Identity Protection

[savory]

given the Equifax debacle, I am now considering Identity Theft Monitoring. My children are actively discussing it and will provide their suggestions. They have informed me that the 'original advice' of locking your credit will likely no longer be effective given the hack. So, they are moving to another solution which is likely a monitoring company. From our brief discussion, some damage will be done but it is hoped that the 'theft' can be stopped very quickly. Not an ideal solution but it will help.

In the meantime, I wanted to start a thread to learn from the forum what members are doing, now. And what they plan to do.

I have found this review which provides some choices for monitoring companies. The Best Identity Theft Protection Services for 2017 - Reviews.com

Are you using one of these or one not listed? Do you plan to do anything? etc.

Thanks

[GrayHare]

That would be a reasonable idea if I could know the ID protection company won't be hacked too. The only way I know to keep info secure is to not supply it, especially if it's going to be put online and without my reasonable recourse to damages recovery.

[Tadpole]

I was part of the OPM breach. I never gave them my credit card number and other things that were not already in the OPM database. I realized that, if you give all your personal info to a single entity and they keep their data online AND put it in search engines to see if it has showed up on the Internet, it might make you more exposed to ID theft. Am I wrong about this? Was this dumb of me?


If you are part of several breaches do you lose the ability to make a claim since each of the breached companies can point at the other?

[savory]

Quote:

Originally Posted by GrayHare That would be a reasonable idea if I could know the ID protection company won't be hacked too. The only way I know to keep info secure is to not supply it, especially if it's going to be put online and without my reasonable recourse to damages recovery.

This is a good point and something we are discussing right now. I think one of the keys is they store the data on separate servers. So, the hope is they get one computer hack, the bad guys do not get everything. Clearly not a strategy followed by Equifax but that is probably a part of their entire mismanaged story

[cathy63]

I think the thing to ask yourself is, what exactly are you trying to protect against? Then, what is the best way to ward off that particular threat, and what would the remedy be if you did or didn't have this tool?

Are you worried that someone will
- try to open new credit cards in your name?
- get a drivers license in some other state?
- take out mortgage loans?
- file a false tax return to get a refund?
- fraudulently claim your social security?
- steal money from your bank or brokerage accounts?
- something else?

I may not be creative enough, but for all the problems I can imagine, there are solutions and preventive actions other than subscribing to some service for $13 to $30/month. I am not dismissing these services out of hand, but I'd be really interested to hear from anyone who's used one and I'd like to know what they did that the person couldn't have done themselves.

[audreyh1]

Quote:

Originally Posted by davef given the Equifax debacle, I am now considering Identity Theft Monitoring. My children are actively discussing it and will provide their suggestions. They have informed me that the 'original advice' of locking your credit will likely no longer be effective given the hack. So, they are moving to another solution which is likely a monitoring company. From our brief discussion, some damage will be done but it is hoped that the 'theft' can be stopped very quickly. Not an ideal solution but it will help. In the meantime, I wanted to start a thread to learn from the forum what members are doing, now. And what they plan to do. I have found this review which provides some choices for monitoring companies. The Best Identity Theft Protection Services for 2017 - Reviews.com Are you using one of these or one not listed? Do you plan to do anything? etc. Thanks

Do they mean that freezing your credit will no longer be effective given the hack? I don't believe that's true. In fact I believe that once SS# and birth date have stolen, freezing your credit before someone messes with it is your only recourse.

[savory]

Quote:

Originally Posted by audreyh1 Do they mean that freezing your credit will no longer be effective given the hack? I don't believe that's true. In fact I believe that once SS# and birth date have stolen, freezing your credit before someone messes with it is your only recourse.

Not a bad idea necessarily. But now that they may have a lot of information, they can unfreeze your information. So, freezing the data was seen as a good step. But now, perhaps another layer is required. At least that is how I understand it.

[audreyh1]

Quote:

Originally Posted by davef Not a bad idea necessarily. But now that they may have a lot of information, they can unfreeze your information. So, freezing the data was seen as a good step. But now, perhaps another layer is required. At least that is how I understand it.

How do they unfreeze your information without the passwords from each credit bureau?

[bingybear]

nothing I've heard tells me that freezing won't be any less effective than it has been. people who buy identity theft protection get people monitoring the data.. much in the credit reporting agencies for new credit applications. What they do or should provide is people who will push to correct and remove accounts that are fraudulent.

[savory]

Quote:

Originally Posted by cathy63 I think the thing to ask yourself is, what exactly are you trying to protect against? Then, what is the best way to ward off that particular threat, and what would the remedy be if you did or didn't have this tool? Are you worried that someone will - try to open new credit cards in your name? - get a drivers license in some other state? - take out mortgage loans? - file a false tax return to get a refund? - fraudulently claim your social security? - steal money from your bank or brokerage accounts? - something else? I may not be creative enough, but for all the problems I can imagine, there are solutions and preventive actions other than subscribing to some service for $13 to $30/month. I am not dismissing these services out of hand, but I'd be really interested to hear from anyone who's used one and I'd like to know what they did that the person couldn't have done themselves.

I am told that this is not terribly unreasonable but it maybe limiting. For example, there are 3 credit bureaus and you can check them once per year for free. So there is a gap of 3 months if you maintain a free check. More frequent, I believe you will pay.

Adding a Freeze,. would definitely be helpful. But knowing that that Equifax got hacked, perhaps it is not overkill to pay a service that will keep closer, more frequent tabs. Some might say paranoia.

To me in some ways, this is like the conversations we have had about 2 Factor and password generators. Some called it overkill. I find it to be a higher level of protection once I excepted tools like Last Pass and Keepass. But the major difference from this discussion is these are free.

[savory]

Quote:

Originally Posted by audreyh1 How do they unfreeze your information without the passwords from each credit bureau?

Perhaps one of two ways. They have the Equifax info and just go to Equifax and convince a telephone operator or computer program that they are you.

Or they use the Equifax data to gain access to one of the other Credit companies. I recently received a message from Pay Pal that concerned me. I was on the road and they needed more information. After some going back and forth, I convinced the PP rep. to temporarily close my account.

The same call made by a crook, who has my data, may lead to some account changes. They could be targeting health insurance, tax reports (claim your refund) etc. Freezing only works with Credit Bureaus not the rest of the opportunities for using your identity.

Perhaps for some it is an extra 'lock' that seems like overkill. And I am not sure as I write this that I would not agree. However an article in the NYT suggests the breach is a big game changer and those using 4 checks a year for credit may not be protected like they should.

[bingybear]

Quote:

Originally Posted by davef I am told that this is not terribly unreasonable but it maybe limiting. For example, there are 3 credit bureaus and you can check them once per year for free. So there is a gap of 3 months if you maintain a free check. More frequent, I believe you will pay. Adding a Freeze,. would definitely be helpful. But knowing that that Equifax got hacked, perhaps it is not overkill to pay a service that will keep closer, more frequent tabs. Some might say paranoia. To me in some ways, this is like the conversations we have had about 2 Factor and password generators. Some called it overkill. I find it to be a higher level of protection once I excepted tools like Last Pass and Keepass. But the major difference from this discussion is these are free.

you can check the each credit companies once a year unless you have had identity theft or the like.

Multi-factor logins by customers like you would likely not have stopped the data theft. I doubt they stole records based on an individual account, but hacked the system to steal the bulk of the database. More likely a facility to allow bulk information processing.

Could things be done to tighten this up, hell yes. Individuals may need to get involved with the day to day crap that happens with their accounts.

[savory]

From NYT

"Instead, I check one of my credit reports for free every four months at annualcreditreport.com. That plus the permanent security freezes are enough to keep me sleeping well at night.


Or at least it used to be. I have always worried that a giant breach would someday come to one of the big credit reporting agencies, and now here we are. The data is out there, and thieves may use it in ways that freezes cannot thwart. They may try to gain access to other people’s health insurance, file tax reports in their names on Jan. 2 to claim a big refund and do other things that we haven’t even thought of yet.

And then there’s this: A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here, and we will now spend years seeing what happens next."

[bingybear]

Quote:

Originally Posted by davef Perhaps one of two ways. They have the Equifax info and just go to Equifax and convince a telephone operator or computer program that they are you. Or they use the Equifax data to gain access to one of the other Credit companies. I recently received a message from Pay Pal that concerned me. I was on the road and they needed more information. After some going back and forth, I convinced the PP rep. to temporarily close my account. The same call made by a crook, who has my data, may lead to some account changes. They could be targeting health insurance, tax reports (claim your refund) etc. Freezing only works with Credit Bureaus not the rest of the opportunities for using your identity. Perhaps for some it is an extra 'lock' that seems like overkill. And I am not sure as I write this that I would not agree. However an article in the NYT suggests the breach is a big game changer and those using 4 checks a year for credit may not be protected like they should.

The credit freeze only helps opening new credit that requires noting on credit reporting agencies. An open paypal, credit card, heloc, etc... are open to hacking. If a person gets your unfreeze codes.. so are credit agencies.

[donheff]

OK, I recognize that we don't know the extent of this hack and that maybe the bad guys got some encrypted password files from Equifax or whatever and are working on decrypting them... But, it still seems to me that locking your credit or keeping a lock on is a sensible response to this hack. It will be much easier for the bad guys to simply sell the data to others who will try to open lines of credit. Going after individual locked accounts with social engineering, decrypted lock codes etc seems highly unlikely. Much more effort and you need to get through all of the three major companies to succeed.

I'm keeping my lock in place and will probably accept Equifax's offer of a year of credit monitoring once I confirm that accepting it doesn't lead to automatic renewals.

[Dawg52]

If you are a AAA club member, you get some ID protection/monitoring free. Not sure how good it is but I use that.

[savory]

Quote:

Originally Posted by donheff OK, I recognize that we don't know the extent of this hack and that maybe the bad guys got some encrypted password files from Equifax or whatever and are working on decrypting them... But, it still seems to me that locking your credit or keeping a lock on is a sensible response to this hack. It will be much easier for the bad guys to simply sell the data to others who will try to open lines of credit. Going after individual locked accounts with social engineering, decrypted lock codes etc seems highly unlikely. Much more effort and you need to get through all of the three major companies to succeed. I'm keeping my lock in place and will probably accept Equifax's offer of a year of credit monitoring once I confirm that accepting it doesn't lead to automatic renewals.

Before you do this, you may want to make sure you are not giving up any legal recourse rights by accepting their monitoring offer. And their program monitors more than just their bureau. I have not personally read it but I am told by sources I find reliable that this might be the case.

Just a crappy issue, as noted in the NYT, Equifax will eventually turn this into a profit center for those who keep their audit 2nd year and beyond. Rewarded for being incompetent.

[garyt]

Quote:

Originally Posted by Dawg52 If you are a AAA club member, you get some ID protection/monitoring free. Not sure how good it is but I use that.

More info please. I'm a AAA member and wasn't aware.

[savory]

Quote:

Originally Posted by bingybear you can check the each credit companies once a year unless you have had identity theft or the like. Multi-factor logins by customers like you would likely not have stopped the data theft. I doubt they stole records based on an individual account, but hacked the system to steal the bulk of the database. More likely a facility to allow bulk information processing. Could things be done to tighten this up, hell yes. Individuals may need to get involved with the day to day crap that happens with their accounts.

I agree. One theory that the data theft was so successful was the use of one server to store all of an individuals data and/or some link to the servers that made hacking easier. For example, putting it in traditional lock terms, the combination to the first one was 1234. The combination to the next server was 1235, etc. Easy to figure out how to move from one server to the next.

I do not know how one finds out the approach taken by any company for the management of their servers. But, it would be good to know and perhaps if it was known, the companies would be able to leverage the protection of data as a marketing tool. Right now, we just seem to trust them.

[retired1]

We can't stop this nonsense security breaches but what we can all do is:
1. Lock credit --> This simply puts a temp lock (90 days) so if anyone tries to open an account they have to go through extra steps (maybe contact/confirm with you first).
2. Check credit reports routinely
3. Watch financial account activities routinely.
4. Setup Alerts on all accounts so you get notification of any activity.