Keeping Ourselves Safe From Identity Theft
Another month, another data breach. It seems like 2018 has been the year for stolen data. In the past 12 months, Saks Fifth Avenue, Lord & Taylor, Macy’s, Under Armor, Panera, Facebook, Orbitz and Marriott were just a few of the companies that were hacked and customer information stolen. In the recent Marriott breach alone, personal information on 500 million guests – including usernames, passwords, credit card information and addresses – were stolen. Why should this concern you? At the very least, it means that someone out there has your credit card information and could be charging up a fortune. This is why you should scan your credit card statement each month for charges you don’t recognize. But there is a bigger issue. Using bits and pieces of information from these breaches, and information readily available on the web, hackers can easily piece together all the information needed steal your identity. According to one report, the median price on the dark web for someone’s identity was $21.35; however, the havoc they can wreck with your life is immeasurable. They can essentially become you –charging tens of thousands of dollars in your name and then disapear leaving you to clean up the mess. The process of clearing up ones credit after such an incident can take years and thousands of dollars. While it may not be possible to prevent all identity fraud there are a few simple steps you can take to minimize the risk.
How can we protect ourselves from identity theft?
1) Use different secure passwords on each of your accounts
The best way to stop hackers - or at least slow them down - is to use different highly secure passwords on each of your on-line accounts and apps. Using the same or easy to guess passwords on multiple sites makes it simple for identity thieves to gather the information they need. The problem is that we all use dozens of sites and apps in our daily lives. How can you possibly remember all these passwords? The solution is to use a password manager. If you use Apple products there is a built-in password manager “Key Chain” that will not only generate and remember secure passwords for each site you visit, it will make the password available on all of your Apple devices. It’s not a bad choice; however, it’s not supported by Chrome, and there is a surprising lack of documentation. Is it worth using? If you can tolerate Safari it actually works quite well - once you figure it out. I love having my passwords at my fingertips whether I’m using my laptop, tablet or phone. And oh yea, its free! If you use something other than Apple products or just don't want to be married to Safari there are a bunch of alternatives in every price range. Cnet recently produced a “top 10 list” of password managers. I highly recommend you check it out.
2) Keep an eye on your credit report.
Credit reports are primarily maintained by 3 agencies: Equifax, Experian and TransUnion. These organizations receive, store and update information from lenders. It’s here that a new inquiry, loan or credit card would appear. Legally, you can request 1 free credit report from each of the major credit agencies each year. You can order a copy from annualcreditreport.com - which is the only authorized website for free credit reports - or by calling 877-322-8228; however, by the time you learn anything from this once a year report the damage would already be done. You need something more up to date. Fortunately, there are several good apps for monitoring your credit! My favorite is Credit Karma. There are advertisements but otherwise it free and it updates your score and credit report each week. It will even notify you when there are new inquires on your credit -usually a signal that an account in your name is being applied for - or any time an account is opened in your name. It’s not “real time” so there are delays – but it’s significantly better than checking once a year. It’s also a good idea to scan your report on a regular basis for erroneous information.
3) Know what’s out there about you on the internet.
You should spend a few moments looking on line and see what’s there on the internet. Pipl.com and mylife.com are a treasure trove of information and always good places to look; however, even a simple google search can be helpful. There are tons of information about me on the web and that’s probably ok; however, I discovered that my license, DEA number and a bunch of personal information (address, phone number, employer) were accidentally exposed on a copy of my CV that was posted to an unsecured academic website. Sure, all this information is available if someone is persistent enough, but I don’t need to make it any easier.
4) Know what’s there about you on the “dark web.”
It’s easier than you think - there a site run by a Microsoft security researcher called “have i been pwned?” For those that don't know Pwned, is slang derived from the verb to “own," meaning to conquer or to gain ownership. On this site, you type in your email and it will search to see if you have been involved in a “breach” or “paste.” A "breach" is an incident where personal data has been stolen by hackers. Examples include sites like Dropbox that were hacked by tech savvy “bad guys”. A “paste” is when information that was obtained during a “hack” is published on a public website for others to see. Turns out one of my email addresses was involved in both. The concern is that once hackers have your password to a less secure site (e.g. Facebook) it’s likely they have the password or can gather the information needed to gain access your more secure sites (e.g. your bank). Even if you are clever enough to use different passwords on different sites, everyone on the planet now has access to your hacked account – and they could wreak havoc with your personal life. Just ask these unfortunate women.
5) Lock your credit histories.
In order for lenders to open an account they first need access to your credit history. It’s never been easier to lock access to these reports – and then unlock access when needed. All of the major credit reporting agencies now have Apps that allow you to – with the swipe of a finger – lock access to your credit reports denying anyone from applying for credit under your name. Then with the swipe of a finger you can unlock the report. I downloaded some of these and they do seem to work as advertised. Just don’t forget if you apply for a credit card, mortgage or loan (or in some cases a job!) to unlock the reports first or you will be denied! Note: this is not the same as “freeze” but is probably adequate for most of us. A nice article outlining the difference can be found here.
6) Consider an identity protection service – but you probably don’t need it.
First of all, the entire industry is fraught with fraud. Capital One, Discover, Affinion, Experian Consumer Direct, and LifeLock have all been fined for deceptive marketing of identity protection, credit monitoring, and other services that don’t actually work! Interestingly, LifeLock co-founder Robert Maynard, Jr was forced to resign from his position after unsavory details about his past – including an investigation implicating him in committing identity theft – came to light. In addition, none of these services actually do anything that I haven’t outlined above. If you absolutely must have one of these services in order to sleep at night then by all means spend the $100 - $300 a year; however, remember that LifeLock’s founder, Robert Maynard, Jr, was also the victim of identity theft while he was still president of the company!
Hacked and stolen credit information are a big problem, but you can protect yourself by taking a few precautions. And remember, if someone does use your existing credit card account you have rights - federal regulations limit your liability, to $50 per account and in most cases even that will be waived by card issuers.