Friday, January 6, 2017

Women's Money Week: Identity Theft #wmweek17

There are two kinds of identity theft: one is true identity theft, where a person has your information (birth date, social security number) and is actually masquerading as you, opening new accounts, using your social security number to file taxes and get a refund, or otherwise actually stealing your identity. Usually this is done by someone close to you (sorry) or when you fall for a phishing scam and provide your identifying details by phone or email to someone you don't know.

The other kind is where your banking or credit card information is compromised and the thief has enough information to make purchases using your information but isn't trying to, say, get a mortgage in your name and then skip out on the payments. These thefts often happen en mass (hello, Target, Sony, and many other major business data breaches) and the information gets shopped around the black market. It feels personal if you're out the money but it really isn't.

The steps to prevent each type of identity theft vary, but the underlying principles are the same.

1. Protect your information. Don't give out information unless truly necessary. I decline to share my email address or phone number when asked by cashiers (if I want coupons, I have an email address that I use for that purpose). Definitely never give out information unsolicited - if your credit card company, bank, or the IRS calls you and asks you for a bunch of information they should already have, hang up and call them back at the number that's publicly listed for them (NOT one that they give you) and see if it's a legitimate call. Don't leave statements lying around your house for people in your life to see. Use tough security questions that people who know you wouldn't be able to guess.

2. Practice good security hygiene. Your bank account and your email account should have different passwords. Full stop. Actually, you should not repeat passwords across any accounts that are likely to be linked. We've started auto-generating all of our passwords for additional security and storing them in a password-protected and encrypted password storage system (we use KeePass; others are OnePassword and Last Pass). One good tip for creating hard-to-crack passwords is to think of a sentence like "That's no moon" as a trigger and then use that to come up with a shortened secure word like "Th4t5n0Mo0N!". Hard to crack, easy to remember. Also, enable 2-factor authentication on any account for which it's available - this is where you get an email, text, or phone call with a code when logging in from a new device. It's available on most of the types of accounts that are likely to get hacked (email, Facebook, Twitter) and you can register each device you regularly use so you don't have to do it every time you log in - but someone without access to your phone won't be able to log in to your account.

3. Use a credit card instead of a debit card for purchases. Two reasons: one, debit cards take money immediately out of your bank account, so if someone goes on a shopping spree with your card, you are out that money straightaway, probably before you even notice. And two, a federal law in the US called the Fair Credit Billing Act means that your liability for credit card fraud is limited to $50 (which in my experience the credit card companies usually waive). With a debit card, depending on how soon you discover and report the card missing or stolen, there is no limit to your liability, meaning if you wait 60 days to figure out something is wrong, that money is gone. Use a credit card for purchases whenever possible to get that protection. Assume that your card number will be compromised at some point, whether by a skeevy waiter or a mass data breach at a big box retailer, and protect yourself accordingly. (Pay the full balance of the card monthly to avoid carrying debt - you can treat a credit card like a debit card in that if you don't have the money to pay the bill, you don't buy the thing.)

4. Keep an eye on your credit report. Pretty much the only way to find out about new and unauthorized accounts is to take a regular look at your credit report and make sure everything you see there is accurate. You can get your report for free once a year from each of the reporting bureaus through AnnualCreditReport.com. I pull from one of the bureaus every four months, so I can stay on top of things.

No comments:

Post a Comment

Thanks for commenting!