With the recent news about the CEO of LifeLock having his identity stolen, I looked around the web searching for ways we could prevent ourselves from becoming a victim without having to pay monthly or annual fees.
Luckily, most of what companies like LifeLock and Free Credit Report do can be done by you and me for free.
In my search, I ran across Jeremy Duffy, who is something of an awareness advocate, offering many "How-Tos" on his website for free. And when I say free I mean it. No banner ads, no Google ads.
Jeremy Duffy has worked extensively on home computers since the mid nineties. After years of fixing his own computer problems, owning his own small business in computer service, and two college degrees, Jeremy has gained the technical skills to handle most of the problems normal home-users would face. Having worked in retail sales positions for almost 10 years, he has also seen the tricks and underhanded ploys that business will use to get your money.
In both cases, Jeremy has seen the ways that others will manipulate others for personal gain simply by exploiting their lack of knowledge of business and computer issues. As someone who values honesty and straight-forward dealings, Jeremy takes particular exception to manipulating others unfairly. It is for this reason that he started his Awareness Advocacy website and blog and also recently developed his seminar, "Computer and Internet Safety for Normal People". In each the goal is to provide the straight facts to equip a non-specialized citizen to deal with scams, manipulation, and fraud…
Jamison Braly: The first company many people think of when they think about protecting themselves from ID theft are companies like LifeLock. What do these companies do?
Jeremy Duffy: Besides taking people's money, not much. There are really only two categories of company such as this: monitoring services and insurance providers. Monitoring services essentially give you open access to your credit reports and send you alerts when there are inquiries or changes to your report. Note that this doesn't actually give you the ability to stop any of the inquiries; it just lets you know that something happened.
Insurance providers are nothing more than any insurance provider is, clean-up service. In theory, if you meet the conditions under which they will pay out, you will get some money as stipulated by your terms and conditions. Identity theft is a problem, true, but is it worth paying a monthly fee? Also, before you use any such service, you should ask yourself whether this company is solid and likely to be around when you have a problem. Will they pay out or shaft you as the car insurance companies often do?
JB: Do these companies do any more that we, as consumers, can't do ourselves for free?
JD: Yes and no. Monitoring services will let you access your credit report frequently and send you alerts rather than you having to go and check the reports yourself. Some people believe that it's just as efficient to order on of your free credit reports (you're allowed one free credit report per credit reporting company per year) every 4 months so that you're constantly monitoring your credit. That would be free, but it still requires more effort and is only checking every few months.
For insurance, there are many things you can do to reduce your risk to the point that the money would be better spent in savings or investments.
JB: What about "Fraud Alerts"? Does this provide any comfort for a consumer worried about ID theft?
JD: To a degree. According to the FTC, with a fraud alert, "potential creditors must use what the law refers to as “reasonable policies and procedures” to verify your identity before issuing credit in your name". What constitutes reasonable can vary and, in my experience, retail stores aren't in a hurry to let a good sale go just because the buyer might be using stolen information.
JB: So rather than being aware of when someone steals our identity, how can we prevent it from happening in the first place when it comes to how and when we use credit and debit cards?
JD: Pay at the register in restaurants. This is to prevent "skimming", which is when a restaurant employee scans your card's information into a personal reader. This is much harder to do/impossible when you're standing right there the whole time watching.
Always cross out your card number on credit card sign slips. Many places only require a credit card number for a purchase. If your receipt contains your entire credit card number, you are making it easy for anyone who has access to that receipt to buy things with your card. Store employees, bookkeepers, anyone that goes through the company's trash, etc.
When shopping online, look for options to NOT store your number. There aren't many yet, but some stores provide an option to NOT store your credit card information in their system beyond the point at which your transaction is complete. Big stores like Amazon insist that storing your credit cards makes it easier for you to buy (and it does), but it also presents a security risk to you. If a given store doesn't have good security or if one of the employees feels like making some cash, the database storing the credit card numbers can be breached (a term I'm betting most people have heard about by now). Instead, if you can prevent the company from storing your credit card number in the first place, you're safe from breaches because they can't lose what they don't have.
Use virtual cards to make storing your credit card number impossible. This is one of the best ways to keep companies from putting you at risk by storing your credit card data. Some banks and credit unions allow you to create a "virtual card" for use in a single transaction. You specify the amount to put on the "card" and your bank gives you all the normal information that would be necessary for a credit card purchase. The key is that since the card is created for just this one transaction, any further attempts to charge the card are fruitless. This prevents the problem of breaches, but also issues with companies that don't let people cancel their accounts (which has sadly been quite an issue in recent years).
Never use "contactless" pay systems. RFID (Radio Frequency IDentification) technology is very useful for some things, but attaching it to your ID or credit cards is very dangerous. There have been many studies, experiments, and, sadly, real life situations where such wireless chips were cloned remotely. This means that I could sit on a bus across from you, have some equipment in my coat or briefcase that copies the data from all your cards onto mine. Now I can shop as if I was you and I never even stole your wallet. All I had to do was be near you for a bit. Note that in some cases, RFID chips can be read and cloned from hundreds of feet away.
Leave your cards unsigned and put CHECK ID instead. While this may not lead a company to carefully check picture ID and in some cases can cause them to refuse to give you service (based on the fact that most major cards aren't considered valid until signed), it usually doesn't create a problem, might cause difficulty for a thief who steals your card, and, most importantly, prevents someone who steals your physical card from copying your signature. Challenging false charges is much easier when the signatures don't match at all.
JB: What about when using our Social Security number or card?
JD: So many places ask for an SSN that don't need to. I've even had a video rental store ask for it once. Spreading this number around can cause you to be more at risk for ID theft so make sure you don't provide it without a fight. Ask them why they need it. Ask them if it's required. Ask them if they can use an alternate or generic ID number. If all else fails, lie using the "0" trick (when it's legal, ethical to do so).
JB: What about our personal data? How can we prevent ID theft when it comes to a need to give out this information?
JD: Protect your personal data at all times. The fact is that the more someone knows about you, the easier it is for them to harm you, people you know, or your place of business. That guy at the bus stop might seem friendly, but could just be sizing you up to see if your skull would fit the others in his collection. Or, more realistically, an employee of X company that you ticked off because you didn't buy the extended warranty and now they're going to get punished by their management might look up your address and slash your tires.
JB: Is purchasing online safe?
JD: I don't really have any issue with purchasing online, but be careful about which companies you do it with. Research them first via review sites, a Google (or other search engine) search, and friends (if they've used the site). Always pay with credit card NOT debit since there are federal protections on credit purchases, but not for debit.
JB: What can we do in and around our home to prevent ID theft?
JD: First, watch for RFID technology to become more commonplace. The industry is trying to get them into a variety of consumer products so they can better assess the things you buy and how you use them with casual scans of your house, your trash, or your person.
Second, don't use shopper reward cards or at least use fake data. The store will still get valuable statistics on shopping trends, but they won't be able to profile and send you junk advertisements. If you really trust the company, perhaps you can allow them to have the data and you might get ads for stuff you really want, but I think it's far more likely that they'll sell the data to someone who will use it in a less beneficial manner (less beneficial to you anyway).
Certainly shred your document (using the smallest output shredder possible) and be cautious about advertising the things you buy by leaving the product boxes at the curb. When you have company over, make sure your documents, ID, and such are not in obvious places. The vast majority of ID theft is committed by family/friends.