Protecting Your Financial Identity
by Joshua D. Stillman, CFP®, MBA
on September 12, 2017
Equifax’s recent database breach has many concerned about the implications. As such, we are writing to share some information about the break, Equifax’s current course of action, and, most important, what you can do to protect yourself. The information below is general in nature and we encourage you to call us to develop a course of action specific to your situation.
Equifax Breach
According to Equifax and reported in early September, a breach affecting 143 million Americans lasted from mid-May through July. Hackers targeted people’s names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers. Credit card numbers of about 209,000 people and dispute documents with personal identifying information of about 182,000 people were also compromised. The personal information that has been stolen are not only the keys necessary to open new lines of credits, but also to unlock consumers’ medical histories, bank accounts, and employee accounts.
Equifax will send correspondence by mail to those who were exposed. The company has put a tool on their website to check your potential impact and has offered one year of free credit monitoring service available to anyone, regardless of whether you were affected, as long as you enroll by November 21, 2017.
Immediate Response to the Equifax Breach
If you would like to see if you have personally been impacted by the breach, navigate to Equifax’s dedicated website and click the red button “Check Potential Impact.” You will be asked for your last name and the last six digits of your social security number. Even after providing this information, you may not necessarily get confirmation about whether you are affected. You will, however, be offered enrollment in the credit monitoring service. While the company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases, it is unclear whether Equifax has fully closed their vulnerabilities and so you may choose to not give them additional information.
You can also check your credit report at annualcredtireport.com to make sure your identity has not already been compromised. You are entitled to one credit report from each of the three reporting agencies each year. We recommend downloading a report from a different agency every four months so that you have year-around self-monitoring without charge.
Additionally, you can stop pre-screened credit offers to further limit your exposure at optoutprescreen.com or by calling 888-5OPTOUT (888-567- 8688). You have the option to opt-out for five years or permanently. If you change your mind at a later date, you can always opt-in again.
Be especially wary of any emails you receive that are purportedly from Equifax asking for you to click on a link. The security breach is a perfect opportunity for fraudsters pretending to be from Equifax to prey upon the chance to steal your identity and/or compromise your computer’s security, a tactic known as phishing. The best thing to do, always, when you receive an email from any business who asks you to click on their link is to instead find the company’s website and follow any links you find there.
Ongoing Identity Safeguarding Tips
Of course, the breached information may not be utilized by hackers for years to come and so you should be aware of identity safeguarding and monitoring on an ongoing basis. While there are many third-party services available from banks to credit card companies to credit reporting agencies (such as Equifax’s TrustedID) to independent theft protection companies, none of them are necessarily full proof and it is unclear how much value they actually provide. In fact, Consumer Reports reported several years ago that do-it- yourself safeguarding of your identify is just as effective as paid services. Regardless of whether you decide to subscribe to a third-party identity monitoring and/or theft protection service, basic safeguarding practices are prudent.
- Shred documents before putting in the trash
- Provide Social Security number only when necessary
- Don’t carry unnecessary information in a purse or wallet
- Don’t leave your purse, wallet or other identifying information in your car while shopping
- Conduct only secure transactions online (look for https)
- Use passwords on your computer. Do not share passwords. Periodically change your password. Do not make your password too simple.
- Don’t respond to unsolicited e-mails requesting personal information
- Don’t share personal information on social networking sites
- Don’t give identifying information over the phone unless you initiated the call
- Log off when finished on a site
- File your taxes as early as possible before a scammer can and respond right away to letters from the IRS. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job.
You should also monitor your credit report on an annual basis. As mentioned before, you are entitled to one credit report from each of the three reporting agencies each year and so if you download a report from a different agency every four months, you will have year-around self-monitoring without charge.
Additionally, you should monitor your existing credit card and bank accounts closely for charges you don’t recognize. If you are already using the personal financial website software that we offer, you can set up email alerts to notify you when there is a large purchase from one of your bank or credit card accounts over a specified threshold. This is one way to catch large unauthorized purchases from your accounts and supplements the fraud detection systems provided by the bank and credit card companies themselves.
Drastic Preventive Option – Credit Freezes
A more drastic measure you can take to prevent fraudsters from opening new lines of credit with your identity is to put a credit freeze at each of the three credit reporting agencies: Equifax, Experian, and TransUnion.
A credit freeze locks down your credit. Since most creditors need to see your credit report before they approve a new account, if you restrict access to your credit report, potential identity thieves will have trouble opening new accounts in your name.
Keep in mind that a credit freeze will also restrict you from opening lines of credit yourself or engage in any activity that requires a soft or hard credit check. You can still apply for a job, rent an apartment, get new internet service, cell phone service, utility service, or buy insurance, but you will need to plan ahead to unfreeze your account whenever you are undergoing an activity that would require a soft or hard credit check.
Unfortunately, credit freezes do not prevent a potential thief from making charges to your existing accounts since the lines of credit are already open. Therefore, even if you freeze your credit, you still need to monitor all bank, credit card and insurance statements for fraudulent transactions.
There is also a cost each time you freeze and unfreeze your credit. The costs vary based on your state of residence and credit reporting agency, but usually range from $3-10 per freeze and unfreeze.
A Less Drastic Preventive Option – Fraud Alerts
In comparison to a credit freeze, a fraud alert allows creditors to get a copy of your credit report as long as they take steps to verify your identity. There are two types of fraud alerts, an “initial fraud alert” and an “extended fraud alert.”
Initial Fraud Alert - Contact any one of the three credit reporting companies and request an “initial security alert.” This alert asks lenders to take additional precautions before granting credit such as calling a telephone number you specify before granting credit. The alert is automatically deleted after 90 days. You also get automatically opted-out of prescreened credit offer lists for six months, ability to request a free credit report, and access to fraud recovery and assistance information. The request for the alert is shared with the other national credit reporting companies.
Extended Fraud Alert - A more robust option is to file an extended fraud victim statement. You must provide an identity theft report and what this does is asks lenders to call before granting credit. It is shared with other national credit reporting companies and is automatically deleted after seven years. Both options are free, but the initial fraud alert is designed as a short-term protection mechanism (unless you are diligent about restarting alerts every 90 days). The extended fraud alert option is designed for those that have already been victims of identity theft.
Additional Peace of Mind - Third-Party Credit Monitoring and Theft Protection Services
If you prefer the peace of mind of having a provider helping you monitor your credit and potentially helping with restoration in the event of identity theft, there are several providers in the market:
- Credit Karma - Free service that helps monitoring credit and will email you if there are concerning changes on your credit reports. There have been reports that they don’t catch things that LifeLock and others catch and so it is best used as a means for self-monitoring. This service as wells as other pure credit monitoring solutions offered by credit companies and the credit bureaus provide do-it- yourself instructions for what to do to restore your identity in the event of identity theft.
- LifeLock – They perform monthly reviews of financial activity under your name and social security number and contact you immediately if they find something. They offer protection and help with restoration through outside lawyers and investigators with up to $1 million for legal fees to resolve your case and may reimburse stolen funds (depending on which type of membership you chose).
- IDShield – Provides credit monitoring and uses Kroll licensed private investigators via a limited power of attorney to ensure ID restoration. They offer up to $5 million service guarantee to restore identity, but do not provide insurance to reimburse stolen funds.
- Identify Guard – They provide continuous monitoring and include $1 million for expenses to restore identity and stolen funds. They also use the IBM Watson engine for monitoring your social image online.
Many bank institutions, credit card companies, and credit reporting agencies also provide their own credit monitoring service. These services act similar to Credit Karma, but do not provide the identity restoration and insurance that LifeLock, IDShield, and Identity Guard provide.
Conclusion
Data privacy and identity safeguarding are becoming increasingly critical issues. With each data breach from Target to the IRS to Anthem to the recent Equifax attack, the vulnerability of our identities has become more pressing. Whether to freeze your credit, execute a fraud alert, and/or subscribe to a third- party identity protection service depends on your individual situation and preferences. If you would like to discuss this issue in more detail and develop an identity protection plan for you, call us to discuss.
Questions or comments? Email me at joshstillman@capfin.net , call the office at 703-821-2000 ext. 215 , or get me on my cell phone at 703-501-3495 .
The information is the personal views of Josh Stillman and is not necessarily indicative of those of Capitol Financial Consultants, Inc. The information contained herein has been compiled from sources believed to be reliable; however, there is no guarantee of its accuracy or completeness. Any opinions expressed here are statements of judgment on this date and are subject to certain risks and uncertainties which could cause actual results to differ materially from those currently anticipated or projected.