Reader's Digest - - Front Page - BY JODY L. ROHLENA AND LAU­REN CAHN

IT’S SHOP­PING SEA­SON, WHICH means you’ll be look­ing for a steal. Un­for­tu­nately, you’ll have lots of com­pany. Pulling those credit and debit cards out of your wal­let, en­ter­ing your dig­its on­line—the hol­i­days pro­vide iden­tity thieves with count­less op­por­tu­ni­ties to swipe and swin­dle. That’s an es­pe­cially big con­cern this year, af­ter the Equifax se­cu­rity breach, which ex­posed the per­sonal in­for­ma­tion— in­clud­ing birth dates, ad­dresses, credit card num­bers, and So­cial Se­cu­rity num­bers—of more than 145

mil­lion Amer­i­cans to po­ten­tial crooks.

As bad as that may sound, let’s put the Equifax dis­as­ter in per­spec­tive. Truth be told, some of your in­for­ma­tion was prob­a­bly com­pro­mised long be­fore that. Ya­hoo now says that data breaches have likely af­fected ev­ery one of its users. Tar­get has just be­gun to set­tle cases re­lated to its 2013 credit card hack, in­volv­ing some 40 mil­lion cus­tomers. All told, 15.4 mil­lion Amer­i­cans fell prey to iden­tity fraud in 2016.

The thieves may seem anony­mous, but they do get caught. The In­ter­nal Rev­enue Ser­vice has pros­e­cuted ring­leaders who paid col­lege stu­dents to file false tax re­turns, mail car­ri­ers who stole re­fund checks, and a Wal­mart cashier who know­ingly cashed forged re­fund checks. The De­part­ment of Jus­tice is on the case too; of­fi­cials be­lieve they know the cul­prits be­hind at least one of the Ya­hoo at­tacks: Rus­sian in­tel­li­gence agents.

As fright­en­ing as the en­e­mies may seem, they can be stopped— and fairly eas­ily. If you are some­one who ig­nores all the ad­vice on how to pro­tect your iden­tity, it’s time to act. While these high-tech thieves are cer­tainly so­phis­ti­cated, there are many mon­key wrenches you can toss in their path. Here are five of the eas­i­est—and most ef­fec­tive.

FIX NO. 1 Pro­tect your So­cial Se­cu­rity num­ber.

Your So­cial Se­cu­rity num­ber is not as se­cure as you would hope. Of its nine dig­its, the first three are tied to where you lived when you ap­plied for your num­ber, the next two are a group num­ber within that ge­o­graph­i­cal lo­ca­tion, and the last four are your se­rial num­ber. Since it’s not that hard for a crim­i­nal to suss out where you were born, it’s re­ally only those last four dig­its that stand be­tween you and all the prob­lems you’re try­ing to avoid. So guard your num­ber with your life. Don’t use it any­where you don’t have to—and you don’t have to use it as of­ten as you might think.

Jen (not her real name, as her in­ves­ti­ga­tion is on­go­ing) be­lieves that her num­ber was stolen af­ter she in­cluded it on a med­i­cal form, along with the rest of her per­sonal in­for­ma­tion. “Un­for­tu­nately,” Jen told credit.com, “the po­lice said peo­ple take those forms and sell them on the black mar­ket for oth­ers to use.” The num­bers could be stolen by un­scrupu­lous staffers or cap­tured by hack­ers who tap into the com­puter sys­tem at the health-care provider or in­sur­ance com­pany. That said, you aren’t re­quired to give your doc­tor,


or any­one else, your So­cial Se­cu­rity num­ber. If you’re asked for yours on a form, sim­ply write in, “Sup­plied upon re­quest.” Then dis­cuss with your doc­tor’s staff whether they re­ally need to have it. The steal­ing of So­cial Se­cu­rity num­bers has be­come such a con­cern that Medi­care has in­tro­duced new ID cards for se­nior cit­i­zens that omit the num­bers.

If you be­lieve that your So­cial Se­cu­rity num­ber has been com­pro­mised, you can change it, though you’ll need to pro­vide the So­cial Se­cu­rity Ad­min­is­tra­tion with a valid rea­son and proof that your cur­rent num­ber is be­ing mis­used.

Un­for­tu­nately, Jen had plenty of ev­i­dence. At first, she didn’t know that her iden­tity had been stolen—she found out when she got a re­jec­tion for a Macy’s credit card she hadn’t ap­plied for. When she checked her credit re­ports, she dis­cov­ered that thieves had taken out a $30,000 car loan and bought a used Lexus, then ap­plied for and re­ceived an in­sur­ance pol­icy for the ve­hi­cle. Ex­perts say that one good way to safe­guard your­self is to re­quest a free re­port from one of the three ma­jor credit bu­reaus ev­ery four months and look for any­thing sus­pi­cious.

FIX NO. 2 Strengthen all your log-in in­for­ma­tion.

If your pass­words and the an­swers to your re­minder ques­tions are easy enough for a thief to guess, then your bank ac­counts, e-mail, shop­ping log-ins, and other se­cure ac­counts aren’t se­cure at all. And yet cy­ber­se­cu­rity firm Keeper Se­cu­rity re­ports that the most com­mon

pass­word—used by nearly one in six on­line ac­count hold­ers—is 123456. The word pass­word it­self is the eighth most com­mon.

As un­pleas­ant as it may sound, ex­perts sug­gest that you have a unique pass­word for ev­ery one of your on­line ac­counts. They should be as complicated as each site’s sys­tem can bear and never fewer than 12 char­ac­ters, says Richard Roszko, a com­puter en­gi­neer and an IT con­sul­tant. Also make sure you use a mix of let­ters, num­bers, and spe­cial char­ac­ters. A good strat­egy is to use a long non­sense phrase you might ac­tu­ally re­mem­ber: [email protected]$! as your bank pass­word, for ex­am­ple.

To make man­ag­ing your pass­words eas­ier, some ex­perts rec­om­mend us­ing a ser­vice such as 1Pass­word, Dash­lane, Keeper, Last­pass, or Ap­ple’s icloud Key­chain. All are free to down­load.

As for your pass­word re­minder ques­tions, avoid us­ing any­thing that could be an­swered with clues that thieves could dig up on so­cial me­dia or else­where on­line. So no high school mas­cot, no mother’s maiden name, no street you grew up on. In 2012, a hacker got into Mitt Rom­ney’s per­sonal email by fig­ur­ing out the an­swer to the se­cu­rity ques­tion “What is your fa­vorite pet?” His dog’s name, Sea­mus, had ap­peared in many news sto­ries.

The safest ques­tion, ac­cord­ing to Mi­crosoft and Carnegie Mel­lon Univer­sity, may be “What’s your fa­ther’s mid­dle name?” It’s easy for you to re­mem­ber, but it’s hard for a thief to guess and is un­likely to be float­ing out on the In­ter­net. Other safer ques­tions in­clude “What was your first phone num­ber?” and “Who was your fa­vorite teacher?”

Some ex­perts rec­om­mend an­swer­ing with a non se­quitur: “What is your mother’s maiden name?” Platy­pus. But any one-word an­swer is vul­ner­a­ble, even a ran­dom one. Bet­ter to use a non­sense phrase here too.

FIX NO. 3 Lock up your phone.

Al­ways keep your de­vice locked and use a strong, long pass code. (You can cus­tom­ize its length in Set­tings.) Those an­noy­ing soft­ware up­dates of­ten ad­dress new se­cu­rity is­sues, so don’t skip them. And don’t let apps save your pass­words; they can pro­vide en­trée to your phone’s wealth of per­sonal in­for­ma­tion. “If you take only one ex­tra step, a hacker will pass you up and try else­where,” says Roger Ent­ner, founder of Re­con An­a­lyt­ics, a tele­com re­search firm.

A good safe­guard plan is to use twofac­tor au­then­ti­ca­tion. Turn it on for your phone (via Set­tings) and for your var­i­ous e-mail, bank, credit card, and other ac­counts you’d like to keep se­cure. Once it’s ac­ti­vated, you’ll need two “keys” to ac­cess those ac­counts— usu­ally a pass­word and a se­cu­rity code. You re­ceive the code in a text, an e-mail, or a phone call from what­ever com­pany’s site or app you’re try­ing to ac­cess. So if you’re the one try­ing to ac­cess the ac­count (on, say, your sis­ter’s lap­top), you’ll be fine. But if it’s a thief who doesn’t have your phone, he or she won’t re­ceive the code and will be locked out.

Learn more about how to keep your spe­cific phone safe by us­ing the Fed­eral Com­mu­ni­ca­tions Com­mis­sion’s Smart­phone Se­cu­rity Checker, at fcc.gov/ smart­phone-se­cu­rity.

FIX NO. 4 Don’t pay with a debit card.

Us­ing debit cards for on­line shop­ping is a dou­ble serv­ing of dar­ing fate. You’re vul­ner­a­ble not only be­cause you’re shop­ping on­line but also be­cause when a debit card is stolen, you may be out of luck. “If a credit card is hacked, you owe zero dol­lars on the fraud, but if your debit card gets hacked, the money is drained from your ac­count,” Roszko ex­plains. “You prob­a­bly won’t even re­al­ize the money is gone un­til you get your state­ment, and by then, it’s gone

for­ever.” Banks will re­im­burse you if you no­tify them within 48 hours, so mon­i­tor bank-ac­count ac­tiv­ity closely.

Af­ter a credit card, the next-best op­tion is to use Paypal, one pay­ment site trusted by all the ex­perts we spoke to. Most agree that the newer Ap­ple Pay and An­droid Pay op­tions are safe as well.

Also be care­ful to shop on­line only with rep­utable, se­cure web­sites. How do you know what’s se­cure? Look for a URL that starts with https—the s stands for “se­cure.” And never buy any­thing when you are on a pub­lic Wi-fi net­work, be­cause thieves can grab your credit card num­ber and home ad­dress. Turn off “con­nect au­to­mat­i­cally” set­tings so that your de­vices don’t join any pub­lic net­work they de­tect. While no Wi-fi is 100 per­cent safe, your home net­work has se­cu­rity set­tings that pro­tect against hack­ers. Use a strong, long pass­word here too.

FIX NO. 5 Get rid of those preap­proved credit of­fers.

We’re not talk­ing about shred­ding them, though you cer­tainly should. In 2003, the Fed­eral Trade Com­mis­sion es­ti­mated that 400,000 Amer­i­cans had their iden­ti­ties stolen via mail. In fact, mail theft is on the rise, ac­cord­ing to the U.S. Postal Ser­vice. In one ex­treme case in June 2016, a postal car­rier was robbed at gun­point in Ran­cho Cor­dova, Cal­i­for­nia. The rob­ber, Juan Carlos Mal­don­ado, was part of a ring that stole about 800 pieces of mail, which the thieves scoured for per­sonal in­for­ma­tion they could use to ac­cess bank ac­counts and open credit cards. Mal­don­ado pleaded guilty to bank fraud, iden­tity theft, and armed rob­bery. He was sen­tenced to seven years in prison.

It’s easy to stop those credit card of­fers. Sim­ply call 888-5-OPTOUT, and fi­nan­cial in­sti­tu­tions will re­move you from their mail­ing lists.

Then, if you aren’t plan­ning to ap­ply for new credit any­time soon, you should put a freeze on your credit re­port. A freeze will pre­vent any­one from tak­ing out a loan or a credit card in your name. Of course, that in­cludes you, which means when you’re ac­tu­ally ap­ply­ing for credit—say, a mort­gage, a home eq­uity line, or a store credit card—you’ll have to un­freeze your credit file. This can cost $5 to $10 per freeze and un­freeze through Ex­pe­rian and Tran­sunion, two of the big three credit bu­reaus, but it’s free for life through Equifax, a con­ces­sion made by the com­pany af­ter it ad­mit­tedly bun­gled its re­sponse to its data breach.

An­other pre­cau­tion is set­ting up a fraud alert with one of the credit bu­reaus. This is a no­tice on your file that tells lenders to con­tact you be­fore ap­prov­ing any ap­pli­ca­tions for new credit. It’s free, and when you place it with one bureau, it will no­tify the oth­ers to do the same. For max­i­mum pro­tec­tion, Con­sumer Re­ports rec­om­mends us­ing both a credit freeze and a fraud alert.


Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.