Saving yourself from Identity Theft

Identity theft has been a federal offense since 1998. But are we getting any better at dealing with it? Actually, we are. The number of victims and the amount defrauded is down and, most important, it takes less time to clean up the mess. According to a Javelin Strategy & Research survey, as reported by the Privacy Rights Clearinghouse, the number of identity theft victims per year in the U.S. fell by nearly 2 million from 2003 (10.1 million) to 2007 (8.4 million); and the mean time required to undo the damage in each instance was down from 40 hours in 2006 to 25 in 2007.Most of the financial losses in an identity theft are suffered by credit issuers and banks, as victims are rarely held responsible for fraudulent debts incurred in their name. But victims often bear the responsibility of contacting their banks and credit issuers after an identity theft has occurred.

Even these declining numbers remain fairly high, however, and learning that your credit card has been used by a stranger can chill your blood. As in nearly every endeavor, prevention is the best medicine. To thwart identity thieves, keep these practices:

• Safeguard your Social Security number. This is perhaps the single most important bit of information about you. Don’t carry your card with you, and, if possible, don’t even tell anyone the number.

• Shred everything that has your name, address, and other personal information. Use a cross-cut shredder, not a strip-cut shredder, because cross-cutting creates fragments that are much harder to piece back together.

• Don’t provide personal information to people who contact you over the phone, through the mail, or by e-mail. Ask them how you can get in touch with them so you can investigate. You might start with a simple Internet search for complaints, or check with the Better Business Bureau.

• Keep sensitive documents in a secure place. Birth certificates, Social Security cards, tax returns, insurance policies, and the like should go in a fireproof safe or at least a locked drawer at home, or in a safety deposit box in a vault.

• Never give anyone your password for anything. No tech or customer service rep should ever ask you what your password is. This is a dead giveaway that you’re dealing with a potential identity thief or, at best, an incompetent support tech.

• While we’re on the subject of passwords: Don’t use a weak or obvious password like your birth date or dog’s name. Strong passwords incorporate capital and lowercase letters, numbers, and, if possible, non-alphanumeric characters.

• Protect your PC. I’m not going to belabor this because we’ve written extensively about it, but you need to run a software firewall, antispyware, and antivirus software.

• Don’t fall prey to phishing. Don’t click links in unsolicited e-mail, and don’t enter information on strange Web sites. Don’t even enter information on familiar Web sites that have changed recently. Call the company and ask if they’ve redesigned their site. Always check a site’s encryption before entering personal information—look for https:// in the address bar, along with an icon indicating that VeriSign or another independent party has certified the site as secure.

Sometimes an identity is compromised despite a person’s best efforts. Three things can tip you off that you may be a victim:

• Bills. A dead giveaway is if your bills stop coming or if you start getting bills for credit cards you never applied for. Likewise, an unknown charge on your credit card or a mysterious transfer of funds out of your account requires an immediate call to your bank.

• Calls. Phone calls or letters about purchases you didn’t make are another big signal. Someone I know found out his identity was stolen after he was contacted by RadioShack about purchasing the extended warranty on a computer he never bought.

• Bad reputation. If you’re turned down applying for a new credit card or line of credit because your credit rating is bad and to the best of your knowledge it shouldn’t be, then check your credit reports. You can do this easily by contacting www.annualcreditreport.com (not freecreditreport.com, which is actually a gateway to a paid subscription service) or by calling 877-322-8228. Everyone is entitled to receive a free credit report from each of the three big credit reporting agencies (Equifax, Experian, and TransUnion) every year. Look for credit checks from companies you didn’t contact, accounts you never opened, and debts you never incurred.

Finally (and I hope no one needs to read this), here is what to do if your identity has been stolen:

• Alert the authorities. Immediately—as in run, don’t walk—put a fraud alert on your credit reports and then review the reports. This tells creditors and credit bureaus to follow heightened security procedures before they open new accounts in your name or make changes to current accounts. There are three major credit reporting companies (if you contact one they will alert the others):
o Equifax 800-525-6285
o Experian 888-EXPERIAN
o TransUnion 800-680-7289

• Alert the financial institution. Call each credit card company or bank and report each account that has been tampered with or falsely opened. Speak directly with someone in the fraud or security department. It may be necessary to follow up in writing. Ask them to send you a letter stating that the account has been terminated and the suspicious charges removed.

• Let the police know, too. Conventional wisdom says that you should file a police report. I have gotten hundreds of e-mails from people in response to an earlier article I wrote where I advised this, and the consensus is that local police departments around the country routinely ignore or mishandle identity theft. Still, you may want to do this to generate a paper trail.

• Tell the FBI. Report the theft to the FBI, the Internet Crime Complaint Center, and the Federal Trade Commission. These are also excellent resources for more information on the topic.

• Keep records. File away copies of all documents and written notes of conversations regarding your identity theft.

www.pcmag.com