Practical Advice from an Alum
How to Avoid and Recover from Identity Theft

By Gene Ret (December 2023)
 
Personal identity protection has become even more vital due to the increased demand for digital services that occurred during the COVID-19 pandemic. The widespread use of email and online shopping also calls for adequate precautions for your identity and credit protection.
According to Javelin Strategy & Research, a subsidiary of award-winning analytics and advisory firm Escalent, 15 million people were victims of identity fraud in 2022, amounting to losses of over $24 billion. By combining identity fraud and scam statistics, Javelin established that the total losses in the United States were as high as $52 billion, with 42 million victims. You don't want to be one of them.
 
Why should I care if someone steals my identity?  
In most cases, you will be responsible for what the thief does while using your personal information. You might have to pay for what the thief buys. This is true even if you do not know about the bills. 
How can that happen? A thief might get a credit card using your name. He changes the address, the bills go to him, but he never pays them. That means the credit card company thinks you are not paying the bills, which will hurt your credit.
What can a thief do with my personal information?
Identity thieves can use your name and information to:
  • buy things with your credit cards;
  • get new credit cards;
  • open a phone, electricity or gas account;
  • steal your tax refund
  • get medical care;
  • pretend to be you if they are arrested.
Protect documents that have personal information
Keep your financial records, Social Security and Medicare cards, and any other documents that have personal information in a safe place. When you decide to get rid of those documents, shred them before you throw them away. If you don’t have a shredder, look for a local shred day or use a marker to block out account numbers. If you get statements with personal information in the mail, take your mail out of the mailbox as soon as you can.
 
Ask questions before giving out your Social Security number
Some organizations need your Social Security number to identify you. Those organizations include the IRS, your bank and your employer. Organizations like these that do need your Social Security number won’t call, email or text you to ask for it.
 
Other organizations that might ask you for your Social Security number might not really need it. Those organizations include a medical provider, a company or your child’s school. Ask these questions before you give them your Social Security number:
  • Why do you need it?
  • How will you protect it?
  • Can you use a different identifier?
  • Can you use just the last four digits of my Social Security number?
 
Protect your information from scammers online and on your phone
If you’re logging in to an online account, use a strong password. Add multi-factor authentication for accounts that offer it. Multi-factor authentication offers extra security by requiring two or more credentials to log in to your account. The additional credentials you need to log in to your account fall into two categories: something you have — like a passcode you get via text message or an authentication app, or something you are — like a scan of your fingerprint, retina or face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password
 
Do not give your personal information to someone who calls, emails or texts you. It could be a scammer trying to steal your information.
 
Do not respond to messages or texts from unknown sources. If you click on the content, malware may infect your computer and/or retrieve your personal information, including credit card and checking account information.
 
If someone stole your identity, act fast.
Acting fast can help reduce the damage identity theft can cause.
 
Recovering from identity theft
First, call the companies where you know fraud happened.
  • Explain that someone stole your identity.
  • Ask them to close or freeze your accounts.
  • Then change your password or personal identification number (PIN).
  • Then visit IdentityTheft.gov or call 1-877-438-4338.
What is IdentityTheft.gov?
IdentityTheft.gov is a website that helps you recover from identity theft. You:
  • answer questions about what happened to you;
  • put in your name, address and other information;
  • get your personal Identity Theft Report;
  • get a recovery plan created just for you.
You also can create an account. The account helps you through the recovery steps and tracks your progress.
 
What happens when I get my recovery plan?
You will want to call one of the credit bureaus. Ask the credit bureau for an initial fraud alert. It is free and lasts for 90 days. The fraud alert makes it harder for thieves to open accounts in your name. That credit bureau has to tell the other two. 
Then you can ask all three credit bureaus for a credit report. If someone stole your identity, your credit report is free. Look at your credit report for things you do not recognize.
 
Then am I done?
Everybody’s identity theft experience is different. But your recovery plan from IdentityTheft.gov will: 
  • Tell you the steps to take next.
  • Tell you where to call, and give you the phone numbers.
  • Give you letters to send with your information filled in.
  • Give you reminders and help you track your progress.
 
Identity monitoring services 
There are many firms that provide credit monitoring for you to best manage your credit and become aware of unauthorized credit activity. Credit monitoring services scan activity that shows up on your credit reports. They might monitor activity at one, two, or all three of the major credit bureaus — Equifax, Experian and TransUnion.
 
These monitoring services will usually alert you when
  • a company checks your credit history;
  • a new loan or credit card account appears on your credit reports;
  • a creditor or debt collector says your payment is late;
  • public records show that you filed for bankruptcy;
  • someone files a lawsuit against you;
  • your credit limit changes;
  • your personal information, like your name, address or phone number, changes.
 
Companies that offer identity monitoring services check databases that collect different types of information to see if they contain new or inaccurate information about you. Those could be a sign that someone is using your personal information. These services can detect uses of your personal information that won’t show up on your credit report.
 
Identity monitoring services may tell you when your information shows up in:
  • a change of address request;
  • court or arrest records;
  • orders for new utility, cable or wireless services;
  • an application for a payday loan;
  • a request to cash a check;
  • on social media on websites that identity thieves use to trade stolen information.
May you have an identity theft-free new year!
         
 
        About Gene Ret
 
Eugene (Gene) Ret is a 30-year veteran of Chase Bank and has been in financial services for 45+ years. He has been a Privacy Professional for 23 of these years and was a Senior Privacy Compliance Officer for Chase, as well as HSBC.
 
Ret was one of the first to develop and employ “best in class” privacy protocols in the buildout of the Privacy Office function and participated in the early development of bankers' recommendations to federal regulators regarding effective and appropriate Privacy standards. Ret has been a presenter at bank trade associations’ symposiums on various Privacy matters and has been a frequent contributor to online Privacy forums and discussions on new and trending topics. 
 
Ret is currently an independent consultant in General Banking Compliance, specializing in Privacy. He is a certified Privacy Professional  – CIPP-US –  a certification by the International Association of Privacy Professionals.    
________________________________________
 
Please send questions or comments to:
 
(Added December 19, 2023)
From Diane Bresee: I wonder what a person is to do when we receive a letter from a company we’ve done business with, notifying us that their data base was hacked.
 
Gene Ret replies: You should first change your ID and password related to that site. Then determine what specific information was compromised. If transactional account data such as credit card or checking account was comprised, notify those financial institutions. You can place a fraud alert on these accounts so the institution will monitor and advise you of questionable activity, and/or you can cancel your accounts and have new accounts issued to you. Most reputable firms that have had a breach of data should offer you free account monitoring through a credit bureau or a credit monitoring service such as Norton Lifelike for a limited time. This will monitor your credit and report any new credit accounts opened in your name. If not offered to you, you should obtain / purchase this service for one or two years.