Wednesday, February 11, 2009

Preventing Identity Theft

Protecting your physical belongings
I can't tell you a whole lot of new things here--be aware of your surroundings to avoid being mugged, carry as few cards as necessary, keep things in your home (extra checks, bank statements) secure, shred papers instead of throwing them out. Here are a few other things I do myself, and strongly recommend.

Copy your cards
I was inspired over the weekend to take everything out of my wallet again and give it a quick scan on the copy machine, in case my wallet gets lost or stolen. Lay out all the cards on the scanner and copy them front and back, then keep the papers in a safe place. If your wallet is lifted, you have the phone numbers and card information to call and report them stolen easily.

Lighten up
Speaking of which, clean out your wallet! You probably don't need to carry every card you own, especially store cards. I don't go shopping on a whim at Victoria's Secret (the only store card I have) so I leave the card at home in a safe place. If I happen to fall into the store and need to use it, they can look it up by my phone number anyway. The fewer cards you're carrying, the less hassle if something happens.

Don't carry your social security card with you. Just don't. You don't need it. Likewise, checks--how often do you use checks anymore? If you're not using your checkbook, don't carry it with you.

Online Safety
Passwords
Pick really good passwords. Don't use something that's easy to guess, or a word or combination of letters that someone could figure out. I use lines from movies, in code. For example, "Frankly My Dear, I Don't Give A Damn" from Gone with the Wind would translate to fmdidg4D (4 commonly stands for A in hacker-lese). Easy to remember, has a capital letter and a number in it, and let me tell you--NO ONE would ever guess that, because it looks like nonsense!

But you should have a password system, not just a password. Do not use the same password for your bank account that you use anywhere else. I have been guilty of this, but if you use the same password for every account, it could happen like this:
  • Your Myspace or Facebook gets password jacked by those stupid phishing things.
  • Now the thief's got your password and can find your email address.
  • They can probably figure out your username for ebay or almost any other site.
  • Now they're in your email account, and can find an email from your bank or credit card.
  • Now they can get into your financial information and do whatever they want with it.

And if they changed all of those passwords to something you don't know, well, good luck.

BUT. If you used
  • one common password for "low security sites", like MySpace, Facebook, forums that you read or post in.
  • Another password for email ONLY and make it supersecure.
  • Another password for medium security sites, like ebay and paypal, where there is some financial or legal risk to you.
  • And an individual password for each online banking site (using the example above, "fmdidg4Dwamu" and "fmdidg4Dcap1").

HOW on EARTH could someone hack into ALL your accounts and do anything? They might be able to post Nude Girls 4 U bulletins to your MySpace friends, but not much else.

Another hint: for all the "hints" questions, don't put actual answers (which are easy to figure out, just ask Sarah Palin), but use one common word like "chapstick" to answer every question. No one will guess it and it won't be that hard for you to remember (some sites will not let you do this, which is foolish, in my opinion).

Phishing
Delete or report as spam any email that seems remotely too good to be true. No one died and left you four million kenyan dollars (and if they did, they wouldn't be contacting you by email). You can't work from home for five minutes a day and make thousands a week.

Don't click links in unsolicited emails, like ones that look like they're from your bank or eBay or Paypal. Type the site name directly into your address bar instead.

Monitor your accounts regularly and track your spending
I check my online bank accounts several times a week, to make sure things are clearing when I expect them to. It helps to keep my spreadsheet up to date and has the added advantage of making it less likely that I will ever bounce a payment, and has allowed me to catch identity theft at least twice--once on a debit card and once on my credit card. In both cases, I noticed charges pending I was certain I didn't make (thank you, spending tracker!). I called the financial institution, alerted them to fraud, and asked that the card number be canceled immediately. In both cases, additional (and much larger) fraudulent charges were attempted later that day, but because I'd caught the theft right away, those charges didn't go through. Also in both cases, the bank or card company replaced the stolen money right away. I am still not sure in either case how my card number was stolen--it could have been a lucky guess, a shady waiter or online retailer, or data lost in one of those publicized cases like TJ Maxx. The hassle of getting a new card or account number was minimal, although with my credit card, I also had to totally replace the account number and online profile (I did keep my reward points).

Check your rep
Pull your credit report at the three major credit reporting bureaus using the links at www.ANNUALcreditreport.com. They are all slightly different, but I pull from one company every four months, getting a pretty good picture of how things look all year long.If you see something that doesn't look right, get it fixed.

If the worst comes to pass
For online fraudulent card use like I describe above, I'd just follow the steps that I detailed. The hassle really is minimal, and banks are used to dealing with this.

If your whole identity has been stolen or is at risk--say your entire wallet was stolen, with driver's license, social security card, and credit cards, or your home was broken into and your files were tampered with--file a police report and then place a fraud alert with each of the three bureaus. This will require potential creditors to contact you at a phone number/address you specify at the time you place the alert before issuing new credit. It also entitles you to a free copy of your credit report, in addition to the free annual report you are already entitled to.

There's one scenario in my mind that's a little worse, and that's when someone close to you has stolen your identity. This happened to a friend of mine, whose sister "borrowed" her Target credit card and had the mailing address changed, then open an additional card in my friend's name, then defaulted on both cards. It was a rough situation, because my friend did not want to cause family drama by filing charges, but that was the only way she could prove she didn't owe the debt. In the end, she and her sister worked out a payment plan, but my friend's credit is badly damaged. Here's my take: identity theft is a CRIME. If your family member would commit a CRIME against you, you should not feel bad about filing charges to protect your bank accounts and your financial reputation. I'm sure if I were actually in her position, it would be a very difficult thing to do, but that's what I hope I would do.

Be safe!

3 comments:

  1. Good post, especially about the passwords.. I'm going to start changing a lot of mine today as they are all mostly the same!

    ReplyDelete
  2. I know this is like a month old, but I found myself coming back to it because I really need to go through and do a password sweep. I have a system, but it isn't very good.

    Thanks for all these tips!

    ReplyDelete
  3. I love your suggestion for using movie quotes as passwords! I hadn't actually thought of how easy it would be for someone to hack Facebook and use the same password for my e-mail, eBay, bank account, etc. I now have different passwords all over the place thanks to this post! :)

    ReplyDelete

Thanks for commenting!