How to prevent identity theft (and: What to do if you’re the victim of identity theft)

Text fraud alertLast month, Kim was a victim of identity theft. Somebody used her debit card to make a large purchase of cosmetics.

The thief first tried a couple of test transactions for amounts of $0.01 and $0.00. (How is a $0.00 transaction even possible? I have no idea.) When those worked, she went all-in. She charged $555.90 to the account.

Fortunately, Kim has an excellent bank. USAA both phoned and texted to let her know something seemed suspicious. Then, over the next week, they worked with her to keep disruptions as minimal as possible.

In the end, nobody knows exactly what happened. How did the ID thief get Kim's debit card info? How were they able to buy $555.90 in cosmetics? What's to prevent this from happening again? All that's certain is that Kim lost a great deal of time (but no money) handling this hassle.

Credit Where It's Due

Since the incident, I've been coaching Kim on what she can do to protect herself. We're not taking a comprehensive approach (as suggested in this very thorough identity theft resource at the Personal Finance subreddit). I don't feel like this event warrants more than increased vigilance. To that end, we're taking three specific steps.

  • First, it's important that she check her transaction history regularly. Money nerds like me do this several times each week. Kim isn't a money nerd. All the same, I think it'd be smart for her to go online and scan her account statements every Saturday morning.
  • Second, I showed her how to access her free credit reports from AnnualCreditReport.com. The U.S. government has mandated that consumers be allowed to view their credit reports from each of the three major reporting agencies once every year. If you'd like, you can obtain reports from all three credit reporting agencies at once. Or, you can stagger your requests, possibly requesting one report every four months from a different agency. (Kim's credit report came back clean — nothing unexpected.)
  • Finally, I had her sign up for a free account at Credit Sesame. Credit Sesame is one of many online tools to monitor your credit score. (I like that it analyzes which parts of your credit score or strong and which are weak.)

Kim's credit score

We didn't find any additional problems. The cosmetic purchase appears to have been a one-time thing. (Or maybe the quick action from Kim and USAA managed to prevent additional problems.) We'll keep a close eye on Kim's accounts for the next several months, though. If other problems occur, we'll escalate the protective measures.

Sidenote
On a lark, I checked my own credit score with Credit Sesame. Drat! I came in at 810, fourteen points lower than Kim. As always, I'm penalized because I don't have enough sources of credit. If I could get a mortgage (like I want), my score would be better.

My credit score

Still, I shouldn't complain. My credit score has increased a few points this year. (My credit score was 804 when I got a new credit card in February.)

Deter, Detect, Defend

If Kim's situation had been more severe, we would have used the U.S. Federal Trade Commission's excellent site devoted to helping people recover from identity theft. The site includes a comprehensive list of steps to take if you believe your ID has been stolen. It will also walk you through the process of creating a personal recovery plan.

Deter

The first step is to deter identity thieves by safeguarding your information.

  • Shred financial documents and paperwork with personal information before you discard them.
  • Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
  • Don't give out personal information on the phone, through the mail, or over the internet unless you know who you are dealing with.
  • Never click on links sent in unsolicited e-mail. Instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer, and keep them up-to-date. OnGuard Online is a government-sponsored site to help you guard against internet fraud.
  • Don't use an obvious password like your birth date, your mother's maiden name, or the last four digits of your Social Security number.
  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.

I bought an inexpensive shredder last fall. I thought it was a dubious expense at first, but lately I've been shredding everything I can. As I move toward a paperless personal finance system, the shredder becomes even more valuable. Also, based on the rash of mail theft in our neighborhood, Kris and I have obtained a post office box. At just $3.50 per month, it's cheap insurance.

Detect

Detect suspicious activity by routinely monitoring your financial accounts and billing statements. Be alert to signs that require immediate attention:

  • Bills that do not arrive as expected.
  • Unexpected credit cards or account statements.
  • Denials of credit for no apparent reason.
  • Calls or letters about purchases you did not make.

Regularly inspect your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.

The law requires each of the three major nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every year. But you have to ask for it.

There are three ways to obtain your credit report:

  • Order it online at the government-approved AnnualCreditReport.com.
  • Call 1-877-322-8228.
  • Complete the Annual Credit Report Request Form and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

You will need to provide some basic information, including your Social Security number, and you may need to provide some personal financial information. If you plan to check your report online, be wary of impostor sites. Be absolutely certain that you have reached AnnualCreditReport.com.

Finally, regularly inspect your financial statements. Review accounts and billing statements, looking for charges you did not make. I review my accounts online at least once per week, and generally more often than that.

Defend

If you suspect that you may have been (or may become) a victim of identity theft, you can file a “fraud alert” on your credit reports. This alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is supposed to be sufficient:

  • Equifax: 1-800-525-6285
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289

Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.

(Note: I'm not convinced the fraud alert system works. I filed a fraud alert with Equifax on Sunday morning. It took them more than 24 hours to respond with e-mail confirmation. When I tried to get my free credit report from the link they provided, the system would not process the request. When I tried to get it by phone, they wanted $10 and I could not reach a live operator to help me. The Equifax e-mail promised they'd forward the fraud alert to Experian and TransUnion, but I still haven't heard from either agency. As I say, I'm not convinced this system works. I'm cranky, in fact.)

Close any accounts that have been tampered with or established fraudulently. Call the security and fraud departments of each company where an account was opened or changed without your permission. Follow up in writing, with copies of supporting documents. Use the ID Theft Affidavit [PDF] to support your written statement.

Ask for verification that the disputed account has been closed and the fraudulent debts discharged. Keep copies of documents and records of your conversations about the theft.

File a report with local law enforcement officials to help you with creditors who may want proof of the crime. Also report the theft to the Federal Trade Commission, which will help law enforcement officials across the country in their investigations. You can use any of the following methods:

  • Online at ftc.gov/idtheft
  • By phone: 1-877-ID-THEFT (438-4338)
  • By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580

Much of the information in this section is taken directly from FTC documents, which are in the Public Domain.

Lastly, the FTC has put together the following ten-minute educational video to provide an overview of identity theft, and to outline steps consumers can take if they suspect they've become a victim. (Video opens in a new window — sorry, that's the only way I can figure out how to link it.)

More about...Credit

Become A Money Boss And Join 15,000 Others

Subscribe to the GRS Insider (FREE) and we’ll give you a copy of the Money Boss Manifesto (also FREE)

Yes! Sign up and get your free gift
Become A Money Boss And Join 15,000 Others
guest
53 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Kraft
Kraft
12 years ago

This causes a bit more effort on the day-to-day, but a PO box is a simple way to protect your mail while making it easier for you when you move intracity. As a student and now as a recent graduate, I’ve moved every 9-15 months for the past six years without my mailing address changing.

Breeni Books
Breeni Books
12 years ago

I would like to add a method of identity theft that many people aren’t aware of: fax machines. Many fax machines have a retrieval system where the owner can dial in from an outside line and print out recent faxes. It works for thieves, too. A few months ago, I needed to order ants for my son’s ant farm. The company gave two options for payment: snail mail or fax. I opted for fax to make it quicker, and faxed in my order form (address and credit card included) from the fax machine at work. While at work the next… Read more »

nmh
nmh
12 years ago

You should wait 60 days to check your credit report after a theft like this. Getting one any sooner won’t help because adverse information wouldn’t have shown up. (That is not to say you shouldn’t put a fraud alert on immediately, you should) Also, when dealing with the credit unions use certified US Mail its the only way to get a good paper trail when you need to challenge something — their web/e-mail system just does not work. And for anyone with children it may be worth checking to see if they have a credit report and if so putting… Read more »

HollyP
HollyP
12 years ago

Watching the news can also give you a heads-up of potential problems.

My personal information was put at risk twice in the last year. First, by TJX companies, which owns several stores I shop at occasionally; and second, by my state licensing board. (I hold a professional license.) I was never notified by TJX about the potential release, and it took 6-8 weeks for the state to notify me. Thankfully I noticed the news stories and flagged my credit bureau reports immediately.

Jason P
Jason P
12 years ago

I’ve done something that’s similar to the PO box option above. When I bought my house, the mail box on the side had an open top…plus it was ugly. So I went to buy a new one. The one I purchased is lockable and you can’t slip your hand in the top to pull the mail back out. You can only unlock the front of it. I got it at Home Depot or Lowe’s…I forget.

Terri
Terri
12 years ago

A word to the wise with free credit reports – be sure to read the fine print!!! My boyfriend had a free one run on his grandmother last year b/c they thought one of her CCs had may have been stolen (they’d just put her in a nursing home). He is terrible with organizing his money and I spent all of Saturday helping him develop a savings and budget plan, so I started from 1/1/08 and signed him up for Wesabe. I kept asking “what is this CIC*Triple Advantage charge every month?” and he had no idea. I did a… Read more »

Alya
Alya
12 years ago

Excellent article. Thank you…

Working Dollar
Working Dollar
12 years ago

Wow, this article is nearly identical to the article series I posted about a week or two ago – used the same web site for the research and everything. Great minds think alike, huh.

Identity Theft Series

Dave
Dave
12 years ago

I’m curious about how expansive the definition of “identity theft” is at the beginning of the article. I realize that identity theft is a huge and growing problem, but one out of every twenty seven Americans affected in a single year sounds bogus to me.

J.D.
J.D.
12 years ago

Good point, Dave. I’ll add a link to my source at the start of the article. Here’s the report:

http://ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf

Somewhere along the way, I edited out the word “adults” which is an important qualifier. I’ll fix the post.

Dave
Dave
12 years ago

This is probably a big duh for most people, but since J.D. didn’t mention it directly — be sure to shred credit card offers that come in your mail, as thieves can fill out these applications and send them in. And apparently credit card companies even accept *torn* applications, so it’s best to get a cross-cutting type shredder.

Becky@FamilyandFinances
12 years ago

This makes me glad that we have a mail slot where the mail goes directly into our house!

I can’t believe how much of a problem you’re having with the fraud alert, JD. That would make me cranky, too 🙂

Brigid
Brigid
12 years ago

I’ve been pondering signing up for Lifelock. It’s $100 a year. Yes, a lot of the stuff they do for you is stuff you can do for free (they are actually very up-front about that), but there’s something to be said for letting someone else do the heavy lifting. Anyone tried it or have any thoughts??

Cheers!

Deborah
Deborah
12 years ago

I’d be interested in knowing what you think about http://www.lifelock.com. I keep hearing ads on the radio about it and looked on their website and it looks like they monitor your SS number and I think automatically put the “fraud alert” thing on those credit report companies. Is it worth it to pay for that kind of service?

Michelle
Michelle
12 years ago

We’re planning to replace our beat-up mailbox. (Our town requires them street-side, and the snow plow has hit ours one too many times.) I’ve been considering getting one that locks. Timely article!

Hope you get everything straightened out with minimal hassle.

J.D.
J.D.
12 years ago

@Deborah and Brigid

Whether or not Lifelock is worth it is something only you can decide. For me, it’s not. Here’s an article about a do-it-yourself lifelock. I’d go that route first before paying somebody to do it for me…

KissairisM
KissairisM
12 years ago

I also am suspicious of the fraud alert. Last October, my debit card was used by someone in Las Vegas and they ran up about $800 in charges in one day. I live in Virginia and had my card on me the day they used my number. I called Equifax to do the initial fraud alert. I got a letter in the mail a few days after that from TransUnion about the fraud alert, but I never heard from Experian. Also, I couldn’t get the free report that’s promised either — I had the same exact issues you did. Makes… Read more »

Grant Alan Friedline
Grant Alan Friedline
12 years ago

Good article. Just some password tips. Try to make them at least 8 characters long (10 is recommended). Anything less can be hacked in a few hours if the username is known. Include letters, numbers, and a special character or two. Do not use dictionary words. Mix up a favorite movie title or a favorite music artist name. I saw Rambo 4 a few weeks ago. Ramb0f00r would be decent haha. Things like that.

Sam
Sam
12 years ago

I don’t know if it helps or not, but in the last few years I’ve stopped handing out my SS# to anyone who I don’t think needs it. For example, I just started seeing a new doctor and when filling out forms I left the SS# field blank. When the receptionist took my forms she asked about my SS# and I asked her why she needed it and she said they use it to identify the correct file among patients with the same or similar names (i.e. Jane Smith). I kindly pointed out that my last name is unique and… Read more »

J.P.
J.P.
12 years ago

We don’t get a lot of mail, so i know what days i should usually get mail. Whenever the mail doesn’t come i worry that someone stole my mail with all my personal information. It hasn’t happened to me yet but a neighbor had their netflix moves stolen.

Erica B.
Erica B.
12 years ago

I had a problem once getting my free credit report because it the online system couldn’t recognize my hyphenated last name. Got around that by leaving the hyphen out the next time I tried, but it was pretty stupid.

I also found three credit card accounts that I had closed long ago, but that fact hadn’t been noted on the report — AND one of them had since been sold to Chase in the interim, and been reopened at that time!

On the whole, a good experience, though. No fraudulent activity 🙂

JG-CISSP
JG-CISSP
12 years ago

Great tips here. And it is a little inconvenient, but it’s a good move to go with the P.O. box. Along with these, one of the most common mistakes people make is providing too much information on their printed checks – you should provide as little information as possible. For example, never, ever, put your social security number or your driver’s license number on a check unless you are required to do so in person, at a place that you trust, and even at that you should question it. With a social security number and a driver’s license number, your… Read more »

nolandda
nolandda
12 years ago

I like this post a lot. One powerful protection technique that was omitted is the ability of consumers in many jurisdictions to place a _permanent_ security freeze on their credit reports. With such a freeze the potential creditor cannot run a credit report to approve new credit under your SSN without a special PIN number. After requesting the freeze the credit agencies each send you a letter with a PIN number. From there it is just a matter of keeping those three letters in your safe and not losing them. I don’t use much credit, and I haven’t opened any… Read more »

nolandda
nolandda
12 years ago
Rich B
Rich B
12 years ago

Has anyone heard of or used the LifeLock service? I have seen the commercials on TV where the CEO is widely distributing his SSN on flyers while an advertising truck drives around NYC with his SSN on a billboard. The company claims to protect your identity and if your identity is stolen they will cover up to one million dollars for the costs and fees to correct the theft. It sounds like a great service that will prevent identity theft, but it would be interesting to find out how it works, and if it is as safe, easy, and reliable… Read more »

LJ
LJ
12 years ago

Did anyone else notice that AnnualCreditReport.com asks you to submit your personal data on an UNENCRYPTED page?

For a service that purports to reduce your exposure to identity theft, that’s pretty insane.

Thanks for the tip, J.D., but I really think you should recommend a different site.

Jean
Jean
12 years ago

JD, regarding your experience with the fraud alert: unfortunately I had to utilize it recently but it worked amazingly well for me, I thought. However, I called all three bureaus just because I’m paranoid and in under a week I received mail from all three bureaus stating that the alerts were active (I received two notices from Experian and one each from the other two). I have already ordered two out of the three credit reports I was due, one online and one via phone. I’m waiting a bit to get the third report as I have up to a… Read more »

susan
susan
12 years ago

I have frozen my credit. For those who are considering using lifelock, you may want to look into it. from: http://www.consumersunion.org/campaigns/learn_more/003484indiv.html There are more than eight million new victims of identity theft each year in the U.S. Many of these victims find that crooks have used stolen personal information like Social Security numbers to open new accounts in their victim’s name. A security freeze gives consumers the choice to “freeze” or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name. When a security freeze is in… Read more »

Ron@TheWisdomJournal
12 years ago

Yes, it sucks, especially when a family member is the one who does it to you. I know from personal experience.
http://www.thewisdomjournal.com/Blog/my-identity-was-stolen/

leigh
leigh
12 years ago

my colleague found out her boyfriend of 8 years was using her identity to open all kinds of credit cards in her name… when she broke up with him.

this one went even farther to masquerade as her! she has a foreign name, he was a foreign guy, and different countries use the name for both males and females.

and one thing we never expected to hear: fraudulent use of health insurance information!

Trees Full of Money
Trees Full of Money
12 years ago

Checking your credit reports is so important! If anyone needs help with annualcreditreport.com I have a step by step example (with actual computer screen shots) on how to do it on my blog under “The Real Free Credit Reports”.

Ben

catweber
catweber
12 years ago

A really informative blog-but there is one other thing you can do to make your identity/accounts more secure. If a company you deal with offers online statements accept that offer as fast as you can. This keeps alot of paper with account numbers out of the mail box-less to shred-and in some cases saves you money. MCI charges $1 for a paper bill-check your bill!Vanguard will drop $30 a year account fees if you choose online statements. Just thought you might like to know!

MetaMommy
MetaMommy
12 years ago

As Sam says, avoid giving out your SSN. Medical offices don’t need it. If you say you’d prefer not to give it out, they usually shrug it off, or as to get your drivers’ license instead. Schools, insurance companies, etc. should no longer use your SSN as your ID#. Be sure that they don’t. My information has been potentially stolen due to exposures by companies with my information. For example, a big story on my university revealed over 30,000 names were compromised. As a result, in addition to prior precautionary efforts (e.g., shred mail, scrutinize CC statements), I checked my… Read more »

Harry
Harry
12 years ago

The AnnualCreditReport.com website DOES use encryption on the page where you enter your personal information. The commenter who says it’s not encrypted is just flat out wrong.

Michael
Michael
12 years ago

Great article, and lots of great tips both in the article and in the comments. I am a Certified Identity Theft Risk Management Specialist. There are five basic types of identity theft; Financial is the most common, 26% of the cases reported to the FTC are financial in nature. The other types are DMV/Drivers License Identity Theft (someone using your driving record or your DL number), Social Security Identity Theft (someone using your SSAN for employment or Social Security benefits), Character/Criminal Identity Theft (someone committing a crime and giving your name), and Medical/Medical Benefits Identity Theft (someone using your medical… Read more »

identitythoughts
identitythoughts
12 years ago

I just want to chime in about credit freezes. They are definitely the safest way to go (albeit slightly inconvenient if you are going to be needing credit anytime soon). The problem with fraud alerts is that the lender is not legally obligated to contact you, even though they are supposed to. I did a post about the differences between credit monitoring vs. fraud alerts vs. credit freezes here: http://www.identitythoughts.com/credit-monitoring-vs-fraud-alerts-vs-credit-freezes . Some people were asking about LifeLock. A TV station recently did a comparison of LifeLock, TrustedID, and Loudsiren by basically simulating an identity theft. I have a writeup about… Read more »

joe fahrner
joe fahrner
12 years ago

Re: LifeLock- its true that DIYers can do much of what LifeLock does for themselves. However, it is important to remember that if you are going to take steps like setting your own credit freezes, monitoring your social security administration profile and checking your credit reports for errors/fraud that you can’t cut any corners and you have to keep up the maintenance. Some folks have the discipline, time and focus to keep this up while others don’t. Those in the former group likely don’t need a professional identity theft protection service while those in the latter definitely do. Its no… Read more »

Sistah Ant
Sistah Ant
12 years ago

I’m sorry your mail was stolen. The same thing happened to me last month, and I wound up having to do preemptive defense. I contacted all of the companies I have accounts with, had my account numbers changed, initiated a fraud alert with the 3 major reporters, and filed a report. I haven’t had the trouble with the fraud alert that you had – I’ve heard back from all three companies.

I have more secure household mail and a PO Box now. I actively “deter,” but my mail was a weak spot – not anymore!

Beth
Beth
12 years ago

Comment on #30, [email protected]: Family member identity theft happened to my husband too. Last fall I married a man I had known for years as a friend/fellow employee that had had his identity stolen for years and did not realize it until January of 2005. The identity thief was his wife!! She had set up post office boxes for mail she didn’t want him to see, made elaborate copies of checking and savings statements that were his accounts to show him if he ever asked – which he seldom did. She forged his signature on CD and IRA cash out… Read more »

Eugene
Eugene
12 years ago

The locking mailbox or post office box only helps the mail that gets to you, you have no way of knowing if somehting important got lost elsewhere or was mis directed to someone else. I’ve pulled my neighbors mail out of my mailbox and they have pulled mine from theirs, all the locks in the world won’t help there. You need to eliminate it at the source, get on the opt out list , get paperless statments, etc.

Stephen
Stephen
12 years ago

I avoid most paper mail by using epost for all of my bills, this allows me to receive and pay my bills online without ever using one piece of paper.

This does not work with things like tax documents and other non bills though

idthoughts
idthoughts
12 years ago

Beth, just wanted to say that is an absolutely brutal story.

I hope everything ends up working out. I can’t imagine what you and your husband have gone through.

James
James
12 years ago

I went through something similar last year and took steps to protect myself:

http://www.jamestharpe.com/2007/06/what-i-did-when-my-data-was-stolen/

I was lucky though. Nothing out of the ordinary happened, and my credit was safe.

One thing I would suggest is not only filing a fraud alert on your credit reports but *also with your friends*. The data found in your trash can be used not just to steal your identity, but it can also be used to scam your friends!

Renee
Renee
12 years ago

I did a search for the fun of it on intelius.com only to find out that someone had opened a PO Box in a town that I have never heard of. I have a very unusual last name and I am surprised that someone would choose my name. I am not sure why anyone would open a po box like this…I can only guess that they are planning on sending credit cards or whatever to it. I signed up for Lifelock right away and placed a fraud alert. So I would add that it is important to do a routine… Read more »

Alex
Alex
7 years ago

Identity theft is a brutal crime and if you ask anyone who has ever fell victim to it, they will tell you just this. I don’t even pretend to know what the actual statistics are for identity theft, but I can tell you that if my information were ever compromised, I would would be i n absolute financial ruin. I am just not willing to take the chance, are you? For some good related information, please go here http://tipsonpreventingidentitytheft.com/

Rand
Rand
7 years ago

Totally had mail stolen in college and they opened accounts in my name under my credit. Nice work, campus residence life.

Jennifer
Jennifer
2 years ago

J.D., I love your site and appreciate all that you teach us, but as a person in the financial services industry, I am not certain that ID Theft and a compromised card are the same thing. Cards get compromised all the time and the fraudsters don’t do anything but rack up fraudulent charges. ID Theft also happens very frequently, but to my knowledge is when someone actually steals your identity and uses it to obtain credit, perform financial transactions and/or for medical purposes. As an example, ID Theft is something that’s a real risk as a result of the Equifax… Read more »

Peter Brülls
Peter Brülls
2 years ago

About the transaction history: I found it helpful to have the bank and credit card company send me a text message for any transaction, including the ones I set up myself.

The two I use either include the current balance with each message or as a message of its own every couple of days, so I’m not ever unclear about where my normal spending money goes.

John
John
2 years ago

J.D.,

On other thing you might suggest is to take advantage of free transaction alerts in the form of emails or text messages from your credit card company. Most cards now allow you to set up alerts so you get notified of every transaction. 99.9% of the time you’ve just swiped your card so you know the message is coming and it takes just a moment to delete it. But that 0.1% when the transaction doesn’t make sense is your clue to call your credit card company right away.

Accidental Fire
Accidental Fire
2 years ago

Great post JD and sorry that happened to you and Kim. Question, when signing up for Credit Sesame did you have to give them your social security number?

I was going to start the process to check myself but before even giving them my email I thought I’d ask – thanks in advance!

shares