MONEY credit cards

Thieves Charged $18,000 on Stolen Credit Card in Minutes

Peter Dazeley—Getty Images

The thieves allegedly bought prepaid debit and gift cards at 2 Target stores in Nashville while Jennifer Puryear shopped for groceries.

Thieves don’t need much time to do a lot of damage. A woman whose wallet was stolen earlier in August while grocery shopping in Nashville learned this firsthand: Between the time she entered the store with her wallet and when she got to the cash register without it, someone had spent $18,000 on her credit card, reports News Channel 5 in Nashville.

Jennifer Puryear called American Express as soon as she noticed her wallet wasn’t in her purse, but by then, the company told her the card had been used a dozen times at local Target stores. Based on surveillance camera footage, police say the alleged thieves appear to be a couple who tried to use the card at a third Target, but Puryear had already canceled the card. The alleged culprits were buying prepaid debit cards and gift cards — it’s a common tactic, because credit card fraud can be shut down quickly, as it was in this case, and that gives thieves time to spend the money or sell the cards for cash later.

Consumer protection laws concerning credit card theft generally exempt victims from financial liability for the fraud, as long as the theft is reported quickly. The most credit card fraud victims can be responsible for is $50 of the unauthorized purchases, but it’s a different story with debit cards. Even if you don’t end up responsible for anything, debit card fraud can be much more problematic than credit card fraud, because it can take time for the bank to replace the stolen funds. It’s one of the advantages credit instead have over debit cards. If you don’t have a credit card and are searching for one, you can use this expert guide to credit cards to figure out what kind of card might suit you best.

Puryear’s experience is a good example of why consumers may want to consider setting up transactional monitoring on their financial accounts, no matter what kind of card you have. Banks offer different options, but generally, you can update your account settings to receive alerts when a “suspicious” transaction or a purchase over a certain amount clears your account — you might be able to get alerts for any transaction, so if anything occurs that you didn’t authorize, you’ll know immediately. Given how quickly fraud can get out of control, it’s not an unreasonable thing to do.

The worst-case scenario is something like this goes on for long enough that the fraud ends up hurting your credit (or in the case of a debit card, draining your bank account). If the transactions go unnoticed until the time your credit card balance is reported to the credit bureaus, your credit score could suffer from the seemingly high credit card balances. Because it’s fraud, you should eventually be able to correct the problem, but that’s something you’ll want to avoid having to deal with in the first place. In the event that you don’t catch the fraud on your financial statements, make it a habit to check your credit, so you’ll at least spot the fraud there.

More From

MONEY College tip of the day

Protect Yourself From ID Theft on Campus

ML Harris—Getty Images

Be careful what you share on social media and remember that your passwords aren't secure when using public wifi spots.

College students are prime targets for identity thieves. They are busy and distracted, and rarely are actively engaged in managing their credit. And they are usually required to fill out a flurry of paperwork as school begins that includes the most sensitive information, such as Social Security numbers. In additional to financial aid, enrollment forms or rental documents, many will encounter credit card applications for the first time, not to mention creation of various computer accounts and passwords that are likely to follow them around for a lifetime.

“College students represent a tasty target for identity thieves because they literally live online, operate in an open environment where there are multiple points of vulnerability on fairly unsecured college networks, have roommates or housemates who have access to much of their personal identifying information and for most their GPA is of far greater importance than their FICO scores,” says Adam Levin, owner of and author of the forthcoming book, Swiped.

Check out the new MONEY College Planner

Moreover, college-aged victims of ID theft are often the last to know. A Javelin Strategy & Research study in 2015 found that 22% of students found out they were victims of identity fraud when contacted by a debt collector or when they were denied credit – which is three times higher than average fraud victims. That’s why the start of the school year is a very good time to talk with students entering or returning to college about protecting their identities.

So here are some Dos and Don’ts.

DO leave ‘foundational’ paperwork like birth certificates and Social Security cards at home. Young adults might be tempted to carry their SSN cards with them because of all that paperwork, but that can be a recipe for disaster. A smart criminal who steals a wallet would gladly trade all the cash and credit cards for that SSN card, which can be used to commit the worst kinds of ID theft. Instead, use those elementary school skills and commit the SSN to memory.

DO be smart when using public WiFi. Let’s face it — students are going to use laptops in lounges and coffee shops all over school, and probably all over town. There’s a risk associated with doing so, but some common sense choices can lower that risk. Assume data you type into your computer at a hotspot can be swiped, so minimize use of sites that require logins. Avoid doing sensitive tasks like online banking. Wait until you are on a secure network to deal with money.

DON’T trade your financial life for a free pizza. Don’t go crazy with the credit and debit card applications. In fact, you may be better off setting up your checking account / allowance account with your home bank before you leave for school. If your school encourages you to load your financial aid onto a school-branded debit card, know that card might have higher fees than your home bank, be judicious about how you use it. And of course, the fewer applications you fill out with your personal information, the better. Every piece of paper on which you enter your SSN is a piece of paper that a criminal might get their hands on. That free pizza could turn out to be really expensive.

DO come up with a personal strategy for creating secure passwords. Many accounts you create during college years will stick with you the rest of your adult life, so it’s worth putting thought into user names and passwords you select. Don’t use your pet’s name or high school mascot followed by a month. Try this instead: Write a sentence that you won’t forget, like I Was Born in Seattle on October 1. Use the first letter of the words in that sentence — IwbiSoO1 — and you have a pretty good password. Add a few special characters to it, like this Iwb!SoO1 and you are really in business.

DON’T overshare on social media. In high school, the consequences of social media missteps are often minimal. That really changes as you enter adulthood. Embarrassing photos could cost you an internship. Oversharing could cost you your credit. Don’t reveal your birthday. Don’t talk about pet’s names, siblings or mascots. Don’t give away hints that a criminal could use to social engineer their way into your accounts.

DO become familiar with your credit reports and credit scores. Finally, entering adulthood is a great time to get in the habit of checking your credit reports annually, which you can do for free on Checking your credit before the first school day of the year to look for any signs of errors or identity theft can become a Fall ritual that will serve you well the rest of your life.

Check out MONEY’s 2015-16 Best Colleges rankings

More From

MONEY Small Business

Identity Thieves Love Small Businesses

i love images—Getty Images

It can be easier and more lucrative to steal from a small business than from an individual.

Not long ago, a small business owner I work with found herself the target of an identity thief. He didn’t open credit lines in the name of the business, but instead stole its name and good reputation to bilk other entrepreneurs out of thousands of dollars. He was quite blatant about it, even representing himself on LinkedIn as a principal of the business.

Dealing with identity theft is bad enough, but if it hits your business it can be devastating. It can take enormous resources and time to straighten out — and what entrepreneur has lots of time to spare? It can even bring your business to a screeching halt if you don’t catch it and stop it quickly.

Here are three reasons identity thieves love small business owners.

1. It’s Easier to Get Info

There are strict limits on who can review personal credit reports or scores, but the same limits do not apply to small business credit reports or scores. (That’s true as long as they don’t contain personal credit information about the owner — some do — and those are subject to restrictions).

“Because it’s not covered by Fair Credit Reporting Act protections, anyone can check a business’s credit report and get sufficient information (EIN, address, employees and principal owners’ details, etc.) to start the ID theft process,” says Caton Hanson, co-founder of Creditera. “Personal information is more difficult to obtain and requires nefarious means to do so,”

In addition, there are many more points of access to sensitive information. If you’ve been watching the series “Mr. Robot,” you know that the main character Elliott Anderson finds “phishing” — simply asking the right questions — to be an easy way to get into other people’s email or social media accounts. Similarly, in a small (or large) company sometimes all it takes is one employee with a weak password or a lack of skepticism to open the door to criminal activity.

2. It Can Be Lucrative

An established small business may have larger credit lines and larger bank accounts, both of which make them more attractive to a scammer. Why not steal $50,000 if it takes the same amount of work as stealing $5,000? In addition, small businesses may have a history of larger transactions so, for example, a large wire transfer overseas doesn’t set off alarm bells the way it might on an individual’s account.

3. It’s Harder to Detect

Small business owners are often surprised to learn there are many business credit reporting agencies they’ve never heard of before. There are a variety of credit reporting agencies that report small business credit information — and many specialized agencies that most entrepreneurs haven’t heard of. (I provide details on the various business credit bureaus in my new book Finance Your Own Business.)

And because some vendors and creditors don’t report business credit activity at all, it could be months before you realize you’ve been a victim. I learned of one business that was a victim, and the imposters rented office space in the same building where the actual business was located to pull off their scheme!

You’ve Been Warned

The steps for protecting yourself from business identity theft will likely sound very similar to those that are used to protect yourself from personal identity theft. They include:

  • Shredding all sensitive documents.
  • Using very strong passwords and changing them regularly.
  • Limiting access to sensitive information by employees on a need-to-know basis.
  • Keeping track of your credit. Companies such as Experian, DNB and Creditera offer business credit monitoring.
  • Making sure employees with access to sensitive information secure laptops, cellphones and all data related to your business.

There are many challenges when running a small business. There are a number of obstacles to overcome. Identity theft is a continuing challenge for small business owners. Put up your own road blocks and defenses to make sure you are not the next victim.

More From

MONEY privacy

7 Tips for Using Budgeting Apps Safely

Steven Puetzer—Getty Images

For starters, never use auto-logins.

Budget apps such as and YouNeedABudget. com can help spendthrifts track and control spending. They also carry a security risk, as they require users to hand over sensitive information such as credit card and bank account numbers, then allow the apps access to that information.

In this era of headline-grabbing security breaches, just how safe are these apps? And what would happen to users if their sensitive information fell into the wrong hands?

Before answering those questions, it’s helpful to review how budget apps work. They aggregate users’ finances, assembling information from checking, savings, credit card and even retirement accounts, to give users a single snapshot of their finances: what they’re spending, what they’re saving.

The apps are popular., whose website promises users “the complete picture in minutes,” claims 20 million users.

Information entered into is read-only, explains Holly Perez, consumer money expert at Intuit, the Palo Alto, California-based company that developed and owns That means the app cannot use account information to transfer funds between accounts or make purchases.

Too, not all budget apps require access to bank statements and credit card accounts. Rather than have users hand over bank account numbers, asks them to download bank statements into a Dropbox file; a YNAB spokeswoman says Dropbox uses 256-bit AES encryption to protect data.

Card protections kick in
Banks and card networks say in the event of a breach, zero-liability protection would cover any fraudulent charges. MasterCard’s policy covers both debit and credit cards. “Our zero liability protection applies whenever a MasterCard branded card is used,” says Becky Kitchener, a spokeswoman for MasterCard. “App use has no impact on card protections.”

Wells Fargo, too, would cover fraudulent charges on credit or debit cards if an app were to have a security breach, according to a spokeswoman.

Even if it didn’t, U.S. law offers protection. The Fair Credit Billing Act limits consumer liability to $50 for unauthorized charges on credit cards, and $0 if the user reports a stolen card before the card is used fraudulently. The Electronic Fund Transfer Act offers similar protections to debit card users in certain cases.

The fine print
Both bank-based and law-based protections come with some fine print, though. Users must dispute charges within a fixed time frame. For instance, you have 60 days to comply with the Fair Credit Billing Act. You’ll need to report fraudulent debit card charges within two business days or you could be on the hook for up to $500. Wait more than 60 days and you could be liable for the entire amount.

The fine print at most banks says cardholders must exercise reasonable care in protecting their privacy, as well as report fraud in a timely fashion., for its part, referred to FCBA guidelines when asked about credit card protection. It says debit card protections depend on the user’s bank.

Some banks will not cover unauthorized debit card charges or fraudulent bank-account activity if customers hand over private information to a third party, says Leo Hopper, information security manager at GreenPath Debt Solutions, a nonprofit financial consulting agency in Farmington Hills, Michigan.

Too, some financial institutions will not allow access to customer accounts.

Hopper’s advice: Check with your bank before signing up with a budget app to see what protections are available to you. He also suggests checking with the apps you plan to use to see what protection they offer.

Risks to personal information
Yet another caveat: Terms of service “always say they will not share or sell your information, but that’s always subject to change,” particularly if an app is sold to another company, Hopper says.

Massive, hacker-led security breaches aren’t what bother experts such as Hopper, though. It’s personal carelessness that could cause a smartphone and an app, and all that sensitive information, to come into a crook’s possession. “The greatest risk for these services is that all your information is accessible in one location,” Hopper says. “Worst case, they can access your info and do some form of identity theft.”

Greenpath counselors, he continues, encourage clients to use budget apps, as they’re useful tools for people who need help organizing budgets and finances. For the most part, the apps are reputable and safe: Users are more likely to click on a spam-phishing email and get “had” that way rather than have a budget app experience a systemwide breach, he says.

Budget app safety tips
The key to using a budget app safely: Follow good tech hygiene rules and use your brain. Here are seven app-safety guidelines from Becky House, education director at American Financial Solutions, a nonprofit financial counseling agency in Seattle.

1. Use the apps as your comfort level permits. Apps can track spending and saving by aggregating information from all accounts, “but there are a lot of people who are not comfortable connecting accounts [and] having all their eggs in one basket,” House says.

2. Protect yourself with a password. Budget app sites encrypt passwords, so even if a hacker were to break in, he’d have to decrypt passwords first. Someone who grabbed your iPhone off a table at Starbucks, though — that’s another story, particularly if your phone isn’t password-protected. The lesson: Password-protect your smartphone and set up the password function so you have to log in every time you use the phone.

3. Use complicated passwords. It’s old advice and worth repeating: For the phone and for the apps themselves, don’t use your birthday, address or other easily guessable digits as passwords. “Make sure it’s complicated,” House says.

4. Do not agree to auto-logins when you access a site. You know that window that pops up and asks, “Remember this password?” with the choice to answer “Yes,” “Not now,” or “Never for this site?” “Never” is always the right choice, House says.

5. Use anti-virus software on your phone. It’s something people should do, but don’t: “I feel I harp on this a lot,” House says. Norton, which makes anti-virus software for computers, has a smartphone version available at

6. Pay attention. Budget apps alert users to activity on their bank accounts and credit card statements; if you see unusual activity, check it out and report it. That is crucial, as zero-liability and FCBA protections do hinge on timely reporting of fraudulent behavior.

7. Be discreet in public. Don’t play with your budget app when you’re using public Wi-Fi at a coffee shop or at the airport; those airwaves are public and susceptible to breaches. If you must log on, say to check out an account activity report, use cellular data if possible and remember to log off as soon as you’re finished. Also be aware of who’s around you; someone at the next table might have a full view of your screen.

The bottom line: Budget apps can do lots to help users gain financial wisdom; the rewards of using them outweigh the risk. Users — by being smart and careful — can do much to reduce that risk.

More From

MONEY privacy

5 Ways to Keep Hackers Away From Your Money

Irakli Abashidze / EyeEm—Getty Images

Start by rethinking your password strategy.

JPMorgan Chase, Domino’s, Home Depot, P.F. Chang’s, eBay — the list of targets continues to grow.

Information breaches that would have been difficult to fathom years ago are now common. And people are rightfully worried. After all, if the federal government can get hacked and its employees’ data stolen, how vulnerable is a personal account held at a bank or brokerage?

My friend Jack Vonder Heide, president of Technology Briefing Centers and one of America’s leading authorities on technology-related risks, says the image of cyberattackers as hipster kids in a basement hacking into websites for fun is a dangerous misconception. Cybercriminals, he says, are highly educated operatives of well-funded overseas groups, mostly based in China and Russia.

So what actions can you take to protect yourself in what feels like an endless battle to keep your data secure? Here are five steps to consider:

1. Diversify your passwords — and change them

For convenience’s sake, people often use the same password across multiple websites. Big mistake. It’s like giving an intruder a key that opens every lock. You want to make it extremely tough for a hacker to access your sensitive information. So create a different password for every financial website — brokerage, bank, credit card, mortgage account and so on. Create unique password combinations that include letters, numbers and, if possible, symbols. Establish a biannual schedule to change them. Security must be an ongoing endeavor.

2. Use an online password manager

All those hard-to-crack passwords can be a nightmare to try to store, recall and keep secure, so use a reputable password manager. The best managers include password generators that create strong, unique choices. Most password managers allow you to sync your passwords across all electronic devices, making it easy to maintain multiple passwords. Select one that includes two-layer authentication for additional protection. Check out PC Mag’s best password manager selections for 2015. Many come with an annual fee — but they’re affordable and worthy protection against hackers.

3. Make life hard for crooks

Cross-shredding confidential documents, avoiding simplistic passwords and keeping sensitive information off of unsecured channels like email are modest but effective actions. Thoroughly checking credit statements for suspicious activity and being aware of your surroundings when using ATMs are basic security measures that remain effective. Don’t let your guard down.

4. Check your credit reports at least annually

Periodically checking your credit report is a smart way to stay ahead of the bad guys — but many people don’t because of common misconceptions, such as the belief that you have to pay a fee to see your report, or you must subscribe to a service.

The fact is, federal law entitles you to a free copy of your credit report once a year from each of the three consumer credit reporting bureaus — TransUnion, Equifax and Experian. You can get these reports at If you want to be especially vigilant, spread out your requests, so that you are looking at a different report every four months instead of all three at once every year. Increasing the frequency will help you catch suspicious inquiries earlier since credit activity customarily gets reported to all three bureaus.

The goal is to check for discrepancies, inconsistencies and inaccuracies that might suggest identity theft. It’s not difficult to correct errors. The credit bureaus have improved their service and request response times. The Federal Trade Commission provides easy-to-follow instructions to dispute errors.

5. Keep your guard up when it comes to e-mails

Be wary of any email that requires you to click on a hyperlink to update a password or confirm confidential material. Such e-mails are often “phishing” expeditions seeking to scam you. They appear to come from your bank or brokerage firm, an online retailer — even the IRS.

The best rule to follow is that regardless of how real an e-mail looks, never click on such links. Contact the alleged sender’s customer service or fraud department directly to check the legitimacy of the email. Don’t use the phone numbers provided in the suspect email. Always use the contact information provided on your monthly statement or listed on the company’s website. It’s also advisable to forward the email to an organization’s fraud department.

What about inquiries from the IRS? That’s easy. The IRS does not initiate taxpayer communication through email or other electronic channels, period.

It’s understandable to feel helpless in an age of smart criminals who conduct endless assaults on privacy. But simply putting the threat out of mind is no solution. Nor is deciding that it can’t happen to you.

More From NerdWallet:

MONEY Opinion

This Is the Most Dangerous Identity Theft Threat

weerapatkiatdumrong—Getty Images/iStockphoto

Never take this for granted.

Last weekend, TheUpshot published the most dangerous identity theft threat: the non-expert’s tendency to underestimate the magnitude of problem. The piece in question argued that the consequences of most identity theft have been exaggerated (by identity theft experts like me), and that, “only a tiny number of people exposed by leaks end up paying any costs.”

The main source for TheUpshot’s argument seems to be the 2015 Identity Fraud Report (covering data from 2014) published by Javelin Strategy and Research, which found a dramatic increase in account takeovers (i.e., when a fraudster is able to get through the authentication process on an existing credit account and make charges) but an overall decrease in the amount of money lost to identity-related fraud.

To think that the 2015 Javelin report minimizes the threat of mega data breaches to consumers is to misread it. To suggest that the threat is overstated is both simplistic and harmful to consumers. The article focuses too much on account takeover resulting from big-name hacks like Target (a very common form of identity theft). Meanwhile, it gives nowhere near enough attention to the very real and long-lasting effects of more serious forms of identity theft – the kind that’s committed using Social Security numbers – and the equally big-name hacks like Anthem, Premera, and the Office of Personnel Management that exposed millions of records containing that data.

The Buck Doesn’t Stop With the Bank

TheUpshot dismisses the consumer cost of most data breaches (beyond lost time and annoyance) because “several laws protect consumers from bearing almost any financial losses related to hackers.” TheUpshot continues, “…banks and merchants, like Target, must bear the cost. But even their losses have been dropping in recent years, as data security experts have learned new strategies to prevent intrusions from turning into theft.”

First of all, banks do not bear all the costs if they can help it. They pass it along to the company that caused the problem in the form of fines and penalties, and in some cases the company is only alleged to be the cause of the problem. It is very hard for small businesses to fight card companies on these charges. So when it happens, it can be a near extinction-level event, or force price changes. And, of course, that cost often manifests itself at the consumer level.

Additionally, according to at least one recent report, the cost of a data breach to businesses has not been going down, as stated by TheUpshot. On May 27, IBM and the Ponemon Institute jointly reported the cost per breached record had increased by 12% over the preceding year, from $145 to $154, and that the average total cost of a data breach to an enterprise rose a not inconsiderable 23% to $3.79 million.

And it bears repeating: While it’s all very populist and fair-weather foppery to say that companies like Target and Home Depot can foot the bill of a breach, the same cannot be said of smaller businesses—after all, breaches are not confined to big companies.

5% Is a Huge Number

TheUpshot’s big reveal: “The more troubling identity theft, in which new accounts are opened in an unsuspecting person’s name, make up only 5 percent of the total figure given by Javelin.”

To the uninitiated eye, 5% sounds like a small number. But it’s missing context.

“Although we have no data to support what percentage of breaches turn into identity theft cases,” according to Brent Montgomery, Fraud Operations Manager at my company IDT911, “5% is a lot.”

In 2014 there were 12.7 million identity fraud victims, according to Javelin. Just 5% of that total is 635,000 consumers—hardly a negligible number.

Montgomery then highlighted the essence of the problem here: “There are so many breaches on a daily basis that information can be pieced together from one breach to another giving a criminal all they need to complete the puzzle.”

TheUpshot fails to account for the long tail of identity theft—the fact that scams are pieced together using data harvested from countless individual and corporate compromises oftentimes sold and resold on the data black market. A scam that happens today may use data that was compromised three years ago—especially when Social Security numbers are involved since their only expiration date is when the holder of those nine digits expires.

Another problem with using the Javelin report is that the data is extrapolated from a relatively small sample of the population, whereas the Federal Trade Commission’s Consumer Sentinel Network Data Book for January-December 2014 is driven by hundreds of thousands of pieces of consumer-reported data. That matters here because on page 13 of the Sentinel report, you will find a higher incidence of new account creation (12.5%) than fraud on existing accounts (4.9%).

There Are Very Serious Identity Theft Threats

While instances of new account fraud and some signs of existing account takeover can show up on your credit reports (you can get them for free once a year on, other types of identity theft are less detectable – until they really cause damage. Of greater concern is what does happen to consumers whose information falls into the wrong hands—specifically their most sensitive information. Mentioned nowhere in the article is tax fraud, a crime that is most definitely on the rise and cannot be resolved easily or quickly (think: 6-12 months). Equally absent in this Panglossian take on what really is an identity theft epidemic: medical identity theft, which is extremely difficult to detect, equally difficult to resolve and can have potentially life-threatening consequences.

The bottom line is that while it’s easy to dismiss identity theft experts as being the equivalent of “the soap company that advertises how many different types of bacteria are on a subway pole without mentioning how unlikely it is that any of those bacteria would make you sick,” it is irresponsible to downplay the various serious risks now facing millions of Americans whose most sensitive personal information has been exposed in the breaches of Anthem, Premera, Sony Pictures and the Office of Personnel Management, to name a few. The threat for them is very real, and long-term—perhaps a lifetime.

More From


Consumer Complaints About This Troubling Scam Have Soared

Behold the year's top consumer complaints.

Identity theft was the fastest-growing consumer complaint in 2014, according to a joint annual report by the Consumer Federation of America and North American Consumer Protection Investigators. The list is based on more than 280,000 claims made to 37 consumer-protection agencies in 21 states last year.

Recent, large-scale data breaches at major retailers are at least partly to blame for the rapid rise of identity theft complaints. (It also was the top consumer gripe handled by the Federal Trade Commission last year, making up 13% of all complaints.)

Read next: 10 Funniest & Most Creative Consumer Complaints Ever

Consumer agencies say that stealing someone’s identity to claim their tax refunds, in particular, is a growing problem. “Refund fraud caused by identity theft is one of the biggest challenges facing the IRS,” says the agency, which has 3,000 employees working on tax-related identity theft.

The 37 agencies the two groups canvassed deemed debt collection the worst category overall for consumer complaints, based on a combination of complaint frequency, the dollar amounts involved and how severely vulnerable populations were affected. In some cases, people were hounded to pay debts that weren’t theirs.

“They make harassing phone calls or send threatening emails to scare consumers… to satisfy a loan that doesn’t exist,” the groups’ report says. Other victims who filed complaints with state and local agencies said they were subject to abusive language and other illegal practices from debt collectors, such as threatening them with arrest or calling late at night. (By law, these agencies aren’t supposed to call after 9 p.m.)

Some complaint categories are perennial hot buttons. As in 2013, automotive-related issues were the most frequently reported to protection agencies last year, including, “misrepresentations in advertising or sales of new and used cars, lemons, faulty repairs, leasing and towing disputes,” the CFA says. Other mainstays in terms of generating complaints include telemarketing robocalls, construction and home improvement firms, landlord-tenant disputes and shady retail practices like false advertising or issues with gift cards or coupons.

There were plenty of new contenders causing major consumer headaches last year, too. Consumer protection agencies reported an influx of complaints about student loan repayment or consolidation scams, and businesses refusing to honor customer agreements such as rebates, gift certificates and contracts after changing hands, sometimes even though the businesses retained their old names.

“A good recent example is gyms that have closed and be reopened by other, larger corporations,” says Ethel Newlin of the San Francisco District Attorney’s office. In some cases, she says, “Consumers were left with worthless contracts for the rest of the term they had already paid for.”

You Might Also Like:

Our National Robocalling Nightmare May Soon Be Over

10 Phone Scams You Should Hang Up on Immediately

Why This Fall Is The Best Time in Years to Book a Flight

MONEY privacy

This Privacy Breach Scares People More Than Revenge Porn

Broken door

A new survey lays bare our greatest fears.

Want to know what’s worse than having naked pictures of yourself leaked online? Having your financial information stolen or compromised — or so said 55% of those polled in MasterCard’s Emotion of Safety & Security Research survey, released today.

Even more would rather have their homes robbed (59%) or email hacked (62%) than have financial data stolen or compromised. Interesting as those statistics are, most criminals don’t ask potential victims which crime they would prefer. And so we’re left to try to figure out how to keep safe.

Almost half (48%) feel personally responsible for keeping their data safe, and virtually everyone (92%) reports doing at least something to protect themselves (here are some ways to keep identity thieves at bay).

The survey was conducted by phone by Braun Research from May 8 – 12 among 1,000 adult consumers in the U.S. The survey has a margin of error of +/- 3.1% at the 95% confidence level.

People generally get that the problem of data privacy is serious — that a Social Security number can enable someone to open a new line of credit in your name or drain your bank account, or that an intercepted credit card number can allow someone far away to to use a the card that seems to be safely tucked in your wallet.

But there are so many kinds of identity theft that sometimes our response is simply to be overwhelmed — which results in inaction, says identity theft and personal security expert Robert Siciliano.

Which is how security can fall by the wayside. While there are things we can — and should — do to protect ourselves, we don’t necessarily do them. We know we should change passwords regularly, use strong passwords (upper and lowercase letters, numerals and special characters) and be careful about using public Wi-Fi, but who has time? Besides, it’s a numbers game, and consumers may assume that if they’ve gotten away without taking precautions before, their luck probably will hold out.

Siciliano said that if you haven’t changed your password in more than a year, “your passwords are more than likely in the hands of a criminal.” Just because it hasn’t been used yet doesn’t mean it won’t be.

Siciliano says trying to protect yourself online isn’t unlike taking care of car safety. It’s easy to think it’s as simple as buckling up, forgetting that we also need to have brakes serviced periodically, change oil and do other maintenance to keep our cars running safely. And yet when the brake light comes on, most of us take time to address the problem. But tell us we need to install a computer update, and we are often too busy. We will do it later.

Among the things people could do but often dismiss as too time-consuming or inconvenient are using a virtual private network (VPN) when using public W-Fi, Siciliano said. Many VPNs are free, but they will take about 10 minutes to install (and that, he says, is precisely why many of us do not have them). A VPN masks and encrypts your data. It doesn’t take any longer to get on your network than it would to update your status on Facebook, he said.

Other simple things: Update your computer, smartphone and/or tablet’s operating system regularly. Updates address vulnerabilities. Also, schedule scans to be sure your computer is free of known viruses and spyware. If you use credit cards, favor those with chips, Siciliano advises. Most cards are updating to chip and PIN technology, but some still have magnetic stripes. Siciliano said many larger issuers are sending chip cards when old ones expire, but some also offer new cards on request. Carolyn Balfany, senior vice president of product delivery – EMV, MasterCard, said the chip credit and debit cards will better protect against fraud. “Chip cards have embedded computer chips on the front of the cards which create unique codes for every purchase. The unique codes make the cards nearly impossible to copy. U.S. financial institutions have already started issuing payment cards with chip technology to their customers,” she said. Further, consumers are never held responsible for fraud regardless of which kind of card they use.

Checking your financial accounts, as well as your credit reports and credit scores, regularly can also tip you off to a problem that you need to correct before it becomes an even bigger problem. You can sign up for account alerts to notify you whenever a transaction is made, or you can just log in every day to look at your statements. You can get your free annual credit reports from

More From

MONEY privacy

5 Secrets Identity Thieves Know About You

Getty Images

Here's how to get your peace of mind back.

Identity thieves don’t want you to read this article.

They’ve made an entire industry out of living off of other peoples’ good names. And when you know their typical tricks, stealing your identity is much harder.

Unfortunately, not enough people know what puts their identities at risk for theft. And that has helped keep identity theft the No. 1 consumer complaint to the Federal Trade Commission for 15 years running. Do you like the idea of thieves using your name to make money and cause you financial headaches? Of course not. So take a minute to make sure you’re aware of five foolish behaviors that identity thieves love and how to fix them.

1. You Hand-Deliver Valuable Personal Information

To identity thieves, your trash can and recycling bin are seen as an “inbox.” They appreciate when you toss out anything with personally identifying information — especially credit card offers, bank statements, insurance-related materials, and medical statements or records.

The fix:

  • Buy a quality crosscut shredder and give identity thieves an impossible puzzle to solve.
  • Shred everything with your name and any other important information on it before throwing it out (thieves will move on to easier targets).

2. You Leave Virtual Doors Open

There are entire organizations dedicated to computer hacking and scams. So if you’re using a simple password or not employing the right security measures on your computers, smartphones and tablet devices, your information is at a much greater risk. It’s like leaving a door open with money sitting on a table just inside.

The fix:

  • Be sure to use security software that includes a firewall, antivirus and spyware programs, and regularly update them.
  • Set your devices to automatically install security updates from manufacturers.
  • Use strong passwords that contain a mix of eight or more numbers, symbols and upper and lowercase letters. Don’t use anything obvious, such as your child’s or pet’s name. Also be sure to change passwords often, and use unique passwords for important sites.

3. You Provide Ready Access to IDs & Documents

Your house and office have a treasure trove of documents with identifying information and important IDs, including passports, Social Security cards, birth certificates and much more. If they’re not locked up, anyone with access to your house could take a quick smartphone picture or even grab them.

The fix:

  • Put important IDs and files into secure drawers, closets or safes.
  • Keep them locked away when you’re not using them.

4. You’ve Never Visited

Your credit reports include any credit- or loan-related accounts that are opened in your name. Even if you don’t need to apply for credit or a home or car loan, it’s important to ensure that your credit is clean and your credit score is as high as possible for when you do need it.

The fix:

5. You Don’t Guard Your Social Security Number

A Social Security number is like a master kay. Once identity thieves have it, along with a few other personal details, they can establish credit or potentially gain access to your existing accounts. That’s why you want to limit how and where you share your Social Security number.

The fix:

  • Don’t carry your Social Security card or number in your wallet or purse.
  • Never give your SSN to someone you don’t trust.
  • Provide your SSN only when it’s required.
  • Avoid using your SSN as an identifier (if a company or medical provider wants to do this, ask them not to).

By taking these steps, you can rest more easily knowing you’re not an easy target for identity theft.

Read next: I Ate Thanksgiving Dinner With My Identity Thief for 19 Years

More From

MONEY credit cards

The Newest Weapon Against Credit Card Theft Is…a Selfie

Smile! MasterCard hopes to develop a security measure with real teeth.

Your browser is out of date. Please update your browser at