Friday, August 9, 2019

One Important Takeaway from the CapitalOne Hack

As part of a far-ranging conversation I had with a recent high school graduate, we touched on the CapitalOne hack. That breach did not affect her, but I said that she needed to act as if all her financial information was already available to criminals. Is it, even for one so young?

Doesn’t matter. The point was we all should act as though someone knows our Social Security Number, our driver’s license, our address, has our bank account numbers, credit card numbers, Medicare number, and health insurance ID. We should assume they know our credit score, have our picture, know our immunization status and all our other medical records. They have some of our old passwords (of course we change them frequently—well, maybe we’ve forgotten to do that), know our mother’s maiden name, where we attended school, the names of our first pet and our best friend growing up. They know our cell phone number, favorite usernames, and account numbers for many of our online accounts.

Act as if every important bit (or byte) of information about you is available to crooks, and you won’t be far wrong. If they don’t already have some piece of information, I have no doubt in some future breach they will.

Which means what, throw up our hands in resigned disgust and wait for someone to steal our money, our credit card, our identity? Of course, not. We can’t stop crooks from trying to steal, but we can make it very hard for them to succeed.

Two Steps You Can Take Today

Set up Alerts. Every credit card. bank account, mutual fund and brokerage account I have allows me to receive alerts whenever a transaction occurs. When I first started getting alerts, I chose them to apply for transactions over (say) $100. No more. Now I choose the smallest threshold their system allows--$.01 if they let me. I receive a text alert or email notification of every deposit, withdrawal, credit card purchase, interest credit, etc. It’s my first line of defense. If I don’t recognize any transaction, I go online and check out its particulars. (Note, I never follow a link in a text or email—it might be a phishing attack. I always access the applicable website directly through my browser.)

I’ve caught stolen credit card numbers minutes after the crooks made their first purchase and worked with the credit card fraud department to catch the thieves. A store once entered duplicate charges, which I spotted and had them immediately correct. I even noticed that a restaurant put through a $.10 tip when I had intended a $10.00 tip and corrected that mistake.

Yes, I get more emails and texts than I otherwise would, and this doesn’t stop theft, but it takes very little time for me to verify the transactions, and it limits the damage of a breach. Besides the extra peace of mind the alerts provide, catching a problem early saves time and aggravation straightening out the bad charges. As a bonus, the criminals get very little reward for their time.

Freeze Your Credit. Consider the second step of freezing your credit. I say consider because freezing your credit is a great idea to stop fraud, but it comes with potential inconvenience. Freezing your credit means the company cannot release your credit information. If someone steals your identity and tries to set up a credit card in your name, the issuing entity won’t approve the application because they want to see your credit first. Each of the three major credit reporting agencies, Equifax, TransUnion, and Experian, has a process that allows you to freeze your credit. It’s free to both freeze and unfreeze your credit, but it takes some effort.

The disadvantage occurs because many transactions that require setting up a new account require a credit check. Want a new cell phone line—credit check. Want a store credit card—credit check. Mortgage—credit check. Leasing a new car—credit check. Applying for a new job—credit check. When I moved from Savannah to Madison, I unfroze my credit for a fixed period—long enough for me to set up the gas, electric, internet, etc. accounts—and then it automatically refroze. With a one-off—say you apply for a new credit card—the credit agencies can issue one-time permission for an institution you identify to check your credit during a short window.

It can be a bit of a pain, and it can delay a purchase process, but if you can put up with the hassles, freezing credit provides a strong block to any bad guys setting up fraudulent accounts in your name. [NOTE: at least some of the credit bureaus have set up a premium service to “Lock” and “Unlock” your account that accomplishes the same effects as freezing, for which they will charge money. These plans offer an easier way to lock and unlock your credit reports and provide additional monitoring reports. I haven’t analyzed the specifics of those programs because those benefits are not worth it to me. However, if you think you’ll need to frequently freeze and unfreeze your accounts, you might want to consider them.]

In future posts, I’ll discuss other ways to keep yourself financially safe in an unsecure world.


James M. Jackson authors the Seamus McCree series. Full of mystery and suspense, these thrillers explore financial crimes, family relationships, and what happens when they mix. False Bottom, the sixth novel in the series—this one set in the Boston area—is now available. You can sign up for his newsletter and find more information about Jim and his books at

No comments:

Post a Comment