Do you know what identity theft is and how to protect yourself?
Imagine you were going for the holiday of your life.
You have saved for it for years and paid for the most expensive hotel, VIP service and all the extras they offer. You are now at the reception desk looking forward to your one in a lifetime experience and suddenly you can hear a receptionist voice - I'm very sorry Sir/Madam (choose appropriate), your reservation was cancelled.
Cancelled? It's impossible, it must be mistake - you would say to her and she would politely reply that there is no mistake, that the reservation was cancelled by you three days ago. She would also 'remind' you that you have requested your money back to be sent to this and this account as you had some unexpected family situation.
And you would feel more and more surprised and puzzled as you have no memory of such an event at all and your family is just fine, waiting in the lobby. There is nothing you can do, the reservation is gone, your money is gone and the best holiday of your life turns into the nightmare of trying to sort things out, police, questioning and feelings of hopeless and regret.
Identity theft horror
You've just been a victim of identity theft. It was only the holiday that you have lost but it could be worst. Someone could take a mortgage in your name or could have stolen your pension pot money. The latter is one of the worst scenarios as the information about changes on pension savings account is usually send once a year only so in most cases there is no way to trace the money back.
The identity theft becomes more and more popular online crime as the police forces have no real means to track criminals down, especially if transaction crosses the borders and this is very easily achieved in the age of internet.
The gain for the criminals is high, like the pension pot money or other investments, while the potential punishment is not that harsh comparing with ordinary crimes.
Let's hope police will soon close the gap but in the meantime, you have to protect yourself from such horrific scenarios, as much as you can.
Various personal data can be used in identity fraud
Before we can think how to avoid identity theft, we need to find out what sort of information could be useful for the fraudsters and for what reason. There are several pieces of your personal data that are particularly valuable for the criminals:
- Your name and address - this is not enough on its own but such an information is necessary for other pieces to make them trustworthy
- Your date of birth and mother's maiden name - those are the most common questions asked to verify your identity by various financial institutions so very useful for thieves, others in the group are: place you were born, your father's first name, etc.
- Your credit cards details - they don't need to know your PIN to do the shopping online. In UK one needs a card holder name and address, credit card number, expiry date and CSV number at the back of the card to make a valid transaction. There are countries though when less information is required.
- Your bank account number and sort code - they are innocent in most cases at least in UK, but there are methods to exploit them, by setting direct debits fro example.
- Your email address - it might be hijacked by criminals and used to send emails as they were coming from you, also to confirm your identity.
- All kind of passwords and PINs and other sensitive data
There are many more types of information that criminals could use to steal your identity. You can create a more detailed list by taking a note of:
- all security questions various financial institutions ask you to verify your identity and
- all the methods and date required to access your bank accounts or other financial systems online or via automated systems
Come on, I know all that, I keep my data safe
Do you really? How about your Facebook account, did you proudly told everyone when you were born, in what city or what school did you go to? Are your family members among your friends?
Do you have photos of your favourite pet or best holidays? Can your name be found in genealogy tree systems? This could be a great source for mother's maiden name if someone could get access to it.
You may argue that you share such details with your friends only and that would be fine if was true. But it all depends on privacy settings. If you are like most of us, you probably left them unchanged which may mean those details are either completely public or potentially visible to the friends of your friends. You won't be sure unless you check it.
Even if you took care of your privacy settings and share data with your friends only, there is still a potential threat. It is related to comments your friends make. If they say ‘happy birthday to you’ in a status, then it becomes visible to their friends or to everyone if they privacy settings are less tight than yours.
Be careful what you share and with whom
Then there is a question about your so called ‘friends’. Are they really your nearest and dearest only, people you can trust? If you are like me than among friends or followers you have many people you don’t know at all for various reasons like:
- Facebook gaming
- networking
- work or business related
- Twitter followers
- and many more
In the age of global sharing we need to be aware of what is actually visible to others that we had no intention to share at all. If you use different social networks like Facebook, Twitter, LinkedIn and others, its’ a good practice to check what your public profile looks like and occasionally have a look at your own activity feed.
For example I’ve just found yesterday that my Twitter status was shown on my LinkedIn account and I was completely oblivious to that as I have never added Twitter to LinkedIn. Even more, I’ve discovered that my recent blog entries were twitted for me without me making such a decision. Certain things ‘just happen’ automatically because of some default settings in different systems we simply don’t change as they seem to be irrelevant.
Common sense approach to personal data protection
There are things that can be done easily like keeping your PINs safe and away from your credit cards but I’m sure that you will be more reluctant to remove all your photos from social network gallery just because someone may use it against you.
If you asked for a guidance from the security specialist he would tell you to never trust anyone, never share your date of birth or other personal data with friends, and shred all your documents as soon as you finish reading them.
This might be a good solution for a loner but as we live among people and want to share lives with them, suggestions like that are simply unrealistic. The way to go is to use common sense and try to minimise the risk as much as you can.
Things to do to minimise the risk of identity theft and money fraud:
- keep PINs and passwords in safe place, or in your head if you have a good memory. If you need them with you, try to encrypt them in certain way they don’t stand out from other numbers or words
- always check your privacy settings to minimise the chance of sharing too much with strangers
- ensure your public profiles don’t contain any sensitive information
- have an online access to all financial institutions you are dealing with and check the balance frequently. It doesn’t only mean banks but also companies that manage your investments or pension money.
- if you live in UK, have an access to your credit report, either by subscribing to Experian or by purchasing the report frequently
- avoid using debit cards to pay online as they are not protected against fraud in the same way as credit cards are (at least in UK). If you are having problem with money management, replace credit card with special online prepaid card with no overdraft
- ensure your computer has all the latest updates and good antivirus software with latest virus database
- don’t open any attachments in your emails and don’t use the links in any emails asking you to login with your credentials to financial system. If you still want to login and see if everything is ok, type the address manually directly in browser.
- be vigilant to anything unusual like lack of letters for longer than normal which could mean that someone redirected your post to different address or anything else that you find odd.
- Federal Trade Commission - Deter. Detect. Defend. Avoid ID Theft
Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. - US Department of Justice Criminal Division
List of things to do and calls to make when you become a victim of identity theft - IdentityTheft.org.uk
This website can help you protect yourself, advises what to do if it happens to you and suggests where to get further help. It has been produced in collaboration between the public and private sectors to combat the threat of identity theft. - Welcome to CIFAS
CIFAS is an institution dedicated to the identity fraud prevention, and the identification of financial and related crime - Experian UK
Check your credit report and score from Experian UK. Our free credit check provides your credit history and rating online.
Events out of your control
Even if you are one of those security gurus and you follow your own recommendations, you cannot control everything. Whenever you open a new bank account, apply for credit card or shop online, you are required to provide sensitive data so they can identify you.
You may keep your details completely secure but you can only hope they have equally strict regulations and processes in place to protect your data.
The trouble is that quite often even best processes fail and people make mistakes. It could be a simple mistake like sending payslip to the wrong person or more serious when all the customers data were attached to a cost analysis document for potential investor. In such cases, chances are that the receiver of the information is honest and your data will be safe.
The criminals however, know that big institutions may have flows in their processes and they actively search for them. Big companies are under constant attack form such individuals as the possible gain is much higher than finding out about your date of birth in Facebook.
Databases often contain thousands or millions of customer sensitive data and the criminals would be more than happy to get them. You can read from time to time in the news about another breach in data security where some databases were stolen or simply lost in transit.
Identity theft protection insurance
Things like that keep happening and we can do nothing to prevent them. Everyone can become a victim of such a fraud at any time so it’s better to be safe than sorry. The identity theft protection insurance helps you to cover your financial loss in case the worst happens. But it’s more than that.
It often offers an online service where you can register your credit card numbers. This system will alert you if your card was used where it shouldn’t. You can also register your identity documents and other valuable documents details so they are stored in a safe place. Additionally your details are registered with fraud prevention service (CIFAS in UK) and you have an access to an emergency line.
ID Theft protection insurance becomes more common these days and it’s often available as a part of extras to your bank account or other insurance policy. It might be worth getting one if you want to protect yourself from unpredictable.
