By Mark Durham
Consider these recent news items:
Investigators in Georgia served 80 arrest warrants in a scam where identities of dead people were stolen to bolster the credit ratings of car buyers.
An inmate at the Tennessee Prison for Women, a University of Memphis basketball player, and six others allegedly used information obtained from prison data entry work to obtain merchandise, cash, and gift cards from various department stores.
|The father of four-month-old Wyatt McVay tried to open a savings account with the contents of Wyatt’s piggy bank; the father’s credit union informed him that more than a year earlier, an identity thief had used Wyatt’s Social Security number to cash fraudulent checks. As a result the infant was unable to open a bank account. After some hemming and hawing, the Social Security Administration eventually agreed to issue Wyatt a new number.|
|“Dumpster diving” in trash bins for credit card statements, loan applications, and other documents containing names, addresses, account information, and SSNs|
|Stealing mail from unlocked mailboxes to get preapproved credit offers and newly issued credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, or tax info|
|Gaining fraudulent access to credit files by posing as a loan officer, employer, or landlord|
|Getting names, addresses, birth dates, and SSNs from personnel or customer files in the workplace|
|“Shoulder surfing” at ATM machines and phone booths to capture PIN numbers|
|Culling personal data from online sources, such as public records and fee-based information sites|
|Hacked databases, packet-sniffing technologies, and “phishing” e-mail scams|
Stolen personal data travels fast. A global black market for identity data has emerged. The potential rewards for criminals vastly outweigh the risks—which may explain the increased involvement by organized crime in scams based on identity theft. The rapid evolution of digital technology and electronic communications—which enable the instantaneous proliferation of stolen personal data and fuel a constant mutation in the techniques available to scammers—have also contributed significantly to making identity theft a truly universal threat.
|Scrutinize your credit report at least twice a year|
|Sign up for a credit monitoring service|
|Periodically check other personal records, such as your DMV file|
That said, every potential target of identity theft—and that means anyone with a credit card, a bank account, a driver’s license, or an SSN—should minimize his or her risk by following the five steps described below.
1. Know your personal information—and your vulnerabilities.
|Your driver’s license|
|Your credit card information|
|Your bank account information|
|Your mother’s maiden name|
|Your home address and phone numbers|
Any other information that helps an imposter pretend to be you
|Your SSN, in particular, is a prime target for criminals. Release it only when absolutely necessary. Don’t carry your Social Security card unless it’s truly required, such as your first day on a new job. Likewise, avoid carrying cards that display your SSN—health insurance cards, for instance—and never have it printed on your checks.|
Your home address, in the wrong hands, can create two vulnerabilities: mail theft and burglaries that target your personal information. As for your mother’s maiden name, people still accept it as proof of identity, so do your best to protect it.
2. Reduce your exposure.
Here’s a checklist of specific areas where you can make your personal information less vulnerable:
|Your wallet or purse. Don’t carry your Social Security card, birth certificate, passport, or extra credit cards except when truly necessary. At work, store your wallet or purse in a safe place.|
|Credit cards. Minimize the number of cards you actively use, and carry only one or two in your wallet. Cancel unused accounts—their account numbers are recorded in your credit report, providing a tempting target. Keep a list or photocopies of your credit cards in a secure place to expedite reporting if they’re lost or stolen.|
|Checks . Pick new checks up at the bank instead of having them mailed to your home. If you have a post office box, use that address on your checks. Store canceled checks in a safe place. In the wrong hands, they can reveal a lot—your account number, your phone number, and sometimes your driver’s license number.|
|Passwords and PINs. When creating passwords and PINs (personal identification numbers), don’t use the last four digits of your Social Security number, your mother’s maiden name, your birth date, your pet’s name, or anything else that could easily be discovered or guessed. Password-protect computer files containing sensitive personal data, using alphanumeric passwords that combine six to eight characters and mix uppercase and lowercase letters.|
|Marketing lists. Remove your name from the marketing lists of the three credit reporting bureaus — Equifax, Experian, and Trans Union — by calling (888) 5-OPTOUT. Add your name to the National Do Not Call Registry. Sign up for the Direct Marketing Association’s Mail Preference and Telephone Preference services, which will add you to name deletion lists used by nationwide marketers. Say no to sharing of your financial data by your bank, credit card companies, insurance companies, and investment firms.|
|Postal mail. To deter mail theft, install a locked mailbox at your residence, or use a post office box or a commercial mailbox service. During extended absences, have mail held at the post office or ask a trusted neighbor to pick it up.|
|E-mail and websites. Shop online only with companies that provide transaction security protection and have strong privacy and security policies. When paying with credit cards, be sure secure transmission and storage methods are used. Avoid opening spam and other e-mail from unknown sources—it may contain viruses or other programs that will make your computer vulnerable to intrusion.|
|Phone calls. Never give out your SSN, credit card number, or other personal information over the phone, by mail, or on the Internet unless you have a trusted business relationship with the company and you have initiated the call.|
Document storage. Store personal information securely in your home, especially if you have roommates, employ outside help, or have service work done in your home. Install a firewall between your home computer and your connection to the Internet (DSL or cable modem). Install virus protection software—and keep it updated (daily if possible, and weekly at the bare minimum)—to prevent a worm or a virus from causing your computer to send out files or other stored information.
5. Act fast if trouble strikes.
These tips will be invaluable both for you and for your clients. But other issues related to identity theft may arise with respect to your practice. If you have staff, they are potential victims as well as potential perpetrators or enablers of identity theft. Database compromise, too, is a significant concern, especially in states such as California that mandate disclosure to affected parties of suspected, as well as actual, security breaches.
Mark Durham ( firstname.lastname@example.org) is Communications Director of Identity Theft 911, LLC ( www.identitytheft911.com), headquartered in San Francisco, California. Identity Theft 911 is the only company offering comprehensive identity theft resolution services, including one-on-one counseling and advocacy, to U.S. consumers.