After Target’s credit card system was compromised late last year, Target shoppers and non-shoppers alike felt a shudder of vulnerability. Not only was the scale of the credit card data theft enormous, but it was yet another major data breach at a seemingly solid, reputable company. There is a sense that this kind of hacking might happen again and again – almost anytime, anywhere.
These incidents may prompt you to look into the many credit monitoring and identity theft protection services on the market. Last year, Consumer Reports assessed the costs and benefits of these products (“Don’t Get Taken Guarding Your ID,” January 2013). The article exposed the weaknesses of some of the offerings: inflated claims of protection, false or late credit monitoring alerts, excessive costs, etc. It also points out that the marketing claims used to promote these services sometimes exaggerate the threat of full identity theft, noting that two-thirds of the cases reported on the annual National Crime Victimization Survey involve stolen credit card information, not stolen identities.
The article reiterated that there are already some very helpful safeguards in place to protect against credit card fraud, like the federal regulation that limits your liability to $50 per account. Additionally, technologically advanced “chip cards,” designed to help reduce point-of-sale credit card fraud, should begin penetrating the US market soon.
This is not to say that you shouldn’t be concerned about fraud or that all monitoring and protection services are ineffective. Rather, it is a reminder that these services are not the sole solution. In fact, there are many steps you can take on your own – most of which cost nothing – to enhance the security of your personal information and minimize the potential for identity theft.
- Receive all sensitive data via online secure sites (e.g. bills, financial information, etc.) rather than via the US Postal Service. Truepoint is launching a new client portal in mid-March, which will further increase the ease of securely viewing financial data and transferring documents between you and your Truepoint team.
- Don’t send account numbers, user names or passwords in unencrypted messages. Use the phone to deliver passwords. Or at least deliver login credentials in separate messages.
- Use strong passwords. This is the weakest link for many people, as evidenced by the annual list of common passwords. Weak passwords make online accounts vulnerable to exploitation.
- Be suspicious of unsolicited information requests. The IRS will not email you. Your bank will not ask you to verify your identity via email.
- Do not click links in email messages from senders you do not recognize. Also be wary of emails that appear to be from friends but seem cryptic or incomplete.
- Keep the anti-virus and malware detection tools on your computer up-to-date and run scans frequently.
- Don’t use public wireless. Free public wireless access – especially without security – offers scammers an opportunity to steal your information.
- Secure your wireless router. Ensure your home and workplace routers have at least basic security in place, such as requiring a password to connect.
- Shred receipts, insurance forms, checks, bank statements, etc.
- Dispose of old computers securely with qualified recyclers. Ensure the recycler will wipe your hard drive or take the time to do this yourself.
- Review all credit card statements in detail. Use Mint.com or other services to consolidate transaction histories enabling you to review all of your accounts regularly.
- Set up alerts with your credit card and bank accounts. Establish triggers that will notify you if transactions exceed a certain amount, the number of transactions in given time period exceeds a threshold, your balance drops below a certain amount, etc.
- Monitor your credit reports regularly. You are entitled to a free credit report annually from each of the three main credit bureaus (Experian, Equifax and Transunion). Request a report every four months by rotating among the credit bureaus.
- Alert Truepoint if you receive any out-of-the-ordinary requests via email, especially if it involves a request to wire transfer money to a third party. As noted in Janel Carroll’s May 2012 Viewpoint, Truepoint employees are trained to identify potentially fraudulent requests.
- Watch for routine mail you are expecting (or better yet, move to online delivery rather than mail). If you don’t receive a bill, statement, or other mail you were expecting, immediately contact the company to inquire about whether changes have occurred with your accounts.
- Watch out for unfamiliar accounts on your credit report. Investigate quickly with the appropriate financial institution to determine the origin of the account.
- Follow up immediately if the Internal Revenue Service notifies you that more than one federal income tax return was filed with your social security number. Notify your CPA or tax preparer right away, or if you prepare your own return, contact the IRS at the phone number provided.
For more, the Federal Trade Commission provides additional useful information about protecting yourself – and what to do if you believe your data has been compromised.
Unfortunately, no list of precautionary methods is fool-proof. But adopting these suggestions will make it more challenging for fraudsters and hackers to take advantage of you.
If you are not currently a client but would like to learn more about Truepoint’s services, please contact us. If you are a client and would like to learn more about Truepoint’s security policy, please contact your wealth advisor.