Slashdot Mirror
Identity Theft Countermeasures?
gbell asks: "Stories about reconstructing shredded documents and horrific tales of rampant identity theft (at least 750K victims/year) have me scared and wondering if I'm being careful enough. What are savvy Slashdot readers doing to protect their financial identity? I already have fraud alerts on my credit reports, which make sure I'm contacted if any requests for additional credit happen. I've called 800-5-OPT-OUT and stopped all the credit card offers. I use unique passwords on all of my online financial accounts. I shred and pulp-ify all documents. I order periodic copies of my credit reports (although I'm irked that I have to pay for them - they're only free if you've been recently denied credit). Is there anything else I should be doing? People spend years sorting out ID theft, and I'm wondering when credit-abusers will start crying 'fraud' just to get out of debt... making things even harder for the true victims. Cops don't have time to do anything, even if you find the perp yourself. The situation looks like it's going to get much worse, and I'm willing to take steps now to increase my security at the cost of convenience. Suggestions?"
when you get a receipt, tear out your credit card number and tear it into smaller pieces. People can pick them out of the trash. I'm always careful to do this, many places put your number on your receipt.
"Question with boldness even the existence of a god." - Thomas Jefferson
If you live in one of the following states you are entitled to one free credit report/year:
Colorado, Georgia, Massachusetts, Maryland, New Jersey, Vermont.
As far as getting one when you are denied credit, all it really takes is an inquiry. The credit agency doesn't know if the credit card, loan office, etc. approved or denied you. So if you've applied for anything recently you can call up and get a free report.
Call these numbers and follow the prompts for having been denied credit:
Experian 800.353.0809
Equifax 888.567.8688
TransUnion 800.680.7293
This aggrivates me to no end. The US Army requires its soldiers to put their SSNs on almost every official peice of paperwork relating to them. Home addresses are only a 201 file away. I'm pretty sure that identity theft is rampant in the US military. Officers and high-ranking NCOs are probably even more vulnerable because of their higher salaries. I wish we would abandon SSNs for a military-only serial number.
Looking at one of their reports, I believe the quote was "The FTC's identity theft Web site had received more than 699,000 hits since it was launched in February 2000" that spawned that number.... The actual report I expect it's from is here, and the article from the story misquoted it - the actual number of complaints to the FTC via their hotline for 2001 was over (but probably around) 86,000.
Several websites seem to use the larger number, but most of them are selling something and just playing "woopsie" with the numbers.
At 86,000, that puts it more at the level of arson. So I'll spend just about as much effort avoiding it - none outside of common sense. However, my credit cards do have insurance, just like I have insurance on my apartment and belongings. And I don't post my SS# to usenet.
What I encounter far more often is the stupid debt collection agencies sending me bills that have nothing to do with me, where the name is slightly different and the SS# is nowhere near the same - I don't think those are someone trying to steal my identity. Rather, I think it's the debt collectors getting desperate to find someone and spamming any name that's even close hoping that either they'll find him, or someone else will pay the bill without realizing it isn't them.
Oh - by the way, the "using seperate random passwords for important online accounts" thing.... I count that as common sense. Add in - not logging into bank or brokerage services from untrusted computers, especially at Kinko's.
I write code.
Shredding documents in particular is probably completely unnecessary
One of my best friends is a Secret Service agent. If you heard the stories he tells, you would not say this.
how about an example? On one fraud case he was on when they busted into the criminals house, they found piles of Checks, Credit card and utility statements. Most smelling of trash. They had conned over 200K using this information. If you think that just because the crooks were caught, it was skippy fun time for the victims you are quite wrong. Regardless of the circumstances one victim was evicted from their house, because of a bounced rent check (the thieves took the money) and then had a very hard time finding another place because of the damage the crooks had done to their credit report.
If I were you I would get a LOT more paranoid. On second thought don't. That way I only have to outrun you....(see above)
Americans could not be more self absorbed if they were made of equal parts water and paper towel. -Dennis Miller
Credit reports are free in Canada. (if you mail/fax in) Online reporting costs.
Why not suggest they make them free in the US?
It really is in the your, the credit bureaus and the creditors best interest to have accurate information.
The smarter identity theifs actually pay the minimum payment to keep sucking money without alerting you.
BTW my favourite financial advice site is fool.com. They have many intelligent and well written articles that give guidance on these topics.
I am a victim of identity theft, and it is hell dealing with the fallout of it. Someone opened store credit accounts in my name, ran up huge charges, and never paid them. It doesn't take an AFDB to be worried about this. It happens, and it's not easy to fix.
I have been round and round with the companies that were scammed with my identity. I am just now learning how to make sure my credit reports are annotated that the bad accounts are from identity theft. The bad info stays on the accounts, which as far as scoring goes, is just as bad if they weren't annotated.
The difficult part in dealing with this is you can't prove a negative. The companies love to say "prove you didn't open the account." There is no protection for this, and plans I've had for home ownership are ruined, at least for the past couple years, thanks to identity theft.
To those of you saying the poster needs an AFDB, think about what you'd do if you found false information, using your SSN, on your credit report tomorrow. That is what has happened to me.
Identify; to establish the identity - e.g. ask a user name (c.f. anonymous ftp).
Authenticate; checking the proofs of identification are legit, e.g. check that photo ID isn't a fake, check credentials w/ password.
Authorization; making sure this schmo you identified and whos id you authenticated is actually allowed to do what he's doing, e.g. permissions.
Auditing; keeping records, i.e. logging.
Non-repudiation; making sure some one can't claim "it wasn't me", e.g. videotaping ATM users. (Cryptographic non-repudiation often depends on keeping a secret, such as a secret key. Not a good assumption; "it was my 0wnx0r!")
Confidentiality; keeping secrets, i.e. don't give out private information.
Integrity; making sure stuff isn't changed (if it is changed, make sure it's audited)
Accesibility; make sure legit users can actually use their stuff.
Identity theft wouldn't be such a big problem if corporations and branches of government would authenticate properly. People's dogs are getting pre-approved credit card spam! If you know someone's momma's maiden name, banks will roll over and give you the key to the vault. Sure, they've got tons of money spent on all the other security features (except auditing of course. and integrity/accesibility, disaster data recovery people gotta make a buck to) but it doesn't help if you think someone's mom's maiden name is a secret!
About the author Walther fon Bernstien is a 31 year old technical writer from Houston, TX. He lives a quiet life writing from the historical "McDuff's Castle" building on 33nd Elm Street, left to him in 1989 by his mother, an accomplished pianist who performed under her maiden name Mary Jane Smythe. His interests include golfing at the Nine Yards Club, his dogs Whisky and Brandy, and numerology; he beliefs it's no coincidence that his social security number is 696969, while both his VISA and Mastercard creditcards have 6969 as the last 4 digits as well! Send him a card on his birthday, the 9th of June!
SCO employee? Check out the bounty
What really annoys me about this are the health insurance companies. Seems like they all use you SSN as ID, boldly printed on your membership card. (Aetna urged me to "always keep it with you", or something to that effect -- yeah, right.) A BCBS rep told me over a year ago they were phasing them out, in part due to a California law requiring the change. I hope they'll all make the move real soon...
I had a funny experience with this once. I bought a whole cart-load of stuff at a local Wal-Mart a couple years ago. The checkout girl ran it all through and I then gave her my Visa Check Card (before they had the card readers for the customers installed). The girl ran it through the card reader and had me sign the receipt. Then she compared my signature to the one on the back of the card. Well, on the back of my card I wrote "SEE PHOTO ID" in big bold letters that covered the full strip. This girl was foreign, Chinese I believe. She told me in very broken English that the "signatures" didn't match. Well duh. I tried explaining it to her for a good 2-3 minutes. She got louder. I got louder. She just couldn't get it through her head what "SEE PHOTO ID" meant. Finally our arguement attracted a manager. He asked her what the problem was to which she replied what she'd been saying for 2-3 minutes: "They don't match." I told the guy that he had 5 seconds to complete the sale or I was finished with the store. Remember not that I had a heaping-full cart load of stuff (large Wal-Mart with a grocery store inside). He took the receipt from the girl, handed me my copy, and that was that.
I still think writing "SEE PHOTO ID" on the backs of my cards is the best thing to do. I have NEVER had a single person compare the signature to the signature I just wrote. If anyone ever had they would see that they DO NOT MATCH. Not even close. I write very quickly most of the time and my signature is usually illegible and never the same twice. I do have people look at my face after looking at my photo ID about 80% of the time though. I feel it is by far a better solution overall. The best solution would be to use a card that has your photo on the card itself.
Too rich for me man. For free, go to this site and enter a combination of first, last and zip (or portions of these) and get first name, middle init, last name, DOB and zipcode. If that's not enough, pay $29 PER YEAR!! and get all that plus address for as many searches as you want. It's too rediculously easy to get this info!
BTW, if you go to the FAQ, then privacy statement from there, then click the opt out link, you can fill out a form... afterwards, they will promptly NOT remove you. At least they haven't removed me yet after submitting the form 3 times over as many months. I even followed the "If you still have problems..." info they give and e-mailed their opt-out address asking to be removed. (I did use a temp mail account in case they are culling addresses for spammers.)
Is this a service offered by your state or the credit reporting agencies? Do you have to pay for this?
This is not a state service. You must contact the three (redundant) credit report agencies: Equifax, Experian, and TransUnion. Tell them to put an alert on your credit report requiring creditors to contact you via telephone for approval before issuing credit in your name.
This alert is free and has the nice side effect of eliminating those unwanted, pre-approved credit cards in the mail. Creditors can't mail you pre-approved credit cards if they didn't call you for permission first! Those pre-approved credit cards are easily stolen and used to buy stuff in your name with credit accounts you never even knew you had!
Also, if you tell Equifax, Experian, or TransUnion you your wallet or mail was stolen, they will give you a free copy of your credit report (once per year). They don't verify this, but they might get suspicious if your wallet is stolen every January. I get my three credit reports (Equifax, Experian, and TransUnion) every year to make sure my identity theft problem does not come back to haunt me. You must check all three credit reports because they contain different and often incorrect information about your credit accounts.
cpeterso
Read this account of how far you'd have to go to get them to reject a signature (answer: extremely far).
A decent crosscut shredder is now $30 at Target, and yes you do want to sweat things that much, especially in urban areas. Otherwise, any dumpster-diving moron can get ahold of your vital financial information.
Got good credit? Do you get those credit card offers in the mail? Or does your dipshit credit card company send you 'free' checks to use to pay off other balances? You may be fucked if you're just throwing them out unopened and unmolested.
Get a crosscut shredder. Shred everything customized with your name, SSN or credit card numbers before throwing it out. This is really important. The US post office usually does a decent job of protecting mail en route (usually...), but once it's in your hands it's your responsibility.
I had my identity stolen in 1995 which resulted in financial catastrophe for me in 1996. Back then, identity theft was a more or less unknown crime and people affected didn't exactly have a willing ear on the other side of the phone.
They finally did catch the person who had found a college transcript in the trash at the Administration building where I was going to college. The school had thrown out a whole bin full of transcripts that didn't print out correctly, but still had social security numbers on them.
The person who stole my identity ran up almost $30,000 in credit card debt, bought two cars, and left me holding the bag. They had changed my address so I wouldn't get the bills, so it was 6 weeks or so before I started calling to find out what was going on. A week of investigating turned up all of these accounts, but it was too late. Even with an open case, the lenders were still unwilling to take the hit and instead put all of the accounts into collections. The credit bureaus were similarly unwilling to listen, and I sat for nearly 7 years (ending this November) with bad credit items that were not mine.
So, here's what I did to protect my identity ex post facto:
1) ALWAYS choose one of the following options:
a) Elect to receive online statements INSTEAD of paper
b) Buy a really good cross shredder that has a split bin, so any given piece of paper ends up split between two different trash bags.
It is always better not to have important identity-related documents mailed to your home. A PO box is much better.
2) NEVER carry your social security card or use your social security number for anything other than the administration of your social security account. It is actually against the law to use the SS# for any purpose other than to maintian your SS account. Get a TIN number instead.
3) NEVER allow the state to use your social security number for your drivers' license. Since it also has your address and birthday, it's like carrying Carte Blanc for an identity thief
4) Have checking accounts at more than one bank and split your paycheck direct deposit between the two. This isn't so much to protect your identity, but more to have a backup in case one of your accounts is compromised. (I actually have three)
5) Never ever ever ever ever give your account information to ANYONE, EVER. If you're filling out an application on paper for a loan, just write "SEE CREDIT REPORT." There is absolutely no reason for anyone to ask you to write down your account information when you're applying for a loan. Remember, anything that you put on a piece of paper that is not under your complete control is ammunition against you. In general, you should never be filling out paper applications for credit anymore.
6) Get a Sharpie and write "CHECK ID" in the signature panel AND ACROSS THE FRONT of all of your credit cards. This is obvious. Cards with your photo are a neat option, but are usually ignored. Here's the important part: if someone does NOT ask for ID, get their manager and make a HUGE stink about it. Hold up the checkout line while you ream him/her out for 10 minutes about identity and credit card theft. Teach them a lesson about paying attention.
7) Demand that your creditors ask for a password or PIN from anyone who calls customer service. If they will not, close the account and find a lender who will. They do exist.
8) Get Steganos Security Suite (Windows) or use an encrypted filesystem (Linux) if you use your PC to maintain your financial records. Of course, linux is the better solution, but hey, not everyone runs it.
9) This is a new one, but in some places, the credit bureaus allow you to put a "HOLD" on your credit report. This causes the bureau to require your direct intervention to allow your report to be released to a lender. This is expensive ($40 for the hold, and $30 for each release, I think), but worth it if you are at risk of identity theft.
Now, I know the Security Weenie section of the Slashd
Uh, sorry, wrong. Your credit rating is based on having lines of credit and paying them off on schedule. There are also components of debt ratio (how much debt you have compared to how much credit you have -- going over 50% is bad) and income ratio (how much unsecured debt you have compared to income), along with other things. Yes, I've worked in the industry.
Your credit rating has nothing to do with paying interest. You have the entire system screwed up in your head. The system is designed to let lenders know who will NOT repay the loan -- the interest is irrelevant if you never recover the principle. Since the inception it's been sliced and diced a million ways, but that's still the underlying purpose of the system -- to recognize good and bad credit risks.