Identity theft (“ID Theft”) is becoming more and more common. Many people are unaware of it until after it happens and are unsure of what to do when it does. There are steps at a personal level you can take to improve your IT security to reduce the possibility of it happening, and cyber security steps your company and ISP can take.
Not all fraud is ID fraud, and an IT security breach that allows access to your bank accounts might not, in itself be ID Theft. ID Theft is much more, where a thief uses your personal details to set up new loan accounts, claim on your medical aid account, or generally use your details to steal money or services.
Here are three things you should do after you find that you are a victim of ID theft.
How You Know You Are A Victim
The first indication is often a phishing email that you would normally dismiss as spam. It may talk about new accounts and unknown transactions that are from a familiar institution or perhaps an unknown source. The return address or web link is not valid for the sender. Do not ignore these emails. You might need to take action.
One obvious giveaway is to receive demands for payment on accounts you did not open.
If you suspect that you are a victim, do the following immediately:
Protect your Finances and Credit Status
You must check your bank and credit card accounts to make sure that they have not been compromised. Do this immediately after you suspect or realise you are a victim. One thing to help minimise the effects is to reduce withdrawal, payment and transfer limits as low as possible. Prevent the creation of new payment details.
You need to speak to your bank and credit card company to advise them that you believe that you are a victim. It might not be a full ID theft, only a bank or credit card account takeover. If necessary, they will freeze or shut down your accounts.
In the US, fraudsters using your Social Security number to open accounts means you need to report to the IRS, your HMO, or other lending agencies that have had accounts fraudulently opened.
Report a fraud alert to the major credit bureaux, Experian, Equifax and TransUnion. Their credit reports will show for the next year that you reported a potential ID theft. This alerts potential creditors, and hopefully reduces the risk of being refused credit because of an adverse report.
In some cases, you will need to open new accounts and transfer your account balances to them. Make sure that you will be issued new ATM cards as soon as possible.
If your employer pays you by credit transfer, give them the new account details to make sure you receive your pay in your uncompromised account.
Report the Theft
In the US, report the ID Theft to the Federal Trade Commission at http://www.identitytheft.gov/. FTC forms will help to prove you didn’t create fraudulent accounts. There are usually local equivalents in your jurisdiction if you are not in the US.
You should also report the theft to any companies where fraudulent or unknown transactions have occurred, or if your account with them has been compromised.
If you have any insurance against ID theft or misuse of your accounts you must report the theft to the police. A police report is often essential to be able to make an insurance claim.
Tighten Security
Some steps to take include:
- In terms of IT Security and general cyber security, you need to immediately change your access passwords to online cyber-banking through a PC or smart device.
- Wherever possible use two-factor authentication.
- Check your online social media and other accounts. Remove any personal information such as phone numbers and addresses
- Regularly review your credit card, bank statements and credit reports to look for new accounts you didn’t open or any suspicious transactions.
Finally, if you are really worried, sign up for credit monitoring with an online service. Some are chargeable, while others are free. Some chargeable services also provide insurance cover against ID Theft.
ID theft does happen, but if you are proactive and vigilant you can hopefully stop it before it happens and minimise its effects if it does.