Artifacts of a Mid-20th Century Childhood
Best Media Effort To Combat Ageism Award

Identity Theft and You

Recently, I received a form letter from the third-party company that sends paper checks to my monthly creditors who do not accept electronic transfers from my bank. It was alarming to learn that my personal details - name, address, birthdate, bank transactions, Social Security number and few other items of identity - had been taken, along with those of 100,000 other people's by an employee of the company.

The letter said there was no indication that any fraud had been perpetrated in my name (yet), listed the actions I could take to safeguard my identity and blah, blah, blah.

When, 12 years ago, I first took on the additional task of privacy officer at the website where I worked, identity theft was in its infancy. Hardly anyone had heard of it and fewer took it seriously.

No sooner had I educated myself about the ease with which one’s identity can be stolen than I was asked for my Social Security number while purchasing a sweater by telephone. When I refused, the customer service representative told me it was required to track the sale. I did not buy the sweater.

According to the Identity Theft Resource Center, ID theft is the fastest growing crime in the U.S., and in some other countries too. During just the first six months of 2007, in the United States alone, the Center has tracked 187 corporate security breaches [pdf] involving the exposure of 64,940,727 records of personal information.

The types of organizations from which this information was exposed or stolen will surprise you. Universities are at the top of list along with medical organizations. Others include JP Morgan Chase, IHOP, AOL, IBM, Turbo Tax, Radio Shack, Xerox and a number of federal and local government agencies including FEMA.

Although other identifying numbers – credit or debit card numbers, drivers licenses, etc. - can lead thieves to steal your identity, Social Security numbers are the prize with which thieves can loot bank accounts, take out loans in your name, open credit card accounts, access your tax records, and use your identity when arrested by the police.

This makes elders particularly vulnerable because we use our SS numbers more frequently than many younger people for transactions regarding Social Security benefits and Medicare which uses that number to identify us.

Remember that only certain government agencies, employers and organizations that are required to report financial transactions to the government, can legitimately require your Social Security number, so don't give it out to anyone else. Retailers, such as the company from which I tried to buy a sweater, cannot and should not ask for that number. I have stopped using one credit card because the issuing bank requires my Social Security number for identification with them.

Identity theft is a federal crime. The Identity Theft and Assumption Deterrence Act of 2003 (ITADA) amended the U.S. Code, s. 1028 criminalizes the unlawful possession, transfer and use of identification documents without lawful authority.

Which is not much help because it is difficult to find perpetrators of identity theft and identity fraud and worse, it is a nightmare of phone calls and paperwork over many months to restore your credit when your identity has been stolen. Here is a reporter’s personal story from 2004 that gives a general idea but was not nearly as devastating as it can be.

The best deterrent is vigilance:

  • Never carry your Social Security card with you
  • Use complex passwords online and don’t give them to anyone
  • Do not store personal or financial information on your computer
  • Shred financial documents before throwing them away
  • Be alert for phishing scams
  • Get your credit reports from all three agencies – Equifax, Experian, TransUnion. You are entitled to one free report from each of them annually.

Although none of us can do anything about slipshod security practices by companies we do business with, the above measures will help, and here is a list of resources with further information:

Social Security Administration/ID Theft
Federal Trade Commission/ID Theft
Privacy Rights Clearinghouse
Identity Theft Resource Center

As to the third-party company who informed me of their security breach and my stolen personal information, they offered no help that would involve them. It is up to me to contact my bank, watch my bank statements and credit reports at the three reporting agencies and be on constant lookout for theft.

This is not good enough. Corporations that are lax in protecting our information should be required to monitor the accounts of the people whose information has been taken and will be sold to criminals perhaps many times over.

That's not going to happen any time soon and whether it is up-front vigilance every day or follow-up when information has been stolen, it is up to each of us individually to do the work. Repairing one's credit when identity has been stolen is a nightmare of mounds of paperwork and telephone calls and it can take years to restore one's identity.

[At The Elder Storytelling Place today, Joy Des Jardins tell about a couple of kid-icky food experiences from her childhood in Cinderella and the Bomb.]


Comments

I got phished once recently. I felt like an idiot after I realized.

I am really glad you wrote about this subject. It is a huge and growing problem. A consumer can do everything correct to protect his/herself and still become a victim through a data breach of a company's files.

My blog chronicles my ID theft experience and associated issues after a data breach at a former employer... actually the company's (IBM) subcontractor lost (or stole) data tapes containing similar information (name, SS#, etc.) for current and former employees.

My personal opinion is that some companies don't take ID Theft seriously enough, especially since they choose to archive employee records for long periods of time. (One wonders why IBM hadn't purged my data after 16+ years.) The financial system seems tilted toward facilitating companies doing business and sharing our credit data easily, not toward protecting consumers. If you read the fine print from the credit bureaus, a Fraud Alert is a very limited tool. Only about 35 states provide consumers with the Credit Freeze option. There are many other issues.

My blog lists more resources besides the one in this entry:
http://ivebeenmugged.typepad.com/

We had this happen last year but not exactly an identity theft. It was misuse of our credit card number. We learned they start out with a small charge to check that the card is good and then hit for the big one.

We had a bank which immediately contacted us on a week-end on the first big one. We said, no we hadn't used it, but during the time that agent had notified us, this group got in another false charge in Italy for jewelry. That one went through which meant we had to go into the bank, sign that it wasn't us, and we did that right away which meant a 50 mile rt drive when we hadn't planned to go into town, but it was worth it as we were not penalized-- other than the whole bank is by such thefts.

We canceled that card but then we had to deal with getting a new number to the places we auto pay.

We do not know who got the number but we had had some auto work put on that card not long before and it could have been then. It was frustrating to realize the people who did it likely got away with it and the bank didn't seem to feel they could go after them.

Auto theft is the same way. Cars are stolen and nobody seems to feel it's worth the trouble to go after the thieves; so the bad guys are rewarded for their dishonesty. I think ethically the world pays a high price when such things are just considered the cost of doing business.

Scary topic. Most of us need all the practical advice we can get on prevention and what the steps are if we become a victim.

One hint: Stagger the reports from the three credit reporting companies over the year. "Mostly' they report the same information, so getting one report every four months will keep you more updated than three reports at once.

I've chosen to buy ID Theft insurance. There are many out there; some of your banks and credit card companies offer it, too. Look for one that DOES THE WORK for you, rather than one that just gives you contact information. The one I chose, also sends me MONTHLY credit checks in a very short email. I feel much better with it in place.

Also, I've set up my four levels of passwords so that I don't have to remember a million. I rank them by security level. For example: banks, blogs, shopping sites have the longest, most complex, and most random passwords. Things like Flickr have a much lower risk and therefore a shorter, easier one.

Then I watch 'em all... monitor all financial transactions on a daily basis and holler if something happens that I don't recognize.

Good luck - be safe - most of all, be smart. Hindsight sucks.

Someone has tried to phish me re: my eBay acct. Just when I was about to get upset, I realized that The acct. they attempted it on isn't the acct. I use for eBay. I reported it to eBay and they wrote back later and said they caught someone & legal action was being taken. Maybe me feel good (and safer) that they really do work at combating this garbage.

I received a similar letter just a couple of weeks ago and, as in your situation, no help was offered. A few years ago, a large corporation wrote me reporting that personal data had been stolen, but that company signed me up for a free one-year deluxe credit monitoring program offered by one of the major credit reporting agencies. Big difference in customer/employee service.

As for the tips, I agree that the best deterrent is vigilance, but there are two suggestions that don't work:

Many of us use our computers for financial transactions and for preparing our income taxes. We can't do that without having personal information on them. What we also must have is a firewall that protects us from cyber-searches that could extract that data. That is in addition to virus protection. They are not the same thing.

The major problem for seniors is that Medicare card. If you're in an emergency situation, you need that card right away, but carrying it is a risk because of the Social Security number.

Some years ago gigantic provider Blue Cross changed its subscriber numbers. It formerly used Social Security numbers; now it doesn't. It seems like a worthwhile effort to lobby for a Medicare card that uses a different number than a Social Security number. A call or e-mail to your Congressperson or Senator is a good place to start.

I keep getting fake paypal phishing, same message everytime.

We've lately been experiencing false Poste Italiane phishing. Since the Italian post office doesn't actually serve us much, we were all on guard at once. BUT there is also Banca Posta and people who have such accounts were vulnerable.

Cynthia...

Thanks for the additional information. In regard to not keeping financial information on our computers: I too bank online along with a couple of other tasks that could store personal information.

Although I have a firewall, I don't trust it any more than I trust financial institutions to protect my information they have. When I've finished any financial task, online or on my computer, I copy it all off onto CDs - and sometimes just print it - which are stored away from my computer.

Plus, computers and laptops are stolen all the time, so the firewall is not protection from that.

This is very valuable information, Ronni, and I thank you for discussing the various ways we can protect ourselves .

Someone (I suspect a former workman who had my address and bank account number from a check I wrote him to pay for the labor.) tried to open an account in my name at Sears and was turned down since they didn't have my Social Security number. That's the other side of the coin on giving out your S. S. number. How can we possibly protect ourselves from all kinds of fraud? Scary !

ID fraud is the 800 pound gorilla in the room. It scares me to think about it. But I don't like the idea of any personal info floating around. I recently had my car totaled and discovered that AAA provided medical coverage (with deductible). But they want a release for my entire medical history which I understand because they want to know if there were prior contributing illnesses. But then they say that it will then be available to ANYONE. I'm not sure if the price of an x-ray is worth it. Anyone have any advice?

Ronni -- Very true about firewalls not being one hundred percent impenetrable and computers getting stolen. I think having financial info on a laptop that gets carried around makes the owner quite vulnerable.

Backing up info on CD is a good idea; printing out could create a lot of extra paper and I've got a real problem forcing myself to file!

One of the most useful suggestions I once read is to make a list of your account numbers at financial institutions, credit card account numbers, and insurance policy numbers, then store that list in a bank safe deposit box. In case of fire or theft, at least you'd have a record of all your important information in one spot.

Another good suggestion I read is to make a photocopy of all the cards you carry around in your wallet and file it somewhere safe but convenient, so that if your wallet ever gets lost or stolen, you'll know exactly what's been taken.

One more comment on this. Yesterday we were phished by a site purporting to be E-bay. It looked, acted, and smelled like E-bay, but asked for a password. I, who should know better and has read all the warnings, almost clicked on that link. Not only does this sort of consumer information need to be repeated often, we need to change our passwords with some regularity too.

I've been receiving emails seemingly from Paypal through my gmail account (gmail is usually pretty good at filtering random spam, but this one made it through) asking me to "update my account information" within a given number of days. I checked out the link, and found a website identical in looks and feel to Paypal's website, except for one small detail: the "www. address " was completely different than Paypal's! I forwarded the fraudulent emails to spoof@paypal.com immediately. They need all the help they can get in protecting our information.

Great post, thank you, Ronny!

Even though identity theft caused by a security breach is a very serious subject, I think that it's important to be able to laugh. You and your readers might enjoy this Data Breach Humor

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)