Identity theft is one of the fastest growing crimes in America. Since 2012, 1 in 3 Americans have been victims of identity theft. In 2017 alone, there were over 16.7 million victims of identity fraud, leading to $16.8 billion in financial damages.
Victims of identity theft must deal with the destructive nature of data breaches firsthand, whether their credit has been demolished by card fraud, bank accounts emptied, or lives upturned by all kinds of other criminal activity.
In a world of never ending data breaches and leaks, it is more important than ever to take proactive steps toward safeguarding your data and protecting your identity online. But figuring out how to best protect your identity, and trying to navigate your way through all of the advice that is out there, can be a confusing, frustrating, and time consuming process.
To help, we've put together an easy to understand guide on how to protect your identity and minimize your risk of identity theft. Check out the steps below to get started:
- Freeze Your Credit
- Use a Password Manager
- Monitor Your Credit and Identity
- Monitor Your Financial Statements
- Safeguard Your Social Security Number
- Enable Two-Factor Authentication
- Secure Your Devices
- Minimize Data Sharing
- Stay Vigilant
- Additional Resources
Freeze Your Credit
One of the most effective ways of reducing the risk of identity fraud is to freeze your credit. Freezing your credit will help prevent fraudsters from opening up new financial accounts or lines of credit in your name.
To freeze your credit you will need to make a credit freeze request directly with each of the three main credit bureaus - Experian, TransUnion, and Equifax. As of September 21, 2018, credit freezes with the three main bureaus are free for all consumers.
When making your request, you will be asked for your name, address, date of birth, and Social Security number, along with questions to verify your identity. Once your freeze has been processed you will be given a Personal Identification Number (PIN) that can be used to thaw or unfreeze your credit in the future.
- Freeze your credit with Equifax by clicking here or calling 1-800-685-1111
- Freeze your credit with Experian by clicking here or calling 1-888-397-3742
- Freeze your credit with TransUnion by clicking here or calling 1-888-909-8872
Along with freezing your credit, you might also think about setting up an account with MyEquifax.com. Due to an Equifax security vulnerability, which we reported on in March, it is possible for identity thieves to bypass a credit freeze PIN by seting up a new account through the MyEquifax.com portal. Setting up an account on the service yourself will prevent fraudsters from being able to bypass your PIN.
Once credit freezes are in place, you can use your PIN to temporarily thaw or unfreeze your credit if a business or lender needs to check your credit, for example, when applying for a credit card, auto loan, or mortgage, by contacting the bureaus directly.
Use a Password Manager
One of the most important things you can do to help safeguard your accounts, data, and identity is to use a password manager.
Password managers make it easy to generate strong, unique passwords for every account you have, track and manage all of your passwords in one place, and prevent one account compromise from cascading into an all out security meltdown.
With so many accounts and passwords to juggle in the digital age, password reuse is rampant. According to a recent Google/Harris survey, 52% of respondents said they reuse the same password across accounts, while 13% reuse the same password for all of their accounts. In that same survey, Google found that only 24% of survey respondents use a password manager.
Because of this, credential stuffing, where attackers take massive databases of stolen or leaked usernames and passwords and stuff those credentials into logins on other websites, has proliferated and account takeovers are on the rise. In 2017 alone, account takeovers caused $5.1 billion in financial losses and cost victims on average $260.
Using a password manager to prevent password reuse is one of the easiest ways to protect yourself against credential stuffing attacks. There are a wide-range of password managers to choose from, from free and open-source managers to highly-rated paid providers. Once you have a password manager setup, make sure that you are generating unique passwords for every account that you use online.
Monitor Your Credit and Identity
By monitoring your credit reports for suspicious changes or new accounts, you can quickly identify fraudulent activity when it occurs and take steps to mitigate the damage.
There are a variety of ways that you can monitor your credit for free, from obtaining free credit reports directly from the credit bureaus a few times throughout the year to using a free credit monitoring service.
Here a few ways that you can easily monitor your credit for suspicious activity for free:
- Current Lenders: Many credit card companies provide free credit monitoring services to their cardmembers, often available from their mobile apps, so check with your credit card company to see what credit monitoring services they offer.
- Directly from the Bureaus: You can request one free credit report per bureau, per year from AnnualCreditReport.com. To make the most out of these free reports, try spreading out your requests to every four months so that you can check your credit throughout the year.
- Free Credit Monitoring Services: You can also use a free credit monitoring service that helps you track your credit over time and alerts you to any new changes on your credit reports. In general, you should avoid services that charge a monthly fee, which can add up over time. Also, make sure when choosing a service that the company is transparent about their privacy and security practices.
If you notice activity on your credit report that may be fraudulent, the faster you act the greater the chance you can minimize the damage. If you know or suspect you have been a victim of identity theft:
- File an identity theft report with FTC at IdentityTheft.gov or call the FTC Identity Theft Hotline at 1-877-438-4338
- Request that a fraud alert be placed on your credit file with one of the three major credit bureaus
- Contact the fraud department at your bank, credit card company, and any other financial institution that you have an account with to report unauthorized charges or close fraudulent accounts
- If you know or suspect you have been a victim of tax-related identity theft, fill out an affidavit with the Internal Revenue Service (IRS) and file your taxes as early in the tax season as possible
Monitor Your Financial Statements
Monitor your financial statements regularly, from your credit cards to your bank accounts, keeping an eye out for unauthorized transactions and suspicious activity.
When possible, request to receive only electronic statements to cut down on the amount of paper documents containing sensitive information that you have to keep track of.
Most banks and credit card companies also make it easy to setup spending alerts through their mobile apps, which you can use to receive push or text notifications when large purchases are made or if irregular spending patterns are detected.
If you suspect unauthorized transactions, put a hold on your debit or credit card and contact the bank or credit card company's fraud department immediately.
Safeguard Your Social Security Number
If you have ever applied for a loan in the US, opened a bank account or started a new job, chances are you were asked for your Social Security Number (SSN) to identify yourself.
Ironically, that number was never intended to be a form of universal identification due to the risks of sharing it openly. Once fraudsters obtain your SSN, they can easily use it to open financial accounts, steal your identity or compromise your credit. Despite these obvious flaws, your SSN serves as one of the fundamental keys to your identity.
As such, it is critical that you take steps to safeguard your SSN. Protect it as best as you can. Never carry your social security card in your wallet or purse. If your SSN is used on your driver's license, health insurance card, or other document that is publicly visible, request to have it changed.
Do not give out your number unless it is absolutely necessary. When asked for your SSN, ask why it is needed and how it will be protected. Don't share your number in plain text through email or text message. By minimizing how often you share your number, and by doing so only through secure means, you can help reduce your risk of identity theft.
Enable Two-Factor Authentication
Two-factor authentication (2FA) is an extra layer of security used to make sure that the person who is trying to get access to an account is who they say they are. Along with a traditional password, two-factor authentication also requires you to enter an additional piece of information to authenticate your identity, usually a unique one-time passcode sent via SMS or a software token generated by an authentication app.
Two-factor authentication makes it much harder for hackers and identity thieves to get unauthorized access to your online accounts. So even if a password to one of your accounts is stolen or leaked, thieves won't be able to gain access to your account.
Make sure to go through all of your online accounts and turn on two-factor authentication for the ones that support it. For help finding which sites support 2FA, check out TwoFactorAuth.org.
While SMS-based 2FA is still far more secure than simply using a password and can be safely used for low-risk accounts that don't contain sensitive personal information, SMS codes are vulnerable to interception.
It is recommended that you use a dedicated authentication app to generate codes for 2FA when available. There are quite a few free 2FA apps available for download on mobile, such as Authy or Google Authenticator. Once you have downloaded and installed a 2FA app, you can then use it to generate 2FA codes for all your online accounts that support it.
Secure Your Devices
If you've ever lost or had you phone or laptop stolen you know how scary it can be knowing all of your information is now out in the wild. To make sure your information is protected in case one of your devices is lost or stolen, make sure you have the strongest authentication method enabled on all of your devices.
Many of the latest phones support biometric authentication, allowing you to access your device using fingerprint scanning or facial recognition. If your device doesn't support biometric authentication, use a strong, unique password and store it somewhere safe such as in a password manager.
Along with using the strongest authentication method available, you can protect the information on your devices by enabling full-disk encryption. Device encryption provides an additional security layer to help keep your information safe. If you have a newer iOS or Android device, one of the easiest ways to encrypt your device is to simply set a password or biometric lock to enable disk encryption.
However, many laptops and desktop computers don't come with disk encryption enabled by default. If you have a Mac, you can use FileVault to enable full-disk encryption from System Preferences. For Windows devices, you can enable device encryption from System Settings. For more information on if your device supports encryption, and how to check if it is turned on, check with the manufacturer.
Minimize Data Sharing
In an always connected, digital world, sharing data is required for almost everything you do, from applying for a loan to getting a new job. Even so, try to minimize the amount of data you share as much possible and provide the least amount of information that is necessary.
Don't share personal information just because someone asks for it. Ask companies and individuals why they need the information and how they are going to protect it. Avoid sending plain text data or passwords by email or text, and transmit information securely whenever possible.
As always, the best way to protect your identity is to stay vigilant and to always be on the lookout for suspicious activity. Never click on links you receive by email or text that you don't recognize. Watch out for imposter scams and phishing attacks. Never give out personal information to anyone or any company you don't know or haven't reached out to directly.
- Bloom: How to Protect Your Privacy
- Bloom: The Ultimate Guide to Data Breaches
- FTC: IdentityTheft.gov
- FTC: Identity Theft Portal
- FTC: Credit Freeze FAQs
- US Gov: Identity Theft Resources
- IRS: Identity Theft Information for Taxpayers
- CFPB: Identity Theft Protection
Bloom: Take Control of Your Credit and Identity
We believe security and the improvement of identity is fundamental for the growth of our economy and the protection of the privacy of individuals. Bloom creates a protocol to bring the future of credit to the blockchain. By implementing globally federated, secure IDs on the blockchain, Bloom dramatically mitigates the risk of identity theft due to data breaches by reducing our reliance on single-source forms of identity verification.
At Bloom, we are empowering people to take control of their credit and identity. Bloom gives you the power to own your data and decide how it's used.
- You own your data
- You control access to your data
- You decide when you share your data and who you share it with