taking good general precautions while traveling… And basically anytime you are on the go with a device or away from the home (where your devices are), there is a good range of options to put into use to physically secure your devices. Because it’s one thing for someone to hack into your computer and access your keystrokes, it’s another for someone to just grab your device and effectively eliminate the need for sophisticated hacking.
There will eventually be a post on this topic but great general precautions are to stay organized, alert, and flexible when on the go. Meaning - don’t carry more than what you can handle with a backpack, keep your hands free, keep the cell phone in your pocket and you’re head up and eyes open, etc… Self-defense starts with a general air of, “I’m not vulnerable and I know what’s going on around me.”
When you’re away from the home, there are many different alarm or monitoring services that you could use, you could install a safe, keep devices out of plain view from windows or other points of entry, in addition to many other tactics.
You’ve probably heard that “A chain is only as strong as it’s weakest link.” Take time to examine every link of your chain then fortify the weak spots. Many small positive changes can lead to big results.
6- Shred your statements and other sensitive paperwork (that you no longer need)
You may think, “Nobody is desperate enough to go through my garbage…” But my day job in the criminal justice field will show you that there isn’t much that folks aren’t capable of. In essence, you’d be surprised what people will do to get more money.
While one document may not hold the keys to your financial castle when you piece together a bank statement with your water bill and anything from a cable provider… suddenly someone is able to start piecing together a decent picture of your sensitive personal information.
That’s why it’s always best practice to shred your old documents. Or, we’ll gather the kids around the campfire in the spring and fall, and use those old papers as kindling to get the fire started. Protecting yourself and making awesome memories - priceless.
7- Don’t give out your social security number without already having closed the deal
Let’s say you’re shopping around 4 different dealerships for a new car. And while you’re trying to decide whether to lease a new car or buy either way - the dealers are each trying to close the deal. And each time that one of those dealers ‘pulls your credit’ they’re issuing you a little ding on your report - and thereby reducing your credit score. If you’re trying to boost your credit score, that’s not a good idea.
More than just keeping your credit score in good shape, letting various merchants ‘pull your credit’ to see if you’re an attractive borrower is risky. Why? Because by giving each of those businesses your social security number, you’re just giving out the most vital number in your financial profile to more people that don’t necessarily need to see it - and, unfortunately, may not be a reliable steward of your data. Are they ‘probably reputable’? Maybe. But why risk it? I don’t
That’s why, when, “We’ll check your credit” comes up in a financial discussion - I reply with:
“My credit is excellent and you’ll have to take my word for it until we close the deal.” Then rather than spreading my SSN out to 4 different dealerships across town, I decide definitively where I’ll buy that car from and if I need to finance any portion of the vehicle - only then will I divulge my SSN. And even still, I’m pretty reluctant to give my SSN out.
Your Digital Footprint (The Discipline)
8- Consider locking your credit
If you’re someone who isn’t likely to need a new line of credit anytime soon, locking your credit is a great idea. By locking your credit, you are essentially eliminating the opportunity for some unknown individual to open a new line of credit in your name (without your knowledge or blessing).
After the Experian breach, I took to locking my credit for 3 main reasons:
It’s a great way to get ahead of a financial sinkhole. While locking your credit alone won’t completely prevent your financial information from being compromised, it’s a great way to prevent you from ending up with a mountain of debt and unknown financial ruin.
9- Save a little for the imagination on the social media profile(s)
You know all those “security questions” that your financial institutions make you answer when setting up accounts these days… Mother’s maiden name - Best friend in high school - Street you grew up on, etc.
Well, if you’re one of the types who don’t mind sharing anything and everything via your social media profiles, the security question piece will be one part of the puzzle your neighborhood friendly hacker won’t have to work too hard for. So leave a little for the imagination and try to dial back the information shared via social.
10- Be cynical about incoming email
It’s not just a rogue link you shouldn’t click or an attachment that is better left unopened - both from some strange and unknown email address. No. These day’s there are emails coming from senders that appear to be familiar or at least someone who may reasonably send you an email once in a while. For those seemingly familiar senders, you may click a link or open an attachment without a second thought.
However, hackers have the ability to impersonate or “spoof” an email address to show the recipient that an email is coming from a fake origin (e.g. your local bank, alma mater, or a buddy you haven’t heard from in a while).
A great way to get around this issue is to either call the person to verify the email is legitimate or, rather than clicking on the link, retyping the link into your web browser. This way, you ensure the link will take you to the location you intend it to.
11- Regularly monitor your accounts and credit report
This practice has become part of my morning ritual for the last few years. I’ll wake up, check our accounts to verify there are no charges I don’t recognize, use the free credit report checker that my lender has, and then go on about my day.
If there is a transaction I don’t recognize or an issue that comes up, I’ll investigate, get it resolved, then head out for my morning workout.
It’s a quick 3 minutes to give our finances a general checkup, and I don’t know about you but I prefer to have the peace of mind rather than to find out something went wrong last month when I finally get the statement in my inbox.
What about you? Are there regular tactics you use to safeguard your financial information that I didn’t list or do you use some of the tactics I’ve mentioned here? Let us know in the comments below and we’ll keep the discussion moving!
I love Batman. I always have. I think it's mostly because he's a super hero without super powers. Thus he has to rely on skill, cunning, training, and determination to get by. Oh yeah, and gadgets that are only affordable for a billionaire. Good thing he's loaded. ;-)
As such, one of my all-time favorite video games is Batman: Arkham Asylum. It came out a few years ago and was widely hailed as one of the best super hero video games ever. I resisted buying it for some time (not wanting to be disappointed), but eventually gave in and had a blast playing it. So much so that I KNEW I was going to buy the sequel.
You may have heard that the sequel is now out. Batman: Arkham City came out a week or so ago, but I wanted one of the "extras" that came with pre-buying the game. After looking over all the options, I decided that the "play as Robin" was the one I liked best. This meant I needed to pre-buy the game at Best Buy since they were the only ones that had the Robin feature.
I first stopped by my grocery store and purchased a Best Buy gift card so I could get 6% in cash back rewards on my purchase. Then I went to the store, ordered the pre-buy, and put down a $5 deposit. A few days later (after the release date) I went into the store to pick it up at Best Buy's "store pick-up" counter.
The young lady that waited on me asked for my receipt and I presented it. Then she asked to see my driver's license. I assumed that she wanted to verify that I was the person that had purchased the pre-buy (though my receipt would seem like good enough verification), so I showed it to her. She then started entering my driver's license number into her register. The conversation then went like this:
Me: "What are you doing?"
Her: No response.
Me: "Are you putting my driver's license number into your system?"
Her: "Yes."
Me (tone starts to become agitated): "I don't want you to do that. Why are you doing that?"
Her: "It's a federal law."
Me (now really agitated and a bit louder, said in a sarcastic manner): "A federal law? Really? It's a federal law that you need to record my driver's license number to buy a video game?"
Her (backing off the "federal" part): "It's a law."
Me (still agitated and sarcastic, though less loud): "A law? It's a law that you need to record my driver's license number to buy a video game?"
Her (getting to the truth): "It's Best Buy policy."
At this point I asked her why, she said that's the way they handled all their pre-buys, and that was it. I wasn't really interested in getting the details and the damage was already done -- they had my driver's license number in what I'm guessing is a less-than-secure system. Ugh. (FYI, they may say it's secure, but is anything really secure completely? And can their sales people access the info? And you're telling me there's no other way to track/verify/etc. pre-buys?)
Here's the deal: I don't like my Social Security number, driver's license number, or any other sensitive, personal information in some company's "system" -- especially when there seems to be no valid reason for it. And if I had known about this in advance at least I would have been able to make the choice whether or not it was worth it. But they simply sprang it on me, took the info, and that was that. Terrible customer service and a bad policy IMO.
So for those of you who may be thinking of pre-buying something some day at Best Buy, you now know that they'll demand your driver's license number at pick-up. You can make the decision for yourself whether or not you're up for this. As for me, I give Best Buy a big thumbs down for both the fact that they even require this information as well as for how they handle it (keeping it secret and then demanding it when you come for pick-up.)
Then again maybe it's no big deal and I'm just an old fuddy-duddy. What's your take on the situation?
Last Thursday I got a call at work from FIA Services, the owners of the once-named Schwab 2% card (which I currently use as my "all other" card when I can't get a higher cash back rebate somewhere else.) It was from their fraud department. They had noticed some unusual charges and wanted to know if they were legitimate. (BTW, I knew he was legit from the information he had. In addition, I never gave him any personal info and he, in fact, was careful giving me any too. We simply discussed charges.)
I had received a couple calls like this in the past few years, but each time they were instigated by some unusual charging activity on my end (lots of charges in one day, high amounts of charging in one day, charges away from home, etc.) This time was different.
It appeared that three charges were suspicious and these are what drew FIA's attention to the card. After talking to the fraud investigator, I could account for all the charges but these three. That said, I didn't know what my wife had charged that day, so we needed to talk to her. He tried to call her with me on the line, but she was not home. I agreed to talk to her that evening and call them back.
When I got home, we talked and confirmed that the three charges were not ours. They were as follows:
I called the credit card company and they said charges like this are very common when the number has been stolen. Thieves try small test charges to see if the card is valid. Once they confirm it is, they then make as many big purchases as possible as quickly as possible. Looks like our thief was planning a trip.
The guy walked me through the next steps. I would be seeing both charges and credits for those charges on my statement. I'd also be getting a form in 7 to 10 days. I'd need to sign it and confirm that the charges weren't mine. And, of course, the cards would be cancelled and new cards issued.
I had four auto-pays set up on the card and asked if they would transfer to the new one. They wouldn't. Ugh. So I need to go through the pain of contacting the companies and giving them the new card numbers. Just something to think of for those of you who have multiple auto-pays -- be sure you have a list of who you have them with, how to contact them, your passwords, etc. handy in case you need to change them for something like this.
Next it was time for the clean up and to make a security check of our finances.
The next day I scanned all our computers (home and work) just to be sure our computers were secure. I also grabbed our credit reports (one for me and one for my wife) from AnnualCreditReport.com. I had been meaning to review our credit reports anyway so this gave me good reason to. I'll be pulling one of the free reports every four months now will keep a close eye on them. It's probably simply a stolen credit card and not ID theft, but I want to be sure and take no chances.
I also checked my online bank and investment accounts. It was highly unlikely that any of these were compromised, but it's better safe than sorry. They all appeared to be fine (BTW, I check each of these accounts at least once a week anyway, so I'm fairly on top of their status.)
This is the first time I've ever had a credit card number stolen (FYI, we had our cards, so it was simply the number that was stolen, not the physical card) -- and I've been using cards for almost 30 years now. My boss says he's had it happen three or four times in his career.
How about you -- have you ever had a credit card number stolen? What did you do? Or do you have any advice for me on what else I should do to be sure everything is safe and secure?
My post on How to Protect Yourself if You Use a Debit Card generated this comment that I thought was worth sharing with all of you:
I work in credit card fraud monitoring and I can share some tips for keeping your debit card safe. Fraud on a credit card is an inconvenience - we shut down the card and file on claim on the charges and you never have to pay on those charges at all. Fraud on a debit card can be devastating as the funds can take a while to get returned to your account and sometimes you have to go through more steps to prove that the charges aren't yours. Now that I know what I know about how card fraud can happen, I:
1. Never use my debit card at a gas pump. Setting aside the fact that some gas stations can put a hold of up to $100 or more on your account while the transaction is pending, gas pumps are one of the easiest and most popular places to place skimming devices that are used to read your card info and make a counterfeit card.
2. Never use the card in a transaction where the card leaves my hand/sight. If they have to run it in the back, they get my credit card not my debit card.
3. Never use the card to hold a tab open or as any sort of collateral (ie. they keep your card until you return the darts or pool cues at bar).
4. Never use my debit card at a stand alone ATM. If it looks like someone brought the machine in on a truck and dropped it off there, the risk is that they may have. If the ATM isn't built in and sponsored by my bank or another well known bank, I don't use it.
5. Don't use my card with small independent vendors. I am happy to shop at the local farmers market and support my community farmers but I won't use my debit card there. I don't think they are going to try and steal my money but they don't have the security resources that bigger merchants have and that puts my account at risk. Plus it saves them money if I just pay cash as they don't have to pay transaction fees.
6. Always pay attention to how the credit card machine looks. If it seems to be falling apart or held together with tape or looks tampered with or damaged in any way, I won't use my debit card there.
7. Always cover my hands when I enter the pin number. You know those pin head size cameras they always have on tv shows? They really exist. No one gets to see my pin number but me. It should also go without saying that putting your pin # on a piece of paper and taping it to your card is a really bad idea. If you absolutely have to write it down (not recommended), make sure it is locked up safe at home somewhere and not tucked in your wallet or purse. You would be shocked at how fast a thief can empty your bank account when they don't even have to bother guessing your pin number.Merchants and banks take your security very importantly because it affects their bottom line as well. They want to keep your information safe and most do a great job. But it never hurts to help them on that front by using the card wisely and being vigilant about your own security.
Sounds like a decent set of safety measures to me. What do you think?
Yahoo lists ten things not to keep in your wallet or purse as follows:
Here's what we do (between my wife and me):
I think if you carry what's needed to get you along -- cash, credit cards, etc. -- and don't take along the obvious (Social Security card, passport, etc.) then you'll be fine in most cases.
What's your take on the list?
MSN Money lists the best and worst credit card issuers based on how much financial protection they offer and how well they help against potential fraud. Their list:
Best (score out of a possible 100)
1. Bank of America (87)
2. Discover (74)
3. U.S. Bank (73)
4. USAA (69)
5. Capital One (68)
Worst
1. State Farm (43)
2. Associated Bank (46)
3. SunTrust (47)
4. Cabela's WFB (48)
5. RBS (49)
Interestingly enough, I don't have cards from any companies on this list -- good or bad. But if I had one on the "bad" list, I think I'd re-consider having/using it. Yeah, there's a $50 limit on the financial damage someone can do if they steal your card, but if they somehow get into the company's system and get your personal information, a lot more damage can be done.
By the way, I didn't even know State Farm issued credit cards...
Any of you have cards issued by any of these companies?
We've already covered why I like credit cards more than debit cards and one of the reasons is financial security. But now that I joined a credit union to get a high-interest checking account, I HAVE to use a debit card for 10 transactions per month. So I'm looking for the safest way to use a debit card -- and Clark Howard happened to recently share his thoughts on how to protect yourself if you use a debit card. The details:
If you are someone who would be financially devastated if your bank account were emptied, I suggest you open a second account and tie your debit card to it. Then fund the second account only with money that's used for debit card activity, so your principal account won't be at risk in the event of a breach. That's the best way I know to protect yourself.
To me, this plan:
So my questions to you debit card users are as follows:
Here's a scary piece from Yahoo titled Secrets of a Former Credit Card Thief. I'll share some highlights from this interview with a convicted credit card and ID thief/expert. Let's start with this one:
I always recommend against [debit cards]. With debit cards, it's your real money in your bank account you're playing with. So if someone gets your debit card information and uses it, your cash is gone until you fill out a lot of paperwork and persuade the bank to give it back to you. Credit cards are much better at protecting you against fraud. And if you're worried about debt, you can always pay them off every month.
Another reason (in addition to the rewards) to use credit cards over debit cards. It's bad enough for a thief to have access to your credit (where you're protected to a $50 hit at most) -- just imagine if he could tap into your checking account. I bet the bank will give you a huge run-around to try and get your money back.
You've probably heard this before, but the most important thing really is to watch your accounts. And I don't mean just checking your statement once a month. If you're only checking your statement once a month, someone can start using your card at the beginning of the billing cycle, and they can do a lot of damage before you catch it. You're talking thousands of dollars, and it will be a lot harder to catch them and dispute it. I use Mint.com, which is a free aggregation service that allows you to put all your accounts on there and monitor everything at once. I check that every day. It's also a good idea to check your credit report at least twice a year to make sure no one has stolen your identity.
I need to be more vigilant about this. I check my accounts probably once a month and our credit reports once a year.
A more recent issue is the free wireless offered all over the place. If you're using an open Wi-Fi connection, you should pretty much have the expectation that there is no security.
Starbucks? Panera? And on and on...
All financial services companies have two-factor authentication. So you typically have to put in a password plus something else. A lot of banks use questions, but that can actually give you a false sense of security because you can find out a lot of information about people online. So maybe this is extreme, but for those questions, I make up stuff. I don't put in my real information. For example, a common question is: "What city were you married in?" Well, I'm not married, but I'll answer that question so there's no way anyone could possibly know the answer. I try to make sure at least one of the questions has a made-up answer.
I found the "fake answer" thing suggestion interesting. Then again, how do you remember all the fake answers you give around various websites?
ATM skimming is the big thing right now because it's cash, and cash is king. Basically, that's where someone puts a card reader on the ATM machine, captures your PIN, then goes and drains your bank account. The skimmer device goes over the card slot, and it's designed to look like part of the ATM. Some of the equipment now is very good and it's hard to tell the difference between that and a real machine. So what you need to do is try to use the same ATM every time, and watch out for anything on the machine that looks out of the ordinary, especially something stuck on the front where you put your card in. Generally, I like to use ATM machines at banks rather than convenience stores or a bar or club. There have been incidents where thieves installed their own ATM machines in places with skimmers inside them. That's much less likely to happen at a bank.
"Thieves installed their own ATM machines in places with skimmers inside them?" Really? The creativity of these criminals is simply amazing (in a bad way.) What's next, will they be opening their own banks?
Personally, I haven't used an ATM in years. We used to go to the bank to get cash, but now that our soccer referee jobs pay in cash, we never need to visit the bank. In addition, we have a lot of $1 gold coins too.
The biggest thing [the banks] could do is get away from using magnetic stripes. They aren't that secure and anyone can get a magnetic stripe reader (a skimmer) for $5 to $10. The smart chips that are widely used in Europe and internationally are much more secure and harder to hack. They offer near 100 percent protection against fraud, at least from a skimming point of view, and they also require a PIN. But the credit card companies have done the math. They think people will use their credit cards less often if they had to put in a PIN. It might eliminate a lot of the fraud, but there would be less card use and they would end up losing money. So they're actually doing just the opposite, moving to a system where you can just have your credit card in your pocket -- you don't even have to swipe it to use it. The problem is, that's very unsecure. Anyone with equipment can sit out in their car and pick that up.
I saw a video where a guy was walking up and swiping card info from people's cards that were INSIDE THEIR POCKETS. The cards had frequency chips that allowed him to simply brush by the person and get the data. Scary.
A few other tips:
Ugh. If it's not one thing, it's another...
If it isn't bad enough that we all have to protect ourselves from problems related to identity theft, now we also have to watch out for the data on our kids. Kiplinger suggests how to protect your kids from ID theft as follows:
Great. Now I have to check credit reports on myself, my wife, AND my kids. Ugh.
Kiplinger also lists some signs that your child's ID has been stolen as follows:
Yikes! That last one sounds particularly dangerous. If your child's medical records get messed up, it could be a matter of life and death (if the doctor makes a false move based on inaccurate information.)
Fortunately, I haven't had any of these happen, so I'm assuming that my kids' identities are safe. But I think it's also likely that a stolen ID on a child can be well below the radar for YEARS because no one is really monitoring their information.
Anyone had any experience with this (having a child's ID compromised)? Any words of advice for the rest of us?
Here's a piece from Yahoo that focuses on what your office photocopier may know about you. The short version is that many copiers store copies of documents in their memories and these documents can be accessed by a whole host of people (office personnel, repairmen, subsequent owners of the machine, thieves looking for such information when the copier is thrown away, etc.). The highlights:
Did you know that most office photocopiers are built to save digital images of documents? It's true.
When CBS News recently purchased some used photocopiers that were destined for new customers, their computer technician was able to easily retrieve thousands of pages of sensitive documents from their hard drives: perfect images of personal medical records, pay stubs, and tax forms -- even the blueprint of a building near Ground Zero and reports of sex and drug crimes from the Buffalo, N.Y., police department. There were home addresses, social security numbers, and medical histories aplenty.
The data isn't particularly easy to view and sort, but a thief who knows what he's looking for can download free software from the Internet that can be used to mine this treasure trove of personal data.
The article goes on to highlight:
So, what can you do?
The article suggests asking the copier administrator how the machine is set up before you use it. Yeah, like he's standing right there waiting for questions about copier security. Ha!
Personally, we use a combination printer/copier at home to make sensitive copies. Yes, the documents are probably stored on it as well, but at least we have some control over them.
We NEVER have sensitive documents copied at Kinkos, Staples, etc. because you never know where that information is going. One main problem I see over and over: people copying their tax returns at public places like these every year. Yikes!!!!
Let's face it, there's really nothing we can do to make our information completely safe in the technology age we live in. But by being a bit prudent, we can certainly do all we can to protect our vital personal information from identity thieves.
The following is a guest post from Kris, a freelancer who writes about money management tips for Credit Card Compare.
Security threats to your online shopping experience continue to grow and change as technology, and the predators that thrive on unwitting or unsuspecting consumers, continue to evolve. As e-commerce becomes an increasingly large part of our lives, we look to a number of resources and methods to help keep us safe while doing our online shopping. To decrease the chance that your personal information might fall into the wrong hands, consider the following tips that could help you increase security during your online browsing.
1. Look for security features and information When shopping online, search a website for information regarding what they do to protect your personal and financial information. You might want to check out their privacy policy, as well as their payment information page before buying anything, just to find out what information is required as well as how it is protected. Before you enter your credit card details, always check that the checkout is secure: look out for a padlock on the browser and https in the address (the 's' signifies a secure server).
2. Links Clicking on links is probably the easiest way to be led astray during your internet shopping. When online shopping, it only takes one or two misguided clicks to land you on a site that could prove dangerous. Make sure you understand what you are clicking on and keep an eye on the domain name on your web browser to ensure you are still on a trusted site.
3. User agreements Yeah, yeah, I know. Who has time to read all that legal mumbo jumbo, right? Well, when it comes to your personal and financial security when shopping or signing up for membership on a website, just as with any paper contract, it's important to know what you're signing. How sites will use your personal and financial information, restrictions, fees, user rights, and a slew of other important information is contained within those paragraphs. If nothing else, scan the subheadings for pertinent details about fees, charges, and security.
4. Advertisements If a site you are shopping on is jammed full with advertisements and pop-ups, you might want to be cautious, as this can be a warning signal that the site is more reliant on advertising revenue than actual product sales. Linked advertisements can lead you to insecure websites designed to capture your personal and financial information.
5. PayPal While most online stores have secure payment checkouts to keep your financial information safe, using PayPal can be a great way to get around having to float your information out into cyberspace. Unfortunately, not all online shopping sites accept this form of payment yet, so until then we are still forced to use credit cards at times.
6. Trusted sites & user reviews Attempting to shop on sites you're familiar with and have used before, can help you avoid scams, viruses, and other pitfalls. If you've used a particular site before and haven't had problems, it doesn't mean you won't eventually, but chances are probably better than on a site with which you are unfamiliar. If unsure, read unbiased reviews (not on selected by the site itself) by other users to see whether they've encounter issues with the site or not.
7. Virus scans & security software I run a virus scan on my computer each evening when before I go to bed. It makes me feel better about what might be lurking in the depths of my computer. Security software can also allow you to create and utilize features such as firewalls and parental controls, monitor you computer's security status, and check websites to determine whether they are trusted sites or not.
8. Shop after scanning Doing your shopping right after running your virus scan can provide some peace of mind as to whether you have any harmful spyware or viruses at work on your computer. Detecting such potentially harmful items on you computer early can decrease the threat to your security while shopping online.
9. Browse before you buy When shopping, take your time, look at various sites, and check for better deals before you commit when doing your online shopping. Not everyone or everything on the internet set to threaten your security is illegal. Your financial security is important, but if you're willing to pay $5000 for a television that's only worth $500, I'm sure someone on the internet would be willing to take the offer -- and that wouldn't be their fault, it would be yours.
10. Common sense If something doesn't seem right to you about a website, don't hesitate to investigate further. Conduct your due diligence. Remember, no one is there to hold your hand when you're internet shopping. Ensuring you and your personal and financial information remains safe, is up to you.
The following is a guest post from Marotta Wealth Management. It has some Virginia-focused info near the end, but the general suggestions still hold true for us all.
In my first job teaching computer science, someone stole my wallet off my desk during my office hours. Although I canceled all my credit cards, the thief used them around town, buying everything from clothes to tobacco. In those days cards were run manually on paper, and there was usually no instant electronic verification.
Identity theft is becoming distressingly common as personal information becomes easier to swipe. Internet sites all ask the same security verification questions. One site could easily collect your information and then try using it on others. For example, a student filled out a credit card application outside a university football game with the promised bonus of a free T-shirt. The perpetrators used all his information on a real credit card application but changed the mailing address. By the time the student realized his identity had been stolen, creditors were hounding him for hundreds of dollars of charges.
Having your identity stolen costs an average of $40 and 10 hours defending your name and cleaning up the mess. It happens to about 0.8% of the U.S. population each year. Even if your time is worth $100 an hour, the average loss to you is only about $8 annually. So clearly it's not the monetary cost that bothers people. What's really worrisome is the potential vulnerability and personal violation they feel. Fortunately, there is a simple and easy way to acquire a full credit lockdown so no one can initiate changes to your credit without your permission.
Your credit information is stored at three main credit bureaus: Experian, Trans Union and Equifax. At the end of 2003, Congress passed legislation that requires these bureaus to allow you to put a fraud alert on their credit reports. The alert only lasts 90 days, but during that time lenders have to verify your identity before they can issue a credit card in your name.
Since then, several companies have used this law to offer a renewal of the fraud alert every 90 days on your behalf. LifeLock is the best known among these services. The company went so far as publishing its CEO's Social Security number and daring people to try and steal his identity.
LifeLock's one-stop service initiates a fraud alert with all three bureaus and renews and monitors your credit status for $10 a month. As a result, you receive less junk mail and sleep better at night. They will pay up to $1 million in losses due to stolen credit.
This service angered the credit bureaus. They make most of their money by selling credit information about you to lenders. If the lenders actually have to verify the information, it becomes too expensive for them to act on. The data for LifeLock customers wasn't worth the cost required to verify it, damaging the bottom line for the credit bureaus.
In retaliation, the credit bureaus accused LifeLock of deceptive marketing practices. Experian sued in California court claiming that the 2003 law only permits individuals to put an alert on their credit. They claimed that LifeLock posed as individuals and put alerts on an account even when no suspicion of identity theft existed, costing Experian millions of dollars to process the requests.
In a decision last month, a California judge found LifeLock's practice illegal. Only family members, guardians or an attorney can make the request on behalf of an individual. Fraud alerts ought to be standard and permanent for everyone.
The decision is surprising, and the case seems disingenuous for the credit bureaus. They have turned free credit report legislation into a multimillion-dollar industry through their own deception and fear mongering.
Although LifeLock's service was convenient, you can still duplicate their services by placing a credit security freeze on your own credit record. A credit freeze does everything a fraud alert does and more. First, it is permanent, not just for 90 days. Second, it prevents lenders from seeing your credit report unless you specifically grant them access. This strategy prevents identity thieves from getting new credit in your name even if they have every bit of your personal information.
If you do apply for additional credit, you will have to remove the freeze temporarily or give the specific party who wants to access your information your personal identification number (PIN).
If you plan on applying for additional credit cards or getting a new cell phone provider or cable package, a credit freeze may not be advisable. And those promotions linked to new credit card applications will no longer flood your mailbox. But these deals are never a way to build real wealth. Get the few credit cards you need, and don't let any promotional offers suck you in.
For Virginia residents to initiate a security freeze, each credit bureau charges a onetime $10 fee. If you have already been the victim of identity theft, the charge is waived. However, some states do not permit credit agencies to charge its customers for placing a security freeze. We recommend a credit freeze for anyone who has already established the credit they need. A freeze both reduces the frenzied marketing of additional credit opportunities and the potential harm of compromised personal information.
After a few minutes of effort and $30 in payments, your credit should be locked for life. Here is how to accomplish securing your credit at each bureau:
At Experian (888-397-3742), go to http://www.experian.com/consumer/security_freeze.html.
At Trans Union (888-909-8872), go to https://annualcreditreport.transunion.com/fa/securityFreeze/landing to start the process.
At Equifax (1-888-766-0008), you can put a lock on your credit by visiting https://www.freeze.equifax.com.
The process is not standardized across the three credit bureaus. Each uses a different methodology. But with a little effort, your credit will be safe and secure.
Each bureau will give you a PIN. They are likely to be all different. Don't lose these. Trying to get a security freeze lifted when you have forgotten the PIN necessary to change your credit security is a catch-22 you don't want to experience.
Here's a guest post from IdentityTruth.
With Black Friday and Cyber Monday fast approaching, consumers are entering into the most active spending period of the year. Reinforced by the soft economy, this is "high season" for identity theft with identity thieves seeking to take advantage of shoppers. Identity theft generally rises during the holidays because thieves assume that consumers aren't paying attention to their credit card purchases, debit card purchases, receipts etc. as closely.
IdentityTruth, the leading provider of a new breed of services to help consumers safeguard their privacy and identity, is offering basic tips to help consumers avoid putting their identity at risk during the 2008 holiday season. In addition to watching budgets this season, consumers also need to be vigilant in the face of possible identity theft.
Use credit cards instead of debit cards: Under the Fair Credit Billing Act, Credit Cards provide consumers protection again fraudulent charges and your liability is limited to $50. You also have the right to dispute charges and withhold payment during investigation. However, debit cards are entirely different. Although they market themselves to deliver the same protection, they are not required to by any law. Bottom line, your liability for fraudulent charges is the entire amount in your checking account as well as the credit line you have been authorized to receive.
Use a single credit card to consolidate your purchasing: The more credit cards open in your name, the greater the risk that a thief will obtain the account information for one (never mind that having numerous cards with big lines of credit can be a bad temptation and can actually drag down your credit score--even if you don't have balances). It's also easier to monitor a single statement for signs of fraud, and you won't incur the annual fees associated with having multiple cards. Make sure to cross-check all your receipts against your statements to see that they match.
Be sure to write "SEE ID" on the back of credit cards: This simple step can help to foil thieves if the card is lost or stolen, and might even help to catch the thief if your card is taken.
Shop on secure sites and be wary!: While the majority of identity fraud occurs offline, identity theft is also a problem online. You must exercise caution when shopping on the web. Stick to sites that you know are legitimate, and if you are trying a new site for the first time, here are a few things to look for: the URL should have "https" in the shopping cart; there should be a lock icon on the bottom right hand side of the window and look for icons that indicate site safety (the Better Business Bureau, VeriSign and Hacker Safe icons).
Watch out for "phishing" and "vishing" scams: These scams can be a real problem, as identity thieves try to play on people's generosity during the holiday season. Phishing emails often take the forms of requests purporting to be from a bank or credit card company; they ask you to "verify" account information such as login and password or they request a donation or assistance for the less fortunate during the holidays. Vishing scams--which involve fraudulent calls—seek to exploit consumer concerns over fraud by seeming to offer fraud prevention assistance. The bottom line: no legitimate vendor will ask for your login and password via email or on the phone.
Be careful when using ATMs: Only use ATMs with monitoring cameras, such as those in bank lobbies. Avoid kiosk ATMs, those freestanding units often do not have cameras and are statistically more likely to be infected by skimmers (electronic devices that allow thieves to record account and PIN numbers). "Shoulder Surfing" can also be a problem at a crowded mall. While you assume that the man behind you is uncomfortably close because of mall crowding, he may actually be looking over your shoulder trying to get your login.
Place fraud alerts to prevent new credit card accounts from being opened: Free fraud alerts placed on your credit report are good for 90 days (if you can demonstrate that you've been an identity theft victim, they can be set for 7 years) and, in combination with other proactive measures, can be used to help to prevent identity theft.
Here's a comment someone recently left on my post (over a year old now) titled Mvelopes Backs Up Its Product:
Just wondering about the security of Mvelopes. It asks for ALL financial institutions plus password, which obviously, I understand they need to make this work. But, concerned that my information might get into the wrong hands.
I've had many people leave positive comments about Mvelopes (including Quicken users) but this comment brings up a good point -- is your online data truly safe?
If you ask any service like Mvelopes, they'll assure you that your data is 100% safe and can't be stolen. But isn't that what all the banks, credit card companies, retailers, and the like tell us? And how often do we hear of another million names/data stolen? Almost daily, isn't it?
Personally, I don't use online services for just this reason -- too much vital information in one spot is just too risky for me.
How about you? Are you fine with having vital financial information online? Anyone ever been a victim when one of these sorts of services has been hacked or compromised in some sort?
The Simple Dollar just posted three tips on what to do if you lose your wallet as follows:
Tip #1: You can take preventative action right now to make the loss of a wallet easier. Just clean out your wallet down to the bare minimum, then photocopy or scan both sides of everything in your wallet. This will help you to easily remember everything that was misplaced and easily deal with the consequences of card cancellation and replacement.
Tip #2: Carry minimal identification in your wallet as a preventative measure. Try to avoid having your Social Security number in there if at all possible, as that will make identity theft much easier if you were to lose it. You’ll probably have a driver’s license in there, but make sure that it doesn’t include your SSN and has only minimal identifying information on it.
Tip #3: Keep your wallet clean. The “Costanza wallet,” overstuffed with receipts and notes and junk, is a personal security concern. Get rid of all of the junk you don’t use regularly - your wallet is not your briefcase.
I follow these rules except for the photocopying (which I need to do.) Here's what's in my "wallet" (which is really a money clip with a slot to hold four credit-card-size cards):
That's it. So if I ever lost it, there would be a minimum amount of damage.
My wife's purse is another matter completely. I think there are things from the '70s in there (I'm afraid to look), so who knows what we'd lose. I need to ask her to clean it out for safety's sake.
Imagine that your laptop computer is stolen. Think it has anything of use on it to identity thieves? Yeah, probably -- like EVERYTHING!!!!! So, what should you do if your computer is taken? Here's what Yahoo suggests:
I don't have a home laptop, but I have a work one. I take it with me when I travel, and while I'm not a freak about it, I do keep it close at all times while traveling from one place to another. If it was ever stolen, my goose would be cooked!
For more thoughts on identity theft, see these links:
Here are some handy tips on how to protect yourself from identity theft from USA Today:
Here's how we handle each of these:
1. I do monitor our bank account via the web, but not our credit cards. On the cards, I reconcile them through Quicken every month to make sure what we think we have spent matches what the credit card company says we've spent.
2. We shred like fiends, only put mail in our box the day of delivery (never overnight), and we pick up our mail with an hour or two of delivery. We have a fairly active street, so it's not like someone could easily take mail without anyone noticing. That said, we may need to be a bit more aggressive in this area.
3. I carry two credit cards, my driver's license, my Costco card, and some cash. That's it.
4. What? You mean a pin of "1234" isn't good enough? ;-)
5. I get one free credit report a year. I should do at least two.
Here are some thoughts on taxes/ID security courtesy of ARA Content:
Most Americans view their tax return as a document that represents all things financial to them -- containing both personal and financial information for all household members. As the Internal Revenue Service (IRS) attempts to motivate Americans to electronically file their tax returns, the future can seem a little scary for the millions of taxpayers who have continued to prepare their tax returns manually. Of those taxpayers who have decided to take the plunge and use Web-based tax preparation software this year, many wonder, “How secure are my tax records?”
There are several things you should know to help keep your information safe as it relates to using a computer to prepare and e-file a tax return.
1. Update your computer’s virus protection software -- install patches for its operating system and software programs to defend against intruders, viruses and spyware that can compromise files and passwords. While doing this, you may even want to consider scheduling automatic virus scan updates.
2. Only store financial information on your computer that is necessary; and, protect access to your programs by using something called a “strong” password -- a combination of letters and numbers (upper and lower case) to ward off possible identity thieves. A good way to create a strong password is to come up with a memorable phrase. For example, “I ward off danger, by practicing safety first, becomes 1W0DBPSf.
3. Never use an automatic login feature to populate user name and password fields -- features such as these help thieves gain access to your personal information.
4. Use a firewall program if you use a high-speed Internet connection like cable, DSL or T-1 that leaves your computer connected to the Internet 24 hours a day. Without it, hackers can take over your computer, access the personal information stored on it, or use it for other fraudulent purposes.
5. Never open files, click on hyperlinks or download programs from people or companies you don’t know. Also, be aware that some popular file-sharing programs can make your computer vulnerable -- enabling others the ability to capture passwords and other information you type from your keyboard.
6. Prior to sharing information or making a purchase, look for indicators that the site is secure. For example, at the bottom of the data entry screen, check to make sure a lock icon appears on the browser’s status bar (usually located at the lower right-hand portion of your screen) or the URL for a Web site is displayed as “https:” (the “s” stands for secure).
7. Always type the URL of the Web site you want to visit into your browser -- don’t click on links that are sent to you. Another precaution is to click a site’s VeriSign Seal. By following these two guidelines, you can be confident you are trafficking an authentic site -- not the work of some imposter trying to deceive you into divulging your confidential passwords or other information.
Stephanie Behrends, spokesperson for 2nd Story Software, Inc., makers of the popular TaxACT tax preparation software and Web-based services advises, “Before you share any information or make a purchase online, take time to read that company’s privacy and safeguard policies. A Web site should answer questions regarding: security, how information collected will be used and maintained, if information will be shared with third parties, as well as who controls and has access to information collected by the site. If you find a site’s policies to be confusing or it fails to specify information upfront, follow-up is necessary or consider doing business online elsewhere.”
The IRS warns taxpayers to be on the lookout for fraudsters who use the agency’s name to further their schemes. If you receive an e-mail that appears to have been sent by the IRS, think again. The IRS does not ask people for PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts -- by phone or e-mail. The bottom line: The IRS does not solicit this information -- don’t share it!
So, what should you do if you suspect your identity has been stolen? Visit the Federal Trade Commission’s Web site for detailed instructions about how to handle the aftermath of identity theft.
Here are some tips for keeping your ID safe during tax season courtesy of ARA Content:
Each year consumers spend many hours preparing taxes hoping they don’t owe the government money. But what many fail to realize is that the government isn’t the only one who may collect their hard earned cash -- so may identity thieves.
In a time where one man’s trash is another man’s treasure, it’s important to ensure that the multitude of documents used to prepare taxes are appropriately stored or destroyed. In 2005, consumers lost nearly $57 billion to criminals who stole their identities. Although this statistic is alarming, there are ways to protect yourself from the crime, especially during tax season.
While it may appear easier to file everything, paper trails are still an identity thief’s dream. Recent research conducted by Fellowes, Inc., the leading shredder manufacturer; shows nearly 40 percent of Americans believe identity theft is most likely to occur through online exchanges. In reality, Internet fraud represents only nine percent of the crime. The majority of identity theft crimes occur through paper documents and stolen information, making it crucial to properly store or destroy the sensitive documents used during tax season.
“Tax season can leave consumers with mountains of paperwork, which makes them more vulnerable to identity theft," says Kristen Gehrig, director, global marketing for Fellowes, Inc. “Shredding is one of the easiest ways to ensure your information doesn’t end up in the wrong hands, but you also need to be conscious about what documents are important to keep.”
Simply knowing what needs to be filed or shredded will quickly alleviate potential problems.
For documents you need to keep, consider storing them in a safe and accessible place, such as a fireproof box that is well hidden in your home. When destroying records, it’s best to use a shredder that can slice credit cards and CDs and has confetti-cut capabilities, such as the Fellowes PS-77Cs. Confetti-cut shredders ensure that private information is reduced to small, unidentifiable pieces, making it nearly impossible for a would-be identity thief to piece the information back together.
As shredders become a necessary household product, it’s important to choose a shredder that not only protects your family’s identity, but also its safety. The Fellowes PS-77Cs alleviates shredder safety concerns with its SafeSense technology, which shuts down the shredder when it senses that hands are too close to the paper opening.
Additionally, a few more protective measures against identity theft should be taken during tax season. If you’re filing your tax returns over the Internet, make sure your computer has updated anti-virus, anti-spyware and firewall software. It is also imperative to shred all paperwork used to calculate taxes such as receipts, bank records and various forms. Finally, pay particular attention to W-2 or 1099 forms because they contain your Social Security number, which is a would-be thief’s dream. A missing form may leave you vulnerable to the crime.
For additional identity theft prevention tips and information on how long to keep financial records, visit www.IDconfidence.org or check with your tax professional.
Here's some advice courtesy of ARA Content on how to protect your identity:
The Information Age has produced extensive benefits for society. We can now shop online for everything from groceries to insurance policies. Students can instantly access a wealth of information that used to take weeks to find in the library, and banking is easier than ever. Unfortunately, criminals continue to find new ways to leverage technology, such as hacking into online databases and phishing in an effort to commit identity theft.
Chances are good that either you or someone you know has fallen victim to what is now the fastest growing crime in America. The Javelin 2006 Identity Fraud Survey Report estimates that 28.3 million, or around 13 percent of adults in the U.S., have been targeted by identity thieves in the last three years.
The National Crime Prevention Council deems the problem so significant that the focus of its Crime Prevention Month this October is “Crime Prevention in the Information Age.” Its Web site www.ncpc.org offers resources addressing identity theft and how to prevent it. You can also find useful educational materials at the Federal Trade Commission Web site, www.ftc.gov, and Equifax’s site at www.equifax.com.
One of the most important steps you can take to prevent identity theft is to protect the valuable data that criminals seek. Here are some suggestions from the resources mentioned above:
You can also take advantage of some high-tech ways to fight identity theft. Consider monitoring your credit file for potentially fraudulent activity by signing up for one of Equifax’s Credit Watch programs. Take steps to detect identity theft early – which helps minimize its impact – for only $4.95 a month to $12.95 a month depending on the features you select. To learn more about the tools Equifax offers to help protect people from identity theft, log on to www.equifax.com.
Here's some advice courtesy of ARA Content on what to do when your personal data is exposed and potentially stolen:
It seems like there’s a new headline every day about another stolen laptop, a hacker attack or a lost data tape. And the impact of these incidents is widespread. One organization estimates that over 91 million data records of U.S. residents have been exposed due to security breaches since February 2005.
You may have received a notification letter, in which an organization alerts you to the fact that your personal information has been exposed. After reading the letter, you may still have some questions about what it means for you and what steps you should take.
Identity theft is the most significant risk you face following a data breach, and the severity of the risk is determined by how the data is stored and what kind of data it is. When stolen data is encrypted – or stored in a scrambled fashion that requires a “key” for someone to unscramble – it is much more difficult for the criminal to access. Identity thieves can use your Social Security number, credit card numbers and bank account numbers to make purchases or to open new credit accounts. Your name, address and date of birth are also valuable pieces of information to criminals.
The safest course of action is to take precautions if you suspect that your personal data is likely to be misused. Studies have shown that acting quickly can minimize the financial impact and time to recover from identity theft. Place a fraud alert on your credit file before the criminal has a chance to apply for credit in your name. It can save you a lot of hassle down the road.
A temporary fraud alert, placed on your credit file for 90 days, lets credit grantors know that you may have been a victim of fraud and that they should take extra steps to verify your identity before extending credit in your name. To place a fraud alert on your credit file, contact one of the three national credit reporting companies:
You will need to provide personal information for authentication purposes. The company you contact will notify the other two credit reporting companies, who will add a fraud alert to their files. Your confirmation will include instructions for requesting a copy of your credit report.
Often organizations provide assistance to their customers or employees who have been impacted by a data breach. In fact, many companies have offered their customers and employees free credit monitoring, which alerts them to key changes in their credit file. For example, the addition of a new credit account or a significant increase in the balance on an existing card might signal that an identity thief has struck. The sooner you contact creditors to alert them to any fraudulent activity, the easier it is to resolve.
When a company offers you free credit monitoring after a data breach, you will be given a promotional code and directions for online enrollment. You will need to provide identification information, including your Social Security number, for authentication purposes. If the free monitoring is provided through Equifax, you will not be asked to enter a credit card number to enroll for the free offer.
If your data has been improperly accessed but you have not been offered free credit monitoring, consider purchasing Equifax Credit Watch Gold with 3-in-1 Monitoring to protect yourself. It provides comprehensive credit file monitoring and automated alerts of key changes to your credit files at all three national credit reporting companies.
Here's a list of six ways to avoid identity theft from financial expert David Bach:
1. Keep your private information private.
2. Get a copy of your credit reports.
3. Find out if your state has a credit freeze law.
4. Check your bank statements weekly.
5. Be computer savvy.
6. Be aware of "deleted" data.
My thoughts on each of these:
1. I guard my private information like it's my life at stake (it is, after all.) I recently had a company ask for a copy of my driver's license for no reasonable reason (at least not one they could give me.) I told them I wasn't giving that out and they said they didn't need it after all.
2. I do this at least once a year -- though I should do it more often.
3. Mine does. I recently had some information "lost" by a company and had a 90-day freeze put on my reports as a precaution. Yes, you can do all you can do and then some stupid company mishandles your information.
4. I reconcile my statements monthly, but also look online regularly to make sure everything's ok.
5. It still amazes me how easily people fall for some of the traps on the web. And it amazes me how sophisticated the crooks are getting.
6. I'm going to face this problem later this year as we're looking to give away an old computer. I want to make 100% sure there's no data left on it. Can anyone say "format c:?" ;-)
Finally, the piece ends with this bit of good advice:
Don't waste a minute once you've discovered suspicious activity -- go directly to the website of the Federal Trade Commission to file a complaint and access their comprehensive guide on the steps you'll need to follow to resolve the situation.
Here's the next item I wanted to cover from Kiplinger's "The Best List". Today, we're highlighting the best way to avoid ID theft:
The Best Way to Avoid ID Theft: Fellowes P-57Cs Shredder
The most popular shredders cut paper into thin strips that a determined thief could reassemble. Your identity will be safer if you choose a "cross cut" shredder, which turns paper into unreadable confetti. Our top pick is the Fellowes P-57Cs, which showed its chops by dicing credit cards and stapled bills without jamming. We also liked the easy-empty wastebasket. And the price is right -- $60 starting this fall at OfficeMax and other retailers.
I shred religiously -- even stuff that probably doesn't need to be shredded (it doesn't hurt to be safe, does it?) To me, it's the first (and a great) defense against ID theft that's simple and not time-consuming. I think protecting my ID is certainly worth the time and effort.
For more on the topic of identity theft, see these posts:
Here's the next item I wanted to cover from Kiplinger's "The Best List". Today, we're highlighting the best place to report ID theft:
The Best Place to Report ID Theft: Federal Trade Commission
The FTC's ID-theft Web site offers step-by-step instructions for reporting identity theft. To keep an eye out for suspicious activity, order a free copy of your credit report from each of the three credit bureaus every year at AnnualCreditReport.com. For updates on security breaches, see the Web sites of the Privacy Rights Clearinghouse and the Identity Theft Resource Center.
I'll save you my usual rant on ID theft and how the government is ignoring this crime -- at least for this post. ;-)
But I would like to second their suggestion to check your credit report regularly to make sure you haven't been taken advantage of. I just did this last month myself (and do so at least once a year -- though I like to do it more often.) With a free credit report from the three credit reporting agencies each year, you can (and should) space them out every four months and keep a revolving check on your credit report status.
Here are two simple suggestions from Kiplinger's on what to do if your identity is stolen:
After writing on this topic for some time (including the useful posts How Long Does It Take to Clear Your Name if Your ID is Stolen? and Identity Theft Not that Big of a Deal (And What to Do If You're a Victim)), it seems like one key to how painful the loss will be for you -- at least one key that you can control -- is the speed at which you contact the appropriate organizations and tell them about the theft. The faster, the better. So once you suspect your identity has been stolen or mis-used, don't delay in acting. The sooner you stop it in its tracks, the sooner (most likely) the thief will move on to an easier mark.
In Identity Theft Not that Big of a Deal (And What to Do If You're a Victim), I highlighted a couple of comments where the posters said it took them only a few hours to clear their names after their identities being stolen. In response, I said:
I guess the learning here is that identity theft doesn't necessarily sentence you to an extended trip to financial purgatory.
Here's how a couple people responded to this thought:
Both my wife and I had out IDs stolen this year (we bought a house in Feb, and figure somewhere along the line our data was stolen/sold). Let me give a plug to Citibank later on, the first card was opened in my name at Sears (whose credit is run by Citi) and the thieves spent $2400. Citi thought that this was unusual, so they red flagged it, and found out that the phone number the thieves put down didn’t match the one on my credit report. They called me to ask if I had opened an account in Phoenix that morning. Living in Oregon, I told them I hadn’t. They closed the account and advised me to call the credit agencies, which I did, and put the fraud alert on my account. Good thing too, I stopped these bastards from opening 3 more cards in my name. This was on a Saturday.
On Sunday, I thought it might be a good idea to put a fraud alert on my wife’s credit report, just in case. Turns out that was a smart thing to do, the thieves opened 2 accounts in my wife’s name (spending close to $5000), but we stopped them from opening 2 more accounts before they gave up using our information.
Now my accolades for Citi, They did a great job in contacting me, on a Saturday nonetheless. But that’s not all, I have had a CitiCard sine 1994, and they have an ID theft department open to any Citibank customer (I never noticed the commercials until after this event, you know the ones with a guy working out, but he’s got the voice of a valley girl). Let me tell you how great this service was. The lady who helped me got all my information about what had happened, called three-way to TransUnion and did all the talking while I listened to her clean up my credit report. While they only work with TU, it was helpful to listen in and learn the things I would say to the other 2 credit agencies. I just can’t say enough good things about Citibank.
All in all, it took a good 15-20 hours to clean up our ID theft, which wasn’t really that bad since we were able to stop the thieves the same day. I would have hated to have received the cards and statements later on and try to fix it from there. Final word: get a CitiCard - no annual fee, good rates, decent rewards programs, and Citi Identity Theft Solutions.
So, another vote for "not that long" to clean up a problem. Seems like one must-do is to contact your banks and the credit agencies quickly. Also a good plug for Citibank credit cards. Sounds like they really do work.
But not so fast. Here's what the next commenter had to say:
Your situation was pretty simple, but the FTC says it takes on average 600 hours to get your life back to normal once your ID has been stolen. Your situation is more credit card fraud than ID Theft.
Ok, maybe that's the point we need to highlight -- the difference between some credit cards being stolen and someone's total ID. Maybe the former doesn't have to be that long, but the latter can be a real mess. Does this sound like a viable explanation?
For more on identity security, see these posts:
After writing several posts on identity theft, I penned Identity Theft Statistics, Part 1, How Much Money Does the Typical Victim of Identity Theft Lose? to discuss how much the typical victim loses when identity theft happens to him/her. On this post, I received two surprising comments. I had always thought that one of the major hassles of your identity being stolen was that it took hours and hours (if not days and even weeks) to correct. After all, we've all heard the horror stories, right? Well, these two commenters paint a different picture. Here's the first:
I was the victim of identity theft last year. The balance charged in my name was around $600, and it took about 3 hours to get everything straightened out with all of my creditors and the Big Three reporting agencies.
Of those three hours, I don't think a single second was spent during "worthwhile" time. It was all early evening hours when I would have just been watching Jeopardy. I certainly didn't have to adjust my schedule or work or miss a beat there. Everyone I needed to talk to was available 24/7 or close to it.
I think identity theft is so common these days that the powers that be have really streamlined the process for correcting it.
Maybe it is so common that companies have handling it down to a science, but this was a real surprise to me.
The process was even easier for the next commenter:
I was a victim of identity theft a few years ago. Whoever stole my identity wasn't able to charge anything. I spent about an hour contacting the three credit bureaus. It was a hassle but not that big of a deal.
Ok, color me very surprised.
I guess the learning here is that identity theft doesn't necessarily sentence you to an extended trip to financial purgatory. And as far as what to do if you're a victim, it appears the best bet is to act fast and contact the credit bureaus and your credit companies. If that happens, the process can be not that bad at all.
How about the rest of you -- anyone else out there who's had his/her identity stolen. Was it easy or hard to get corrected? Any tips for the rest of us?
Here's part 5 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:
What age group is most susceptible to identity theft?
The answer:
25 to 34. Contrary to popular belief, seniors had the lowest rate of ID theft, while 25- to 34-year-olds were most at risk. Why? The lifestyle of many Gen X-ers--going out often and trading personal information on MySpace.com and other social networking sites--creates more opportunity for identity thieves.
My thoughts:
1. Again, I'm very surprised at this finding (I guess that's the purpose of this piece, huh?). I would have guessed seniors all the way. But now that they explain it, it does make sense.
2. Add ID theft to the list of financial topics you teach your kids about. Then, when they are young adults, they'll be more guarded with their data and less likely to get into trouble.
Here's part 4 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:
Identity theft on the Internet is growing.
The answer:
False. Online fraud made up 9% of ID theft cases in which the source was known last year, down from 11.6% in 2004. People who bank online typically uncover fraud in 22 days vs. more than a month for paper accounts.
My thoughts:
1. I'm not sure I buy this information. Online may be down as a percentage, but the total number of cases could still be up (may the other forms of ID theft have grown at faster rates). I can't tell the true story from these stats though, there's not enough here.
2. Either way, I am surprised that Online ID theft isn't skyrocketing. With all the pfishing going on, I thought it would have been much, much higher.
3. Looks like there's another advantage of banking online -- faster detection of ID theft.
Here's part 3 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:
What type of identity theft is the most difficult to detect?
The answer:
Fraudulent accounts opened in your name. It takes an average of 152 days for victims to find out that a new account has been opened in their name. That's because only a credit report or notice from the lender or a collection agency will alert you to the new account's existence.
My thoughts:
1. I would have thought "charges to a credit card you already have" would have been the "winner" here.
2. This is why I have checking my credit reports as part of my New Years resolutions.
Here's part 2 of an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so here is today's question:
What is the most common way your identity is stolen?
The answer:
Among victims who could pinpoint the source of ID theft, 30% blamed a lost or stolen wallet, checkbook or credit card. Dumpster diving, in which your personal info is lifted from documents you throw out, made up less than 1% of cases, down from 2.6% in 2004, as some 70% of people now shred paper files (keep shredding!). However, in 8% of cases, info is stolen out of mailboxes before you have a chance to shred. Since credit-card offers make it easy to open an account in your name, call 888-5-OPTOUT to stop unsolicited card applications.
My thoughts:
1. So, if 30% can be traced to a lost or stolen wallet, checkbook or credit card, 8% to stolen mail, and 1% to dumpster diving, what happens in the other 61% of cases? Am I missing something here?
2. I shred religiously, though it does create another problem -- my kids want to scatter the confetti all over the house. ;-)
3. We've stopped putting our flag up when we put mail in our box (out-going) and we usually pick up mail within an hour or so of its arrival.
4. I opted out last year and my credit card mail offers has dropped DRAMATICALLY. It really works.
I've written a lot about identity theft over the past year (see my identity theft category for a listing of posts), but not much recently. So I thought I'd make up for lost time by doing a short series on the topic.
I found an interesting article from Money magazine that lists several identity theft statistics -- many of which I found surprising. It's done in a question and answer format, so let's start with the first question:
How much money does the typical victim of identity theft lose?
The answer:
More than two-thirds of ID theft victims didn't lose a dime last year. (Of course, that means some people did end up out of pocket: The average loss was $422 vs. $675 in 2004.) Why? Federal law limits your liability--$50 for credit cards; $500 for debit cards--if you report the fraud within 60 days. And most issuers offer even stronger protections, guaranteeing that you won't be on the hook for any of the bill. The real cost to you is time and stress: It takes the average victim 40 hours of effort to restore his or her good name.
A few thoughts here:
1. Wow. I would have guessed a few thousand dollars would have been the average. $422 seems low, but I guess it makes sense as explained by Money.
2. 40 hours basically doubles your cost if your time is worth $10 per hour. If it's worth more, like I'm guessing is the case for most of us, this will be even a bigger cost/frustration than the actual money lost.
If you're like me, you do a good deal of your shopping online. And, if you're like me, you want to be sure you're shopping safely and that your financial and personal information isn't at risk. Money Central helps us all out in this article, giving tips for shopping safely online. Their thoughts:
Good tips. I use them all. In particular, I like #1. And since I do most of my shopping with Amazon.com, I'm in the heart of "Safe-ville." ;-)
As long as you're careful, shopping online is actually SAFER than shopping offline. At least according to Money Central:
Shoppers should be aware that as long as they are dealing with reputable companies, online transactions are far more secure than the face-to-face transactions people perform every day, says Stickley. Online transactions eliminate the middle man, such as the waiter who processes your credit card payment, so there are fewer people to physically see your private information.
How about you? Are you an online shopper? If so, how much of your total spending? Where are your favorite (recommended) places?
Here's an article from Kiplinger's that promises how to secure your PC from worms, viruses and hackers in less than an hour. Their tips:
Good tips! Identity theft is an issue we're all going to have to deal with for a long time to come. It's best if we take as many precautions as possible -- especially since the current identity theft laws aren't that strong and certainly aren't deterring criminal activity.
For more information on this topic, see these posts:
Here's a piece from Money Central that gives us 10 ways to stop identity theft cold. It starts out by telling us how bad identity theft is:
The numbers associated with identity theft are beginning to add up fast. A recent General Accounting Office report estimates that as many as 750,000 Americans are victims of identity theft every year. And that number may be low, as many people choose not to report the crime or, for that matter, even know they’ve been victimized.
But the heart of the article is the set of tips they give. The tips for stopping identity theft are:
1. Destroy private records and statements.
2. Secure your mail.
3. Safeguard your Social Security number.
4. Don't leave a paper trail. Never leave ATM, credit card or gas station receipts behind.
5. Never let your credit card out of your sight.
6. Know who you're dealing with.
7. Take your name off marketers' hit lists.
8. Be more defensive with personal information.
9. Monitor your credit report.
10. Review your credit card statements carefully.
My thoughts:
1. I have a shredder and use it religiously.
2. We mail our bills from home but never put up our mailbox flag. However, I am converting more bills to electronic pay options.
3. We don't do this.
4. We don't do this either. I keep track of EVERY receipt.
5. This is hard to do, especially at restaurants (the card part). Not sure what the solution is.
6. I don't give out this information unless I see a need that they have it.
7. Did it awhile back. We still get some calls.
8. Isn't this the same as #6? My answer is the same.
9. This is one of my New Year's resolutions.
10. I reconcile every credit card statement and review all bills carefully. Not only does it help identify potential identity theft issues, but can also save you a bunch of money.
For those personal finance bloggers out there looking for some free promotion for your site, the MoneyBlogNetwork has an opportunity for you.
We're naming a Site of the Week every week -- a spotlight on one specific personal finance blog. If you want to be considered, stop by AllThingsFinancial and email JLP. He's collecting the applications.
Speaking of AllThingsFinancial, I have to say a public thank you to JLP. He's answered a few tax-related questions that FMF readers have had and he's always done a great job -- very thorough. Thanks, JLP!
Finally, AllThingsFinancial has a post on how Ameriprise Looses Data on 230,000 Clients and Advisors that you may want to check out. Here is an overview:
Ameriprise Financial, the investment advisory unit spun off from American Express last year, said today that lists with the personal information of about 230,000 customers and financial advisers were potentially exposed to fraud.
The breach occurred in late December after a company laptop was stolen from an employee's car. It contained lists of reassigned customer accounts that were being stored unencrypted on a computer in violation of Ameriprise's rules.
The information on the laptop included the names and Social Security numbers of more than 70,000 current and former financial advisers and the names and internal account numbers of about 158,000 customers. The data was being stored in separate lists, but it is possible that there could be some overlap between the two.
Are these companies crazy!!!!???? This info is on a laptop -- in a car -- unguarded? When will they learn????
Add Ameriprise Financial to the identity theft blacklist.
It seems like everyone wants an easy way out of everything. People spend like maniacs for years, then want to pay someone a simple fee to get rid of all their debt. It doesn't work like that, folks!
Here's a piece from Bankrate on debt elimination scams and how to handle them:
Eliminating debt is kind of like losing weight by not eating for two weeks. Firstly, it doesn't work and secondly, you get unintended consequences from trying, like injuring your health. Same thing with debt -- you have to earn more and spend less if you really want to eliminate debt from your life. There really are no quick fixes for either problem.
Of course, the scams abound, and you've run across one. One is that credit card lending is really illegal, so if you stop paying them and they take you to court, you'll win with the secret, and expensive, legal strategy you will be sold. Yours is a variation on that theme -- it's a scam, pure and simple. They probably want a big upfront fee. Don't pay it.
The piece ends with some very good advice:
My advice is to be very careful when strangers approach you with offers. They could well be identity thieves. Ignore these claims and work on getting yourself out of debt the old-fashioned way. Take a good, hard look at your income and expenses and look for ways to either increase the income or decrease the expenses until you can lighten your debt load.
If you want to get out of debt, check out some of these posts -- they may be of help to you:
If you weren't scared enough of by the ways someone could get your money, this piece from Market Watch that details additional ways your bank can help you lose your money. They start by listing several ways banks can lose your money that aren't covered by federal insurance:
Yikes! Who would of thought all these things weren't covered? Ahhhhh, but they are -- just in a different way:
Fortunately, banks carry a "blanket bond," which may provide protection for some of these perils. This is a multipurpose insurance policy a bank purchases to protect itself from fire, flood, earthquake, robbery and embezzlement.
So, now that we're feeling secure again, they hit us with more bad news:
It's a good thing banks carry extra insurance. The fastest-growing area for claims is employee dishonesty, according to experts at two of the more prominent bank blanket-bond providers -- Progressive Group and Chubb Specialty Co. In fact, both report banks have been increasing insurance deductibles lately as they seek higher coverage limits.
The piece ends with some tips on what you can do to make sure you and your money are safe at a bank:
Call 1-877-ASK FDIC or visit www.fdic.gov to make sure all your deposit accounts are fully FDIC-insured in the event of a bank failure.
If you use a bank safe deposit box, don't expect the bank to insure its contents. Make sure your homeowners insurance covers anything valuable.
Consider avoiding bank branches during opening or closing times.
When you visit your bank branch, see different employees. Employee embezzlements frequently involve those who are most trusted.
Monitor your account statements.
Good advice to follow. Another option to consider is banking online -- at least as much as you can.
Overall, I don't think you have to worry about a major bank losing your money (for any reason) and not making you whole again. If they didn't, word would get out, their reputation would be ruined, and their business would really be hurt. However, you still need to monitor and take responsibility for your own financial security. A bank, no matter how protective, will never be as concerned with your finances as you are.
Here's part 4 of a piece from Bankrate listing ten things to stop doing in 2006:
7. Stop identity theft.
8. Stop phishing.
Identity theft is a topic that (unfortunately) will continue to be in the financial news for quite some time. Here are some of my posts on the topic that will help you combat this evil:
Click here to read part 5 of this series.
Free Money Finance recommends Emigrant Direct.
Here's part 3 of a piece from Bankrate listing ten things to stop doing in 2006:
5. Stop counting on Social Security.
6. Stop leaving checks in your mailbox.
My thoughts:
1. I'm counting on NOTHING from Social Security. If I get $1, that will be $1 more than I expect.
2. We still leave checks in our mailbox, but we don't put up our red flag. We get mail every day anyway, so the mailman already stops at our box -- no need for the flag.
3. For more information on saving for retirement, see these links:
Here's an update from MSNBC on some future changes to online banking:
By the end of next year, it may take more than just an ID number and password for bank customers to access their online accounts. In the face of increasing online banking fraud, federal agencies announced they are requiring all financial institutions in the country to beef up their Internet security measures by the end of 2006. That means customers may soon have to navigate through more security screens.
A couple banks are already in the lead in this area:
Bank of America is the first out of the gate with its new SiteKey picture-recognition service, which it will require all customers to use starting in early 2006. Customers choose a picture when they first visit and are presented their choices in subsequent visits to assure them the site is not fake.
This month, Washington Mutual announced that it now uses a version of computer fingerprinting that analyzes every online login and transaction, scores the potential risk of identity theft based on a broad range of criteria, and invokes additional authentication methods if needed.
Here's a word of caution (and some reassurance) if you bank with a smaller bank:
Because big banks are bulking up their online security measures, phishers and scammers are reportedly moving down the chain to medium-sized and small banks, but Litan said many of them are well prepared to meet the threats.
Finally, someone is doing something about identity theft and the security of financial information. For more on this topic, see these posts:
I had heard this news the other day and assumed everyone was up to speed on it, but a note from a reader (thanks, Dan) suggested I share it with everyone since blog coverage seemed light. So here's the bottom line from MSNBC:
A subsidiary of LaSalle Bank Corp. said Friday a tape containing information of about 2 million residential mortgage customers around the country was lost as it was being transported from Chicago to Texas.
ABN AMRO Mortgage Group Inc. said that it has had no indication the information was misused in any way, but that it is notifying residential mortgage customers and has arranged for them to enroll in a credit monitoring service for 90 days at no cost.
Data on the tape include residential mortgage customer names, their social security numbers, payment histories and account information, according to ABN AMRO. LaSalle Bank spokesman Shawn Platt also said the tape is not something a person could take home and look at on a computer.
According to the company, a package containing the tape was picked up at its data processing center in Chicago by express mail company DHL on Nov. 18. But the tape never reached its destination — a credit bureau facility in Allen, Texas.
A few thoughts:
1. How does this happen???!!! Two million people impacted?! This is simply criminal. AMN AMRO and/or DHL needs to compensate the people impacted if, for nothing else, the fear of potential identity theft. It's simply careless and there's no reason for it.
2. This sort of loss seems to be more and more common. We need to fix the system somehow. I'm generally not a proponent of legislating penalties against corporations for this sort of stuff (my feeling is that the market will handle it as consumers flee companies that allow this to happen), but it appears that companies are not taking the issue seriously.
3. Thankfully, I don't do business with ABN AMRO. If I did, I'd be moving as soon as possible.
Update: The tapes have been found.
Every year I do at least one check of my credit reports and 2006 will be no different. I do it mostly for security purposes -- to make sure there is no inappropriate activity in my name -- but it's also good to review the various credit cards I have not used for years that are still "open". I usually take action to close them when I locate one, but like weeds in summer, they just seem to keep popping up. ;-)
If you're not checking your credit reports at least once a year (if not more), you are leaving yourself open to the possibility of having your identity stolen and not realizing it for a long time. You should resolve with me to check your report(s) this year.
For more on the subject of identity theft, check out these posts from Free Money Finance:
Here's a piece that discusses a simple but effective way to guard yourself against identity theft: shred documents that you are tossing that contain personal information (subscription required).
Here's Money's case for shredding:
Everyone's been warned about identity theft. The idea that some hacker can snoop around your hard drive, obtain some account numbers and passwords, and clean out your funds has Americans reaching for the nearest Internet-security software. But it is far less likely that someone is going to break into your computer than that someone will sift through your garbage to get the same information.
One of the best ways to foil trash-picking identity thieves is to shred all sensitive documents before throwing them out. But which shredder to buy?
They wanted to know what the best shredder was, so they conducted a test:
I tested five of the top consumer cross-cut shredders on the market, which range in price from $40 to $380--as I wanted to know if a shredder that is 10 times the price is 10 times as good.
And the winner is:
The Fellowes 8-Sheet Cross-Cut shredder is an ideal at-home machine.
Because:
The piece then ends with a vital shredding tip:
Make sure you get a cross-cut shredder. Strip-cut shreds are much easier to put back together.