Changed my identity, now I'm worried someone might steal it...

[georgeclairepiper]

Hi. I'm new, this is the first "question" that I'm lobbing out there. The thing is, I feel like a different person since I retired from a sales career at the end of last year, what a lifestyle change. My wife and I moved out of the city, closer to the kids and became instant babysitters to the grandkids. We have always been homebodies and spend a lot of time on the internet. I signed up for Netflix, and other services to make our life simpler. Hah! Claire even shops for groceries.
This is all convenient but I’m wondering about identity theft, now that our info is out there swimming in cyberspace. Recommendations anyone?

[Retire Soon]

You may want to consider reading the following thread:

http://www.early-retirement.org/foru...dit-31994.html

[Fireup2020]

Don't respond to any e-mails asking for your information - AT ALL! All online purchases should be initiated by one of you. If you are that concerned, shop locally only using cash (personally, I am in the "credit" card useage for FF mileage - so use CC for as much as possible. No real problems as result in that arena. Have fun!

[chinaco]

Identity theft can happen with different levels of impact to you. I will provide 2 examples:

1) someone gets your credit card number and uses it. The impact is not good but it is easily contained and repaired.

2) someone gets alot of your personal information and work their way through all of your accounts (draining them) and get loans and purchases in your name. (nightmare).

Personally, I limit any purchase activity or accounts (where I have to enter personal information) on the internet to large large companies. Even with that I only do a few. And being a large company is not guarantee of competence and diligence on their part. But at least they have the resources to secure their web sites. Many companies are not willing to spend the money to secure their sites. Why, because they would in many cases have to rewrite it. Most were not written securely to begin with. Even if they have a firewall and secure network, the site is likely to not be secure and is vulnerable to exploit. This is the whispered secret at most companies no matter the size of it.

To everyones shock and dismay they will learn one day that most (perhaps 90%) companies on the internet (especially small and micro companies) do not have adequate knowledge, procedures, technology, and controls to keep the data or web site from being compromised. I am sure I will have a couple of IT people pipe up and dispute this. Usually some network technician or programmer. Don't pay any attention to them. Most IT people have absolutely little to no knowledge about defense in depth other than maybe reading an article about it.... most don't even do that. Plus there are ever emerging vulnerabilities that present new attack vectors that allow criminals to break into companies.

You should be cautious. Criminals are getting much more sophisticated. In fact organized crime rings are getting into the act because it is lucrative. Phishing is the one of the most common social engineering exploits of your computer (be careful clicking on links in email). And make sure any sites you do business on are legitimate (not a fake/impersonator). There are many, many exploits that you have not heard of. And the way you get exploited may have nothing to do with anything you did (except giving some company your data legitimately). Today criminal try to go undetected so they have time to sell off the data to other criminals or to commit fraud themselves.

Make sure you have a full security suite on your computer and keep the security software and your computer patched and up to date. At home, put a hardware firewall or at least a router (a NAT) between your computer and the modem... be sure to change the router's admin password and use a strong password. If you have a wireless router at home... same goes on the admin password, but also encrypt the traffic using WPA or WPA2.

Always use strong passwords on accounts. If you have online accounts with financial institutions and they offer 2-factor authentication... take them up on it and get the device.


Lastly, and probably more important... shred paper documents that have sensitive information before you throw them in the trash. Some people are starting to use mail boxes that lock to ensure someone cannot easily steal their mail.

[donheff]

Quote:

Originally Posted by Retire Soon You may want to consider reading the following thread: http://www.early-retirement.org/foru...dit-31994.html

I haven't done it yet but I intend to. I don't worry about someone stealing my credit card number - I can't really loose much from that. But the mess of someone actually setting up accounts in my name what a hassle.

I am curious if anyone actually knows someone who has had his or her accounts drained. I never hear of that happening in any of the identity theft stories I read. I am not talking about someone getting your ATM card and stealing a few thousand - I am talking about someone getting hundreds of thousands or even millions by draining your retirement accounts. Thats sounds quite complicated. If you know of it happening, how did they do it?

[TromboneAl]

We've frozen our credit, but I think that the danger of identity theft is a bit overblown by the media.

[SecondCor521]

I offer my alternative approach.

I spend a little bit of effort on prevention -- I only work with reputable, large companies, both in where I store my money and where I buy stuff; I don't respond to phishing, but this is easy for me to identify; I use slightly strong passwords, but nothing truly cryptographically strong.

What I prefer to do is monitor my mailbox, bank accounts, credit accounts, and three credit reports on a daily or near daily basis. The cost of this in terms of dollars and time is fairly minimal. I figure the chance of my identity being stolen is vanishingly small, but if it happens I hope to catch it very early and mitigate any damage through monitoring.

2Cor521

[Walt34]

Before I retired, investigating identity theft and online fraud (among other crimes) paid off my mortgage. Chinaco has his/her ducks in a row. The advice is golden.

A stolen credit card number is an inconvenience. That happened to my wife once, she got all upset about it, but a three-sentence letter to the CC company took care of it. That's not what I call "identity theft".

True identity theft can be an absolute nightmare. This happens when someone gets hold of your full name, date of birth, social security number, and current address. With this information they can get a second mortgage on your house, buy a car in your name, open credit card accounts in your name and max them all out, and the list goes on. When multiple people start doing it, as when the information is sold to organized crime, the resulting mess can take years to untangle. In the meanwhile, hope the victim doesn't need to move, find a new job, or apply for a loan, even rent an apartment - it ain't gonna happen.

In most cases the victim will never know the source of the data leak. You're in so many databases, starting from the day you were born, that it's hopeless to try to scrub them all. All you can do is be careful from now on.

In Florida for example, a popular source of this information was car rental companies. Thieves would break in, steal the file cabinets, and then have thousands of identities to sell on the hacker sites or to the Russian mafia (yes, it exists). And the Italians were Pillsbury Doughboys compared to those guys. In West Africa fraud is a national sport like football is here. It's cultural thing in many tribes.

Ultimately the lenders who are so anxious for business and are too lazy to do their homework eat the losses, which they then pass on to other people via higher interest rates.

For yourself, never, ever, respond to unsolicited requests for personal data by any means of communication. The ONLY entities who have a legal right to know your social security number are the Social Security Administration and the Internal Revenue Service. As a practical matter the list expands a bit - to your bank for example, because they report earned interest, dividends, etc. to the IRS, and your insurance companies, although many are changing from using SS#s to a customer number to avoid the downstream liability if they get hacked. If you refuse to supply a SS# to a bank when opening an account they are required by the IRS to withhold (I think) 20% of any earned income and send it to the IRS. But it's not a crime to refuse to supply that information, nor is it legally required that you do so.

So when anyone wants your full information, particularly date of birth or SS#, tell 'em to drop dead. At one chain store I bought a pair of reading glasses and they wanted my DOB and the guy got insulted when I refused. They do not need my DOB to sell me eyeglasses. He said they used it as an identifier. I told him to use my phone number - no one else has that number.

"Downstream liability" is what happens when, for example, an insurance company's customer database is compromised, and then "Bank of Middle America" eats $20 million in losses because of the identity theft resulting. The bank may well go after the insurance company, charging negligence in their reasonable care and custody of information to the bank's detriment. Increasingly the bank is going to win the case, the accountants are going to realize that skimping on security is false economy, and the security will get better.

Okay, I was on a roll....

[georgeclairepiper]

Thanks for sharing the knowhow. This is a big help. I am with tromboneAl, I hope the threat has been exaggerated. But then I read about these statistics: "14 million americans affected every year" and so forth. Sounds like we'll be okay, since we don't give out SSNs. The 'preventative' approach is a good one. I'll give word to the lady of the house to make sure she's shopping at websites with good reps.

[Martha]

Walt, what do you think about security and risks with online banking and brokerage services?

[utrecht]

Most identity theft has nothing to do with the internet. Conducting normal business on the internet as oppossed to doing that same business in an actual store isnt going to do anything to increase your risk of identity theft.

Your info is already in every database known to mankind. Besides, most identity theft is a result of employees who have acces to your info stealing that info. It makes no difference if these employees are internet employees, employees of your bank, your insurance company...ect.

[donheff]

Reading all of this convinces me of the need to freeze my credit. It is insane that people can wreck all of this havoc with your SSN and DOB. That information is trivially easy to get. Hell, in DC the SSN was your drivers license number until a few years ago. The SSA has always said the SSN card is not a form of identification. Can you sue companies for pain and suffering if they enable credit with such trivial information?

[Walt34]

Quote:

Originally Posted by Martha Walt, what do you think about security and risks with online banking and brokerage services?

Statistically they're safer than paper because fewer people have access to the information. I'm still active on a computer crime list serve and haven't heard of any problems with those. But companies rarely report such crimes as they don't want the publicity to create a "run" on the bank. If it happened much I'd think the customers would create enough publicity. Therefore I conclude that if it's happening at all the banks are making the customers whole again quickly.

The key of course, is know who you're dealing with, and it's not somewhere in the Cayman Islands. And use common sense - strong password, don't use a public (i.e., library, cafe) computer that may have keystroke logging on it, keep your software up to date, if you have kids prone to downloading stuff keep them off the computer you use for financial things, etc.

I have stayed away from it myself for the simple reason that we have only one computer at home and I don't want to put myself in a position of not being able to pay bills if the computer dies. It gets backed up weekly, but still, stuff happens. I check balances and transfer funds online, but that's about it.

I shy away from automatic bill-paying because when reading the fine print (I learned in fraud that's very important to do) I see that nobody wants to take responsibility for anything.

For example, the landline phone is about $75 (unlimited long distance) but it varies by a dollar or so every month. If I sign up for automatic billing and somebody misplaces a decimal point and bills the checking account $750, then depending on timing we might bounce some checks. The resulting bounced check fees are "consequential damages" that the telco won't pay. Neither will any other utility that wants us to sign up for automatic billing.

Until they will, I will continue to mail paper checks.

[Martha]

Thanks Walt. Good points on the automatic bill pay. I pay some bills online, but don't have them automated.

[SecondCor521]

I've used automated bill pay for a number of years for a bunch of bills and never had a single problem. USAA Bill Pay, which I currently use, I believe makes some sort of promise that they will pay any fees associated with any mess up on their part. I'm not worried about it.

2Cor521