1100 13th Street, NW, Suite 750Washington, DC 20005202.887.6400Customer Service: 800.544.0155
All Contents © 2019The Kiplinger Washington Editors
By Lisa Gerstner, Contributing Editor
| December 31, 2016
Data breaches got you worried? We don’t blame you. Hacking is on the rise. Last year, hacking incidents exposed 160 million records, compared with 3.7 million in 2010, according to the Identity Theft Resource Center, which tracks U.S. data breaches.
There’s not much you can do to guard your personal data when it’s in the hands of businesses or the government. But you can take steps to protect your identity in the areas under your control. We asked experts for their best advice on preventing identity theft and compiled their top recommendations. The tips are presented roughly in descending order of how severe the damage would be if an ID thief gained access to the information.
A Social Security number is like gold to an identity thief. A crook can use it—along with other information, such as your name, address and birth date—to open credit card or loan accounts, file a fraudulent tax return, obtain government benefits, even get medical care.
Never carry your Social Security card in your wallet, and don’t leave anything in your car that contains your SSN or other sensitive information, such as paperwork or a laptop computer. If you don’t think an organization needs your SSN, omit it on forms. (Your bank or lender, your employer and government agencies probably have good reason to ask for it.) If the company insists that it needs the number, ask how it will protect your information. Walk away if the response doesn’t satisfy you.
Many Medicare recipients will have their SSNs printed on their cards for several more years, until the government fully phases out cards that include the numbers. In the meantime, you can make a copy of your Medicare card, black out all but a couple of digits of your SSN on the copy and, on the back, write contact information for someone who can provide your SSN in an emergency, says Adam Levin, chairman and founder of Identity Theft 911. Carry the copy with you regularly, and take the actual card with you only for doctor visits.
During tax season, submit your return as early as possible. You may deflect any attempts by thieves who already have your SSN to file a return in your name and collect a refund.
SEE ALSO: What Not to Keep In Your Wallet
You may receive phone calls or e-mails from fraudsters claiming to be representatives from, say, your bank, the IRS or even a doctor’s office requesting personal information or demanding payment. If you’re not sure that a call or message is legitimate, look up the phone number for the company and call to ask whether it contacted you. (The IRS never initiates contact about a bill by phone or e-mail.)
Never download a file or click on a link in an e-mail or text message unless you’re sure it’s from a safe source. Doing so could infect your device with malware or lead you to a scam website that mimics a real one. In one scheme, smartphone users who click on fraudulent ads or links in text messages unknowingly install malware that later gathers their identifying information when they use banking applications.
Social-media and dating websites are fertile ground for scammers, too. Avoid sharing your address or full birth date on such sites, as well as information that could unlock security questions on other websites (such as your mother’s maiden name).
You’ve heard it a thousand times: Form passwords with combinations of uppercase and lowercase letters, numbers and symbols. Create unique passwords for each account so that a hacker who nabs your password for a shopping website, for example, can’t use it to log in to your e-mail account, too. At least for your most sensitive accounts, such as e-mail and financial portals, change your password regularly. When possible, use two-factor authentication, which involves entering an additional piece of info—say, a code sent to you via text message after an attempt to log in on an unfamiliar device.
To keep track of passwords, you can use an online manager such as Dashlane or LastPass. Such tools are also useful for securely sharing passwords.
QUIZ: Is Your Identity at Risk?
Identity thieves haven’t given up on stealing data the old-fashioned way: by digging through trash or taking your mail. At a minimum, shred unneeded papers that include your Social Security, insurance, and bank and credit card account numbers. If your mailbox doesn’t have a lock, consider adding one.
Lock your phone’s home screen with a passcode, pattern or fingerprint sensor, and set up the capability to track your phone remotely and erase its data in case it’s lost or stolen. (Android users can do so at www.android.com/devicemanager, and iPhone users can use Find My iPhone by signing in to their Apple accounts.)
Password-protect your PC, too, and make sure that your antivirus software is current. When you receive notifications on your phone or computer to update your operating system or software, do it as soon as possible—the updates often fix security flaws.
If you initiate a credit freeze, potential lenders are unable to see your credit report until you undo the freeze. It’s “like a red light” to lenders if someone attempts to open a loan or credit line in your name, says Michael Bruemmer, vice president of consumer protection for Experian. To place a freeze, contact each of the three major bureaus: Equifax, Experian and TransUnion. You may have to pay a fee of about $5 to $10 to both place and lift a freeze, depending on your state (identity theft victims pay no fees in most states). You’ll receive a PIN from each bureau that you must provide to unfreeze your reports.
Although ID theft victims are prime candidates to take advantage of a credit freeze, the strong protection it provides against financial theft is reason for anyone to consider placing one. But keep in mind that it will slow you down a bit if you want to get a mortgage, credit card or other loan (you can lift the freeze for a period that you specify while you shop for a loan).
SEE ALSO: How I Fixed My Case of Identity Theft
By far, fraudulent use of credit cards and bank accounts was the most common form of identity theft in 2014, according to the U.S. Bureau of Justice Statistics. Luckily, such fraud is usually among the easiest for victims to resolve. The law limits your liability for unauthorized credit card purchases to $50 (the major credit card networks all have zero-liability policies). Your responsibility for transactions on a stolen debit card could be $500 or more if you don’t report the problem promptly, but your bank will most likely make you whole.
Still, a drained bank account creates stress and inconvenience. If you’re a disciplined spender, using a credit card and paying it off each month is a good idea—you’ll enjoy stronger protections and limit your debit card’s exposure to theft. When you use your card at an ATM or gas pump, check for skimming devices, which criminals install to steal card data, by tugging at the card slot. If anything shifts, don’t use the machine. Shield the keypad with one hand as you enter your PIN to block it from hidden cameras or wandering eyes nearby. Check card statements for charges you don’t recognize—especially small charges, which thieves may use to test the card.