I see and hear a lot about “identity theft”. It’s a nasty business, and it can take a great deal of time and trouble to dig yourself out from under it, if it happens to you.
But I also see the term tossed around a lot incorrectly. It’s often used to describe fraud or plain, old, traditional theft.
If someone gets your credit card or card number and charges things to it, that’s not identity theft. If someone snags your bank account number and transfers all the money out, that’s not identity theft. If someone phones a business and claims to be you, and the staff believes him, that’s not (by itself) identity theft.
Those things are annoying, but they’re easy to deal with, easy to get yourself out of. You cancel the affected account and you open a new one. Even if your wallet is stolen and several accounts are compromised, the solution is the same.
Fraudulent use of a credit card is usually easy to fix. Identity theft is much more insidious than that.
Identity theft happens when someone gets enough information to open new accounts on your behalf. That can get really nasty, because it can be a long time before you even know about the problem (especially if they get the bills sent to a bogus address), it can be hard to convince the creditors that you didn’t authorize the activity, and it can result in stuff in your credit record that’s hard to get out.
And the thing is that obtaining account numbers, as above, can be the first step to enabling identify theft. Identity thieves collect as much personal information about you as they can. When they have enough, including some key bits, they’re ready. The key bits? Name, address, date of birth, Social Security number. A couple of account numbers help too — a bank account and a credit card fill things out nicely. If they also know where you work, that’s good too, though it’s not necessary. Mother’s maiden name, place of birth, and that sort of thing are icing on the cake, giving them more options to get more information from more sources.
Because that’s the real key point here: the more information one has on someone, the more new information one can get. Information, however insignificant it may seem, provides access to more information. The other side of that is that protecting information helps protect other information.
Your first line of defense, then, is to keep a lid on the key bits of information. Note that your driver’s license has three of the four primary ones in one place: name, address, date of birth. Don’t lose your driver’s license! It’s more than just an inconvenience. Never keep anything with your Social Security number on it in your wallet, and don’t give your SSN out freely. You should only have to use your SSN to open bank or credit card accounts, and to get employment — things that have to deal with taxes or credit checks. For anything else (someone recently said that her doctor asked for her SSN), insist that they use something else (and see below for places that use the last four digits of your SSN).
It’s also popular to put your date of birth into social networking sites, purchasing wish lists, and such, for all to see. Avoid that.
Shred any old mail that has your account numbers on it. Someone picking your old account statements out of the trash gets a free ride on some important information.
That should mostly protect you. If you want to go a little extra, remember what I’ve said here before: the “mother’s maiden name” sort of thing is bad news... it’s asking you to give a weak, easily discovered password that then provides access to much more sensitive information. Don’t use your mother’s maiden name, and don’t use the last four digits of your SSN. Make up something on your own, so it’s not something that doesn’t change and can be looked up. If you really want to limit exposure, use different variations at different times. Only, either make sure you’ll never forget it, or make sure you’ll never forget your primary passwords. I’ve been tripped up a few times, when I used random garbage for “mother’s maiden name”, thinking that I’d never have to produce it, and then ran into a situation where I did, and, of course, couldn’t.
And, of course, there’s also the other standard, offline advice: opt out of financial junk mail (so thieves can’t steal your “pre-approved” credit-card solicitations from your mailbox or garbage), and order free copies of your credit reports regularly — you can get one free per year from each of the three major credit-reporting companies, so get one every four months, cycling through the three.
What makes true identity theft so nasty is that much of what makes up your “identity” in this sense is immutable information, and immutable information can’t be changed if it’s compromised. You can cancel accounts and get new ones with new numbers, of course. But your name, date of birth, and SSN are things your mostly stuck with, and it’s more or less inconvenient to change your address.
Don’t make it easy on the thieves: keep your Social Security number and other account numbers close to your chest.