Rothman Gordon: Protecting Yourself Against Identity Theft

Protecting Yourself Against Identity Theft

According to the Federal Trade Commission, identify theft now ranks as the nation's top consumer fraud complaint. The Federal Trade Commission was designated as a clearinghouse for complaints, referrals, and access to resources for victims of identity theft under the Identity Theft and Assumption Deterrence Act signed into law Oct. 30, 1998. This law makes identity theft a federal crime and a felony with penalties of up to 15 years in prison and a maximum fine of $250,000. Prior to the enactment of this law, only credit grantors who suffered monetary losses were considered victims. This law also establishes that the person whose identity is stolen is a true victim.

Basically the law disallows knowingly and without lawful authority producing, using or attempting to use identification documents or false identification documents. Identification documents in this law were expanded to include not only name, social security number, date of birth, official State or government issued driver's license or ID number, alien registration number, government passport number, employer or taxpayer ID number, but biometric data including fingerprints, voice prints, and the new technology that allows retina or iris imaging. Protections were also put in place relevant to the information age such as unique electronic ID numbers, addresses or routing codes, and telecommunication identifying information or access devices such as cell phone serial numbers.

Plots to commit identity fraud sometimes involve violations of other federal offenses — all felonies, including computer fraud, mail fraud, and wire fraud containing even stiffer penalties. Many states have also passed laws relative to identity theft. A bill has also been introduced in Congress to limit the use of Social Security numbers. This act would prohibit the sale or display of SSN's to the general public; remove SSN's from government checks and drivers' licenses; and require SSN's be removed from public records published on the internet.

Typically theft of your personal information occurs when your purse or wallet are lost or stolen. But enterprising thieves also steal mail and then complete "change of address forms" to apply for credit in your name, they rummage through trash and fill out pre-approved credit applications, fraudulently obtain credit reports by posing as a landlord, or employer or they gain access to your business or personnel records at work. A recent report by the nation's three credit bureaus found that the number one source of identity fraud is employer records. Businesses too, however, can be victims of identity theft and fraud.

Victims of identity theft can spend months, or years and lots of money undoing the wrongs against them. They may also be denied credit, lose job opportunities and may even be arrested for crimes they did not commit.

Warning signs that you may be a victim of identity theft include your bills suddenly arriving late or not at all and calls from collection agents regarding unknown charges or accounts.

While it may be impossible to completely prevent identity theft, the FTC suggests steps that may minimize your risk:

Annually request copies of your credit report from each of the three major credit reporting agencies. Check each of them and promptly take the necessary steps to correct any inaccuracies.
Avoid use of your mother's maiden name, and identifying numbers, i.e. the last four digits of your Social Security Number, phone number, street address or consecutive numbers as passwords on credit card, bank and phone accounts. Consumer advocates also suggest you do not use your children's or pets names.
All personal information stored in your home should be secured, especially if you have roommates, employ outside help or are having service/repair work done in your home. Your social security card should not be carried with you but stored here as well. Do not store personal information on your computer, i.e. SSN's, birth dates, tax returns and financial account numbers. Many times, without ever setting foot in your home, this makes it easy for hackers to steal your identity.
Unless you initiated the contact, do not give out personal information over the phone or via the internet and be sure you are dealing with a legitimate organization.
Deposit outgoing mail in post office collection boxes rather than in an unsecured mailbox and promptly remove mail from your personal mailbox. Have the post office hold your mail if you'll be out-of-town for an extended period.
Tear, cut or shred charge receipts, copies of credit applications and credit offers, insurance forms, doctor bills, checks and bank statements, and expired credit cards all of which contain information that can be used to steal your identity.

Ask about information security procedures at your place of employment including who has access to them, verifying they are securely stored and the disposal procedures of such records. And keep your purse or wallet in a safe place at work.

Fraud via the telephone can involve companies initiating calls to consumers/businesses or consumers calling companies in response to mailings and other forms of advertising. Internet fraud can include promotions found on websites, in chat rooms, bulletin boards, newsgroups and e-mail. Statistics released by the National Fraud Information Center show that 78% of internet fraud victims are between the ages of 20 and 49 and Pennsylvania ranks in the top five states in the number of victims. Imposters target legitimate businesses and charities by creating similar looking websites or organization names for mailings and phone solicitations and unsuspecting consumers/businesses then give out credit card numbers and other information via the web or phone that allows identity theft to occur.

The convenience of using the mail, the phone and the internet to conduct business still requires due diligence on your part to protect yourself from identity theft - know who you are dealing with. When in doubt, get a physical address and phone number and contact your state consumer protection agency and the Better Business Bureau prior to making any commitments.

The US Postal Inspection Service is the law enforcement branch of the United States Postal Service which investigates any crime in which the US Mail is used to further a scheme, whether it originated in the mail, by telephone or on the internet (mail fraud). They are empowered by federal laws and regulations to prosecute and take administrative action but do not have the authority to ensure you are refunded your loss. Read the fine print on any offer you receive in the mail and if you elect to make a purchase, request a secure check from your bank that can't be altered or use a credit card.

Protections from telemarketers and telephone fraud are also afforded consumers under the Telephone Consumer Protection Act of 1991, regulations of the Federal Communications Commission and various state agencies. The National Consumers League says if you are contacted by a business that already has your account number but is requesting it again, be suspicious. Contact the company directly to ask why it is needed.

Because computer viruses can cause damage that triggers your computer to send out files and other information, it is important to update your virus protection software regularly. Do not download files or open e-mail sent by strangers. The Internet Fraud Watch (IFW), a division of the non-profit National Consumers League, advises that while not all unsolicited e-mail messages are fraudulent, consumers should be very suspicious of anyone who promises them easy money, incredibly cheap prices or Śfree' services. The IFW also recommends that you not store financial information on a laptop computer and always logoff the laptop when you are through. Do not use automatic log-in features that allow your user name and passwords to be saved. And if you are disposing of a computer delete personal information using a "wipe" utility program to overwrite the entire hard drive.

When shopping online, look for website privacy policies. The policy should address maintenance of accuracy, access, security and control of personal information collected by the site, how the information will be used including whether it will be shared with third parties. The site should provide details about the products or services, the total price, the delivery time, the refund and cancellation policies, and the terms of any warranty. Do not provide your credit card or bank account number unless you are actually paying for something and then use a secure browser (software that encrypts or scrambles info you send). Use a credit card to pay for online purchases because you can dispute the charges if you never get the goods or services or the offer was misrepresented.

If you take precautions and still become a victim of identity theft, here are the steps you need to take:

First, contact at least one of the three major credit bureaus: Equifax (1-800-525-6285), Experian (1-888-397-3742) and Trans Union (1-800-680-7289). The three bureaus now use a standard affidavit and notify each other to post a fraud alert on a reported victim's account. The fraud alert requires potential lenders to contact the applicant before authorizing credit.
Close any accounts (bank, credit cards, other lenders and utility/service providers) that you know or suspect have been affected or opened without your consent. This includes credit union accounts. Cancel ATM and Debit cards and stop payment on stolen or forged checks. You can be held responsible for forgery for failing to notify the bank in a timely manner. You are required to take reasonable care of your account. In most cases, the Truth in Lending Act limits your liability for unauthorized credit card charges to $50 per card. You must follow procedures of The Fair Credit Billing Act to resolve billing errors or fraudulent charges on your credit card accounts. The bank regulatory agencies, such as the Federal Deposit Insurance Corporation have each issued guidelines if there is suspicion a customer is a victim of identity theft. Institutions are encouraged to file a Suspicious Activity Report and to contact their primary federal banking regulator, the FTC, and appropriate state agencies. Visa will delete expiration dates from charge receipts beginning in July, 2003.
File a report with your local police or police in the community where the theft occurred. Get a copy of the report.
File a Complaint with the Federal Trade Commission — 1-877-ID-THEFT (438-4338) An input form is also available online. The FTC website also has a sample dispute letter to be filed with the Credit Bureaus.

An attorney can advise you, accordingly in certain situations, which may make it necessary to contact other agencies of the state or federal government. Here are examples of some of those situations:

Social Security # Theft - Report allegations to the Social Security Administration Fraud Hotline 1-800-269-0271
Mail Theft — Contact the US Postal Inspection Service
Passport Fraud — Contact the United States Department of State
Phone Fraud — Contact your state Public Utility Commission for local service and the Federal Communications Commission for interstate and international communications.
Tax Fraud — Contact the IRS 1-800-829-0433. Victims having trouble filing returns should contact the IRS Taxpayer Advocate Office at 1-877-777-4778
Drivers License Fraud — Contact the Department of Motor Vehicles (Failure to file notice could result in criminal proceedings, if negligence occurs while someone else is using your drivers license)
Investment Fraud — The Securities and Exchange Commission

As we told you earlier, the number one source of identity fraud is theft of employer records. We'll address now how this might happen and how you as an employer, can assure a secure workplace and assist employees who become victims of identity theft.

The personnel records of employees obviously contain names, addresses, Social Security numbers, birth dates and other personal data. If a company fails to guard these files, unscrupulous persons can take the records and fraudulently make purchases, rent apartments and set up credit card accounts, all in the name(s) of your unsuspecting employees. As an employer, it is important that you take reasonable care to prevent theft of employee's personal information. Unless you do so, you could be held legally responsible for neglect.

To avoid this scenario, be sure to keep personnel records stored in a secure area (such as a locked file cabinet) that allows limited access to the general workforce. Background checks should be done on all persons who will have access to personal employee data. Be sure to exercise caution when allowing access to any third-party persons such as vendors or temps.

You may also want to consider establishing an internal privacy policy (in addition to the notice to clients, if required, under the Gramm-Leach-Billey Act) which addresses how personally identifiable information about applicants and employees will be handled. Randomly assigned numbers, as opposed to Social Security numbers, should be used as a means to identify employees on insurance cards, claims forms, paycheck stubs, timecards, staff badges, etc.

Access to computer files in the workplace should require password clearance. These passwords should be regularly changed and disabled soon after employee termination. Likewise, any documents to be discarded that contain personal employee information should be shredded.

If an employee reports that their identity has been stolen, you should do all you can in support of the employee. Be aware that their productivity level may go down as they spend the necessary time to deal with this theft. Also, be prepared to advise them of the key action steps they need to take that we outlined previously.

Businesses may also become the victim of fraud through scams involving advertising, bogus invoices and charitable solicitations to name a few. Thoroughly investigate any companies you plan to do business with and get details of offers in writing. Check all bills and invoices carefully. Unless there is a legitimate reason to do so as part of a transaction, do not provide financial information. And educate your employees on their responsibilities to avoid scams in the workplace.