Identity Protection Post-Equifax by John Nowak

There have been 7,900 data breaches confirmed by media sources and government agencies since 2005.  The Equifax hack was one of the largest and included the most valuable personal information to date.  Securing your identity and finances is an important step for today’s financially responsible individual.  A good security strategy includes assessing, protecting, and monitoring your personal information.

According to the Identity Theft Resource Center, there have been 7,900 data breaches confirmed by media sources and government agencies since 2005.  Hackers have collected and over 1,000,000,000 records during these breaches - that’s ONE BILLION.  Securing your identity and finances is an important step for today’s financially responsible individual.  Remember, the iPhone is just ten years old!  In the last decade, the way we interact online socially and financially has completely changed.  Our methods for securing our personal information need to adapt as well.

By now, everyone is aware of the Equifax data theft of 143,000,000 people.  Did you also know a recent investigation uncovered that Wells Fargo fraudulently opened 3,500,000 fake accounts to improve sales numbers and created over 500,000 online bill pay enrollments?  This fraud was done by EMPLOYEES, not sophisticated hackers.  What about Yahoo?  Their data has been hacked multiple times with millions of records exposed.  Identity theft and data loss happens every day.  

With all of these breaches across different areas (internal, external, financial, personal), what are some of the steps to take to protect yourself today?  A comprehensive approach is to assess, prevent, and monitor your personal records.

Assess

How vulnerable are you to a security breach?  In college, I remember cashing checks at the Illini Orange in Champaign, Illinois.  The manual financial system of cashing checks and balancing checkbooks was inconvenient but less prone to fraud.  Today’s electronic financial world is much different than 20, or even ten years ago. 

• The first tool to assess your current financial accounts is to order a credit report from https://www.annualcreditreport.com.  You will get a list of all your accounts instead of having to mentally remember and list each one. 

• Make a list of your online accounts (from PayPal to Facebook), electronic devices (tablets/phones/laptops), and where you use them (library, hotels, Starbucks, etc.).  Your listing of accounts, devices, and where you use them will help decide how you can protect them.  

• Visit the Equifax “Check Potential Impact” page to see if your personal identity information was compromised during their breach.  

Protect

After you know your accounts and devices, it is time to protect them.  The following tools are a few of my favorites that I use to protect my information.  There are other options available, but these services have worked well for me. 

• Wi-Fi Security: Services like Encrypt.me can protect your data while using public Wi-Fi.  This service is available for Apple, Windows, and Android products.  For $3/month on the mini-plan, my data is protected from others using the same public Wi-Fi network.  Another option is to not use public Wi-Fi for accessing your private and financial information.

• Password Security: Your list of accounts will come in handy when it is time to create secure passwords.  But what if you have around 150 separate account logins?  Applications like LastPass or RoboForm can help you manage STRONG passwords for all of your online accounts on all devices.  In addition to having strong passwords, be sure to change them periodically.

• Two-factor Authentication:  Some accounts offer additional protection called "two-factor".  This second level of security will require you to enter a unique code each time you log in to an account or after a certain period.  These codes may be sent via text or an app on your phone.

• Email Practices: Delete, do not click through, emails from someone asking for money.  If the email looks like it is from one of your accounts, do not use the link in the email.  Log in to the account directly from the official website to see if there are any messages. 

Also, do not send sensitive personal information directly through email like tax returns, bank statements, or mortgages.  If the person you are sending the information to does not offer a special encryption option or a secure portal, think twice about sending.

• Close Stale Accounts: If you have an old email or credit card account and do not use it, close it.  Stale accounts are an easy place for fraudsters to pretend to be you.  Review your credit report for any old accounts you may have forgotten.

• Credit Freeze:  Immediately after the Equifax breach was announced, I was skeptical about having to request a credit freeze at all three agencies (Equifax, Transunion, Experian).  A freeze does not hurt your credit, but it can be a hassle whenever a credit check is required.  You must find out which agency the company uses for their credit check.  Then, you have to contact that agency to temporarily unfreeze your credit record using a unique agency issued PIN.  Also, each freeze/unfreeze action costs $10 in Illinois unless you are age 65 or over, have an identity theft police report, or are actively serving in the military. 

After reading this story from Morningstar on handling frozen credit, it sounds like something I can handle if it means better security for my compromised identity.  Also, when the Federal Trade Commission and Illinois Attorney General say to seriously consider a credit freeze, I might as well give it a shot.  To initiate a credit freeze, you must contact each agency individually.

• Transunion
• Experian
• Equifax (expect delays due to volume)

Monitor

After assessing your identity/financial theft risk and setting up the best practices for protecting your identity, the final phase is to monitor your accounts and records for fraudulent activity. 

• Identity/Credit Monitoring:  There are several subscription-based monitoring services in the market like CompleteID (Costco member discount), LifeLock, or IdentityGuard.  Subscriptions may cost $10-$20/month and will notify you of any changes detected on your record - financial, public, address, etc.  They also help fix problems if your identity is stolen and used fraudulently in the future.  CreditWise is a free monitoring service offered through CapitalOne using Transunion credit information.  

• Account Review/Notification:  Check your statements.  Fraudulent activity can also come from your existing accounts.  Review your statements soon after you receive them.  Or, use a personal financial management tool like Moller Financial's Client Portal or Mint.com to track your spending across many accounts in one place.  Another way to monitor activity is to set-up text message alerts on your accounts for withdrawals greater than a certain dollar amount.

• Annual Credit Report:  Ordering and reviewing your annual credit report was the first step of this comprehensive security plan and is a good place to finish.  You can request this free report each year to monitor your credit and determine if additional action is necessary.

The Equifax breach is just the tip of the iceberg when it comes to identity theft.  Now that 143,000,000 American's credit records have been compromised, we can expect increased fraud attempts and all the headaches that come along with it.  While no identity/financial protection strategy will be 100% effective, implementing a comprehensive approach to assess, protect, and monitor records is the best we can do.

If you are a client and need help with your security plan, please let us know.  Moller Financial Services takes your security very seriously.  We'd be happy to discuss our security processes with you.  If you have investment accounts at Charles Schwab & Co., they also place a high value on securing your accounts and explain their practices on this dedicated webpage.