You’ve probably seen the ads for LifeLock, an identity theft protection service, where the CEO gives out his Social Security number and claims that he can do that because he has such confidence in his company’s ability to protect his identity. It turns out that his confidence may have been misplaced. In recent days, stories have surfaced that people have been able to receive driver’s licenses using the CEO’s SSN and one person has even succeeded in getting a payday loan using the pilfered SSN.
Now, anyone with a basic knowledge of credit reporting and identity theft probably realized that this guy was setting himself up for trouble. Under the best circumstances, LifeLock and other “identity protection” services can only prevent a few forms of identity theft. That’s because the protections they offer only operate at the credit bureau level, which reports on transactions related to credit cards, loans, mortgages, renter approval, certain utilities and some insurance. Things like obtaining fake driver’s licenses, receiving medical care under a false name, and giving a fake SSN to avoid arrest typically don’t go through the credit bureaus so they can’t be stopped by a service like LifeLock.
The problem with any sort of “identity protection” is that nothing is fool proof. Protecting yourself at the credit bureau level only works as long as the agency issuing the credit actually goes through the bureaus. If they don’t, they have no idea that you’ve put protective measures in place so they may go ahead and issue credit to an impostor.
That’s what happened to the LifeLock CEO. The payday loan company didn’t run the right checks and issued credit to the impostor. It’s almost impossible to protect yourself against driver’s license or medical fraud because most state agencies and healthcare providers run no checks at all, assuming that the information presented is legitimate. It’s also very easy for a thief to steal a credit card or bank account number and treat themselves to a shopping spree that you learn about only after the funds are gone. These types of transactions cannot be stopped by a protection service. Only constant vigilance and some proactive steps on your part can help to prevent identity theft, and even that isn’t 100% guaranteed.
So if it’s so hard to protect your identity, what can you do and should you pay someone else to do it for you? The answer to the second question is a definitive “No.” The things that companies like LifeLock claim to do can all be done on your own for free. You’ll get the same level of protection and have control over the process (and you won’t be giving out your personal information to yet another company, which puts you at risk if their database is ever compromised). As for what you can and should do, below are the four main protections that LifeLock employs and how to do them yourself. Then I have some ideas that go beyond their protection.
1. Set a fraud alert with the major credit bureaus. This is free to do. All you have to do is call one of the bureaus or visit their website and answer the questions. You don’t even have to speak to a person. The alert is then passed from the bureau you contacted to the other two — you don’t even have to contact the other two, it’s done for you. The alert is good for 90 days and lets credit issuers know that you may have been the victim of fraud and that they should request additional information or documentation before issuing credit. It doesn’t stop the issuance of credit but it does, if followed correctly by the issuer, cut down on incidents of identity theft. You can renew the alert every 90 days.
2. Remove your name from pre-approved credit card offers and other junk mailings. Contact Opt-Out PrescreenDirect Marketer’s Association to be removed from many junk mailing lists. The DMA is the largest database used by solicitors, so opting out with the DMA greatly reduces junk mail. Read the privacy policies of companies you do business with and find out how to let them know that you don’t want your information shared. If you get junk mail with a prepaid mailer, you can stuff their materials into the envelope and write, “Remove me from your list” on the material. This usually works, although it may take awhile. Make certain when doing business online that you uncheck any boxes that say, “Contact me with future offers,” or similar. Many websites pre-check these for you in the hopes you won’t notice, leaving it to you to opt out of their crap.
3. Order your free credit reports and set up a monitoring cycle. You are entitled to one free credit report per year from each of the three major credit reporting agencies, Experian, TransUnion, and Equifax. You get these reports through AnnualCreditReport.com. Only use this site. Others that sound similar require you to pay. But don’t request them all at once. Since you can get one per year from each service, you can request one every four months to keep a constant eye on your credit. So, for example, if you request from Equifax in January, wait until May to request one from TransUnion. Then request one from Experian in September. Then, when January rolls around, you request from Equifax again and keep the cycle going. This means you’re seeing your credit report once every four months which lets you catch potential problems quicker than if you look at it only once a year or less often.
4. Keep records of your credit card numbers, bank accounts, insurance cards, and driver’s license information (and contact information for each agency) separate from your wallet or purse. Make photocopies of sensitive items that you carry and keep them in a secure location separate from your wallet. If your wallet or purse is stolen, you can quickly contact each bank and card issuer and notify them of the theft so they can shut down your accounts and open new ones.
If you want to go beyond these services (and you should), here are more steps you can take to help secure your identity.
1. Use a cross-cut shredder. Shred anything with your SSN, bank account numbers, address, or other personal information. Be especially sure to shred pre-approved credit card offers and balance transfer checks. Get a cross-cut shredder or “confetti” shredder because these reduce your papers to tiny bits that are almost impossible to put back together. Some shredders make strips which are too easy for a thief to put back together.
2. Freeze your credit. This isn’t free, but the peace of mind is worth it. It is similar to a fraud alert except that it cannot be ignored by a lender. A fraud alert merely tells a lender that you may have been a victim of fraud and that they should request proper identification and verification before issuing credit. However, a freeze locks your credit file so that it cannot be viewed at all unless you “unfreeze” it. There is a fee to freeze your credit and another fee when you want to unfreeze it, so if you’re actively pursuing loans this option isn’t for you. Freezing your credit also means that you can’t be spontaneous about getting credit. If you’re shopping and see a great same as cash deal or want a store credit card, you’ll have to wait because you’ll have to unfreeze your credit before you can apply. Freezing and unfreezing aren’t instant — there are a few days of processing time — so be prepared to wait if you need credit in a hurry.
3. Don’t let your credit or debit cards out of your sight. It is common for restaurants to take your card away and run the payment at a register out of your sight. Unfortunately, some servers are dishonest and run your card through a “skimmer” that captures the card’s information so a new one can be made. Bring cash to restaurants that you know will take your card away. Also don’t let a clerk in a store take your card out of your sight. Some dishonest clerks will say they have to get manager approval of your transaction, then go to a back room and skim your card.
4. Be wary of ATM’s that look altered. Thieves will attach skimmers to ATM slots to capture card information and PIN’s. You may notice that the slot looks lumpy or not firmly attached to the machine, or as if there is another piece of hardware attached to the front. If it looks fishy, don’t use it. This is less likely to happen at bank ATM’s since they are more aware of the problem and may be more religious in checking their machines. However, it can happen anywhere so be vigilant.
5. Protect your PIN. When at an ATM, cover the keypad with your hand and do the same as you tap in the information on pads in stores. In a store you can avoid entering your PIN altogether by running the transaction as “credit” rather than “debit.” It doesn’t change anything about how your money is withdrawn, only that you don’t have to enter your PIN.
6. Don’t get caught by phishing scams or phone scams. You hear it all the time, but it bears repeating: Never give personal information out over the phone unless you initiate the call and never enter information into a form you reached by a link in an email. Always type the website directly into your browser and navigate from there. If in doubt, call the company that sent the email or made the phone call and ask if it’s legitimate.
7. Spring for an unlisted phone number. Having an unlisted phone number cuts down on the number of phone solicitations you receive and cuts down on people just pulling a phone number and address out of the book and giving it as their own. It also cuts down on some junk mail solicitors that compile their lists from phone listings.
8. Don’t give out your SSN unless you have no other choice. Many places that ask for your SSN (except banks or those issuing credit) will accept another identifier if you ask. Many are aware of the problems of identity theft and may be willing to work with you. If asked for your SSN, ask why they need it and if there is an alternative and, if you’re not satisfied with the answer, consider whether or not you’re willing to take the risk.
9. Don’t carry anything with your SSN in your wallet or purse unless you are going to need it that day. If your wallet or purse is stolen it’s a pain to cancel and reissue credit cards and bank accounts, but it’s so much worse if the thief gets your SSN in the bargain. While you’re at it, purge your wallet of any credit cards, insurance cards, or other identifying information you don’t use on a regular basis to cut down on the items a thief has access to.
10. Protect your computer. Install antivirus and anit-spyware protection on your computer to prevent anyone from installing malicious software that can capture your personal information or transmit it to another party. Make certain websites are secure before entering personal information (look for “https” in the web address and/or a lock icon in the browser window). Don’t enter personal information when using public computers at schools, universities, libraries, coffee shops, etc. You don’t know what kind of protection, if any, they have in place.
11. Don’t put your SSN, phone number, or driver’s license number on your checks. In the old days the advice was to put this information on checks to speed processing and verification. But now this is just more information that can be used against you if your check goes awry. Only put your name and address on a check. If the person taking the check requests additional information, you can give it if you feel comfortable (but don’t give the SSN — they don’t need that), but otherwise don’t give it out.
12. Monitor your accounts online. Many banks and credit cards now offer online access to your accounts. Take advantage of this and monitor your accounts daily or every other day to check for suspicious activity. This gives you a chance to quickly catch a thief before too much damage is done. If you only wait for the monthly statement, you may be too late.
13. Sign up for e-billing and e-statements. Receiving bills and account statements electronically cuts down on the chances of someone intercepting your information in the mail, either through intentional theft or because your mail was delivered to the wrong place.
14. Buy a safe. Keep sensitive documents (tax returns, bank statements, passports, Social Security cards, etc.) in a safe. If your home is broken into, a safe may keep your information out of the wrong hands. Alternatively, you can rent a safe deposit box at your bank but this can be inconvenient if you need the documents and the bank is closed. And don’t keep documents any longer than necessary. Shred or burn statements, tax returns and old bills when they are no longer needed.
15. Be careful with your mail. Opting out of junk mail and signing up for e-billing and e-statements where possible will greatly cut down your risk of mail-related identity theft, but you can go further. Don’t leave sensitive outgoing mail in your mailbox for pickup. It can easily be stolen while you’re not looking. Take it to the post office. If you’re going to be out of town, either have your mail held at the post office or have a trusted friend pick it up. Don’t let it pile up in the box where thieves can get to it. Retrieve your mail as soon as possible. If you aren’t home when the mail comes, get it out of the box as soon as you get home. Don’t leave it there overnight. You might also consider a locking mailbox. These are designed so that they can be opened and closed once for the mail delivery, but after that they must be opened with a combination or a key and then reset for the next day’s delivery.
16. Don’t leave personal information out in the open. More and more you’re hearing stories about people who had their identity stolen by contractors or delivery people who came to their home. Maybe they left their checkbook out in the open, or an old bank statement, or an insurance claim with their SSN on it. However it happened, the contractor picked up the information or copied it while the homeowner wasn’t looking and then stole their identity. If you’re having work done or deliveries made, make certain that any compromising information is out of sight and preferably locked up. And be sure to keep an eye on the people who are in your home.
Yes, you can pay a service to do some of these things for you, but if the protection you’re paying for is no better, or possibly worse, than what you can do yourself for free, why pay for it? Taking some simple steps and using some common sense can go a long way toward protecting your identity. However, nothing can be guaranteed, even for the CEO of a company that charges you for protection. If you’re the victim of a particularly savvy or determined thief you may still have your identity stolen. However, if you are proactive about protecting yourself, the related problems are likely to be more confined and more quickly identified than if you do nothing.