Online Identity Protection
Identity Theft encompasses a list of crimes, from unauthorized purchases on your credit card and withdrawals from your bank accounts to apartments leased in your name and defaulted loans marring your good credit. Approximately 9 million American identities are used fraudulently each year. That's about 4% of the adult population. Safeguarding yourself against identity theft is a good idea.
Identity thieves gather personal information, such as your name, Social Security number, address, credit card number, or account passwords. They use that information, in a variety of ways, to steal money for which you are held responsible. The key to limiting your risk of identity theft is to keep your personal information as private as possible. Sources offer a variety of suggestions for specific actions, most of which fall into these categories:
- Keep printed information out of other people's hands.
- Keep electronic information secure.
- Don't respond to queries from unknown sources.
The best way to keep someone from stealing printed information is not to print it in the first place. Don't have your Social Security number, phone number, or driver's license number printed on your checks. Any time you are asked to provide your Social Security number, ask that a different identification number be used, instead. If a creditor will provide your statements online, take advantage of the offer; pay your bills electronically, as well. (Take steps to keep your computer secure, however, as described in the following section.)
Invest in a paper shredder -- they can be purchased for as little as $29.99. Before you recycle account statements, paid bills, cancelled checks, credit offers -- anything containing your signature, Social Security number, medical or legal information, or any of your account numbers -- shred them. Shred old credit cards, or cut them up with scissors, and cancel all credit cards that you don't use.
If you do pay your bills by mail, don't leave them in an unlocked mailbox or an office out box; deposit them in a secure mail slot. Consider installing a lock on your mailbox or get a P.O. box, so that incoming mail is secure, as well; at the very least, know when you're expecting new checks or credit cards to arrive in the mail, and be sure to notify the financial institution if the delivery is late.
Carry as little personal information in your wallet or purse as necessary. If you can leave your checkbook at home, do so. Don't carry your Social Security card, and if you can do without your health insurance card, leave that out, too.
Keep electronic information secure.
Personal computers provide a convenient means for paying bills, viewing account statements, and conducting bank transactions. They can be a particularly safe means, as well, since they circumvent the "paper trail" of objects that identity thieves can take from your mailbox or your trash bin. Without proper protection, however, electronic information is susceptible to theft. If you're technically proficient, you may be able to implement the following recommendations yourself; if not, you may find it well worth a small expense to hire a professional to install these safeguards and show you how to maintain them.
Firewalls and virus protection programs, updated as often as their manufacturers make improvements available, provide blanket protection for your files. In addition, many experts recommend password-protecting sensitive files.
When you create passwords to access your private information online, don't be lazy: it's easiest for you, of course, to invent one simple, unchanging password and use it for all your accounts. But, by the same token, it's not so hard for a thief to discover that password either. Create different passwords for each of your accounts, and change them every 30 to 60 days. Don't construct your password from information a thief can find elsewhere, like your mother's maiden name, a portion of your Social Security number, or your phone number. Use combinations of upper-case letters, lower-case letters, digits and special characters.
Secure the network, whether wired or wireless, that you use at home or at work, so that thieves can't access your computer through your network. Change your network connection settings so that you don't connect automatically to any available open network. If you do choose to use a public, open network -- the type that's available for your convenience in many coffee shops, airports, hotels, and other public places -- be careful what you transmit: don't shop, bank, or conduct any other activity that involves personal information over an open network.
When you do shop online -- always over a secured network -- only use sites that provide transaction security protection. An additional safeguard for online purchases is to open an additional checking account just for your online purchases. Deposit only what you plan to spend for your online purchases into this account. If this account is compromised, you will only have to close this particular account and not an account that is connected with your mortgage auto-pay, direct deposit, etc.
Beware of file-sharing and file-swapping programs; don't use them at all when you're connected to an open network. And, before you sell, trade or donate an old computer, use a "wipe" utility to erase data -- don't count on simple deletion of files to remove all personal information.
Don't respond to queries or offers from unknown sources.
Stories abound of particular scams used to steal identities through e-mail or by telephone. Despite the myriad of schemes employed, the advice on handling them is always the same: no matter how legitimate the source appears to be, do not provide personal information requested in an e-mail or telephone call. Legitimate financial institutions will never contact you requesting your personal information. If you receive such a request, do not respond to it. Instead, contact your financial institution and tell them about the phony request.
Early detection of identity theft is very important.
With most banks and credit card companies, you can view your accounts online: all charges and payments for the month, or deposits and withdrawals, as well as your current balance. We recommend that you use these online services (on a properly protected computer, of course). If you prefer to use paper, know when to expect your bills and statements to arrive. If they're more than a few days late, contact the financial institution: identity thieves may have changed the address on your account in the hopes that you would forget to monitor activity if you weren't reminded by a statement or bill arriving in the mail. However you view your statements, check them to be sure all entries are correct, and notify your financial institution immediately of any charges you believe you didn't make. If, after checking with your financial institution, you believe that fraudulent charges have been made to your account, take steps to report the crime.
Monitoring bank and credit card activity enables you to catch identity thieves who are accessing your existing accounts. Thieves may also use your identity, however, to open new accounts or incur new debts in your name. These liabilities aren't detectable immediately, but you can find them once the bills are overdue, by checking your credit report. By law, you're entitled to one free credit report per year from each of the three major reporting agencies: TransUnion, Equifax, and Experian. We recommend staggering those three reports throughout the year, so that you receive one every four months. Order your credit reports from the following agency:
THIS IS A NOTICE REQUIRED BY LAW. Read more at consumerfinance.gov/learnmore. You have the right to a free credit report from annualcreditreport.com or (877) 322-8228, the ONLY authorized source under Federal Law.
Phone: Call (877) 322-8228 to request credit reports by phone. There is a simple verification process over the phone. Your reports will be mailed to you.
Mail: You can obtain your credit report by mailing a request to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
Report any erroneous entries immediately.
If you believe you have been a victim of identity theft, the Federal Trade Commission provides resources and advice for rectifying the damage. Various victims' stories indicate that it may take a long time and a lot of work, however, to clear your name, re-establish your credit, and divest yourself of any responsibility to pay for an identity thief's crimes. It's worth some time and energy to deter identity theft in the first place.
Summary of recommendations:
Discourage identity theft
- Carry as little personal information in your wallet as possible.
- Shred documents containing personal information before you dispose of them.
- Use secure mailboxes for sending and receiving personal information.
- Bank, pay bills, and view account information online rather than on paper.
- Don't print your Social Security number or driver's license number on your checks.
- Use firewalls and virus protection programs.
- Password-protect sensitive files.
- Create unusual account passwords.
- Use a different password for each account.
- Change your passwords every 30 to 60 days.
- Secure your network(s).
- If you use a public, non-secure network, don't transmit any personal information.
- If you shop online (on a secure network), use only sites that provide transaction security protection. An additional safeguard for online purchases is to open an additional checking account just for your online purchases.
- Don't respond to any telephone or e-mail queries for personal information, even if they seem to be from your own financial institutions.
Detect identity theft
- Check your bank account statements, credit card statements, and other bills as soon as you receive them.
- Be sure that you receive bills on time.
- Inspect your credit report every four months.
Recover from identity theft
Visit the Federal Trade Commission's Web site for guidance.
- Update and strengthen the security of your online passwords.
- Change the password every 30 to 60 days
- Complex, at least 8 characters that include a combination of mixed case letters, numbers and special characters.
- Prohibit the use of "shared" usernames and passwords for online banking systems.
- Use a different password for each website that is accessed.
- Never share username and password information for Online Services with third-party providers.
- Use a secure browser and trusted computer for sensitive transactions.
- Be selective about where you surf.
- Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.
- Limit Internet use on computers used for Online Banking. This reduces the risk that malicious programs will infect those computers.
- Log off when you're done using Web sites that require a user ID and password.
- Never leave a computer unattended while using any online banking or investing service.
- Disconnect and shut down when you're not using your computer.
- Log off, disconnect, and shut down.
- Utilize Online Banking to review account daily.
- Use Bill Pay within Online Banking.
- Monitor account balances and activity daily. Report any suspicious activity immediately by calling customer service or your nearest banking office.
- Check for the VeriSign certificate visuals.
- Consider clearing the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's preferences menu.
- Verify that your online banking session is secure. Look for "https" not http.
- Review all e-mail from the bank.
- Account shut down notice. If you receive an e-mail that warns you, sometimes with little or no notice, that your account will be shut down unless you confirm your billing information, do not reply to the e-mail, or click on any links in the e-mail; instead, you must contact the company referenced in the e-mail by telephone or by using a website address that you know to be genuine.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Reconcile daily/monthly (including separation of duties between who issues payment versus who reconciles)
- Separate controls for your business Online Banking. Use one computer to create online payments; have a second user approve those payments from a different computer.
- Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
- If possible, carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
- Immediately escalate any suspicious transactions with the bank. There is a limited recovery window for these transactions and immediate escalation may prevent further loss by the customer.
- Online Cash Management Customers - Review all e-mail from the bank. You will receive e-mail messages automatically when your challenge questions are answered correctly, as well as when ACH or wire transfers are processed. You must notify the bank immediately if you receive such an e-mail and the user has not logged in or submitted any such ACH or wire transfers to the bank.