MONEY identity theft

What to Do If Your Social Security Number Was Leaked like Sylvester Stallone’s

Sylvester Stallone taking a selfie
Xaume Olleros—AFP/Getty Images

This breach is a bad one: Criminals with access to your Social Security number can do far more damage than those with a hacked credit card number.

Hackers have done it again. This time, they went after Sony Pictures Entertainment, exposing Social Security numbers, contracts and taxpayer-identification numbers for 47,000 employees. That total includes some big names, including Sylvester Stallone and Judd Apatow. Even worse, the hackers have posted the information online. Guardians of Peace, a group thought to be affiliated with North Korea, has claimed responsibility for the hack.

This monumental hack is much worse than the average data breach. If your debit card number is compromised—think of Target’s data breach—the worst thing that happens is, after some headache, you get your money refunded and a new card. But if your Social Security number is compromised, identity thieves can wreak havoc on your life.

With a Social Security number, fraudsters can apply for credit cards, mortgages and other lines of credit in your name, racking up debt on your tab. That can ruin your credit, making it difficult for you to get a new credit card, mortgage, or even a job. Identity thieves can also file fraudulent tax returns in your name, robbing you of your return and causing chaos at the IRS.

Scared yet? If your Social Security number is ever compromised in a data breach, here’s what you should know about your options.

You probably can’t get a replacement Social Security number

You might wish you could just get a new Social Security number. Don’t bother, says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. First, it wouldn’t be effective: Government agencies, credit bureaus and businesses will still associate you with your old, compromised number. Meanwhile, you’ll need to rebuild your credit history from scratch, which will make it harder to get your finances in order.

Plus, the Social Security Administration rarely issues replacement numbers after data breaches, Stephens says. If it did, half the country might be eligible.

“I’m not aware of any situation where someone has gotten a new Social Security number because of identity theft,” Stephens says. “That is very difficult to do, and consumer advocates advise against doing so. It further complicates things for you, and the act of getting a new Social Security number is not really going to impact the ability of a criminal to use your old Social Security number.”

If you want to try anyway, gather documentation to prove your citizenship (with a birth certificate or passport), your age (with a birth certificate, religious record, hospital record or passport) and your identity (with a drivers’ license, state-issued ID, or passport).

The SSA says you need to “provide evidence you are having ongoing problems because of the misuse” to be considered for a new number. So if your Social Security number has been exposed but you’re not yet a victim of fraud, don’t waste your time.

“You cannot get a new SSN to avoid the consequences of filing for bankruptcy, to avoid the law or your legal responsibility, or if there is no evidence that someone is using your number,” SSA spokesman William “BJ” Jarrett said in an email. Jarrett advises that if you believe someone is fraudulently using your Social Security number, you should first file a police report and contact the Federal Trade Commission (877-438-4338). “If you have done all you can to fix the problems resulting from misuse of an SSN and someone is still using it, Social Security may be able to assign a new number.”

The Federal Trade Commission also warns that there are companies that offer to help you apply — for a fee, naturally. But you don’t need their help and you shouldn’t have to pay any money; the application for a replacement Social Security number is free.

You can put a fraud alert on your credit report

This one is easy—and you can do it even if your information hasn’t already been exposed. A fraud alert tells creditors to double-check whenever someone applies for credit in your name. For example, when a credit card issuer receives an application for a new card, a fraud alert tells the company to contact you and make sure you’re really the one who submitted the application.

Contact Experian, Trans­Union, or Equifax to place a 90-day alert. It’s free. If you’re a confirmed identity theft victim, the alert lasts seven years.

You can monitor your credit reports

However, you shouldn’t stop there. Under the law, you’re entitled to a free credit report from each of the three credit bureaus every year. Check it.

“If you opt for just the fraud alert, you need to be aware that fraud alerts are not infallible,” Stephens says. “We would recommend that you continually regularly examine your credit reports. Get them every few months and make sure that there’s nothing on there that’s fraudulent.”

You can also sign up for credit monitoring—just don’t pay for it. After a data breach, it’s become the norm for companies to offer free credit monitoring to victims, Stephens says. He also recommends free monitoring from Credit Karma and Credit Sesame.

You can put a security freeze on your credit report

This is the most foolproof thing you can do, but there are downsides. A freeze means no one can pull your credit report—so no one can apply for new lines of credit in your name, not even you.

Identity theft victims can get a freeze for free, but others have to pay. Prices vary by state. It can cost up to $30 to institute a freeze and $12 to lift. You have to “lift” the freeze every time you apply for credit, so that the creditor can check your report.

In other words, there could be a $12 surcharge every time you apply for a credit card, mortgage, or even a job or apartment. For that reason, credit freezes aren’t always a practical solution, especially not for young people who move around a lot.

Again, contact Experian, Trans­Union, or Equifax to institute a freeze.

Related:

MONEY identity theft

Here’s How to Make Sure You Don’t Get Cyber-Scammed on Cyber Monday

141128_EM_CyberTheft
Patrick Strattner—fStop Images/Getty Images

'Tis the season for identity theft. Online shoppers, protect yourselves.

As consumers start their holiday shopping, virtually everyone has the same Christmas wish: Please, don’t let anyone steal my identity.

A recent survey from TransUnion found that 96% of Americans say they’re worried about identity theft this holiday season, and almost two-thirds are more worried this year than they were last year.

And they’re not wrong—identity thieves like to strike during periods of high activity, like Black Friday and Cyber Monday. “Criminals fish where the fish are,” says Ken Chaplin, senior vice president for TransUnion. “This time of year, a lot of people are fairly busy and flustered and just trying to get things done, and they might not be as careful or diligent.”

When you shop at a brick-and-mortar store this season, it’s mostly up to retailers to keep your information secure. But when you shop online, you can fall into traps. Here are the do’s and don’ts for staying safe:

DON’T click on links in retailer emails.

Hackers like to prey on deal-hunters by sending “phishing” emails that look like they’re from brands you know and trust, says Joe Siegrist, CEO of LastPass, a password management and information security company. Then when you click on the email link, the hackers redirect you to a fraudulent site and steal your information.

If you see a great deal, double-check. “Go directly to those sites instead of clicking on links in the email,” Siegrist says. And legitimate businesses should never contact you to ask for your account information or password—if you get an email that does, go directly to the business’ website and enter your information there, or call the business to make sure the request isn’t fraudulent, Chaplin adds.

DO check to make sure you’re shopping at a secure website.

The tell: the URL. The address line should begin with https. That “s” is key—it means the information is being sent over a “secure” line, Chaplin says.

“You might do a web search for an item, and then you’ll click on some sort of a link, and that link might take you somewhere that’s not where you want to go,” Chaplin says. “Be sure that you do business only with websites that have the proper security measures in place.”

DON’T shop on public WiFi networks.

Thinking of sneaking out to a coffee shop to do a little online shopping on your lunch break? Be careful, Chaplin says. Only enter sensitive financial information like credit card and bank account numbers on secured WiFi networks with passwords. On networks without passwords, “whatever you’re typing and viewing online could be seen by someone else,” Chaplin says. “An open WiFi network is not secure.”

Phishers love open WiFi networks, too. “It’s a lot easier to fool you into thinking you’re on a legitimate site when you’re not,” Siegrist says. “They can replace the contents of the page with something they want to be shown.”

DO keep your software up-to-date.

To protect yourself from identity theft, keep your computer safe from malicious adware, Siegrist says. There are a number of adware removal tools out there, but here’s the free and easy way to protect your device: Say yes to software updates. That means installing Windows and Mac updates as they become available instead of always clicking “later.”

And pay extra attention to your internet browser of choice. “Your browser is a very important one—make sure you keep that up-to-date,” Siegrist says. “You have to actually restart your browser to get [the updates]. Don’t run your browser for days on end without a restart, especially if it’s indicating to you that it needs to.”

DON’T use a debit card for online shopping.

Credit cards have better liability protection than debit cards. And when you use a debit card, funds come straight out of your account, so it can take longer to recover your money if someone racks up fraudulent charges.

DO use a different credit card for online purchases.

If you can, use one credit card offline and a different credit card online, Siegrist says. That way, it will be easier to detect fraud. Need a new credit card? Check out MONEY’s Best Credit Cards for holiday shopping and for all year round.

DON’T save your credit card information on websites.

When you shop online, retailers will often prompt you to save your credit card information so that you can buy more items quickly and easily at a later date. Don’t do this.

“You definitely increase your risk when you store your credit cards at these sites,” Siegrist says. “The site itself is then keeping that credit card stored—that makes it a target for hackers.”

DO change your account passwords.

If you do have accounts at different online retailers, change your passwords at least once after Cyber Monday. That way, if any of the sites are hacked during the holiday season, your accounts will be more secure. “It’s good internet hygiene,” Chaplin says.

When you change your passwords, don’t reuse passwords across multiple sites—or else you’ll be giving hackers the master key to multiple accounts. Use this trick to create really secure passwords that you’ll actually remember.

And whenever possible, set up two-factor verification. That way, no one can get into your accounts without both 1) your password and 2) another separate piece of information sent to just you—like a text message or a code retrieved from an iPhone app. Here’s how to enable two-factor verification.

DON’T stress about credit card fraud.

Look, it’s no fun when a hacker steals your credit card number. But credit card number theft won’t wreck havoc on your financial life like other kinds of identity theft. Your liability for fraudulent charges is extremely limited, especially when a hacker just steals your card number and not your physical card. In that case, you owe nothing. And after a big data breach, your financial institution might mail you a new card no matter what, just to be safe.

(If someone steals your actual card and uses it, you could be out up to $50 on credit cards or $500 on debit cards—but that’s not relevant in cyberworld.)

Be worried if a hacker gets your social security number. In that case, a fraudster could open new accounts in your name and ruin your credit. If that’s what you’re afraid of, here’s what to do. But you shouldn’t be sharing your social security number when you shop online, anyway.

DO check your statements.

That said, you should still keep a close eye on your credit card and bank statements for suspicious activity, especially at this time of year. That aforementioned liability protection is only helpful if someone detects the fraud. With credit cards, you’ll want to identify fraudulent charges before you pay your bill. With debit cards, you need to report any fraudulent charges within 60 days of receiving your statement to get your money back.

And read the statements closely. “Criminals are a lot smarter than they used to be,” Chaplin says. “It used to be a huge charge would show up on your card and your bank would call you. Oftentimes now a charge will be $20, $30 a month, and you might not be aware of it.”

But never fear—though identity thieves may have gotten smarter, you can still outsmart them.

Related

MONEY identity theft

I Ate Thanksgiving Dinner With My Identity Thief for 19 Years

mother and daughter at thanksgiving table
Juice Images—Alamy

Axton Betz-Hamilton was shocked to discover the truth about her mother.

Nineteen a minute: That’s how quickly people become identity theft victims in the U.S. Estimates vary, but somewhere between 10 and 16 million Americans are defrauded each year in this way. Thanksgiving can be an awkward time of year for some victims, since family members account for more than 30% of the identity thieves.

Axton Betz-Hamilton knows this firsthand. Raised in a middle-class home—her mother Pamela was a tax preparer, her dad a department manager for a grocery store—her identity theft story is both a family affair and exponentially stranger than fiction.

“We lived on hobby farms—one in Portland, Ind., and then another in Redkey,” Betz-Hamilton told me. Thanksgivings were with family. Her paternal grandfather moved in during the ‘90s. (He had been a welder at a tractor factory.) Together, they were a small family unit that looked like many others, though in reality they were ensnared in a mindboggling circle of financial fraud.

“Nineteen Thanksgivings came and went, and [my mother] cooked those dinners for us—me and dad and my grandfather after he moved in in 1995. We were getting robbed by the hand that fed us the entire time,” she said.

The Damage

Betz-Hamilton’s identity theft story spans 20 years, starting in 1993. The charges on credit cards that were acquired using her Social Security number amounted to about $4,000, but the damage rippled out, impacting every aspect of her financial life.

Betz-Hamilton first discovered that she had been victimized when, as a 19-year-old college student, she was moving off-campus, and the utility company asked for a $100 deposit. The reason: bad credit. She ordered a copy of her credit report (while important for everyone, this is a crucial step for anyone who has been a victim of identity theft). She assumed there would be a one-pager featuring a couple student loans. Instead, a large manila envelope arrived. She then contacted the Identity Theft Resource Center, a nonprofit organization dedicated to helping victims of identity theft. They told her to file a police report. She did that, and waited as nothing happened.

When she disputed the accounts with one of the credit card companies, she was told that her story did not hold up. “There had been two payments before the account was maxed out.” This was earlier in the evolution of identity theft, so all the various tactics were still unknown, but it is not uncommon for an identity theft to try to extend the value of a target by making things appear to be as normal as possible.

“My credit report was 10 pages long, and my credit score was 380,” she said.

The consequences Betz-Hamilton faced will be familiar to anyone who has ever struggled with a bad credit history. “I had to pay higher interest rates for my car loan and the credit cards I legitimately obtained. My first car loan was 18.23% and my first credit card had a 29.9% APR. I’ve had to pay deposits for electric, phone and cable. I had to pay higher insurance rates through 2009.”

The lifetime cost of identity theft is staggering, since bad credit can impact so many pieces of your financial life, as Betz-Hamilton discovered. You can see how your credit scores stack up for free on Credit.com.

Anatomy of Family Fraud

In 1993, Betz-Hamilton’s parents were victims of identity theft. When she found out that her identity had been stolen, the most logical assumption was that whoever had stolen her parents’ identities had stolen hers as well. Another 18% of identity theft victims are defrauded by friends, neighbors and in-house employees. It took 20 years and a fluke discovery for her to learn the truth.

Pamela Betz died of cancer in 2013, and the details of her secret life emerged. She had stolen her daughter’s identity. She had stolen her husband’s identity. She compromised her father-in-law for around $1,500. And of course she herself had mountains of debt.

Betz-Hamilton’s father made the discovery after finding a blue plastic file-box in one of the outbuildings on their farm. Inside, there was a 12-year-old credit card statement. The account was in his daughter Axton’s name. It was overdue, and so he called his daughter to give her a hard time about this hidden bit of past ignominy. She told him the card never existed. Upon closer inspection, the account had a card in his wife’s name.

The 20-year fraud began to unravel.

“She had a lot of purses and backpacks, and that’s where she stored the paper trail,” Betz-Hamilton recalled. “It was also between dresser drawers. Papers were folded and shoved into books. We didn’t know my grandfather’s identity had been stolen until I found a credit card statement in one of those purses, and I still don’t know how far back that goes.”

Questions arose. Was there another house somewhere, cars or perhaps another life? On her deathbed, an alarm rose when Betz-Hamilton’s father noticed that his wife’s wedding ring was missing.

“We think she pawned it,” Betz-Hamilton told me. “I have no idea what she was up to. Maybe she had a second life. She had been using multiple names. I’m still looking.”

Dr. Axton Betz-Hamilton is now a professor at Eastern Illinois University where she teaches courses on personal finance and consumer issues. She wrote her Ph.D dissertation on child identity theft; how people experience it, looking specifically at victims under the age of 18 who learn about their situation later in life.

“My mother’s last wishes were to be cremated, and we respected that. She wanted her ashes to be with me. I’m sitting next to my mother right now,” she told me over the phone.

“Sometimes I yell at her. And sometimes I shake the box she’s in. We just don’t know who mom was. It’s hard to grieve for her. To change things up and start new traditions, I had Christmas at my house last year. Mom was here on the shelf. It was awkward.”

Indeed.

More from Credit.com

This article originally appeared on Credit.com.

MONEY identity theft

10 Easy Ways to Protect Your Data in the Cloud

Step up the security around data you upload to the cloud with these 10 useful tips.

While movies have portrayed hackers as both good (The Girl with the Dragon Tattoo) and evil (Live Free or Die Hard), the one thing that is clear is that they can do a good deal of damage.

Several female celebrities, such as Kate Upton, Jennifer Lawrence, and Hayden Panettiere, became victims of malicious hackers, who nabbed several intimate pictures from the celebrities’ cloud storage accounts.

And if you think that this just happens to celebrities, think again. Even common folks like you and me are being exploited by malicious hackers. It is time to step up the security of your data on the cloud with these 10 useful tips.

1. Create a Stronger Password

A strong password is your very first line of defense against anybody trying to hack your account. Unfortunately, your password is usually the weakest link. In fact, 76% of cyber attacks on corporate networks are due to weak passwords.

Strengthen your password using these security tips from Microsoft:

  1. Make the length of your password at least eight characters. If you want to make it absolutely uncrackable use 15 characters or more.
  2. Skip using your real name, last name, or company name.
  3. Don’t build entire words with only letters.
  4. Use a combination of numbers, uppercase and lowercase letters, and symbols (@, #, $, and %), if applicable.
  5. Update passwords regularly and make them significantly different from previous ones.

Using these guidelines, you can create a strong password like this one: ILuv2PlayB@dm1nt()n. By picking characters from the full set of allowed printable characters, you force hackers to guess from 645 trillion possible combinations.

2. Store Your Passwords Securely

That’s not a typo. Yes, you need several passwords. Hackers exploit the fact that about 55% of Internet users use the same password for several services. The last thing that you want is that after your Dropbox account gets hacked, your online banking account becomes the next target.

It goes without saying, keep your password to yourself. Don’t store it on visible places, such as taped to the back of your keyboard or smartphone.

In a perfect world, you would just memorize them. However, a more realistic approach is to keep an offline notebook in a secure place or use a password management application, such as KeePass Password Safe, LastPass, 1Password, or Password Safe.

3. Activate Two-Factor Authentication

On top of your password, you can often add an extra layer of security by activating two-factor authorization (also known as 2FA). Without 2FA, hackers only need your username and password to access your data.

Several cloud-based services, such as Dropbox and Office 365, offer 2FA by sending you a code via text or phone call that you need to access your account. It’s an extra step, but once you’ve set it up on all of your devices, you are good to go.

4. Keep Your Birth Date Private

But don’t just stop there.

  • The name of your first pet
  • Mom’s maiden name
  • Last four digits of your social security number
  • Name of the street that you grew up in

What do these have in common? They’re all potential answers to security questions to retrieve your password or access to your account. When selecting your security questions, make sure that their answers are not a simple Google search away.

Hide your birth date and any other private information from your bio section from any social media sites, online forums, or websites. The more private your personal information is, the less likely that a hacker can find it through search engines.

5. Learn the Process to Report Hackers

Almost every service has a way to submit a report when you think somebody else is using your account. Here is an example from Microsoft.

By investing the time in becoming familiar with the process of recovering access to your account, you are better prepared for the day that you have to rely on this process. This will help you keep some sanity during that stressful time and know what information is necessary.

6. Be Wary of Public Wi-Fi

Over 95% of American commuters use free public Wi-Fi to complete work on the go.

The problem is that about 60% of them admit they will utilize any free Wi-Fi source they can find. Data transfers happening over public Wi-Fi networks aren’t encrypted, so hackers can exploit these public networks to tap into tablets and smartphones.

By setting up “hot spot honeypots,” digital thieves tempt people with the offer of free Internet, and gain access to all kinds of private data. And they’re not doing anything too high tech: hackers just need a $100 device and can be up to 100 feet away from their victims.

Use these strategies when attempting to connect to a public Wi-Fi:

  • Verify the official name of the network with the place offering it. Don’t assume that every business or public space offers free Wi-Fi.
  • Only activate the Wi-Fi feature of your device, when you are about to access a Wi-Fi network that you have verified.
  • If planning to review work files, use your company Virtual Private Network (VPN) network, if one is available. VPN encrypts all your data during your session and and hides the identity of the servers to which you are connected. Depending on the nature of your industry, you may never want to risk viewing company files without a VPN connection.
  • Keep your device’s operating system up to date. For example, Apple is constantly releasing security updates to address system vulnerabilities for iPhones and iPads.

7. Prevent Automatic Upload of Media

If you keep the default settings from cloud storage services, such as iCloud or Dropbox, then all of your photos and videos may be automatically uploaded to the cloud.

If you’re planning to take some photos and videos that are meant for your eyes only, make sure to update the settings of your cloud storage accounts. Nobody can hack for intimate photos or videos if there are none available online in the first place.

  • iPhone Users: To prevent photos from automatically uploading from your iPhone or iPod to your iCloud account, you can go to Settings > iCloud > Photo Stream, and turn off My Photo Stream.
  • Android Users: You need to check any auto-backup settings you can find on individual apps. Some examples of apps uploading media automatically to the cloud are Facebook, Twitter, and Dropbox. Check the settings menu of your apps and disable any photo-syncing that you’re not comfortable with.

8. Backup Your Media Offline

While it is important to prevent undesired media from ending up in the cloud, it is equally important to backup the data that is important to you. An offline backup of your media is not only important for when your phone is lost, stolen, or severely damaged, but also for when somebody hacks into your cloud account and deletes all of your data!

Most smartphones provide a way to back up your device’s media that is not cloud-based and that can be stored in your personal computer. For example, Apple devices can leverage iTunes to create backups, and Samsung devices can backup through the Kies software.

9. Beware Fake Messages

If you use cloud based storage services, be on the lookout for phishing emails.

These emails may look like real messages from the developers of the service, but they are not. Hackers are trying to trick you into providing your personal information.

Here are some red flags to watch out for:

  • The spelling of the sender’s email is funny looking. For example, instead of xxx@dropbox.com, it reads xxx@dropboxx.com or xxx@drop-box.co.
  • The hyperlinked URLs have misleading domain names. For example, if you hover over a link, you notice that instead of going to the apple.com domain, it goes to apple-com.info.
  • The message contains plenty of misspellings or typos.
  • You are asked to submit your password or personal information, such as mailing address, phone number, or social security number, via email.
  • The message includes a form in Word or PDF format for you to fill out.
  • You’re asked for money to cover for expenses.

If you see any of these red flags, don’t click on any of the links, and delete the email immediately.

10. Delete What You Don’t Want Anybody to See

In an era of potentially unlimited storage through the cloud, we are tempted to keep everything.

  • THOSE pictures from your bachelorette party,
  • Intimate videos or sexts with your current or past partners,
  • Progress pictures when you started your diet,
  • Financial or tax documents over 5-years old, or
  • Scanned copies of IDs from several years ago.

If you don’t want anybody else getting their hands on your data, delete it. This is the only way that you can be sure.

Read more articles from Wise Bread:

MONEY identity theft

Here Are the Companies That Have Been Hacked — And What to Do If You’re a Customer

You're not just imagining it: Lately, a new data breach has been reported almost every week. Here's how to find out if your information has been exposed.

By mid-October, the Identity Theft Resource Center had already identified more data breaches this year than it had in all of 2013. In other words, it’s more likely than not that some of your personal information has been compromised. “There are two kinds of consumers — there are those who know they’ve been breached, and those who don’t,” says ITRC president and CEO Eva Velasquez.

Source: Identity Theft Resource Center. Data as of Oct. 30, 2014.

Many Americans are in the first camp. According to a new Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.

It’s hard to say whether there has really been an increase in the number of data breaches, or we’ve just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.

“Thieves are going to go where it’s easiest to steal,” Velasquez says. “We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove.”

At MONEY, we’re tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you’ve been affected. If so, we’ll walk you through what you need to know about protecting yourself from identity theft.

 

MONEY Ask the Expert

How to Tell if Your Broker Protects You Against Identity Theft

Investing illustration
Robert A. Di Ieso, Jr.

Q: Are there any brokerages that protect customers from unauthorized computer access or theft? I was going with Vanguard, but on page 7 of its brokerage account agreement, under liability, the company says in writing that it is not liable. — Patty

A: This is a good reminder of why it’s important to actually read brokerage account agreements, especially in light of the massive security breach at J.P. Morgan Chase.

While the details may differ slightly from one firm to the next – which is why you should always check – the wording in Vanguard’s policy is similar to that of other large brokerages. (We ran your question by Charles Schwab, Fidelity and Vanguard.)

The short answer: If someone gains access to your account through no fault of your own — a security breach, for example — the broker would be liable for your losses. If the theft, however, is a result of your own negligence (more on that in a second) then that’s a different story.

“The brokerage account agreement explains that under certain circumstances, Vanguard will not accept legal liability for certain losses in or related to an account,” notes Vanguard spokesperson David Hoffman, adding that this is consistent with Vanguard’s online fraud policy. “… If the client has taken certain appropriate steps to protect the account, we will reimburse the assets taken from the account in the unauthorized transaction.”

Fidelity and Schwab offer similar responses. Under Fidelity’s customer protection guarantee, the firm will reimburse Fidelity accounts for losses due to unauthorized activity, says Fidelity spokesperson Adam Banker. Likewise, the Schwab security guarantee says the firm will cover 100% of losses in any Schwab accounts due to unauthorized activity.

In case you didn’t pick up on it, that word “unauthorized” is key in determining who’s liable.

That’s all the more reason to be particularly vigilant about protecting your account information. Set up a unique and unpredictable password (mix numbers, characters, lower case and upper case). Change your passwords regularly and don’t reuse passwords from other accounts. Store your password in a safe place — ideally not on your computer, your phone or online — and make sure computer has up-to-date security software. Check your accounts regularly and if you see something suspicious, let the broker know immediately.

Finally, never give your account information to anyone calling or emailing and claiming to be your broker or bank.

If someone calls claiming to be from your broker, or any financial institution for that matter, hang up and call the number listed on your statement or the company’s site. Never log in to your account by clicking on a link in an email.

You should also be careful about sharing your account information with family and friends. If you give someone access to your account, that’s considered authorized use, and, yep, you’re liable.

MONEY identity theft

4 Reasons Why You Should Shop at Stores That Got Hacked

141020_EM_CCBreachStores
Mike Blake—Reuters

Almost half of all consumers surveyed are afraid to shop at retailers like Target. They shouldn't be.

Retailers are gearing up for the holiday shopping season, but one thing has some consumers spooked: According to a new survey by CreditCards.com, 45% of respondents say they are less likely to shop at stores that have suffered a data breach, such as Target, Home Depot, or Michaels. Almost 30% say they will “probably” avoid stores that have been hacked, and 16% claim they “definitely” will.

While it’s hard to believe that half of all shoppers will actually skip the sales at major retailers come holiday season, Target did suffer a 5.5% decline in transactions last year after its data breach.

But shoppers, you’re being silly. You don’t need to avoid stores that have been hacked. Here’s why.

1) If someone steals your credit or debit card number, you have very limited liability.

You’ve got at least one reason to thank Congress: The Fair Credit Billing Act and the Electronic Fund Transfer Act cap how much money you’ll lose if someone steals your credit or debit card. If someone steals your card number but not your actual card — which could happen during a data breach — you are not liable for any fraudulent transactions. Read: You won’t lose any money. Just be sure to report any fraudulent debit card charges within 60 days of receiving your statement.

The rules are a little different if someone steals your physical card. With credit cards, you still won’t need to pay anything if you report the loss before a thief uses the card. Otherwise, your liability is capped at $50. With debit cards, you’ll only pay up to $50 if you report the theft within two days, or up to $500 if you report the theft within 60 days of receiving your statement.

There’s another reason to prefer credit over debit. When someone makes fraudulent charges on your credit card, you can challenge the bill when you receive it. But when someone else uses your debit card, that money comes straight out of your account, so it could take a little bit longer to recover your funds.

And if you’re really afraid, just stash the plastic. CreditCards.com reports that 48% of shoppers say data breaches have made them more likely to spend cash.

2) Avoiding these stores won’t protect you from the scariest kinds of identity theft.

When someone steals your credit card number and spends your money, that’s considered “existing account fraud.” Banks and credit card companies have gotten pretty good at identifying abnormal spending patterns, so you’re likely to catch existing account fraud early, and your liability is limited.

But if someone steals your Social Security number, opens a new credit card in your name, provides a new billing address, and runs up big charges, it might take you a while to notice. That’s called “new account fraud,” and it’s a real headache.

To catch new account fraud, check your credit report three times a year. It’s not hard to do, and it’s free. Your report will show all your accounts and debts, as well as your payment history. Check to make sure all of the information is accurate and all of the accounts actually belong to you. (Go. Do it now. Did you catch a problem? Here’s what to do.) If you’re afraid that your social security number has already been stolen, you can put a free fraud alert on your credit file to let lenders know or freeze your credit so that no one else can open new accounts in your name.

But you don’t give out your Social Security number every time you swipe your credit card, don’t worry about going shopping.

3) Safer cards are on the way.

Are you sick of all these data breaches? So are businesses — after all, they’re the ones on the hook for fraud, not you. That’s why Visa and Mastercard are sending out new “chip-and-pin” cards. These cards have embedded microchips, which are more secure than magnetic stripes. If you’ve ever traveled abroad, you might remember what chip-and-pin technology looks like; Europeans have been using this system since the 1990s. While not foolproof, these cards are a great improvement. President Obama signed an executive order last week requiring that all government credit cards use chip-and-pin technology.

Practically speaking, chip-and-pin cards won’t do much more to help consumers at point-of-sale — remember, you have limited liability. But starting Oct. 1, 2015, the liability will shift to whichever business has the oldest technology. If credit card companies don’t update their cards, they will be liable for any fraud; if retailers don’t offer chip-and-pin terminals, they’ll be on the hook. So everyone has an incentive to make payment systems more secure, which is ultimately in consumers’ best interest.

4) Retailers that got hacked are working harder to win back your trust.

Guess which retailer is installing chip-and-pin technology in all of its stores and on all of its branded cards — Target!

Guess which retailer offered free credit monitoring to all its customers — Target!

Guess which retailer just started offering free shipping — Target!

Given that there have been 606 data breaches already this year, according to the Identity Theft Resource Center, you can probably expect more to come. But the retailers that have already been hacked are beefing up security and offering free identity theft protection services to consumers, so you’re probably safer there than everywhere else.

If that doesn’t put your mind at ease, here are some more steps you can take:

 

MONEY credit cards

Obama’s Credit Card Was Declined—No, Really.

US President Barack Obama tells a story about his credit card was recently declined at a restaurant
Saul Loeb—AFP/Getty Images

The president shared a story about his own credit card troubles during an executive order signing at the Consumer Financial Protection Bureau.

First, we heard that the former chair of the Federal Reserve couldn’t get a mortgage. Then we learned that one of the most powerful economic figures in the world makes less money than at least 113 of her underlings.

Now we find out that President of the United States had his credit card declined.

At an event at the Consumer Financial Protection Bureau today, President Obama said a New York restaurant rejected his card last month. But it wasn’t because he maxed out his credit (or so he says).

“I guess I don’t use it enough, so they thought there was some fraud going on,” Obama said. “I was trying to explain to the waitress, no, I really think that I’ve been paying my bills.”

The President made his remarks while signing an executive order to improve security features on government credit cards. “Even I’m affected by this,” Obama joked.

Luckily, Michelle picked up the tab.

Read on for more help with common credit woes:

Read next: Obama Signs Order to Secure Government Credit Cards From Data Breaches

TIME How-To

Tips for Stopping Identity Theft

This has been a good year for hackers. To date, businesses, medical centers, banks and schools have suffered some 578 data breaches, exposing over 76 million records of personal and financial information (Identity Theft Resource Center PDF).

Home Depot recently announced its database had been breached, with hackers making off with around 56 million payment card numbers. Earlier in the year, Neiman Marcus and Michaels revealed similar hacks, exposing 1.1 million and 2.6 million records respectively (PDF).

While some fraudsters might take advantage of stolen information to clear out your bank account or make claims on your insurance policies, a more insidious form of identity fraud has emerged based on scammers who create whole new accounts — bank accounts, store accounts, credit card accounts — in your name.

Identity thieves can use your personal information to open and max out multiple credit cards, apply for loans and place deposits on big-ticket items. This activity all goes onto your credit profile, eventually sinking your credit rating. Yet you might never find out about the unauthorized activity until the debt collectors come calling or you find yourself summarily rejected for a loan or mortgage application.

Many folks have turned to credit monitoring services that will notify you about unusual activity. But that’s the equivalent of closing the door after the horse has already left the barn. At that point, thieves have already opened accounts and compromised your credit.

So what can you do to thwart identity thieves? The major credit bureaus let you freeze your credit or add a fraud alert. Both are free, but each has its limitations.

Is it time for a freeze?

Closing any compromised credit and bank accounts can stem your financial losses, true. But thieves can continue opening false accounts and piling up debt on your credit profile, making it impossible to successfully apply for credit.

To stop thieves in their tracks, put a security freeze on your credit profile, which prohibits lenders and companies that are trying to check your credit from accessing your profile. This prevents thieves from opening new accounts under your name, because creditors are unable to check your credit history.

“The security freeze is a good tool for someone with recurring fraud issues,” says Rod Griffin, director of public education for credit reporting agency Experian. “That’s the insidious nature of fraud. Once an identity has been stolen, more false accounts may pop up again six months or two years later, and we wouldn’t necessarily recognize it as fraud.”

A fraud alert may be more helpful

If you’re planning on getting a mortgage, a car or even a new telephone service, a security freeze can hold up the process by preventing the service providers from checking your credit. “For most people, if you plan to apply for credit or services that need credit checking, a security freeze tends to be more intrusive than it is beneficial,” Griffin says.

Instead, if you believe you’re the victim of fraud, Griffin recommends first requesting a copy of your credit report. At the same time, alert a credit reporting agency that you suspect you may be at risk for fraud. The credit reporting agency will place an initial fraud alert on your profile so that any companies requesting a copy of the profile are told to ask for additional proof of identity. This makes it more difficult for identity thieves to prove they are you. The credit agency you alert will let the other two agencies know to do the same.

Next, comb your credit report for activity that wasn’t generated by you. Common signs of fraud include social security number and address changes or names and accounts you don’t recognize. “If you discover you have been the victim of fraud, file a police report, send it to Experian, and we extend the fraud alert so that it stays on your profile for seven years,” Griffin says.

Set fraud alerts and security freezes

Follow these steps to set a security freeze or a security alert.

1. If you suspect you have been the victim of identity theft, set an initial fraud alert at any of the three credit agencies. You can do this online, and the agency you contact will alert the others to add a fraud message to the profile they hold on you. We also recommend alerting Innovis, a smaller credit agency. Here are the links to their fraud alert pages for quick access:

An initial fraud alert on your profile advises potential creditors to request additional verification of your identity if an account is opened in your name. This alert lasts for 90 days. If you apply for anything requiring a credit check during this period, you should be prepared to provide greater proof of your identity than usual.

2. If you find that you are the victim of identity theft — for example, if your credit profile shows suspicious activity or a debt collector turns up demanding payments for something you know nothing about — you can request an extended fraud alert that lasts for seven years. File a police report and mail a copy to the credit agency along with your request for an extended fraud alert. The credit agency will verify the fraudulent accounts and clear them out of your profile. Potential creditors will continue to receive alerts that your profile is associated with fraud, with instructions to request additional ID verification.

3. If fraudulent activity continues to appear on your credit profile, you may want to consider a security freeze. With a credit freeze, no one can access your credit profile except lenders you specify during a time period you set. You need to set up a freeze individually with each credit agency, either by phone or via each agency’s online form.

When you freeze your credit profile, you’ll receive a PIN to use for temporarily lifting the freeze to allow specific credit checks. Security freezes are free for victims of identity theft, and will run anywhere from $0 to $10 for other applicants, depending on age and state of residence. Fees for lifting and restoring freezes vary by state from free to $5.

How to stay safe

“Knowing when your personal data has been compromised is very difficult, as it could happen from any number of places which hold that data,” says Thomas Labarthe, managing director (Europe) for security firm Lookout. When a security breach occurs at a point-of-sale terminal, as it did in the recent Home Depot breach, consumers are especially powerless and may never find out about the breach until the retailer itself uncovers it. “It’s best to only use credit cards, as there’s an added layer of protection which makes it easier to claim money back in cases of fraud,” Labarthe says.

When you’re shopping online, use encrypted sites with “https” in the URL, and only use credit cards even when using secure online payment services. Offline, make sure your mailbox is secure; fraudsters can get plenty of identifying information from stolen mail.

Most importantly, check your credit profile once a year. You can request an annual free copy from each credit agency at AnnualCreditReport.com.

This article was written by Natasha Stokes and originally appeared on Techlicious.

More from Techlicious:

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser