Protecting Yourself Against Identity Theft

As with any crime, you can't guarantee that you will never be a victim, but you can minimize your risk.  By managing your personal information wisely, cautiously and with an awareness of the issue, you can help guard against ID Theft.

• How can I prevent ID theft from happening to me?
• Personal Information Protection
  • What are Pretexting and Phishing?
  • Should I be concerned about using the Internet?
  • Are companies allowed to print my entire CC # on a receipt?
  • Are companies allowed to use my personal info for marketing?
  • When is it safe to provide my Social Security number?
• Credit Protection
  • Should I use a credit monitoring service?
  • What are Fraud Alerts?

 How can I prevent ID theft from happening to me?

• Don't give out personal information on the phone, through the mail or over the Internet, unless you've initiated the contact or are sure you know who you're dealing with.  Identity thieves may pose as representatives of banks, Internet service providers (ISPs) and even government agencies to get you to reveal your SSN, mother's maiden name, account numbers, and other identifying information.  Before you share any personal information, confirm that you are dealing with a legitimate organization.  Check an organization's website by typing its URL in the address line, rather than cutting and pasting it.  Many companies post scam alerts when their name is used improperly.  Or, call customer service using the number listed on your account statement or in the telephone book.  For more information, see How Not to Get Hooked by a 'Phishing' Scam.
• Don't carry your SSN card; leave it in a secure place.
• Secure personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
• Guard your mail and trash from theft:

• Deposit outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox.  Promptly remove mail from your mailbox.  If you're planning to be away from home and can't pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold.  The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.
• To thwart an identity thief who may pick through your trash or recycling bins to capture your personal information, tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail.  If you do not use the pre-screened credit card offers you receive in the mail, you can opt out by calling 1-888-5-OPTOUT (1-888-567- 8688).  Please note that you will be asked for your Social Security number in order for the credit bureaus to identify your file so that they can remove you from their lists and you still may receive some credit offers because some companies use different lists from the credit bureaus' lists. 
• Carry only the identification information and the number of credit and debit cards that you'll actually need.
• Place passwords on your credit card, bank and phone accounts.  Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers.  When opening new accounts, you may find that many businesses still have a line on their applications for your mother's maiden name.  Use a password instead.
• Ask about information security procedures in your workplace or at businesses, doctor's offices or other institutions that collect personally identifying information from you.  Find out who has access to your personal information and verify that it is handled securely.  Ask about the disposal procedures for those records as well.  Find out if your information will be shared with anyone else.  If so, ask if you can keep your information confidential.
• Give your SSN only when necessary.  Ask to use other types of identifiers when possible.  If your state uses your SSN as your driver's license number, ask to substitute another number.  Do the same if your health insurance company uses your SSN as your account number.
• Pay attention to your billing cycles.  Follow up with creditors if your bills don't arrive on time.  A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
• Be wary of promotional scams.  Identity thieves may use phony offers to get you to give them your personal information.
• Keep your purse or wallet in a safe place at work as well as any copies you may keep of administrative forms that contain your sensitive
  personal information.
• When ordering new checks, pick them up at the bank, rather than having them sent to your home mailbox.
• If you're being deployed in the military, place an active duty alert. 

Protecting yourself from Identity theft is the best way not to become a victim.  ID Watch offers consumer information, alerts users of any large scale ID thefts from financial institutions, software recommendations for safeguarding your computer, best practices policies for handling your physical documents, prevention and detection safeguards, financial dossiers (both scheduled and event driven), and, in the case you become a victim, $25,000 insurance against liability, legal costs and lost productivity.  ID Watch also offers support and an individual Recovery Advocate.

ID Watch, and 24/7 peace of mind, costs as little as $4.95 a month.  Just as you buckle your seatbelt and buy health insurance, you should also protect your identity, because it is the only one you have.

Personal Information Protection

 What is "pretexting" and "phishing"?

Pretexting is the practice of getting your personal information under false pretenses.  Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you.  Pretexting is against the law.

Pretexters use a variety of tactics to get your personal information.  For example, a pretexter may call, claim he's from a survey firm, and ask you a few questions.  When the pretexter has the information he wants, he uses it to call your financial institution.  He pretends to be you or someone with authorized access to your account.  He might claim that he's forgotten his checkbook and needs information about his account.  In this way, the pretexter may be able to obtain personal information about you such as your SSN, bank and credit card account numbers, information in your credit report, and the existence and size of your savings and investment portfolios.

Pretexting also has its online version, called "phishing."  An email will be sent to your account from what looks to be a respectable, established company with online presence, often one that you may have visited in the past.  The email will ask you to update your account information, but will often ask for information you never gave out in the first place, like Social Security number, bank accounts, birthdates, etc.  Phishing has evolved into "pharming," which is the very devious practice of creating fake websites that mirror bank sites, payment systems, etc.  These websites are designed to look exactly like a website you use.  When you put in your information (screen names, passwords, SSN, account numbers,) it is sent to the creator of this website, not the organization whose site you think you are at.  Usually, the criminals will use both phishing and pharming techniques, they will "phish" to lure you to the website, where they then "pharm" your information. 

Keep in mind that some information about you may be a matter of public record, such as whether you own a home, pay your real estate taxes, or have ever filed for bankruptcy.  It is not pretexting for another person to collect this kind of information.

By law, it's illegal for anyone to:

• use false, fictitious or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
• use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
• ask another person to get someone else's customer information using false, fictitious or fraudulent statements or using false, fictitious or fraudulent documents or forged, counterfeit, lost, or stolen documents.

Back

 Should I be concerned about using the Internet?

If you're storing personal information such as SSNs, financial records, tax returns, birth dates, or bank account numbers in your computer, the following tips can help you keep your computer and your personal information safe from intruders:

• Virus protection software should be updated regularly, and patches for your operating system and other software programs should be installed to protect against intrusions and infections that can lead to the compromise of your computer files or passwords.  Ideally, virus protection software should be set to update automatically each week.  The Windows XP operating system also can be set to automatically check for patches and download them to your computer. 
   

• Do not open files sent to you by strangers, or click on hyperlinks or download programs from people you don't know.  Be careful about using file‑sharing programs.  Opening a file could expose your system to a computer virus or a program known as spyware, which could capture your passwords or any other information as you type it into your keyboard.  For more information, see File Sharing: A Fair Share?  Maybe Not and Spyware.  Also, beware of "phishing" techniques used by ID thieves.

• Use a firewall program, especially if you use a high‑speed Internet connection like cable, DSL or T‑1 that leaves your computer connected to the Internet 24 hours a day.  The firewall program will allow you to stop uninvited access to your computer.  Without it, hackers can take over your computer, access the personal information stored on it, or use it to commit other crimes.
   

• Use a secure browser-software that encrypts or scrambles information you send over the Internet-to guard your online transactions.  Be sure your browser has the most up‑to‑date encryption capabilities by using the latest version available from the manufacturer.  You also can download some browsers free over the Internet.  When submitting information, look for the lock icon on the browser's status bar to be sure your information is secure during transmission.  
   

• Try not to store financial information on your laptop unless absolutely necessary.  If you do, use a strong password: a combination of letters (upper and lower case), numbers and symbols.  A good way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters.  For example, "I love Felix; he's a good cat," would become 1LFHA6c.  Don't use an automatic log‑in feature that saves your user name and password, and always log off when you're finished.  That way, if your laptop is stolen, it's harder for a thief to access your personal information.  
   

• Before you dispose of a computer, delete all the personal information it stored.  Deleting files using the keyboard or mouse commands or reformatting your hard drive may not be enough because the files may stay on the computer's hard drive, where they may be retrieved easily.  Use a "wipe" utility program to overwrite the entire hard drive 
   

•  Look for website privacy policies.  They should answer questions about maintaining accuracy, access, security, and control of personal information collected by the site, how the information will be used, and whether it will be provided to third parties.  If you don't see a privacy policy, or if you can't understand it, consider doing business elsewhere.

Back

 Are companies allowed to print my entire CC # on a receipt?

After December 4, 2006, companies will not be allowed to print your credit or debit card expiration date or more than the last five digits of your card number on your electronic receipt.  Some businesses will be required to make this change sooner, depending on the way they process credit card transactions.  The law will allow receipts that are hand written or mechanically imprinted to show your entire number and expiration date, even after December 4, 2006.  For more information, see section 605(g) of the FCRA.

Back

 Are companies allowed to use my personal info for marketing?

More organizations are offering consumers choices about how their personal information is used.  For example, many let you "opt out" of having your information shared with others or used for marketing purposes.  For more information, see Privacy: What You Do Know Can Protect You and Privacy Choices for Your Personal Financial Information.  You also can visit the FTC websites Privacy Initiatives and National Do Not Call Registry.

Back

 When is it safe to provide my Social Security number?

Your employer and financial institution will likely need your SSN for wage and tax reporting purposes.  Other businesses may ask you for your SSN to do a credit check, like when you apply for a car loan.  Sometimes, however, they simply want your SSN for general record keeping.  If someone asks for your SSN, ask the following questions:

• Why do you need it?
• How will it be used?
• How do you protect it from being stolen?
• What will happen if I don't give it to you?

If you don't provide your SSN, some businesses may not provide you with the service or benefit you want.  Getting satisfactory answers to your questions, though, will help you to decide whether you want to share your SSN with the business.

Back

Credit Protection

 Should I use a credit monitoring service?

A variety of commercial services are available that will monitor your credit reports for activity and alert you to changes.  Many of the services only monitor one of the three major credit bureaus. As with any product or service, make sure you understand what you're getting before you buy. 

You know what you do with your financial entity, but in the case of Identity Theft, the thief will hide his/her activity from you for as long as possible: most cases of ID theft go unknown to the victim for 6 to 18 months.  By monitoring your credit reports and public records, ID Watch gives you the chance to stop any financial damage before it becomes unmanageable.

You will be instantly alerted of any new information in your credit reports and public records.  If a new address shows up in your public records, it may be the case that a thief has rerouted your credit card bills or opened a new bank account in your name.  This information will pop up in your public records.  Other information found in public records includes driver's license profiles, Social Security number activity, civil court records (bankruptcy, judgments, tax liens, lawsuits, etc.), employment records, etc.  Your credit report contains information about bank accounts, loans, credit card accounts, automobile purchases, financing, etc.  This not only prevents the thief from using your information for long stretches of time, thus limiting the amount of damage they can do, it also gives authorities a chance to catch the thief. 

ID Watch, and 24/7 peace of mind, costs as little as $4.95 a month.  Just as you buckle your seatbelt and buy health insurance, you should also protect your identity, because it is the only one you have.

Back

 What are fraud alerts?

There are two types of fraud alerts: an initial alert, and an extended alert.

• An initial alert stays on your credit report for at least 90 days.  You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of ID Theft.  An initial alert is appropriate if your wallet has been stolen or if you've been taken in by a phishing scam.  When you place an initial fraud alert on your credit report, you're entitled to one free credit report from each of the three nationwide consumer reporting companies.
  
  
• An extended alert stays on your credit report for seven years.  You can have an extended alert placed on your credit report if you've been a victim of ID Theft and you provide the consumer reporting company with an identity theft report.  When you place an extended alert on your credit report, you're entitled to two free credit reports within twelve months from each of the three nationwide consumer reporting companies.  In addition, the consumer reporting companies will remove your name from marketing lists for pre‑screened credit offers for five years B unless you ask them to put your name back on the list before then. 

To place either of these alerts on your credit report, or to have them removed, contact one of the three major credit agencies.  You will be required to provide appropriate proof of your identity: that may include your SSN, name, address and other personal information requested by the consumer reporting company.  You may use a personal representative to place or remove an alert. 

When a business sees the alert on your credit report, it must verify your identity before issuing credit.  As part of this verification process, the business may try to contact you directly.  This may cause some delays if you're trying to obtain credit.  To compensate for possible delays, you may wish to include a cell phone number, where you can be reached easily, in your alert.  Remember to keep all contact information in your alert current.