Identity Theft: How to Protect Your Credit

Last Thursday, Equifax announced one of the largest identity theft cases in history.  Sensitive personal data on 143 million individuals may have been stolen. Here is a link to the announcement, a way to check if you were affected, and an opportunity to enroll in its one-year-free credit-monitoring package. You can see from the graph below that other hacks have affected more people. However, the latest hack might be the most damaging of all-time. This is because the Equifax database contained Social Security numbers, full names, addresses, birth dates, and even driver’s license and credit card numbers for some. Past cybersecurity breaches (Yahoo, eBay, and MySpace) did not have this type of sensitive personal data.

Identity Theft: How to Protect Your Credit

The type of information exposed by Equifax is exactly what many companies use to verify the identity of customers accessing their accounts online, by phone, or even in person. This is not a short-term problem. Identity theft could occur far into the future because of this breach since you can’t very easily change your Social Security number, date of birth, or past addresses (like you could a password or credit card number). Before you freak out, learn about the real costs and risk of identity theft.

What can you do to prevent indentity theft?

The easy but largely ineffective step many people take is to sign up for credit monitoring services, such as Lifelock. These services cost $120–$300 per year, but many people have been offered them for free if they are customers of a company that has been hacked. This has become the de facto PR move for companies whose client data has been compromised.

Most credit monitoring services do not prevent indenty theft theft:

The problem with credit monitoring services is that they do not prevent ID theft. They just notify you if ID theft does happen, or when someone opens lines of credit or applies for accounts in your name. This can be somewhat helpful, but by the time you get the alert, it may be too late. Damage may have already been done to your credit score and you are left to clean up the mess. Also, most alerts are false alerts, meaning that you intended to apply for credit.

More effective/less convenient option—set up a Fraud Alert:

You can set up a fraud alert for free. This requires any lender that wants to pull your credit to call and verbally verify that it’s you who made the application. The good news is you only need to call one of the three credit agencies because they are required by law to share that alert with the other two bureaus. The bad news is you can only set up a fraud alert for 90 days unless you have already been the victim of identity theft, in which case you can set it up for seven years.

Most effective/least convenient—set up a Credit Freeze:

You can freeze your credit, which is essentially taking your credit report out of circulation. Lenders will not be able to get access to your report, which means that no new credit accounts are likely to be approved.

A couple of thoughts on freezing your credit:

  1. It’s does not effect your credit score.
  2. You have to call each of the three credit bureaus to set it up (phone numbers above)—they do not have to share a freeze like they would a fraud alert.
  3. You must pay to freeze it and to lift the freeze (typically $5-$10 per credit agency, each time).
  4. You must lift it temporarily when you apply for new credit (e.g., car loan, mortgage, etc.).

I froze my credit and it was pretty quick and painless.  For more information on these steps, the FTC has a full FAQ section on its site about credit freezing, and a separate one about instituting a fraud alert.

One more way to prevent identity theft: 2 Factor Authentication

The most secure way to access your accounts online is through sites that offer two-factor authentications. Some sites offer this service now and many more will soon. Two-factor authentication means that in addition to having a user name and password, you also need a one-time code that is texted to you each time you want to log in. This feature is currently offered (although it’s optional) on the personal financial websites that Surevest & Planning Great Retirements uses as its client portal (the Nest).

One more resource if you have a minute is this downloadable guide from the Simple Dollar: Protecting Your Credit Cards. I hope this information has been helpful. Email if you have questions and have a great week.