Your Personal Information Has Already Been Stolen

     According to a year end 2016 report from Javelin Strategy & Research, the number of consumers who were victims of identity theft or fraud grew 16% in 2016 to 15.4 million.  The good news is the average fraud amount per victim decreased from $1,145 in 2015 to $1,038 in 2016.  Since credit and banking companies typically reimburse consumers for unauthorized use, the average cost to the consumer was only $48. ($56 in 2015)  The reason, according to Javelin, is that “While fraudsters are becoming better at evading detection, consumers with an online presence are getting better at detecting fraud quicker, leading to less stolen overall per attempt.”

     As we are all aware by now, over 145 million individuals may have had their personal information exposed as a result of the Equifax data breach that occurred earlier this year.  That is a significant number considering the entire US population is estimated at 326 million.  As a result, many people are concerned that their information was part of the compromised data.  The simple answer is yes, assume your information is out there.

     In recent years, we have heard of major data breaches exposing personal information, passwords, credit card numbers, and other personal data, from companies such as TJX Companies, Heartland Payment Systems, Sony PlayStation Networks, JP Morgan, Target, eBay, Home Depot, Yahoo!, Anthem, and more.  A recent study by Risk Based Security determined that in 2016 there were 1,971 data breaches in the United States that exposed over 2.9 billion records.  Therefore, I am confident that my information has already been stolen…and that yours has been too. But, I am not signing up for ID theft protection because:  1.) I already know that it has been stolen, and 2.) Even if the ID protection service scans and finds my info for sale on the black-market internet, the thieves aren’t going to give it back to me.

     While the recent Equifax breach essentially provided the hackers with just about everything they need to establish new credit in your name or take over your current accounts, there are a few steps you could take now that could save you a lot of time, frustration and money later. 

  1. Check Your Credit Report. Regularly check your credit report for accuracy. AnnualCreditReport.com will provide you with one free credit report from each of the three reporting agencies annually, and you do not need to provide a credit card number to obtain it. You can get all three at the same time, or set a calendar reminder and pull one report every few months to be more attentive.

  2. Freeze Your Credit at each of the three major reporting agencies: Experian, TransUnion & Equifax. A security freeze on your account restricts access to your credit report, even to you, making it more difficult for a thief to open an account in your name. You will need to notify the bureaus in advance to temporarily lift the freeze if you later want to apply for a new loan or credit card. For more information on a credit freeze, you can view the Frequently Asked Questions on the FTC website. There may be costs associated with establishing the freeze and removing the credit freeze.

  3. Monitor Your Accounts Regularly. Login and review your accounts daily or weekly and contact your bank immediately if you see any suspicious activity. Almost every reputable bank offers an app that customers can download to their smartphone and tablet. If you have accounts at multiple financial institutions, you might consider using a service like Mint to aggregate your accounts in one place that is easy to view.

  4. Enable Purchase Alerts on Your Credit Cards. Most, if not all, major financial institutions that issue credit cards will send real time purchase alerts to your mobile device if you have downloaded their app and turned the feature on.

  5. Use Strong Passwords and Two-Step Verification. According to experts, most identity theft occurs with an individual’s existing accounts. We have all heard about the terrible common passwords like 12345678, password, qwertyuiop, asdfghjkl, or even 1q2w3e4r, just to name a small few. For accounts that contain important information like credit cards, banking, file sharing and email, using a strong password is one of the best ways you can protect your data online. Need some help? Here is an article about how to create a secure password. The extra “two-factor authentication” is often an opt-in that requires a second verification after you login. It may be in the form of an emailed or texted code.

  6. Choose Verification Questions Wisely. While identity verification questions help secure your account, answers to questions like “What street did you live on when you were growing up?” and “Where were you born?” can be easily obtained with access to your social media account or personal information.

  7. Don’t Use Debit Cards. Period. Using your debit card to shop is more risky than a credit card. Under the Fair Credit Billing Act, you are only liable for up to $50 of unauthorized use on your credit card. Debit cards, however, fall under the Electronic Fund Transfer Act. Under this act, your liability is based on how quickly you report the fraud. Your time limit begins on the date of the first periodic statement that contains the transaction. If you report a lost or stolen ATM or debit card within two days, the EFTA limits your liability to $50. If you report the loss within 60 days after your statement is mailed to you, you could lose as much as $500. After 60 days you risk unlimited loss. Since many people don’t get their statement within two days of it being mailed to them, they could be liable for up to $500. Instead of using a debit card, consider a virtual debit card from a company like privacy.com, or a third-party payment processor like Apple Pay, Amazon Payments, or PayPal. These payment processors keep your credit and debit card details secure by not sharing them with the merchant.

  8. Pay Attention to Your Credit Score. A meaningful change in your FICO score could be an indication that something is wrong. It is easy to check your credit score now as most financial institutions such as Wells Fargo, Bank of America, American Express, Citi, and others, enable customers and card holders to view their score with one click on their website.

     Although avid online shoppers may be more exposed to identity theft, individuals who only use cash and checks are not shielded from identity theft.  According to the same Javelin Strategy & Research study, offline customers are exposed to less risk of fraud, but incur higher losses than other fraud victims because they take 40+ days, on average, to detect fraud.

     Establishing new credit in your name, filing a tax return or accessing your health insurance are some of the most destructive forms of ID fraud that can occur when a thief has your name, birth date and social security number.  Nonetheless, existing account fraud is still much more prevalent than new account fraud.  Account take-over (ATO) and Card-Not-Present (CNP) fraud saw significant growth in 2016. Implementing these easy do-it-yourself monitoring actions can’t stop an ID thief, but they can make it extremely difficult and reduce your chances of an out-of-pocket loss in the event that anything does happen. 

Kevin Warman

(Last Updated 10/5/2017)


Update: Yahoo! just announced that all 3 billion users' information was compromised in the 2013-14 data breach.