There are three major
credit reporting agencies: Equifax,
Experian, and TransUnion. According to
the Wall Street Journal, there is also a smaller, fourth agency called
Innovis. These companies collect our
personal and financial data. The Equifax
website states that it “organizes, assimilates and analyzes data on more than
820 million consumers and more than 91 million businesses worldwide, and its
database includes employee data contributed from more than 7,100 employers.” Whenever we consumers apply for credit,
purchase insurance, apply for a job, rent an apartment, purchase the latest
cell phone on contract, etc., the businesses we patronize will query the
databases of the credit reporting agencies to check our credit scores and
history before deciding to do business with us.
The data these agencies collect are precisely the high-quality data that
identity thieves crave to wreak havoc in our personal and financial lives. It therefore came as a shock when we learned a
couple weeks ago that the Equifax database was breached by hackers this summer,
particularly when it was revealed that there was a software security patch
published in March that would have plugged the security hole in the company’s
system. Reportedly the data exposed
includes names, Social Security numbers, birth dates, addresses, and driver
licenses as well as some credit card numbers and other unidentified data.
So now what do we do? There have been many articles written in the
press about steps you can take to try and protect your online financial
accounts and your personal identity. Based
upon my review, here are some steps (not exhaustive) you should consider:
1.
First, go to www.equifaxsecurity2017.com and click the Potential Impact button. That will link you to a page where you can
enter some basic information and find out if your personal information has been
exposed.
2.
If your data was
exposed, you can enroll in a free year of identity theft protection and credit
file monitoring from Equifax in a product called TrustedID Premier.
3.
Go to your online
financial accounts and change the challenge questions that you must answer. Challenge questions appear if you try to log
in to your account from a computer that hasn’t been verified with the
institution (via a “cookie” on your computer).
Many of these challenge questions can be answered or inferred from the
very information that was stolen.
Therefore, it is better to choose more difficult questions that can’t be
answered from your now exposed information.
4.
Go to your online
financial accounts and sign up for email and text alerts every time there is a
transaction, or a change to your username or password, access from a different
computer or device, or a change to any other personal account information. This will allow you to more closely monitor
your accounts for fraudulent activity.
But don’t click on any email links as it could be an imposter
email. Instead, login to your online
account to review the activity.
5.
Go to your online
financial accounts and enroll in two-factor authentication if it isn’t already
enabled. Two-factor authentication
requires the entry of a temporary code that is sent by text to your cell phone
if there is a log-in attempt from a computer that is unknown to the
institution’s website. Typically you
will have accessed your online accounts from your home and work computers and
those computers will have been registered with the websites. The two factors are entering information you
know (username and password) and entering a code from something in your
personal possession (cell phone). Since
the identity thieves won’t have your cell phone, you have a strong layer of
added protection. Microsoft and Google
also have two factor applications which you can use for your different
accounts.
6.
If you are not
using strong passwords unique to each financial account, you should do so. Weak passwords are oftentimes based upon
personally identifiable information. To
be able to keep track of strong, unique passwords, you need to use a password
manager such as LastPass or 1Password among others. In addition, you may wish to change and
strengthen your account usernames which often are just your name or email
address.
7.
Set up fraud
alerts with the three credit reporting agencies. You will be alerted if someone applies for
credit in your name. But an alert comes
after the fact and is not preventative.
Fraud alerts typically last 90 days and must be renewed for continued
coverage. An extended alert of 7 years
requires proof of identity theft.
8.
A more effective
action is to freeze your credit history with each of the credit agencies. The press is reporting that the credit
reporting agencies are trying to persuade people to not freeze their credit (maybe
because they will lose revenue?). They
emphasize the hassle that you will endure.
If you push ahead, then they try and get you to “lock” instead of
“freeze.” Evidently there is a
meaningful difference between the two.
You will need to evaluate the difference to see what is best for you. Those who have frozen their credit describe
the process of temporarily unfreezing as necessary as not being that difficult. There is typically a small charge for placing
the freeze and for temporarily lifting the freeze. Be sure to consider the freeze for your
spouse and children. Note that a credit freeze
does not protect against unauthorized access to your online accounts.
9.
Be careful of
suspicious emails or telephone calls purporting to come from Equifax or other
companies, or even the police. If these
communications ask you to click on a link, to provide personal information, or
to make a payment, it is very likely these contacts will be from scammers.
10. Carefully review monthly statements from your credit
card companies, banks, or other financial institutions. Contact the institution if you see something
suspicious, even if it is for a very small amount of money.
11. Check your credit reports often. You are entitled to a free report once every
12 months from each of the three major credit agencies. Select one agency every four months. Use the federally authorized www.annualcreditreport.com website and avoid similarly named websites that try
and trick you into a membership or into paying a fee if you don’t cancel within
a certain number of days.
12. Keep your computer operating system and antivirus
software patched and up-to-date.
Manually click the update buttons every couple of weeks instead of
relying completely on automatic updates.
Sometimes there are large updates that aren’t automatically installed. Do a deep antivirus scan of your computer and
attached hard drives every couple of weeks.
Be sure to routinely back up your critical computer data.
14. Implementing these suggestions is time consuming. However, we must consider that our personal
identifying information is now readily available to bad actors. Therefore, acting sooner rather than later is
important in preventing problems in the future.
