Your Investment Accounts: How to Deal with Identity Theft and Data Breaches
An Investor Alert recently issued by the SEC’s Office of Investor Education and Advocacy recommends the steps investors should take to safeguard their investment accounts if they are victims of identity theft or if their electronic data is hacked. While the Alert was directed primarily toward safeguarding investment accounts, many of these actions should be taken to protect credit card and bank accounts, as well.
You should always take steps to protect your personal financial information, such as Social Security numbers, bank and investment account numbers, user names and passwords. If you are the victim of identity theft, however, or you discover your personal financial data has been breached, there are a number of steps you need to take as soon as possible.
Contact your investment advisor and all other financial institutions. If you believe your personal financial information has been compromised or stolen, immediately contact all financial institutions to report the problem, and be sure to keep a written record of all of your conversations. This includes your investment advisors, banks, brokerage firms, credit unions, credit card companies, and insurance companies.
Change your online passwords. Promptly change your online passwords on all accounts related to the compromised personal financial information. Do not use the same password for all accounts, and always use a strong password that is not easy to guess. A strong password consists of at least eight characters, and includes symbols and numbers as well as lower and upper case letters.
Consider closing breached or compromised accounts. If you notice unauthorized activity in any of your bank or investment accounts, discuss closing the account and moving the assets to a new account with the financial institution. Closing accounts can be a major undertaking, especially if you have established automatic payments or deposits, but protecting those assets may well be worth the time and effort.
Ask your financial institutions about employing a two-step verification process to access your online accounts. With this process, if someone tries to access an account from a device not previously used to access the account, the firm will send a unique code that must be entered to gain access to the account, in addition to the user id and password. Many financial institutions already have this process in place as an added security measure, but if not, ask if it is possible to implement its use as an added layer of protection for your accounts.
Monitor your accounts for fraudulent activity. If you choose not to close your accounts, it is wise to monitor them for suspicious activity, such as an unauthorized charge to a credit card, a change of street address or email address, an account number change, or a transfer of funds between accounts. If you notice any activity that you did not initiate, call the financial institution and request an explanation for the change. Remember to document any conversation with the financial institution and provide them with a copy of your documentation.
Place a fraud alert in your credit file. This provides notice to potential creditors (banks or credit card companies) that you may have been a victim of fraud or identity theft and can help reduce the risk that the identity thief can use your personal financial information to open new accounts. Contact each of the following credit bureaus and ask them to add an initial fraud alert to your credit file:
Experian 888-397-3742 www.experian.com
Transunion 800-680-7289 www.transunion.com
Equifax 800-525-6285 www.equifax.com
It’s a good idea to contact all three organizations, since potential creditors may only check with one credit bureau when verifying your credit. The initial fraud alert term is 90 days and can be renewed every 90 days. The initial alert request and alert renewal are both free. Active duty members of the military may elect to add an “active duty alert” to their credit file, which is the same as the initial fraud alert, but lasts for 12 months.
You may also consider placing an extended fraud alert or credit freeze in your credit file by contacting the same credit bureaus. An extended fraud alert is similar to the initial fraud alert, except it has a term of seven years. A credit freeze prevents any new creditors from accessing your credit file until you remove the freeze. Because most businesses will not open a new account without checking your credit file, a freeze can stop identity thieves from opening new accounts in your name. However, a freeze will not prevent thieves from taking over an existing account, and fees vary from state to state. If you would like additional information, visit the Federal Trade Commission’s (FTC) identity theft website at www.identitytheft.gov
Monitor your credit reports. After you place an initial fraud alert in your credit file, you can obtain a free copy of your credit report from each of the credit bureaus. You should check each report for any unauthorized activity, such as an account you did not open or an inquiry into your credit file that you did not authorize, or for any incorrect personal information, such as an employer you did not work for.
Document all communications in writing. Keep a written record of all conversations with all affected businesses, including the name and phone number of each person you talked to, and keep all documents you have received that are relevant to the fraud or identity theft. Questions may be asked several months after the incident is reported, and having a written record will help jog your memory and provide clarity as to what happened and why.
Electronic Data Safety Do’s and Don’ts
Here are some additional rules you can follow to help maintain and protect the safety of your data.
- Make a list of all information maintained electronically.
- Keep all software up to date with verified updates from software vendors.
- Use a separate low-limit credit card for internet purchases.
- Be vigilant when browsing the internet.
- Encrypt computer hard drives.
- Download software from an internet site unless you have confidence in the source.
- Open an email that is suspicious, even if it is from someone you know.
- Call a phone number in a suspicious email; rely instead on the number in your file for that business.
- Use an unknown USB/thumb drive.
Be a victim of “phishing,” a form of fraud in which an email user is tricked into revealing sensitive information (usernames, passwords, bank account, and credit card details) that is used by the fraudster for malicious or dishonest purposes.
© John Pritchett
Copyright 2017 REDW Stanley Financial Advisors, LLC. All Rights Reserved. This publication is intended for general informational purposes only and should not be construed as investment, financial, tax, or legal advice.