Target. Michaels. Neiman-Marcus. Heartbleed.
Pummeled by a nonstop barrage of stories about how shadowy fraudsters are working day and night to find new, mysterious ways to get access to all of your financial and online accounts, many Americans are worried — and feeling completely powerless — when it comes to identity theft.
But here’s the good news: You have far more power in these cases than you realize, and you don’t have to be a hacker to wield it.
Here are five simple things that you can do right now and going forward that can help protect you when the next major breach hits the headlines.
1. Choose credit over debit.
There are plenty of reasons to love debit cards more than credit cards. (The best example: Unlike credit cards, debit cards only let you spend money that you actually have.) However, when it comes to identity theft and fraud, credit cards are clearly a better choice.
That’s because a debit card grants access to money in a bank account whereas a credit card just extends credit. So while a fraudulent charge on a credit card can be dismissed by an issuer with no expense to the cardholder, a fraudulent withdrawal on a debit card means that real money — money that might have been used to pay your mortgage or buy medicine for your kids — is now gone from the cardholder’s account until the bank replaces the funds. That can take weeks and cause very real problems for the cardholder.
2. Check your credit card account statements weekly.
Whether we like it or not, much of the burden of discovering fraudulent charges falls to the consumer, so it is imperative that you take the time to review your accounts regularly.
Check your credit card statements online once a week. Virtually all issuers have made it quick and easy to access your account information through their websites, so it should only take a couple of minutes of your time to skim through your recent charges and see if anything looks strange. If it does, inform the issuer immediately.
And if you haven’t yet signed up for online access to your accounts, do it now. Immediately. It’s important.
3. Make checking your online bank statement part of your daily routine.
Because debit cards carry more risk, check your checking, savings and other bank accounts as often as you feel comfortable. Checking once a week is likely fine. However, consider making a quick, one-minute check of your checking account part of your morning routine each day. Do it on your smartphone after you check your email. Do it on your laptop after you’ve read the day’s headlines. Make it part of what you do every day, and it won’t feel like a hassle.
Why check your bank accounts so much? Because federal law says that you’re only liable for $50 worth of fraudulent charges on a debit card if you report them within two days of the fraud. After two days, that number grows to $500, and after 60 days, there’s no cap at all. Scary stuff.
4. Take advantage of your free credit reports.
This is perhaps the most overlooked weapon to be used against identity theft. Your credit report will show you all of the accounts that are associated with your name and Social Security number — allowing you to see if anyone has created accounts in your name with your knowledge.
To get your free credit report, go to AnnualCreditReport.com — the only site that gives actual free credit reports with no strings attached. You can get one free credit report from each of the three major credit bureaus (Experian, TransUnion and Equifax) every 12 months, and you can choose to get all three of them at the same time or to spread them out over the course of a year.
Why do that? Say you get your Experian credit report in April, your TransUnion credit report in August and your Equifax report in December. That means that you have visibility into a credit report three times a year rather than just once — meaning that any fraudulent accounts are likely to be discovered more quickly. (Do remember, however, that the three bureaus’ credit reports each typically contain slightly different information, so it’s possible that a fraudulent account could appear on one report but not the other.)
5. Change your passwords regularly — and don’t use the same ones across all of your accounts.
When was the last time you changed your Gmail password? How about your online banking password or your Netflix password? Well, that’s probably too long.
Changing passwords is vital because it essentially makes your account a moving target and renders any old password as useless as a floppy disk. But most people hardly ever change their passwords, and hackers take full advantage of that fact to steal huge amounts of money.
Hackers also love when people use the same passwords for multiple accounts. That allows hackers to steal someone’s Facebook password, for example, and use it to access the victim’s Gmail account, Netflix account and even their checking, credit card and brokerage accounts. For a hacker, that’s like finding the Holy Grail.
This one won’t always keep you safe. (For example, changing your password on a site that is still infected by the Heartbleed bug won’t keep bad guys out of your account because the hackers will still be able to see the new password.) However, in most cases, it’s a simple, quick way to boost your security.
Oh, and don’t make your password your birth date or “password” or your kid’s name or 12345. Hackers may be bad people, but they’re not dumb. Don’t give them the gift of making your password too easy to guess.
Taking all five of these steps won’t make you immune to identity theft. That’s nearly impossible to do in this incredibly connected age. However, it will give you some control over what can seem to be an extremely chaotic situation. And in times like these, when all the headlines are dire and the future seems to promise more breaches and theft, a little control can make all the difference.