As we learned from the Equifax breach in 2017, we can fall victim to identity theft through no fault of our own. Although it isn’t feasible to master every identity theft scenario, it’s worth your time to learn more about the available identity theft tools and services and how to initiate a recovery plan if you become a victim. Here, we review four remediation resources and services, focusing on the benefits and risks of each. These tools may be used concurrently.
This service monitors your credit file for changes or suspicious activity. Credit monitoring can send alerts—typically via e-mails or text messages—if there are hard-credit inquiries about you or when new lines of credit are opened. If anything looks fishy, you can report the activity to the company holding that account and the major credit bureaus. At this stage, some incidents may be remediated.
- Often, this service is free of charge after major breaches (e.g., Equifax, Anthem) when social security numbers (SSNs) have been exposed.
- Credit monitoring doesn’t restrict your access to your credit file.
- Credit monitoring is reactive. You’re notified after unauthorized activity has occurred.
- You must entrust another company with your SSN.
- Only credit is monitored; other accounts are not.
A fraud alert is a cautionary note that you can have placed on your credit report. It tells credit lenders or service providers that you may have been a victim of identity theft, so they must verify with you before making changes to your credit. For example, if you apply for a credit card while you have a fraud alert in place, the credit card company may call you to verify that you were the one who submitted the application. Verification usually happens over the phone, but there is no standard means of verification defined by law.
Fraud alerts come in two flavors: initial fraud alerts, which last one year, and extended fraud alerts, which extend that time to seven years. To implement an extended fraud alert, you’re required to file an identity theft report with the Federal Trade Commission (FTC) first.
- Fraud alerts are free and easy to set up.
- You can submit a request to one major credit bureau, which will notify the other two.
- Fraud alerts don’t restrict your access to your credit file.
- The verification process isn’t clearly defined by law.
- Verification could delay credit changes.
- Existing accounts aren’t protected.
This tool freezes credit files so that no one—including the individual who placed the freeze (i.e., you)—can open a new line of credit. Therefore, before opening a new line of credit, you would need to unfreeze your credit file using a personal identification number (PIN) provided by the credit bureau.
A security freeze is the most effective preventive measure because, without the PIN, no changes can be made to a credit file.
As of September 2018, credit freezes are free to implement in all 50 states.
The application process requires a separate submission to each credit bureau.
A freeze restricts access to your own credit. You must unfreeze it to allow changes.
It doesn’t restrict access to existing accounts; fraudulent activity can still occur in those.
Identity theft protection services
Identity theft protection services provide a suite of helpful tools and resources in one package. The better services offer real-time credit monitoring at all three major bureaus, customized account alerts for more than just credit, and a 24/7 call center.
These services combine the benefits of other tools (e.g., credit monitoring) in one place.
If 24/7 support is available, it can guide you through the steps to mitigate the situation at any time.
Some services can monitor other accounts, not just credit files.
You must entrust another company with your SSN.
These services can be costly.
Quality may vary. Before subscribing, be sure to perform due diligence.
Most vendors won’t help with theft that occurred before you subscribed to their services.
A great starting point for victims of identity theft is identitytheft.gov. By following the site’s simple prompts, you can select your identity theft situation, access guidance and resources specific to you, and file identity theft reports with the FTC.
Preventing a second theft. Maintaining healthy account hygiene can help prevent unauthorized activity in the future. Here are some tips:
Change account passwords for all accounts that may have been compromised.
Ensure that your passwords are unique for each account. That way, if one account is compromised, the attackers potentially can’t access your other accounts.
Enable multifactor authentication, which asks users to provide more than one form of identification to log into accounts. For example, in addition to entering a password, you would be prompted to access something you have, such as a smartphone or hardware token.
If you suspect that your e-mail accounts have been hacked, review the mail-forwarding rules and delete any you don’t recognize. Attackers often add forwarding rules so that when accounts send or receive certain e-mails, the e-mails are forwarded—even after you’ve regained access and changed your passwords.
This material has been provided for general informational purposes only and does not constitute either tax or legal advice. Although we go to great lengths to be sure our information is accurate and useful, we recommend that you consult a tax preparer, professional tax advisor, or lawyer.