Tag: Identity Theft

Advertiser Disclosure

Consumer Watchdog, Identity Theft Protection

The Guide to Freezing and Thawing Your Credit Report

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

iStock

The recent Equifax data breach that exposed the names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers of about 44 percent of the current American population has many consumers now rushing to freeze their credit scores. However, many consumers may not grasp what that really entails.

In a recent survey by CompareCards.com, a subsidiary of MagnifyMoney’s parent company, LendingTree.com, 78 percent of respondents said they had never put a freeze on their credit reports.

When you freeze and thaw your report, you are preventing anyone else from opening a credit account under your name without your knowledge. It’s a smart way to defend yourself against some cases of identity theft. Massive data breaches like the one that hit Equifax are stark reminders of the importance of protecting sensitive information from potential fraudsters, but that doesn’t mean you should wait until your information is compromised in a data breach to act.

“We should all be vigilant,” says Eva Velasquez, president of the Identity Theft Resource Center. “Being vigilant about your identity is just a part of the world that we live in. If being involved in a data breach is the catalyst that brings that to the top of your mind, then we can see that as a positive.”

What a credit freeze does — and doesn’t — accomplish

A credit freeze, or security freeze, is a tool consumers can use to restrict access to their credit reports. The freeze makes it harder for criminals to commit financial fraud using your information.

The freeze seals your credit reports so that new requests won’t be processed without your approval. You will need to use a personal identification number — only you will know it — to lift or thaw the freeze before creditors can again have access to your credit report. A freeze adds a layer of security, since most creditors won’t extend new credit without seeing your report.

You will need to request a credit freeze with each of the big three reporting bureaus — Equifax, TransUnion and Experian — for the freeze to have the biggest impact.

Freezing your credit report will NOT:

  • Impact your credit score
    • A credit freeze will have no impact whatsoever on your credit score. Freezing your credit will neither raise nor lower your score.
  • Restrict existing creditors’ access to your report
    • Your current creditors, government agencies or debt collectors acting on behalf of those parties will still have access to your credit report if you freeze it.
  • Keep you from opening new credit
    • You will still be able to use your credit report to do things like open a new credit account, apply for a mortgage, rent an apartment or take any other action that calls for a credit check. But you’ll need to lift the temporary freeze before lenders can gain access to the report. If you know you’ll be doing any of those activities, you can temporarily lift the freeze for a certain party or a length of time, but it may cost you money to do so.
  • Prevent a criminal from committing fraud involving your existing accounts.
    • Freezing your credit report won’t prevent you, or any would-be thieves, from using your existing credit accounts. You will still need to vigilantly monitor all of your personal bank, credit and insurance accounts for fraudulent transactions or other signs of fraudulent activity.
  • Stop you from receiving prescreened credit offers
    • Freezing your credit report won’t stop lenders from sending you prescreened credit offers, as they prequalify new customers using a “soft pull.” A soft pull doesn’t show up on your credit report or harm your credit score. Banks buy the names of people who meet their credit criteria from credit bureaus to create their prequalification lists. So when you are prequalified, it just means you’re on a list somewhere. If you want to stop receiving such credit offers, call 888-5OPTOUT (888-567-8688) or ask to be excluded here.
  • Protect you from all forms of ID theft
    • A credit freeze can help to prevent financial fraud, but it will still leave you vulnerable to many other kinds of fraud. When criminals obtain important and sensitive information like your Social Security number as they did in the Equifax breach, they can use this data to commit criminal, medical, tax and employment theft, too. For example, a thief could use your Social Security number to file a tax return and claim a fraudulent refund, or use your personal information to obtain medical care or employment without your knowledge. Remain vigilant to protect yourself from other forms of fraud. Pay careful attention to any mail or phone calls from a medical office, government agency or other entity. They may be reaching out to verify your identity or report that someone else is attempting to commit fraud in your name.

How to freeze your credit report

You must go through a separate process with each of the three major credit bureaus to freeze your credit report.

Equifax

Equifax Complete Advantage Plan You can freeze your Equifax credit report online, by phone or by mail.

  • Online: In a statement issued in The Wall Street Journal on Sept. 27, Equifax said it would offer a new service that permanently allows consumers to lock and unlock their credit reports for free. The service is set to debut by Jan. 31, 2018.

    In the meantime, you can still freeze your Equifax score the traditional way, by visiting the Equifax security freeze site. You will first need to fill out a form with your personal information, then make any payment required by your state. Equifax’s site may be experiencing high traffic as a result of the recent breach, so it may not be able to process your request right away. If that is the case, try one of the other methods or try again online in a day or two.

  • Phone: Call 1-800-685-1111 (New York residents call 1-800-349-9960), and you should be connected with an Equifax representative who will verify your personal information and assist you with your credit freeze request.
  • Mail: Request your credit freeze by certified mail. If you’re a victim of identity theft, this is the channel you will need to use; your request must be submitted in writing with relevant documents, like a police report or other documented proof of theft, to have your fee waived. Write a letter to the reporting agency requesting the credit request and send it to the following address: Equifax Security Freeze/P.O. Box 105788/Atlanta, GA 30348

TransUnion

TrueIdentity You can freeze your credit TransUnion report online, by phone or mail, or by using TrueIdentity,

  • Online: Go to the TransUnion security freeze site. You will need to log in or create a TransUnion account before you can submit your request online.
  • Phone: Call 1-888-909-8872 and a TransUnion representative should verify your personal information and assist you with your credit freeze request.
  • Mail: Request your credit freeze by certified mail. Write a letter to the reporting agency requesting the credit request and send it to the following address: TransUnion LLC/P.O. Box 2000/Chester, PA 19016
  • TrueIdentity: TransUnion offers a free credit report monitoring service called TrueIdentity. The service allows users to lock and unlock their credit report with a swipe on their mobile device or a click online. It gives access to unlimited TransUnion Credit report refreshes, and alerts you if an entity pulls your TransUnion credit report.

Experian

Experian You can freeze your Equifax credit report online, by phone or by mail.

  • Online: Go to the Experian security freeze site. Select “add a security freeze,” then “apply online” and you’ll be redirected to a form requesting your personal information. Submit the form and make any payment required by your state to freeze your report.
  • Phone: 1-888-EXPERIAN (1-888-397-3742). Press 2 to be guided through prompts to request a security freeze.
  • Mail: Request your credit freeze by certified mail. Write a letter to Experian requesting the credit request and send it to the following address: Experian Security Freeze/P.O. Box 9554/Allen, TX 75013

How to thaw your credit report with each agency

Equifax

You can temporarily thaw your Equifax credit report via mail, online Equifax's security freeze site, or by calling 1-800-685-1111. (New York residents dial 1-800-349-9960.) Send mailed requests to the following address:
Equifax Security Freeze/P.O. Box 105788/Atlanta, GA 30348

TransUnion

You can temporarily thaw your TransUnion credit freeze by mail, online or via TransUnion’s credit freeze site, or by calling 1-888-909-8872. Send mailed requests to the following address: TransUnion LLC/P.O. Box 2000/Chester, PA 19016

Experian

You can temporarily thaw your Experian credit report by mail, online via Experian’s security freeze site, or by calling 1-888-397-3742. Send mailed requests to the following address:
Experian/P.O. Box 9554/Allen, TX. 75013

How much a credit freeze will cost you — by state

The protection isn’t free. Each time you freeze your report, temporarily lift a freeze or permanently end one, you may have to pay a fee. In the wake of the Equifax hack, consumer advocacy groups and some lawmakers have renewed their efforts to allow data breach victims to sign up for free credit freezes in their states.

“It is outrageous that the credit bureaus charge us fees to prevent identity theft when we didn’t even give them permission to collect our information in the first place,” Mike Litt, a consumer program advocate with the U.S. Public Interest Research Group, said in a statement a little over a week after the Equifax data breach was made public.

Sens. Elizabeth Warren (D-Mass.) and Brian Schatz (D-Hawaii) introduced the Freedom from Equifax Exploitation (FREE) Act on the same day. The act is intended to make actions related to freezing credit reports free for all consumers nationwide.

Until the proposed act wends its way through both houses of Congress, the amount you may pay to freeze, thaw or permanently end a credit freeze will vary from state to state and may be up to $10.

The majority of states have laws in place that cap the amount a credit reporting agency is permitted to charge consumers to freeze, lift, or thaw their credit reports. A U.S. PIRG analysis released shortly after the breach found only four states — Indiana, Maine, North Carolina, and South Carolina— have laws in place that provide free credit freezes, thaws, or lifts for their citizens. The analysis found an additional four states provide free freezes, but charge for thaws.

There is a silver lining for some. If you can present documentation showing you are a victim of identity theft at the time you place a freeze on your credit, most states will waive fees.

You can check what your state will charge you for each action below. Multiply the amount by three because you will need to pay each credit bureau.

In a Sept. 15, 2017, statement addressing the recent breach, Equifax said it would waive security freeze fees for all consumers through Nov. 21 and refund those who have paid to place or remove a credit freeze since 5 p.m. on Sept. 7, just after the breach was announced.

Nearly every state has legally identified definitions of a “protected consumer,” which may be a minor, an elderly citizen, a service member, a spouse of a victim of ID theft, a medically incapacitated person or some other distinction. Depending on the state, a protected consumer may pay a different amount or have his or her fee waived. The National Conference of State Legislators has more information on whom each state counts as a protected consumer, here.

State

Consumer Category

Freeze

Thaw

End Freeze

Alabama

Victim of ID theft

free

free

free

Senior (65+)

free

$10

$10

All other consumers

$10

$10

$10

Alaska

Victim of ID theft

free

free

free

All other consumers

$5

$2

$2

Arizona

Victim of ID theft

free

free

free

Protected Consumer

free

n/a

free

All other consumers

$5

$5

$5

Arkansas

Victim of ID theft

free

free

free

Senior (65+)

free

$5

free

All other consumers

$5

$5

$5

California

Protected Consumer

$10

n/a

$10

Minor <16

free

n/a

free

Senior (65+)

free

free

$5

All other consumers

$10

$10

$10

Colorado

Victim of ID theft

free

free

free

All other consumers

$10

$12

$12

Connecticut

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

All other consumers

$10

$10

$10

Delaware

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

Senior (65+)

$5

free

free

All other consumers

$10

free

free

District of Columbia

Victim of ID theft

free

free

free

All other consumers

$10

free

free

Florida

Victim of ID theft

free

free

free

Protected Consumer

free

n/a

free

Senior (65+)

free

n/a

free

All other consumers

$10

$10

$10

Georgia

Victim of ID theft

free

free

free

Minor < 16

free

n/a

free

Senior (65+)

free

$3

$3

All other consumers

$3

$3

$3

Hawaii

Victim of ID theft

free

free

free

All other consumers

$5

$5

$5

Idaho

Victim of ID theft

free

free

free

All other consumers

$6

$6

$6

Illinois

Victim of ID theft

free

free

free

Minor < 18

n/a

n/a

n/a

Senior (65+)

free

$10

free

Active-duty military

free

free

free

All other consumers

$10

$10

$10

Indiana

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

All other consumers

free

free

free

Iowa

Victim of ID theft

free

n/a

n/a

All other consumers

$10

$12

$12

Kansas

Victim of ID theft

free

free

free

All other consumers

$5

$5

$5

Kentucky**

Victim of ID theft

free

free

free

All other consumers

$10

$10

$10

Louisiana

Victim of ID theft

free

free

free

Protected Consumer

$10

n/a

n/a

Senior (62+)

free

free

free

All other consumers

$10

n/a

n/a

Maine

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

All other consumers

free

free

free

Maryland

Victim of ID theft

free

free

free

Minor < 16

n/a

n/a

n/a

All other consumers

$5

$5

$5

Massachusetts

Victim of ID theft

free

free

free

Protected Consumer

n/a

n/a

n/a

All other consumers

$5

$5

$5

Michigan

Victim of ID theft

free

free

free

Protected Consumer

free

n/a

free

All other consumers

$10

$10

$10

Minnesota

Victim of ID theft

free

free

free

All other consumers

$5

$5

$5

Mississippi

Victim of ID theft

n/a

n/a

n/a

All other consumers

$10

$10

$10

Missouri

Victim of ID theft

free

free

free

All other consumers

$5

$5

free

Montana

Victim of ID theft

free

free

free

All other consumers

$3

$3

free

Nebraska

Victim of ID theft

free

free

free

Minor < 16

free

free

free

All other consumers

$3

$3

$3

Nevada

Victim of ID theft

free

free

free

Senior (65+)

free

free

free

All other consumers

$10

$10

$10

New Hampshire

Victim of ID theft

free

free

free

All other consumers

$10

n/a

$10

New Jersey

Victim of ID theft

free

$5

$5

All other consumers

free

$5

$5

New Mexico

Victim of ID theft

free

free

free

Senior (65+)

free

free

free

All other consumers

$10

$5

$5

New York

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

All other consumers

free

n/a

$5

North Carolina

Victim of ID theft

free

free

free

Spouse of ID Theft Victim

free

free

free

Minor < 16 if file must be created

$5

n/a

$5

Senior (62+)

free

free

free

Other consumers

free

free

free

North Dakota

Victim of ID theft

free

free

free

All other consumers

$5

$5

n/a

Ohio

Victim of ID theft

free

free

free

All other consumers

$5

$5

$5

Oklahoma

Victim of ID theft

free

free

free

Senior (65+)

free

free

free

All other consumers

$10

$10

$10

Oregon

Victim of ID theft

free

free

free

Minor < 16

free

n/a

free

All other consumers

$10

$10

$10

Pennsylvania**

Victim of ID theft

free

free

free

Senior (65+)

free

$10

free

All other consumers

$10

$10

free

Rhode Island

Victim of ID theft

free

free

free

Senior (65+)

free

free

free

All other consumers

$10

$10

$10

South Carolina

Victim of ID theft

free

free

free

Protected Consumer

free

free

free

All other consumers

free

free

free

South Dakota**

Victim of ID theft

free

free

free

Minor < 16 if file must be created, or Protected Consumers

$5

n/a

n/a

All other consumers

$10

$10

$10

Tennessee

Victim of ID theft

free

free

free

Minor < 16

$10

n/a

$10

All other consumers

$7.50

free

$5

Texas

Victim of ID theft

free

free

free

Protected Consumer

free (fee applicable if record must be created)

n/a

free

All other consumers

$10

$10

$10

Utah

Victim of ID theft

free

free

free

All other consumers

$10

$10

$10

Vermont

Victim of ID theft

free

free

free

All other consumers

$10

$5

$5

Virginia

Victim of ID theft

free

free

free

Protected Consumer

free

n/a

free

All other consumers

$10

free

free

Washington

Victim of ID theft

free

free

free

Senior (65+)

free

free

free

All other consumers

$10

$10

$10

West Virginia

Victim of ID theft

free

free

free

All other consumers

$5

$5

$5

Wisconsin

Victim of ID theft

free

free

free

Non-victims

$10

$10

free

Wyoming

Victim of ID theft

free

free

free

All other consumers

$10

$10

$10

Sources: Consumersunion.org Transunion.com NCSL.org
**In Kentucky, Pennsylvania and South Dakota,  security freezes expire after seven years.

When a credit freeze makes sense — and when it doesn’t

You should freeze your credit report when you are in danger of financial or identity fraud.

Eva Velasquez, of the Identity Theft Resource Center, says consumers should consider freezing their reports if they are victims of identity theft or at an increased risk of having their information misused for identity theft because of lost or stolen items.

Consumers might also consider a credit freeze “if their personal information, specifically their Social Security number, is compromised in some way, like in that of a data breach,” says Velasquez.

Freezing your report is an important consumer protection you can and sometimes should take advantage of as a general consumer. However, there are several occasions when you may not want to freeze your credit.

  • You are planning to open a new line of credit (credit card, mortgage, etc.) in the near future.
  • You work for a company that requires a regular background check or access to your credit report.
  • You regularly open new accounts with financial institutions.

Ultimately, if you are not in danger of ID theft, the decision to freeze or unfreeze your credit report depends on whether or not you’re willing to go through the inconvenience and cost of unfreezing and refreezing each time an entity you approve of wants access to your credit report. If you want a more convenient way to monitor use of your credit report, you may want to consider placement of a credit fraud alert instead of the freeze, as explained below.

Pros and cons of freezing your credit report

Pros:

  • Locks your credit report
    The most obvious benefit you’d get from freezing all of your credit reports is an additional layer of protection. Only you can permit a lender or other entity to receive your full, detailed credit report. You’ll have the opportunity to verify a request’s legitimacy before anyone can obtain your report.
  • No impact on your credit score
    Neither freezing nor thawing your credit report will affect your credit score. Your credit score is impacted by positive or negative activity on your end. Adding protection is considered a neutral action.
  • Generally free for ID theft victims
    If you’re a victim of ID theft, you won’t be required to pay any fees to freeze, thaw or lift a freeze on your credit report in most states. However, you may need to provide additional documentation proving the theft and submit your request in writing.

Cons:

  • Need to plan before opening a credit line
    The added protection comes with the added inconvenience of freezing, or thawing your credit report when you need to apply for credit. This will take just a bit of forethought and may cost you up to $10 each time you thaw your report. You may take several minutes to complete thaw requests for all three bureaus online, which will make it a little more difficult to apply for a credit card in the checkout line. You can manually refreeze your accounts or set your request to automatically do so on a certain date.
  • Fees, unless you’re a victim of ID theft
    Each action — freezing or lifting a freeze — may cost you $3 to $10 in many states. The cost is often tripled, as it’s necessary to freeze or thaw all three of your credit reports if you are unsure which bureau the entity requesting your report will use. The cost may be high for some consumers. Freeze and thaw your reports wisely, and ask the requesting entity which bureau it uses to avoid paying unnecessary fees whenever you can.

An alternative to freezing your credit report

If you don’t think you are in immediate danger of ID theft, you can opt for less-drastic protection and set up a credit fraud alert with all three bureaus instead. When you have the alert set, all lenders attempting to pull your credit history will see a flag on the reports, alerting them to verify your identity before extending credit.

The entity is not required to go through additional verification, but the warning puts it at that entity’s discretion. You will still be able to apply for credit whenever you’d like, and won’t need to remember a PIN to unlock your credit report.

Additionally, fraud alerts are temporary. In most cases, you will be required to renew the alert in 90 days.

Brittney Laryea
Brittney Laryea |

Brittney Laryea is a writer at MagnifyMoney. You can email Brittney at brittney@magnifymoney.com

TAGS: , , , ,

Advertiser Disclosure

Identity Theft Protection, News

No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Source: iStock

Less than a week after the Equifax data breach was made public, it seems scammers are already looking for opportunities to prey on concerned consumers.

The Federal Trade Commission posted a scam alert Thursday warning consumers to not give their personal information to anyone who calls and claims to be an Equifax representative. Over the summer, hackers breached the Atlanta-based credit bureau’s database and accessed the personal information of about 143 million consumers, including sensitive information like Social Security numbers.

But Equifax is not calling those affected by the breach, so if you get a phone call from someone saying they represent Equifax and want to verify your account information, the FTC advises you hang up. It’s ironic, in a way, to target victims by posing as a concerned Equifax representative. The company has been criticized widely for its sluggish response to the breach, which occurred sometime between mid-May and July but wasn’t discovered until July 29 and wasn’t announced until more than a month later.

In response to the security failure, the House Committee on Energy and Commerce has demanded Equifax answer several questions about the breach, including why the company put off announcing the breach for so long. Equifax has until Sept. 22 to respond to the committee’s questions, and the committee plans to hold hearings on the breach in September or October.

In a company statement, Equifax CEO Richard Smith said the breach was a “disappointing event.”

“Confronting cybersecurity risks is a daily fight,” he added. “While we’ve made significant investments in data security, we recognize we must do more. And we will.”

In the breach, people’s Social Security numbers, dates of birth, addresses, and other personally identifiable information (PII) were compromised, so it’s understandable you’d be worried and are looking for help.

Here’s what you can do to take control of protecting your identity.

Assume you’re affected

While you can go to Equifax’s website and go through a multistep process to see if your information has been compromised, you can also just assume someone has their hands on your personal information. (It’s also worth noting the Equifax site reportedly isn’t reliable for telling you if you’re affected, and many consumers have reported the site is slow to load or doesn’t load at all.) Even if you weren’t among the 143 million whose personal information was compromised in this breach (and the odds aren’t in your favor), chances are it has been or will be in a breach at a different company or organization. With that in mind, you’ll want to focus on how to detect signs of identity theft and how to respond to them.

Monitor your credit

Equifax responded to the breach by offering free credit and identity monitoring to everyone — not just those affected — for a year through TrustedID Premier. You must go to equifaxsecurity2017.com to enroll, which requires entering your last name and the last six digits of your Social Security number. You’ll then be given an enrollment date, which may be several days after you start the enrollment process, at which point you can return to the site to continue enrollment. You’ll need to set a reminder to continue the process, as Equifax won’t send you a notification when it’s time.

You have many other ways to find out if someone has misused your personal information. Several companies offer free credit scores — Credit Karma, Discover, Capital One, Mint, LendingTree (our parent company), etc. — either to everyone or to their customers. To help you choose, we put together this guide to getting your free credit score. Credit Karma also offers a free credit monitoring service, and Discover cardmembers can sign up for alerts when their Social Security numbers are detected on suspicious websites. You can also pay for credit monitoring services from a number of providers, including the three major credit bureaus Equifax, Experian and TransUnion, as well as credit scoring giant FICO.

Consider a credit freeze

You can also freeze your credit so no one, not even you, can apply for new credit using your information. If you do this, you have to initiate a freeze with each of three major credit bureaus, as well as “thaw” each report when you want to apply for a new credit account. Every time you freeze and thaw your credit you may be charged a fee, which varies by state. This only protects you from credit fraud and does not prevent things like taxpayer identity theft, criminal identity theft, medical identity theft, and insurance identity theft.

On Sept. 15, Equifax announced it is waiving the fee for removing and placing credit freezes on Equifax credit reports through Nov. 21, 2017. Anyone who paid for an Equifax freeze at or after 5 p.m. EDT on Sept. 7 will receive a refund, the company said.

Have a plan for responding to identity theft

One of the best ways you can prepare for identity theft is to detect it early. After that, you need to know how to resolve it. You can do this yourself by filing a police report, disputing fraudulent accounts on your credit reports, and making the phone calls necessary to correct any problems stemming from the fraud. Or you could pay someone to help you with this time-consuming task. Check with your employer to see if they offer identity theft insurance or identity theft resolution services as an employee benefit, and if not, consider paying for it.

We’ve rounded up the best identity theft resolution services here.

More than anything, remain calm as you sort through the fallout of this breach. Focus on making a plan for protecting yourself from and responding to identity theft and making sure you only deal with trustworthy service providers.

Christine DiGangi
Christine DiGangi |

Christine DiGangi is a writer at MagnifyMoney. You can email Christine at christine@magnifymoney.com

TAGS: , , ,

Advertiser Disclosure

Identity Theft Protection

Credit Monitoring and Identity Theft Protection Guide

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Theft Protection Guide

NEW! Updated after the Equifax data breach

Equifax recently announced that the Social Security numbers, birth dates, addresses and (in some instances) driver’s license numbers of 143 million people had been hacked. Here is a quick summary of the best steps to take to protect yourself – whether you were impacted by the hack or not. People should have a plan to:

  1. Prevent identity theft from happening with a credit freeze.
  2. Detect identity theft as soon as possible, with credit monitoring and account alerts. There are both free and subscription services available.
  3. Resolve identity theft if it does happen. You can either get help or do it yourself.

Our full identity theft guide is still below this summary. But, in light of the Equifax data breach, we wanted to provide you with some quick recommendations.

1. Prevention

If someone has stolen your personal information, you will want to prevent people from being able to open new credit accounts in your name. You can do that by freezing your credit. A credit freeze prevents any third party from obtaining a copy of your credit report. That means that new credit accounts cannot be opened. (You can read our full credit freeze guide here). Depending upon the state, there is typically a one-time fee to freeze your credit. And if you want to apply for credit, you would use a pin code (generated at the time of the freeze) to un-freeze your account. Here is where to go to freeze your credit:

In addition, you will want to set up 2-factor authentication on all open accounts (especially your bank accounts or email). That means any time you want to access your account or send money, you would need to receive a text message, email, phone call or confirm via an app.

2. Detection

Even if you freeze your credit, you should have credit monitoring in place. And if your credit isn’t frozen, you definitely need credit monitoring. With credit monitoring, you will be notified as soon as someone tries to open a new account. In addition, you will be notified if new negative information hits your credit report. (Even if you have a credit freeze, someone could use your Social Security number at a hospital. That medical debt could end up with a collection agency – and on your credit report. Only with monitoring would you know.)

You can get 1-bureau monitoring for free. You have to pay for 3-bureau monitoring. Here are our recommendations:

  • Best Free (1-bureau) monitoring: CreditKarma

With CreditKarma, you can monitor your TransUnion credit report daily. You will be notified of any change to your credit report – including newly opened accounts, inquiries or collection items.

  • Cheapest 3-bureau monitoring: CreditSesame ($15.95 per month)

With CreditSesame you can monitor all 3 credit bureaus daily. This will cost you $15.95 a month, and does not include resolution services. If you are very concerned about identity theft, 3-bureau monitoring could be worth the investment.

 

  • Set up alerts on all active accounts (free)

Most banks, credit card companies and credit unions have a feature that allows you to receive an alert (text message or email). Make sure you set these up for all accounts – especially accounts that you rarely or never use. (You can read our guide to setting up alerts here.)

3. Resolution

If you are the victim of identity theft, you will need a game plan for resolution. The best place to start is IdentityTheft.gov, where you can see a full checklist of the steps to take to ensure you minimize losses and regain control of your identity.

You might want to have help with the resolution process. That is where credit resolution services come in. In a best case scenario, you give power of attorney to the company, and you will have a dedicated case worker handling everything (which can take years).

  • Cheapest resolution service: Zander ($6.75 per month)

At Zander, you are paying for “white glove” on-shore service if your identity is stolen. You will also have a $1 million insurance policy to cover any expenses associated with recovering your identity.

 

Bottom Line

  • Freeze your credit with all 3 credit bureaus
  • Sign up for free 1-bureau credit monitoring at CreditKarma
  • Make sure all open (existing) accounts have both alerts and dual-factor authentication enabled
  • Check your report with the other 2 bureaus at least once a year for free at AnnualCreditReport.com
  • Sign up for credit resolution services ($6.75 a month) at Zander

If you do these things, you will have a cost-effective strategy to protect yourself. Below is the original guide that was published. And if you have any questions, don’t hesitate to email us at info@magnifymoney.com.

What is Identity Theft?

Identity theft is any attempt by another person to use your identity for their own personal or financial benefit. Identity theft victims are protected by law, and they have the right to a full restoration of their identity, but achieving restoration isn’t always easy. It is up to identity theft victims to find and follow the recommendations of the Federal Trade Commission to achieve full restoration of their accounts, identity and good legal standing.

Identity theft manifests itself in two forms:

Account Takeover

The most common form of identity theft is an account takeover which involves another person using either your credit or debit accounts to make transactions for their benefit.

Identity Takeover

A less common form of identity theft is called identity takeover. This involves thieves using the name, social security number, or other personally identifying information to fraudulently assume their victim’s identity for their own benefit.

When it comes to identity takeover, it’s not just your credit and money that is at risk, it’s your entire identity. In worst case scenarios, you may find that your ID is filled with false medical records, false work documents, criminal charges, unpaid taxes in addition to financial and credit issues to resolve.

How Does Identity Theft Happen?

Identity theft can take place through physical and cyber channels, and nearly everyone is at risk for identity theft. Knowing the most common identity theft scams can help you take common sense steps to mitigate risk.

Account Takeover:

  • Data Breaches- Your account number gets stolen from a large corporate database along with thousands or millions of other people’s accounts.
  • Account Skimming- A thief steals your card ID and pin from an ATM or during a transaction, and uses it for purchases or to steal cash later on.
  • Stolen Cards- A thief steals your card and uses it.
  • Phishing- A cyber criminal reaches out to unsuspecting people in the hopes of obtaining account information
  • Online Hacking- Cyber criminals steal your account information when you are logged into an account on an unsecure wireless connection.
  • Unauthorized use- A friend or family member uses your card (or your ATM Pin) to make purchases without your knowledge or consent.

Identity Takeover:

  • Stolen tax documents- Thieves steal tax documents that include SSN, employment information and more from your mail, trash or digital locations.
  • Documents in your trash- Thieves steal documents with personally identifiable information from your trash or recycling bin.
  • Data Breaches- Your personal information gets stolen from a large corporate database.
  • Phishing- A cyber criminal reaches out to unsuspecting people in the hopes of obtaining personal and financial information
  • Online Hacking- Cyber criminals steal your personal information when you are not on a secure wireless internet connection.
  • Unauthorized use- A friend or family member uses your personally identifying information (such as SSN, address, and more) for personal gain.

How Can I Protect Myself?

Although it is impossible to eradicate identity theft, but each person should take steps to mitigate their risk of identity theft and the reach of consequences in the event of such theft.

Mitigating the risks and costs associated with identity theft depends on a thoughtful approach in four categories:

  • Proactively preventing identity theft
  • Monitoring your identity for fraud
  • Limiting the cost of resolution
  • Restoring your identity

You can learn more about the free and paid options for each of these categories below:

Prevention

Although it’s impossible to completely prevent identity theft, everyone can take steps to decrease their risk of being a victim.

It is particularly important to note that friends and family members are often the perpetrators of identity theft. If you are unwilling to press charges against someone, then you need to do all you can to prevent them from stealing your identity.

How do I prevent identity theft?

Account Takeover:

Criminals can find ways around even the best security, but you can take steps to make yourself a less attractive target for thieves.
Top 10 ways to decrease your risk of Account Takeover

  • Don’t give out your ATM PIN to anyone (including family or friends).
  • Use your hands to cover the pin-pad when using an ATM
  • Avoid ATMs at convenience stores or other locations that don’t have security footage
  • Password protects your phone.
  • Don’t log into bank accounts or credit card statements on public Wi-Fi.
  • Do not give out account information (online, over the phone, or in person) unless you are about to make a transaction.
  • If anyone calls to ask for your account information, do not give it out. If you suspect the call may be legitimate, call your credit card company or bank back through their secured lines.
  • Use high quality passwords for online financial accounts.
  • Change passwords for online financial accounts frequently.
  • Shred documents (including old checks) that have account numbers in them before disposing.

Identity Takeover:

Protecting yourself from identity takeover requires protecting yourself from cyber-criminals, criminals who may have access to paper documents, and from thoughtless friends and family members. Even though identity takeover is less common, it’s even more important to take protective measures against it.
Top 7 Ways to Reduce Your Risk of Identity Takeover

  • Do not give out your Social Security number to anyone unless there is a legitimate financial, tax or employment need.
  • Shred or burn documents that contain personal identifying information.
  • Do not access tax documents or tax software via public Wi-Fi.
  • Do not store your Social Security Number on your phone.
  • Freeze your credit if you suspect someone attempted to steal your identity.
  • Use anti-virus software or personal encryption software.
  • Use high quality passwords on all accounts that contain personal info.

What companies can help me prevent identity theft?

Most protective measures are free to consumers, and any company that promises full prevention of identity theft is lying. Because identity thieves constantly evolve, it is not possible to fully avoid identity theft risk.

Account takeover

Identity Guard
Unfortunately, no company can completely prevent others from taking over your accounts. As long as you have digital accounts you will retain some level of risk.

However, Identity Guard ($19.99 per month) mitigates risk by providing customers with password, keystroke and anti-virus protection on their personal computer. This will reduce your risk of being individually targeted for identity theft.Identity Takeover

If you are worried about identity takeover, one low cost option you may want to consider is a credit freeze. If you are either in the process of cleaning up identity theft, or you have reason to believe that you are at a high risk for identity theft then you should consider placing a credit freeze on your account. A credit freeze prevents other people from viewing your credit history, and it prevents you and others from initiating new lines of credit.

Credit freezes (which range from $4-$10 per credit bureau, and are free if you are a victim of identity theft) provide as much protection as any of the major identity theft insurance products that are available on the market.

Some companies can help you reduce your risk of identity takeover by adding additional security against hackers and cyber criminals.

LifeLock

The premier advertiser of identity theft protection services was LifeLock who has been sued repeatedly for falsely advertising their ability to completely prevent identity theft. Since then, LifeLock has turned more towards advertising protection through monitoring.

Identity Guard

Using the encryption methods explained above, Identity Guard ($19.99 per month) mitigates risk for account takeover from cyber criminals who may target personal information.

Monitoring

When it comes to identity theft, the best defense is the early detection of fraudulent activity. If you detect fraudulent activity early on, you can usually prevent full account takeovers, quickly get reimbursed for fraudulent activity, and deal with less paperwork as you unravel the effects of identity fraud. As a result, we recommend that everyone take monitoring their personal information seriously.

How do I monitor for identity theft?

Account Takeover

Since account takeover involves the fraudulent use of existing credit and debit accounts, it is fairly easy to monitor your accounts using just a few simple tricks.

  • Set up your own alerting system on all open accounts (even if you don’t use them regularly)
  • Review transactions before paying your credit card bill.
  • Pay attention to alerts from your bank or account issuer if they experience a data breach
  • Receive proactive data breach updates using identity theft protection services.

Identity Takeover

Identity takeover has both financial and non-financial components, but most monitoring efforts focus on the financial component of monitoring. This is because identity theft most commonly manifests itself through new credit accounts being opened or negative information (unpaid bills) being introduced to your credit report. The top ways to monitor for identity takeover include:

  • Annually check for fraudulent or incorrect information on savings accounts or checking accounts using the ChexSystems.
  • Pay for three credit bureau monitoring.
  • Pay for web or “dark web” surveillance that will identify if your social security number is being offered for sale.
  • Pay for change of address alerts from monitoring companies.

What companies can help me monitor for identity theft?

While no company can identify every instance of identity theft through monitoring, you may find that you are more comfortable maximizing the amount of monitoring available to you.

Identity Takeover

Identity Takeover typically manifests itself through negative credit information, so monitoring your credit report for fraudulent information, is the best way to monitor for identity theft.

In addition to the free annual credit reports, free two bureau monitoring, and free checking account monitoring, it is possible to pay to receive three bureau credit monitoring services along with the monitoring of other data that will help you identify and resolve identity theft early on.This can be a good choice if you are in the midst of dealing actively with credit card fraud, or you want some of the additional coverage from these insurance providers.

3-logos

TrueCredit ($19.95/month) and AARP ($12.95/month or $109.99/year) offered through TrustedID also provides cost effective monitoring of all three credit bureaus. AARP and TrustedID also provide up to $1 million in Identity Theft insurance which is a benefit explained below.

myFICO
myFICO ($29.95/month or $329/year) offers quarterly 3 bureau credit monitoring along with intelligent identity theft monitoring features including Black Market Website Surveillance of the sale of your identity information and Social Security number alias watch which monitors the names and addresses associated with your SSN.

Limiting the Cost of resolution:

Although laws exist to limit financial loss for consumers, identity theft resolution tends to have some out of pocket costs. These costs include liability losses (limited to $50 if fraudulent charges are reported within 2 days or $500 if reported within 60 days), legal costs (ranging from $20 for notarized forms to a few thousand if you undergo legal battles), and lost wages if you have to take time off to battle the legal system.

How do I limit the costs of resolution?

Account Takeover

  • Use debit and credit cards that advertise $0 Fraud Liability
  • Report any fraudulent transactions (especially cash withdrawals) immediately.
  • Follow your bank’s process for cancelling and reissuing accounts immediately.
  • Change login IDs, passwords, and PIN codes immediately.
  • Follow these steps to report identity theft.

Typically account takeover can be resolved at no out of pocket costs to you. By alerting your issuing bank, you can typically be made financially whole (unless the theft involved ATM withdrawals using your PIN number).

Identity Takeover

  • Report identity theft right away.
  • You will need to file an identity theft affidavit and a police report.
  • Change passwords and PINs as quickly as possible.
  • Follow these stepsas quickly as possible to minimize the likelihood of litigation.
  • Consider purchasing identity theft insurance which will cover the financial costs associated with identity theft resolution.

Identity takeover is much more cumbersome to resolve, but outside of litigation, the financial costs are limited. If you are worried about loss liability or potential courtroom expenses, you may want find that purchasing identity theft insurance protection will be valuable for your peace of mind.

What companies can help me limit the cost of resolution?

Account Takeover

If your account is taken over, by law your financial institution must hold you to a $0 Fraud Liability on fraudulent transactions if you still have possession of your card.

However, if your card was lost or stolen, then you have up to $50 in liability if you report the fraudulent transaction within two days, and up to $500 in liability if you report the fraudulent transaction within 60 days. After that point, your liability is limitless.

ZANDER
Zander ($6.75/month or $75/year) offers resolution services at no additional cost to their customers. Additionally, they offer up to $10,000 in recovery of fraudulent electronically transferred funds if legal recourse with a financial institution has failed, and the customer has sought funds from their financial institution first.Zander will not pay out any benefit if the unauthorized transfer was made by a person using your card and your PIN if you gave them access to that information in the past.

Identity Takeover

Among the most prominent identity theft products, identity theft insurance promises to cover the complete cost associated with identity theft. This can include the costs of notarization, legal costs, filing costs, and even lost wages. Identity theft insurance policies can cover anywhere from $25,000- $1 Million in coverage though $25,000 should be more than sufficient for most people.

ZANDER
Zander ($6.75 per month) offers resolution services at no additional cost to their customers, and up to $1 million in coverage for identity theft related losses. Additionally, they offer up to $10K in recovery of fraudulent electronically transferred funds if legal recourse with a financial institution has failed, and the customer has sought funds from their financial institution first.
EQUIFAX

Equifax ($17.95 per month) offers up to $25,000 in identity theft insurance along with 3 credit bureau monitoring services, resolution services. Although their limit is lower than the other companies, $25,000 is likely to be more than enough to pay for all the legal fees and lost wages that could occur in a worst case identity theft scenario. Their insurance does not cover recovery of unauthorized electronic funds.
Identity Guard

Identity Guard ($19.99 per month) offers 3 credit bureau monitoring and personal resolution services, and their insurance is up to $1Million. Their insurance does not cover recovery of unauthorized electronic funds.

Resolution

If you’ve been the victim of identity theft, then it is up to you to report the identity theft and restore your good name to all affected areas. This can be a time consuming task, and some companies are willing to take on the burden for you.

How do I restore my identity after I’ve been a victim of identity theft?

Account Takeover:

  • Call your credit or debit card company, cancel your existing account, and have them replace it with something new.
  • Make sure that fraudulent charges are removed and your money has been restored.
  • If instructed by your bank, file an identity theft affidavit and a police report.
  • If necessary, follow these steps to resolve identity theft according to the Federal Trade Commission.
  • If you have paid for identity theft resolution services, report identity theft to your company, so that they can complete resolution steps on your behalf.

Account takeover can usually be resolved between you and your financial institution without too much red tape or documentation required.

Identity Takeover:

  • Visit IdentityTheft.gov, a website that will walk you through all of the steps required to take back your identity. You will also be able to speak with real people. Steps include:
  • Place a Fraud Alert and Get Credit Reports
  • Report identity theft to FTC
  • File a police Report
  • Freeze your credit
  • Close fraudulent accounts
  • Repair your credit report
  • Unravel misuses of your ID for tax, work, social security, medical or other purposes.
  • Utilize resolution services from an existing identity theft resolution policy to assist or resolve issues for you.

What companies can help me restore my identity?

The average identity theft victim spends more than 30 hours unraveling the work of identity thieves in order to make themselves whole again. Several companies offer a range of identity theft resolution services that can help resolve both account takeover and identity takeover.

Resolution Assistance

These companies offer resolution help, but they do not restore your identity on your behalf.

EQUIFAX
Equifax ($17.95 per month) offers resolution assistance through a members only toll-free hotline; depending on your situation, they may assign a caseworker directly to you, but it is up to you to complete all filing. Equifax has an A+ rating with the BBB, but their identity theft product had few online reviews

Identity Guard
Identity Guard ($19.99 per month) provides a toll free hotline and promises one on one service, but you are expected to do the heavy lifting associated with filing paperwork and recovery. Identity Guard has an A+ rating with the Better Business Bureau, and all complaints filed against them have been resolved. Online customer reviews showed overwhelmingly positive support.

PrivacyGuard
PrivacyGuard ($19.99 per month) offers a team of fraud experts but not individualized caseworkers. The experts take on much of the burden of contacting creditors and filing paperwork. However, online reviews for PrivacyGuard showed overwhelmingly negative experiences including billing problems and poor customer service.

myFICO
myFICO ($29.95 per month) provides 24/7 restoration assistance with identity theft experts, and they promise to hire lawyers, investigators and legal case managers on your behalf if you need legal help. However, some of the resolution burden continues to rest with the consumer.

Guaranteed Full Resolution:

These companies promise to do all the work necessary to restore your identity on your behalf.

ZANDER
Zander Insurance ($6.75 monthly) is one of the top names in restoration services. They assign a US based case worker directly to your case and promise to do all the heavy lifting associated with restoring your identity. They boast a 100% success rate in identity recovery, have an A+ rating with the Better Business Bureau, and overwhelmingly positive online reviews.

IDShield
ID Shield ($19.95 per month) promises that a licensed private investigator will be assigned directly to your case, and provide you with complete resolution. They are not rated by the Better Business Bureau, but they have very positive online reviews.

Determining the Right Products for You

Best overall free strategy

  • Use AnnualCreditReport.comto review your 3 bureau credit report once per year.
  • Use ChexSystemsto check for accurate checking and savings information once per year.
  • Use CreditKarmato access two of three credit bureau reports on a weekly basis.
  • Set up transaction alert s for open credit accounts.
  • Review debit and credit transactions at least monthly.
  • Keep your information secure and private.
  • Freeze your credit if you fall victim to identity theft.
  • Follow the FTC stepsto resolve identity theft.

Cheapest Way to Maximize Resolution

For a little more money:

      Purchase ID Shieldand receive personalized resolution services from a Kroll Private Investigator (especially helpful in complex identity takeover situations) along with single bureau credit monitoring: Total Cost $9.99 per month

Cheapest Way to Limit the Cost of Resolution

  • Purchase Zander Identity Theft Insuranceand receive up to $1 million in identity theft insurance including recovery of up to $10,000 in unauthorized electronically transferred funds along with recovery services: Total Cost $6.75 per month

Best Coverage That Money Can Buy

You’ll get the most value by combining the free credit monitoring from CreditKarma and the resolution services from Zander Identity Theft Insurance — Credit Karma would alert you to a problem and Zander would help you resolve it, and Zander’s service costs $6.75 per month.However, for those who are willing to sacrifice a bit in the way of resolution services for additional monitoring, myFICO Ultimate 3B ($29.99/month) offers acceptable resolution services combined top insurance and the best monitoring services on the market.

Hannah Rounds
Hannah Rounds |

Hannah Rounds is a writer at MagnifyMoney. You can email Hannah at hannah@magnifymoney.com

TAGS:

Advertiser Disclosure

News

Freaked Out by the Equifax Hack? Here’s What You Need to Know

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Source: iStock

About 143 million consumers’ sensitive information has been compromised in what was one of the worst data breaches to date in size and potential impact on consumers. Credit reporting agency Equifax announced the breach Thursday, more than a month after detecting the intrusion.

Equifax is one of the three national credit reporting agencies (the others being TransUnion and Experian) and collects a wide variety of consumers’ sensitive and personally identifiable information (PII). The information on credit reports determines credit scores and is used in lending decisions, among other things.

What happened

The breach exposed the names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s license numbers of about 44 percent of the current American population. Hackers also took the credit card numbers for about 209,000 U.S. consumers and dispute documents for 182,000 U.S. consumers.

In its announcement, Equifax said “criminals exploited a U.S. website application vulnerability to gain access” to the files. In addition to the millions of U.S. consumers affected, the company says the criminals had access to limited personal information of some U.K. and Canadian residents.

The Atlanta-based reporting agency said the thieves had access to the data from mid-May through July 2017, but it didn’t discover the breach until July 29. Equifax announced the breach more than a month after discovering it and hiring a cybersecurity firm to investigate.

The company says it’s also working with law enforcement authorities and that its investigation will be complete soon. Equifax has not said who they believe attacked their database.

What the breach means for consumers

The breach isn’t the largest to date, but it’s close. In 2016, Yahoo announced an attack that affected 500 million users. Another breach, announced just a few months later, involved 1 billion users. In those breaches, hackers stole users’ phone numbers and passwords.

The Equifax breach could be worse in impact, given the sensitive nature of the consumer data the company has on file. In its release, Equifax said it had found “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” That doesn’t necessarily mean the information hasn’t been misused or that it won’t be misused, as signs of identity theft may not immediately show up on a credit report.

“If you were going to rate this breach from one to 10, this is a 10. The amount of sensitive info that is contained in the Equifax database is staggering,” says Adam Levin, founder of CyberScout and author of “Swiped,” a book on how and why consumers can protect themselves from identity theft.

When this level of information has been compromised, it “opens up the door for thieves to commit many different other types of identity theft. Not just financial, but criminal, government, medical theft as well,” says Eva Velasquez,the president of Identity Theft Resource Center.

Levin adds, when Social Security numbers are part of a database that’s been exposed, all of the individuals who have their numbers in that database will need to be “looking over their shoulders for the rest of their lives.” The Social Security Administration rarely changes someone’s Social Security number.

What to do now

First, don’t panic.

“People really feel violated when things like this happen,” says Velasquez. “Direct your energy from being angry or upset and feeling powerless to actually doing something and taking some steps to feel more empowered.”

Levin says the breach may add to “breach fatigue” — how the drastic rise in security breach causes consumers to believe breaches are inevitable and react to them apathetically instead of with urgency.

“But it shouldn’t,” Levin says. “It should be a clarion call. Unfortunately, as consumers we have to think of this as as if we’re alone. The government has failed us. The financial industry has failed us, and frankly we have failed ourselves. It’s important that we develop a culture of privacy and security.”

Find out if you are one of the impacted
Given the increasing threat and frequency of data breaches, everyone should be proactive in detecting identity theft. For this breach in particular, Equifax set up a website to see if you’re one of the people affected and how to enroll in the free year of credit monitoring it’s offering victims.

Visit equifaxsecurity2017.com and click on “Potential Impact.”

You’ll see a page with a large, rectangular button that says “Check Potential Impact” and a few lines of text.

Source: Equifax

The text explains that if you click on the link that says “Check Potential Impact,” you’ll be taken to a form that asks you to provide your last name and the last six digits of your Social Security number.

Based on that information, you’ll then be shown a message that says whether your personal information may have been impacted by the breach.

Source: Equifax

Regardless of the message you see, Equifax will give you the option to enroll in a credit monitoring service from TrustedID Premier. Beware: if you enroll, you’ll have to agree to waive some of your rights to sue Equifax. The arbitration clause is written in all caps in the company’s terms of service, but consumers may miss the language. The Washington Post reported earlier Equifax on Friday updated its terms to incorporate a way out of the arbitration clause.

Equifax cleared up the confusion Friday afternoon by adding the following information to its FAQs section on equifaxsecurity2017.com:

“The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

However, New York State Attorney General Eric Schneiderman still found the addition “unacceptable.”

Consumers can be excluded if they let Equifax know within 30 days in writing they would like to be excluded from the arbitration clause, but must first accept the agreement.

If you choose to enroll, you’ll be given an enrollment date. There’s quite a backlog of people enrolling, so you have to take it upon yourself to return to the site on your enrollment date. In short: You have to take your protection into your own hands. Equifax isn’t doing it for you.

Source: Equifax

Sign up for credit monitoring

Equifax is offering one year of free credit monitoring through TrustedID Premier to all U.S. consumers, regardless of whether they were affected by the data breach. There are five services under the program:

  • Get a free copy of your Equifax credit report.
  • Sign up for credit monitoring and automated alerts to be notified of key changes to your credit report on any of the major big three reporting agencies.
  • Put a freeze on your Equifax credit report.
  • Scan suspicious sites for use of your Social Security number.
  • Get up to $1 million of identity theft insurance to help you pay for any costs you may incur if someone commits identity fraud against you.

Even if you don’t want to enroll in Equifax’s service, you should enroll in a credit monitoring service, like free options offered through Credit Karma, Discover, Mint, Wells Fargo, and Capital One® — there are lots of ways to keep tabs on your credit.

Some identity theft protection services like the ones offered through myFICO, charge a monthly fee to monitor your credit year-round and provide identity theft insurance.

Regularly review your credit reports

You’re entitled to a free annual credit report from each of the major credit bureaus, which you can get through annualcreditreport.com. Carefully check your credit report for any accounts or recent activity you don’t recognize.

Make a plan to respond to identity theft

Detecting identity theft as soon as possible is crucial to minimizing the damage and stress it can cause — that’s where credit monitoring and reviewing your credit reports comes in. But the next step is just as important: Know what to do when it happens.

You can dispute errors on your credit report, file a police report documenting the identity theft, and do the legwork of resolving any problems it causes. You can also pay for identity theft insurance or identity theft resolution services (some employers offer this as a benefit, so check with your human resources department). Here’s a guide on identity theft resolution, so you know what to do in case you see anything suspicious. Even if you don’t see anything out of the ordinary, you should continue to remain vigilant in monitoring your credit activity.

Freeze your credit report

Velasquez says a credit security freeze is an option impacted consumers should look at. It prevents any application for new credit without first verifying your identity. If you want to apply for new credit, you’ll have to “thaw” your credit reports. The credit bureaus charge a fee, which varies by state, every time you freeze and thaw your credit report.

“While that does create some added inconvenience, the level of protection is worth it,” says Velasquez.

Be alert for unusual activity

Now is the time to practice what Velasquez calls good “identity hygiene.”

“Being vigilant about your identity is just a part of the world that we live in,” says Velasquez. “ If being involved in a data breach is the catalyst that brings that to the top of your mind, then we can see that as a positive.”

Velasquez recommends consumers act proactively and remain cognizant of anything that may involve using or verifying their identity. For example, if you receive a notice from a government agency about benefits or some weird explanation of benefits, pay attention to it.

Even after you do things like enroll in credit monitoring and freeze your credit, continue to do your best to watch out for signs of abuse. Don’t wait until you start receiving strange calls from government agencies and debt collectors.

When tax season rolls around, file your return as soon as possible. Identity thieves frequently use Social Security numbers to get fraudulent refunds, and if they file before you do, it will further complicate your tax-filing process.

At the least, go through your financial statements regularly (the more often, the better) to look for anything out of the ordinary. While protection is top of mind, sign up for any alerts you can set up on your mobile banking app to receive transaction notifications.

Brittney Laryea
Brittney Laryea |

Brittney Laryea is a writer at MagnifyMoney. You can email Brittney at brittney@magnifymoney.com

TAGS: , , ,

Advertiser Disclosure

Identity Theft Protection, News

Is Credit Sesame’s $50,000 Identity Theft Insurance Worth the Hype?

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Is Credit Sesame's $50,000 Identity Theft Insurance Worth the Hype?

If you register an account with Credit Sesame, the credit monitoring and financial recommendations company now provides an unconventional perk: a free identity theft insurance policy with $50,000 worth of coverage.

Identity theft insurance, like the insurance offered by Credit Sesame, helps victims of fraud to recoup money they may spend to resolve the issue. In minor cases of fraud, victims may have to pay for notary expenses, to freeze and thaw their credit, or to replace a visa, passport, or driver’s license. In serious cases, victims may lose wages when they take time off from work to deal with identity theft. Some victims may even have to pay for legal representation.

Without insurance, it is possible — but not always the case — that victims might have to pay out of pocket to resolve cases of identity theft.

Credit Sesame’s identity theft insurance policy might be “free,” but is it worth getting excited over? We took a closer look at the policy and compared it to similar offerings from competitors.

Here’s what we found.

Yes. It really is free.

Free sounds good, but it’s usually filled with gotchas. Is Credit Sesame’s identity theft insurance really free? Yes. It’s real insurance, and you really don’t have to pay. Despite the $0 price tag, the insurance policy isn’t half bad.

What Credit Sesame’s policy covers:

With a few exceptions, Credit Sesame’s policy covers:

  • Application re-filing fees
  • Courier costs
  • Notary costs
  • Court costs
  • Legal representation (up to $75 per hour)
  • Lost base wages if you need to take time off from work (self-employed people can’t receive any compensation)
  • Dependent care coverage
  • Travel costs
  • Postage or other communication costs

What Credit Sesame will not cover:

Credit Sesame’s insurance never replaces stolen money that has been taken from a bank, savings, or other financial account.

Like most other identity theft insurers, Credit Sesame also won’t reimburse identity theft costs if the theft occurred under suspect conditions.

  • Credit Sesame will not cover fraud perpetrated by the victim or a family member of the victim.
  • They will not reimburse customers who voluntarily gave up their account numbers.
  • They only cover cases of identity fraud. That means if the fraudulent activity occurred because the victim or a bank employee made an error, the victim can’t get reimbursed for those costs.

Is that enough insurance?

Most of Credit Sesame’s competitors (and Credit Sesame’s premium product) offer up to $1 million in identity theft recovery services, so a $50,000 policy may seem skimpy. But bigger policies don’t necessarily offer better benefits.

Many million-dollar ID theft policies aren’t a great deal. You’re unlikely to spend thousands resolving identity theft. According to the Federal Trade Commission, most people spend just $40 for resolving identity theft. Five percent of identity theft victims spent more than $2,000 resolving identity theft.

The highest potential cost associated with identity theft is the cost of legal representation. Credit Sesame’s policy offers to cover $75 per hour for legal needs. But some attorneys can charge much more than that. According to Lawyers.com, a database that matches consumers with lawyers, most experienced lawyers charge $100-$200 per hour. So if a victim has to hire a lawyer, Credit Sesame’s policy may cover only some of their legal fees.

You might be worried that Credit Sesame doesn’t reimburse stolen funds, but in most cases banks will reimburse you anyway. The Fair Credit Billing Act (FCBA) and the Electronic Fund Transfer Act (EFTA) protect consumers from having their accounts drained.

The FCBA assures that you have to pay a maximum of $50 in fraudulent charges on a credit account. Your credit card company will reimburse your for the rest. In fact, most credit card companies have $0 fraud liability. That means you don’t have to pay for any fraudulent charges at all.

The EFTA covers you if someone steals money from your checking account. As long as you report fraud on your checking account within 48 hours, your bank will reimburse you for all but $50 of the charges. If you wait 2-60 days, the bank could leave you with $500 in losses.

Unless you have significant assets in a brokerage account, you’re legally protected. In the rare case that the law doesn’t protect you, your insurance probably won’t either. Most ID theft insurance companies limit their reimbursement of stolen funds to somewhere between $10,000 and $25,000.

screen shot 1

Is it worth signing up for a Credit Sesame account?

Credit Sesame’s insurance is a useful tool to limit financial exposure, and it can be a part of your plan to protect yourself against identity theft. But the reality is you probably don’t need identity theft insurance. You may prefer to keep your email address to yourself rather than get blasted with emails from Credit Sesame.

Most people can handle the $40 out-of-pocket fees associated with identity theft. Even $2,000 of costs can be manageable if you have an emergency fund.

When it comes to identity theft, the biggest cost you’ll face is the cost of your time. On average, victims spend four hours unraveling identity theft issues, and 5% of victims spend more than 130 hours. Credit Sesame’s insurance product won’t help you with that.

If you want identity resolution services, you can get them as a free perk from several credit cards, including:

You can also compare identity theft monitoring and resolution services on the MagnifyMoney website to find a product that suits your needs.

How to sign up

In order to take advantage of Credit Sesame’s ID theft protection, you’ll need to sign up on the site using your email address. You’ll provide personal information, including your Social Security number and your address. You cannot get free insurance unless you complete your Credit Sesame member profile.

Is it safe to provide this information? Credit Sesame promises that they will not give or sell your information to third parties without your express permission. They use multifactor authentication, which makes it difficult for hackers to take your information from their website.

What’s the catch?

The value of Credit Sesame’s insurance protection policy may not be worth the cost of handing over your email address. Customers are bound to receive marketing emails from the company, encouraging you to visit the site to check your credit score. Once on the site, you’ll receive recommendations to sign up for certain credit card or financial products that may or may not be best for your needs.

Eventually, Credit Sesame will nudge users to upgrade their Credit Sesame service.

Credit Sesame pushes their premium service offerings to existing customers. If you pay more, you can get up to $1 million of insurance and more monitoring. The additional insurance coverage still won’t reimburse you for stolen funds that your bank won’t replace.

The costs for these products include:

  • $14.95 for monthly reports from the three credit bureaus.
  • $19.95 for credit resolution help from an assistant.
  • $24.95 for lost wallet resolution assistance and dark web monitoring.

These prices are higher than competitors, and Credit Sesame’s product doesn’t offer full resolution coverage at any price.

Hannah Rounds
Hannah Rounds |

Hannah Rounds is a writer at MagnifyMoney. You can email Hannah at hannah@magnifymoney.com

TAGS: ,

Advertiser Disclosure

Featured

7 Signs That Identity Protection Service Isn’t Worth It

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

7 Signs That Identity Protection Service Isn’t Worth It

According to a report released by the Federal Trade Commission (FTC), identity theft complaints increased by 47% from 2013 to 2015. Needless to say, identity theft is on the rise, and many people are concerned they could become a victim. Like any crime, totally preventing identity theft is practically impossible. However, that hasn’t stopped many so-called identity theft protection and prevention companies from selling services that promise to do just that.

As a consumer, it’s important to be cautious when purchasing identity theft services simply out of fear. Sometimes, fear-based marketing tactics can cause consumers to pay or overpay for services they may not need, or worse yet, may not be even be effective.

Before we dive into the details of assessing the value of the ID theft protection service you are considering, let’s do a quick recap on the types of identity theft and common services offered to help with this issue.

A Quick Recap: Types of Identity Theft and Protection Services

Types of Identity Theft

There are two primary types of identity theft. The first is account takeover, which is more common and normally not too difficult to address. In account takeover, someone steals a credit card or gains illegal access to your bank account or credit card to make unauthorized transactions.

The second, less common and often more complicated to resolve, is identity takeover. That’s when someone assumes your identity and acts fraudulently on your behalf. Identity takeover can manifest in medical, criminal, or financial scenarios.

Common Identity Theft Protection Services

The most common offerings from identity theft protection companies are along the lines of prevention, monitoring, and resolution.

To be clear, you can reduce your risk of being an identity theft victim with good “identity hygiene” habits, but you can’t totally prevent identity fraud. An effective identity theft protection service is not prevention so much as it is early detection (monitoring) before the damage gets out of hand. Once a problem is detected, having a plan that includes resolution services (doing the legwork of fixing the fraud damage) is likely the most value you’ll get for your money.

7 Signs to Watch Out For

1. Misleading Claims and Offerings

Many consumers are reeled in with hefty promises of $1 million or $5 million in “coverage” and may not know what that coverage entails. When you see these numbers, it usually means that a company will commit up to $1 million in resources to help you through the resolution process. That might mean things like covering notarized forms or other professional services needed in the resolution process. Some companies will cover lost wages from missing work due to dealing with an ID theft incident.

In many cases, your bank or credit card company will have policies in place so that you are not liable for fraudulent transactions anyway, so the millions in “coverage” wouldn’t be applied toward recovering that property. (Some services will reimburse fraudulent transactions but with stipulations around reporting time frames, proof of criminal activity, and making sure you aren’t covered already under another benefit.) Resolution services can be extremely helpful, but they usually only run a few hundred dollars, not even close to millions!

2. Excessive Offerings

Looking at the laundry list of items that a common identity theft protection company offers can make these services look like consummate, comprehensive coverage. IDShield, a LegalShield product, promises to monitor so many things that you wonder what could fall through the cracks: 10 phone numbers, 10 email addresses, your driver’s license number, and a host of other personal data points.

With all these monitoring claims, it makes you feel good about spending that $20 or $30 per month for a service, but the fact of the matter is that it’s highly unlikely that you’ll get the medical ID number monitoring promised. A quick visit to the Better Business Bureau complaint section shows this to be true for many companies. Common complaints for identity theft protection services reveal monitoring and alerts don’t always happen as promised. In these complaints, people report moving, opening new accounts, and other activities they are sure should trigger alerts, but receive no notifications.

3. Services You Can Do Yourself or Already Have Coverage For

Eva Velasquez, president and CEO of the Identity Theft Resource Center (ITRC) says there are many things you can do yourself if you have the time. ITRC provides resources for helping people execute the DIY version of identity fraud resolution. Velasquez feels you shouldn’t be shut out of help in the midst of an identity fraud crisis because you don’t have the money to handle it.

Velasquez also encourages people to check other places they might already have identity theft protection benefits in place at low or no charge. Insurance riders, employee benefit packages, credit cards, credit unions, banks, or motor clubs are are few places where protections could already be in place for you.

4. Aggressive or Questionable Marketing Tactics

When a data breach occurs, the company whose customers’ information was compromised typically offers identity theft protection services to these customers at no charge. The provider of these services is call the data breach vendor. In the famous Target data breach of 2013, Target provided a basic service to customers through Experian’s product, ProtectMyID. There were many complaints citing Experian’s aggressive attempts to upsell vulnerable customers to monthly subscriptions because the free services offered by Target and the data breach vendor were limited in benefits.

5. Limited Offerings

In the example above, Target opted to provide data breach victims a pared-down package of the complete ProtectMyID package. This package monitored only one credit-reporting agency (CRA), while complaints surfaced of victims who would eventually face identity fraud due to the data breach and poor vigilance of their personally identifiable information post-breach.

Zander Insurance offers services that focus heavily on the resolution side. They offer monitoring of your personal information in varied capacities, but only have reminders to check your free credit report each year. Their take is that CRA monitoring provides a false sense of security and that the real value is in the resolutions services they offer.

6. Not Following Best Security Practices

Enrolling in an ID theft protection service means you’ll likely have to give your service provider a lot of your precious personal information. The idea is that they will be able to effectively monitor all the data points you provide for fraudulent activity.

If this is the case, you’ll want to make sure that your information is collected, stored, and accessed in a secure manner. A major player in the identity theft protection space, LifeLock, was fined by the FTC in 2010 and 2014 for poor information security practices, among other things.

7. Complaints, Lawsuits, and Fines

Eva Velasquez of the ITRC, who also worked for the Better Business Bureau for five years, says third-party verification agencies like the BBB can be a consumer’s best friend when vetting identity theft protection services. Search sites like Consumer Affairs and the BBB for common complaints about an ID theft protection service you are considering. The complaints section is a great resource to learn about common problems and misunderstandings with a particular ID theft protection company.

Tips on Evaluating Identity Theft Protection Services

As a reminder, these services will help you mainly with detection and resolution, not prevention. There is no perfect identity theft protection solution, only a solution that is perfect for you. To start, you’ll have to play an active role in protecting your personal information and reducing your risk for ID theft.

In the end, it’s true that there are many services you could perform on your own to resolve ID fraud, but you may not have the time. So one person’s value-add would be different for another. Read the fine print and understand exactly what you are paying for. Check third-party consumer advocacy sites with honest reviews about identity theft protection service shortfalls and gaps in coverage.

Understand your specific needs, time constraints, and risk exposure to find the solution that provides the most value, not the one that feeds off your worst fears.

Aja McClanahan
Aja McClanahan |

Aja McClanahan is a writer at MagnifyMoney. You can email Aja here

TAGS:

Advertiser Disclosure

Featured, News

5 Steps Yahoo Users Can Take to Protect Their Data

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Sunnyvale, CA, USA - Apr. 23, 2016: Yahoo Inc. Headquarters. Yahoo Inc. is an American multinational technology company that is globally known for its Web portal, search engine Yahoo! Search, and related services.

More than 1 billion Yahoo customers may need to come up with some super creative new account passwords. The company revealed Wednesday 1 billion customers were impacted by a data breach in 2013, the largest known data breach in U.S. history.

In an email sent out to affected users, the company says it believes the breach began in August 2013. A third party stole data associated with users accounts, including passwords, contacts, birthdays, and answers to security questions. The FBI is helping to investigate the Yahoo breach, but the culprit has yet to be identified.

If you’re feeling some deja vu, here’s why: just a few months ago, Yahoo went public about another hack, which impacted 500 million accounts in 2014. That appears to have been a separate attack entirely, meaning as many as 1.5 billion Yahoo users have been effected in total.

The company said customers’ payment information was likely unaffected, as that information wasn’t stored in the system that was breached. However, it also now believes the attacker found a way to forge their way into users’ accounts without a password.

If any of that banking information was in your emails, you may be vulnerable to identity theft, but you can take a few steps to protect yourself:

Here’s what you should do if you were impacted by the Yahoo data breach:

Change Your Password(s)

Yahoo is already requiring ‘affected’ users to change their passwords, but even if you haven’t yet received an email instructing you do so, you should change yours.

If you use similar passwords or security questions and answers for any other online accounts, you should go ahead and change all of those too. It may be a pain to do so, but it’s worth not leaving yourself vulnerable to identity fraud.

Check Your Yahoo Account for Suspicious Activity

Do a thorough review of your Yahoo accounts and look for anything suspicious like emails you didn’t send or emails received from accounts that you may not recognize. Stay away from emails asking you to click on a link or download an attachment, as these could be phishing scams. Phishing scams gain access to your device or account to get additional information that can be used to access existing credit accounts or create new credit accounts. Finally, watch out for emails asking for your personal information or refer you to websites asking for your personal information. If you see those kind of emails, delete them immediately.

Set Up Two-Factor Authentication

This breach may be a great incentive for you to take a few minutes to set up double authentication via Yahoo’s Account Key tool. You won’t need your password at all anymore if you set this up. The tool sends a notification to your cell phone asking you to authorize account access each time an attempt is made to log into your account.

Check Your Credit Report

It’s a good idea to check your credit report for any suspicious activity whenever you feel your personal information may have been vulnerable. Request your free credit reports from all three bureaus via annualcreditreport.com and look over them for any accounts you may not recognize. It may also be beneficial to you to set up alerts on your report so that you are notified and asked to authorize any requests for your report from lenders. You can find more information about how to do that here.

Close Your Yahoo Account

If two breach disclosures is your breaking point, you could terminate your relationship with the email service provider. All you’d need to do is visit Yahoo’s account termination page, and follow the instructions. After Yahoo confirms your termination was successful, it’ll take about 90 days  for your account data to be totally gone from the company’s system.

Backstory

There’s never a good time for a data breach but Yahoo’s timing is especially unfortunate. The company is currently in the middle of a $4.83 billion acquisition deal with Verizon. However— as Bloomberg reported following the announcement — there may be some indication that this most recent announcement could delay the deal’s close or cancel it altogether. The recent disclosure might also lower Verizon’s asking price for the struggling email service provider.

Yahoo shares lost nearly 6% in afternoon trade Thursday on NASDAQ. Shares are currently trading at $38.80.  Verizon stock is at $51.84, up 0.4% in afternoon trade on the NYSE.

 

Brittney Laryea
Brittney Laryea |

Brittney Laryea is a writer at MagnifyMoney. You can email Brittney at brittney@magnifymoney.com

TAGS: , , ,

Advertiser Disclosure

Reviews

Trulioo Review: The Global Identity Verification Company Helping Businesses Fight Fraud

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Trulioo Review

Having the proper level of online security in place to guard against fraud is something your customers expect of you. In the digital space, trust and security are very important to your customers, but it’s also important for you to verify customers’ identity to keep your business safe.

Trulioo is a global identification verification company that provides advanced identification verification analytics and helps businesses prevent the risk of fraud and comply with cross-border anti-money laundering (AML) and know your customer (KYC) rules.

Trulioo’s service offers comprehensive identity intelligence data from more than 100 trusted sources all over the world, and the company has the ability to verify over 4 billion people in more than 60 countries.

In this review, we’ll go over the features of Trulioo’s solutions, along with how their service works and how it stacks up against other identity verification companies in the industry.

Overview of Trulioo’s Service

Trulioo’s main goal is to help their clients build a framework of trust and security online. They focus on trust, privacy, and inclusion. There are three main solutions Trulioo provides, which are highlighted below.

Identity Verification – Trulioo’s identity verification solution is called GlobalGateway, an international electronic identity verification product designed to meet anti-money laundering (AML) and know your customer (KYC) rules and compliance requirements. GlobalGateway minimizes the risk of online fraud with its identity and age verification features, and it has flexible integration options.

Data Exchange – Trulioo’s Data Exchange solution allows their customers to safely select data partners and clients who are interested in providing access to consumer data for electronic identification verification (eIDV).

Customers can search through the database to see which potential partners are verified or not verified and earn new revenue by monetizing their data through hundreds of global customers.

AML Watchlist Services – The AML (anti-money laundering) watchlist is a list of individuals who are suspected (or convicted) of various financial crimes and restricted from doing business in certain countries. These lists originate from government sources, international regulators, and law enforcement agencies.

Trulioo’s comprehensive global AML watchlist allows financial service providers and financial institutions to meet compliance rules with real-time watchlist checks against known or suspected entities and individuals that are associated with risky activities like money laundering, terrorism, financial fraud, arms proliferation, drug trafficking, or politically exposed persons (PEPs).

How Trulioo Works

Trulioo uses quality sources, including government, credit, utility, and telco, to fuel the data for their solutions. They work with leading data source providers to ensure the integrity of their service.

Companies interested in trying out Trulioo’s solutions can request a demo at any time. There are two main ways to use Trulioo’s service.

Online Portal – Trulioo has an online portal for their GlobalGateway product that allows customers to easily verify people from the customer’s own web browser. The portal provides instant identity and address verification in more than 60 countries, and customers can access information from up to 200 data sources around the world.

The portal also provides automated watchlist checking and won’t take up any space on your computer since there is no software to be installed.

Open APIs – An API, or application program interface, is a set of routines, protocols, and tools for building a software application. This allows Trulioo customers to implement the GlobalGateway platform into their own online environment.

How Much Trulioo Costs

Trulioo offers free 7-day trials for their services with limited access so customers can give their software a try before committing to making a purchase. They also allow you to book a demo directly from their website.

There are three levels of pricing for the GlobalGateway product:

National – $19 per month

International – $79 per month

Enterprise – Contact Trulioo for pricing

Transparency Levels

Trulioo openly shares a lot of information about their products right on their website, including their prices, with the exception of their enterprise level monthly subscription. In-depth brochures, product videos, reference papers, and more can also be easily accessed from their website.

They invite companies to reach out to them with questions, comments, or concerns and have support teams available 24/7 in many countries.

For additional information, Trulioo has a helpful FAQ page with information about their products, how they collect data, and more.

Alternative Identity Verification Services

Identity verification services like Trulioo create a safe and secure environment for businesses and their customers. Here are two other companies that offer similar solutions and products to Trulioo.

Jumio

Jumio offers digital identity verification services to businesses so they can complete transactions safely and securely. They service a wide variety of industries, including finance, retail, travel, and gaming, and authenticate identification credentials issued by more than 130 countries.

Veridu

Veridu provides identity verification solutions to prevent fraud and solve all issues faced by e-commerce companies like verified onboarding, verified transactions, and verified activity. Veridu has free demos available on their site so potential users can test their services and view what it looks like from a customer’s perspective.

Final Word

Trulioo offers a comprehensive identification service that solves online identity verification challenges and fraud risks that businesses face. Trulioo uses real and reliable data sources, and their GlobalGateway product is easy to implement.

 

Unlike other identification verification companies, Trulioo openly offers a free trial on their site along with pricing information for their services so potential customers can test out their product and obtain a realistic idea of how it will fit into their budget.

Chonce Maddox
Chonce Maddox |

Chonce Maddox is a writer at MagnifyMoney. You can email Chonce at chonce@magnifymoney.com

TAGS: , ,

Advertiser Disclosure

Featured

6 Things You Should Do Immediately If You Have a Yahoo Account

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

Sunnyvale, CA, USA - Apr. 23, 2016: Yahoo Inc. Headquarters. Yahoo Inc. is an American multinational technology company that is globally known for its Web portal, search engine Yahoo! Search, and related services.

Yahoo says 500 million user accounts have been compromised, and they are telling users to change their passwords. That’s good advice, and below you’ll find better advice from security firm Sophos.

But first: For the next several days, or even weeks, beware emails that appear to come from Yahoo. Now will be a great time for phishers to trick users into following alleged “change your password” links that actually lead to hacker-controlled sites.

Now, onto the better advice:

  1. Change your Yahoo password immediately.
  2. Reset this password, if you’re reusing it on other online sites. Cybercriminals are now using tools that sniff out passwords reused on other, more valuable sites to make their work easier and to make the stolen passwords and other hacked data more lucrative on the dark web.
  3. Make all new passwords different and difficult to guess – yes, you need to create different passwords for every site you visit.
  4. Include upper and lower case letters, numbers and symbols to make passwords harder to crack – refer to the Sophos Password Quick Tips guide for creating stronger passwords.
  5. Don’t trust password strength meters – these are unreliable and inaccurate.
  6. In general, it’s always good practice to update your passwords, password manager and security questions if you hear of a potential data breach that might affect you. Even data breaches from several years ago could still impact you today.

I disagree about using a new password for every site. I mean, it’s a lovely idea, but it’s just not realistic.  Instead, I’m an advocate of having password families.

One simple password for throwaway accounts you don’t care about, like newsletters;  one medium-hard password for sites that require a registration, but don’t involve money; and then one really strong password for financial accounts that you change on a regular basis.

For that tough password, use something clever, like the first letter of every word in a sentence.  Like this: I Was Born on November 1 in North Dakota — IWBoN1iND (I wasn’t, by the way).  Change a number to a symbol and you are in good shape, like IWBoN!iND.

Now, as for how often you should change your password — I asked a bunch of experts that question not long ago and got some interesting answers.

Graham Cluley – Independent computer security analyst, formerly of Sophos and McAfee (more about him)

I only change my password if I’m worried a service has been hacked/compromised. I have different passwords for each site. In fact, I reckon I have over 750 unique passwords. I use password management software. I think requiring people to regularly change their password is a bad idea. it encourages poor password choices, (such as) ….passwordjan, passwordfeb, etc.

Depends.

Mikko Hypponen – Chief Research Officer, F-Secure (more about him)

For your corporate network account? Several times a year. For an online newspaper that requires registration in order to read it? Never.  As always, it’s about threat modelling: Figure out which services are the important services FOR YOU. Then use a strong, unique password on those, and change it regularly. For non-important sites: who cares.

James Lyne, Global Head of Security Research at Sophos, speaking specifically about corporation passwords (More about him)

The requirement to change your passwords is a preventive measure that is designed to minimize the risk of your already stolen password being cracked and used. Over 2014 there have been a huge number of attacks which have led to the loss of password hashes (or other representations). These password ‘representations’ require time and effort for attackers to crack and reverse to their plain text form. Depending on the hashing scheme in use and the resources of the attacker this can take little, or a very long time. Changing your password regularly helps manage the risk of an attacker stealing your password hash from the provider (without you knowing) by increasing the probability you have changed it before they use it.

There is a real balance to be struck with password rotations. Some enterprises set painful rotation rules that require staff to regularly learn a new password and commit it to memory – ironically this can lead to staff producing poor passwords to meet the requirement which again ironically makes it much easier for the attacker to break. Providing the service provider does their part and secures your password with an appropriate storage mechanism often using a significantly longer, complex and hard to guess password is a much better defence. Good luck to the cybercriminal going after a 128 character password stored as a (moderately poor) SHA1 hash.

Password managers help you generate long and complex passwords that will be hard to crack even if lost, that said, if you go this far and implement a manager you may as well rotate your passwords once in a while as you don’t need to remember them and it helps minimize the risk of attackers using stolen credentials (particularly on sites that store your password poorly).  Most enterprises would do well to consider how to improve their password storage security and the strength of the original password over a 30 day rotation period.

Harri Hursti – independent security researcher, famous for “The Hursi Hack” of voting machines (more about him)

This is not (an easy question) … because also changing the password too often can become a security risk

It greatly depends. Passwords I use more often, over the internet and are in sensitive sites are changed 2-3 times a year. Then there are very important passwords which are either used very seldom or are used in more secure environment and those I change once a year, or not even then.

Chester Wisniewski and Paul Ducklin, senior security advisors at Sophos. (More about Chester and Paul)

The answer, loosely, is this.

Change a password if any one of these is true:

  1. You suspect (or know) it has been compromised.
  2. You feel like changing it.
  3. You have been re-using passwords and have decided to mend your ways.

We explain better in the podcast “busting password myths,” I think.

The podcast is 15 minutes, however, the first two minutes address this very question and may be worth your time.

 

Bob Sullivan
Bob Sullivan |

Bob Sullivan is a writer at MagnifyMoney. You can email Bob here

TAGS: , , , ,

Advertiser Disclosure

Featured

What to Do When a Family Member Steals Your Identity

The editorial content on this page is not provided by any financial institution and has not been reviewed, approved or otherwise endorsed by any of these entities.

What to Do When a Family Member Steals Your Identity

Imagine you’re 20 years old and you’re ready to open your first credit card.  You fill out application after application, but you’re constantly rejected. Looking for a reason, you pull your credit report and find that your credit has already been established — and wrecked — by none other than your parents.

This scenario isn’t all that uncommon. It’s a case of so-called “familiar fraud,” which occurs when the victim knows or is related to the person who steals their identity. Children are an especially easy target for family members, because they are much less likely to be vigilant about their credit history and their personal information is often easily accessible.

In fact, familiar fraud is five times more likely to happen to teenagers, according to a 2015 study by Javelin Strategy & Research. Child identity theft by a relative can be a touchy issue for obvious reasons. In many cases, the parent may have good intentions and may not even think what they have done is wrong.

“[Parents] don’t really necessarily see it as a crime or see it as harmful until later,” says Eva Velasquez, CEO of the Identity Theft Resource Center, a consumer protection group. “[They say] ‘My credit is ruined and I have to keep lights in the house so I’m going to use my kid’s [information]. They are benefiting from it and they’re my kid anyway.’” If the parent isn’t able to pay their debts off, they can wind up doing more harm than good.

And when children find out that their credit has been ruined, it’s not an easy matter to rectify. More than one-third of young people who fall victim to familiar fraud only find out when debt collectors start calling, and another 7% find out when they are rejected for new credit.

Victims of familiar fraud could report the crime to relieve themselves of the debt. Victims of identity theft probably wouldn’t hesitate to file a police report about an anonymous hacker. The story changes when the hacker is their parent or a sibling.

So what do you do if you realize that a family member has used your personal information to open financial accounts in your name?

Here are some steps to follow:

Create a paper trail.

The key to getting fraudulent accounts removed from your credit history is to create a paper trail showing you were the victim of identity theft. Start your paper trail by filing a report with the police and filing a report online or by phone with the Federal Trade Commission. Make copies of all of your reports, Velasquez recommends.

If you know a family member or friend stole your identity and you’re nervous about the idea of going to the police, consider this: Filing a police report doesn’t necessarily mean you’re pressing criminal charges against your family member.

“Creating a report is creating a record of the theft so that the victim can prove the debt is not theirs,” says Adam G. Singer, a consumer attorney located in New York City. “That is a matter of civil law. If a person were to press charges, it would then become a matter of criminal law.”

Contact each lender individually.

Make a list of all the fraudulent accounts that have been opened under your name and contact each lender or debt collections firm individually. Explain that the charges were fraudulent and that you would like to dispute them.

Even if you have a copy of your police report and an FTC complaint handy, the lenders may ask you to provide further proof that the accounts weren’t opened by you.

This could mean bringing a birth certificate that proves you were a minor when the fake account was created or documentation that shows  you weren’t living at the address or in the area where the account was created. Make sure to take notes on all of the conversations that you have with any institutions along the way.

Add a fraud alert to your credit report.

Protect yourself from future fraud by adding a fraud alert to your credit reports. Contact one of the three credit reporting agencies — Experian, TransUnion, or Equifax — to place a 90-day fraud alert on your credit report. When you have an alert on your report, a business has to verify your identity before it issues credit. This makes it more difficult for someone else to open more accounts in your name.

When you contact one credit bureau and request a fraud alert, the alert will also be applied to your files at the other two bureaus as well. You can extend the alert to stay in effect for up to seven years after filing a police report or filling out a complaint form on the Federal Trade Commission’s website.

Alternatively, you could consider a credit freeze.

When your credit is frozen, no one can open a new line of credit under your name unless you agree to thaw your account. Fees depend on the state, but victims of identity theft can usually ask to have those fees waived.

Make credit checks a monthly ritual.

Many young people don’t realize their identity was stolen to open financial accounts until debt collectors begin calling. It’s important to start tracking your credit history early, says Karen C. Altfest, a financial adviser with Altfest Personal Wealth Management.

“You have to know what’s in your accounts and you have to know what’s going on,” she says.

There are some identity theft protection services that charge monthly fees to monitor your credit year-round. But you can also use free services like Credit Karma and Credit Sesame to check your credit report for free and without penalties to your score.

At the very least, comb through your monthly financial statements and make sure nothing looks out of the ordinary. Another easy tip is to ask your bank to alert you anytime charges over a certain dollar amount are made on your account.

Brittney Laryea
Brittney Laryea |

Brittney Laryea is a writer at MagnifyMoney. You can email Brittney at brittney@magnifymoney.com

TAGS: , ,