Target CEO is out – National Consumers League

This week, the CEO of Target, Gregg Steinhafel, resigned. He was unable to recover from the damage caused by a massive data breach at the company – which happened right in the middle of the holiday shopping season last year. Last December, Target announced that 40 million customers’ credit and debit cards and personal information had been compromised.  Steinhafel was with the company for 35 years.

Target’s experience is a cautionary tale for corporate leadership. The company was slow to respond to the panic that set in when consumers learned their card information had been compromised. I remember reading the advisory the company posted in December telling consumers all the things they had to do to protect themselves. There was precious little the company shared with its valued customer base – many of whom were Target credit card holders  – about what it intended to do to protect customers after the breach and into the future.

NCL issued a statement after the breach calling on retailers in the US to get with the program and adopt a more secure credit card system of Chip-and-PIN. That protocol is used widely in Europe and is less vulnerable to hacking at the point of sale. Criminals are busy 24/7 figuring out how to hack into retailer databases. We need to fight fire with fire. American consumers deserve the best protection for our financial transactions that the industry has to offer. Companies that don’t adopt these protections will find themselves much like Target  – losing customers’ trust and their business along with it.

Announcing the #DataInsecurity Project – National Consumers League

Last December, millions of consumers busily rang up more than $600 billion in holiday purchases. Unfortunately, hackers were also having a field day — at consumers’ expense. We learned that lax security procedures combined with an insecure payment mechanism resulted in as many as 110 million shoppers at retail giant Target having their personal information compromised.

Security researcher Brian Krebs, who first broke the story of the Target breach, recently published a startling set of numbers that demonstrates the impact of this one incident. They include:

  • $200 million – The cost to credit unions and community banks for reissuing 21.8 million credit and debit cards;
  • $18-35.70 – The media price range per card stolen from Target and resold on the black market in the months after the breach;
  • 1-3 million – The estimated number of cards stolen in the Target breach that were sold on the black market and successfully used to commit fraud;
  • $53.7 million – The estimated income that hackers generated from the sale of 2 million cards stolen from Target (at a median price of $18-35.70); and
  • $55 million – The size of outgoing Target CEO Gregg Steinhafel’s golden parachute.

Sobering as these numbers are, they represent the fallout from a single data breach, albeit a massive one. In 2013, the Verizon RISK team reported more than 1,300 data breaches. The non-profit Privacy Rights Clearinghouse, which tracks data breaches, reported that more than 257 million records were compromised last year as well. A recent study by the Ponemon Institute found that the average total cost of a data breach in the U.S. is $5.85 million per incident. The probability that a U.S.-based organization will experience a breach of at least 10,000 records in the next 2 years is 18.7 percent, according to the Ponemon study.

By 2020, annual global data production is expected to hit 35 zettabytes, (or 35 trillion gigabytes). This data explosion will power unfathomable changes to consumers’ daily lives. However, the existence of that much data – much of it personal and very valuable to malicious actors – demands stronger security practices. Federal agencies like the FTC are doing yeoman’s work to hold companies to account for lax data security. But the FTC’s authority in this area is in question in the courts, and case-by-case adjudication is unlikely to sufficiently address the larger problem. Organizations like the National Institutes of Standards and Technology have developed voluntary frameworks for cybersecurity, but companies and other entities are not compelled by law to adopt it. Standards bodies like the PCI Security Standards Council have industry backing, but they are sector-specific.

While no one can wave a magic wand and solve the problem of data security, more can and should be done in Congress to give enforcement agencies the tools they need to protect consumer data and prod industry to make data security a top priority.

That is why we are announcing today the launch of the NCL #DataInsecurity Project. We are calling on policymakers in Congress, federal agencies and the states to be champions for data security. For too long, policy inertia has prevented meaningful reform on Capitol Hill and elsewhere that would better protect consumers’ data. There are a number of promising bills currently pending in Congress, but more can and must be done. Pro-consumer steps to enhance data security include:

  • Creating a national data breach notification standard, modeled on strong state protections such as California’s;
  • Requiring businesses that maintain consumers’ personal data to protect that information via specific data security requirements;
  • Giving the Federal Trade Commission and state Attorneys General civil penalty authority to enforce violations of data security requirements;
  • Increasing civil and criminal penalties for malicious hacking;
  • Increasing efforts to enhance cooperation with international partners to bring overseas hackers to justice;
  • Requiring retailers and banks to implement the highest level of security available to protect consumers’ payment data

In an era when vast amounts of data are being collected about them, consumers must have confidence that their information is safe. The Target breach was a wake-up call. We can no longer sit idly by while sophisticated hackers steal with impunity and businesses accept the status quo as just another cost of doing business. The time for reform is now.

FTC report shines light on continuing problem of ID theft – National Consumers League

In the world of fraud fighting, the release of the Federal Trade Commission’s Consumer Sentinel Data Book is something of a wonky holiday. Yesterday was no exception, with the agency publishing the annual report, which examines trends in the 2 million-plus complaints the FTC receives annually. The headline of the report was depressingly familiar: identity theft continued to be the biggest driver of complaints to the FTC for the 14th straight year.

This trend is one of the reasons NCL produced our State of Identity Theft in 2013 report last year, which examined the continuing threat of ID theft and why we are making the issue of data insecurity a top priority in 2014.

Looking deeper into the Sentinel data, some additional interesting trends and questions come to light, including:

  • Does youth correlate with risk of identity theft? The FTC noted that 20% of ID theft complaints came from consumers aged 20-29, who comprise only 13.8% of the population. There is also a steady reduction in ID theft complaint rates as consumers get older. For example, 8% of ID theft complaints come from consumers aged 70-plus, which is consistent with their overall 9% distribution in the population. An open question is whether identity theft risk decreases as consumers age or whether the correlation is due to an increased likelihood that younger consumers will report identity theft.
  • The telephone is scammers’ contact method of choice. While recent news has been dominated stories about high-tech data breaches, it appears that scammers are returning to a somewhat old-fashioned tool: the telephone. Last month’s Fraud.org Top Ten Scams report noted that telemarketing fraud was making a major comeback, with 36% of complaints mentioning the telephone as the method of contact. The FTC’s new data confirmed this, finding that 40% of complaints cited the telephone as the method of contact. The telephone is now the preferred method of contact by scammers, overtaking email for the first time since 2011. Congress is taking notice as well. In December, a bipartisan group of legislators introduced the Anti-Spoofing Act, which would crack down on scammers disguising their calls by altering Caller ID information.
  • Scammers shifting technique in “grandparent’s scams.” Con artists have long used the story of a loved one in distress to defraud consumers, particularly older adults. Also known as the imposter scam, this fraud starts with the fraudster calling a victim with an urgent appeal for funds to help a friend or family member in need. For example, the scammer might claim that a beloved grandson was in a car accident overseas and needs money to pay a hospital bill or to get bailed out of jail. More than 121,000 consumers reported an imposter scam to the FTC in 2013, an increase of more than 36,000 complaints since 2012. The scam is evolving as well. Whereas fraudsters used to impersonate a friend or family member, they are increasingly claiming to represent a business or government official.
  • Encouraging signs in the fight against lottery scams. For the second year in in a row, complaints about this type of fraud have decreased (down by almost more than 10,000 complaints since 2011). Thanks in part to consumer education campaigns like DeliveringTrust.com growing awareness of these scams seems to be having an impact.

More than 2.1 million complaints were filed with the FTC in 2013, with reported losses of more than $1.6 billion. Given that fraud is a chronically underreported crime, we should assume that many millions more consumers were harmed. As we prepare to mark National Consumer Protection Week, this new data should serve as a reminder of the immense toll that fraud takes on U.S. consumers.

This data should push all of us — anti-fraud advocates, law enforcement, policymakers and everyday consumers — to redouble our vigilance in the fight against scammers.

Target data breach a wake-up call for retailers, policymakers – National Consumers League

92_creditcard.jpgAmericans assume that, when they shop, their personal financial information will be kept private and away from identity thieves. Unfortunately, that is not always the case, as evidenced by the more than 4,000 data breaches that have been reported since 2005 — an average of more than one a day over the last nine years. The latest headline-making breach involving the mega retailer Target is making many of us wonder just how safe our data is.

After data breaches occur, the burden for monitoring credit cards and recovering lost funds typically falls squarely on the affected consumers’ shoulders. This can cost the consumer significant time and money. If you think your personal information may have been stolen by cyber thieves in the Target data breach or any other data breach make sure you follow these tips:

  • Check credit card statements and your bank account every day to see if there are any unfamiliar charges. If you see any suspicious activity, report it to your bank immediately.
  • Monitor your credit report. It is a good habit to check your credit report at least once a year. If you think your personal information may have been compromised, check it sooner. Consumers can obtain one free credit report per year from each of the three credit reporting agencies via annualcreditreport.com.
  • Stay vigilant. Fraudsters may wait months to use your personal information.

Consumer advocates hope that the scale of the Target data breach will serve as the impetus for much needed data security reform. The time for change is now!

Although consumers’ financial information will never be 100 percent secure, there are things that can be done. Retailers can use advanced encryption technology and more secure firewalls. Credit card companies can encourage the use of “Chip and PIN” technology in their credit cards. Our politicians can pass legislation establishing a national data breach notification standard and urge the Obama Administration to explore incentives and penalties to encourage private sector businesses to better protect consumer data. These changes will not happen without pressure from consumers.

Target has provided a “responses and resources” page for consumers affected by the breach. Click here for more information. The FTC also has information for consumer online here.

The time for credit card security reform is now – National Consumers League

During the busiest shopping time of the year – the period between Thanksgiving and Christmas – Target, one of America’s largest retailers, suffered the second biggest data breach in U.S. history as 40 million credit and debit cards were compromised. 

Americans assume that when they shop their personal financial information will be kept private and away from identity thieves. Unfortunately, that is not always the case evidenced by the more than 4,000 data breaches that have been reported since 2005, an average of more than one a day over the last nine years.

Consumer advocates hope that the scale of the Target data breach will serve as the impetus for much needed credit card security reform. The time for change is now. Although consumer’s financial information will never be 100% secure, there are things that can be done. Retailers can use advanced encryption technology and more secure firewalls. Credit card companies can encourage the use of “Chip and PIN” technology in their credit cards. Our politicians can pass legislation establishing a national data breach notification standard and urge the Obama Administration to explore incentives and penalties to encourage private sector businesses to better protect consumer data. These changes will not happen without pressure from consumers.

This week, a group of Democratic Senators requested that the Senate banking Committee hold hearings to examine cybersecurity practices. The letter, written by Senators Robert Menendez (D-NJ), Mark Warner (D-VA), and Charles Schumer (D-NY) stated, “We believe it would be valuable for the Committee to examine whether market participants are taking all appropriate actions to safeguard consumer data and protect against fraud, identity theft, and other harmful consequences, and whether we need stronger industry-wide cybersecurity standards.”

Changing and improving security standards will inevitably cost time and money. No one wants to foot the bill for needed innovations. Our lawmakers must capitalize on the current consumer awareness of the need for better cybersecurity and hold a congressional hearing to determine how businesses can better protect consumer data.

Parents: Take control over your children’s use of technology – National Consumers League

From smart phones to tablet computers, to the hundreds of channels and thousands of on-demand video offerings on TV, consumers have never had more options for how to spend their time. For parents, however, the amount of content that is out there can often lead to anxiety – about what their children watch on TV, what Web sites they are visiting and who they are talking to from behind all those electronic screens. So what’s a concerned parent to do?

To address this issue, many communications carriers have created technology that gives parents control over their kids’ use of their devices and services. “Parental control technology” describes a wide variety of software and hardware solutions that parents and caregivers can use to restrict the content their children can access and the people they can communicate with.

The challenge is that, depending on the technology, medium, and service provider, parental control options vary quite a bit, so finding the most effective way to protect your children from adult content you’d rather not let them access can be tough.

To address this, NCL has created a new series of articles to help consumers navigate the landscape of parental control technology and find the options that are best for their families.

Best practices

Parents often worry that, compared to their tech-savvy teens and pre-teens, they have little hope of keeping up with their use of technology. The truth is you don’t have to be a computer or technical expert to prevent your young ones from accessing content that you deem inappropriate. Here are some basic rules of the road to keep your kids safe online.

  • Talk to your children so they know what is acceptable, what sites you want them to stay away from, and who they are allowed to text, for example. This will help both you and your and children start a dialogue about safe use of technology.
  • Find out where they’re hanging out online. Get familiar with the Web sites your child or teen visits. Have them show you their favorite sites and discuss what they like about them.
  • Make sure your children understand that they should never give out identifying information about themselves, friends, or family members. This includes names, addresses, phone numbers, where you work, email addresses, passwords, social security numbers, and credit card numbers.
  • Create a technology “inventory.” Parents should know what technologies their children are using and what those devices are capable of. For example, does the families’ cable television service include on-demand content (potentially with access to adult programming)? Do the children’s cell phones include an Internet browsing capability? Are parental controls on the Internet browser’s software enabled?
  • Set up your computer in a central, open location, like the living room or kitchen, so Internet use can be supervised.
  • Create a family agreement for Internet use that includes items such as hours of use, what sites can be accessed, and what sites are off-limits.
  • Tell your children that if someone they are talking to online harasses, bullies, or makes them uncomfortable in any way, they should talk to a parent, teacher, or an adult they trust.

Every family is unique. We all have our own set of criteria for what we are comfortable with. Not all of these suggestions will apply to your family situation, and they are not intended to be a complete list of all available options. Hopefully, this can at least serve as a starting point to begin a conversation about safe practices for going online, watching TV, and connecting with others.

Parental controls and wireless phones

Many parents have come to the decision that their kids need access to wireless phones – for safety and peace of mind. Luckily, most carriers offer a variety of helpful features that give parents and caregivers a say in what their children see and do with their souped-up phones.

The use and accessibility of smartphones has skyrocketed in recent years, as more and more Americans now turn their wireless device to access the Internet. The ability to immediately access the Internet while on the go marks an important shift in the way we log on, and parents often worry that smartphones are just another way for their young ones to access inappropriate content, connect with strangers, and make unauthorized purchases—all while outside of the home. Luckily, most carriers offer a variety of helpful features that give parents and caregivers a say in what their children see and do with their souped-up phones.

Purchase blocker: prevents users from making purchases that are direct-billed to the account holder, such as ringtones, downloads, applications and games.

Content filters: Similar to blocking sites and services on your home computer, many wireless carriers offer content filtering features that help block access to mobile sites with mature content as well as filter out inappropriate sites from search results. Some carriers, such as Verizon, have created their own rating system of mobile content. Verizon offers three content settings: appropriate for ages seven and up, 13 and up, and 17 and up. These three setting are all easy to change and reset as your child grows and matures.

Usage restrictions: allow parents to set caps on the number of text messages or downloads allowed over a set period, as well as restrict when the phone can be used, who can be called or texted, and what kinds of content can be accessed online. Other restriction features include the ability to set a dollar limit on monthly downloadable purchases, selecting the amount of web browsing/data usage allowed per billing cycle, and creating lists of pre-approved “favorites” and blocked numbers for you child’s phone.

When your child begins to approach the monthly text, download, or talking limits, companies like AT&T will send an advance warning. Once a limit is reached, there will be a notification that the action is restricted and that the service will be stopped until the start of the next usage period. Depending on your wireless carrier, some of these features may cost a small monthly fee.

Family location services: Worried about where your kids are? Almost all major wireless carriers provide a tracking service that lets you know where your family members are. Using your phone or home computer to log on, you can set up certain boundaries for where you expect your child will be. When they move outside the arranged area with their phone, you can receive text or email alerts. You can also receive daily notifications at set times, assuring you that your child arrived home safely after school or other activities. All carries charge an extra monthly fee for this tracking service.

To find more about what options are available on your plan and carrier, contact your wireless service provider directly. For more general information on wireless parental controls, visit the Online Mom.

From phones to TV and computers, make sure your young ones understand that parental controls are not about punishment—they’re about safety. Talk to them about the importance of using the web responsibly instead of simply implementing tough restrictions. Teaching your kids about online safety can be a great opportunity to discuss good decision-making and time management skills. The Internet is an incredible tool that offers an amazing wealth of information and ideas. Go explore!

What are your kids watching?

Many shows on television, whether on broadcast or cable networks, are for adult eyes only. Like with their use of the Internet, there are a variety of different ways you can keep your children from stumbling across explicit or violent content.

Many shows on television, whether on broadcast or cable networks, are for adult eyes only. Like with their use of the Internet, there are a variety of different ways you can keep your children from stumbling across explicit or violent content.

Television

As parents are well aware, the Internet isn’t the only place where kids can be exposed to inappropriate content. Many shows on television, whether on broadcast or cable networks, are for adult eyes only. Like the Internet, there are a variety of different ways you can keep your children from stumbling across explicit or violent content.

Since 2000, the Federal Communications Commission (FCC) has required that all televisions larger than 13 inches be equipped with what’s called a V-chip. A V-chip lets parents and caregivers block programming that they don’t want children to watch. All television programs are assigned a rating according to a system established by the television industry, which appears onscreen during the first 15 seconds of the program. The rating is encoded with the program before it airs. Parents can use their television set’s remote control to program the V-chip to block programs that carry certain ratings. The current rating system deems what’s appropriate as follows:

  • TV-Y: All children.
  • TV-Y7: Children 7 and up.
  • TV-G: General audience – suitable for children and adults.
  • TV-PG: Parental guidance suggested – violence, sexual situations, coarse language and/or suggestive dialogue.
  • TV-14: Parents strongly cautioned – intense violence, sexual situations, coarse language and/or suggestive dialogue.
  • TV-MA: Mature Audience Only – graphic violence, explicit sexual content and/or offensive language.

For more information on the V-chip, including specific instructions on how to program your V-chip at home, visit the FCC guide by clicking here.

Cable and satellite TV programming

If your family has cable television, you have even more options on how to block access to programs you deem too mature for young eyes. Almost all cable and satellite providers give you an option of creating a PIN you can use to block programs in three different ways:

  • by channel
  • by rating
  • by time period

Depending on your service provider, you may also have the option of blocking specific programs (by date, time, and channel), adult titles in programming guides, and movies that receive certain MPAA ratings on premium movie channels.

For example, Verizon FIOS TV and AT&T U-verse allow users to

  • Selectively block programming by channel or rating.
  • Selectively block Pay-Per-View and On Demand purchases.
  • Set up user-defined PINs (to purchases and block programs.)
  • Hide adult programming from the TV Listings.

For more detailed information, visit the National Cable & Telecommunications Association’s site on getting started with parental controls.

Managing where they are surfing

The Internet is a powerful learning tool. It provides a world of information that is instantly available 24/7. However, the wide-ranging and anonymous nature of the Internet brings with it risks—from explicit or inappropriate content to predators lurking in chat rooms and using instant messaging services. Due to the Web’s potential dangers, many service providers offer free tools and software to help restrict certain types of content and features to keep young Web users safe.

Internet service providers (ISPs)

Web providers like Verizon, AT&T, and Comcast offer such free parental control features as the ability to:

  • Get a Web activity report that shows you all the Web sites your children visit or attempt to visit. You can check out the sites your kids have visited and block specific sites or types of sites you don’t want them going back to.
  • Create unique profiles for different family members with individualized online usage limits. This can be useful if you have children of different ages. One master account can be used to manage the settings of several “subordinate” account users.
  • Block access to certain Web tools such as instant messaging, gaming, chat rooms, and message boards, allowing parents to keep better track of what their children are saying and to whom.
  • Remotely manage your account with the ability to change parental control settings from any computer with Web access, whether in or outside the home.
  • View your child’s online activities as they happen with real-time Web tracking features
  • Allow young Web users to request permission to visit unauthorized Web sites for an adult to approve.
  • Receive a tamper controls alert if someone other than you tries to change the control settings.
  • Set up a timer that limits the amount of time users can spend online.
  • View search monitoring results that track the words and phrases your children search for online to help learn about what they are interested in. This way you can find out if they are trying to seek out blocked or inappropriate content.

To get more detailed information about exactly what controls are available to you, and what the system requirements are, the best bet is to contact your service provider directly. To lean more about the different Internet provider options, visit the Safe Families site here.

Internet browsers and search engines

While Internet service providers offer a variety of great parental control options, you can also set up similar controls on the Web browser (Internet Explorer, Firefox, Safari, Google Chrome, etc.) level. Most browsers let you restrict access to certain sites or pre-approve a list of sites your child has the ability to access. For example:

  • Safari users can create child user accounts that let you choose between three levels of Internet access:
    1. give your children unrestricted access to all sites
    2. a setting that only blocks access to certain restricted sites
    3. an option that only lets children access sites you that you have pre-selected. Email and chat features can be set up so that young users can only chat and email with contacts you know and trust. Weekday and weekend computer time limits can be put in place as well.
  • Firefox and Chrome have no built-in parental control features. But, if your computer uses one of these browsers, you can download extensions such as ProCon (which blocks accidental visits to adult sites), LeechBlock (which sets up time limits for different users), and FoxFilter (which blocks content based on user-defined criteria). To learn more about different extension options, click here.
  • Search engines like Google and Bing have “safe search” settings that screens for sites that contain explicit sexual content and deletes them from your search results. This can be a great option since kids often stumble upon inappropriate content by accident when searching seemingly innocent terms.

This is not an exhaustive list of the available browser and search options, but is intended to give you an idea of the types of useful features that are available. At the very least, almost all browsers will give you the option of blocking access to restricted sites, whether it’s a feature that’s available out of the box, or if it’s an extension you have to download.

Social networking security and safety tips – National Consumers League

Social networking sites enable people to post information about themselves and communicate with others around the world. While you can make new friends through social networking sites, you may also be exposed to embarrassing situations and people who have bad intentions, such as hackers, identity thieves, con artists, and predators.

Protect yourself by taking some common-sense precautions.

  • Guard your financial and other sensitive information. Never provide or post your Social Security number, address, phone number, bank account or credit card numbers, or other personal information that could be used by criminals.
  • Picture social networking sites as billboards in cyberspace. Police, college admissions personnel, employers, stalkers, con artists, nosy neighbors – anyone can see what you post. Don’t disclose anything about yourself, your friends, or family members that you wouldn’t want to be made public. And remember that once information appears on a Web site, it can never be completely erased. Even if it’s modified or deleted, older versions may exist on others’ computers. Some social networking sites allow users to restrict access to certain people. Understand how the site works and what privacy choices you may have.
  • Be cautious about meeting your new cyber friends in person. After all, it’s hard to judge people by photos or information they post about themselves. If you decide to meet someone in person, do so during the day in a public place, and ask for information that you can verify, such as the person’s place of employment. 
  • Think twice before clicking on links or downloading attachments in emails. They may contain viruses or spyware that could damage your computer or steal your personal information – including your online passwords and account numbers. Some messages may “spoof,” or copy the email addresses of friends to fool you into thinking that they’re from them. Don’t click on links or download attachments in emails from strangers, and if you get an unexpected message from someone whose address you recognize, check with them directly before clicking on links or attachments.
  • Protect your computer. A spam filter can help reduce the number of unwanted emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you from online identity theft. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.staysafeonline.org or www.onguardonline.gov to learn more about how to keep your computer secure.
  • Beware of con artists. Criminals scan social networking sites to find potential victims for all sorts of scams, from phony lotteries to bogus employment and business opportunities to investment fraud. In some cases they falsely befriend people and then ask for money for medical expenses or other emergencies, or to come to the United States from another country. Go to www.fraud.org to learn more about how to recognize different types of Internet fraud.

Protect your privacy, safety, and security online – National Consumers League

Computers and the Internet have changed our lives in many ways: how we keep in touch, learn, work, shop, pay bills, and even keep track of our accounts. But with the advantages come risks; your computer contains sensitive information, and it’s up to you to protect it!

  • Install anti-virus and anti-spyware software to protect against malicious programs that may be planted in emails, documents, or Web sites – programs that can damage your computer, capture information such as your passwords, or cause other harm. Set them to run automatically and update them regularly.
  • Use a strong firewall to keep intruders out of your computer.
  • Patch it up! Keep your software current with the free patches offered by manufacturers to fix flaws. If your system automatically notifies you about new patches or security upgrades, don’t delay — download them immediately.
  • Keep a lid on your personal information. Only provide your passwords, account numbers, or answers to security questions when you are sure who you’re dealing with and why they need the info. Talk to your kids about privacy and monitor their online activities. Take advantage of parental controls that software manufacturers and Internet service providers may offer.
  • Don’t click on links in emails asking for your personal information. They may lead you to fake versions of legitimate Web sites, where criminals hope you’ll hand over your personal information.
  • Never enter your information in a pop-up screen. They may be planted on legitimate Web sites by identity thieves.

Think you’ve been a victim of ID theft? – National Consumers League

It’s frightening to lose your wallet or discover that someone has used information about you for a fraudulent purpose. Don’t panic — help is available. You will need to remain calm, cool, and collected as you go through the process of resolving the problem.Know that ID theft is a crime.

The federal government and many states have enacted specific laws against ID theft.

You can get detailed advice by calling the Federal Trade Commission’s ID Theft Clearinghouse toll-free at 877-438-4338 or going to www.consumer.gov/idtheft. You can also provide information about your problem, which will help law enforcement agencies investigate and track ID theft. The FTC will send you a free booklet, “ID Theft: When Bad Things Happen To Your Good Name,” or you can get it online. There are other steps that you might want to take right away.

If you believe that someone is using your identity illegally, report the crime to a law enforcement agency. It isn’t always possible for agencies to investigate every case, but making an official “identity theft report” can help you solve problems resulting from the ID theft. The “identity theft report” must be a document that subjects the person filing it to criminal penalties for providing false information. This is intended to discourage people from filing phony reports to try to avoid paying legitimate debts, not to prevent legitimate ID theft victims from reporting the crimes. You can report the crime to:

  • The police department where the theft occurred
  • Your local police
  • A state or federal agency, including the U.S. Postal Inspection Service (do not use a complaint to the FTC as an official identity theft report).

When a financial account is involved, contact the bank immediately. If your credit card, debit card, ATM card, or checks have been lost or stolen, or if you suspect that someone has obtained your account number for fraudulent purposes, inform the financial institution promptly and ask what you need to do to protect your money.

Know your payment rights. Under federal law, you are not responsible for more than $50 if someone uses your credit card without authorization, and most issuers will remove the charges completely if you report the problem as soon as you discover it. While your losses could be greater if someone uses your debit card, the card issuer may have a policy that offers you more protection than federal law provides. You can contest checks that have been used with your forged signature or unauthorized withdrawals from your bank account.

Respond quickly to debt collectors. If debt collectors contact you about accounts opened in your name or unauthorized charges made to your existing accounts, respond immediately in writing, keeping a copy of your letter. Explain why you don’t owe the money and enclose copies of any supporting documents, such as an official identity theft report. You have the right to ask the debt collector for the name of the business that is owed the debt and the amount owed. And you have the right to ask that business for copies of the credit applications or other documents relating to any transactions that you believe were made by the ID thief.

Put a fraud alert in your credit files. This will oblige creditors to take extra precautions if someone applies for credit in your name to verify that it’s really you. There are two kinds of fraud alerts. An “initial fraud alert” does not require you to provide a copy of an official “identity theft report” and stays on your credit records for at least 90 days. This is the kind of alert to use if you think you might be a victim but you’re not sure – for instance, if you lost your wallet or you find out that someone has gotten access to the customer records at a place you do business. An “extended fraud alert” should be placed when you have reason to believe that someone has illegally used your identity. You must provide a copy of an official “identity theft report” to request an extended fraud alert, which will stay on your credit records for 7 years. If you put an initial fraud alert on your files, you can always request an extended alert later if the situation warrants it. Just contact one of the three major credit bureaus to place the fraud alert; it will be shared automatically with the other two: Equifax, 800-525-6285, TDD 800-255-0056, www.equifax.com; Experian, 888-397-3742, TDD 800-972-0322, www.experian.com; TransUnion, 800-680-7289, TDD 877-553-7803, www.transunion.com.

Get free copies of your credit reports. When you file a fraud alert, the credit bureaus will contact you with information about how to get free copies of your credit reports. If you filed an initial fraud alert, you are entitled to one free copy of your credit report from each of the bureaus. If you filed an extended alert, you will be able to get two copies from each of the bureaus, one right away and the other within 12 months. This will help you monitor your account for problems. Since the information at the credit bureaus may be different, be sure to get your reports from all three.

Follow the instructions to dispute any accounts you didn’t open, charges you didn’t make, or other information that isn’t accurate. Be specific about any information that you believe is the result of the ID theft. You can permanently block that information from your credit files; you will be asked for a copy of your official identity theft report to do so. As with fraud alerts, you only need to report problems with your credit reports to one of the bureaus, and it will share that information with the other two (see contact information above).

Keep checking your credit report regularly. A new federal law entitles all consumers to ask each of the three major credit bureaus for free copies of their reports once in every 12-month period. This free annual report program started in late 2004 and is being phased in gradually across the country, from West to East. Go to www.ftc.gov/credit or call 877-382-4357 for more details and to see when you can make your requests. You don’t have to ask all three credit bureaus for your reports at the same time; you can stagger your requests if you prefer. Do not contact the credit bureaus directly for these free annual reports. They are only available by calling 877-322-8228 or going to www.annualcreditreport.com. You can make your requests by phone or online, or download a form to mail your requests.

Your state law may also entitle you to free credit reports. Ask your local consumer protection or state attorney general’s office. Any rights your state law gives you are in addition to your rights under federal law.

Be cautious about offers for credit monitoring services. Why pay extra for them when you can get your credit reports for free or very cheap? Read the description of the services carefully. Unless you’re a victim of serious and ongoing identity theft, buying a service that alerts you to certain activities in your credit files probably isn’t worthwhile, especially if it costs hundreds of dollars a year. You can purchase copies of your credit reports anytime for about $9 through the bureaus’ Web sites or by phone: Equifax, 800-685-111; Experian, 800-311-4769; TransUnion, 800-888-4213.

Protect your identity – National Consumers League

How would you feel if you were stopped for a traffic violation and suddenly found yourself being handcuffed and taken to jail for a crime you never committed? Or if you got a nasty call from a collection agency for a car loan you never had? Or if your application for a home mortgage was turned down because of information in your credit report about overdue bills on accounts you never opened?These are situations you could face as a victim of identity theft. While ID theft can take many complex forms, the essence of this crime is simple—someone steals personal information about you to use for fraudulent purposes.

ID theft can happen to anyone. By guarding your personal information carefully, you can reduce the likelihood of becoming a victim. But you may not be able to avoid ID theft entirely; it can happen in ways beyond your control. Businesses, government agencies, and organizations that obtain personal information also have a responsibility to handle it carefully and keep it secure.

If you do become a victim of ID theft, there is help available to guide you step-by-step through the procedures that you will need to take to resolve the problem.

Avoid falling victim to identity theft by following this routine:

  • Check credit reports annually and before major purchases.
  • Check bank and credit card statements regularly and report unauthorized transactions immediately.
  • Carry only the credit cards, checks and identification you need.
  • Safeguard your Social Security Number.
  • Don’t give out personal information unless you know the recipient.
  • Pick up receipts from ATMs, restaurants, and stores.
  • Protect your Personal Identification Numbers and never carry them with you.
  • Use strong passwords to protect sensitive information. Don’t use information like birthdays or pets’ names.
  • Shred important documents before discarding them.
  • Destroy expired or unneeded cards.
  • Keep firewall, anti-virus, anti-spam and anti-spyware software current on your computer. Don’t respond to requests for personal information from unsolicited email or pop-ups.