Personal Data Theft Redux

I figured that this article from the Times, Don't Let Data Theft Happen to You was worth sharing in toto just to make a point. I used the Opt-Out Prescreen Website mentioned in the article to permanently remove me from receiving such pre-screened documents, and did some preliminary checking on credit report freezes, only to find that right now they're offered only in seven states: California, Louisiana, Vermont, Texas, Maine, Colorado, and Washington, with the latter 3 joining this year due to the data losses that have played so prominently in the news of late. Frankly I think a freeze on credit reports is a great idea as it effectively blocks someone from becoming you. I'd also recommend paying attention to the advice below about where you HAVE to give your social security number. One of the reader's of this blog, Pablo, posted a comment saying that he routinely withholds his SSN and is still able to do his business; turns out he had the right idea. Here's a piece from a USA Today article, Is freezing your credit the way to safeguard your ID?:

Without a credit freeze, a consumer's only option for fighting identity theft is a fraud alert. Consumers can obtain a 90-day fraud alert if they believe they've been victimized.

Consumers who can provide evidence they've been victimized, such as a police report, can get an extended fraud alert that lasts up to seven years. A fraud alert directs lenders to verify an individual's identity before issuing loans or credit, typically by calling the individual first.

The only way otherwise for YOU to control YOUR credit report is if you've been victimized, and to get 9 year protection you need to have a police report. All a fraud alert requires is that a lender verify YOUR identity before issuing a loan or credit card --- imagine that?

Here's the Times article, worth your time and consideration, and at a minimum take a look at the Opt-our prescreen website and maybe give some thought to pushing your state to pass a law to allow you to freeze your credit report (read the USA Today article for the inconveniences that comes with that):

Don't Let Data Theft Happen to You

By M.P. DUNLEAVEY

ABOUT two weeks ago, I was alarmed by a phone message from my bank alerting
me to some "unusual activity" on my debit card. Unusual wasn't the word. Someone had gone on a shopping spree - $556.46 and $650.81 at one store, $264.99 and $300 in charges that were pending at another - and none of it was
mine. My debit card was still in my wallet. I hadn't used it in days. The bank said thieves might have created a counterfeit card. Someone - a store clerk, waiter, whoever - could have used a card reader to harvest the information imbedded in the magnetic strip to create a fake one [Blogger's note: The same thing happened to me about two years ago, but fortunately for me it happened to my credit card where my personal liability is only $25 --- you can lose ALL of your money tied to a debit card depending on your bank.] The bank assured me the debit account was closed and the thieves no longer had access to my cash - but who could be sure? How much of my personal information did these thieves get? Between bouts of tears and frantic phone calls to my bank, I became obsessed with what I might have done to prevent this.

The recent spate of data breaches was worrisome, but I never expected to become a victim. Maybe I should have. Companies like Citigroup, Bank of America,
ChoicePoint and LexisNexis have lost, misplaced or otherwise exposed the personal information of tens of millions of Americans. Even the government
concedes it lost records containing the Social Security numbers of more than a million employees.

UNFORTUNATELY, although there are steps you can take to protect yourself - and you should - there are no guarantees. "You cannot protect yourself completely," said Edmund Mierzwinski, consumer program director at the U.S.
Public Interest Research Group in Washington. "The best thing you can do is
react swiftly if it does happen."

That said, Mr. Mierzwinski endorsed the preventive measures offered by Privacy Rights Clearinghouse (www.privacyrights.org), a nonprofit consumer advocacy group, and by the Identity Theft Resource Center (www.idtheftcenter.org),
also a nonprofit. Besides the standard advice to shred personal documents,
following are some tips I found useful:

¶Avoid letting your cards out of your sight. Do not let store clerks take your card away on the pretext that there's a "problem."

¶Restrict the access to your personal data by signing up for the National Do Not Call Registry (www.donotcall.gov); remove your name and address from the phone book and reverse directories - and, most important, from the marketing lists of the credit bureaus to reduce credit card solicitations. The site
www.optoutprescreen.com can help.

¶Consider freezing your credit report, an option available in a growing number of states. Freezing prevents anyone from opening up a new credit file in your name (a password lets you gain access to it), and it doesn't otherwise affect your credit rating.

¶Protect your home computer with a firewall, especially if you have a high-speed connection.

¶Rein in your Social Security number. Remove it from your checks, insurance cards and driver's license. Ask your bank not to use it as your identification number. Refuse to give your Social Security number to merchants, and be careful even with medical providers. The only time you are required by law to give your number, Mr. Mierzwinski said, is when a company needs it for government purposes, like tax matters, Social Security and Medicare.

¶Curtail electronic access to your bank accounts. Pay bills through snail mail. Avoid linking your checking to savings. Use a credit card for purchases rather than a debit card. Although I was able to get all $1,772.26 reimbursed, I was lucky. While individual liability for fraudulent credit card purchases is only $50, it can be higher for debit cards: up to $500 or even all the money in your account in some cases.

These and other preventive steps may help, but people really can't safeguard their money and their data on their own. Robert Douglas, the chief executive of PrivacyToday.com, a privacy advocate, believes that this is not an issue of consumer responsibility but of corporate negligence. "These companies are trying to tell people it's their fault, but the largest breaches have been within the
financial services industry itself," Mr. Douglas said.

Mr. Douglas and Mr. Mierzwinski say that shredding documents is fine, but calling your state and local representatives is better. "Companies have refused to give consumers control over their financial DNA and they've refused to take responsibility for their actions," Mr. Mierzwinski said. "What will stop identity theft are stronger notification laws and stronger penalties, which we don't have now."

M. P. Dunleavey writes about personal finance for MSN Money.