If you think identity theft won't affect you, you may be a super optimist. Not to be Chicken Little, but in 2012 as many as 12.6 million Americans were victims of identity theft, which breaks down to a crime every three seconds, and those victims were defrauded as much as $21 billion [source: Javelin Strategy & Research]. So maybe being a little bit of an alarmist isn't so bad. Identity theft is a crime that involves another person stealing and using your personal information, such as your name, social security number, birth certificate and financial account numbers for their own personal gain, whether they go on a spending spree or seek medical treatment while posing as you. Thieves get your information sometimes in the easiest of ways, such as simply looking through your trash.
It's not hopeless. In fact, nearly half of those 12.6 million victims discovered identity theft because they themselves were staying on top of their accounts and credit reports; they weren't notified by the fraud department at their bank [source: Javelin Strategy & Research]. By practicing a few good habits, you can protect your information and minimize risk.
Any documents with your name, address, account numbers, social security number or even your phone number that you throw in your trash can put you at risk for identity theft. Items you want to shred instead of throwing away include, basically, anything that could be used to identify you:
- Bank and other financial statements -- you won't have to worry about these if you sign up for electronically-delivered statements instead
- All those credit card offers that come in the mail, including those blank convenience checks that come with your statement from time to time
- Canceled checks and canceled credit and debit cards
- Old pay stubs
- Tax returns that are older than three to four years (you need to keep a few years in case the IRS audits you)
- Old IDs such as your expired work ID or driver's license
- Medical records, explanation of benefits, billing statements, and prescription information
The best shredder for the job is a cross-cut shredder because it creates confetti that's a puzzle no one will be able to put back together, but if you don't have one of your own it's likely your community holds a shredding event that you can take advantage of at least once a year.
Once every year, Americans are entitled to a free credit report, which can be requested from the three credit reporting agencies (Equifax, Experian and TransUnion). You should check all three, as they may not all have the same information on record. You can also make a request through AnnualCreditReport.com, which is the only federally authorized reporting agency.
Nip identity theft in the bud by taking advantage of that free annual report. Use it to keep an eye on what's going on your record, such as accounts you didn't open or addresses where you've never lived, and report any suspicious activity or inaccuracies immediately. Each credit reporting agency also offers monitoring programs and fraud alerts for keeping an eye on things throughout the year.
If the contents of your wallet are busting out at the seams, it's probably time to clean out what's not necessary. And most of the things you're carrying with you probably aren't necessary.
It's not the fat stack of greenbacks we're talking about (although, keeping a small amount of cash in your wallet in case of an emergency or lunch at your favorite food truck isn't a bad idea); it's all those pieces of paper and cards that give away your personally identifiable information that you shouldn't be carrying around.
Remove the old purchase receipts, deposit slip stubs and all those appointment reminder cards -- and although it may seem convenient carry a blank check with you, don't. Then, cut the cards: Carry with you only the identification you need. Never carry your social security card or passport, and remove any credit or debit cards you won't be using. Keep these -- and any other card that includes your personal information and aren't a daily necessity -- safely at home, and keep photocopies of all your cards (don't forget, front and back) so you have account information and important phone numbers handy in case there is a problem.
Other things that shouldn't be stashed in your wallet include PIN reminders, as well as your spare house key (if a thief gets your wallet, they get your driver's license -- which has your address on it).
The states with the highest reported identity theft crimes are California, Connecticut, Florida, Georgia, Illinois, New Jersey, New York, Pennsylvania, Ohio, Texas and Washington -- but it doesn't matter where you live if you're not choosing and using good passwords on the Internet.
Strong passwords contain at least eight characters that are a mix of letters, numbers, and special characters. They aren't real words, like "password" or "monkey" (which are both commonly used, and, as you'd guess, commonly hacked). Try an alphanumeric acronym, with a few capital letters and special characters thrown in for a strong, very difficult to guess password. And although it's super convenient, don't use the same password for every website -- if you're reusing a password again and again, if one account is hacked, they're all in jeopardy.
And even if you use strong passwords, don't forget to change them every few months. And it should go without saying, but we'll say it: Don't leave your password on a piece of paper or stuck to your monitor for all eyes to see.
Online passwords aren't the only key combination that needs safekeeping. When it comes banking, specifically your PIN, don't use something common or obvious. What's obvious? 1234 is obvious. Repeating the same number -- 5555 -- is obvious. Your birthday (or a family member's birthday), the last four digits of your social security number, and your anniversary dates are obvious. Considering there are 10,000 possible combinations of four digit numbers it's a little (okay, a lot) disheartening to learn that the most common PINs are 1234, 1111, and 0000, respectively. (If you're curious about the least common PIN, it's 8068. Well, it was the least common before we all found out about it.) [source: Nick Berry]
Out of the 12.6 million Americans who were victims of identity theft in 2012, as many as 1.5 million knew the person who did it. It's called familiar fraud, and it usually involves your social security number and banking information. But it's not only your family and friends who can't be trusted; right now you probably have a phishing scam waiting for you in your inbox.
Phishing scams look something like this: Someone poses as a legitimate business, usually through e-mail or on the phone. Scammers could pose as a financial institution (a common ruse involves feigning to be the fraud department at your credit card company) or even a government agency such as the IRS -- and "phish" for information such as your social security number, your PIN number and any other personal identifying information.
Be on the lookout for suspicious e-mails, as well as any links and attachments, which could lead you to a malicious site spoofing the legit one or install spyware on your computer. Be suspicious of anyone asking for your personal information over the phone -- if they're the real deal, they won't ask for your password or PIN.
Also, be aware of how much information you're sharing about yourself even when no one is phishing for it. Always browse securely, never publicly post any personal identifying information, and wipe clean any computer or mobile device before you get rid of it.
While your credit card information and social security number go for only about $5 on the black market, your medical identity can sell for much more, upwards of $50 [sources: Dockterman, McCarthy]. Instead of stealing your financial information, thieves steal your medical identity to take advantage of your health benefits for medical treatment, prescriptions and medical equipment. And nearly 2 million Americans were victims in 2013, putting them at risk for large medical bills (for services they didn't have) as well as putting incorrect information into their medical files. This is problematic because you and your medical identity thief may not have the same blood type, for instance, putting you at risk next time you have surgery [source: Ponemon Institute].
Now that you're checking your credit report at least annually, you should also be reviewing your medical and prescription records for any suspicious activity and inaccuracies -- and reporting any mistakes or anything that seems fishy. And don't stop with just your medical reports. Pay attention to your medical bills and review any information your health insurance company sends to you, including those Explanation of Benefits (EOBs) that many of us dismiss. If there's an EOB for a service or treatment you didn't have, something's up. And while you want to keep your medical files and current health insurance information in a safe place, shred everything else, including forms, receipts, bills -- even the labels on your empty prescription bottles.
Identity thieves see your mailbox as an easy target, and will help themselves to your mail (incoming and outgoing), but you can protect your missives. First, always pick up your mail promptly, and don't leave outgoing mail in your mailbox -- send it from the post office or through a postal service mailbox. That goes for when you're on vacation, too; use a mail hold when you'll be away from home. Also, considering swapping your mailbox for one that locks -- or for a post office box.
Identity thieves may also redirect your mail to a different address, so follow your billing cycles closely. If you're not signed up to receive your bills online, make sure that your paper bill is hitting your mailbox on schedule (monthly, quarterly, whatever the bill's schedule happens to be – it pays to know it).
Protecting your plastic means more than just reporting a stolen wallet or alerting the credit card's fraud department of a lost card or unauthorized purchase that shows up on your statement. Those are both good to do, but let's talk about a few other ways to guard your cards.
First, if you won't be using your card, don't take it with you. The only card that should be in your wallet is the one you use frequently, or plan to use during that errand. Keep all others -- including copies of all your credit card information (account numbers, expiration dates and how to contact the fraud department) -- at home.
Second, be smart with your card. Choose to use a photo I.D. on your credit (and debit) cards -- most banks offer this feature, but you'll need to ask for it if you want it. Never give out your credit card information over the phone, and when you're out and about watch whose hands your card is in. And this should go without saying, but never sign a blank receipt.
Lastly, opt out of all those credit card offers that pile up in your mailbox; these offers are an easy way for fraudulent accounts to be opened in your name.
And always, says the broken record, keep an eye on your credit report for any fraudulent activity. Make it easier by signing up for credit monitoring, which will alert you of anything suspicious.
If tomorrow someone were to steal and use your social security number, would you know who to contact for help? What about if they stole your credit card information? For example, the Social Security Administration can't help you settle disputes. And just because your bank doesn't hold you responsible for credit card fraud, that doesn't mean it's still not a great big headache -- fraud will impact your credit report, which can quickly snowball. You may need a new social security number, to clear your name of fraudulent debt with debt collector or even, in more extreme cases, clear your name of criminal charges.
If you suspect -- or know -- that you're a victim of identity theft, immediately place fraud alerts on your credit report (the initial alert is three months, but can be extended to seven years with a copy of your identity theft report), and then request a copy of your credit report to review and report suspicious activity. Report an identity theft complaint to the Federal Trade Commission (this is where you'll get that identity theft report), and to your local police department. And document everything along the way.
Never carry your social security card -- or any documents or I.D. cards with your social security number on them -- with you. We can't repeat that enough. That also goes for your birth certificate and passport. Keep these documents at home, and keep copies of them in case they do go missing or are mishandled. A stolen social security number (SSN) can be used to wreak havoc in all sorts of ways, including allowing access to bank accounts, credit accounts, loans, driving records, medical records, employment information and tax information. And that's really just a list of the biggies. The thief also gains the ability to open new fraudulent accounts.
There are more never-dos when it comes to your SSN. Never give out your SSN over the phone or send it through an electronic form on an unprotected computer. And never use your SSN for identification; for example, never write it on your checks (and don't have it printed on them when you order new checks). Avoid using it as an identifier on such things as your driver's license and medical files -- request to use an alternate number.
The most sweeping tax overhaul in decades became law in December 2017. HowStuffWorks explains what taxpayers can do to benefit from the tax changes.
Author's Note: 10 Tips for Avoiding Identity Theft
Target hardening. While that seems like an extreme way to describe it, that's really what this is all about -- reducing your identity fraud risk by making it more difficult to steal your personal information compared to someone else. For example, if it's harder to steal your mail than your neighbor's mail because you use a locking mailbox and they use an unsecured box on a post, whose mail do you think will be the target? Probably not the one with the lock.
Oh, and if I didn't mention it enough already, protect your SSN -- those 9 digits are the golden ticket to pretty much everything about you.
More Great Links
- Annis, Jill. "Together: Shredding documents can help protect against identity theft and clutter." Wisconsin State Journal. Sept. 5, 2014. (Sept. 20, 2014) http://host.madison.com/lifestyles/home_and_garden/together-shredding-documents-can-help-protect-against-identity-theft-and/article_c668cf05-0f89-583f-b71e-e8b8cce111b2.html
- Berry, Nick. "Data Decoded, Value Unlocked." DataGenetics. July 23, 2013. (Sept. 20, 2014) http://www.datagenetics.com/index.html
- Brownell, Matt. "8 things you should shred right now." MSN Money. Nov. 2, 2011. (Sept. 20, 2014) http://money.msn.com/identity-theft/8-things-you-should-shred-right-now
- Coursey, David. "25 'Worst Passwords' of 2011 Revealed." Forbes. Nov. 21, 2011. (Sept. 20, 2014) http://www.forbes.com/sites/davidcoursey/2011/11/21/25-worst-passwords-of-2011-revealed/
- Dockterman, Eliana. "Your Identity Is Worth $5 on the Black Market." Time. Aug. 26, 2013. (Sept. 20, 2014) http://newsfeed.time.com/2013/08/26/your-identity-is-worth-5-on-the-black-market/
- Equifax. "Preventing Identity Theft." (Sept. 20, 2014) http://learn.equifax.com/identity-theft/preventing-identity-theft
- Federal Bureau of Investigation. "Identity Theft." (Sept. 20, 2014) http://www.fbi.gov/about-us/investigate/cyber/identity_theft/identity-theft-overview
- Federal Trade Commission. "Consumer Information - Free Credit Reports." March 2013. (Sept. 20, 2014) http://www.consumer.ftc.gov/articles/0155-free-credit-reports
- Federal Trade Commission. "Consumer Information - Privacy & Identity." (Sept. 20, 2014) http://www.consumer.ftc.gov/topics/privacy-identity
- Griffith, Eric. "Password Protection: How to Create Strong Passwords." PCMag. Nov. 29, 2011. (Sept. 20, 2014) http://www.pcmag.com/article2/0,2817,2368484,00.asp
- Identity Theft Resource Center. "Identity Theft Protection Tips." (Sept. 20, 2014) http://www.idtheftcenter.org/Protect-yourself/id-theft-prevention-tips.html
- Identity Theft Victims Assistance Network. "My Identity Was Used To Receive Medical Benefits." (Sept. 20, 2014) http://identitytheftnetwork.org/gethelp/my-identity-was-used-to-receive-medical-benefits
- Javelin Strategy & Research. "More Than 12 Million Identity Fraud Victims in 2012 According to Latest Strategy & Research Report." Feb. 20, 2013. (Sept. 20, 2014) https://www.javelinstrategy.com/news/1387/92/More-Than-12-Million-Identity-Fraud-Victims-in-2012-According-to-Latest-Javelin-Strategy-Research-Report/d,pressRoomDetail
- Lanza, Jeff. "Protecting Your Identity." Federal Bureau of Investigation. Aug. 21, 2006. (Sept. 20, 2014) http://www.fbi.gov/news/stories/2006/august/idtheft_082106
- McCarthy, Cathleen. "How to Spot and Prevent Medical Identity Theft." Fox Business. Aug. 13, 2014. (Sept. 20, 2014) http://www.foxbusiness.com/personal-finance/2014/08/13/how-to-spot-and-prevent-medical-identity-theft/
- National Consumers League - Fraud.org. "Internet Fraud: Phishing." 2013. (Sept. 20, 2014) http://www.fraud.org/scams/internet-fraud/phishing
- Navy Federal Credit Union. "Phishing & E-mail Scams." (Sept. 20, 2014) https://www.navyfederal.org/life-money/managing-your-money/phishing-email-scams.php
- Ponemon Institute. "2013 Survey on Medical Identity Theft." Sept. 11, 2013. (Sept. 20, 2014) http://www.ponemon.org/blog/2013-survey-on-medical-identity-theft
- Tolar, Tisha. "5 things never to keep in your wallet." MSN Money. Oct. 24, 2012. (Sept. 20, 2014) http://money.msn.com/saving-money-tips/post.aspx?post=13d8f202-3460-46ec-805e-9bf232fe062f
- TransUnion. "How to Prevent Identity Theft." (Sept. 20, 2014) http://www.transunion.com/personal-credit/identity-theft-and-fraud/how-to-prevent-identity-theft.page
- U.S. Department of Justice. "Identity Theft and Indentity Fraud." (Sept. 20, 2014) http://www.justice.gov/criminal/fraud/websites/idtheft.html
- U.S. Social Security Administration -- Philadelphia Region. "Avoid Identity Theft: Protect Social Security Numbers." (Sept. 20, 2014) http://www.ssa.gov/phila/ProtectingSSNs.htm
- Weisman, Steve. "There is an epidemic of medical identity theft." USA Today. Sept. 13, 2014. (Sept. 20, 2014) http://www.usatoday.com/story/money/personalfinance/2014/09/13/identity-theft-hacking-medical/15345643/