Friday, November 7, 2014

Protecting Your Identity in a Cyberworld

The headlines continue to shout examples of major retailers, banks and insurance companies whose databases have been hacked, providing the hackers with your personal information. What can you do about these breaches of security?

Short of dying or cutting yourself off from all commerce, you can’t do anything to stop the security breaches, but by preparing you can limit their damage to you when they occur.

It will happen; your credit card information will be stolen.

The most important first step to protect yourself is to assume your credit card information will be stolen.

It is going to happen. It may happen the old-fashioned way and someone steals your wallet and grabs your credit card. Maybe a restaurant worker has a magnetic strip reader and necessary tools to duplicate your card. Maybe the bank is hacked, or the retailer or insurance company. Maybe your computer is stolen or someone snags your userID and password while you are online. Or your “safe” cloud backup is hacked. It doesn’t matter how it happens; what matters is how prepared you are for it.

The best way to limit the damage is to have strong safeguards in place before your information is compromised.

Create Strong Passwords: 

Yes, you’ve heard it a thousand times, but if you haven’t already done it, do it now: create unique, strong passwords for every online account. Strong passwords include at least one capital letter, one small letter, one number, and one symbol and are a minimum of eight characters long. You can use a program that develops long unmemorizable passwords and keep track of them for you. Alternatively, you can develop your own, based on a system that you remember, but that will not be obvious to someone who comes across your written list.

Of course you keep a written list; you’re human, aren’t you?

You can develop a system that you will remember given a password clue. Here’s an example. Your password list has “4T” next to Chase.

Your actual password is aHc16@jmj#X arrived at by taking the first three letters of the company (cha), writing them backwards (ahc), capitalizing the 2nd letter (aHc) adding a standard (to you) 7-digit group (16@jmj#) and then (the code part—4T) which means the letter at the end will be 4 after T and since T is capitalized, so will be X (the 4th letter after T).

If you lose your list of passwords, no one is going to figure out that Chase 4T means aHc16@jmj#X and BOA 2c would convert to aOb16@jmj#e. Yet after just a few days, you’ll know your passwords for almost all websites without having to look them up. With such a coding scheme, you should keep a note detailing your conversion key in your safe deposit box so upon your demise your executor can sort out what your passwords are and access your accounts.

Also note that however a thief/hacker obtains your information for one account, they won’t be able to figure it out for other accounts.

Set up Credit Card Alerts

Most major credit cards and many retail cards allow you to set up alerts so whenever your credit card is used, you get an email. For example, Chase allows alerts for the following transactions:

  • Any charge on the card over a specified amount (I use $1.00, so I see them all.)
  • Any international charge.
  • Any online, telephone or mail charge.
  • Any gas station charge.

They have a number of other alerts available (credit limits, bill paid, etc.) I chose to receive an alert for any balance transfers (since I don’t transfer balances, I’d learn of the fraud immediately.)

The point of these alerts is to catch a problem early. Thieves often put through a small charge to make sure the credit card information is working, and, if successful, follow up with a series of larger charges. If you spot any suspicious activity, immediately contact the credit card company’s fraud group. Usually, they will cancel your card and issue a new one. Once, (years ago with a corporate card) they asked to keep the card active so they could follow the merchandise and attempt to apprehend the criminals. They issued a new card for my purchases.

Utilize a single credit card for automatic payments

Designate one credit card for use in automatic payments: utility bills, cable, newspaper, whatever recurring payments you set up. This isolates your automatic payments from your every day credit card use.

It’s a pain to have to change all your automatic payments. Making this division means that when the card you use for regular purchases is compromised (in my case usually because I left it somewhere), you don’t have to bother with notifying other companies.

Credit Rating Agencies

The three credit rating agencies, Equifax, Experion and TransUnion, have tools to help you protect your credit. You should request your annual free credit report from each as a matter of course. (I suggest spreading them out every four months to give yourself the best coverage.) Should you spot any incorrect or suspicious information, follow-up with the company and make sure to keep all documentation.

The agencies also have methods to limit access to your credit information. Putting them in place will make it much more difficult for you to get new credit and in some cases will make it hard to obtain new services (cable for example) because the provider checks your credit before agreeing to sign you up and that check is blocked. However, if you are concerned about unauthorized persons or companies accessing your credit, a freeze will solve the problem.

If you suspect your personal information has been compromised, you can have the three companies put on a Credit Fraud Alert, which notifies companies to contact you before approving any credit. Experian’s, for example, lasts 90 days – unless you have been a victim of fraud—in  which case they have a seven-year extension with proof of the fraud.

Summary: (1) Recognize your information will be stolen (2) Implement strong passwords (3) Set up credit card transaction alerts for early warning (4) Make sure to utilize free credit rating agency tools.

~ Jim

No comments:

Post a Comment