Are businesses protecting your Social Security number?
Dear Liz: Your recent column about disclosing Social Security numbers raises an important question. Federal tax law requires millions of Americans to disclose their Social Security numbers to those who pay a recipient at least $600 in a year. In practice, many payers request this information when paying much less than that. Millions of people have their Social Security numbers floating around on millions of computers, many of which are not secure. Why doesn’t anyone write about this or discuss the consequences of being required by law to disclose your Social Security number all over the place? This requirement is a recipe for identity theft.
Answer: You’ve pointed out another problem with using Social Security numbers as an all-purpose identifier. Federal and state laws require businesses that collect Social Security numbers to protect that information. But the fact remains that the more entities that have your number, the more vulnerable you may be to identity theft.
As an individual, you’re unlikely to change the IRS’ mind about the necessity of collecting this information. But when you’re asked for your Social Security or tax ID number, it’s fair to ask the requester how your information will be protected. That at least puts the requester on notice that you expect the laws regarding the safeguarding of personal information to be followed.
Redact your Medicare card to reduce ID theft risk
Dear Liz: Is there an alternative to having my Social Security number as my Medicare number? This seems to fly in the face of all we have been taught as to keeping our financial identifiers secret.
Answer: More than half the states have banned the use of Social Security numbers on health insurance cards, but those laws don’t apply to the federal Medicare program. Unless Congress acts to change the federal law, you’re stuck with having your Social Security number as your Medicare identifier.
The Privacy Rights Clearinghouse recommends you protect yourself from identity theft by making a copy of your Medicare card and using a black marker to cross out the last four digits of your Social Security number, or cutting out the last digits with scissors. Then you could carry that version of your card, so that if your wallet is stolen the thief doesn’t have access to your full number. You would still need to bring your original card the first time you visit any new healthcare provider, but you wouldn’t have to carry it with you all the time.
Credit freezes may be your best defense against ID theft
Dear Liz: A large safe containing our passports, Social Security cards, birth certificates, checks and credit cards was stolen from our home several days ago. We notified our bank and credit card companies. Is there an advantage to requesting new Social Security numbers? If we do this, would it affect our credit in any way?
Answer: New Social Security numbers wouldn’t necessarily protect you from identity theft and could create additional complications.
Thieves might still be able to use your old numbers to establish new accounts, and those fraudulent accounts could show up in your credit reports. If for some reason the credit bureaus didn’t combine the records for your old and new numbers, then you could be left without any credit history at all, which could make getting future credit difficult.
The Identity Theft Resource Center, which advises victims and has a fact sheet on this issue (No. 113, available on its website at http://www.idtheftcenter.org), typically doesn’t recommend applying for new numbers. Instead, it suggests credit freezes, which prevent most lenders from viewing your credit reports or establishing new accounts without your consent.
Credit freezes aren’t foolproof, since some lenders don’t check with credit bureaus before opening accounts. Credit freezes also won’t prevent a thief from using your Social Security numbers to commit healthcare fraud or criminal identity theft (which is when a thief pretends to be you when he or she is arrested). Also, there may be fees involved with freezing and unfreezing your credit reports.
But credit freezes are probably your best defense at this point, before you’ve been victimized. You can learn more about credit freezes at the Consumers Union site, DefendYourDollars.org.
What to do when your wallet is stolen
Dear Liz: A copy of my wife’s Social Security card and driver’s license were stolen recently. I immediately contacted the credit bureaus. The first one tried to sell me a protection product. When I tried another number for that bureau, I got the automated runaround. The second bureau agreed to put a fraud alert on my account, then they too tried to sell me a product! Please tell everyone what will happen when they report issues like this, as you and so many others recommend. I still don’t know if I have done everything I can do.
Answer: If she hasn’t done so already, your wife should call the police to report the crime and get a copy of the report in case she needs it later to prove she’s a victim of identity theft.
Your wife is the one who needs to have fraud alerts placed on her credit reports at all three of the major credit bureaus: Equifax at (800) 525-6285, Experian at (888) 397-3742 and Trans Union at (800) 680-7289. These alerts are good for 90 days and can be renewed. It’s unfortunate the bureaus are using these help lines to pitch products, but you don’t need to buy anything to get a fraud alert placed on your files. In two or three months, she should use http://www.annualcreditreport.com to get a free look at her credit reports to make sure no one has opened accounts in her name.
Your wife also may want to consider a credit freeze, which locks up her credit reports to make it much harder for someone to apply for credit in her name. Get more information about these freezes, which typically involve fees, at http://www.financialprivacynow.org.
In addition, she needs to call your state’s department of motor vehicles to report the stolen license. If she discovers later that someone is using it, she can request a number change.
For more on coping with stolen information and dealing with identity theft, visit the Identity Theft Resource Center at http://www.idtheftcenter.org.
More on why you shouldn’t trust the mail
Dear Liz: In a recent column, you discussed two instances in which the tax preparer screwed up, and yet you concluded the problem was with the post office. I’m not a fan of the post office, but your logic escapes me.
Answer: In both instances, sensitive financial documents were entrusted to the U.S. mail system. Although this is common, it’s certainly not secure, since such mailings aren’t tracked and they certainly aren’t encrypted. The two taxpayers didn’t think to question the way their papers had been handled until those papers went missing, but both taxpayers and tax preparers would be wise to use more secure methods to transmit sensitive data.
