In my conversations with clients we talk about a wide variety of topics including but not limited to things like getting clear on financial goals, getting financially organized, building a budget and financial statements, insurance, estate planning, income taxes, retirement planning, college funding, investment management, and more. Whenever talking about risk management I have made it a habit of discussing identity protection and fraud prevention, but didn’t really know where to go with the conversation other than suggesting a subscription to an identity and credit monitoring service such as Life Lock or one of the many companies in their space. Today I’ll talk with Carrie Kerskie, an expert on the topic of identity fraud. In particular, we’ll talk about what to do before, during, and after a security breach related to your identity.
In this episode…
– Trends in identity fraud / theft [8:10]
Here are the ways you can listen to the show…
You can listen to this podcast episode by doing any of the following:
– Just hit the play button on the audio player below and listen right on this page
– Click “Play In New Window” here or just below the audio player
– Download the audio file right to your computer and listen from your preferred media player
Show notes, links, references, and takeaways…
- How to Find Carrie Kerskie
How to get more information on the Identity Fraud Institute at Hodges University
Carrie’s Book, Public Identity: Because Nothing is Private Anymore
Get a $5 discount at one of the Identity Fraud Institute educational workshops by mentioning this podcast episode. To see the list of upcoming events, click here.
No matter where you live, if you have questions about prevention or have been a victim of identity theft / fraud, you can contact Carrie’s office for a consultation. If they are unable to help you they will get you into contact with another organization that can. You can reach Carrie’s office by phone at (230) 598-6281 or send an email to Carrie directly at [email protected].
You are protected by federal law on fraudulent activity on your bank accounts and credit cards as long as you report them within the required timeframe, which is usually 30-60 days.
It is better to use a credit card rather than a debit card when possible. Sometimes getting stolen funds refunded from your bank can take as long as 90 days. Also, banks must refund money that is lost due to fraud, but they are not responsible for overdraft charges caused as a result of the fraud. So if you have all of the money in your account stolen and then incur a number of overdraft charges, you could very well end up responsible for all of those charges. Carrie referenced a case in which a victim ended up paying close to $1,600 in overdraft charges even though they had gotten all of the money back that was stolen.
The primary focus for many criminals currently is on obtaining social security numbers. Based on information that Carrie came across around 2005, almost 1 Billion records had been exposed nationwide. She said that this means that you can assume that your identity has already been exposed event if you have not been a victim of fraud or theft yet.
- Emerging trends
Criminals are trying to take over people’s cell phone accounts. This allows them to get through additional layers of security and protection. So, if they have your social security number and have taken over your cell phone number as well there is a lot more potential for damage.
Criminals are filing a forwarding address request and stealing mail. The post office is required to notify you when a forward has been requested but it often does not come for as much as two weeks after the request is made. So a criminal could set this up and you would not know for long enough for important information to be stolen. You can set up an online account with the postal service and by doing so you will be updated and notified when certain things occur, including mail forwarding requests. If there are two adults in the household, both must register themselves with the postal service separately. To set up your online account go to: https://my.usps.com/mobileWeb/pages/intro/start.action.
Medical identity theft is also fairly common and the perpetrators will use another person’s identity for medical visits, prescriptions, surgery, durable medical equipment, etc…This could literally end up being deadly if someone else’s information ends up in your medical notes and they have a different blood type for example.
Criminal identity theft is also a possibility. The criminal will actually use your identity in the event of their arrest, etc…People most often find out about these types of breaches when applying for a job and having a background check completed and in some circumstances, victims of this fraud end up with a warrant for their arrest without even knowing it.
Biometrics are likely to be a future area of focus for criminals because so many security protocols are headed this way. This would include things like fingerprints, retina scans, palm print scans, etc…The problem with these is that they cannot be changed if they are compromised. As more organizations such as airlines harvest this information, they will eventually become susceptible to data breaches and this could become a serious problem in the future.
- Prevention of fraud / theft
100% prevention is impossible. Assume that your identity has already been compromised because it probably has, even if you have not yet fallen victim to a crime that you are aware of and act accordingly.
By registering your accounts and having online access to your accounts you are better off then if you were to simply leave the accounts unregistered. It may actually be easier for a criminal to register your account and gain access to sensitive information than it would be to take over an online account that was already established.
Request a credit freeze with the reporting bureaus. This will not impact any of your existing accounts but will prevent anyone (including yourself) from applying for and establishing credit in your name. Here are the links to the specific pages on each bureau’s site for setting up a freeze:
- Reaction to fraud / theft
The actions taken should be driven by the type of breach. Someone that had their credit card information compromised, but not their social security number can take fewer steps to contain a problem. So in the best of circumstances there may only be one simple step required. In the worst of circumstances, there could be dozens of steps required.
Even if the breach is limited to a credit card, you may have vendors that you have automatic payments and charges set up with. It would be a good idea to have some sort of list or document with the vendors that you have payments set up with and some other information about it. Here is a quick template that I put together that you could easily download and use in Excel or Google Docs…or you could just use it to get some ideas on how you would like to track this information.
The credit monitoring and identity protection industry is large and many of the companies do what is called “white labeling”. This means that there are many companies that build a unique business identity but use someone else’s product that already exists in the marketplace. This also means that you might think that you are shopping and comparing a number of different companies against each other when they could all in fact be selling the exact same service with a different marketing message and price tag. This lack of transparency is pretty discouraging isn’t it? The reality is that none of these companies can truly prevent your identity from being compromised and/or used in a malicious way. They can, however, notify you when something suspicious pops up, allowing you to further investigate and take action on. In that case they will basically provide you with a “do it yourself repair kit” and have you do the necessary work on your own. A higher level of service might include an 800 number that you can call into for getting questions answered and over the shoulder guidance. There are a few companies out there that will actually do the work required to help restore your identity. You will know that you have found one of these companies if they require a limited power of attorney document to be signed upon a breach. This means that they plan to roll up their sleeves and do some work on your behalf. So if you want or expect that level of service, your qualifying question should be, “if I have a breach, will you have me sign a limited power of attorney document and actually take the steps of securing my identity on my behalf?”. Obviously for this level of service you should expect to pay a premium. Carrie says that for the typical monitoring service you should be expecting to pay $5-7 per month. For a higher level of service you should expect to pay upwards of $20 per person per month. She also encourages you to do some internet searches looking for complaints related to the company that you are considering working with.
You may have access to free identity theft assistance from your insurance company through a homeowners or renters policy. So ask your agent if you have an identity theft rider on your policy and you may be pleasantly surprised to find that this is available to you at no charge. It sound like this covers restoration after a breach, but not necessarily prevention or monitoring.
If your social security number has been compromised:
Report your identity theft to the FTC. They will also provide some resources and suggested steps related to your recovery process. Click here to access the exact page that you would need to go to on the FTC website.
Contact one of the three credit bureaus (Experian, Equifax, or Transunion) and place a free 90 day fraud alert on your credit report. They will automatically notify the other two bureaus on your behalf and they will also establish a 90 day fraud alert. Carrie suggests contacting each bureau though, because when you are a victim of identity fraud they are required to provide you with a free credit report over and above the annual copy that you are entitled to via annualcreditreport.com.
Consider a credit freeze as mentioned earlier in the show notes.
Complete and submit an Identity Theft Affidavit to the IRS. This will put them on notice that your information has been compromised with could increase the risk of a fraudulent tax return being submitted under your identity.
Contact the financial institutions and cell phone company that you have accounts with and notify them of your compromise. Ask if there are additional layers of security that can be added online and/or by phone in an effort to protect you.
Update security questions, but base your answers on someone else like a spouse or child and consistently answer all of your security questions as though you were answering for them. This would make it harder for a hacker to take over your accounts.
The NCTUE is like a credit bureau for the utilities industry. You should review and freeze this report because there are certain accounts that can be opened using this organization as a proxy for one of the three main credit bureaus.
Sean: Hey, this is Sean Rogers and I just wanted to introduce you to Carrie Kerskie. I’m going to let Carrie share some of her general background information on herself and why she is somebody that you should probably be listening to in the topic of identity fraud. I actually had a recent encounter with Carrie because I was personally a victim of identity fraud. And it was a very frustrating situation. It definitely created some anxiety and panic initially and even after that subsided, it was a big undertaking in terms of the amount of time and energy that I had to spend to correct the problem. And so, after going through a conversation with Carrie, she really made me feel like I had all of my bases covered. I ended up building a checklist. And I think you can actually find right on my website www.rogersfin.com/blog, you’ll see a recent blog post that just talks a little bit about what I had gone through and some of the steps that I took, but I thought that we would take a deeper dive with Carrie on our call today. So, Carrie thanks for joining us.
Carrie: Thanks for having me.
Sean: Yeah. So, if you don’t mind just giving us a little bit of information on yourself and tell us kind of how you got to where you’re at and what it is that you’re up to these days.
Carrie: Sure. Well, right now I’m the director of the Identity Fraud Institute at Hodges University. It’s a relatively new Institute. It has been up running for about two years now. Prior to that I was a licensed private investigator. My company’s been in Naples since 2001 and about 2006 I started getting calls from identity theft victims and back then there really wasn’t a lot of information or resources available to help them, so I kind of took it upon myself to figure out how to assist these people and it just kind of grew from there. So, after more than 10 years of working with victims and I speak nationwide; I had conferences, corporate retreats, training programs, wrote a book which was surprising. Never thought I’d do that but everybody kept telling me to do it and so I did. The book is called Your Public Identity: Because Nothing is Private Anymore and basically, I sleep, breathe and eat identity theft.
Background information on the Identity Fraud Institute at Hodges University
Sean: Well, I was I was glad to find out that how much you did know by the time that we got on the phone, I had actually heard about… I basically was referred to you by a friend and colleague of mine and he told me that that you were somehow affiliated with Hodges University and that I could call. I was actually expecting to basically pay somebody for a consultation and or some in-depth assistance on helping me kind of work through my issues but can you give a little bit of an overview of the Hodges program? Just in general the overall vision and mission of what you’re trying to do there?
Carrie: Sure. I’d be happy to. Part of what we do here, through the Identity Fraud Institute, we do offer free victim assistance. We do not charge to help people through the process. You don’t know, when I say help through the process, we don’t always do all the heavy lifting for you because, obviously, you need to get involved because it’s your identity. But, we will help you create a game plan, give you the steps of what needs to be done, all those letter, sample letters, forms and if you do have a problem then we’d be happy to intervene through joint conference calls with the companies that are involved. But, we’re able to provide those services free because we are sponsored by private donors and also organizations. And often time when we’re working with a victim, they ask how much to pay and we tell them it’s free and they’ll end up just making a donation so they can help the next person. And the other thing we do is we offer obviously, education, because we are a university. The education is in two forms; one is for consumers – so we have the twice a month starting August through May. We have workshops at our Naples Campus and they’re an hour long each and if, you know, someone wants to register for one of the workshops and they mentioned, your, mentioned this blog would be happy to give them a five-dollar discount. That be twenty dollars for an hour course. some of the things are how to use the privacy settings on your smartphone or what are the warning signs of a scam. So they’re really informational more of a hands-on for people so they can come in and learn the down-and-dirty about what’s going on. And the other side of it is our corporate services that’s where we offer continuing education programs, corporate training programs and even consulting to organizations with data privacy and reducing the risk of a breach which then leads to identity theft. And the most exciting part is next year in May of 2018 we’re going to be holding our first national conference right here in Naples Florida. So a lot of exciting things happening.
Sean: That’s very cool so, and in terms of the listenership a lot of the people listening some are definitely in Southwest Florida, the Naples, you know, Bonita Springs, Estero, Fort Myers area but others might live in other states. So, is this something that’s offered on a national basis or is it something that they would need to kind of look to resources that are more local to them for people outside of this area?
Carrie: Sure. As far as with the workshops those are on campus, that’s more of local the professional development programs, the training programs we are in the process of moving those to an online platform. So anyone nationwide can partake in those. Obviously the conference, you know, anyone nationwide is welcome to attend it’s geared more towards like c-suites type of employees but as far as our Victim Services, you know, we, if someone is calling from another state and they need assistance, if we can’t help them because of our limited resources being, you know, kind of new and so trying to expand our sponsorships so we can expand our services we do partner with other victim assistance agencies nationwide. So if you call from an area and it’s something that we can’t specifically help you with then we can put you in contact with the agency that’s closest to your area.
Trends in identity fraud / theft
Sean: Okay great. that’s excellent, thank you for sharing that. So I know that we’re, I want to be respectful of your time today and there is a quite a bit that I wanted to make sure that we covered so I’m just going to jump in, you know, there were. I had a specific situation my breach was actually directly through my bank somebody was able to authenticate my identity the phone with a customer service representative at the bank and then changed the email address associated with the account and update the password then they were able to, you know, create some transactions to get, you know, to get money out of our accounts but I was actually more interested in just understanding from you just in general like trends and identity theft, like what is it that that the fee that these identity thefts / thieves are after, I guess? what is it that they’re trying to get information wise and what are like some of the more common ways that they’re getting that and kind of how are they using it? I know there’s a lot there but I guess that’s something that’s really top of mind for me because of the work that I do, you know, helping people to navigate their financial affairs and included in that is a lot of personal information so I’m just trying to get a better understanding on ways that we could safeguard, you know, information along the way.
Carrie: Sure there are a couple different levels of risk which would kind of the easiest way to categorize phase. The first one would be the exposure of the credit or the debit card, you know, through the skimmers which are often founded at gas pumps or you know when you go out to a restaurant, you know, skimmers, ATMs, those sorts of things. Becoming more and more sophisticated so it’s harder to detect them with a naked eye so. but the good news is you’re protected by federal law you have zero liability for fraudulent transactions in your bank accounts and credit cards as long as you report them within the time required which usually is 30 to 60 days from the date of the transaction. So if you’re looking at the financial exposure level, this type of the credit card in the debit card that’s kind of the lowest on the list as far as the level of exposure. If you report it to the bank they have to refund the money. Now I will say that it is always better to use a regular good old-fashioned credit card as opposed to a debit/credit card one that’s tied to your bank account, reason being is that if it gets exposed it’s the credit card company’s money that’s stolen and not yours if it’s your bank account then that’s money that’s coming out of your bank account directly. Yes, the bank will have to put that money back but it could take up to 90 days. So there is a little bit extra layer of protection if you use a credit card especially with shopping online or, you know, gas station pumps those sorts of things. The other big trend we’re seeing obviously, you know, they want to get Social Security numbers from all the data breaches that have been out there I think last time I heard was 2005. Almost a billion records have been exposed nationwide from data breaches so theoretically you could pretty much assume your identity has already been exposed at some point in time. What happens to that information it goes to the dark web, the Deep Web, that’s where personal identifying information is being sold on a daily basis. the going rate for a name, address, date of birth and social is about two dollars. So, you know, yes if you have someone who does a large data breach of you know a hundred thousand records well charging is x two dollars that’s a pretty good days’ worth of business.
Carrie: So your information’s out there but the bigger trend that we’re starting to see is the takeover of phone accounts. they want phone numbers the reason they want your phone numbers is because a lot of companies now are using the phone number as a form of ID verification. So if someone were to call in to apply for a new credit card using your information they already have your name, address, date of birth and social. If they have your phone number too when that credit card company calls you to verify to make sure that it’s your account because they’re not going to call the phone number that’s on the application. The credit card companies know that when they want run the credit report if there’s a brand new phone number that’s not tied to the credit report they’re going to call one of the phone numbers on the credit report for validation.
Carrie: Well if they’ve taken over your phone and your phone number now the criminals getting that call and they’re going to authorize a transaction or another example, is let’s say someone does compromise your credit card or your debit card. Well if the bank suspect fraud they’re going to call you if your phone number has been compromised the criminal now gets that call and he’s going to authorize those charges. So when you look at your bank statement and say I didn’t do this the bank’s going to say well we already called you at this phone number and you authorized the charge. So this is a newer trend. First time I saw it was two years ago. It is definitely on the rise I probably get anywhere from two to five calls a month from people that are this. It is a huge one, you know, there was an article out that said your cell phone number is the same thing as your social security number. I don’t agree with that. They still have to have your social security number to be able to take over the account, so the number itself is not the social security part. It’s the them taking over your account and once we have the account and they’ve receiving your phone calls or they can send a text message to your bank saying wire this money and it’s coming from your phone number. So that’s a big trend that we’re starting to see.
Sean: Okay, that’s interesting. Yeah now just going back to the to the point that you made but on the basically debit card use versus a credit card, just for the listeners to know. I actually had my breach was on my bank accounts and we had $2,500 stolen and that money didn’t come back for probably close to three weeks. So obviously it depends on what your financial situation is and how much cash you normally have on hand and whether or not something like that would be an issue for you but if you were somebody that, you know, cash is relatively tight and you’re not maintaining large balances in your bank accounts, that’s something that could really be a big problem. I just want to make sure I highlighted that for anyone listening, you know, to really take that to heart of using a credit card rather than a debit card whenever possible.
Carrie: Yeah, definitely. I have had cases where the person because the money was depleted out of their bank account and they had auto payments set up. Well the banks have to refund the money that was lost to fraud but they don’t have to refund the overdraft fees and the person in addition of them to deal with dealing with everything they also were out sixteen hundred dollars’ worth of overdraft fees that they were required to pay for.
Sean: Yeah, that’s not pleasant.
Carrie: Right. So use a credit card.
Sean: Okay. All right. So I guess, you kind of already covered this at some level in terms of an identity. a type of identity fraud that may not be as prevalent but it sounds like this the cellphone number thing is, you know, a couple years ago wasn’t so prevalent but it’s becoming more common. I mean, do you have like on your radar any particular areas of concern for the future like what the, where they’re headed and maybe the next three to five years with attempts to steal identity and things like that?
Carrie: Yeah one that’s starting to rise in our area but when I speak in other places people are not familiar with this. So this is one that I think most of it starts here in southern Florida and then it expands out to the rest of the country. The big one now is the forwarding of mail. The United States Postal Service, all that they require for you to forward your mail is you fill out a card and you drop it off at any post office. It doesn’t have to be in your hometown, you know, it could be anywhere. So what’s happening and the trend that we’re seeing as most of this mails now going to Miami. So someone will file a forwarding address request and now all your mail is being filed, being sent to an address in the Miami area. Now again those are just the cases that we’ve seen it could be sent anywhere in the country.
Carrie: And the Postal Service they’re required to notify you when a forward address has been requested. Unfortunately, you don’t get the letter in the mail from the Postal Service because they send it to the old address. You don’t get it until two weeks after the fact. so by then your mail is already being sent to somebody else. So in that case I recommend the Postal Service, that you can set up an online account with them it’s called my USPS and when you set up that online account it’s not by social, it’s by name and address. Any time there is mail being forwarded or any changes or if somebody’s sending like a priority overnight or anything like that you will get notified via email. Now if you are a husband and a wife you need to do it for each one of you because I have had cases where the mail has only been forwarded in the name of the husband. So anything for the wife or joint name was still coming to the house so they didn’t even know that they were missing mail.
Sean: Okay. That’s good to know.
Carrie: That’s a big trend. Another one is we start there’s a big shift to move more towards biometrics because everyone thinks that biometrics is going to be safer than passwords. I don’t agree. Passwords you can change if they’re compromised, your biometric, what do you do they’re compromised? You can’t change them.
Sean: Right. So when you say biometrics are talking fingerprint and eye scanners?
Carrie: Fingerprints, retina scans, palm print scans, I mean you name it anything that basically a part of your person and there’s, I think I heard that wanted to the airlines instead of boarding passes you’re just not going to be able to put your thumbprint or something and use that to get on the plane. Well as more and more organizations they’re going to be harvesting these biometrics, that’s going to be a huge target. so I see that as being a big problem in the future here.
Steps you can take to prevent identity fraud / theft
Sean: Okay. That’s very interesting, I’d never really thought about that. Excellent. So obviously those are some concerns I guess one of the things that I had given some thought to and I even wrote a lot on it a little bit and the article that I created was, you know, the title of the article was that a ‘pound of prevention is worth’, I’m sorry ‘an ounce of prevention is worth a pound of cure’. Right, so if I had maybe taken some additional steps I just wonder could I have you know prevented my breach and I overall I feel that I’m very careful with my information and I think at some level no matter how careful you are like you said I mean you can pretty much assume that your, that your identity is out there and hacked or stolen somehow and just because you haven’t been a victim that you’re aware of yet doesn’t mean that your information isn’t necessarily sitting out there right? So
Carrie: Yes. That’s why I tell people if you haven’t been a victim yet you will be at some point in your life.
Sean: Yeah. Okay so I guess I don’t have to feel like I was being irresponsible.
Carrie: No actually my information was put on the black market in 2008 from a data breach.
Carrie: So even though I consult I trained you know I’m pretty much do a lot of talks and as you and teaching other people about identity theft. Someone can use my social right now there’s nothing I can do stop it, it’s out of my hands. I can’t prevent someone from going to a doctor’s office saying they’re me.
Carrie: I can’t prevent someone from, you know, trying to get into my bank account now there are some things that I can do to their layers of protection. So with a bank account in addition to having a password and I do have online access set up for all of my accounts that way if there’s any changes I get notified right away. I can look at my transactions on a daily basis and it gives me extra security because if I didn’t have my online account, a criminal could call the bank pretend to be me with name, address, date of birth and social and then they would set up the online access.
Carrie: And then if they have online access they can do whatever they want. You know, there were other things that you can do too for example with your credit. If you’re not going to be applying for any new credit or credit related transactions. This isn’t may have any impact on your current credit cards or name lines of credit that you may have, this is just for new credit. Put a credit freeze a credit freeze prevents any new creditor from ever seeing the credit report. If they can’t see the report they’re not going to open the account. So it’s your best defense against new account fraud, you know, so these are just some of the things that you can do to reduce the risk but preventing in 100% it’s impossible and don’t think if you pay a company who claims they’re going to do it, that you’re going to be protected, nobody can prevent it, nobody can prevent it.
What to do during and after a security breach
Sean: Okay now when we spoke, you kind of took, you kind of walk me down through a list of the of the things that I should definitely have on my radar in terms of proactive, steps that I should take to try to contain the breach that I had and maybe prevent some things. You mentioned the credit report freeze that was one thing but you have a document, don’t you? That kind of walks through what the different things are that somebody should do and I don’t know if that was for prevention or for after the fact.
Carrie: Yeah we do have some forms that we have ones that I’ve created over the years but that we also provide here. For example, if you do want know, you know, all the steps to take one of the workshops that we offer is steps to take after becoming a victim of identity theft and then that you do get the checklists. When I’m working with victims it’s about it an eight page checklist that I work with that you go through. Now granted sometimes people need to do all the steps sometimes they only need to do a couple of the steps because the thing to remember is it depends what information was exposed and how it was used. That mandates what your next steps are going to be because everyone always assumes it’s the same steps no matter what type of identity theft. That’s not necessarily true. You need to look at what information did the criminal have based on what they were attempting or what they were successful at doing. So if it was, they had your credit card or your debit card you don’t need to go crazy, all you have to do is call the bank or the credit card company get in a new card. Now you have a new number that prevents anything else because the old number is going to be destroyed, you know, so you don’t have to go overboard with oh my gosh what do I do now, you know, that was a pretty easy one to resolve. Now granted if you do have you know regular charges that are tied to that credit card yes you have to call and change all that. So as a tool to help you with that process keep track of for every credit card or for bank account whatever you have for auto pay. Make a list. So in the event that account does get compromised you know exactly who you need to contact to get them the newest, new credit card or debit card number.
Sean: Right. Yeah I had to go through that through that process. I keep good records of everything so we were able to get it done pretty quickly but it still took, you know, multiple hours to get it all done. So, yeah that was kind of frustrating. So, I guess another question that I have for you is just related to some of the different services that are out there that are geared towards like credit monitoring and identity protection and things like that and I think probably the biggest, the most popular name as far as what I can see out there that people think of it would be like life lock and I don’t know how many different companies there are out there that that are in really in that business but do you have any insight in regard to that service in general just as an industry because there obviously is, it’s a budding, it’s a budding a little segment of the almost like financial services and technology side of the world? But do you have any feedback in regards to whether it makes sense to use services like that and if there are particular companies that you that you would recommend or companies that you would not recommend?
Carrie: Well as far as the industry it is a huge industry. I have lost count of all the companies that claim to offer identity protection services. It seems there’s a new one popping up every day. The backbone or the core of the service is a white label there are services so, you know, quite often when you’re do you might be looking at five separate companies but you’re getting pretty much all the monitoring and everything else is all coming from one company that they all white label. So it’s a very confusing industry to try to make themselves sound better than their competitors even though they all do the same thing. They come up with these little cute marketing names saying, oh we do this they don’t do that. They all do the same thing.
Carrie: Some of the ones that I tend to laugh at is, you know, we’ll scour the internet looking for your personal information. it’s impossible for one company to scour the entire dark web. It’s impossible and furthermore I already told you it’s already out there and that was free you didn’t have to pay me for that. So, you know, I just, I laugh when I see these things but it sounds good because the average person has no idea how the dark web works. I hope they’re going to look for me great I’ll sign up for their service. As far as I’m monitoring, all that does is tell you tells you there’s a problem. There’s no prevention. None of these services offer any kind of prevention, it’s all reaction, it’s all there’s now a problem you need to take care of it. This is where it comes to determining the value of the service. majority of these companies when you become a victim they will send you a Do It Yourself repair kit and you have to do your work yourself.
Sean: Right. Which is essentially what I would have gotten by call, you know, like what we did together the phone is what I would be handed in some kind of a template format by them?
Carrie: Right, exactly. The next level of service is they might have an 800 number that you can call and someone will walk you through the steps kind of like what I did with you over the phone. Even though what we did was free and those charges pay for it. The other ones and there are too many of them out there. They will actually do all the heavy lifting. They do all the work on your behalf until your identity has been restored. Now the only way to know the difference between these companies is forget all the marketing, forget all their comparison charts, forget all the hoopla that’s all over their websites. You need to ask them one question when I become a victim do I have to sign a limited power of attorney. If the answer is no. You will be doing all the work yourself.
Carrie: So if you want to call some of these companies I know, you know, credit card company’s banks, you know, all different companies now offered the service just ask that question because otherwise all you’re paying for is something that says hey there’s a problem. If you do want to pay for just a monitoring service and I get that you know some people are not going to be checking their credit reports every year. If you want to pay for monitoring you shouldn’t be paying more than five or seven dollars a month for that. But if you want to have someone that does everything else then you do have to find a limited power of attorney, you should be paying probably about twenty dollars per person per month. You know, as far as a lot of these companies that are very well-known do your homework on them. Do a simple internet search for the name of the company followed by complaints or the name of the company followed by you know, lawsuit or a class-action lawsuit and you might have to look on the second or third page of the search results because these companies are very good at marketing. They are very good at manipulating the search engine. So, you will have to do a little bit of digging because I give people all the time they call me and there’s one service in particular that they all have and that company has been fined twice by the Federal Trade Commission for deceptive advertising and failure to protect customer information. And a simple search of the internet would reveal that. so do your homework before you sign up for one of these services. Another thing – and I don’t want to forget to mention this you may already have restoration services available to you for free. call your homeowners insurance agent if you own your own home and I’ve heard now it’s also starting to get into the renter’s insurance market. Call your agent and see if you have what’s called an identity theft rider policy. So it’s a writer policy that’s attached to either a homeowners or renters or possibly even like an auto insurance policy.
Carrie: What these policies do is that when you do become a victim, they will pay a restoration company to do the work, to restore your identity up to the limits of the policy. Some of them have restoration companies that they have contracts with so you don’t have to pay anything out of pocket. Another one you find a restoration company and they will reimburse you for whatever it cost to restore your identity. Again, it’s up to the limits of the policy. so call your insurance agent and see if you already have something.
Sean: Okay. That’s good to know. Excellent. So assuming that somebody has had a breach and I do, again I do have a list of the steps that I had gone through on my blog post that I had written but can you just run through like them, maybe the kind of low-hanging fruit in terms of the things that people should kind of have on their radar of at least considering making changes to? so like somebody in my, in my circumstance I, it was an obvious it wasn’t just a credit card number that somebody got ahold of it was clearly, you know, deeper identifying information so can you just run through like a bullet point list real quick of things that people should be considering doing.
Carrie: Sure, and we’ll do it based on the information exposed. So anytime if a social security number has been used. meaning they try to set up a new credit card, they filed a tax return or if they did anything that involves your social security number. You know your social security number has been compromised. So some of the immediate steps right away. Contact the one of the credit bureaus ask them to place a free 90-days fraud alert on your credit report, they will notify the other two bureaus on your behalf. I prefer to contact each Bureau directly because when you are a victim of identity theft and when you place a free 90-day alert on your credit report you get another free credit report. So by calling each one directly when you put the fraud alert you can also request that they send you your free report.
Sean: Oh, good to know.
Carrie: Yes, it’s an extra freebie because if you just call the one and let them call the other two, they’re not going to tell you about this free report because it costs them money to send it. So you need to be proactive and ask for it. That fraud alert is not a hundred percent protection and only lasts for 90 days and then it goes away but what it does do it gives you 90 days to start getting you’re, getting everything in order. So during that 90 days, it’s a first layer of protection. Then ultimately if you can, meaning you’re not going to be applying for any new credit in the next year to two year you might want to switch that over to a credit freeze because that does offer better protection. But again you three you have the 90-day fraud alert you can go ahead and put that in place. The other thing I’d recommend is, the IRS they have what’s called an identity theft affidavit. It’s a form that you can fill out and send to the IRS and basically you’re putting them on notice that your information has been compromised which could increase the risk of a fraudulent tax return being submitted under your identity.
Carrie: So you’d fill that out. All the instructions are right there and if you don’t have the form just do an internet search for IRS identity theft affidavit, it’ll bring the form right up. You definitely want to contact anyone you have accounts with; bank accounts, credit cards especially phone numbers your phone carriers, your landlines in your cell phone. Call them all let them know you’ve been a victim of identity theft, that your social security number has been compromised and ask if there’s any additional security because majority of these companies all they need if somebody calls their customer service the 800-number. All they need to validate the identity for that account is a name, address, date of birth and social. So if that information has been compromised then anybody can call in pretending to be you and they answer those questions now they have control over your account. So ask if you can have extra security sometimes it could be in the form of setting up a PIN number or maybe having a security question. you know, it’s an extra piece of information that the criminal is not going to know. with security questions though don’t give them real answers. It’s really simple to go online and do an internet search to come up with someone’s answer and as a matter of fact in social media now all these surveys and polls they’re all created to get your security question answers. So I recommend do a one-off. Don’t answer them based on your information, answer them based on your spouse’s information or your child’s information or a favorite character in a movie or a book or someone else that you know, a best friend whatever the case might be. So all you have to remember is who’s your answer key, who’s your one off right and then answer all the questions based on that person because that’s going to make it more difficult. So the nature of the game is criminals like everybody else they go the path of least resistance. If it’s more difficult to use your identity, they’re going to move on to the next guy.
Sean: Okay. That’s good to know yeah when I when I had with my bank they were able to set up they like a verbal password and the representative on the other line doesn’t even have it they key it in and then the system up, will tell them whether or not it was correct. And so every time I call in to the bank now they have, they go through that process and I was hoping that that my cell phone company would be able to do the same thing but they weren’t able to really. It was Verizon actually which I was surprised because they’re obviously a you know one of the bigger players but they weren’t really able to do much in terms of adding extra security to that particular account.
Carrie: Yeah and I’m not surprised by that because like I said the trend of taking over the phone accounts. While it’s been in our area for two years. It hasn’t quite gone nationwide yet it’s just starting to so these companies are now trying to put procedures in place that alert them they haven’t gone to it yet so as this trend grows I’m sure they’re going to be looking to put measures and play.
Sean: Okay, excellent thank you. So what else should people have on the radar? So you were saying that that’s more like a, in the event of a social security breach you can that. By the way just for all the listeners I’m going to be all in the show notes I’ll link to all the different you know documents and resources that she’s mentioning so just for example, the IRS form I’ll link to that. I’ll link to the United States Postal Service link that she had mentioned earlier and so just you know you don’t need to be trying to write this thing these things down while you’re driving in your car.
Carrie: Other things that they could do, you know, obviously still involving the social security number there’s it’s called the NCTUE and what this is, it’s like a credit bureau but for the utilities industry. It’s the National Consumer telecom and utilities exchange and the reason why you want to look at this one is because if you put a credit freeze in place which protects you from new account fraud. Well if somebody is using your identity to get utilities, could be a cell phone, landline, you know, cable power whatever the case might be. If that utilities company doesn’t pull the credit report from the three major bureaus and they’re using this NCTUE report, there’s a can the account can be open. So this is kind of the fourth credit bureau but not really a credit bureau. but i do recommend you look at it and if you just go to the website NCTUE.com you can get your consumer report which is like your credit report you can request it and you can also put a freeze so if somebody tries to apply for a new account and they run through this NCTUE report it’s going to come back showing that you have a freeze in place. So, again it’s just another layer of protection. if it’s something of a medical identity theft we could do a whole other show just on that.
Carrie: Medical identity theft, that’s when someone uses your identity for medical services or products, you know, they could be using it to get surgery, to see the doctor, to get prescription drugs to get, you know, medical products which could be wheelchairs, prosthetic devices you name it. And you might say why would somebody do that, well there was an audit of for Medicare. they just randomly picked some names to do an audit and there was one woman and in the course of 12 months she had, she had paid for 25 wheelchairs for her and she’s in England she was on her own one. yeah and there are other cases where people where Medicare had paid for prosthetics and the person was not an amputee.
Sean: Oh wow.
Carrie: So, yeah there’s a lot of fraud that goes on there but with medical identity theft it is the deadliest form of identity theft because when a doctor is going to make a diagnosis they’re looking at everything in your medical file, which could be your information and could be your imposters information as well. So it can cause problems and an emergency situation, you know, let’s say you’re on vacation you’re driving through town and you get into a car accident your unconscious. They take you to the ER they pull a tallit oh yeah we already have a medical record no there’s no drug allergies or here’s their blood type well the next thing you know you’re given the wrong type of blood or they give you a medication that has a negative reaction to something you’re currently taking. So it can be a huge problem.
Sean: Wow. That was not on my radar at all.
Carrie: Yeah it’s a big one. It’s one of the deadliest forms that nobody knows about. you know, so there’s other things that need to be done for that one. Another type is criminal identity fact that’s when someone uses your identity or present your identity when they’re arrested. And usually you find out when you try to you get a job and they’re doing a background screening and it comes back showing you have criminal records that you are not aware of or it could be an officer knocking at your door with a warrant for your arrest.
Sean: Oh wow.
Carrie: And I have, I have worked with clients and that’s exactly what has happened to them. One of, one gentleman in fact he had his house surrounded by federal marshals with a warrant for his arrest.
Sean: Oh my god.
Carrie: Yeah. Imagine explaining that to your friends and family no kidding. so criminal identity theft is it’s becoming a little bit more prevalent as well. Another one a newer one did we just recently saw. first time I ever dealt with this this woman she is originally from Mexico but she’s a citizen here in the U.S. now and she goes back and forth at least once or twice a year to visit her family back in Mexico and the last time she tried to cross the border, she was detained for five hours by a border crossing, border patrol and all they told her was you’re a victim of identity theft you better get it fixed before he tried to cross the border again. So we went through we looked at everything you know credit reports the background reports we couldn’t find any evidence of identity theft. While what had happened is this criminal was only using her identity for crossing the border. So from, you know, could be drug smuggling or who knows what they’re doing. So he’s not using it for anything else and I, he, I think he could be she who knows but it’s not being used for any other purpose except for crossing the border between the U.S. and Mexico. So that was a new one and the, you know, 10, 11 plus years I’ve been doing this those first time I ever saw that one and that was just last month.
Sean: Wow that’s, that’s interesting.
How to gain access to an expert to learn about prevention or reaction related to identity fraud / theft
Sean: Wow. So there’s obviously a lot of different potential ways that we that we can kind of find ourselves in a security breach, like you said we pretty much all have an identity compromise it’s just a question of you know, when and what kind of an event is actually going to happen that that we would consider to be you know identity theft or identity fraud. So I guess for some of you listening they may have already experienced something like this but a lot of people may not have. I had personally in college I had a, you know, maybe a credit card, some credit card fraud but it was nothing more than like you had mentioned earlier just getting a new credit card. So if somebody ran into a situation like this and they would happen to live in Southwest Florida, what would be the best way for them to access you and if they if they live somewhere else? you mentioned that maybe they should just contact you anyways and you could put them in touch with somebody that would be more local to them or.
Carrie: Yeah, they can reach out to us here. Right now it’s just me but we are going to be bringing on three to five volunteers this fall. So we’ll be able to expand the number of victims were able to help. we’re just trying to raise some money so we can do this but the best way to reach me is through email because I do do a lot of public speaking and working with victims so I’m not always in the office. So, but if you send me email I can get that you know anywhere that I am and I can usually respond faster. if it’s a phone call it just please know that it might take a couple of days from when I do get back to the office that I can return your call. But if you do want to send an email it’s [email protected] or the phone number here is (239) 598-6281 and again if you’re outside of the area and if it’s something that, you know, we can’t because of the location or if we just don’t have the manpower then we’d be happy to push you in contact with another organization that we know is capable of helping you through the process and these are all, you know, free nonprofit volunteer organizations. We’re not going to send you to a company that’s going to ever send you somewhere we’re going to they’re going to charge you fees. Another option too is through the Federal Trade Commission. They recently this year launched a new website where you can go through and kind of put in what’s happened, your type of identity theft and it can give you a kind of a basic game plan of steps you need to take. I will say it may not be a hundred percent of everything you need to do but I would put it at about 75 to 80%. So, you know, if you can’t get a hold of somebody right away and you really want to get started you can start through the Federal Trade Commission’s and then, you know, because when we work with people we always ask what have you already done and then we try to help fill in those missing pieces so there are a couple of options for you.
Sean: Okay and I will link to Carey’s email address and phone number in the show notes and again just all the different resources that we’ve discussed today, I’ll make sure that I have good notes on that so you can track all that information down. Carrie is there anything else that you’d like to share with our listeners today that you think is important on the topic of identity fraud that we haven’t covered so far?
Carrie: Well the best defense is knowledge and you know, we’ve heard over the year’s people say knowledge is power. When it comes to our identity such as scams it truly is. The more you know about the techniques and the methods that these criminals are using, the more you’re going to be able to pay attention and recognize the warning signs. Learn as much as you can it is not just a credit card it can happen, like we talked about medical, there’s criminal, there’s all different types of identity theft so you need to think beyond just the credit card or the credit report. You know, we all have this instinct that when something’s wrong the hair on the back of the neck stands up but how many times have you dismissed it. Oh it’ll be okay, I’m overreacting, it’s no big deal. well that’ll come back and bite you in the butt and when it comes to identity theft you don’t have that luxury you’re better off of being over reactive in the beginning by questioning everything as opposed to well I guess it’ll be all right because the longer it takes to try to restore this the harder is going to be.
Carrie: So monitor your bank statements, monitor your credit card statement, if there’s something on there, you’re questioning call right away. I’ve done it where there was a charge I didn’t recognize and after their investigation they came back and it turned out it was a legitimate charge. it’s just the name on the statement with the corporate headquarters name and not the business that I had visited.
Sean: Got it.
Carrie: So things like that happen but you need to be diligent you can’t depend on your bank your credit card company or any third party to do this for you. There is no one who knows you as well as you do. You have to be an active participant and you have to know what’s going on because if not it could end up costing you a lot in the long run.
Sean: Sure. Yeah and even in my case I mean I got all of my money back but it took a lot of time and energy I probably lost over the course of three weeks. I probably lost a solid three or four days of work literally because of all the things that I had to do so.
Carrie: And imagine if you wouldn’t have caught that until three four months later.
Sean: Right. Exactly.
Carrie: If you didn’t look at your transactions if you waited because you said it already took you a few weeks to get that money put back well if you wouldn’t have reported it outside the required timeframe, you would have lost that money that would have been all on you. so you do need to be an active participant
Sean: Right. Good point. Well thank you again for taking the time to talk with us today it is an important topic it’s not you know it’s not all it’s not investment related and the hottest stock or mutual fund that you can buy but this is something that you know playing defense in your financial life is really a big deal and I learned, I mean I already knew that and I feel like overall I was pretty vigilant but I’ve definitely learned some new things that I, that I can and have already implemented to try to prevent this from happening again in the future and for anyone that’s listening I strongly encourage you, if you haven’t taken extensive steps to, you know, either because you’ve had something like this happen to you before and you took steps after the fact to contain that problem and prevent future issues or if nothing’s ever happened, I can’t stress enough how worth your while it is to invest a couple of hours to just get some things shored up that maybe might be leaving you exposed right now. So, Carrie thanks again for joining us and I look forward to talking with you soon.
Carrie: Well thank you for having me and thank you for doing what you’re doing to keep people educated. So thank you.
Sean: Thank you.