Preventing it comes down to two things: preventing thieves from getting your data and, if that fails, preventing a thief from using it. Since preventing data leakage is the much harder problem, I'll talk about it second.
Preventing ID Theft
There are three methods that are used to prevent ID theft. Two are fake and one could stop all ID theft over-night if implemented properly.
[+] Fraud alerts
[-] Fraud alerts
A fraud alert is literally nothing more than a checkbox that someone in a store might or might not even notice when performing credit transactions. Even still, the store clerk is the one who makes the final determination if it's fraud or not and they have incentive to approve the transaction. Last I checked, store employees weren't rewarded for preventing credit fraud.
[+] Credit Monitoring
[-] Credit Monitoring
I talk a lot more in depth about credit monitoring and why I think it's a ripoff in this article, but the short version is this: credit monitoring doesn't stop ID theft, it only alerts you that it's happening. Oh, and you have to pay a monthly fee for this great service (whee!).
[+] Credit Security Freezes
[-] Credit Security Freezes
The short of it is that when your account is frozen, no one can check it (with very few exceptinos). Since credit-based ID theft requires a credit check (opening new accounts, signing up for credit cards, getting a cellphone in your name), blocking access to your credit report blocks the theif from getting credit in your name.
For times that you need to allow someone to access, you have to unfreeze it, but you can specify the specific name of the company or individual who's allowed access or, in the cases of shopping for credit, you can specify a time frame (say three days) that it's unlocked.
For more details, see my full article here.
If you're already convinced, go to the Consumer's Union page of every state freeze law including instructions for freezing and unfreezing accounts.
Identity Protection
This is the harder of the two because collecting, buying, selling, and trading your personal data is big business. However, it's just good practice to keep your data private and I offer the following tips to help prevent data leakage without much additional effort or attention on your part:
[+] Protect Your Credit Card Numbers
- Pay at the register in restaurants
- Always cross out your card number on credit card sign slips
- When shopping online, look for options to NOT store your number
- Use virtual cards to make storing your credit card number impossible
- Never use contactless pay systems
- Leave your cards unsigned and put CHECK ID instead
[-] Protect Your Credit Card Numbers
Pay at the register
It only takes a few seconds for a restaurant employee to skim your card with their own personal reader or make a carbon copy impression. While this isn't as risky for credit cards because of federal limits on liability for false charges, those same limits don't apply with debit cards (which are also directly connected to your bank account).
Cross out your card number on receipts
Every time you are handed a receipt, make sure that your full card number is not listed. If it is, any employee in that store can look at it later and have your credit card number. Scratch it out so hard that you can't even see the impression of the numbers anymore (I usually go right through the paper). The store will still get paid, don't worry.
Don't let online companies store your data when possible
When shopping online, always look for any options in the checkout process to not store your card/information for future use. There are only a few websites out there that do this, but they deserve your business more than the others.
Use Virtual Cards
If your bank has this feature, use virtual credit cards. These are one-time use numbers attached to your real credit card, but using a number that's only good under certain restrictions (like a limited number of transactions, specific time span, one-time use at only one store, etc.). This is perfect for doing business with someone while preventing them from storing your credit card number.
REFUSE to use contactless pay systems
The last thing you should have to worry about is your credit card being accessed remotely without your knowledge, but the wireless chips used in these cards make that possible.
Put CHECK ID or SEE ID in the signature slot
Granted most people won't check this anyway, but some might. A thief can also make purchases online or at most gas stations without a signature, but there's one very important advantage here. If someone manages to get your credit card by theft or finding it (fell out of your pants or whatever), but they don't have anything else of yours, they can't forge your signature.
You're already shielded from liability on credit cards, but the effort in getting relief can be frustrated by a thief that took the time to copy your signature thus making it appear as if you bought the items and are now just trying to abuse the system to get them for free.
[+] Guard your Social Security Number
- Ask why they need it
- Ask them what will happen if you don't provide it
- (if you haven't already bailed at this point) Ask them if they can use an alternate id
- When all else fails, don't use their service or use a fake SSN (where legal)
[-] Guard your Social Security Number
First of all, never carry your Social Security Card in your wallet/purse! If you keep all your documents containing your SSN safely at home or in a safe, the main concern becomes you and how well you avoid giving out your number.
If you're asked, follow this sequence to protect it:
1) Ask why they need it
Don't just give it to anyone who asks. It's amazing the places that ask for it that have no use for it at all. I've even been asked for my SSN at a video rental store!
A SSN is used for social security and now, for credit reports. Any business that has a legitimate need to access your credit will probably need your SSN.
2) Ask what happens if you don't provide it
If withholding your number results in not getting service, that's probably fine for some places and not for others. For example, you might need a cell phone for your job and since every cell company asks for a social, you may not have any choice.
If the consequence is that they can't "provide you with a personalized shopping experience" then you can safely tell them to shove it.
3) Ask to use an alternate ID
Most places that ask for a SSN do so only for laziness. There's no real reason to use it other than they want some kind of identifier to distinguish you from other customers. Therefore, there's no reason you can't use something else. Made up numbers are preferred.
4) Withhold or lie
After getting that far and if the first three options haven't helped you, you'll need to make the decision to withhold the number (despite the consequences) or to lie about your SSN. Withholding it is pretty straightforward.
If you lie, the best way is to substitute the middle numbers of your actual social security number with 00. No legitmate SSN has any of the three fields all 0's so this is guaranteed not to belong to someone else. You can also go to this site and get a fake identity (including SSN) and memorize the number as your fallback for people you don't trust.
[+] Be stingy with your personal data
- Your Name
- Home Address
- Phone numbers
- Everything Else
There's no point in giving away information when it isn't necessary. Doing so is irresponsible
[-] Be stingy with your personal data
Just like with Social Security numbers, the data may already be out there, but that's no reason to spread it further and make it even easier to profile you. Besides, data has a way of ending up in databases somewhere that eventually get hacked (sometimes in spectacular fashion).
Here are some specific pieces of data and tips for protecting them in cases where just "not providing" the information won't work:
[+] Your Name
- Use an alias
[-] Your Name
Use an alias
There aren't a lot of ways to protect your name, but there are lots of uses for an alias that people haven't considered. One time I had a warranty repair and they asked for my name, but I didn't feel like providing it. All they need is the address after-all. I told them my name was Hung Lo (Hyunng Low). Not only did I protect my name, but I had a good time in the process!
Here are some more examples when you might want to hide your name:
- Anonymous blogging - Just be careful that the things you say don't reveal enough information to identify you indirectly
- Writing a book - They even have a name for this: "non de-plume" or "pen name". There are lots of reasons why an author might want to hide their identity when writing a book.
- Checking into a hotel - It's common practice for famous people to use fake names in hotels, but that doesn't mean you can't benefit from it too.
- Ordering food - In places where they call your name, why broadcast it to whoever is around? Besides, Jeremy sounds like Jerry, Terry, Mary, Barry, and every other "arry" name in the universe over those scratchy loudspeakers. Using a name like Vladimir or Rasputin is more fun and easier to hear all at the same time!
[+] Home Address
- Use a PO Box
- Use decoy addresses
- Use the landing lights trick
[-] Home Address
Use a PO Box
Post Office boxes are cheap and a great way to give out a mailing address to just about anyone without having to give away the location of your home.
Using decoy addresses
In some cases, you will have to provide information to get service. For example, if you buy something online, you have to give them an address to ship it to. Try convincing a neighbor to accept packages for your or maybe talk to your boss about receiving personal packages at work.
Another instance is where you are trying to get directions using an online map service. Don't put in your address! Use your zip code instead. Chances are that you know the general area around your house and don't need to be told the first five turns to get to the major road where your trip really begins.
The "Landing Lights" Method
For the very paranoid, when someone is coming to your house that you don't really know well (service person, delivery from a retail store, homeshow presenter), you can try this trick: Instead of giving them your address, tell them that it's pretty complicated to get to you and if they just call you on your cell phone when the get to such-and-such intersection, you'll lead them in the rest of the way. They'll still be able to get to you, but they probably won't rember all the turns and chances are they won't bother to write down your address.
This works even better in case where you really are hard to find.
[+] Phone number
- Give an e-mail address instead
- Use your work phone
[-] Phone number
Give an e-mail address instead
If you think they have a legitimate interest in contacting you, but you don't think it warrants the right to instantly connect with you via phone, give out an e-mail. And, of course, make sure you give them your disposable secondary e-mail address, not your main e-mail address.
Use your work phone
You spend most of your time there anyway and don't want them calling you at home, so give them your work number instead. If they start to bother you or sell the data, you can just tell the caller that they have called a business and the person they're looking for no longer works there. If they persist, your work will likely have better resources for dealing with harassing phone calls than you do anyway.
Notice I do not recommend giving out your cellphone number. You get charged for incoming minutes and text messages so why invite trouble?
[+] Everything Else
- Ask 'Why do you want to know?'
Almost any information can be sensitive. Be stingy. What information do you owe to strangers anyway?
[-] Everything Else
Things like information about your family (wife, kids, etc), annual income, work place, personal history, and such are things I would hope I wouldn't have to tell you to protect. But then again, when was the last time you saw one of those web forms that asks questions like "your pet's name", "the name of your high school", "your father's middle name" in case they need to reset your password? Don't ever give real information to questions about these things.
And when someone you're talking to in person or on the phone asks you a question that you don't really want to answer, the best tip I've heard was to ask them in return, "Why do you want to know?" while smiling innocently. This forces them to come up with some kind of response to justify their nosiness.
The more obscure the data, the more strict you should be about who you provide it to and why.
[+] Be wary of privacy invading technology
- Club cards
- Signature pads
- RFID
- OnStar
Always do research and think of the privacy implication before signing up
[-] Be wary of privacy invading technology
Club Cards
Stores with club cards track every purchase made in connection with that card in some database somewhere. If you gave your real name and address when you signed up, they can send you junk-mail and sic the telemarketers on you using that data (or worse). Either shop where there are no club cards, don't use the program, or try and use a fake name/anonymous card.
Signature pads
If that won't work for any reason, ask for a paper copy of the receipt to sign.
RFID
Radio Frequency Identification Tags are a way of putting a unique ID serial number on EVERYTHING (and by extension, on you). Imagine what companies (or the government) could do if they could track everything you did and everywhere you went.
True, we're not there yet, but we need to be very cautious about this technology because of it's very drastic negative potential.
OnStar
OnStar can unlock your car doors for you (or anyone who convinces the operator that they're you). It can stop a vehicle being chased by the police (or theives who figure out how to hack the system can stop your vehicle). It can find you when you're in trouble (and it can track and monitor you when you're not).
Worried? You should be. What controls do they have in place to prevent bad things from happening? GM hasn't proven to be such an upstanding company that they should be above this kind of criticism.
[+] Destroy product boxes, don't just dump them on the curb
[-] Destroy product boxes, don't just dump them on the curb
 The Best Christmas EVER! |
VS. |
 Window Shopping for Thieves |
Don't make it easy for people to rob you. Haven't you ever seen a box like this on the curb and thought, "Huh. The Smiths got a new plasma." Thieves see just as well as you do. Come Christmas time, it's pretty easy for them to drive through the neighborhoods and pick targets based on their trash.
[+] Buy and use a ''microcut'' shredder
[-] Buy and use a ''microcut'' shredder
You should never just throw away documents with your valuable data on it. Shredding is good, but the larger the paper that comes out, the more likely it is that someone will be able to easily piece it back together.
Right now, the only shredders that come close to obliterating your documents is a "Microcut" shredder. They tend to me more expensive, but worth it for the security.
Check out my Shredders and Shredding guide for more information.
Loading ...
Add to del.icio.us
Ping/Trackbacks
May 23rd, 2008 at 6:20 am
Jeremy- One other tip you might consider on credit cards is to write “ask for my ID” on the back of the credit card. Occasionally the sales clerk will actually ask and it may reduce the risk that a stolen card can be used for a quick in-store shopping spree (it won’t help with on-line or gas pumps). I saw someone do this once and thought it was a simple idea that might just help with not too much downside unless you typically don’t carry ID.
May 23rd, 2008 at 6:29 am
That’s a good point and I have done that with all my cards since the 90’s. Sometimes people check and sometimes they don’t (actually, they usually still don’t), but if you happen to leave your credit card somewhere, at least the jerk that picks it up won’t be able to forge your signature (which in theory would make it easier to contest the charges).
May 28th, 2008 at 4:19 am
Probably one of the best, easiest to follow articles I have ever read on protecting yourself from ID theft. I gotta have you on my Internet radio show, lets talk.
-J
http://www.techtipsforparents.org
PS… ever since some punk took my wifes credit card years ago, we also put “CHECK ID” on the back. Sadly, the only people who do check is the occational resturant waiter. I’m sure the first place a crook plans on going after stealing my debit card is Cracker Barrel for blueberry pancakes.
June 3rd, 2008 at 3:17 pm
Why are you against the contactless systems? RFID systems are used in ID badges at many companies to selectively open security doors for different employees as well as have encryption. What’s more, having only one contactless paycard in your wallet ensures that you don’t even have to take your card out of your wallet so others next to you in line at the 7-Eleven or Wawa can see your credit card info. Just put your closed wallet up to the reader. What gives?
June 4th, 2008 at 4:17 am
Letting people peripherally see a credit card from several feet away is not a risk. How many people who see the card at the right angle to read all the digits will actually remember them? They’d also have to see and memorize the expiration date and possibly the 3 digit code on the back.
On the other hand, RFID is a radio transmitter and can be easily cloned at great distances. That means if you pay with a card that uses RFID only for authentication and someone can copy that data from far away, you can much more easily be robbed without ever having to be mugged.
Check out this article about how Credit Card chips were easily hacked:
http://www.engadget.com/2006/10/23/researchers-hack-rfid-credit-cards-big-surprise/
Excerpt:
“a researcher working with RSA Labs was able to steal the professor’s name and credit card number that was being transmitted in cleartext — thereby poking massive holes in Visa, MasterCard and American Express’ claims that these card include “the highest level of encryption allowed by the U.S. government.”"
June 10th, 2008 at 3:45 am
Love your site. One quick note. A person must sign their credit card on the back signature block or they are in violation of the credit card issuer’s terms and conditions. The statement to see ID or whatever needs to be an additional requests to meet both the credit card issuer’s T’s & C’s and your objective.
I too make id theft protection advice and protection free. My motto is: “if it is free, I’d rather they get it through me.” Check us out at http://www.btr-security.com. I would love to hear your comments on our mission as well.
Stay secure,
Bob
Robert Listerman
BTR-Security
610-444-5295
June 10th, 2008 at 3:51 am
Thanks for the tip Robert. I’m aware that it’s a violation of the agreement but am unaware of any consequences other than some stores will not take it. There is a small danger involved where some credit card companies consider the person who signs the card to be the authorized user which could cause you problems as well.
If these kinds of things worry you, I think the best thin to do is sign the back of the card in marker first. Because marker writing isn’t very clear, your signature will be at least somewhat obscured, but you’ve met the obligation for the store and cc company to sign it.
Of course, if you’re me, I’d still write CHECK ID on the card (in my case right ON TOP of the other signature) both to further obscure my real signature, and to encourage people to check my ID (which they still rarely ever do).
July 5th, 2008 at 1:23 pm
Hi there. Great site
I’m retired, and keep correcting my credit file. I fix it, and someone keeps changing it.
July 8th, 2008 at 1:12 pm
Freeze your accounts Janet and freeze them now. I don’t know if it would help, but it sure couldn’t hurt. Best-case, no one would be able to update your information without your “thawing” PIN same as no one can open credit in your name.
I haven’t run into this before so I’m not sure if it works that way or not. But no matter what, someone is dinking with your accounts and you should freeze them to prevent them from being used at the very least
October 11th, 2008 at 1:59 am
interesting reading, i think the best way to deter any kind of theft from bankers cards is to have our only one true form of id on them……………..OUR FINGER PRINTS!!!! no one can argue with that.
October 11th, 2008 at 6:31 am
Hannah: There is one problem with fingerprints. If they keep an electronic copy to compare to the ones we provide (which they’d have to do) then the electronic copy of our fingerprints could be lost or stolen along with all our other data. Fingerprints should never be used without some kind of personally selected pin to randomize the data somewhat. That way, if it’s compromised, you only have to pick a new pin and your fingerprint data is safe.
October 17th, 2008 at 4:55 pm
hi jeremy
thankyou for replying to my comment,as i know you are a busy guy. i agree with what you say about fingerprints being a problem,and i also have been a victim of our(english) government losing information,( my information was on one of the discs that was lost regarding the child benefit agency) and sadly their only response was a letter of apology to us in the post!!! i too am aware of the dangers of giving out information, and sometimes the information we give IS compulsory, it has/needs to be given and we really dont know whos hands its going to end in and the saddest part is we have no control over that.