Protecting an Identity from Thieves

Individuals and businesses for that matter can take very simple steps to protect their identity information and avoid becoming victims of identity theft. It is essential that people stay in the know about who is getting their personal or financial information. Personal information should not be given out on the phone, through the mail, or over the Internet unless the individual has initiated the contact or absolutely knows who they are working with during any type of transaction. If a company claims that an individual has an account with them by sending e-mails asking for personal information, do not click on any links in the e-mail. Instead, type the company name into a web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on the account statement and ask whether the company really sent a request. Thousands of such e-mails float around the Internet every day and many look authentic, with company logs and hijacked greetings.

There are also many basic steps that individuals should continuously take to help protect their personal information and their identity:

• ? Lock financial documents and records in a safe place at home, and lock wallets or purses in a safe place at work. Always keep information secure from roommates or workers who come into the home or office.
• ? When going out, take only the identification, credit, and debit cards needed. Leave the Social Security card at home. Make a copy of Medicare cards and black out all but the last four digits on the copy. Carry the copy instead of the original card unless specifically needed at a doctor’s office or clinic.
• ? Before sharing information at a workplace, a business, a child’s school, or a doctor’s office, ask why they need it, how they will safeguard it, and the consequences of not sharing.
• ? Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when they are no longer needed.
• ? Destroy the labels on prescription bottles before discarding them and do not share health plan information with anyone who offers free health services or products.
• ? Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in a residential or business mailbox. If gone from home for several days, request a vacation hold on mail.
• ? When ordering new checks, do not have them mailed to a residence unless there is a secure mailbox with a lock.
• ? Consider opting out of prescreened offers of credit and insurance by mail.
• ? Store and dispose of personal information securely.
• ? Before disposing of a computer, get rid of all personal information it stores. Use a wipe utility program to overwrite the entire hard drive.

• ? Before disposing of a mobile device, check the owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device.
• ? Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
• ? Keep browsers secure and use encryption software that scrambles information sent over the Internet. A lock icon on the status bar of an Internet browser means information will be safe when it is transmitted. Look for the lock before sending personal or financial information online.
• ? Use strong passwords with laptops, credit cards, banks, and other accounts.
• ? Do not overly share personally identifiable information on social networking sites. Sharing too much information allows an identity thief to find information that can be used to answer “challenge” questions on accounts, and get access to money and personal information.
• ? Consider limiting access to social networking pages to a small group of people. Never post full names, Social Security numbers (SSNs), addresses, phone numbers, or account numbers in publicly accessible sites.
• ? The decision to share SSNs is up to an individual and a business may not provide services or benefits if individuals will not provide SSNs. Sometimes, it may be necessary to share an SSN if employers and financial institutions need it for wage and tax reporting purposes. A business may ask for an SSN to check credit for loans, rent an apartment, or sign up for utility services.
• ? Install anti-virus software, anti-spyware software, and a firewall. Set your preference to update these protections often.
• ? Protect against intrusions and infections that can compromise computer files or passwords by installing security patches for operating system and other software programs.
• ? Do not open files, click on links, or download programs sent by strangers. Opening a file from an unknown source could expose computer systems to a virus or spyware that captures passwords or other information as it is typed.
• ? Before sending personal information over a laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if the information will be protected. If using an encrypted website, it protects only the information sent to and from that site. If using a secure wireless network, all the information you send on that network is protected.
• ? Keep financial information on a laptop only when necessary. Do not use an automatic log-in feature that saves user names and passwords, and always log off when finished. That way, if a laptop is stolen, it will be harder for a thief to get at personal information.

? Read privacy policies on websites to determine how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties [5].

Many companies refer to their services as identity theft protection services. In fact, no service can protect an individual from having personal information stolen. What these companies offer are monitoring and recovery services. Monitoring services watch for signs that an identity thief may be using personal information. Recovery services help to deal with the effects of identity theft after it happens. Monitoring and recovery services are often sold together, and may include options like regular access to credit reports or credit scores.

There are two basic types of monitoring services: credit monitoring and identity monitoring. Credit monitoring tracks activity on credit reports at one, two, or all three of the major credit reporting agencies (CRAs)—Equifax, Experian, and TransUnion. If activity is spotted that might result from identity theft or a mistake, individuals can take steps to resolve the problem before it grows. Usually, credit monitoring will send alerts when

• ? A company checks people’s credit history.
• ? A new loan or credit card account is opened in a person’s name.
• ? A creditor or debt collector says payments are late.
• ? Public records show that a person has filed for bankruptcy.
• ? There is a legal judgment against an individual.
• ? Credit limits change unexpectedly.
• ? Personal information, like name, address, or phone number, changes without authorization.

Credit monitoring only warns people about activity that shows up on their credit report. But many types of identity theft will not appear. For example, credit monitoring will not indicate if an identity thief withdraws money from a bank account, or uses an SSN to file a tax return and collect a refund. Some services only monitor credit reports at one of the CRAs. So, for example, if a service only monitors TransUnion, there will not be alerts on items that appear on Equifax or Experian reports. Prices for credit monitoring vary widely, so it pays to comparison shop. These are questions to ask credit monitoring service providers:

• ? What credit reporting agencies they monitor?
• ? How often do they monitor CRA reports? (Some monitor daily, others less frequently.)
• ? What access do customers have to credit reports?
• ? Do they show reports for all three CRAs?
• ? Is there a limit to how often reports can be viewed?

• ? Is there a separate fee for each time reports are viewed?
• ? Are other services included, such as access to a credit score?

Identity monitoring provides alerts when personal information like bank account information or an SSN, driver’s license, passport, or medical ID number is being used in ways that generally will not show up on a credit report. Identity monitoring services may warn when personal information shows up in

• ? Change of address requests
• ? Court or arrest records
• ? Orders for new utility, cable, or wireless services
• ? Payday loan applications
• ? Check cashing requests
• ? Social media
• ? Websites that identity thieves use to trade stolen information

Identity recovery services are designed to help regain control of a name and finances after identity theft occurs. Usually, trained counselors or case managers review the process of addressing identity theft problems. They may help write letters to creditors and debt collectors, place a freeze on credit reports to prevent an identity thief from opening new accounts, or explain documents that must be reviewed. Some services will represent clients in dealing with creditors or other institutions.

Identity theft insurance is offered by most of the major identity theft protection services. The insurance generally covers only out-of-pocket expenses directly associated with reclaiming an identity. Typically, these expenses are limited to things like postage, copying, and notary costs. Less often, the expenses might include lost wages or legal fees. The insurance generally does not reimburse for any stolen money or financial loss resulting from the theft. As with any insurance policy, there may be a deductible, as well as limitations and exclusions.

IdentityTheft.gov is the government’ s free, one-stop resource for reporting and recovering from identity theft. IdentityTheft.gov has recovery plans for more than 30 types of identity theft, including tax-related identity theft and identity theft involving a child’s information. The website, available in Spanish at RobodeIdentidad.gov, provides a personal, interactive recovery plan tailored to an individual’s identity theft needs. The website will

• ? Walk users through each recovery step
• ? Generate pre-filled letters, affidavits, and forms to send to credit bureaus, businesses, debt collectors, and the IRS
• ? Adapt to changing needs, and provide follow-up reminders, and help track progress
• ? Provide advice on what to do if individuals are affected by specific data breaches [6]

It is also advisable to keep up on identity theft trends to help determine if an individual or business has become more vulnerable or a more likely target for identity theft. In 2015, Utica College’s Center for Identity Management and Information Protection (CIMIP) released “The new face of identity theft,” a report that analyzes federal case data from 2008 to 2013 as a follow up to a similar study completed in 2007 that evaluated identity crime trends.

The study found that the five states with the largest number of offenders convicted during the study’s period were Florida, California, Texas, New Jersey, and Georgia. Nearly 90% of these offenders were charged with identity theft, while the other most common charges were bank fraud, tax fraud, access device fraud and wire fraud. The 2015 report states that more identity criminals, now almost 64%, operated as part of a group rather than individually, in contrast with results from the 2007 study, which found that most identity criminals acted alone. Similarly, the use of technological devices by offenders increased to now represent 62% of all identity theft cases in the study. In an almost identical result to the 2007 study, the 2015 study found that the majority of identity thieves, 60%, target strangers.

An emerging form of identity theft, prominent in the new study, was the submission of false tax claims with the IRS using stolen identity information. Offenders used several approaches to commit these types of offenses, stealing identity information from a variety of sources, including prisons and nursing homes [7].