By Geoffrey Vanderpal, DBA, CFP®, Full-Time Faculty
If you're like many Americans, high-profile data breaches like the Equifax breach prompt concern about identity theft. Announced in September 2017, the credit reporting agency breach compromised the identifying information of more than 143 million Americans. Personal data like Social Security numbers, driver's license numbers, and addresses was accessed. This type of information can be used to commit crimes, such as using someone else's credit and medical insurance benefits or committing a crime under someone else's identity.
Identify theft incidents rose to an all-time high in 2016, affecting more than 6% of American consumers and growing 16% year-over-year, according to the “2017 Identity Fraud: Securing the Connected Life” report by Javelin Strategy & Research. Consider these alarming identity theft statistics:
- Losses caused by identity theft rose $700 million from 2015 to 2016
- Card-not-present fraud increased by 40% from 2015 to 2016
- Companies are having larger breaches, with the average size of data breaches increasing 1.8% year-over-year to more than 24,000 records per breach, according to the 2017 Ponemon Cost of Data Breach Study
Anyone can be a victim of identity theft—those who have had personal documents stolen, anyone who shops in a store, and even anyone whose credit is monitored. Be vigilant, and follow these 10 tips to help prevent identity theft from happening to you.
1. Freeze Your Credit Report
In addition to checking with Equifax about whether your data was accessed during the breach, consider placing a security freeze on your credit and financial bureau reports. This means that your information can only be accessed through an assigned PIN code, so you can still access it when you need to, but no one can get new credit issued in your name when your identity is not verified.
In addition to the three major bureaus—TransUnion, Equifax and Experian—there are about a dozen other bureaus that fall under the Fair Credit Reporting Act. Find the most up-to-date list of bureaus here.
2. Shred Personal Documents
Never throw personal documents in the trash or recycling bin without shredding them first. These include:
- Bank statements
- Credit card offers
- Medical statements
- Expired plastic like debit cards and credit cards
- 401(k) or savings account statements
- Personal records
Even unwanted mail, like a credit card offer, may contain your personal information, so be careful what you throw out before destroying it.
3. Be Mindful of Where You Share Personal Information
Avoid phishing scams that ask for your personal information, like your address, bank account number, or Social Security number. You may have heard of emails coming from “royalty” in foreign countries, with fortunes to give away in exchange for your bank account information, so they can “wire the money” to you. Don't be fooled.
Be wary of anyone asking for personal information via text, on the phone or by mail, as well. Identity thieves may be pretending to be government agencies, banks or stores so they can get your info.
You should also be careful about what websites you input your personal data into. Only shop on secure sites (designated by an https:// before the website URL), and never share any personal information on a site that is not secure.
Avoid sharing personal information on easily accessible sites, such as posting your address or birthday on social media.
4. Pay Attention to Statements and Reports
Use an online banking system, and check in on your account regularly to detect any suspicious charges.
In addition to carefully watching bank statements for any suspicious activity, you should also regularly monitor your credit reports. Websites such as https://www.freecreditreport.com/ offer credit details, so you can investigate sudden drops in your credit score or the opening of new cards under your name. Check these reports at least once a year.
5. Create Complex Passwords
Many websites require the creation of complex passwords. Take a cue from them and aim for at least one capital letter, one character, and one number to add to the complexity.
Avoid using personal identifiers such as your mother's maiden name or your pet's name in the password. Use a tool like Zoho Vault to store your passwords, and use a different one for each website you have a profile on. Increase your password protection by changing them every few months.
6. Monitor Your Mail
Check your physical mail often. If you can, opt for paperless statements from institutions that may use your personal information when contacting you, such as banks and wealth management firms.
If you're going out of town, place a hold on your mail, ask for someone to pick up your mail for you, or put a lock on your mailbox. If you expect certain statements to arrive in the mail, like credit card statements, but they don't, alert your credit card company.
7. Enable Security Features on Your Devices
Inputting different passwords into different sites may seem time-consuming, but compared to fully recovering your identity, the effort is minimal.
Mobile devices are especially vital to protect, since they can easily be lost or stolen and may have stored passwords or banking applications.
8. Safeguard Your Network
When you log in to a public Wi-Fi network, your computer becomes vulnerable to hackers. To avoid this, use a virtual private network when logging on to public Wi-Fi.
Sites like Tor Project give users access to a secured private network that can't be accessed by others. Use firewalls and virus detection, as well, to make sure that your network and data don't get infected by data thieves.
9. Opt for Two-Factor Authentication
Two-factor authentication makes logging in to a website or application more secure by requiring multiple steps to get to an account. For example, instead of simply entering a password to log into a government account, the government website may send a unique time-sensitive code to your mobile device after the password is received. That code then gets you into the website.
Two-factor authentication does add an extra step for you, but the second step could be enough to thwart thieves who make it past the first.
10. Beware of Lurkers
Even when employing all the above techniques, someone who watches what you do in plain sight can gain the information they need to steal your identity. Actions that require your protection include:
- Entering a PIN at an ATM
- Surfing the web at work
- Using a computer at a library or hotel
Watch who's around when you conduct personal business, and use your hand to cover up your PIN at an ATM or credit card machine.
Interested in exploring more?
With the increasing prevalence of technology and devices, the threat of identity theft continues to increase, and new types are constantly emerging. If you're interested in preventing large threats and helping businesses and the general public protect themselves, a career in cybersecurity could be for you.
Geoffry Vanderpal is a full-time faculty member. The views expressed in this article are solely those of the author and do not represent the view of Purdue Global.