Identity Theft Protection & Prevention: Prevent ID Internet Fraud

An epidemic of online identity theft is surging. Don't let yourself be a victim.

Identity theft is a serious crime. Even though victims are usually not saddled with paying their imposters' bills, they are often left with a with a bad credit report and must spend months and even years regaining financial health.

In the meantime, they have difficulty getting credit, obtaining loans, renting apartments, and even getting hired. Victims of identity theft find little help from the authorities as they attempt to untangle the web of deception that has allowed another person to impersonate them. If you think your identity has been stolen, here is what to do now:

Contact the fraud departments of any of the three major credit bureaus (Equifax, Experian and TransUnion)  to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge.

Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavitans when disputing new unauthorized accounts. 

File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime. 

File your complaint with the Federal Trade Commission. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you.

Protect yourself from Identity Theft
There are two types of identity theft. "Account takeover" occurs when a thief acquires your existing credit account information and purchases products and services using either the actual credit card or simply the account number and expiration date. "Application fraud" is what some experts call "true name fraud." The thief uses your SSN and other identifying information to open new accounts in your name. Victims are not likely to learn of application fraud for some time, because the monthly account statements are mailed to an address used by the imposter. In contrast, victims learn of account takeover when they receive their monthly account statement. This guide discusses strategies for reducing the risk of both types of fraud. 

Stealing wallets used to be the best way identity thieves obtained SSNs, driver's licenses, credit card numbers and other pieces of identification. While still employed, identity thieves now use more sophisticated means:

• "Dumpster diving" in trash bins for unshredded credit card and loan applications and documents containing SSNs.
• Stealing mail from unlocked mailboxes to obtain newly issued credit cards, bank and credit card statements, pre-approved credit offers, investment reports, insurance statements, benefits documents, or tax information.
• Accessing your credit report fraudulently, for example, by posing as an employer, loan officer, or landlord. Obtaining names and SSNs from personnel or customer files in the workplace. 
• "Shoulder surfing" at ATM machines and phone booths in order to capture PIN numbers. 
• Finding identifying information on Internet sources, via public records sites and fee-based information broker sites.

Reducing access to your personal data:
Minimize the amount of information a thief can steal by not carrying extra credit cards, your Social Security card or number, birth certificate or passport in your wallet, or purse, except when needed. At work, store your wallet in a safe place. Do not leave personal data in your car.

To reduce the amount of personal information that is "out there," consider the following:

Remove your name from the marketing lists of the three credit reporting bureaus -- Equifax, Experian  (formerly TRW) and TransUnion. Call 888-5OPTOUT. This will limit the number of pre-approved offers of credit that you receive. These, when tossed into the garbage, are a potential target of identity thieves who use them to order credit cards in your name. (See PRC Fact Sheet 6 for more information about credit reporting, www.privacyrights.org/fs/fs6-crdt.htm.)

Keep a list or photocopy of all your credit cards, bank accounts, and investments -- the account numbers, expiration dates and telephone numbers of the customer service and fraud departments -- in a secure place (not your wallet or purse) so you can quickly contact these companies in case your credit cards have been stolen or accounts are being used fraudulently. 

Sign up for the Federal Trade Commission's National Do Not Call Registry and the Direct Marketing Association's Telephone Preference Service. Your name is added to name deletion lists used by nationwide marketers. You may also need to register for your state's "do not call" list, if it has one.

National Do Not Call Registry, www.donotcall.gov, (888) 382-1222 
Do Not Call Registry interaction with state registries:
www.ftc.gov/bcp/conline/edcams/donotcall/statelist.html

Have your name and address removed from the phone book and reverse directories. (See PRC Fact Sheet 4 on tips for reducing junk mail, www.privacyrights.org/fs/fs4-junk.htm.) 

Opt-out of the sale or sharing of your financial information when given the opportunity by your bank, credit card companies, insurance companies, and investment firms. (Read PRC Fact Sheet 24, www.privacyrights.org/fs/fs24-finpriv.htm.) 

Install a locked mailbox at your residence to deter mail theft. Or use a post office box or a commercial mailbox service. When you are away from home for an extended time, have your mail held at the Post Office, or ask a trusted neighbor to pick it up. 

When ordering new checks, pick them up at the bank. Don't have them mailed to your home. If you have a post office box, use that address on your checks rather than your home address so thieves will not know where you live. 

When you pay bills, do not leave the envelopes containing your checks at your mailbox for the postal carrier to pick up, or in open boxes at the receptionist's desk in your workplace. If stolen, your checks can be altered and then cashed by the imposter. It is best to mail bills and other sensitive items at the drop boxes inside the post office rather than neighborhood drop boxes.

Credit cards and credit reports:
Reduce the number of credit cards you actively use to a minimum. Carry only one or two of them in your wallet. Consider canceling unused accounts. Even though you do not use them, their account numbers are recorded in your credit report, providing a tempting target for identity thieves. But be aware that reducing the number of credit card accounts might lower your credit score.

Never give out your SSN, credit card number or other personal information over the phone, by mail, or on the Internet unless you have a trusted business relationship with the company and you have initiated the call. Identity thieves have been known to call their victims with a fake story that goes something like this. "Today is your lucky day! You have been chosen by the Publishers Consolidated Sweepstakes to receive a free trip to the Kayman Islands. All we need is your Social Security number, credit card number and expiration date to verify you as the lucky winner." 

Always take credit card receipts with you. Never toss them in a public trash container. When shopping, put receipts in your wallet rather than in the shopping bag.

Watch the mail when you expect a new or reissued credit card to arrive. Contact the issuer if the card does not arrive.

Order your credit report once a year, or better twice, from each of the three credit bureaus to check for errors and fraudulent use of your accounts. Credit reports cost $8-$9 in most states. If you are on a budget, order from one credit bureau now, from another in six months, and the third six months later. In one year you will have checked all three. 

You do not have to be an identity theft victim to place a "fraud alert" on your three credit reports. With the alerts, you place a statement on your files requesting credit issuers to call you at your phone number before issuing credit. In theory, anyway, if an imposter attempts to open credit in your name, the credit grantor will contact you first. But they do not always pay attention to fraud alerts, so this strategy does not ensure that you'll prevent identity theft. When you place fraud alerts by phone, the credit bureaus give you a temporary alert, good for only a few months. If you wish to extend the fraud alert, you must write the three credit bureaus and request a seven-year fraud alert. For information on how to establish fraud alerts, read "step one" of the PRC's Fact Sheet 17a, www.privacyrights.org/fs/fs17a.htm. 

Californians are now able to "freeze" their credit reports, a stronger alternative to fraud alerts. (California Civil Code 1785.11.2, implemented January 1, 2003) This law enables individuals to prevent others from accessing their credit files and thereby prevents thieves from opening up new credit card and loan accounts. Security freezes are available at no charge to identity theft victims and for an annual fee for non-victims. The California Office of Privacy Protection provides a guide on security freezes, www.privacy.ca.gov/sheets/cis10securityfreeze.pdf. 

Passwords and PINS:
When creating passwords and PINs (personal identification numbers), do not use the last four digits of your Social Security number, mother's maiden name, your birthdate, middle name, pet's name, consecutive numbers or anything else that could easily be discovered by thieves. It is best to create passwords that combine letters and numbers. Memorize all your passwords. Do not record them on anything in your wallet.

Shield your hand when using a bank ATM machine or making long distance phone calls with your phone card. "Shoulder surfers" may be nearby with binoculars or video camera.

Social Security numbers:
Protect your Social Security number (SSN). Release it only when absolutely necessary (like tax forms, employment records, most banking, stock and property transactions). The SSN is the key to your credit and banking accounts and is the prime target of criminals.If a business requests your SSN, ask if it has an alternative number that can be used instead. Speak to a manager or supervisor if your request is not honored. Ask to see the company's written policy on SSNs. If necessary, take your business elsewhere. If the SSN is requested by a government agency, look for the Privacy Act notice. This will tell you if your SSN is required, what will be done with it, and what happens if you refuse to provide it. If your state uses your SSN as your driver's license number, ask to substitute another number.

If possible, do not provide the SSN on job applications. Offer to provide it when you are interviewed. (For more tips, read PRC Fact Sheet 10, www.privacyrights.org/fs/fs10-ssn.htm.)

Do not let merchants hand-write the SSN onto your checks because of the risk of fraud. There is no law against this, so you may need to be assertive.

Examine your Social Security Personal Earnings and Benefits Estimate Statement each year to check for fraud. The Social Security Administration mails it to adult-age SSN holders about three months before the birthday. The SSA web site has additional information, www.ssa.gov/mystatement. Reach them by phone at (800) 772-1213.

If you live in a state that uses the SSN as the driver's license number, we recommend that you contact your Department of Motor Vehicles and request a different number.

When shopping online, do business with companies that provide transaction security protection, and that have strong privacy and security policies. For more online shopping tips, read PRC Fact Sheet 23, www.privacyrights.org/fs/fs23-shopping.htm. 

Before disposing of your computer, remove data by using a strong "wipe" utility program. Do not rely on the "delete" function to remove files containing sensitive information. 

Responsible information handling:
Each month, carefully review your credit card, bank and phone statements, including cellular phone bills, for unauthorized use. (For more information on cell phone fraud, see PRC Fact Sheet 2, www.privacyrights.org/fs/fs2-wire.htm.)

Do not toss pre-approved credit offers in your trash or recycling bin without first tearing them into small pieces or shredding them. They can be used by "dumpster divers" to order credit cards in your name and mail them to their address. Do the same with other sensitive information like credit card receipts, phone bills, bank account statements, investment account reports, and so on. Home shredders can be purchased in many office supply stores. We recommend cross-cut shredders.

When you fill out loan or credit applications, find out how the company disposes of them. If you are not convinced that they store them in locked files and/or shred them, take your business elsewhere. Some auto dealerships, department stores, car rental agencies, and video stores have been known to be careless with customer applications. When you pay by credit card, ask the business how it stores and disposes of the forms. Avoid paying by credit card if you think the business is not careful. When paying with credit cards on the Internet, be sure the company uses secure transmission and storage methods. (See PRC Fact Sheet 23 on safe online shopping tips, www.privacyrights.org/fs/fs23-shopping.htm.)

Store canceled checks in a safe place. In the wrong hands, they could reveal a lot of information about you, including the account number, your phone number and driver's license number. 

Store personal information securely in your home, especially if you have roommates, employ outside help, or have service work done in your home.