The New York Times reported yesterday “hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.” This breach affects about 1/3 of the US population.
Here’s how you can improve your identity-theft radar, make yourself a smaller target, and create a credit-repair plan now in case cyber thieves violate your credit later. Regrettably, there is no killer app or strategic plan (including this one) that can guarantee the complete safety of your identity.
Improve Your Radar
1. Set up alerts from your credit card companies. You can instruct them to text or email your cellphone every time your credit card is used. In this way, you speed the time to recognition of a problem with existing credit cards.
Make Yourself a Smaller Target
2. Place a “security freeze” on your credit at all three credit bureaus. Identity thieves use your information to open new accounts and obtain credit in your name. But financial institutions generally require credit reports before they extend new loans. By implementing a security freeze, you are instructing the credit bureaus not to release your information to new lenders. And when you need new credit, you can cancel the security freeze, satisfy the needs of your lender, and reinstate the freeze for continued protection.
The process is simple. You set up and remove security freezes online. Costs vary from state to state. (I live in Rhode Island. When I initiated my security freeze, I paid $10 to each credit bureau for a total of $30.) And for the record, it is appropriate to create security freezes for all family members, regardless of age.
3. Change your passwords. The Equifax breach is yet another reminder about the importance of examining your personal, Internet security. If you do not have a system for changing and varying your passwords, here are five password managers to consider:
4. Turn on two-step verification with all websites that offer this feature. My reasoning comes directly from Google, which writes, “When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone).”
5. Make up your challenge question response. Some websites use a challenge question – example: what is your mother’s family name? – as a form of two-factor protection each time you sign in. With challenge-question systems, I recommend that you make something up. (Example: If your mother’s family name is “Smith,” set up “Lamonica” as the correct answer.) Cagey cyber thieves can find your family information on the Internet.
Decide on a Credit Repair Solution
6. Call your property-and-casualty insurance agent and ask if your homeowner’s policy includes coverage for identity repair. Policies that include such coverage typically state how much the issuing company will spend to return your credit to the condition it was in – before your personal information was taken. Your insurance agent should be able to explain what the coverage is and how much the insurer will spend under what circumstances.
7. Companies like Identity Force, Identity Guard, Liberty ID, and LifeLock specialize in “credit repair. These companies do not prevent credit violation. Before you decide which one to use, call and ask the following questions:
- Do you require clients to sign a limited power of attorney? Without these documents, financial institutions will not work with them to fix your credit if you have a problem.
- What is your experience resolving fake 1040s filed with the IRS?
- What is the average experience, measured in years, that your repair specialists have in resolving identity theft?
- How much do you charge and whom do you cover in my family?
Additional details about the Equifax breach are likely to surface in the days to come. In the meantime, I hope these seven steps inspire you to perform a self-examination of your personal commitment to Internet security. I will respond to all comments.