Published: July 31, 2005
By Lynn Brenner
These days, it seems you can’t turn on the news without hearing about yet another security breach exposing consumer information to identity thieves. Due to stunningly widespread corporate carelessness, the records of more than 46 million Americans were lost or stolen in the first half of 2005 alone. Clearly, it’s up to you to protect yourself. Here’s what you need to know.
What a Criminal Does
An identity thief doesn’t just steal your credit card and go on a spending spree. He gets new cards, opens new accounts and takes out new loans, leaving a trail of unpaid bills in your name. He can even use your identity to commit crimes or acts of terrorism, says Mari Frank, a California lawyer who was an identity theft victim and is now an authority on the crime. Most victims don’t find out what has happened until long afterward, when they’re called by a collection agency or turned down for a loan. The thief may be someone you know. Linda Foley, a magazine writer, learned that her own employer had swiped her identity to open cell phone and credit card accounts. Foley and her husband are now the executive directors of the Identity Theft Resource Center (ITRC) in San Diego. Sometimes the thief works for a company you do business with. Bridget J. Thomas of Prairieville, La., learned that her identity had been stolen by a bank employee at a branch 300 miles from the one she used. “When she was caught, she was employed with a different bank, in a different state,” says Thomas. “And even after she was arrested, that didn’t stop the collection agencies from hounding me.”Setting the record straight is a nightmare that can take years. In serious cases, victims spend an average of 600 hours and $1400 in out-of-pocket expenses to repair their credit. Until you can “prove” your innocence, you may face higher insurance rates and credit card fees, be rejected for a student loan or a mortgage, find you can’t get a job—even be arrested for crimes you didn’t commit.
Can This Happen To You?
All a thief needs is your Social Security number—which is routinely used by government agencies, health care providers, utility companies, employers and financial institutions. Even your video rental store has it. Often, this information is publicly available. That’s how retired Gen. John M. Shalikashvili, the former chairman of the Joint Chiefs of Staff, became a victim: His Social Security number, along with those of other military officers, was published in the Congressional Record and later posted on a Web site. In 1999, thieves used their identities to open 273 new credit card accounts and run up $200,000 in charges. And all your personal information is now for sale by data brokers. In February, ChoicePoint, a huge data broker, revealed that it had unwittingly sold consumer Social Security numbers and credit reports to criminals posing as businessmen. That disclosure was mandated by a 2003 California law requiring consumer notification when data is compromised. (A weaker version of that law has been proposed at the federal level.) The same law has revealed shocking corporate irresponsibility: Bank of America, Time Warner, Wachovia, MCI and Ameritrade are among the household names that have admitted losing the personal data of more than 6 million customers and/or employees so far this year. MasterCard International disclosed that a hacker had stolen 40 million account numbers from a company that processes the transactions of MasterCard, Visa USA, American Express and Discover cardholders.
A New Form of Defense
You could stop ID thieves cold by freezing access to your credit file. The file becomes off-limits to anyone who doesn’t know the secret PIN number that you choose. The result: A person applying for credit in your name is rejected, because the lender can’t check your history to approve the application. (Your current credit cards aren’t affected.) And if you want to apply for new credit or let someone run a background check on you, you can get a credit thaw. Before shopping for a new car, for example, you might thaw your history for auto dealers.Yet only 10 states—California, Colorado, Connecticut, Illinois, Maine, Nevada, Louisiana, Texas, Vermont and Washington —let consumers block access to their credit files. The three big credit bureaus each charge about $10 for a freeze and $10 for a thaw. So true protection costs about $60 if you opt for one thaw a year, says Linda Foley. By contrast, credit monitoring costs around $100 a year and only tells you after the fact that you’ve been robbed. Congress is considering a law to allow credit freezes nationwide, but banks, mortgage brokers and retailers strongly oppose giving consumers this option. “The biggest opponents are the credit bureaus,” says Mari Frank. “They make a fortune selling access to your credit report.” These firms are lobbying for a weak federal law, which would supersede tough state laws. They argue that a credit freeze hurts the consumer by eliminating the convenience of instant credit. True, it can take up to three days to thaw your credit file. “But how often do you buy a car or apply for a mortgage?” says Foley. You should get to decide whether to limit access to your own data, she adds. If you agree, tell your Senators and Representative. At www.senate.gov or www.house.gov you’ll find their names and contact information.
What You Can Do Now
Periodically check your credit report for suspicious activity. By September, all Americans will be entitled to a free annual credit report from each of the three bureaus—Experian, Equifax and TransUnion. By requesting a report every four months, you can keep free tabs on your record year-round, instead of paying for credit monitoring. (Go to www.FTC.gov/ credit for more information.) Buy online with credit, not debit, cards. With a credit card, your maximum liability for unauthorized purchases is $50.Don’t respond to a ‘phishing’ e-mail. It looks just like a message from a company you do business with and often warns that your account will be terminated if you don’t “update” or “verify” your financial information within 24 hours. Don’t click on links in this e-mail! To check it out, type in the firm’s Web address yourself or call the company.
If You’re a Victim…
•Act fast—and brace yourself. You may face uncooperative credit and law enforcement agencies. For emotional support and sound advice, rely on organizations like ITRC (at www.idtheftcenter.org) and books like Mari Frank’s From Victim to Victor: A Step by Step Guide for Ending the Nightmare of Identity Theft, which lists the agencies to call for help and provides all the legal letters you need to send.•Call Equifax, Experian and TransUnion to put a fraud alert on your credit reports. The alert lasts up to 90 days and requires creditors to call you before opening new accounts in your name. But be warned: There’s no legal requirement to honor alerts; merchants eager to make sales often ignore them.•Close your credit card accounts and change the passwords on all your financial accounts.•File a police report. Credit bureaus won’t extend a fraud alert without it. Unfortunately, says Frank, local police are often reluctant to provide a report. Many lack the resources to investigate the crime.•Mail copies of the police report to all three credit agencies with a cover letter demanding your complete credit file. •Call every creditor with a bogus account listed in your file and have them close it immediately. Demand copies of all fraudulent applications for credit and billing statements, advises Frank. Creditors don’t want to divulge that information—but they will if you request it in writing and enclose a copy of a police report.
Stolen wallets and checkbooks remain the most frequent sources of ID theft.
*Avoid carrying your checkbook or your Social Security card. Photocopy your card and cut out all but the last four digits. Government agencies and companies should be required to X out all but the last four numbers too, says victims’ advocate Linda Foley.
*Never give out your Social Security number without first asking, “What happens if I don’t give it?” Most of the time, the answer is, “Nothing.”
*Don’t use your mother’s real maiden name or your real city of birth as identifiers, advises Foley. Use made-up names. (City of birth: Atlantis.) But never make up a Social Security number! That creates a problem for someone else.
*Try to add passwords to online and offline accounts, so that anyone who calls your bank or mutual fund needs more than your name, address and Social Security number to impersonate you.
*Make sure your mail is delivered to a locked box.
*Buy a cross-cut shredder and destroy all unsolicited pre-approved credit offers and blank “courtesy” checks.