The following preventative methods material is excerpted from Martin T. Biegelman’s book entitled Identity Theft Handbook: Detection, Prevention, and Security, Chapter 20 “Preventing Identity Theft: 21 Rules You Must Use” Published by John Wiley & Sons, Inc. and reprinted with their permission. Copyright © 2009 by John Wiley & Sons, Inc. All rights reserved.
“Nothing will guarantee that you will never become an identity theft victim. With the widespread availability of personal information and the increasing exposure from data breaches, the risk is ever-present. But there is much you can do to protect yourself, your family, and your business…Robust prevention activities can limit your chances of becoming a victim of identity theft.”
The following is a robust set of proactive and reactive rules to fraud-proof and protect your good name. The “21 Rules You Must Use” are the most important things you need to do now and on an ongoing basis to prevent identity theft.
1. Safeguard Your Social Security Number (SSN)
Social Security Numbers are the entry point for identity theft. They are the key to your personal and financial information. For this reason, it is not recommended that SSNs be carried in wallets or purses. You should also not write on a piece of paper your SSN to later place it in your wallet or purse. Question anyone who asks to know your SSN. Other personal identifying information to safeguard includes passport, birth certificate, driver license, voter registration card, alien registration card, and other forms of identification.
2. Protect Your Other Personal Information
The first step in protecting your information is to properly secure personal information such as SSN, credit card numbers, bank and brokerage accounts, retirement accounts, birth certificate, voter registration card, alien registration card, and others. The following are other steps to take to protect your personal information.
- Always limit to whom you give your date of birth, mother’s maiden name, or other confidential information.
- Do not be afraid to question why someone needs your personal information.
- Minimize the amount of information you carry with you.
- Remove old deposits slips, blank checks, and other confidential information that you do not need to carry from your wallet or purse.
- Cancel credit cards that you don’t need
- Check your credit cards after each use to make sure that you have received your own credit card back after making purchases.
- Always guard passwords and PINs.
- Limit the information on your personal checks to your name and address.
- If you do not have a locking mail box, consider having your new or additional checks for your checking account mailed to your bank for pickup.
- Do not leave in your vehicle, especially in plain view, any items with personal information such as insurance cards, vehicle registration, wallets, purses, or laptops.
- Remove from your vehicle or hide from view your garage door opener because the garage door opener and vehicle registration with your home address provides thieves with the tools needed to locate and easily enter your house while you are away.
- Give your credit card number or other personal information to people who call you, no matter how legitimate or enticing the offer may sound.
- Carry more than two credit cards at any one time.
- Write your personal identification number (PIN) on your automated teller machine (ATM) card.
- Keep account information or passwords recorded on your cell phone or personal digital assistant.
- Provide your address or telephone number on credit card transaction slips; some states prohibit retailers from asking such information.
- Write your Social Security Number (SSN) and telephone number on your checks.
The best way to learn if you are a victim of identity theft is by carefully reviewing your consumer credit report on an ongoing basis. This minimizes potential damage because identity theft is detected earlier. The Fair Credit Reporting Act allows consumers to obtain a free copy of their credit report once a year per credit reporting bureau. To continuously self-monitor your credit from the three major credit bureaus, Equifax (www.equifax.com), Experian (www.experian.com), and TransUnion (www.transunion.com) order one report in January, a second one in May, and the third one in September. You should also review the credit reports of your under age children just in case their personal information has been compromised by identity thieves.
The only official site available for consumers to request free credit reports is www.annualcreditreport.com/cra/index.jsp. Other web sites offer a “free” credit report, but it is run by one of the credit bureaus. Consumers must purchase a credit monitoring service in order to receive the “free” credit report.
4. Buy a Good Shredder and Use It
The shredder is the easiest, relatively inexpensive, and best method to protect yourself from dumpster diving. By shredding items such as preapproved credit card offers, convenience checks, bank statements, canceled checks, deposit slips, receipt for prescriptions, and correspondence that mentions confidential information such as SSNs and other information, you are preventing someone from obtaining, from your trash, your personal information.
The best shredder to use is the one that confetti cuts the items because it is virtually impossible to reassemble compared to items cut into strips.
When mail arrives it is recommended that you shred unwanted credit card offers and other documents as soon as you can. It is also recommended that you do this every day.
5. Reduce Your Exposure to Mail Theft
Mail theft is a significant threat to your identity. To protect your mail from theft, it is recommended that you use a locking mailbox. If this cannot be obtained, consider using a Post Office box or a box at a private mail receiving agency, such as The UPS Store. Other measures to protect yourself from becoming a victim of mail theft include:
- Retrieve mail as soon as possible after delivery to the mail receptacle. Do not leave mail in your mailbox overnight or on weekends.
- Use collection boxes or letter slots at the Post Office to mail letters instead of leaving them in your residential box for carrier pickup. This is especially true for outgoing mail containing payment checks because they are prime targets for mail thieves who can alter the checks and negotiate them. Thieves steal outgoing and incoming mail to obtain bank account number, bank routing number, names, addresses, SSNs, and other information.
- Always remember that the red flag up on rural boxes can alert would-be crooks that there is mail in the box. To mail thieves, the red flag in the up position screams “steal me.”
- If your employer allows it, take your outgoing mail to work and place it with the company’s outgoing mail.
- If your mail receptacle has a locking device, make sure it works. If it does not, install either a new lock or a new secure mailbox with a sturdy lock.
- Notify your post office to issue a hold on your mail during vacation or business trips so that mail does not accumulate in your mailbox. You can now do this online at https://holdmail.usps.com/duns/HoldMail.jsp
- Report any suspicious activity around your mail receptacle, your letter carrier, his or her vehicle, other residential mailboxes, and collection boxes to your local police department and the Postal Inspection Service. Postal Inspectors actively investigate mail theft complaints.
- Report nonreceipt of valuable mail as soon as possible by calling the bank or financial institution, credit card issuers, and the Postal Inspection Service.
The internet is your entrance to the marketplace for the world from the comfort of your home or office. When it comes to identity theft and fraud, there are safety concerns to address because organized identity theft groups constantly try to remotely load spyware, malware, Trojan horses, and botnets on victim computers. These programs transmit your keystrokes and other stored computer files to suspects. To protect yourself and your computer, do the following:
- Ensure that your computer has adequate firewall protection and current operating system software. In addition to that, make sure that you install updated antivirus and antispyware software.
- Enable password protection on your personal computer. Use a password to log on to your computer and a password to get back on after your screen saver goes on if you leave your computer on.
- Encrypt your home wireless computer network. Fraudsters will drive around residential neighborhoods and businesses to locate unsecured wireless networks. For tips, guidance, and software that helps improve the security of computers and networks for individuals and businesses go to www.microsoft.com/security
- Always use strong passwords to protect against unauthorized access. Do not use words, names, or phrases that can be easily connected to an individual. The longer the password, the better. It should be at least eight characters in length; 14 characters or more is best. Random letters, numbers, punctuation, and symbols that are not repeated are the strongest. If you would like to check the strength of your password, Microsoft offers an excellent password checker, simply go to www.microsoft.com/protect/yourself/password/checker/mspx and enter your password. Be sure to change your password on a regular basis.
- Always be suspicious of unsolicited emails asking for personal or financial information. These are called phishing scams. Suspect emails requesting information will contain an internet hyperlink that directs the victim to suspect Web site containing fields for victims to enter their personal information.
- Legitimate requests for personal information are generally not conducted by email, therefore do not respond to emails from financial institutions requiring an update of personal and banking information. When you receive one of these emails, contact your bank, credit card agency, or other financial institution to verify that this information is needed. If they do, provide it via phone or in person not via email.
- Do not use public computers in libraries, hotels, coffee shops, or other public venue for online financial transactions. Public computers may be infected with spyware and viruses that may subject you and your personal information to fraud and misuse.
- Never open unknown attachments or download questionable software. Never open attachments or download any software from sites that you are not 100% certain of. The same goes for pop-ups. Criminals may offer you free music, antivirus protection, or other applications. If you fall for it and download this, spyware may be installed on your computer.
- Never use your credit or debit card at any Web site unless it offers a secure transaction.
- Although secure or encrypted transactions have an icon of a miniature lock that appears on the Web browser, highly skilled scammers can replicate the miniature lock on sites, giving the false impression of a secure site. For this reason, in addition to the miniature lock image, look at the URL address of the Web page, it should change from “http” to “https”. This indicates that the website is a secure site for you to input your personal information.
- Deal only with reputable online merchants, and always use your credit card in case of fraud. By using your credit card rather than a debit card or check, you are covered for fraud losses, should they occur. Federal law limits consumer losses to a maximum of $50, but credit card companies rarely enforce this.
- If you are in doubt, click off any suspicious Web site.
Identity thieves have been known to place skimming devices over ATM slots to steal card account information. To protect your PIN number and other information, do the following:
- Look for suspicious devices on the front of the ATM. Check for exposed wires, tape, or loose connections. Look for hidden cameras on the sides of the ATM that criminals use to records ATM passwords.
- Do not use the ATM machine if the ATM card slot, keypad, or any part of the ATM does not look right or if you can move or remove them. Alert the bank representatives instead.
- Be aware of people who may have too much interest in your ATM transaction. They may be shoulder surfers attempting to look over your shoulder to see your account balance or PIN. Use one hand as a shield to cover your other hand as you enter your PIN.
- Be extra careful when using ATMs with an unfamiliar brand name and suspicious looking card readers. If in doubt about using a particular ATM, go to another one.
- Do not leave your receipts at the ATM. These receipts often have the last four digits of your account and list your balance. The same goes for receipts at stores or gasoline stations. Why leave any amount of information for others to see? Take them with you and shred them when no longer needed.
In this information age, information about you is frequently shared with multiple business partners for product offerings, services, and promotions. You have the choice regarding how much information you want to share with marketing firms, companies, and certain government agencies. To help you “opt out” of information sharing related to credit bureaus, various state departments of motor vehicles, and direct marketers, the FTC created a one-page information site that provides detailed information and links. The URL address is www.ftc.gov/privacy/protect.shtm. At this site, the FTC provided a sample opt-out form letter.
To opt-out of direct mail marketing send a letter to:
Direct Marketing Association
Mail Preference Service
PO Box 9008
Farmingdale, NY 11735-9008
Further information about opting out of direct mail marketing can be found at https://www.dmachoice.org/static/learn_more.php
To opt-out of telemarketing calls send a letter to:
Direct Marketing Association
Telephone Preference Service
PO Box 9014
Farmingdale, NY 11735-9014
Further information about opting out of telephone marketing can be found at www.donotcall.gov/.
To opt-out of direct email marketing go to www.ims-dm.com/cgi/optoutemps.php
To opt-out of receiving preapproved credit offers, call 1-888-5OPTOUT (1-888-567-8688). This one call covers all three credit bureaus. As an alternative, you can mail a letter to each credit bureau requesting that it not share personal information with others for promotional reasons. A sample opt-out letter can be found at www.ftc.gov/privacy/cred-ltr.htm. The mailing addresses for the three credit bureaus to request an opt-out are:
PO Box 740123
Atlanta, GA 30374-0123
701 Experian Parkway
Allen, TX 75013
Name Removal Option
PO Box 97328
Jackson, MS 39288-7328
9. Keep a Credit Inventory
In case of loss or theft, prepare an inventory of everything you carry in your wallet or purse by doing the following:
- Write down or photocopy the account numbers of credit cards, expiration dates, credit card verification numbers, the names of the issuers, and the 800 contact telephone number to call to cancel your existing accounts.
The credit card verification number on an American Express card is the four-digit number imprinted on the upper right side of the front of the card.
For MasterCard, Visa, and Diners Club, it is the last three numbers on the signature panel on the back of the card.
- Do not keep this inventory in your wallet or purse. Keep it in a secure place in your residence.
- Photocopy the fronts and backs of your credit cards as well as all other identification documents.
- Keep a detailed list of all your bank and brokerage account numbers and numbers to call if you suspect they have been used fraudulently.
- Back up your personal digital assistants (PDA); do not keep any personal or financial information on them. If you do, be sure to have them password protected.
To check that you have not become a victim of identity theft, it is important to do the following:
- Thoroughly review and reconcile all the charges on each of your credit card accounts and other financial statements each month. Reconciling your accounts also enables you to find out whether you have been double charged or detect other mistakes that need to be corrected.
- Cancel credit card accounts that you do not use or need. Bear in mind though that doing this may affect your credit score, especially if the card is one that you have had for many years.
- Guard your checkbook. Report any lost or stolen checks to your bank or financial institution immediately.
- Take a few minutes to review your canceled checks when they are returned with your monthly statement. Look to see if the payee name or amount paid was changed. Properly store or dispose canceled checks.
- If you have had your checking or bank accounts compromised, contact the check guarantee company TeleCheck at 1-800-366-2425. Your account will be flagged so that counterfeit checks will be refused.
- Know the billing cycles for your credit cards so that you know when to expect credit card, bank, and brokerage statements in the mail. Industrious fraudsters may “cherrypick” your mailbox after the mail carrier delivers your mail but before you pick it up. The indication will be that you did not receive the mail. This is more common with rural mailboxes or house letter boxes that do not have locking mechanisms. Identity thieves have been known to submit change-of-address orders to the Postal Service in order to obtain the mail of potential victims. The diverted mail is received at a location controlled by the scammer.
When discarding an old desktop or laptop, it is important to remove the hard drive or drives, if your computer has more than one, and physically destroy it. Drill holes through it or smash it with a hammer into little pieces. The same goes for PDAs, cell phones, flash drives, and other portable digital devices that you are discarding. It is not enough to wipe clean the hard drive because deleting a file does not completely erase it. Although the file is not visible in the directory, the data is still on the drive. Computer forensic experts have been able to recover information even on wiped drives. Identity thieves have been known to purchase used computers just for this purpose.
12. Be Careful with Product Warranty Cards
Be careful of the information that you provide on product warranty cards that come with appliances or other type of home electronics that instruct you to complete it, send it via mail or email to the manufacturer. Often product warranty cards are postcards that, if returned, could potentially expose your information to anyone processing the card.
In most cases, these warranty cards are entered into marketing databases. The information gathered is sold by the manufacturer to various marketing firms. For the product warranty to be in effect, it is not necessary to submit the product warranty card because most manufacturers provide limited warranties on their products. Unless it is absolutely necessary, do not return any warranty card.
13. Review Your Social Security Earnings and Benefits Statements
Carefully review your Social Security Earnings and Benefits Statements for accuracy as well as indications that someone else may be using your SSN. These U.S. government forms are usually mailed out approximately three months prior to one’s birthday.
If you suspect fraud involving your SSN earnings and benefits statements, contact the Social Security Administration’s Fraud Hotline at 800-269-0271. The Social Security Administration advises that you will not automatically receive a Social Security Statement if:
- You are under age 25, or
- You are already receiving Social Security benefits, or
- A current mailing address is not on file, or
- Your are age 62 or older and receiving Social Security benefits on someone else’s record, or
- You are a Medicare beneficiary, or
- You requested a statement within the past 11 months.
Buy and use a privacy screen on your laptop when traveling, at coffee shops, and at other public spots. These screens ensure the privacy of your on-screen data by making it visible only to someone directly in front of the screen. Such screens can keep prying eyes off your personal documents especially when you are traveling in cramped spaces, such as on airplanes. Although privacy screens are very effective in limiting what others can see, it is always good to be vigilant. You may not want to work on an extremely sensitive document on an airplane or in a public place even if you have a privacy screen.
15. If It Sounds Too Good To Be True, It Is
Do not fall for scam artists trickery that often use the mail, internet, and telephone for misrepresentation and deception. These fraudsters are trying to sell you the “sizzle but not the steak” and are intent on defrauding you.
- Do not respond to emails soliciting advance-fee business arrangements. These solicitations ask recipients to provide bank account information in order to transfer a large sum of money. Recipients supposedly will be paid a percentage of the money as an administrative fee.
- Do not respond to emails soliciting overseas reshipment arrangements. These solicitations also ask recipients to act as an import/export business and reship product (usually electronics) overseas. These products are usually fraudulently purchased and may involve credit card fraud and identity theft.
- Do not respond to email solicitations where you will receive financial instruments, such as checks and money orders that you have to deposit in your bank account. In such cases, you are asked to send a portion back to the solicitor but are allowed to keep a percentage of the total funds as an administrative fee. The financial instruments are counterfeit.
16. Watch Out for Skimming
Criminals involved in identity theft will retrieve the data stored on your credit card by swiping your card on a credit card skimming device. These devices are small enough that they can be secreted in a subject’s pocket. The data is then downloaded to a computer and used for identity theft.
If you can, try to keep a restaurant server in sight or pay at the register. If in doubt, pay cash and avoid the use of cards. Wireless technology that will allow diners to swipe their cards in a handheld device at their table is slowly making its way to restaurants. This innovation will limit the opportunity for skimming.
17. Prevent Data Breaches
To prevent and reduce data breaches follow these safeguards:
- Limit the amount of sensitive data such as personally identifiable information (PII) stored on employee laptops.
- Implement company policies around data storage, data breaches, laptop security, and use of encryption.
- Install and require the use of encryption software on laptops that contain sensitive data.
- Educate employees about the benefit of encryption and hold them accountable if they fail to use it.
- If existing computers cannot enable encryption due to age or other limitations, replace them with newer ones that can.
- Require employees to certify that they have encryption installed, are trained in its use, are using it, and understand the consequences for noncompliance.
- Consider disabling USB ports and the use of portable digital devices as appropriate.
- Use secure Internet locations at all times when traveling.
- Do not use computers or digital copiers in hotel office centers.
- Consider using biometric authentication, such as fingerprint scans, in order to log on.
- Turn off computers when leaving the office at the end of the day.
- Although the use of cable locks to secure laptops is better than using nothing, it is better to lock the computer in a desk or cabinet.
- Secure peripherals such as backup drives, flash drives, and other storage sites used for data.
- Do not leave laptops in a hotel room when traveling. Lock them in the room safe or the hotel safe if possible. At last resort, place them in locked luggage. The vulnerability of laptops to theft is but one more reason for encryption.
Fraud alerts are notifications placed on credit reports to alert creditors that a person’s personal and financial information may have been compromised. This allows creditors to personally contact the registrant and verify all credit applications prior to approval. Credit bureaus have made it easier to place fraud alerts on a consumer’s credit file but have no way to enforce action on a fraud alert request. These are two types of fraud alerts:
Initial fraud alert – stays in effect for at least 90 days and is used when there is a suspicion of account compromise and identity theft, such as responding to a phishing scheme. Consumers are entitled to one free credit report from each of the three major credit reporting agencies after requesting an initial fraud alert.
Extended fraud alert – stays in effect for seven years and is used after confirmation of identity theft victimization. To be eligible for extended fraud alerts, consumers must provide credit reporting agencies with a copy of an identity theft report filed with a local, state, or federal law enforcement agency. Consumers are entitled to one free credit report from each of the three major credit reporting agencies after requesting an extended fraud alert.
19. Use Credit Freezes
Credit freezes blocks your credit from potential misuse and identity theft because credit freezes block a prospective credit card issuer or lender from issuing new credit in a person’s name without obtaining specific approval from that person. A credit freeze prevents credit bureaus from issuing your credit score. Without that information, few if any lenders will issue credit. It effectively blocks the issuance of instant credit, as is often seen when stores offer big discounts on purchases if a new credit card is opened at the same time.
20. Stay Informed
The best way to prevent identity theft is to stay informed about the problem. To help individuals and businesses stay informed, the Federal Trade Commission (FTC) created a brochure entitled: Deter Detect Defend: Avoid ID Theft. The brochure contains helpful tips, telephone numbers, web sites, and steps to take to prevent identity theft. That information can also be found at www.ftc.gov/idtheft.
21. If you Become a Victim
If you learn that you have become a victim of identity theft, do the following:
- Immediately contact the fraud departments of the three major credit bureaus (Equifax, Experian, and Trans Union) to let them know about your situation.
- Request these companies to place a fraud alert in your file as well as a credit freeze. For more information see step 18 Place Fraud Alerts.
- Order copies of your credit report from the three credit bureaus to determine the extent of your victimization.
- Thoroughly review your report for fraudulent activity. Look for accounts opened and listed “inquiries.” The listed inquiry gives you an indication that there are opened or about to be opened accounts.
- Contact those affected accounts for reporting. To protect yourself from fraud, close those accounts.
- Contact your credit card companies and financial institutions to let them know about your situation. Order new cards and account numbers.
- Request these companies to place a fraud alert in your file as well as a credit freeze. For more information see step 18 Place Fraud Alerts.
- Several months later, request another credit report to confirm that the credit bureaus made the necessary corrections by removing the fraudulent accounts. This will also allow you to check if there is any other suspicious activity.
- Report the crime to the local police. This will establish the criminal activity and the facts. It is important that you obtain a copy of the report from the police because the credit bureaus, credit card companies, and other financial institutions will ask for a copy.
- Make a report to the federal law enforcement agencies focused on identity theft crimes such as the U.S. Postal Inspection Service and the U. S. Secret Service.
- File an identity theft complaint with the Federal Trade Commission (FTC) at https://www.ftccomplaintassistant.gov/. Although the FTC does not conduct criminal investigations, it provides detailed information and assistance to victims to resolve financial and other problems resulting from victimization.
- Take identity theft seriously, it is not enough to report the fraud by telephone because the representative of the financial institutions that you contacted may move from job to job, or some other situation may happen.
- It is important to document the events in writing and to create a paper trail that you can refer to if necessary.
- Do not assume that your job is done once you report the occurrence to law enforcement, your banks, credit card companies, and the major credit bureaus. You must continuously follow up, possibly for years, to ensure that your identity is not still being fraudulently used. It is your responsibility to monitor your accounts and history.