Preventing Fraud and Identity Theft
Every person who willfully obtains personal identifying information, e.g., name, address, date of birth, SSN, mother’s maiden name, etc. as defined in Cal. Penal Code Sec. 530.5(b), and uses that information for any unlawful purpose is guilty of a public offense. Identity theft is the fastest growing crime in the United States. Every year about 15 million people become victims. Everyone is vulnerable. Skilled identity thieves use a variety of methods to steal your personal information. These include the following:
- Dumpster diving. They rummage through trash looking for bills and other paper with your personal information on it.
- Skimming. They steal credit or debit card numbers with a special storage device when processing your card.
- Phishing and Whaling. See preceding tips on preventing Internet fraud.
- Changing your address. They divert your billing statements to another location by completing a change-of-address form.
- Stealing. They steal wallets, purses, mail (credit card and bank statements, pre-approved credit offers, new checks, tax information, etc.), employee personnel records, etc.
Some of the things you can do to minimize your risk of identity theft are listed below.
Protecting Personal Information
- Give out credit or debit card, bank account, or other personal information only when you have initiated the contact or know and trust the person you are dealing with. Beware of e-mail or telephone promotions designed to obtain personal information.
- Give out credit or debit card, bank account, and other personal information only when you have initiated the contact or know and trust the person you are dealing with. Beware of e-mail or telephone promotions designed to obtain personal information.
- Put strong passwords on your credit card, bank, computer, and online accounts. Avoid using easily remembered numbers or available information like mother’s maiden name, date of birth, phone number, or the last four digits of your SSN. Passwords should be more than eight characters in length, and contain both capital letters and at least one numeric character. Use of non-dictionary words is also recommended. Other advice on creating strong passwords can be found at Microsoft's Safety & Security Center web page.
- Select password reset questions whose answers cannot be found online or from other research tools. Don’t compromise a strong password with an easily answered reset question like: What is your mother’s maiden name?
- Use different passwords for banking, e-commerce, e-mail, and other accounts.
- Memorize your passwords. Don’t carry them in your purse or wallet.
- Keep personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your home.
- Make sure that the copying machines used by you and others who have your personal data, e.g., tax preparers, have data security measures installed to prevent unauthorized access to data on the copier’s disk.
- Protect you health insurance cards like you would your credit cards. If asked for your policy numbers or any other personal information in a doctor’s office, make sure no one else is near enough to hear or see them. And protect your Medicare card number as you would your Social Security number.
- Shred or tear up any documents with personal or financial information before throwing them in the trash. Use a cross-cut shredder.
- Avoid all online games and quizzes that request personal information, including your e-mail address. Providing this information can put your identity at risk.
Using Credit and Debit Cards
- Cancel accounts you don’t use or need. Carry only the cards and identification you need when you go out.
- Never loan your card to anyone.
- Pay attention to billing cycles. Check with the credit card company if you miss a bill to make sure that your address has not been changed without your knowledge.
- Only put the last four digits of your account number on checks you write to your credit card company. It knows the whole number and anyone who handles your check as it is processed won’t have access to the number.
- Notify your credit card companies and financial institutions in advance of any address or phone number changes.
- Bring home all credit card receipts and match them against your monthly statements. Look for charges you didn’t make. Dispose of them at home. Never toss your receipts in a public trash container.
- Call the credit card company or bank involved if a new card you applied for hasn’t arrived in a timely manner.
- Monitor the expiration dates of your cards and contact the card issuer if new cards are not received before your card expires.
- Report all lost or stolen cards immediately and request cards with new account numbers. In this case the federal Truth in Lending Act limits your liability to $50 of any charges made before you report your card lost or stolen. Contact the issuer if replacement cards are not received in a reasonable time.
- Sign and activate new cards promptly on receipt. Or write “See ID” on the signature line on the back of the card. Then a thief won’t have your signature. A merchant will ask you for a picture ID to make sure you are the cardholder.
- Never put your card number on a post card or on the outside of a mailing envelope.
- Make sure only the last four digits of your card number show up on your receipts. A 2001 state law banned the use of full credit card numbers on electronically printed receipts and gave businesses three years to comply. (Note that the merchant copy can show the full card number.) Report non-complying businesses to the Methamphetamine Strike Force hotline at (877) 662-6384.
- Cancel accounts you don’t use or need. Carry only the cards and identification you need when you go out.
- Tear into small pieces or shred any pre-approved credit card offers. They can be used by thieves to order cards in your name.
- Ask your credit card company to stop sending blank checks.
- Have your name removed from lists supplied by the Consumer Credit Reporting Companies (Equifax, Experian, Innovis, and TransUnion) to be used for pre-approved/pre-screened offers of credit or insurance by calling (888) 567-8688 or going to OptOutPrescreen.com.
- Don’t let your card out of sight. A person taking it to a Point of Sale (POS) device might have a skimmer to steal the information on the magnetic strip, copy your card number and the 3-digit security number on the back of the card, or switch cards. If you do give your card to a waiter or other sales person, make sure you get your card back. And use a credit card instead of a debit card whenever possible. With the former you don’t have to pay disputed charges. But with the latter it may take the bank about two weeks to restore the funds to your account.
- Make sure your bank and credit card companies have your latest home and cell phone numbers, and e-mail address so they can contact you quickly if they suspect fraud in your accounts.
- Some credit cards now have embedded Radio Frequency Identification (RFID) chips that are designed to be read by secure card readers at distances of less than 4 inches when properly oriented for “contactless payments.” Thus, RFID readers that are available to the general public and can operate at ranges up to 25 feet and are essentially useless in stealing the information on your card. And even if that information is “hi-jacked,” the cards are said to have security features that make it difficult or impossible to make a fraudulent transaction. Furthermore, the information is on the chip is not the same as that on the magnetic strip, and it cannot be used to create a functioning counterfeit version of the card. If you have a card with a RFID chip and don’t want to risk having the information on it stolen and used in any fraudulent activity, ask your card company for a new card without a chip.
Protecting Your U.S. Passport
- Since August 2007 all passports issued by the U.S. State Department have a small contactless RFID computer chip embedded in the back cover. They are called “Electronic or e-passports.” The chip stores the same data that is visually displayed on the photo page of the passport. It also stores a digital photograph of the holder. The chip can only be read by special secure readers at a close distance. And to reduce opportunities for unauthorized readings of the passport, a metallic element is embedded in it and it must be physically opened before it can be read.
- The U.S. State Department is now issuing U.S. passport cards that can be used to enter the United States from Canada, Mexico, the Caribbean, and Bermuda at land border crossings or seaports of entry that are less expensive that a passport book. It cannot be used for international travel by air. To increase speed, efficiency, and security at U.S. land and sea border crossings the card contains a RFID chip. However, no personal information is on the chip. It only points to a record stored at secure U.S. government databases. And a protective RFID-blocking sleeve is provided with each card to prevent unauthorized reading or tracking of the cared when it is not in use. Make sure you carry the card in the sleeve.
Protecting Your SSN
- Examine your Social Security Personal Earnings and Benefits Estimate Statement for possible fraud. You will receive it about three months before your birthday each year.
- Provide your SSN only when it is required by a government agency, employer, or financial institution. In a recent case a man received a call from a person who claimed to be a jury coordinator and said that a warrant has been issued for his arrest because he failed to report for jury duty. When he protested that he never received a summons he was asked for his SSN and date of birth to verify the records. Caught off guard he provided this information. Instead he should have hung up realizing that court workers would never ask for a SSN or other personal information.
- In a variation of the above scam, the caller says that you’ve been selected for jury duty and asks you to verify your name and SSN. Remember, notification of jury duty is always done by mail.
- Never use your SSN for identification. Don’t carry it or your Social Security card in your purse or wallet.
- Do not have your SSN or driver’s license number printed on your checks. And never write your SSN on a check.
Managing Your Accounts
- Keep a record in a secure place of all your credit and debit cards, and bank and investment account phone numbers for quick reference if identity theft occurs.
- Review your bank statements carefully. Match your checkbook entries against paid checks. Look for checks you didn’t write.
- Never leave transaction receipts at bank machines or counters, trashcans, gasoline pumps, etc.
Carrying Personal Information in a Purse or Wallet
- Carry only a driver’s license, cash, and one credit card. Don’t carry blank checks or a checkbook. Don’t carry anything with a PIN written on it.
- Keep a record of its contents. Photocopy both sides of your credit and debit cards and driver’s license and keep them in a safe place at home.
- Don’t carry your Social Security card or anything with your SSN on it. Persons with Medicare cards should carry photocopies of the cards with the last four digits of their SSN removed. Keep the card is a safe place at home.
- If you carry a wallet in a purse, keep personal checks and credit and debit cards in separate compartments and not in your wallet.
- Don’t carry personal information of your family members.
- Put a strong password on your Personal Data Assistant (PDA).
- Take the measures listed below for victims of identity theft if your wallet is lost or stolen. Don’t wait for someone to find and return it. These include filing a police report, reporting your credit and debit cards missing, closing checking accounts, having a fraud alert placed on your credit reports, notifying your medical insurance companies, reporting a missing driver’s license, etc.
- Read additional tips regarding carrying your purse or wallet.
Using the Mail
- Deposit mail in boxes or slots inside a post office. Use an outside box only if there is another pickup that day. It is not safe to leave mail in a box overnight. Also, do not leave mail for pickups from personal curbside boxes or cluster box units.
- Pick up your mail as soon as possible after it arrives in your personal curbside box or cluster box unit. If this is not possible, have a trusted friend or neighbor collect your mail, especially if you are expecting a box of checks or a new credit or debit card.
- Consider having new checks mailed to your bank for collection to avoid possible theft from your mailbox.
- Use a locked mailbox and make sure the lock works.
- Investigate immediately if bills do not arrive when expected, you receive unexpected credit cards or account statements, you are denied credit for no apparent reason, and you receive call or letters about purchases you did not make.
- Report the non-receipt of expected valuable mail by calling the sender and the Postal Inspection Service as soon as possible.
Using an ATM
- Use ATMs that are inside a store or a bank. These are less likely to have been tampered with for skimming, which is the illegal capture and utilization of a cardholder’s financial information from an ATM transaction. If you use an outside ATM, it should be well-lighted and under video surveillance.
- Check the machine and everything around it before you take out your card. Look for parts that seem crooked or have a different color, or decals that are partially covered. If something doesn’t seem right, go to another machine.
- Most ATMs have flashing lights in the card slot. Their obscuration is a sign of tampering.
- Look to see if there is anything in the slot where you insert your ATM card. Thieves place a small, hard-to-detect skimming device in the card slot to steal your PIN and other bank account information. If anything looks suspicious, give it a pull or push. Skimmers are usually held in place loosely by glue or tape to make them easy for the thief to remove. If you remove one, contact the SDPD immediately. Don’t throw it away or keep it; that would make it look like you are running the scheme.
- Check for a false keypad that has been installed over the built-in one. False keypads stick out too far or look strange.
- Check the area around the machine for hidden cameras. To be safe shield your hand when entering your PIN so it can’t be seen by anyone near you or by a hidden camera.
- Memorize your PIN and keep it secret. Don’t write it down or keep it in your wallet or purse.
- Keep the customer-service phone numbers of your bank and credit-card company readily available. Call the appropriate number immediately if your card gets stuck in an ATM. Do not leave the ATM.
- Monitor your bank statements frequently and report any unauthorized activity immediately.
Buying Identity Theft Protection
- You cannot buy absolute protection against identity theft. Beware of any such claims, especially regarding prevention of misuse of existing credit-card accounts, theft of medical records, and theft of personal information from employer’s personnel files.
- Before signing up for protection, be sure to understand what services are provided, what protections they afford, and how the personal information you provide is protected.
- Fraud alerts, which provide some protection against new-account fraud, do not provide absolute protection and only deal with a small fraction of identity theft incidents.
Checking for Possible Identity Theft
- Obtain free copies of your credit reports from the three nationwide consumer credit reporting bureaus – Equifax, Experian, and TransUnion -- by visiting AnnualCreditReport.com or calling (877) 322-8228. This is the ONLY source of free reports authorized under Federal law. You can get one free report annually from each bureau. Stagger your requests to obtain one every four months. That way you can monitor your credit during the year. Check these reports for errors, fraudulent activities, e.g., accounts opened without your knowledge or consent, and persons or businesses checking on your credit. Contact the reporting bureau immediately if you see any inaccuracies. These bureaus may also try to sell you credit monitoring products or services for a fee. Starting April 1, 2010 the FTC requires that any advertising for such products or services be delayed until after you get your free credit reports.
- Be aware that if you order a free credit report from an unauthorized website such as freecreditreport.com you will be given a free limited-time trial membership in its credit monitoring service that will provide daily monitoring of your credit reports, alert notices of key changes, bi-monthly credit scores, etc. If you don’t cancel this membership you will be charged a fee for each month that you remain a member. Before becoming a member you need to understand exactly what protection and services it will and will not provide, and whether you need the additional protection. Some services you will pay for you can do yourself at no cost, e.g., ordering credit reports and placing fraud alerts.
- Starting April 1, 2010 these websites will be required to print a disclosure that states the following at the top of each page that mentions free credit reports: “THIS NOTICE IS REQUIRED BY LAW. Read more at www.FTC.gov. You have the right to a free credit report from AnnualCreditReport.com or (877) 322-8228, the ONLY authorized source under federal law.” They will also have to include a clickable button to “Take me to the authorized source” and clickable links to www.AnnualCreditReport.com and www.FTC.gov.
- Place a security freeze on your credit reports. This will protect you against fraud in new accounts by prohibiting the credit reporting bureaus from releasing your credit reports to a potential creditor without your express permission. Go to websites Equifax, Experian, and TransUnion websites for the procedures and fees for placing and lifting freezes.
- Check your medical bills and health insurance statements to make sure the dates and types of services match your records. Read every letter you get from your insurer, including those that say “this is not a bill.” If you see a doctor’s name or date of service that isn’t familiar, call the doctor and your insurer.
- Once a year request a list of all benefits paid in your name by your health insurer. If the thief has changed your billing address you would not be receiving any bills or statements.
If you become a victim of identity theft
File a police report as soon as possible. Call the SDPD non-emergency number, (619) 531-2000 or (858) 484-3154. Then do the following:
- Set up a folder where you can keep a log of all your contacts and documents.
- Contact the Federal Trade Commission (FTC) to report the theft. Its Identity Theft Hotline is (877) 438-4338. Or visit its website at www.ftc.gov/idtheft. The FTC is the federal clearinghouse of complaints of victims of identity theft. It helps victims by providing information to resolve financial and other problems that could result from identity theft. Its booklet entitled Take Charge: Fighting Back Against Identity Theft deals with bank accounts and fraudulent withdrawals, bankruptcy fraud, investment fraud, phone fraud, and other specific problems. It also describes the immediate steps victims should take and ways to minimize recurrences.
- Report the theft to the fraud units of Equifax at (800) 525-6285, Experian at (888) 397-3742, and TransUnion at (800) 680-7289. Ask to have a fraud alert placed on your credit reports. It will tell creditors to follow certain procedures before they open new accounts in your name or make changes to you existing accounts. In placing a fraud alert you will be entitled to free copies of your credit reports. Review them carefully. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain. Fraud alerts are good for 90 days and can be renewed. They are free.
- Alert your banks of any fraud and request new account numbers with new checks, ATM cards, and PINs. Also provide new passwords and stop payment on any missing checks.
- Contact all your creditors by phone and in writing to inform them of the theft.
- Call your credit card companies and request account number changes. Don’t ask to cancel or close your accounts; that can hurt your credit score, especially if you have outstanding balances. Say you want a new numbers issued so your old numbers will not show up as being “cancelled by consumer” on your credit reports.
- Call the security or fraud departments of each company you have a charge account with to close any accounts that have been tampered with or established fraudulently. Follow up the request in writing and ask for written verification that the accounts have been closed and any fraudulent debts discharged. Keep copies of all documents and records of all conversations about the theft. If you still want a charge account, request a new number.
- Report the loss of your SSN to the IRS. This will alert the IRS that someone might use your SSN to get a job or file a tax return to receive a refund. Call its Identity Theft Hotline at (800) 908-4490 and go to the IRS Identity Theft Hotline. Follow the directions there regarding identity theft and your tax records, and the need to provide it with proof of your identity. Also contact the Social Security Administration (SSA) on its Fraud Hotline at (800) 269-0271 or by e-mail to the Office of the Inspector General.
- Call the SSA at (800) 325-0778 if your Medicare card is lost or stolen. And ask for a replacement.
- Contact the California DMV Fraud Hotline at (866) 658-5758 to report the theft and see if another driver’s license has been issued in your name.
- Notify the U.S. Postal Inspector if your mail has been stolen or tampered with. Its number is (626) 405-1200.
- In the case of medical identity theft request a copy of your current medical files from each health care provider, and request that all false information be removed from your medical and insurance files. Enclose a copy of the police report with your requests. For more information things to do if you are a victim of medical identity theft or concerned about it go the World Privacy Forum’s website
- Call the Health Insurance Counseling and Advocacy Program’s Senior Medicare Patrol (HICAP/SMP) at (800) 434-0222 to report any fraud involving Medicare.
Additional tips on avoiding and resolving identity theft problems are available on the State of California Office of Information & Privacy Protection website. Legal Guide P-3 also explains your rights and liabilities under California law when your credit identity is stolen. Another useful website is that of the Identity Theft Resource Center (ITRC). It contains information ranging from advice for people who have had a wallet stolen to tips for reducing the risks of identify theft. . It also contains fact sheets, solutions to various identity theft problems, letter forms, scam alerts, a “Help, I’m a Victim of Identity Theft” button, and answers to frequently asked questions. Its toll-free victim-assistance number is (888) 400-5530.
Any San Diego resident over the age of 60 can obtain free legal advice on recouping money lost to scams by calling Elder Law & Advocacy at (858) 565-1392. This state- and county-funded nonprofit corporation provides no-cost routine legal services to seniors and caregivers of seniors.
If you are notified of a security breach involving personal information
Most states now have security breach notification laws under which a person whose personal information is compromised must be notified of the breach. The California Breach Notification Law is in Civil Code Sections 1798.29, 1798.82, and 1798.84. The first applies to state government agencies; the other two apply to any person or business doing business in the state. The notice requirement is triggered if the breach involves a person’s name in combination with any of the following: SSN; driver’s license or California Identification Card number; financial account, credit card, or debit card number along with any PIN or other access code required to access the account; medical information; or health insurance information. In a paper dated May 2008 the California Office of Privacy Protection recommended that the letter of notice also specify the type of personal information that was involved and provide information on what individuals can do to protect against identity theft for each type. This information is summarized below.
- SSN. Put a fraud alert on your credit files and order copies of your credit reports. Review them carefully and file a police report if you find anything suspicious. If you don’t find anything suspicious at first, renew the fraud alert and check your credit reports periodically. Also report the loss to the IRS and SSA.
- Driver’s License or California Identification Card number. Call the DMV Fraud Hotline to report the incident.
- Financial account numbers. Call the institution to request new account numbers and PINs. And provide new passwords.
- Medical or health insurance information. Review your explanation of benefits statements and contact your insurer if you see any services you did not receive.
Senate Bill 1166 would have amended the present law to include these recommendations but Governor Schwarzenegger vetoed it on Sept. 30, 2010. For additional information on this and other privacy issues visit the Privacy Rights Clearinghouse’s website.