Three things you need to know about identity theft, and how to prevent it from happening to you
Several months ago, my husband was the victim of identity
theft. Using his personal information,
someone was able to apply for {and receive} loans, credit cards, and cell
phones, among other items. He has spent
dozens of frustrating hours over the last few months trying to close the
accounts, restore his credit, and prevent this from happening again.
With the slew of well-publicized security breaches happening
lately, affecting tens of millions of people, it is likely only a matter of time
before this happens to you or someone you know.
My husband has offered to write a post to share with my readers about what he
learned from this unfortunate situation, and how you can prevent it from
happening to you. Please read his story,
and use the included links to help educate and protect yourself from identity
theft.
So in the aftermath of having my identity stolen, and while
still in the midst of the incredibly frustrating process of recovering my
credit, Rachel asked me if I would pass on a few of my key learnings to her
readers. I agreed to do so, with the sincere hope that some of you will
take the time to read through this and use the included links to lock down your
credit and help prevent yourself from becoming a victim. I have also come
across many helpful articles and websites throughout this process, and I
included links to many of them at the end.
With all that said, here are the three most important things
that I have learned about identity theft:
#1) Credit monitoring
services (like LifeLock, ProtectMyID, Identity Guard, etc) don’t (and can’t) do
anything to protect you from getting your identity stolen, nor do they keep
people from using your identity to open accounts, buy goods, get loans, etc.
A credit monitoring service will simply alert you that a
creditor has pulled your report in order to verify your credit
worthiness. Depending on the speed of their system, that alert may or may
not arrive before you would find out on your own - likely the same way that I
did - through letters (bills, account notices, etc) from the creditors
themselves. Credit monitoring services do have agents who can help walk
you through the process of cleaning up your credit, although you will have to
do the majority of the work on your own, and most of the information they
provide can be found for free online. In my experience with XXXXX credit
monitoring service (which I received for free due to a well-known security breach
this past year, but only bothered to sign up for after my identity was stolen) the agent was very knowledgeable, but
it took over a month after registering my initial complaint before the agent
was assigned to me and began to work on my case. Credit monitoring services will likely also
offer various "guarantees" and "insurance policies" in the
event that you become the victim of identity theft. My advice: read the policies carefully and
decide for yourself what they are worth before signing up.
Although credit monitoring services don't actually protect your
identity, what is worse, in my opinion, is that offers of free credit
monitoring seems to be an easy PR move for companies eager to make a show of
taking responsibility for allowing a data breach - easier, it would seem, than
actually protecting your data in the first place. ("Sorry
we couldn't be bothered to do our jobs and protect the highly-sensitive
personal information we have collected from you. Here's a coupon for a service of dubious value
but with an impressive sounding name.") If this approach is cheaper and easier than
staying ahead of the (admittedly increasingly sophisticated) hackers out there,
then don't expect it to change anytime soon.
#2) Placing a Fraud Alert
on your credit file if you suspect your identity has been stolen is a good initial
step, but not a permanent or foolproof solution.
A fraud alert is a message placed in your credit file asking
creditors to verify your identification (generally by calling you at a number
you provide) before extending credit in your name, in case someone is using
your information without your consent. This is free and easy to do, and
is a good first step if you suspect your identity has been stolen. Simply
go online to one of the three main credit bureaus (Experian, Equifax, or
TransUnion) and fill out a form. They
will notify the other two bureaus for you.
I actually did this (based on advice I found online through the
Federal Trade Commission website) soon after realizing that my identity had
been stolen, and received a call within an hour from a company attempting to
open an account for someone in my name.
I told them no, and based on that brief conversation, they didn't extend
that person credit that they otherwise would have. The system worked. It also appears to be the last time (based on
information that I was able to glean later from my credit report) that someone tried to open a new account in my name.
My guess is that after being turned down for credit due to the fraud
alert, the person realized that the jig was up with my information, and
proceeded to the next name on a list of stolen identities that they probably
bought online from some hacker in Russia.
However, a fraud alert is not a cure-all solution. It only lasts 90 days, (although it can be
extended up to 7 years by providing proof of identity theft - generally in the
form of a police report) and more importantly, it does not require creditors
to call and verify your identification. It is merely a request that they
can comply with at their discretion.
This seems like a pretty big loophole to me, and one that I was not
willing to live with long-term.
#3) A Security Freeze
(often mistakenly referred to as a “Credit Freeze”) is the best way to prevent
unauthorized use of your identity to obtain credit.
A security freeze blocks new creditors from accessing your
credit report, although current creditors will still have access. While
it doesn’t actually prevent a creditor from issuing credit in your name, the
inability to review your credit history (and thereby determine your credit
worthiness) will cause nearly all potential creditors to deny issuing the
credit. However, the downside of a security freeze is that legitimate
creditors (with whom you are genuinely trying to obtain credit) are also unable
to view your credit history.
Hopefully this likely isn’t something that you need to do very often,
for a few reasons. One, every time a
"hard-inquiry" is made to your credit report, your credit score goes
down. Not by much, but it does affect
your score, meaning that you are more likely to pay higher interest rates or to
be turned down for credit in the future.
The second reason that you shouldn't apply for every department store
credit card offered to you is that they rarely have rates and terms as good as
you can find elsewhere, and the 15% you are about to save on that pair of jeans
from Macy's is going to cost you more in the long run. It just doesn't make good financial
sense. Pick a few cards (based on a
combination of their fees, rates, and rewards programs) and stick with them.
However, there are times when you will need to access your
credit. In the event that you do, your
credit report can be “thawed”, either temporarily or permanently, generally
using a 10 digit PIN provided by the credit bureau when you apply for the
freeze. Just don’t lose the PIN, because I hear it can be very difficult
(as you should hope it would be) to get your credit thawed without it.
Depending on your situation, there may be a fee of up to $10
(from each bureau) each time you freeze or thaw your credit, so this isn’t
something you want to do all the time. However, I can tell you from
experience that paying a $10 fee is much better than having your identity
stolen. It is also not necessary to thaw your credit report with all the
bureaus when attempting to obtain credit, only the bureau(s) with which that
particular creditor works. So always ask
before you thaw.
Because I can’t recommend enough placing a Security
Freeze on your credit report, here are some links to the various credit
bureau sites where you can obtain a freeze, along with some information on the
process. The three main credit bureaus that most people is familiar with
- or at least have heard of - are listed, along with two others that were new
to me until I started this process. You can complete the process of
adding a security freeze to your credit report through all five bureaus in less
than half an hour. Do it. Trust me, you'll be glad you did.
Experian: There
is a $10 charge (or free if you are a victim of identity theft and mail in a
copy of your police report) to place a security freeze with Experian, although
I didn’t do this and still wasn’t charged. You will likely have to
correctly answer a series of “out of wallet”* questions, and then your 10 digit
PIN will be given to you. (There is also an option to create your own PIN
if you prefer.)
*An "out of wallet" question is a type of question
used to verify your identity that would be easily known to you, but unlikely to
be found in your wallet. Some examples
of out of wallet questions are "What city were you born in?" or
"What bank holds your mortgage?".
Equifax:
There is a $10 charge (or free if you are a victim of identity theft and mail
in a copy of your police report) to place a security freeze with Equifax.
You will likely have to correctly answer a series of “out of wallet” questions,
and then your 10 digit PIN will be given to you.
TransUnion:
There is a $10 charge (or free if you state that you are a victim of identity
theft) to place a security freeze with TransUnion. You may have to correctly answer a series of
“out of wallet” questions, and then you will be directed to create an online
account with TransUnion, and establish a 6 digit PIN.
Innovis:
There is no charge to place a security freeze with Innovis. Simply fill
out an online form, and you will receive your 10 digit PIN by mail.
Clarity Services:
There is no charge to place a security freeze with Clarity Services. You will need to download and fill out a
request form, and then mail it in to them along with a copy of your driver’s
license. You will receive your 10 digit PIN by mail.
Some other notes and helpful links:
It is always a good idea to review your credit history periodically
and correct any mistakes that may be on there. You can request your freecredit report once a year from each of the three main bureaus.
You also may want to consider opting out of “pre-screened” or
“pre-approved” offers of credit or insurance. Since thieves will
occasionally steal mail from your mailbox, this can help reduce your risk,
along with reducing the volume of junk mail you receive. You can opt out
for 5 years from the website, or you can opt out permanently by downloading and
mailing in a form. This one form covers offers from Experian, Equifax,
TransUnion, and Innovis. It is possible to opt back in at a later date if
you change your mind.
If you have been (or think you may have been) the victim of
identity theft, this website from the Federal Trade Commission is very helpful.
More information from the FTC about security freezes
Brian Krebs (an investigative reporter who covers cybercrime)
discusses his experiences with identity theft, security freezes, and credit
monitoring in some interesting articles with tons of great information. If you've made it this far and still haven't
had your fill of identity theft and cybercrime related information, I highly
recommend reading his blog.
Phew! I know that's a lot of information! In the six months that my husband has been dealing with this, there have been a lot of interesting realizations. Some companies are easier to deal with than others and some companies don't seem to even speak internally to one another. It's a frustrating process. Protect yourself as best you can before identity theft happens to you, and if it does happen to you, I hope some of this information is helpful.
1 comment
Very good information. You might also mention that you should fill out an identity theft affidavit and submit it to the IRS. Tax Identity theft is the fastest growing form of identity theft right now.
Post a Comment