Every person who willfully obtains personal identifying information, e.g., name, address, date of birth, Social Security Number (SSN), mother’s maiden name, etc., and uses that information for any unlawful purpose is guilty of a crime. Identity theft is the fastest growing crime in the United States. Every year about 15 million people become victims. Everyone is vulnerable. Skilled identity thieves use a variety of methods to steal your personal information. These include the following:
Dumpster diving: They rummage through trash looking for bills and other paper with your personal information on it.
Skimming: They steal credit- or debit-card numbers with a special storage device when processing your card.
Phishing, spear phishing, smishing, vishing, and whaling: They send realistic-looking e-mail that asks recipients to go to a bogus website and provide personal information, use text messages instead of e-mails, and send fake e-mails to high-ranking executives to trick them into clicking on a link that takes them to a website that downloads software that secretly records keystrokes and sends data to a remote computer over the Internet.
Changing your address: They divert your billing statements to another location by completing a change-of-address form.
Stealing: They steal wallets, purses, mail (credit card and bank statements, pre-approved credit offers, new checks, tax information, etc.), employee personnel records, etc.
An enormous amount of information is available on various identity theft issues. I will summarize some tips for minimizing risk, things to do if you become a victim or are notified of a security breach involving personal information, and links to many websites. For comprehensive set of links to the websites of a wide range of government agencies and nonprofit organizations that deal with these issues, go to The Consumer Federation of American’s website at www.idtheftinfo.org. It contains links that deal with consumer, business, and victim resources, shopping for identity theft services, protecting yourself, statistics and studies, etc.
Protecting Personal Information
Give out credit or debit card, bank account, and other personal information only when you have initiated the contact or know and trust the person you are dealing with. Beware of e-mail or telephone promotions designed to obtain personal information.
Put strong passwords on your credit card, bank, computer, and online accounts. Avoid using easily remembered numbers or available information like mother’s maiden name, date of birth, phone number, or the last four digits of your SSN. Passwords should be more than eight characters in length and have at least one capital letter, one lowercase letter, one number, and one symbol. Use of non-dictionary words is also recommended.
Select password reset questions whose answers cannot be found online or from other research tools. Don’t compromise a strong password with an easily answered reset question like: What is your mother’s maiden name?
Use different passwords for banking, e-commerce, e-mail, and other accounts.
Memorize your passwords. Don’t carry them in your purse or wallet.
Keep personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your home.
Make sure that the copying machines used by you and others who have your personal data, e.g., tax preparers, have data security measures installed to prevent unauthorized access to data on the copier’s disk.
Protect you health insurance cards like you would your credit or debit cards. If asked for your policy numbers or any other personal information in a doctor’s office, make sure no one else is near enough to hear or see them.
Protect your Medicare card number as you would your SSN. Don’t give it to anyone who offers free medical equipment or services and then requests your number. And don’t let anyone borrow or pay to use your Medicare card. That’s foolish and illegal.
Shred or tear up any documents with personal or financial information before throwing them in the trash. Use a cross-cut shredder.
Avoid all online games and quizzes that request personal information, including your e-mail address. Providing this information can put your identity at risk.
Omit any information that is not explicitly requested or required on forms, applications, surveys, etc. Information on them may be sold and become publicly available.
Assume that anything placed on social networking websites will be publicly available. Do not post personal or sensitive information, or photos. And use appropriate security settings for anything you do post.
Opting out of the services provided by data vendors can be time consuming and not always possible. There are hundreds websites that can be used to find addresses, phone numbers, civil and criminal court records, birth and death records, genealogy, etc. These include personal information aggregators like Spokeo that collect and sell public information from all these sources and social networks. Even if you hire a reputation manger to do this, public information will remain available online. You need to find the original source of the information and remove it there, which also may not be possible.
Using Credit and Debit CardsNever loan your card to anyone.
Pay attention to billing cycles. Check with the credit card company if you miss a bill to make sure that your address has not been changed without your knowledge.
Only put the last four digits of your account number on checks you write to your credit card company. It knows the whole number and anyone who handles your check as it is processed won’t have access to the number.
Notify your credit card companies and financial institutions in advance of any address or phone number changes.
Bring home all card receipts and match them against your monthly statements. Look for charges you didn’t make.
Dispose of card receipts at home. Never toss them in a public trash container.
Call the credit card company or bank involved if a new credit card you applied for hasn’t arrived in a timely manner.
Monitor the expiration dates of your cards and contact the card issuer if new cards are not received before your card expires.
Report all lost or stolen cards immediately and request cards with new numbers. In this case the federal Truth in Lending Act limits your liability to $50 of any charges made before you report your card lost or stolen. Contact the issuer if replacement cards are not received in a reasonable time.
Sign and activate new cards promptly on receipt. Or write “See ID” on the signature line on the back of the card. Then a thief won’t have your signature. A merchant will ask you for a picture ID to make sure you are the cardholder.
Never put a card number on a post card or on the outside of a mailing envelope.
Make sure only the last four digits of your card number show up on your receipts. Cancel accounts you don’t use or need. Carry only the cards and identification you need when you go out.
Tear into small pieces or shred any pre-approved credit card offers. They can be used by thieves to order cards in your name.
Ask your credit card company to stop sending blank checks.
Have your name removed from lists supplied by the Consumer Credit Reporting Companies (Equifax, Experian, and TransUnion) to be used for pre-approved/pre-screened offers of credit or insurance.
Don’t let your card out of sight. A person taking it to a Point of Sale (POS) device might have a skimmer to steal the information on the magnetic strip, copy your card number and the 3-digit security number on the back of the card, or switch cards. If you do give your card to a waiter or other sales person, make sure you get your card back. And use a credit card instead of a debit card whenever possible. With the former you don’t have to pay disputed charges. But with the latter it may take the bank about two weeks to restore the funds to your account.
Make sure your bank and credit card companies have your latest home and cell phone numbers, and e-mail address so they can contact you quickly if they suspect fraud in your accounts.
Put a dollar limit on credit and debit card transactions and withdrawals. And put a number limit on transactions and withdrawals on any day.
Some credit cards now have embedded Radio Frequency Identification (RFID) chips that are designed to be read by secure card readers at distances of less than 4 inches when properly oriented for “contactless payments.” Thus, RFID readers that are available to the general public and can operate at ranges up to 25 feet and are essentially useless in stealing the information on your card. And even if that information is “hi-jacked,” the cards are said to have security features that make it difficult or impossible to make a fraudulent transaction. Furthermore, the information is on the chip is not the same as that on the magnetic strip, and it cannot be used to create a functioning counterfeit version of the card. If you have a card with a RFID chip and don’t want to risk having the information on it stolen and used in any fraudulent activity, ask your card company for a new card without a chip.
Beware of skimmers on self-checkout terminals at grocery stores, gasoline pumps, and other places where you might swipe your credit or debit card.
On behalf of the men and women of the Lady Lake Police Department, please help us to help you and take advantage of some of these tips to reduce your chances of being victimized.
Remember, a little caution can go a long way.