Identity Theft Countermeasures? 609
gbell asks: "Stories about reconstructing shredded documents and horrific tales of rampant identity theft (at least 750K victims/year) have me scared and wondering if I'm being careful enough. What are savvy Slashdot readers doing to protect their financial identity? I already have fraud alerts on my credit reports, which make sure I'm contacted if any requests for additional credit happen. I've called 800-5-OPT-OUT and stopped all the credit card offers. I use unique passwords on all of my online financial accounts. I shred and pulp-ify all documents. I order periodic copies of my credit reports (although I'm irked that I have to pay for them - they're only free if you've been recently denied credit). Is there anything else I should be doing? People spend years sorting out ID theft, and I'm wondering when credit-abusers will start crying 'fraud' just to get out of debt... making things even harder for the true victims. Cops don't have time to do anything, even if you find the perp yourself. The situation looks like it's going to get much worse, and I'm willing to take steps now to increase my security at the cost of convenience. Suggestions?"
watch out for receipts (Score:5, Informative)
Re:watch out for receipts (Score:3, Informative)
My latina friend had her identity stolen to provide papers to an illegal immigrant.
If your identity is stolen visit the ftc.gov website.
Credit reports (Score:5, Informative)
Colorado, Georgia, Massachusetts, Maryland, New Jersey, Vermont.
As far as getting one when you are denied credit, all it really takes is an inquiry. The credit agency doesn't know if the credit card, loan office, etc. approved or denied you. So if you've applied for anything recently you can call up and get a free report.
Call these numbers and follow the prompts for having been denied credit:
Experian 800.353.0809
Equifax 888.567.8688
TransUnion 800.680.7293
One great counter-measure. (Score:3, Informative)
Just this week, I was registering to take the FE exam (for engineering certification) in October. DAPE [dape.org] (who adminsters the test) then sends you a packet including a pre-addressed card that has to be sent in immediately (You've already sent them all this information. I don't understand why they want it all again) You put your information on it and mail it back to them. They actually want people to put their SSN on the card (no envelope) and mail it back. I sent it back to them (in an envelope, of course) with a little sticky-note telling them that I didnt think it was wise sending my SSN in plain sight through the mail.
Re:I'd be willing to bet that most of this happens (Score:1, Informative)
Well.... they be doomed to confusion.
This also works with the government. So far most of them have not a clue who I really am.
The number is actually 1-888-5-OPT-OUT (Score:3, Informative)
You have the option of getting "off the lists" for 2 years, or forever. You also have the option of getting back on the lists -- why you'd want to, I don't know.
Re:I'd be willing to bet that most of this happens (Score:1, Informative)
Hint: Don't Join the Military! (Score:5, Informative)
Re:The important part (Score:1, Informative)
Re:Worried? bah ... (Score:1, Informative)
On the plus side, you're very likely eligible for a free credit report (due to being unemployed). You'll most likely have to write a real paper letter to get it (they won't let you do it for free if you do it online -- stupid but true). Here [bankrate.com] is a nice informative article about that.
By the way, I'm not just relying on the info in that article. I myself was unemployed and managed to get free reports from the agencies. It was kind of a positive thing because, being unemployed, I had free time but no money, and this fit with both those. Also, it was nice to get something constructive done, even if I couldn't get a job. (Which I eventually did...)
Re:Countermeasures (Score:3, Informative)
The 750K figure and others mentioned in the Washington Post link probably includes people merely "taking" the identity but not "using" it. This could, for example, include script kiddies stealing databases with thousands and thousands of credit card numbers and personal info but doing nothing with it (or doing something, but only with small parts of it).
But it is true that one should keep an eye open. Here's what your favorite
Ready just now? (Score:3, Informative)
(emphasis mine)
Not to rain on your parade or anything, but from the trouble you've taken (different passwords everywhere, spending money on periodic credit reports, premptive fraud alarms attached to your credit that will make applying for any sort of acredit a Pain for you) you already ARE at the point where you've given up a lot of convienence.
That being said, the one thing I've done that is 'inconvienent' is I don't sign my credit cards. Now, I don't mean I leave them blank - thats asking to get ripped off (anyone who steals the card can sign your name) - I put 'SEE ID' in the signature area. Mind you, a few places don't even bother to check the sig area, so you're still SOL if someone steals your card and uses it at a lax restraunt or gas station, but having the guy behind the counter ask to see a photo ID every time I buy something expensive feels like a good tradeoff to me.
Of course, someone could always make a fake ID with their photo and my name on it, but thats a lot of effort, and frankly, I'm not That paranoid. I have fraud insurance on all of my accounts, and have very clean credit. If I loose a card at an ATM (by forgetting it), or loose a imprinted recipt, I call the card company immediatly. Having a track record of getting new cards whenever something like that happens does wonders when there is something questionable on your statement and you call about it.
Along that vein, a friend of mine recommends reporting your card lost once or twice a year, just to get new cards with different numbers.
Then again, that friend is a little bit more paranoid then I am... He's about as paranoid as you are...
Hey, wait a second, you're name isn't Bryan is it?
Re:You're overreacting (Score:5, Informative)
Looking at one of their reports, I believe the quote was "The FTC's identity theft Web site had received more than 699,000 hits since it was launched in February 2000" that spawned that number.... The actual report I expect it's from is here [ftc.gov], and the article from the story misquoted it - the actual number of complaints to the FTC via their hotline for 2001 was over (but probably around) 86,000.
Several websites seem to use the larger number, but most of them are selling something and just playing "woopsie" with the numbers.
At 86,000, that puts it more at the level of arson. So I'll spend just about as much effort avoiding it - none outside of common sense. However, my credit cards do have insurance, just like I have insurance on my apartment and belongings. And I don't post my SS# to usenet.
What I encounter far more often is the stupid debt collection agencies sending me bills that have nothing to do with me, where the name is slightly different and the SS# is nowhere near the same - I don't think those are someone trying to steal my identity. Rather, I think it's the debt collectors getting desperate to find someone and spamming any name that's even close hoping that either they'll find him, or someone else will pay the bill without realizing it isn't them.
Oh - by the way, the "using seperate random passwords for important online accounts" thing.... I count that as common sense. Add in - not logging into bank or brokerage services from untrusted computers, especially at Kinko's.
Re:Credit reports (Score:1, Informative)
http://www.ftc.gov/os/statutes/fcra.htm#609
Re:Countermeasures (Score:4, Informative)
One of my best friends is a Secret Service agent. If you heard the stories he tells, you would not say this.
how about an example? On one fraud case he was on when they busted into the criminals house, they found piles of Checks, Credit card and utility statements. Most smelling of trash. They had conned over 200K using this information. If you think that just because the crooks were caught, it was skippy fun time for the victims you are quite wrong. Regardless of the circumstances one victim was evicted from their house, because of a bounced rent check (the thieves took the money) and then had a very hard time finding another place because of the damage the crooks had done to their credit report.
If I were you I would get a LOT more paranoid. On second thought don't. That way I only have to outrun you....(see above)
Free in Canada, why not the US too? (Score:4, Informative)
Why not suggest they make them free in the US?
It really is in the your, the credit bureaus and the creditors best interest to have accurate information.
The smarter identity theifs actually pay the minimum payment to keep sucking money without alerting you.
BTW my favourite financial advice site is fool.com. They have many intelligent and well written articles that give guidance on these topics.
"See ID" not valid (Score:2, Informative)
"Some customers write "See ID" or "Ask for ID" in the signature panel, thinking that this is a deterrent against fraud or forgery. In reality, criminals don't take the time to practice signatures: they use cards as quickly as possible after theft and prior to the accounts' being blocked. They are actually counting on you not to look at the back of the card and compare signatures -- they may even have access to counterfeit identification with a signature in their own handwriting.
""See ID" is not a valid substitute for a signature. The customer must sign the card in your presence, as stated above."
http://usa.visa.com/media/business/chargeback_m
Also see http://www.livejournal.com/users/hornswoggle/2237
To all you laughing at this, it happened to me (Score:5, Informative)
I have been round and round with the companies that were scammed with my identity. I am just now learning how to make sure my credit reports are annotated that the bad accounts are from identity theft. The bad info stays on the accounts, which as far as scoring goes, is just as bad if they weren't annotated.
The difficult part in dealing with this is you can't prove a negative. The companies love to say "prove you didn't open the account." There is no protection for this, and plans I've had for home ownership are ruined, at least for the past couple years, thanks to identity theft.
To those of you saying the poster needs an AFDB, think about what you'd do if you found false information, using your SSN, on your credit report tomorrow. That is what has happened to me.
Security definitions. (Score:4, Informative)
Authenticate; checking the proofs of identification are legit, e.g. check that photo ID isn't a fake, check credentials w/ password.
Authorization; making sure this schmo you identified and whos id you authenticated is actually allowed to do what he's doing, e.g. permissions.
Auditing; keeping records, i.e. logging.
Non-repudiation; making sure some one can't claim "it wasn't me", e.g. videotaping ATM users. (Cryptographic non-repudiation often depends on keeping a secret, such as a secret key. Not a good assumption; "it was my 0wnx0r!")
Confidentiality; keeping secrets, i.e. don't give out private information.
Integrity; making sure stuff isn't changed (if it is changed, make sure it's audited)
Accesibility; make sure legit users can actually use their stuff.
Identity theft wouldn't be such a big problem if corporations and branches of government would authenticate properly. People's dogs are getting pre-approved credit card spam! If you know someone's momma's maiden name, banks will roll over and give you the key to the vault. Sure, they've got tons of money spent on all the other security features (except auditing of course. and integrity/accesibility, disaster data recovery people gotta make a buck to) but it doesn't help if you think someone's mom's maiden name is a secret!
About the author Walther fon Bernstien is a 31 year old technical writer from Houston, TX. He lives a quiet life writing from the historical "McDuff's Castle" building on 33nd Elm Street, left to him in 1989 by his mother, an accomplished pianist who performed under her maiden name Mary Jane Smythe. His interests include golfing at the Nine Yards Club, his dogs Whisky and Brandy, and numerology; he beliefs it's no coincidence that his social security number is 696969, while both his VISA and Mastercard creditcards have 6969 as the last 4 digits as well! Send him a card on his birthday, the 9th of June!
Correction: not iPay - ADP.com! (Score:3, Informative)
Security freezes (Score:2, Informative)
AFAIK, California is the only state that has security freezes. Needless to say, it's not something that the credit agencies have been exactly jumping for joy about, since they are in the business of selling reports.
In all states, you can request (and pay for) a security alert, which means you are notified when somebody pulls a credit report.
Re:watch out for receipts (Score:2, Informative)
Re:You're overreacting (Score:4, Informative)
Want a free credit report? (Score:3, Informative)
Re:Worried? bah ... (Score:3, Informative)
Seriously though, the original submission raises the spectre of people crying fraud to erase their real debts. I don't know if anything has changed, but I had a checkbook stolen a little over a decade ago. When I went in to deal with it, I had to fille out an affadavit (a witnessed, sworn statement) of forgery for every single check the miscreant wrote. Sure, I could have lied, but if I did, I added purjury and fraud to my bad debt. Both felonies. Not a good idea.
I don't think we have to worry about false claims of fraud. There's a legal way to get out of debt called "bankruptcy." It may scar your credit for a long time, but it beats the hell out of felony conviction.
Re:Ready just now? (Score:4, Informative)
I had a funny experience with this once. I bought a whole cart-load of stuff at a local Wal-Mart a couple years ago. The checkout girl ran it all through and I then gave her my Visa Check Card (before they had the card readers for the customers installed). The girl ran it through the card reader and had me sign the receipt. Then she compared my signature to the one on the back of the card. Well, on the back of my card I wrote "SEE PHOTO ID" in big bold letters that covered the full strip. This girl was foreign, Chinese I believe. She told me in very broken English that the "signatures" didn't match. Well duh. I tried explaining it to her for a good 2-3 minutes. She got louder. I got louder. She just couldn't get it through her head what "SEE PHOTO ID" meant. Finally our arguement attracted a manager. He asked her what the problem was to which she replied what she'd been saying for 2-3 minutes: "They don't match." I told the guy that he had 5 seconds to complete the sale or I was finished with the store. Remember not that I had a heaping-full cart load of stuff (large Wal-Mart with a grocery store inside). He took the receipt from the girl, handed me my copy, and that was that.
I still think writing "SEE PHOTO ID" on the backs of my cards is the best thing to do. I have NEVER had a single person compare the signature to the signature I just wrote. If anyone ever had they would see that they DO NOT MATCH. Not even close. I write very quickly most of the time and my signature is usually illegible and never the same twice. I do have people look at my face after looking at my photo ID about 80% of the time though. I feel it is by far a better solution overall. The best solution would be to use a card that has your photo on the card itself.
Re:Yeah, but... (Score:3, Informative)
Too rich for me man. For free, go to this site [anybirthday.com] and enter a combination of first, last and zip (or portions of these) and get first name, middle init, last name, DOB and zipcode. If that's not enough, pay $29 PER YEAR!! and get all that plus address for as many searches as you want. It's too rediculously easy to get this info!
BTW, if you go to the FAQ, then privacy statement from there, then click the opt out link, you can fill out a form [anybirthday.com]... afterwards, they will promptly NOT remove you. At least they haven't removed me yet after submitting the form 3 times over as many months. I even followed the "If you still have problems..." info they give and e-mailed their opt-out address asking to be removed. (I did use a temp mail account in case they are culling addresses for spammers.)
Re:You're overreacting (Score:3, Informative)
Correct. It was the Union that burned their way through the South, and one General's forces in particular, that being General William T. Sherman. General Sherman's "March to the Sea" was one of the most infamous campaigns of the American Civil War.
I would like to thank Dr. John Recktenwald, my 8th grade history teacher for that, and many other, useless bits of historical trivia that for 17 years have served no more useful purpose than to facilitate idle chitchat with mildly attractive, pseudo-intellectual women at boring countryclub cocktail parties.
Re:You're overreacting (Score:1, Informative)
Actually, that famous "burned swath" was left by Gen. William Tecumseh Sherman, a Union general. He was destroying, scorched-earth style, all the Southern ("Rebel") territory to break the South's will to resist.
Other than that little foible, you're right on the money. Everything you say is good advice and I've been planning to start just such a program to protect my own identity. (Beginning by posting anonymously on
Re:I was the victim of identity theft. (Score:5, Informative)
Is this a service offered by your state or the credit reporting agencies? Do you have to pay for this?
This is not a state service. You must contact the three (redundant) credit report agencies: Equifax, Experian, and TransUnion. Tell them to put an alert on your credit report requiring creditors to contact you via telephone for approval before issuing credit in your name.
This alert is free and has the nice side effect of eliminating those unwanted, pre-approved credit cards in the mail. Creditors can't mail you pre-approved credit cards if they didn't call you for permission first! Those pre-approved credit cards are easily stolen and used to buy stuff in your name with credit accounts you never even knew you had!
Also, if you tell Equifax, Experian, or TransUnion you your wallet or mail was stolen, they will give you a free copy of your credit report (once per year). They don't verify this, but they might get suspicious if your wallet is stolen every January. I get my three credit reports (Equifax, Experian, and TransUnion) every year to make sure my identity theft problem does not come back to haunt me. You must check all three credit reports because they contain different and often incorrect information about your credit accounts.
Re:You're overreacting (Score:2, Informative)
Re:Paying for Credit Reports (Score:3, Informative)
It's obvious that they know credit reports are frequently (usually?) based on incorrect data and they don't want people to find out.
But, the government passed a law saying they aren't liable for any damages caused by their data, no matter how incorrect it was. Must rock to work in an industry where you can make up numbers, charge people to correct them, and have legal immunity.
Sign with your hieroglyphics name... (Score:4, Informative)
Read this account of how far you'd have to go to get them to reject a signature [zug.com] (answer: extremely far).
Re:You're overreacting (Score:4, Informative)
A decent crosscut shredder is now $30 at Target, and yes you do want to sweat things that much, especially in urban areas. Otherwise, any dumpster-diving moron can get ahold of your vital financial information.
Got good credit? Do you get those credit card offers in the mail? Or does your dipshit credit card company send you 'free' checks to use to pay off other balances? You may be fucked if you're just throwing them out unopened and unmolested.
Get a crosscut shredder. Shred everything customized with your name, SSN or credit card numbers before throwing it out. This is really important. The US post office usually does a decent job of protecting mail en route (usually...), but once it's in your hands it's your responsibility.
Re:Paper Shredders (Score:3, Informative)
On the other hand, you really want to be looking upstream. Lots of people potentially have access to that information before anybody even thinks of getting rid of it
Of course, there was no such thing as "identity theft" in villages where everyone knew everyone else. And as likely as not there would be no such thing as identity theft if everyone had RFID chips embedded in their bodies
Re:This is more of a problem than many people real (Score:1, Informative)
For example, I have six TFNs.
I have two trusts, two trustee companies, my personal one and another holding company!!!
Take it from a former victim (Score:3, Informative)
They finally did catch the person who had found a college transcript in the trash at the Administration building where I was going to college. The school had thrown out a whole bin full of transcripts that didn't print out correctly, but still had social security numbers on them.
The person who stole my identity ran up almost $30,000 in credit card debt, bought two cars, and left me holding the bag. They had changed my address so I wouldn't get the bills, so it was 6 weeks or so before I started calling to find out what was going on. A week of investigating turned up all of these accounts, but it was too late. Even with an open case, the lenders were still unwilling to take the hit and instead put all of the accounts into collections. The credit bureaus were similarly unwilling to listen, and I sat for nearly 7 years (ending this November) with bad credit items that were not mine.
So, here's what I did to protect my identity ex post facto:
1) ALWAYS choose one of the following options:
a) Elect to receive online statements INSTEAD of paper
b) Buy a really good cross shredder that has a split bin, so any given piece of paper ends up split between two different trash bags.
It is always better not to have important identity-related documents mailed to your home. A PO box is much better.
2) NEVER carry your social security card or use your social security number for anything other than the administration of your social security account. It is actually against the law to use the SS# for any purpose other than to maintian your SS account. Get a TIN number instead.
3) NEVER allow the state to use your social security number for your drivers' license. Since it also has your address and birthday, it's like carrying Carte Blanc for an identity thief
4) Have checking accounts at more than one bank and split your paycheck direct deposit between the two. This isn't so much to protect your identity, but more to have a backup in case one of your accounts is compromised. (I actually have three)
5) Never ever ever ever ever give your account information to ANYONE, EVER. If you're filling out an application on paper for a loan, just write "SEE CREDIT REPORT." There is absolutely no reason for anyone to ask you to write down your account information when you're applying for a loan. Remember, anything that you put on a piece of paper that is not under your complete control is ammunition against you. In general, you should never be filling out paper applications for credit anymore.
6) Get a Sharpie and write "CHECK ID" in the signature panel AND ACROSS THE FRONT of all of your credit cards. This is obvious. Cards with your photo are a neat option, but are usually ignored. Here's the important part: if someone does NOT ask for ID, get their manager and make a HUGE stink about it. Hold up the checkout line while you ream him/her out for 10 minutes about identity and credit card theft. Teach them a lesson about paying attention.
7) Demand that your creditors ask for a password or PIN from anyone who calls customer service. If they will not, close the account and find a lender who will. They do exist.
8) Get Steganos Security Suite (Windows) or use an encrypted filesystem (Linux) if you use your PC to maintain your financial records. Of course, linux is the better solution, but hey, not everyone runs it.
9) This is a new one, but in some places, the credit bureaus allow you to put a "HOLD" on your credit report. This causes the bureau to require your direct intervention to allow your report to be released to a lender. This is expensive ($40 for the hold, and $30 for each release, I think), but worth it if you are at risk of identity theft.
Now, I know the Security Weenie section of the Slashd
Re:You're overreacting (Score:3, Informative)
One other snail-mail related protection you can set up is a 'secure' mail box. Anyone can go up to your mailbox at the front of the house and grab the contents. In my area of Canada, people were at one point ripping off the passcards that people in rural areas get to allow then to take stuff to the landfill without paying extra (since it is included in the taxes.)
You should spend the $10/month of whatever it is at Mail Boxes Etc. and get yourself a P.O. Box that requires key to open. (Note: The actual address is Suite #xyz so you don't have problems with companies who don't ship to P.O. Boxes.) This means that only people who work at Mail Boxes can steal your mail, as opposed to anyone who drives by.
Re:Paying for Credit Reports (Score:4, Informative)
Your credit rating has nothing to do with paying interest. You have the entire system screwed up in your head. The system is designed to let lenders know who will NOT repay the loan -- the interest is irrelevant if you never recover the principle. Since the inception it's been sliced and diced a million ways, but that's still the underlying purpose of the system -- to recognize good and bad credit risks.
Re:I'd be willing to bet that most of this happens (Score:3, Informative)
Some encrypt the data and store it locally, others store it to a web-accessible server on the Internet, and some e-mail information in real-time. So, defending against simple keystroke loggers or searching through text files on the local PC for logs are both outdated methods.
You're missing the big one... (Score:2, Informative)
So if you REALLY want to avoid identity theft then:
a) don't die
or
b) put all your assets in trust before you do
My $0.02 (and no, I don't sell trusts or estate planning).
Jeff
Re:Worried? bah ... (Score:2, Informative)
and, ordered huge quantities of stuff, on the web...
and, got checks, in the mail, that they cashed...
Now, restored to credit worthiness, new theives are trying, again! I only have one credit debt, now, a lumber company credit card so I can do repairs on my home! Car is paid off (cash, only!)
When I bought a house, the credit report was three pages for each of the three bureaus! two pages of each report were WRONG! My two pages each of corrections were mis-interpreted twice by the low pay staff at the three Credit Bureaus!
Finally, my Mortgage Broker, about to lose his fees, stepped in and personally telephoned, faxed, and worked with each bureau over two days!
Still a lot of incorrect stuff, but, I did get a home financed! And the incorrect stuff is too stupid to change...