As part of the second tier of financial freedom, protecting yourself and your family against financial disaster was a key component. After all, a house built on sand cannot stand-and a financial plan built on the hope and wish nothing will go wrong is destined to collide head on with the realities of life. Last week I wrote all about insurance – both for your personal property and your health/life/ability to earn income. I also shared some ways insurance has helped me over the years, and gave some tips on business insurance you may need to consider if you’re a landlord or starting a side hustle. Today I’m going to talk all about protecting yourself from identity theft – and share my story with you.
Identity Theft – My Story
Setting: It’s December of 2015, getting closer and closer to Christmas. I come home from work one day and there’s a letter for me from Target. I had ordered something online from them a few weeks before, so I thought it must be some kind of ad, survey, or pitch for a credit card. I decided to open it and check it out anyway, figuring it would go straight into the recycling. Imagine my surprise when the letter was a denial of a credit card I had applied for. The only problem was that I hadn’t applied for any credit cards.
I hopped on the phone to the number they gave. After explaining my confusion, the nice person on the other end of the phone confirmed that someone in another state had applied for a credit card. Using my actual and accurate name, address, and social security number! Fortunately, they had an incorrect date of birth, which is what triggered the denial and the letter.
Luckily as a huge Clark Howard fan I knew immediately what to do. I went online and froze my credit. The next day I went to the police station and made a police report, and reported the theft to the FTC, IRS, and all my financial institutions. But that wasn’t the end of the headaches.
I got a phone call from some unknown number, which I let go to voicemail. It was something about my cell phone carrier wanting me to create a PIN, which I figured I could do anytime (no rush). The next morning, I had an e-mail from my cell phone company about changes to my account. Only problem – I hadn’t made change. With a sinking feeling, I called them on the way to work and was forced to create that PIN before I got a person.
Once I had someone on the line, they told me all about an attempted theft in Georgia. Someone had come in with a fake license in my name, with my social security number, and tried to purchase three brand new cell phones. They changed my data plan from limited minutes and unlimited data (one of the grandfathered plans) to some extremely expensive unlimited talk/text and high data. Luckily whoever was working at the store realized it was a fraud and stopped them from buying the phones. I was impressed with how quickly and without hassle the cell phone company changed my phone and data plan back. I reported this to the police as well.
A few weeks later in the mail I got a letter from Capital One denying my application for a credit card because my credit was frozen. But – you guessed it – I had never applied. It was good to know the credit freeze was working. I called the company and confirmed it was the same thing. My name, address, and social security number were right but the date of birth was wrong. On the phone again with the police and online to the FTC to make a report.
But It Can’t Happen to Me – I’m Careful with my Information!
How did they get my information? Why me? I’m very careful with my social security number. It’s not written down anywhere; I don’t put it on unsecured sites/unsecured computers. Any why would they have the wrong date of birth if they had the right social security number? I had to do research on this.
What I found was scary. If you haven’t had your identity stolen yet, it’s not because your information is secure. No, your information is already out there. The only reason you haven’t been a victim is simply because they haven’t gotten to you yet. There have been so many data breaches of so many companies that it’s pretty much guaranteed your information is out there somewhere. So the time to protect it is now, before a theft occurs, so you won’t be a victim like I was.
Check out my detailed identity theft guide below, with links to articles and checklists to help you easily and efficiently protect your information. Stay tuned on Wednesday for more information on how to recover your identity if you’ve been a victim.
Identity Theft – Protecting Yourself
Today I’ll talk about prevention – what can you do now to reduce your chances of identity theft.
What steps can you take now to reduce your chances of identity theft?
- Protect your personal information
- Strengthen your passwords
- Strengthen your login and access information at the companies you do business with
- Freeze your credit
- Protect your physical environment
Let’s break this down with details on each step. When you’re done, your information will be much more secure than when you started, and it will be much harder for an identity thief to do any damage to you.
Protect your personal information
First, what exactly is your personal information? In the industry this is often referred to as IIPI, or Individually Identifiable Personal Information. You might think this is just about your social security number and credit cards, but it’s much broader than that. This category includes information that may be public – like your name and address – along with private information like your social security number, date of birth, and driver’s license number.
But what about other information? Have you ever filled out online where you went to high school? Posted about your anniversary or your kids birthdays? Does the world wish you a happy birthday on Facebook? What about those notes that prompt you to share things like “your favorite vacation spot”, “your nicknames”, “your first car”, or other “fun” information with your friends online? That’s all a way of getting your personal information. I’ve seen notes on Facebook that are essentially recaps of the security questions you get asked on websites.
So what can you do here?
- Keep it Private – Check your privacy settings on social media, and make sure all posts are visible only to your friends
- Friend or Foe? – Go through your friend and follower list. If it’s a social platform where you want to post about your vacation and your kids birthday parties, be sure that you know everyone on the list well. Remove anyone who you don’t know well, or put them in a separate group where they won’t see your posts
- Protect your Birthday – Change your birthday so it’s visible to “Only Me”, and consider changing it from your real date of birth to a fake one.
- Go Anonymous – Change your name to use a nickname. Don’t post your maiden name or full last name online
- Share it Privately – Consider using email or a secure photo site to share things privately with a smaller group of people rather than a large friend list
- Be stingy – with your information. Don’t give out your social security number or real date of birth to anyone unless it’s a financial institution, insurer, school, employer, tax preparer, or someone else that truly needs to know. The key word here is needs. If someone asks you for your social security number and they’re not one of those entities, don’t give it to them unless you know exactly what they’re using it for and you feel strongly it’s valid.
- Protect your Birthday Part 2 – Don’t give your actual date of birth to any website (sign up for this coupon! Logon to our site to see the best sales! Etc.). Pick a date that you’ll remember (I like to use January 1st) and use it when you sign up for things online and can’t get past the field. Sorry coupon site, you don’t need my date of birth except for research and marketing, and I don’t trust your security
- DON’T KEEP KEY IDENTIFIERS ON YOU. Social security card, birth certificate, and passports should never be with you or unlocked in your house except for the specific time you need them. I keep mine in a safe deposit box, but you can also keep them in a secure hidden safe.
- Don’t Quiz Me! – Don’t answer any quiz on Facebook or any other site. They’re personal data mines.
- Don’t go Phishing – Don’t ever respond to what’s called “phishing” e-mails. Be suspicious of every email and never click on the links. Did you get an email from your bank that you have a message? Don’t click the link, go to your banks website. Is it a link you need to click on (like a registration confirmation)? Don’t left click it – right click it and copy/paste it into your internet browser. This shows you the URL, and you can make sure it’s legit. Also, if you weren’t expecting a registration confirmation from that company, don’t click it at all!
- Fake Email – Keep a trash e-mail account and use it for any site where you don’t need to get e-mails from them. This helps prevent scams and helps you know whether a request is legit
Strengthen your passwords
Let’s be honest here – we’re all told this advice and we all hate it. After all, it seems like every website nowadays is requiring us to create a user ID and password. Heck some sites require this just to view, which is a pain in the butt. That’s dozens or hundreds of sites, all with different standards, in addition to sites you might access at work. The information overload causes us to reuse the simplest passwords we can get away with over and over again on different platforms – or write them down somewhere. Both of these are a huge security risk
So how can you do this and not resort to reusing them or writing them down? I know there are sites out there that promise to manage your passwords for you – as outlined in this PC Magazine article, if you’re interested – but I don’t trust them. Sorry but I think it’s a security risk to have your passwords in one place online. If its hacked, then what do you do?
But then you’re back to the problem of either using something common, reusing passwords across different sites/systems, or writing things down. So how do you get around that? Here’s what I do:
- Turn Of Automatic Passwords: First I turned off all automatic password prefills on my computer and cell phone. Yes this can be a bit of a pain, but it’s worth it
- How Secure Do I Need to Be: I evaluate what type of site it is and how secure I need my logon information to be
- For example, am I signing up to read a site or for a newsletter? A coupon or free sample? If it’s something where I haven’t given any personal information (or I’ve given fake data), and if someone logged in as me they wouldn’t cause any damage, I create a common user ID and password for these sites. These go with the junk e-mail above. If you’re a crappy site that doesn’t really need a logon, you get a crappy logon (p.s. stop requiring logons and passwords just to print a coupon!)
- Am I signing up for online banking or taxes? Then you get a strong logon ID and password, and multi-factor authentication
- How Old Fashioned Can I Be: I think about whether I really need to access this account online, or if I can do it the old-fashioned way – 1980’s style – through the mail
- You may not need to create an ID and password if you don’t need to go online with the account. Think about this one – the mail can be more secure than online. Identity theft has increased rapidly thanks to the internet
- The more places that have your information, the more likely you’ll be part of a data breach.
- Secure Passwords: If I really need to access the account online, then I create a unique strong password
- The usual password guidelines apply – capital and lowercase letters, numbers, special characters, no dictionary words.
- 12 character minimum
- This article on how to create strong passwords and remember them is a great one
Strengthen your login and access information at the companies you do business with
So now you have better passwords, but guess what a lot of sites will let you do to access your account if you “forget” your password or user ID? They’ll ask you answers to security questions, some of which can be found online. Or if you call without your account number, they’ll ask for your social security number. And guess what people will steal from you? Enough information to get past security questions, or they’ll have your SSN. So they can get into your account. That’s how my identity thief changed my cell phone plan and attempted to buy three new cell phones in my name
So what options are available to you now that you have a strong password?
- Security Questions: Check your security questions and make sure they’re not bad ones. For example, questions about the town your high school or college was in, or what town you got married, or your mother’s maiden name, can be bad. A lot of that information can be found online by googling you.
- If you find a bad security question, change it to something only you would know that you haven’t posted online and can’t find through Google
- Don’t answer Facebook quizes that are essentially security questions in disguise!
- What Else Do They Offer: Check to see what other security options the company offers
- I use two-factor authentication on every site that offers it where I need security, getting a text or e-mail with a unique security code every time I log in. Yes, it’s a pain – but necessary
- Some financial institutions offer voice authentication. Take them up on this
- Other sites may let you create a PIN to use in addition to your logon and password
- Make sure your logon ID is secure as well, and don’t write down the information anywhere
- Turn Off Prefill: Make sure you’ve turned off logon ID and password prefill. Site has the option to “remember me?” Don’t take them up on it. If your phone or computer is stolen, or you logged in and forgot to lock it, guess what? The thief has the keys to all your data right on the internet browser.
- When to Be Strong: Remember that the more critical the data, the stronger you want your logon to be
Check and freeze your credit
First, all about checking your credit. You are entitled to one free credit report each year from each of the three major credit companies (Experian, Transunion, Equifax). There is only one legitimate site to go to get them – www.annualcreditreport.com. Be sure to check it every single year, and don’t sign up for their “credit monitoring” services. Don’t ever use a service where you need to give credit card information or pay for your credit report.
There are two methods people commonly use when deciding how often to pull their report. One is once a year to pull all three. If you do this, be sure to set a reminder on the calendar (either on your computer or on your phone) so you will check it again as soon as the 12 months is up. The other is to check one credit file every four months. Going down this path helps you keep up to date on your credit more often, but you’ll need to remember to do it every four months. Again a note in your calendar on which one you need to do next will be helpful.
Now why am I jumping straight to a freeze? After all, the companies offer a softer protection called a “fraud alert” you can put on your credit file. This flags your file for fraud but still lets companies pull your credit. I will say that this is easier on you, if you’re going to need someone to access your credit for a legitimate reason. However – this is much less secure. My identity thief had my personal information and a fake drivers license. Having a fraud alert requesting that I be identified wouldn’t have done anything to stop them. But having a credit freeze locks thieves out of your credit, making it impossible for them to open cards or loans in your name. For about $30 at the most (varying by state) you can essentially put your credit file into a virtual safe deposit box in under half an hour.
So what’s the downside to the freeze? Two things – first, you need to pay a small fee not only for the freeze, but also whenever you thaw your credit temporarily. Second, it will be a slightly bigger hassle when you apply for a loan, some kinds of insurance, and possibly employment. You’ll need to ask the company you’re applying to for what credit company they use, and then thaw just that one using a temporary lift. If you’re going to be shopping around, the companies will let you thaw your credit for a few days to give you time.
I personally feel the downsides are actually upsides, especially if you’ve struggled in the past with debt. It’s like adding two-factor authentication but for your finances. You can’t go out on a whim and buy a new car, get a home loan, or a credit card. And it ensures that any new credit being opened is really for you – not for some thief who got your data in the Anthem data breach or stole paperwork with your social security number on it.
When you read this advice usually I only see the three credit companies talked about – Experian, Transunion, and Equifax. Now, they’re important (and I have links to them at the end of this article) but there are two others you may never have heard of that you need to freeze as well: Chexsystems and Lexis Nexis.
What information do they keep about you? Get ready to be creeped out!
Chexsystems – excerpted from their website,
Chex Systems, Inc. (ChexSystems) is a nationwide specialty consumer reporting agency under the federal Fair Credit Reporting Act (FCRA). ChexSystems’ clients regularly contribute information on closed checking and savings accounts. ChexSystems provides services to financial institutions and other types of companies that have a permissible purpose under the FCRA. ChexSystems’ services primarily assist its clients in assessing the risk of opening new accounts.
LexisNexis – excerpted from their website,
LexisNexis® products are used by law enforcement officials, non-profit organizations, businesses, and government agencies for a host of important and socially beneficial purposes.
This includes items such as real estate transaction and ownership data, lien, judgment, and bankruptcy records, professional license information, and historical addresses on file.
Now both of those are a treasure trove of your personal data, accessible to many. I froze both so an identity thief can’t get my personal information from these companies. I also don’t want someone opening checking accounts in my name.
Check out the links at the end of this article to see how much a freeze will cost in your state, and freeze your credit now.
Also, once you’ve frozen your credit be sure to opt out of pre-approved credit card offers. With frozen credit you likely won’t get a lot of these, but it’s an important step to stopping mailed offers that may be intercepted by a criminal.
Protect your physical environment
Now you’ve protected your personal data as best you can, you’ve locked up your credit, and you’ve improved your online security. It’s time to protect your home to prevent identity theft (and frankly ordinary theft).
Why go this extra step? Well if someone has stolen your data online, they have your name and address. If there’s data they’re missing, or they want to find out what companies you invest in, they simply need to rob your house (or get someone to do it for them) or intercept your mail. Think about all the documents you may have somewhere in your house. Your social security card, birth certificate, and/or passport. Tax returns. Financial statements. Credit card offers. Paperwork from when you bought your house, or your cars. Loan documents. You need to protect all of these from theft. Also, don’t forget about your physical computer(s). You can have the strongest logon and passwords in the world, but if your computer is hacked thieves can log your keystrokes, destroying the online security you’ve built.
This is a great time to think about your home like a business. At work, the computers are protected and locked to your desk. Documents are shredded once they no longer need to be kept. Important paperwork with personal information is locked up. There is security at the buildings. Your home is like your personal business, and your own security is just as important as security at work – so protect it!
To Buy/To Do:
- Shredder – to shred financial documents, credit card offers, old tax returns, and anything else that might have your personal information on it. Don’t just recycle these or throw them in the trash! Shred it or regret it. Check out my personal records retention policy [link] for information on how long to keep specific financial documents in your house.
- Locking file cabinet – To lock up any financial documents (statements, tax returns, etc.)
- Safe Deposit Box Rental – Put your birth certificates, social security cards, passports, and other documents you don’t want in your house here. Offsite secure document storage means that even if someone breaks into your house,
- Security Cameras – I got mine a warehouse club, but you can also get them on Amazon. These connect wirelessly to a central device, and are set off by motion. You get an alert on your cell phone when they sense motion. Fortunately, all mine have caught so far were baby bears in my front walkway while we were on vacation! But they were great peace of mind when away.
- Antivirus Protection – Make sure your computers have an up-to-date legitimate active anti-virus software
- Operating System Upgrades – Make sure you’re using the latest operating system on your computers, so hackers can’t exploit bugs. I have a colleague at work whose computer was hacked in addition to her internet, and she got a call from her hacker taunting her. Creepy!
- Secure Computer (optional) – This is a great tip that I personally love. I keep an old laptop that I use only for surfing the internet and printing coupons. My newer computer is used for anything financial or personal, and online shopping. You can pick up a Chromebook for not much money, or ask around for a friend that might be upgrading and willing to give you their old computer. You can use the old one for web surfing and going to any sites that might be sketchy.
- Motion Lights – Put these around your house. The lights will go off whenever they sense motion, deterring thieves from entering your home. These combined with the security cameras will deter a lot of would-be criminals. After all why try to break into your house when the unsecure one next door has nothing?
I hope this helps you be more secure and that identity theft never happens to you. But unfortunately with all the major data breaches over the past few years, you have to assume your personal data is out there somewhere. If you find yourself a victim of identity theft, be sure to go over to my next article in this series on what to do when your identity has been stolen. Enjoy this article? Share it with a friend so they’ll be protected. Did I miss something that I should add? I’d love to hear from security experts. Leave me a comment so I can update .
What resources are available to learn more?
- Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Indentity Thieves by Adam Levin. Check it out on Amazon, or read my review here
- The FTC’s Identity Theft website, and their PDF on what to do if your identity’s been stolen
- IRS Identity Theft website – To learn more about tax identity theft
- Free Annual Credit Report – To get a report from all three credit beaurus for free every year. Make sure there’s no fraudulent activity on your account.
- Identity Theft and Your Social Security Number, from the social security administration
- Clark Howards Identity Theft Guide
What are key links I need?
- Experian Credit Freeze
- Transunion Credit Freeze
- Equifax Credit Freeze
- Chexsystems Security Freeze
- LexisNexis Security Freeze
- The FTC’s Identity Theft website – To make a report with the FTC, and obtain a recovery plan
- IRS Form 14039 – Identity Theft Affidavit
- SSA Fraud Hotline:800-269-0271
- All Clear ID – Free credit monitoring for their Basic model