Since the mid-2000s, there’s been a massive surge in data breaches, putting consumers’ personal information at risk. It’s not just Equifax, either — in January 2017, the Identity Theft Resource Center found that data breaches increased a whopping 40% in 2016.
It’s never been more important to learn how to secure your personal information. That includes your credit card and debit card numbers, social security numbers, mailing address, and more.
Money360’s Guide to Protecting Your Cards will help you protect your personal information, know if your information is being used by thieves, and how to recover from identity theft.
Before: Put safeguards in place as preventative measures
There are a number of ways that your personal identity can be at risk. Some are, unfortunately, out of your hands (like a massive corporate data breach), but others are preventable.
We’ve chosen to focus on how to safeguard yourself against corporate and individual breaches, as well as common scams that are still in circulation. There are always steps you can take to make sure your personal information is more secure.
- Encrypt your physical card
- Use chip-based cards, less payments, or mobile wallets
- Encrypt transactions online
- Look for “https” over “http”
- Use credit cards instead of debit cards
Equifax was one of the largest data breaches of 2017, and according to the breach level index, the most damaging.
But Equifax is just one of many. Consumers are still recovering from the massive Target data breach that occurred in 2013 and the JP Morgan Chase hack that occurred in 2014. And these are just the noteworthy hacks — there’s still a few that have slipped under our popular radar.
There is one key protection step consumers can take in both brick-and-mortar locations and online: Encryption.
Encrypting physical credit cards
Since the Target hack, the liability for major breaches has shifted to the retailer, encouraging a wider adoption of more secure technology. But it’s slow going.
At a minimum, all consumers should have chip-based cards. If you have any magnetic-stripe cards remaining in your wallet, your issuer and see if they have updated cards available. If it’s possible to use a chip instead of swiping your card while shopping, always do so.
The same goes for less credit cards or mobile wallets. Both options offer more encryption and thus higher amounts of security than magnetic-stripe systems.
Encrypting online transactions
For the unfamiliar, the letters “HTTP” that come at the beginning of any web address are short for “Hypertext Transfer Protocol” — it’s the protocol that allows your browser to communicate with a website.
Be sure your web address includes “HTTPS” instead of “HTTP”. The “S” stands for secure, and it means that all communication between your computer and the website’s server is encrypted and private.
Phishing refers to the act of using fraudulent emails, phone calls, copycat websites — any form of communication, really — in order to obtain personal information. The most famous example is the “Nigerian Prince” scam.
- How to detect phishing:
- Be wary of urgent communication
- Always call first
- Use two-factor authentication, whenever possible
- Keep your software updated
- Always have your information backed up
Scammers often mimic work-related emails, official communications from government agencies, etc. If an email demands a quick response and/or includes a link in the body, check the sender’s address for any misspellings — usually the main giveaway for phishing scams — and always think before you click.
If you’re ed by a financial institution and something seems off, always call their official customer service line before responding.
Also, almost all financial institutions will involve some kind of two-step verification process. Some, like PayPal and Venmo, use an authenticator app on your phone, while banks and credit unions may send one-time-use codes to your phone or email. Be sure to familiarize yourself with each process.
Phishing can also lead to malware or ransomware, so be sure to keep all operating systems, antivirus software, and firewalls updated. And always backup your information — we recommend performing backups at least once a month, to remain current.
Typosquatting is also known as “URL hijacking”. Typosquatters purchase domains with the intent of obtaining traffic through common misspellings of major companies.
For example, can you tell the difference between www.lifelock.com and www.Ifelock.com? (The second URL is incorrect, the first “L” in “Life” was replaced with a capital “I.”)
Many of the misleading domains are infected with spyware, which can spread to your computer and steal your personal information when you make a purchase online.
- How to prevent typosquatting:
- Avoid typos
- Bookmark your favorites
- Use search engines first
- Keep an eye out for grammatical errors
Always be careful if you’re entering a web address directly into the navigation bar. It’s easy to “fat finger” your way into a domain registered by a typosquatter. The most famous example is the “PayPal” vs. “PayPai” scam, with the “i” capitalized. The PayPai scam began in 2000 and has remained active through 2017.
Additionally, you can always avoid typos by entering the name of your destination via Google or another search engine, or simply by bookmarking all of your most-visited sites.
If you do end up on a typosquatted site, keep an eye out for seemingly minor grammatical errors — they could be the key to determining whether the site is legitimate or not.
Telephone scams have a reputation for targeting Baby Boomers, but believe it or not, Millenials are actually more likely to give away personal information over the phone.
While the responsibility for preventing telephone spammers is shifting to cell phone companies instead of individuals, it’s still possible to have your personal info stolen by phone scammers.
- Never give out information to a cold caller
- Don’t respond immediately
- Wait for a voicemail
- Call the organization
first off, never give out any personal information — date of birth, mother’s maiden name, address, anything — to a cold caller. Ever.
Cold calling scams have grown more sophisticated over the years. With new “Can you hear me?” scams, you’ll be greeted with a voice on the other line asking if you’re able to hear them. But the call is being recorded, and if you respond “yes”, your voice may be captured and used to authorize fraudulent transactions.
And instead of using 800 numbers, scammers are beginning to spoof their target’s area code or location.
If you’ve got a call from a number you don’t recognize, let it go to voicemail. many modern phone scams are made via robocall, and won’t leave a message if they go to voicemail.
If you receive a call from a number you don’t recognize, and the caller leaves a voicemail telling you to call them back, you may be tempted to respond. Before you do, search the organization they represent. Look for reviews, and see if they have an independent customer service line.
You’ve probably heard about skimming on the news, mostly occurring at gas stations or ATMs. As of 2016, skimming is still the most common form of data breach. They’re one of the simplest breaches to set up and one of the easiest to miss.
Skimmers are small devices, either standalone or attached to existing devices, that secretly and instantly copy any credit or debit card information. It’s easy for anyone to fall prey to skimmers, but there are a few precautions you can take to protect yourself:
- Always inspect card readers
- Use credit cards over debit cards
- Monitor your accounts
Gas stations and ATMs are such popular skimming targets because their card readers are unattended, and customers aren’t paying as much attention as they would during transactions at other retailers.
You should always favor credit cards over debit cards whenever there’s a possibility of skimming. Debit cards link more directly to bank or credit union accounts, and with credit cards, there’s an extra layer of protection between thieves and your money. Under federal law, you’re only responsible for $50 in unauthorized charges taken out of a stolen credit card.
Always keep an eye on your accounts. if you see any unauthorized or unfamiliar activity, be sure to your card issuer immediately and freeze your account.
It’s always possible to have your identity stole via the physical theft of your wallet, purse, or credit card. And if you use your phone for banking — as more than 60% of Americans do — then the theft of your phone may also put your personal information at risk.
Luckily, the preventative measures for physical theft are still tried and true:
- Keep personal items safe and out of sight
- Destroy unneccecary material that has personal information
- Keep track of incoming material, such as mail
If you’re concerned about the potential for thieves to rifle through your mailbox, check out Informed Delivery® from USPS®. Informed Delivery® allows users to receive notifications and pictures of letters and packages that will be arriving in their mail the same day while allowing them to leave special instructions and schedule redelivery.
During: What to do when identity theft strikes
Unfortunately, there are just as many ways that identity thieves can use your information as there are data breaches. And the repercussions may not be immediate either. Thieves may steal your information then remain silent for years, later using it to commit fraud.
Ten of the most common frauds committed after identity theft, per Lifelock:
- Existing account takeover: Charging money or filing claims against existing accounts.
- New account: The creation of entirely new accounts under your name with a variety of financial institutions.
- Tax: The use of personal information to file fraudulent tax returns.
- Medical: The use of personal information to access your health insurance and committ health care fraud.
- Employment: The use of social security numbers to apply for jobs in your name.
- Child: The theft of a child’s perosnal information in order to commmit multiple types of fraud.
- Senior: The theft of a senior’s personal information in order to commit multiple types of fraud.
- Criminal: The use of stolen personal information to provide false information to a police officer after an arrest.
- Synthetic: The combination of fake and real personal information to create an entirely new identity.
- Estate: The theft of a deceased person’s information in order to commit multiple types of fraud.
There are a number of red flags you can look for to determine if your identity has been stolen. But they can be subtle at first, especially if you don’t suspect anything. We’ve put together a list of telltale signs that your personal information may be compromised.
If you notice one or more of the incidents below, immediately one of the three major credit reporting agencies (Experian, Equifax, or TransUnion), and order an initial fraud alert.
Red flags that your identity has been stolen:
Unexplained or incorrect expenses: Expenses that you don’t remember making and that occur outside of your normal spending habits are usually the first sign of identity theft.
Small but consistent “test charges”: If identity thieves have gotten hold of your credit card or other financial info, they may make a number of “test charges” — minuscule charges of $10 or less — to make sure transactions can go through.
A sudden fluctuation on your credit report: If identity thieves utilize your personal information for fraudulent reasons, they may have to file a credit inquiry in your name. If they file multiple credit inquiries in a short period, you’ll see a severe dip in your credit score.
Missing mail or email: The physical theft of personal communications is one way identity thieves gain access to your personal information. Be particularly wary of communications that contain your address, credit card numbers, or social security numbers.
Unexpected calls from debt collectors: Debt collectors may not know (or not care) that fraudulent expenses may have been made in your name without your knowledge. If you’re receiving threatening phone calls from collectors, you have the legal right to get them to stop.
Two-factor authentication alerts: The vast majority of financial institutions use a two-factor authentication process (whether via text or app) as part of their security. If you’re receiving unexplained messages containing verification codes, it might be a sign of identity theft.
Letters from the IRS: The IRS initiates most of its official business via letters through the mail. If you receive a phone call or letter claiming that you owe taxes or have submitted fraudulent information, call the IRS via the number listed on their website (not on the call or letter) to investigate.
Sudden denial of your credit or debit card: If you’ve been diligent in paying your monthly bills and never spending more money than you need, there’s no reason for your credit or debit card to be declined. it may be a sign of identity theft.
After: How to recover from identity theft
If you’ve noticed any of the above signs, and you’ve been able to confirm the theft of your personal or financial information, keep calm. There are ways to minimize the damage (if not erase it entirely) and to protect yourself from future theft.
First, anyone that is a victim of identity theft is protected by the FTC’s Identity Theft Fraud Victim Bill of Rights. It’s a list of 21 rights as assured by the U.S. federal government. Protections fall into such categories as “Working with Credit Bureaus”, “Communicating with Creditors and Debt Collectors”, and “Limits on Financial Losses”.
Next, you can take one of two steps to begin recovery from identity theft. You can either initiate a fraud alert or a credit freeze. Which one you choose depends on the type of personal information stolen, and the severity of the fraud it has been used for.
Fraud alerts are designed to prevent fraudsters from opening new credit cards, bank accounts, or increasing the credit limit on a specific card. With fraud alerts, creditors are required to verify with victims before opening new accounts or altering existing ones.
There are three types of fraud alerts, and all are free:
Initial Fraud Alerts: Lasts 90 days. If you suspect that your identity has been stolen, but you’re not sure yet, take out an initial fraud alert with the three major credit reporting agencies. If the alert ends, and you’re still suspicious, you can open another one.
Extended Fraud Alerts: Lasts 7 years. If you’re positive your identity has been stolen, take out an extended fraud alert. It requires that creditors you via an agreed-upon method whenever you want to make a change to your finances.
Active Duty Alerts: Lasts 1 year. These are exclusive to military members only. Active duty alerts mirror extended fraud alerts but can be renewed to match the duration of your service.
Fraud alerts are designed to stop and prevent financial fraud. If a more serious crime has been committed using your personal or financial information, consider a credit freeze instead.
If your information has been stolen and it is being used to commit serious fraud — tax fraud, medical fraud, etc. — then a credit freeze will offer more complete protection. Credit freezes should only be used if you feel your personal information is at risk. If you’re just concerned about your finances, consider a fraud alert instead.
Credit freezes prevent new accounts for credit or services from being opened in a victim’s name. Essentially, they prevent credit checks from occurring whenever fraudsters attempt to open a new account in your name — but they’ll also make it more difficult for you to open a new account.
If you’ve ordered a credit freeze, and you want to apply for something that requires a credit check, you can temporarily lift a freeze in order for new creditors to access your credit.
Credit freezes are always free for victims. If you’re a non-victim, charges vary per state, but average around $5 – $10 per freeze.
To initiate a credit freeze, you’ll have to the big three credit monitoring agencies (Experian, Equifax, or TransUnion). If you want to lift a credit freeze, you will also have to each agency.
The Bottom Line
Keeping an avid watch on your expenses, communications, and personal items is a vital step in maintaining good financial health. No one wants to deal with identity theft, but luckily, there are plenty of systems in place to help victims recognize and recover. Education is the first step in prevention, so be sure to familiarize yourself with the best steps to take before, during, and after identity theft.