UPDATE: LifeLock is involved in a class-action lawsuit that claims that not only does the company NOT do what it says it does, but its CEO, Richard Todd Davis, who drives around with his SSN painted on his vehicle, has had his identity compromised!
Because of this, I am removing all LifeLock ads as well as putting this note on all of my posts that mentions LifeLock.
Apparently, Davis has had 20 driver's licenses issued in his name by ID thieves. Not a good record. Of course, nothing has been proven yet, but this article is pretty damning.
One of the biggest issues now and for the future is identity theft. Virtually anybody can fall victim. This post will give you a little background on what ID theft is, how it affects you (and society in general), how you can minimize your risk, and what to do in case you do become a victim.
What Is Identity Theft?
Identity theft, by definition, occurs when somebody takes personally identifiable information from you; it could be in the form of your name, social security number, account number or numbers, address, birth date, etc. Not all identity loss is theft. For example, if you lose your credit card, nobody has stolen it, nor does anything malicious have to happen.
However, if somebody picks up your credit card and a) doesn't try to find its owner and b) attempts to use it, that person could be said to have stolen your credit card. You have now suffered a potential financial loss as well as suffering a loss of a piece of your identity.
I want to be clear that just losing a piece of mail or your credit card is not identity theft, nor is it theft of any kind. Furthermore, fraud only occurs when somebody else uses the lost item. Perhaps they order something online or use it at a gas station.
So, to be considered potential identity theft, your confidential or otherwise non-public information has to be compromised in a way that could harm you if somebody used it fraudulently.
Identity theft and the fraud that goes along with it is estimated to affect about 4 percent of the US population. According to a 2006 study conducted by the Federal Trade Commission, losses attributable to identity theft topped $15 billion, affecting over 8 million people. 41 percent of the ID theft victims came from "existing non-credit card accounts," 37 percent from "existing credit card accounts," and 22 percent from "new accounts and other fraud."
One might conclude then that 78 percent of the losses could be attributable to existing accounts, rather than new accounts.
However, you'd be wrong. While more victims fall prey to ID theft through existing accounts, most of the losses come from new accounts. In fact, 48 percent of the ID theft losses come through the new accounts channel, while 51 percent come from existing accounts.
These figures are expected to rise rapidly in the coming years. Furthermore, it's not all about your finances. ID thieves can also -- and DO -- use your identity to cover theirs (for example, a miscreant who steals a car might tell the police that he is you). Finally, your reputation is at stake.
Prevention is the Best Medicine
The old adage, "An ounce of prevention is worth a pound of cure," is a truism no better applied than to ID theft. There is a misconception that most identity theft comes through online activities. Images created by the media of Russian hackers breaking into Staples and other online retailers' POS systems are all too prevalent. It does, and has, happened. However, the majority of ID theft cases occurs the old-fashioned way: Through physical means.
Intercepting mail is a biggie. Stealing physical data is another. Picture a thief breaking into your house and stealing important documents like birth certificates, credit cards, social security cards, and the like. "Dumpster diving" is another source for theft: What you throw away can compromise your identity.
All that said, it is important to minimize your exposure. ID thieves are opportunists, just like other thieves. Car thieves, for example, will not attempt to break into a car that's locked and armed with an alarm if another car nearby is unlocked without any protection.
The same goes for your identity. If you take some easy, reasonable measures, you can really reduce the chance that somebody will bother trying to steal your identity.
Here are some steps to take to minimize your exposure to identity theft. (This list is not all-inclusive, though I've tried to put down everything that's prudent. If I've missed anything, by all means, leave a comment. I will include it in updates.)
- Have your mail delivered to a locked mail box. Send your mail from the post office or drop it off at one of the USPS' big blue boxes. Pick up your mail every day; if there will be a time where you cannot do this, say, you're on vacation, have the post office hold your mail.
- Shred mail and other documents that you no longer need. Use a cross-cut or confetti shredder. If you're really paranoid, shred and dump into two containers that you alternately dump each week.
- Stop junk mail. It's frightening how much personal information can be gleaned from thieves stealing your junk mail. It's often their "foot in the door" approach. Call (888) 567-8688 to stop having credit card offers sent to you. Go to the Direct Marketing Association's web site to remove your name from other lists.
- Don't leave mail in your car. It only tempts ID thieves. Plus, often, they can see the contents of your mail through a window.
- Store important documents at home in a safe. This includes birth certificates, social security cards, unused credit cards, and checks. Better yet, store them in a safe deposit box at your local bank.
- On your personal checks, only have the check printer (usually through your bank) print your name and address. Don't put your phone number or driver's license numbers on the checks. Pick up your checks at the bank rather than having them delivered to your home.
- Carry only what you need in your purse or wallet and guard them with care. Don't leave your purse, if "only for a minute." Social security cards are to be kept home in a safe. Only carry one or two credit cards.
- Switch as many of your accounts as possible to online access with e-statements. The less mail you have floating around, the better. Check the transactions carefully on your statements. If you don't recognize one or more of them, investigate.
- Use strong passwords. Don't write them down and store next to your computer. That's like leaving your car keys in the ignition. Don't make it easy for ID thieves. Consider, if you must write down your passwords, putting the list in your purse or wallet. It's really okay to do this as long as you're smart and prudent about it. Consider using RoboForm. I wholeheartedly recommend this software. It can generate super-strong passwords and then store them on an encrypted disk (if you so choose), negating the need to write them down.
- Encrypt your disks. TrueCrypt is free and easy to use.
- If you use a wireless network for your online access, lock it down. At the very least, use WPA with strong passwords. The longer and more varied your password, the better.
- Use a firewall. Keep your OS, antivirus, and firewall software up-to-date.
- Don't click links in email unless you know the source and destination. Be wary of all hyperlinks.
- Never use a public wireless network for conducting personal business. Checking your bank balance online at Starbucks is convenient. Just think how easy it is for an ID thief to intercept your information!
- Lock your computer when not using it. Better yet, turn it off and require a username and password to log on. Windows and Mac OS both have this functionality built in.
- Store really sensitive material on encrypted removable hard drives or flash memory. When not in use, store at your local bank safe deposit box.
- Place Fraud Alerts at the credit reporting bureaus. This ensures that new accounts cannot be opened without your express consent.
- If you're not going to use a credit card, cut it into many pieces (or shred it) and dispose of it. Did you know that your card can be used even if not yet activated? (Yeah, what's the point of activation?)
- Never give personal information over the phone unless a) you initiated the call, and b) you know exactly with whom you are speaking.
- Avoid phishing, which is an attempt by ID thieves to get you to reveal personal information like social security numbers, user names, passwords, and other sensitive material through a mechanism called social engineering.
- Never use your cell phone for conducting calls where you might reveal personal information. I say this not because cell phones are not secure (they are), but most cell phone conversations take place in public. Remember ID thieves are opportunists; they seek out opportunities like these.
- Make a copy of all contents in your wallet (or make a list of its contents) and store it someplace handy and safe. When we lose our wallet (or purse), we forget what was in it and then we cannot contact all the appropriate parties. For example, you may forget that you're carrying your AmEx card for that special trip to Costco when you lost your wallet, so you call your VISA bank card issuer and have them close the account and open a new one, but you neglect to do the same for the AmEx. Make note of the "report lost or stolen" credit card numbers on the backs of your credit cards.
- Check your credit reports regularly. Note activity on your reports that don't make sense. If an account is listed on there for which you don't have a relationship, get to the bottom of the issue right away.
- You are entitled to a free credit report one time per year. Get one now or call (877) 322-8228. Avoid that annoying Free Credit Report dot com site. It is NOT free.
- Keep a keen eye on a missed statement in the mail. This most likely means that your mail was delivered to somebody else. If to an ID thief, you've just been compromised.
- Don't open dozens, or even 3, credit card accounts. It just makes keeping track of it all the more difficult. Choose wisely. If you need another credit card, you should consider earning more money or cutting spending, or both!
- Avoid opening credit accounts with retail stores. Often, you can get 90 days (or more) "same as cash" credit deals when purchasing a big screen TV. Don't. Life is too complex already. Keeping track of one more payment is something to avoid. It also minimizes risk of ID theft.
- Consider using a service like LifeLock (see the UPDATE at the beginning of this post) and myFICO. Note that you can get most of the things these two companies offer for FREE. For a few dollars a month, however, you can buy peace of mind. The choice is yours, of course.
What To Do If You Are a Victim?
The first thing you'll want to do when you become aware of potential compromise is to call the party to which that compromise is attached. That is to say, if you've lost your credit card, call the credit card company. If you haven't already, place Fraud Alerts with the credit reporting bureaus. Call local law enforcement if a theft has occurred.
Call 877-ID-THEFT. They can help.
Here's a HUGE list of things to do if you've become a victim.
The Bottom Line
Identity theft is a growing crime. Our economy is transaction-based. The more transactions we initiate, the more we expose ourselves to the risk of Identity Theft. While there are government and nonprofit groups available to assist you, it is ultimately YOUR RESPONSIBILITY to protect your identity. Nobody else will. Taking the steps above will minimize your exposure, and thus your risk, while also not making it impossible to live life with all the conveniences we expect.
US Department of Justice
Federal Trade Commission
National Fraud Information Center
How Stuff Works
Privacy Rights Clearinghouse