After the massive Equifax data breach last month, Americans have been told—including by ValuePenguin—to freeze their credit reports to help prevent a fraudster from opening a new credit account in their names.
But a freeze does nothing to protect other accounts, such as checking and savings accounts, investment accounts, mobile phone plans, and even your Amazon shopping account, which can be targeted by criminals. These accounts remain vulnerable because of the type of personal data that was stolen from Equifax.
“Much of the information accessed, especially Social Security numbers (SSNs), have been the cornerstone of security for financial institutions,” says Kyle Marchini, senior analyst of fraud and security and Javelin Strategy and Research. “But that kind of authentication has been historically the weakest.”
Armed with your account number and SSN, a criminal could call a customer service rep and change your account password or initiate a transfer of money. But there are steps you can take to safeguard your accounts, quickly detect nefarious activity, and to mitigate the damage after you discover fraud.
How to Prevent Fraud
Use strong and changing passwords: Passwords are the gatekeepers to your online accounts. Creating ones that are difficult to crack is paramount to protecting your accounts. Always use strong and unique passwords with capitalized and lower-case letters, numbers and symbols. Consistently update these--at least annually, if not more often. Consider employing a password manager, which creates and remembers your very long and random passwords for all your accounts. You just need to remember one password to log into the manager.
Use authentication when available for online shopping accounts : Fraudsters are moving online and taking over accounts at retailers such as Amazon and eBay. To make it harder, enable two-factor authentication at sites that allow it; this step requires some additional work--such as getting a code texted to your phone to complete a transaction--but enhances security because information that only you can have is added to the process.
Be social-media savvy: So much of our lives are lived and shared online, but that can help fraudsters, too. Secret questions used to retrieve your passwords—such as “What is your high school mascot?”—aren’t as effective if, for example, your high school’s name appears on your Facebook profile. Tighten your security settings—especially if you tend to overshare—so that only your friends and connections can see your profiles on the sites you use. Don’t accept friend requests from strangers.
How to Detect Fraud
Alerts: Many financial service providers—banks and credit unions, brokerage companies and retirement plan holders—offer notifications of odd activity either by email or text message. These can allow to you see what’s happening on your account in almost real time. Turn these on. You often can set parameters for your notifications, too, such as being notified only about withdrawals that are over a certain amount, to cut down on false alarms.
Go mobile (or at least online): Waiting until your statement arrives every month is not frequent enough for monitoring accounts. Instead, get access to your transaction history via mobile app, so you can check frequently while on the go. If your institution doesn’t offer a convenient app, or you’d rather check on your laptop, do so regularly. Pick a day to sit always down, have coffee and check your accounts for suspicious activity before reading the news or checking Facebook.
How to Respond to Fraud
Contact the company, and perhaps others: Time is of the essence after you’ve fallen victim to fraud. To help you quickly contact the right company if you discover an irregularity on an account, Marchini recommends keeping a list of customer-service numbers and email addresses for your financial institutions for banking, credit cards, investments and retirement plans. Don’t forget your wireless, internet, cable and utility providers and store cards, which can also be takeover targets.
If you fear that other accounts may also be compromised, the list can also help you contact other companies to inform them about your experience and to ask if there are any additional security protections you might take on your account.
Take steps on your credit, too: In addition to contacting your financial institutions and service providers, place a 90-day initial fraud alert on each of your credit reports at Experian, Equifax and TransUnion along with a credit freeze. Then, file an identity theft report with the Federal Trade Commission (FTC) here. Take your FTC report, a valid ID, proof of address, and evidence of the theft (bills or collection notices) and file a police report with local law enforcement. Once you have a police report, you can ask for an extended seven-year fraud alert on your credit reports.