This has been a good year for hackers. To date, businesses, medical centers, banks and schools have suffered some 578 data breaches, exposing over 76 million records of personal and financial information (Identity Theft Resource Center PDF).
Home Depot recently announced its database had been breached, with hackers making off with around 56 million payment card numbers. Earlier in the year, Neiman Marcus and Michaels revealed similar hacks, exposing 1.1 million and 2.6 million records respectively (PDF).
While some fraudsters might take advantage of stolen information to clear out your bank account or make claims on your insurance policies, a more insidious form of identity fraud has emerged based on scammers who create whole new accounts — bank accounts, store accounts, credit card accounts — in your name.
Identity thieves can use your personal information to open and max out multiple credit cards, apply for loans and place deposits on big-ticket items. This activity all goes onto your credit profile, eventually sinking your credit rating. Yet you might never find out about the unauthorized activity until the debt collectors come calling or you find yourself summarily rejected for a loan or mortgage application.
Many folks have turned to credit monitoring services that will notify you about unusual activity. But that’s the equivalent of closing the door after the horse has already left the barn. At that point, thieves have already opened accounts and compromised your credit.
So what can you do to thwart identity thieves? The major credit bureaus let you freeze your credit or add a fraud alert. Both are free, but each has its limitations.
Is it time for a freeze?
Closing any compromised credit and bank accounts can stem your financial losses, true. But thieves can continue opening false accounts and piling up debt on your credit profile, making it impossible to successfully apply for credit.
To stop thieves in their tracks, put a security freeze on your credit profile, which prohibits lenders and companies that are trying to check your credit from accessing your profile. This prevents thieves from opening new accounts under your name, because creditors are unable to check your credit history.
“The security freeze is a good tool for someone with recurring fraud issues,” says Rod Griffin, director of public education for credit reporting agency Experian. “That’s the insidious nature of fraud. Once an identity has been stolen, more false accounts may pop up again six months or two years later, and we wouldn’t necessarily recognize it as fraud.”
A fraud alert may be more helpful
If you’re planning on getting a mortgage, a car or even a new telephone service, a security freeze can hold up the process by preventing the service providers from checking your credit. “For most people, if you plan to apply for credit or services that need credit checking, a security freeze tends to be more intrusive than it is beneficial,” Griffin says.
Instead, if you believe you’re the victim of fraud, Griffin recommends first requesting a copy of your credit report. At the same time, alert a credit reporting agency that you suspect you may be at risk for fraud. The credit reporting agency will place an initial fraud alert on your profile so that any companies requesting a copy of the profile are told to ask for additional proof of identity. This makes it more difficult for identity thieves to prove they are you. The credit agency you alert will let the other two agencies know to do the same.
Next, comb your credit report for activity that wasn’t generated by you. Common signs of fraud include social security number and address changes or names and accounts you don’t recognize. “If you discover you have been the victim of fraud, file a police report, send it to Experian, and we extend the fraud alert so that it stays on your profile for seven years,” Griffin says.
Set fraud alerts and security freezes
Follow these steps to set a security freeze or a security alert.
1. If you suspect you have been the victim of identity theft, set an initial fraud alert at any of the three credit agencies. You can do this online, and the agency you contact will alert the others to add a fraud message to the profile they hold on you. We also recommend alerting Innovis, a smaller credit agency. Here are the links to their fraud alert pages for quick access:
An initial fraud alert on your profile advises potential creditors to request additional verification of your identity if an account is opened in your name. This alert lasts for 90 days. If you apply for anything requiring a credit check during this period, you should be prepared to provide greater proof of your identity than usual.
2. If you find that you are the victim of identity theft — for example, if your credit profile shows suspicious activity or a debt collector turns up demanding payments for something you know nothing about — you can request an extended fraud alert that lasts for seven years. File a police report and mail a copy to the credit agency along with your request for an extended fraud alert. The credit agency will verify the fraudulent accounts and clear them out of your profile. Potential creditors will continue to receive alerts that your profile is associated with fraud, with instructions to request additional ID verification.
3. If fraudulent activity continues to appear on your credit profile, you may want to consider a security freeze. With a credit freeze, no one can access your credit profile except lenders you specify during a time period you set. You need to set up a freeze individually with each credit agency, either by phone or via each agency’s online form.
When you freeze your credit profile, you’ll receive a PIN to use for temporarily lifting the freeze to allow specific credit checks. Security freezes are free for victims of identity theft, and will run anywhere from $0 to $10 for other applicants, depending on age and state of residence. Fees for lifting and restoring freezes vary by state from free to $5.
How to stay safe
“Knowing when your personal data has been compromised is very difficult, as it could happen from any number of places which hold that data,” says Thomas Labarthe, managing director (Europe) for security firm Lookout. When a security breach occurs at a point-of-sale terminal, as it did in the recent Home Depot breach, consumers are especially powerless and may never find out about the breach until the retailer itself uncovers it. “It’s best to only use credit cards, as there’s an added layer of protection which makes it easier to claim money back in cases of fraud,” Labarthe says.
When you’re shopping online, use encrypted sites with “https” in the URL, and only use credit cards even when using secure online payment services. Offline, make sure your mailbox is secure; fraudsters can get plenty of identifying information from stolen mail.
Most importantly, check your credit profile once a year. You can request an annual free copy from each credit agency at AnnualCreditReport.com.
This article was written by Natasha Stokes and originally appeared on Techlicious.
More from Techlicious: