These Steps Can Put You Back In Control After The Equifax Security Breach
The most recent Equifax data breach has made more people than ever aware of the growing problem with identity theft. If you were part of the 143 million whose data was released by Equifax, your personal security is unfortunately wide open to criminals. If you weren't part of the theft, you should still consider taking steps to protect your identity from future breaches.
Getting your credit report is just the first step in protecting your identity. To fully protect your identity, you'll need to go beyond the three big credit bureaus to protect yourself against banking fraud, tax fraud, Social Security fraud, and other criminal activities. The following are the concrete steps (along with direct links to the fraud webpages) you can take to protect your identity.
1 - Get Your Credit Report
If you haven't done it yet, get your credit report from the credit reporting agencies through the online form at annualcreditreport.com. The three major agencies -- Transunion, Equifax, and Experian -- all provide the legally mandated free report through this website.
You are entitled to one free credit report per year from the reporting agencies, and if you spread out the reports, you can actually check your credit for free three times a year. (The Purposeful Finance Challenge has scheduled challenges to remind you which report to check and when throughout the year.)
Other services, like Credit Karma offer you the ability to check your credit more often. The upside of these services are obvious, you get to check your credit regularly, and can even take a peak at your credit score.
The downside of using these services are you have given your information to one more company which could be hacked. The three major credit
2 - Place a Fraud Alert & Consider a Credit Freeze
Through the same website you can place a fraud alert on your credit report. This will make it significantly harder for criminals to use your credit, as it will subject future applications for credit to additional scrutiny.
If you want to go to the extreme option, you can place a credit freeze on your credit. This makes it impossible for a criminal to use your credit, unless you give out the Personal Identification Number they give you. Keep this PIN safe, as you will need it to be able to take out loans or do anything else with your credit in the future.
Realize, however, that this is an extreme option and freezing your credit has significant downsides. Make sure you understand the reasons why not to freeze your credit before making this decision.
Go to All Four Credit Bureaus
Fraud alerts and credit freezes only work if you have placed them on all four of the credit bureaus. Start with the fraud webpages for the big three credit bureaus at Equifax, Experian, and TransUnion. Many people are surprised to hear there is a fourth credit bureaus beyond the big three.
Innovis is another credit bureau which collects data on consumers and provides it to creditors. Although not as prominent as the big three, placing a fraud alert or a credit freeze is necessary to fully protect your identity.
The Cost of Protecting Your Credit
Placing fraud alerts on all four bureaus will be free, unless you have purchased this service as part of another product. You don't have to buy a product to place the fraud alert, and any individual can do it on the bureaus' websites.
Credit freezes, however, cost money depending on the state you live in. State law determines the cost of credit freezes, and prices range from free to $10 per change. Per change means you must pay the fee to freeze your credit, and again pay the fee to thaw your credit when you want to use it. You'll also have to pay the fee to re-freeze your credit once you are done applying for credit.
3 - Place a Security Alert with ChexSystems
Another surprise to most consumers is that there is a credit-like system for checking and savings accounts. The rise of check fraud and other banking fraud has led to the creation of a system for identifying people who have abused checking accounts or other bank accounts in the past.
If a criminal opens a checking account in your name, it may not seem like a big deal. But if the criminal bounces checks, commits banking fraud, or runs up a huge overdraft bill, you would be responsible until you cleared your name. Activity like this would also make it near impossible for you to open a new legitimate checking account in the future.
You can place a security alert or a freeze on your information at the ChexSystems website, as well as getting a copy of your ChexSystems report. Placing a security alert with the company will make it harder for criminals to open checking accounts or other bank accounts in your name.
4 - File Your Taxes Early
One thing many don't consider with identity theft is the risk of a criminal filing your taxes for you. With the information from the Equifax security breach, a criminal has almost everything they need to file a tax return in your name.
If the criminal inputs false information and claims a big tax refund (or an even bigger one with the Earned Income Tax Credit), the IRS will go after you for the money you shouldn't have gotten. It will take significant effort and time to clear your name.
Filing your tax return early will put the IRS on notice that the second criminal tax return is fraudulent. When the criminal files the return, the IRS computer system will see a return is already on file for your social security number and will reject or red-flag the return.
5 - Update Your Security
As soon as you hear about a security breach, you should immediately update your information on all important accounts you have. This includes your e-mail account, bank accounts, investment and retirement accounts, loans, insurances, and others.
Change PINs and Passwords
Start by changing your Personal Identification Numbers and passwords on the websites. As a general practice, passwords should be updated periodically or you could use a password management service.
Update E-mail Addresses
Make sure your e-mail address is updated with all of the account providers. Most financial institutions and other companies will send an e-mail to you if any changes occur on your account. This e-mail could be the best defense you have to find fraudulent activity before it occurs. If your e-mail address isn't updated (of if the criminal has your e-mail password) you may never get the e-mail.
Enable Two-Factor Authentication
One of the best security measures you can opt for is enabling two-factor authentication on all of your accounts. Two-factor authentication requires someone to have both a password and also some physical item to access your accounts. Many companies allow you to register your personal computer or phone as the physical item needed to access the account. Others go further and use a small USB token which must be plugged into the computer.
With two-factor authentication, the criminal needs both your password and your physical computer, phone, or USB token to do anything with your accounts.
6 - Check If Social Security Fraud is Occurring
Social Security fraud is an ongoing problem, where people use your Social Security Number (SSN) to work. Although this may seem like no big deal, it may impact your Social Security benefits in the future. Social Security fraud also subjects you to owing more taxes as the IRS will consider you to have earned the money.
You can create an account with the Social Security Administration to be able to view your work history as reported to the government. If you find errors, you can correct them with your local Social Security Office.
In just a few minutes a week, you can move toward financial independence. Each week you will receive a simple action item to take to improve your financial situation. Visit our challenge page and commit to build your financial plan one week at a time.
Joshua Escalante Troesh is a tenured professor of Business at El Camino College and the founder of Purposeful Finance. His career, including as a former credit union Vice President of Marketing, offers insight into what the Equifax data breach means for consumers. He can be reached for comment at firstname.lastname@example.org.