Home > Identity Theft > Can You Do Anything to Prevent Identity Theft?

Comments 0 Comments

The question is as old as the first case of credit card fraud.

“What can I do to protect myself?”

I’ve been hearing that question a lot lately, as tales of leaked credit card data and other personal information mount. Target, Neiman Marcus…you know the list now. These high-profile hacks shined a light on a massive problem that seems to get bigger every year.  The Identity Theft Resource Center says there were 619 data breaches last year, an increase of 30% from the year before. Each time a new leak is announced, the logical question arises: What can consumers do to prevent identity theft?

The brutal answer: Nothing.  Nothing at all.

When I published my ID theft book, Your Evil Twin, back in 2004, every TV and radio producer begged me to offer them “Five ways to stop yourself from becoming a victim.” I constantly refused. There’s only so much shredding you can do, I explained. Consumers can’t prevent identity theft.

Dealing with identity theft is not an issue of prevention, but rather an issue of containment. It’s not a question of if it happens, but rather what to do when it happens.

This is important because I spend a lot of time with security experts, and many people who work in this field have a bad habit of blaming victims. They joke about consumers who put PIN codes or passwords on sticky notes, or they tell stories about foolish medical patients who cough up their Social Security numbers during patient visits. And — can you believe the documents your neighbor just leaves out in the recycling?

Sure, there are some things you and I can do to improve our digital hygiene. But for the most part, these are the equivalent of a man boiling water when a pregnant woman starts to give birth. They are…busywork. There is nothing any one of the Target victims could have done to prevent their credit card account numbers — or their email address, or their home address — from being stolen.

I reject out-of-hand the advice that consumers should just avoid using all credit cards, or avoid shopping at stores that suffer data leaks.  After all, given than Target lost data on 70 million consumers, AND on 40 million credit card accounts, we know that using a credit card at Target was not a prerequisite for being a victim of that breach. There are even reports that non-Target customers are caught up in the leak.

Many such offers of blanket advice are flawed, like this:  “Don’t use your credit card online, or give it out over the phone.” That doesn’t work. As we learn with every one of these hacks, even if you only use your card at a store, the retailer puts your account number online anyway. The personal information will be beamed from the point-of-sale terminal, to a store server, to a processing company, to the acquiring bank, to the issuing bank…you get the idea.

In truth, if you want participate in the American economy, you are participating in activities that make you a likely victim of identity theft. We just learned there were 13.1 million victims last year, the second-highest annual total ever, according to Javelin Research. Using very rough numbers, that means your odds of being hit last year were 1 in 20 or so. Put another way, most Americans will be victims during the next 10 years.

Yes, you can place a fraud alert on your credit report, which will make it harder for criminals to open new credit accounts in your name, something known as “new account fraud.”  You can take another step — you can place a credit freeze on your account, usually for a few dollars each year. That, theoretically, prevents anyone (including you!) from opening new credit accounts. These steps tend to be a hassle, however, and credit freezes are best suited for ID theft victims who are struggling with serious bouts of the crime. Also, they don’t prevent fraud on your existing credit cards, and they are useless to preventing someone from getting a driver’s license in your name, or to preventing targeted spamming, and in some cases they don’t even stop criminals from opening non-credit accounts, such as utilities, in your name.

So what can you do?  You can’t stop it. But you can contain it.

1. Be Vigilant

If the Target incident has taught us anything, it’s been a great universal reminder to carefully check our credit card bills, line by line, every month. That’s just good financial hygiene, anyway. It only takes a few moments to yell, “Honey, did you buy this?” If you don’t notice it, you paid for it.

Vigilance extends beyond credit card bills, of course. Check your credit report for free every four months (you can stagger the three reports you get over the course of a year). Watch your snail mail for anything suspicious. Don’t click on links in emails, even if they appear to come from friends. Do all the things you do when you first land in a strange city, and you are on high alert — clutch your purse tighter, put your wallet in your front pocket. Because the Internet is, and will always be, a strange city.

2. Use Technology

If early detection is the key, then technology is your friend. Most banks now allow a text alert system that tells you when credits and debits hit your accounts. They require some one-time tweaking, but it’s well worth your while. Get a text whenever an amount higher than $100 is withdrawn from your checking account, for example. It’s a great service. Consumers can also get similar texts based on credit report events if they sign up for one of the numerous free credit monitoring offers flying around right now in the wake of the credit card hacks.

3. Demand Accountability

Consumers can’t stop ID theft. We are merely pawns. But banks, retailers and other data collectors can. Firms that leak data need to pay. Companies shouldn’t be allowed to keep our data for longer than they really need it, a right Europeans enjoy. In fact, America has no comprehensive federal privacy legislation, and few rights after we’ve been victimized by neglectful companies. Nothing makes companies sit up and take notice faster than the potential for losing money. Fines and civil liability — the potential for consumer lawsuits — would get their attention.

4. Put the Burden Where It Belongs

Not long ago, there was much fear and loathing over theft of consumer online banking logins and passwords. You don’t hear much about that any longer. Why?  Banks have installed back-end systems that are very good at preventing Romanian hackers who steal logins from wiring money out of the country.  The systems work a little like the credit card fraud detection systems we are all familiar with — those welcome security phone calls from fraud experts who ask, “Are you really in London right now buying a diamond ring?” Firms that use consumer data hold full responsibility for its safety. Consumers will always be the weak link in any security chain. Of course they are. They are just trying to live their lives, raise their kids and make their mortgage payments. Leaning on them to keep systems safe is like asking airline passengers to fly their own airplanes.  Kudos to banks for making online checking accounts safer. Now, do that everywhere else.

Anyone who has attended a typical hearing in Congress knows they are largely charades. But I was very glad to hear Sen. Patrick Leahy (D-Vt.) begin the recent Judiciary committee hearing on the Target fraud with a reference to trust. Fraud isn’t ultimately the problem with identity theft. The real risk is reduced trust, which could make consumers reluctant to participate in the marketplace. That would hurt us all. How do we restore trust as soon as possible? By not blaming the victim, and by placing the burden of keeping this information safe with those who deserve it — the experts. Consumers can’t do anything to stop ID theft. The companies that created our loose data culture must be the ones who stop it.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its affiliates.

More on Identity Theft:

Image: Tyler Olson

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team