By M.P. DUNLEAVEY
ABOUT two weeks ago, I was alarmed by a phone message from my bank
alerting me to some "unusual activity" on my debit card. Unusual
wasn't the word. Someone had gone on a shopping spree -- $556.46 and
$650.81 at one store, $264.99 and $300 in charges that were pending at
another -- and none of it was mine.
My debit card was still in my wallet. I hadn't used it in days. The
bank said thieves might have created a counterfeit card. Someone -- a
store clerk, waiter, whoever -- could have used a card reader to
harvest the information imbedded in the magnetic strip to create a
fake one. The bank assured me the debit account was closed and the
thieves no longer had access to my cash -- but who could be sure? How
much of my personal information did these thieves get?
Between bouts of tears and frantic phone calls to my bank, I became
obsessed with what I might have done to prevent this.
The recent spate of data breaches was worrisome, but I never expected
to become a victim. Maybe I should have. Companies like Citigroup,
Bank of America, ChoicePoint and LexisNexis have lost, misplaced or
otherwise exposed the personal information of tens of millions of
Americans. Even the government concedes it lost records containing the
Social Security numbers of more than a million employees.
UNFORTUNATELY, although there are steps you can take to protect
yourself -- and you should -- there are no guarantees. "You cannot
protect yourself completely," said Edmund Mierzwinski, consumer
program director at the U.S. Public Interest Research Group in
Washington. "The best thing you can do is react swiftly if it does
happen."
That said, Mr. Mierzwinski endorsed the preventive measures offered by
Privacy Rights Clearinghouse (www.privacyrights.org), a nonprofit
consumer advocacy group, and by the Identity Theft Resource Center
(www.idtheftcenter.org), also a nonprofit. Besides the standard advice
to shred personal documents, following are some tips I found useful:
-- Avoid letting your cards out of your sight. Do not let store
clerks take your card away on the pretext that there's a "problem."
-- Restrict the access to your personal data by signing up for the
National Do Not Call Registry (www.donotcall.gov); remove your name
and address from the phone book and reverse directories -- and, most
important, from the marketing lists of the credit bureaus to reduce
credit card solicitations. The site www.optoutprescreen.com can help.
-- Consider freezing your credit report, an option available in a
growing number of states. Freezing prevents anyone from opening up a
new credit file in your name (a password lets you gain access to it),
and it doesn't otherwise affect your credit rating.
-- Protect your home computer with a firewall, especially if you have a
high-speed connection.
-- Rein in your Social Security number. Remove it from your checks,
insurance cards and driver's license. Ask your bank not to use it as
your identification number. Refuse to give your Social Security number
to merchants, and be careful even with medical providers. The only
time you are required by law to give your number, Mr. Mierzwinski
said, is when a company needs it for government purposes, like tax
matters, Social Security and Medicare.
-- Curtail electronic access to your bank accounts. Pay bills through
snail mail. Avoid linking your checking to savings. Use a credit card
for purchases rather than a debit card. Although I was able to get all
$1,772.26 reimbursed, I was lucky. While individual liability for
fraudulent credit card purchases is only $50, it can be higher for
debit cards: up to $500 or even all the money in your account in some
cases.
These and other preventive steps may help, but people really can't
safeguard their money and their data on their own. Robert Douglas, the
chief executive of PrivacyToday.com, a privacy advocate, believes that
this is not an issue of consumer responsibility but of corporate
negligence. "These companies are trying to tell people it's their
fault, but the largest breaches have been within the financial
services industry itself," Mr. Douglas said.
Mr. Douglas and Mr. Mierzwinski say that shredding documents is fine,
but calling your state and local representatives is better. "Companies
have refused to give consumers control over their financial DNA and
they've refused to take responsibility for their actions,"
Mr. Mierzwinski said. "What will stop identity theft are stronger
notification laws and stronger penalties, which we don't have now."
M. P. Dunleavey writes about personal finance for MSN Money.
Copyright 2005 The New York Times Company
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. Read New York Times on line each day with no login
nor registration requirements at:
http://telecom-digest.org/td-extra/nytimes.html
Lisa Minter (