THE EQUIFAX DATA BREACH seems to be a tipping point, unleashing a barrage of articles—and a boatload of angst—about the security of personal information. What are the potential problems and what’s the best way to defend yourself? I got some great ideas from followers of my Facebook page, where I posted a draft of this article and asked for feedback.
It seems there are five key scenarios where hackers could potentially wreak havoc with your financial life. Data thieves could:
How can you defend yourself? There are the usual precautions: Don’t give out financial information to anybody who calls you. Ignore emails that seek account information and never click on embedded links. If you think a call or email could be legitimate, phone the financial institution involved using a number you dig up, not one provided by the caller or in the email. Use strong, complicated passwords—and don’t use the same password for every account. Don’t access sensitive information from a public computer. Regularly review the activity on your credit card statements and in your financial accounts.
But there are three specific steps you might also take. First, if it’s offered by the financial institutions you use, set up two-factor authentication for your accounts. With two-factor authentication, your financial institution will text you a special code to use every time you log on or every time you log on from an unrecognized computer. This strikes me as crucial protection—because the bulk of your wealth is likely sitting in your investment accounts.
Second, consider freezing your credit with the three major credit bureaus. This will prevent someone from taking out a loan or credit card in your name. This is an easy choice for those who are, say, over age 50 and no longer applying for new loans and credit cards.
What if you’re younger and still regularly applying for credit, so a credit freeze would be a huge hassle? You might contact one of the credit bureaus and set up a fraud alert instead. A fraud alert requires lenders to take extra steps to confirm your identity. To set up an initial alert, all you have to do is contact one of the credit bureaus and it’s then required to tell the others. An initial fraud alert lasts 90 days, but can be renewed repeatedly.
Finally, you should regularly check your credit reports for errors and for accounts you don’t recognize. Once every 12 months, you can get your reports for free from each of the three major credit bureaus by going to AnnualCreditReport.com. A popular strategy: Check one report every four months.
Even with these steps, you’ll likely find someone occasionally steals your credit card information and charges items to your account. This, alas, seems to be an unavoidable reality of modern financial life—though credit card companies appear to be pretty good about detecting questionable charges and reimbursing those that slip through.
If someone has your personal information, there’s no way to prevent them filing a fraudulent tax return. This, however, is an area where early filers have an edge: If your return reaches the IRS first, the fraudulent return will be the one rejected. What if you are a victim of tax identity theft? The IRS will issue a special personal identification number to use thereafter. Meanwhile, there doesn’t seem to be much defense against theft of health care information—beyond staying vigilant with your personal information and keeping an eye out for suspicious health care charges.