Identity theft is likely as old as humanity itself, but the first historical mention of it is recorded in the biblical book of Genesis, chapter 27.
Esau and Jacob were the twin sons of Isaac and Rebekah. Esau was Isaac’s favorite; Rebekah favored Jacob. As Isaac lay dying, he asked Esau to prepare him a meal, after which he would give his favorite son a blessing. The blessing would pave the way for Esau to receive his inheritance. Esau went off to hunt wild game, his dying father’s favorite food. While Esau was gone, Jacob’s mother helped Jacob convince Isaac he was actually Esau. And Jacob, not Esau, got the inheritance.
These days, identity theft is more sophisticated and far more difficult to see. Your bank accounts, credit rating, and personal reputation can be left in ruin before you even know anything’s wrong. And its incidence is growing exponentially.
In 2017, more than 16.7 million people became victims of identity theft in the US, and the amount stolen reached $16.8 billion. The most common identity fraud involved employment or tax-related fraud, credit card fraud, and new account fraud.
And those numbers don’t include the exponentially larger numbers of people whose personal information has been exposed due to lax security by companies holding your data – data that can be used to steal your identity.
Some of the largest data breaches include:
-
Yahoo (all 3 billion user accounts exposed in 2013-2014)
-
Adult Friend Finder (more than 400 million user accounts exposed in 2016)
-
eBay (145 million accounts compromised in 2014)
-
Equifax (148 million credit files stolen in 2017)
Only a few years ago, dumpster divers would harvest paper records to steal names, birthdates, and Social Security numbers (SSNs) to create a new identity. But today, most identity fraud occurs online. A hacker might be able to buy your identifying data for a few dollars on the “dark web,” a corner of the internet where fraudsters have free rein.
Criminals can even steal your SSN and use it to file a false tax return and claim a refund. In 2015 and 2016, lax security measures at the “Get Transcript” page on the IRS website gave hackers the opportunity to retrieve hundreds of thousands of tax return transcripts. This is a digital file showing most line items on your current tax return and up to three years of past returns. With this data, hackers were able to file more than 700,000 fraudulent tax returns claiming refunds averaging about $3,000 per return.
The First Step to Protect Yourself: A Security Freeze
The most important step to protect yourself is to place a security freeze, also known as a credit freeze, on your credit files. A security freeze limits access to your credit report to only than companies that already have you as a customer. With a security freeze in effect, even if someone has managed to obtain your name, SSN, date of birth, etc., they will find it almost impossible to borrow money in your name.
So a security freeze will prevent most fraud attempts that rely on impersonating you to obtain credit. It will also protect your tax return transcripts, since the IRS now requires access to your credit report to verify your identity.
Security freezes are authorized under the laws of all 50 states. If someone fraudulently accesses your credit report despite the freeze, you’re protected from financial liability.
You’ll need to put a security freeze into effect with each major credit agency. Follow these links to get started:
Equifax: www.freeze.equifax.com
Experian: www.experian.com/freeze/center.html
TransUnion: www.transunion.com/credit-freeze/place-credit-freeze
Innovis: www.innovis.com/personal/securityFreeze
Credit bureaus hate security freezes, because freezing and unfreezing accounts often requires the intervention of a customer service agent. In addition, they can no longer sell your data to companies that might want to offer you credit and other products or services.
Instead, credit bureaus will try to persuade you to sign up for a “credit lock” and credit monitoring services. Essentially, you pay a monthly or annual fee (which is often waived) for the privilege of having the company who should be keeping your data safe notify you when they don’t.
Don’t be fooled. A credit lock is only an agreement between you and the credit bureau. You’re bound by whatever restrictions are in the fine print of the agreement, rather than by your state’s security freeze law.
I put a security freeze on my credit files last year, the day after I learned I was one of the 148 million people whose data had been stolen from Equifax. It’s caused me a problem only once, and even then, I was glad that I had it in effect.
A few months ago, I tried to open a bank account at a local bank. An officer from the bank told me that I needed to make a personal visit to complete the opening formalities. He instructed me to bring a utility bill with my name on it and my driver’s license.
When I arrived at the bank with the required documents, the new accounts clerk informed me that he couldn’t open the account because of the credit freeze on my account. Then he told me a whopper: he said the bank needed access to my Equifax files to ensure that I was really Mark Nestmann. He was more willing to trust what Equifax had to say about me than seeing me in person and comparing my appearance with the photo on my driver’s license.
And now, there’s a better reason to place a security freeze on your credit files. A new law passed by Congress earlier this year prohibits credit bureaus from charging you to institute a credit freeze.
The systems used to safeguard our data have failed in every conceivable way to deliver the most basic requirements for integrity. There is little incentive for banks, credit bureaus, e-mail services, and other data repositories to invest in security. Your personal data is a product to be bought and sold, and any limits to this practice cut into their profits. The only short-term solution to defend yourself from identity theft is to put a security freeze on your credit files.
But the only permanent solution is to recognize that everyone has an ownership right to their own data, including data held by third parties. Ownership over your own data gives you the right, but not the obligation, to share it with others.
But until then, your only recourse is to take steps to protect yourself. And a security freeze should be at the top of your list.
