Identity Management FAQs

Frequently asked questions

Frequently Asked Questions

What are the five simplest steps consumers can take to prevent identity theft?

Follow these five steps to reduce your risk:

  1. Shred it. Identity thieves love recycling your trash, so invest in a quality crosscut shredder. Shred everything with your name and address, such as bank and credit card statements, invoices, receipts, return address stickers, envelopes, catalogs and—especially—pre-approved credit offers, checks and insurance-related materials.
  2. Guard it. Encrypt emails and computer files that contain personal or account information. Use firewalls, antivirus and anti-spyware programs. Keep all your technology, including smartphones, current with the latest security updates. Always employ "strong" passwords that contain numbers, symbols and characters, and nothing obvious like birthdates or names. LastPass, an online and app password manager, offers a free service to generate complex passwords. Don’t write passwords down and ensure you change them often (at least every three months). Finally, don’t use the same password for online banking that you use for shopping or social networking sites.
  3. Lock it up. Keep doors and drawers secure - identity thieves can't steal your information if they can’t get to it. Keep paper files (e.g., bank or credit card statements, passports, Social Security cards, earnings statements, birth certificates and any other documents with personal information) in a fire-proof safe and scanned copies in a password protected account in the Cloud. Always be aware of who has access to these documents, such as household employees, work crews and family members.
  4. Check your credit reports early and often. Review your credit reports from the three reporting agencies—TransUnion, Experian and Equifax—at least twice a year. Visit annualcreditreport.com, the government-mandated source for free credit reports. Investigate suspicious activity and stay on top of it until the matter is resolved.
  5. Keep your Social Security number to yourself. It takes surprisingly little to set up fraudulent accounts and establish false credit in someone else's name—sometimes only a Social Security number (SSN) and address will do. Never carry your SSN or card in your wallet or purse unless absolutely necessary, like when starting a new job, and never give out your number to anyone you don’t know and trust Provide your SSN only when required and, if any organization, company or medical provider attempts to use your SSN as an identifier, ask them not to. (Many laws prevent this, in fact.)

What are some common signs that your identity might be at risk of theft?

  • A credit card you don’t know about has been opened in your name.
  • Your insurer sent an Explanation of Benefits for treatment you never received.
  • Someone recently broke into your house and stole personal documentation.
  • Your car was recently stolen, and your wallet, registration and/or bills containing personal information were in it.
  • You never received your W-2.
  • You tried to file a tax return but someone already filed in your name.
  • A retailer said your personal information was involved in a breach.

What are the steps consumers should take when they've had their identity stolen?

  1. File a police report. Many fraud departments will require a copy of this report to validate a customer’s status as an identity theft victim.
  2. Place a fraud alert with credit bureaus. Fraud alerts signal creditors to verify a person’s identity before authorizing a new credit account in their name. Place 90-day alerts offered by Experian at (888) 397-3742, Equifax at (800) 525-6285 and TransUnion at (800) 680-7289.
  3. Get a free credit report. Review your credit at no cost. Ask for a 3-in-1 merged credit report with a summary from all three credit bureaus (ExperianEquifax and TransUnion). Under the federal FACT Act, consumers are entitled to one free credit report each year from each of the major agencies. For details, visit annualcreditreport.com or call (877) 322-8228.
  4. Cancel all credit and debit cards. Do this sooner rather than later. Tip: This will go faster if you keep an up-to-date list of credit and debit cards at home in a secure location.
  5. Contact financial institutions immediately. Be sure to close checking accounts and any other connected accounts. Request stop payments on all stolen check numbers. Open a new account with a new number and make all requests in writing.
  6. Contact other providers. Call insurance carriers, libraries, gyms and any other locations where you may have a membership. Create a document that lists the dates and times of your actions, as well as the people you talk to and what information was discussed. This information can be helpful if the case ever leads to a civil or criminal lawsuit.
  7. Contact the Federal Trade Commission. Call the FTC’s identity theft hotline at (877) 438-4338 and file a complaint.

Is there a month or time of year where more identity thefts take place?

Although identity thieves use compromised personally identifiable information (PII) immediately after they obtain it, according to the CyberScout Resolution Center, the first tax filing day in January is a common time for theft. Any compromised PII can be used to file taxes to get early returns before the true customer files. The CyberScout Resolution Center sees a 200% increase in fraud calls and cases between February and May.

How long does it typically take to resolve an identity theft problem?

It depends on how involved the fraud and identity theft is, according to the CyberScout Resolution Center. Factors that play into the timetable are how long it takes for the victim to file a police report and then return required documentation for the Resolution Center to proceed.

Estimated time on cases:

  • The CyberScout Resolution Center can resolve the fraud in 60-90 days in normal financial identity theft cases.
  • In more complicated cases where there may be multiple types of fraud, it can take from 90 to 120 days.
  • In extreme cases, which include tax fraud and the turnaround time for the IRS to resolve and issue a refund, possibly more than a year.

How much do consumers spend to resolve identity theft?

Calculating the cost of resolving identity theft can be tricky because there are many different types, all of which involve different levels of direct and indirect losses, as well as various resolution challenges. A direct loss includes the amount of money an identity thief steals. Indirect losses refer to all the costs that add up during the resolution process, such as attorney fees, notary charges and extra banking fees. The average combined cost for direct and indirect losses is $1,343.1

1"Victims of Identity Theft," Bureau of Justice Statistics, September 2015.

Do shopping websites protect against identity theft?

Generally speaking, e-commerce sites focus on website security and complying with the Payment Card Industry Data Security Standard (PCI DSS) versus directly protecting against identity theft. If you see "https" and, in certain web browsers, a green padlock icon in the URL, it indicates that a site is encrypted and safe to send PII. Payment card industry regulations are designed to continually improve account security with standards and rules that companies accepting credit card information must adhere to.2 However, it's important to keep in mind that even secure sites can experience data breaches that can lead to identity theft.

2PCI Compliance Guide.org, PCI FAQs, https://www.pcicomplianceguide.org/pci-faqs-2/#1.

How can criminals steal your identity when you’re online?

Identity thieves have direct and indirect ways for trying to steal your identity when you’re online.

  • Phishing: Fraudsters send emails that appear to be from a trusted retailer or financial institution asking you to update or verify personal information.
  • Deceptive websites: Criminals can create fraudulent websites to trick you into sharing personal information.
  • Data breaches: Hackers break into a retailer’s systems to access its customers’ PII, which can then be sold or used for identity theft. In 2015, 32.1 million consumers were notified of data breaches, with 21.5 percent reporting that they became victims of fraud.3

3"2016 Identity Fraud: Fraud Hits and Inflection Point," Javelin, February 2016.

Are there programs designed to secure online purchases?

Yes, check with your bank or credit card provider to see if they offer any secondary security features for making online purchases. Antivirus and internet security companies offer software that resides on your computer for additional protection.

Which states have the most identity theft?

States with the highest per capita rate of reported identity theft complaints:

1. Missouri

2. Connecticut

3. Florida

4. Maryland

5. Illinois

6. Michigan

7. Georgia

8. Texas

9. New Hampshire

10. California

What types of identity thefts are on the rise?

Scams, fraud attempts, data breaches and other related identity theft crimes are on the rise. Example scams include:

  1. iTunes gift card scams: Callers pose as your credit card company, or even the IRS, demanding payment via iTunes gift cards. In the IRS version, agents frighten their victims into believing they face serious penalties and criminal consequences for failing to pay their taxes. The only saving grace the victims are given is to pay immediately with iTunes gift cards.
  2. Romance scams: The FBI warns consumers to avoid money requests from strangers seeking financial assistance.
  3. Scams targeting college students: Some scams specifically affect college students by offering prospective students phony financial aid applications to steal their identifying information and "easy money" work opportunities.
  4. W-2 phishing scams: "Boss phishing" is the practice of reaching out to someone in a company while pretending to be someone higher up. The typical target in these cases is the company's W-2 forms. Other boss phishing attempts seek customer databases, payment methods and related information.
  5. Healthcare breaches: Ransomware is a form of malicious software that locks up a computer network, downloads databases of sensitive information or otherwise gains access to valuable data. Once the software is installed and the victim’s service is disrupted, the scammer reaches out and offers to fix the issue for a price. Scammers know that many victims may simply pay the ransom rather than face potential lawsuits and HIPAA violation fines.

How can I protect myself from identity theft on social media?

According to the Pew Research Center, 65% of adults use social media and among people aged 18 to 29, the percentage skyrockets to more than 90% of the population. For a family with kids, a staggering amount of information finds its way onto potentially public forums. As usage increases, so too does the risk of identity-related crimes. A good fraudster or scam artist can use all kinds of information to profit at your expense:

  • Checking-in: Some sites allow other individuals to check you in to geographic locations. Many people don’t mind this option but remember that when you tell people where you are, you are also telling them where you aren't – at home. Criminals can use this information to gain access to your home. Consider disabling this feature.
  • Posting personal information: Do not post information like your birthdate, physical address or other details online that help identity thieves. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing.
  • Friend requests from unknown individuals: The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on social media sites. If you interact with people you do not know, be cautious about how much information you reveal or about agreeing to meet them in person.
  • Apps: Many apps have access to your friends list, posts and other information. Consider editing the app privacy settings, either within the social media site or through each app individually, to remove these permissions. Remove any apps that are no longer in use.
  • Public searches: For those who are extremely security conscious, some sites grant you the ability to remove your profile from being found when someone looks for you on a search engine. If you want to remain hidden, look for this option and activate it.

What devices are cybercriminals targeting most to snatch identities and how are they targeting consumers?

Cybercriminals are continually coming up with new ways to get to the information they want. Some of the more common devices targeted are:

  • ATM, movie rental or gas dispensers. Thieves often attach "skimmers" designed to look like real card-reading devices to these automated points of sale. The skimmers read and collect card information, giving thieves access to your accounts.
  • Public and in-car Wi-Fi. Turn off Wi-Fi on your devices whenever possible, especially around untrusted hotspots. Also, be sure to delete old networks to improve security on your devices which will remove additional ways for hackers to access your data.
  • Chip card readers. Chip cards are harder to counterfeit than their magnetic strip counterparts. Criminals have begun using stolen personal information, such as Social Security numbers, to open new credit cards and run up charges in victims’ names.
  • Smartphones through Adware. While consumers may think adware found on their mobile devices is harmless, they could be at risk for data theft. A report from IT security firm Avast revealed apps in the Android app store, Google Play, could potentially infect millions of users with adware. Android is one of the most prevalent operating systems and with this popularity comes the attention of hackers looking to exploit security flaws.
  • Point-of-sale (POS) systems. Checkout registers and kiosks in stores can be targeted by using malware. Cybercriminals infiltrate POS systems and infect them with malware to steal personal and financial information.
  • Bluetooth. Like any other wireless communication system, Bluetooth transmission can be deliberately jammed or intercepted. False or modified information could be sent to the users by the attacker. Common vulnerabilities include:
    • Bluejacking: the process of sending unsolicited messages to Bluetooth-enabled devices.
    • Bluesnarfing: the illegal theft of information from Bluetooth-enabled devices.
    • Bluebugging: the attacker exploits Bluetooth-enabled devices to get unauthorized access of the system and manipulate the target device to compromise its security.
  • Computers through ransomware. Although consumers are often careful about how they use the internet to avoid malware, cybercriminals discover new ways to disguise these threats, including ransomware. Hackers, in a new scheme, send emails to consumers claiming their Google Chrome version is out of date and could be vulnerable, according to Infosecurity Magazine. However, the download that comes with this supposed update is actually ransomware. This type of malware aims to take sensitive files as well as virtual money like Bitcoin. Infosecurity Magazine recommends consumers avoid unsolicited emails and install malware detection tools on their devices.

How can a person protect their identity when a retailer is hacked and there is a risk their personal information is stolen?

  • Check your credit reports at least twice a year. Ask for a 3-in-1 merged credit report with a summary from all three credit bureaus. Under the federal FACT Act, consumers are entitled to one free credit report each year from each of the major agencies. For details, visit annualcreditreport.com or call (877) 322-8228.
  • Enroll in credit monitoring to regularly check credit activity in your files.
  • Enroll in fraud monitoring. This goes far beyond credit monitoring alone as it can watch for signs of identity theft and fraud in public records, internet chat rooms, criminal records and more, and alert you of attempts to alter or acquire your identity data.

How do I know if my information is secure when shopping online?

  • Shop on secure sites. Only use websites with "https" in the URL and a green padlock in the browser bar. Double click on the lock to see a digital certificate of the website. Review these certificates on unfamiliar sites.
  • Never enter personal information, especially your Social Security number or passwords for email and bank accounts as part of the buying process with online retailers.
  • Leave suspicious websites immediately. Don’t click on any of the site’s links, run content or download software.
  • Use a credit card. Your debit card is linked to your checking account and if you buy from a fake website, the cash is gone and hard to get back.
  • Consider using a virtual credit card number. These are single-use (also called disposable, secure or virtual) credit card numbers. A single-use credit card number is an alias for your actual credit card number, and is offered by most major credit card issuers. When shopping online, use this number instead of your real account number. Purchases that you make with your temporary number show up on your statement like all of your other transactions.

Are there any red flags that might indicate a site may be unsafe?

Here are some sure signs to check:

  • The site does not list a physical address or phone number.
  • There is no return policy.
  • Prices are too low to be believable.
  • Credit cards are not accepted.
  • The site is unencrypted for online safety.
  • There is no privacy statement.

Which is worse when it comes to identity theft: buying something online or using a credit card at a store?

Online shopping is now second-nature for millions of consumers, but it carries certain risks for identity theft. Some shoppers might think that avoiding online purchasing will eliminate potential problems, but in-person shopping can have its own perils.

Determining the safest method for shopping isn't necessarily about choosing one or the other - it all comes down to knowing how to shop safely in either environment. Consider these potential identity theft pitfalls of shopping in person and online:

Online obstacles:

  • Shopping on an unsecured website. If you don't see "https" in the URL of a page on which you're making a purchase, identity thieves might be able to access your personal information.
  • Storing payment information on retailer sites. If you save your credit or debit card numbers on a retailer's website to make future payments more convenient, that information can be stolen if thieves hack the website.
  • Having weak passwords. If you're using an easily guessable password (like basic words, your birthdate or children's names), a savvy hacker could gain access to your accounts and steal your identity in a snap. Always employ "strong" passwords that contain numbers, symbols and characters. LastPass, an online and app password manager, offers a free service to generate complex passwords. Change passwords at least every three months and don’t use the same one for online banking that you use for shopping or social networking sites.
  • Letting your card out of sight. If a clerk takes your card to an out-of-sight spot, you could be at risk of identity theft. Don't ever let someone take your card to a place where you would be unable to see them writing down the number and other information.
  • Skimming. You might not give a second thought to using an ATM or paying for things like gas or rental movies with the swipe of a card. Thieves are well aware of that fact and sometimes attach "skimmers" designed to look like real card-reading devices to these automated points of sale. The skimmers read and collect card information, giving thieves access to your accounts.
  • For our nation’s military service members, identity theft, unfortunately, remains the number one complaint. And while in past years consumers of all ages reported incidents of the crime at relatively similar rates, the numbers now paint a different picture. Consumers between the ages of 40-69 are reporting identity theft at higher rates, suggesting a growing awareness of this crime—and vulnerability.
  • Seniors: More seniors are reporting identity theft. In 2016, consumers between the ages of 40-49 and 50-59 accounted for 15 percent and 24 percent of complaints, respectively, both up from the previous year. And the numbers for seniors are likely to be even higher, according to an AARP survey which found that "victims 55 years of age and older were significantly less likely to acknowledge that they were defrauded than victims under 55." All-too-common scams include tax identity theft, medical identity theft and fraud committed by nursing home and long-term care staff.
  • Military personnel: Service members are reporting identity theft at a higher rate—30 percent more than in 2015. And they're experiencing more familiar fraud and new-account fraud than most populations, according to the 2015 Identity Fraud Report from Javelin Strategy & Research. The military has used personally identifying information (PII), such as Social Security numbers, as general identifiers for personnel, which increases theft risk. Moreover, deployed military personnel who do not place an active duty alert on their credit files are easy targets for friends or family members.
  • College students: Identity theft complaints among college-age students may have dropped slightly, but this group is four times more likely to have their identity stolen through familiar fraud than other populations, according to the 2015 Identity Fraud Study by Javelin Strategy & Research. Much of the issue is likely due to awareness of behaviors that may put them at risk, as well as limited understanding of the costs and challenges of identity theft. For example, students are often very aware of computer security, but they share personal information widely and may not understand the importance of locking away or shredding important documents and IDs, and regularly checking their credit reports.

Retail risks:

  • Letting your card out of sight. If a clerk takes your card to an out-of-sight spot, you could be at risk of identity theft. Don't ever let someone take your card to a place where you would be unable to see them writing down the number and other information.
  • Skimming. You might not give a second thought to using an ATM or paying for things like gas or rental movies with the swipe of a card. Thieves are well aware of that fact and sometimes attach "skimmers" designed to look like real card-reading devices to these automated points of sale. The skimmers read and collect card information, giving thieves access to your accounts.

What activities put you at the highest risk for a cyberattack?

More often than not, cybercriminals exploit vulnerabilities that are well-known, according to the 2016 Verizon Data Breach Investigations Report. And the compromise of business, employee and customer information can lead to identity theft.

Important Statistics:

  • 85 percent of attacks target known vulnerabilities.
  • 80 percent are financially motivated.
  • 63 percent of data breaches involve weak, stolen or default passwords.
  • Ransomware attacks are up 16 percent from 2015 to 2016.

Common Activities that expose you to the risk of identity theft:

  • Using weak passwords. Always employ "strong" passwords that contain numbers, symbols and characters. LastPass, an online and app password manager, offers a free service to generate complex passwords. Don’t use obvious passwords, such as your birthdate or names. Change passwords at least every three months and don’t use the same one for online banking that you use for shopping or social networking sites.
  • Opening suspicious email attachments.
  • Losing or not securing devices.
  • Relying on simple login processes instead of more robust ones, such as two-factor authentication.
  • Failing to encrypt data when appropriate.

Who is most vulnerable to identity theft?

Think identity theft mostly happens to older people? Or to high-income earners? The truth is that identity thieves focus their efforts wherever the opportunities are, and there are plenty of opportunities across most age groups.

Most Affected Group:

Here’s a look at three groups identity thieves target and why:

  • Seniors: More seniors are reporting identity theft. In 2016, consumers between the ages of 40-49 and 50-59 accounted for 15 percent and 24 percent of complaints, respectively, both up from the previous year. And the numbers for seniors are likely to be even higher, according to an AARP survey which found that “victims 55 years of age and older were significantly less likely to acknowledge that they were defrauded than victims under 55.” All-too-common scams include tax identity theft, medical identity theft and fraud committed by nursing home and long-term care staff.
  • Military personnel: Service members are reporting identity theft at a higher rate—30 percent more than in 2015. And they’re experiencing more familiar fraud and new-account fraud than most populations, according to the 2015 Identity Fraud Report from Javelin Strategy & Research. The military has used personally identifying information (PII), such as Social Security numbers, as general identifiers for personnel, which increases theft risk. Moreover, deployed military personnel who do not place an active duty alert on their credit files are easy targets for friends or family members.
  • College students: Identity theft complaints among college-age students may have dropped slightly, but this group is four times more likely to have their identity stolen through familiar fraud than other populations, according to the 2015 Identity Fraud Study by Javelin Strategy & Research. Much of the issue is likely due to awareness of behaviors that may put them at risk, as well as limited understanding of the costs and challenges of identity theft. For example, students are often very aware of computer security, but they share personal information widely and may not understand the importance of locking away or shredding important documents and IDs, and regularly checking their credit reports.