December 4, 2017 By

Q&A: Authentication apps can help thwart hackers

Dear Liz: I’ve heard that authentication apps are a better way to go than two-factor authentication that texts codes to your cell phone. Can you explain more?

Answer: Two-factor authentication adds an additional layer of security to financial, email, social media, cloud storage and other accounts. The first factor is something you know, which is a typically a password, and the second is something you have, such as a code that’s texted to you or generated by a device or authentication app.

The second factor is important, since passwords can be guessed or stolen in database breaches. Texted codes can be intercepted by hackers, so security experts recommend using an authenticator. Three popular apps are Google Authenticator, LastPass Authenticator and Microsoft Authenticator.

To use an authenticator, you must first enable two-factor authentication on the account you want to protect. Unfortunately, not every account provider offers two-factor authentication, although they should. You can find whether yours does at twofactorauth.org.

If the account provider supports authentication, you’ll typically be asked to take a snapshot of a QR code using the authenticator app to establish a connection between your account and the app. When you later log in to those sites, you’ll be asked to type in the code randomly generated by the app.

Any security approach can be thwarted, but the idea behind two-factor authentication is making your accounts hard enough to crack that most hackers will move on to an easier target.

Filed Under: Identity Theft, Q&A, Scams Tagged With: , , , ,
November 19, 2017 By

Q&A: Here’s a way to fight Social Security fraud

Dear Liz: To make us less likely to become victims of fraudulent activity, years ago I froze our credit bureau files. I assume the Social Security Administration could be hacked as well. Can those files be frozen?

Answer: No, but you can create an online account to track and monitor your Social Security records — and it’s probably a good idea to do so. Fraudsters are creating such accounts and using them to divert benefits onto prepaid debit cards. If you created yours first, this fraud will be harder to pull off. If someone has already created an account in your name, you can find out and start the process of taking back your identity. The place to set up your account is www.ssa.gov/myaccount.

Filed Under: Identity Theft, Q&A, Social Security Tagged With: , ,
October 30, 2017 By

Q&A: Free credit monitoring won’t prevent identity theft

Dear Liz: I thought I would share some information in light of the Equifax disaster.

Two of my credit card issuers provide free credit monitoring. Capital One scans my TransUnion file and Discover uses Experian. Both send email and text alerts about new activity and a monthly “reassurance” email when no such activity turns up in the previous 30 days.

Along with the credit freeze I placed at Equifax, I feel pretty secure at the moment. I’m sure that other credit card issuers have similar programs in place, and perhaps people should ask their financial institutions if such monitoring is available to them as account holders.

Answer: Free credit monitoring can certainly be helpful, but understand that it can’t prevent identity theft. At best, credit monitoring alerts you after the fact if someone has opened a new account in your name. Only credit freezes at all three bureaus can prevent those accounts from being opened in the first place.

Unfortunately, credit monitoring and freezes can’t help you with the most common type of identity theft, which is account takeover. That’s when someone makes bogus charges to your credit cards or steals money from your bank accounts.

Financial institutions use different types of software to detect fraud, but nothing replaces vigilance on the customer’s part. We should be reviewing transactions on our accounts at least monthly if not weekly. Online access to accounts can help you better monitor what’s going on.

You also can set up alerts that will email or text you if large or unusual transactions happen. (Just beware of a common scam where you’re texted an “alert” that your account has been frozen, along with a link that encourages you to divulge your login information.)

Even if you do everything in your power to avoid identity theft, you still can’t prevent scammers from using your information to file bogus tax returns, get medical care or commit criminal identity theft (by giving your name to the police when they’re arrested, for example). As long as Social Security numbers are used as an all-purpose identifier by businesses and government agencies alike, you can’t make yourself completely secure.

Filed Under: Identity Theft, Q&A Tagged With: , , ,
September 25, 2017 By

Q&A: How to protect your financial data in the wake of the Equifax breach

Dear Liz: Do I have the right to notify the credit bureaus that I do not want any of my financial information stored in their files? They don’t seem to be that secure. I rarely borrow money and the three financial institutions I deal with have all the data they need to lend me money if I need some. I do finance a car on occasion, because if they want to lend me money at less than 1%, why not?

Answer: The short answer is no, you have no right to stop credit bureaus from collecting information about you. You also can’t prevent them from selling that information or keeping it in inadequately secured databases.

One thing you can do is to freeze your credit reports at all three bureaus to prevent criminals from using purloined information to open credit accounts in your name. But that will cost you.

The only bureau currently waiving the typical $3 to $10 fee for freezing credit reports is Equifax, the credit bureau whose cybersecurity incident exposed Social Security numbers, dates of birth and other sensitive identifying information for 143 million Americans. The other bureaus, Experian and TransUnion, are still charging those fees.

You’ll have to pay an additional $2 to $10 each time you want to lift those freezes, which you’ll probably need to do if you apply for new insurance, apartments, cellphone service, utilities and, of course, credit. Financial institutions may indeed have plenty of information about you, but probably wouldn’t lend you any money without access to your credit reports or scores. Freezes also are a bit of a hassle because you need to keep track of a personal identification number, or PIN, to lift the freeze.

Just in case you weren’t irritated enough by this state of affairs, understand that freezes won’t stop other types of identity theft, such as someone getting medical care in your name or giving the police your information when they’re arrested. Still, instituting freezes is probably the best response to the most devastating breach yet.

Filed Under: Credit Scoring, Identity Theft, Q&A Tagged With: , , ,
July 24, 2017 By

Q&A: When student debt payoff becomes complicated by identity theft

Dear Liz: I went back to school in 2002 to get my teaching credential. I took out several student loans and set up a repayment plan upon graduating with automatic deduction out of my checking account. Several years ago, the IRS started garnishing my bank account stating that there was a lien but I never received any other type of indication what was going on.

After contacting the IRS, we found that someone took out a fraudulent student loan using my former married name. I also got my credit reports, which showed the loan. I was able to get the signed loan documents from the U.S. Department of Education but now the department does not respond to my certified letters or phone calls.

I’m at a loss at what to do at this point. I filed a police report and notified the credit reporting agencies. I’m out almost $10,000. Is there any other advice you could give me?

Answer: First, follow up with the credit bureaus to make sure the fraudulent loan has been removed from your credit reports. Consider setting up credit freezes at all three bureaus to reduce the chances of being victimized again. The Identity Theft Resource Center at www.idtheftcenter.org has more information to help you protect yourself.

Getting the actual loan dismissed and your money back is a more difficult task. You may be able to have the loan erased under what’s known as a false certification discharge, but qualifying for that isn’t easy, said Jay Fleischman, a Los Angeles attorney who specializes in student loan problems.

It’s not enough to have a police report. You’d need to identify and file a lawsuit against the thief. If you can get a court judgment against that person, you would provide the Education Department with that as well as proof of your identity and possibly signature samples from the approximate date of the loan.

Even if you did everything necessary to prove eligibility for discharge, the department could still deny it if you received any benefits from the loan — if it paid any costs of your education instead of someone else’s, Fleishman said.

At this point, you may need to hire an attorney familiar with identity theft issues. You can get referrals from the National Assn. of Consumer Advocates at www.naca.net.

Filed Under: Identity Theft, Q&A, Student Loans Tagged With: , ,
June 26, 2017 By

Q&A: Too many cards?

Dear Liz: My husband and I have opened accounts to take advantage of 0% interest financing for special purchases. These accounts are paid in full prior to the end of the promotional period and we don’t use them again. I’ve read to not ever close any accounts, but am nervous about having so many accounts open with such high limits. Is there potential for issuers to stop granting us credit because we have so much available? Are we at greater risk for identity theft with all of these open accounts?

Answer: People used to believe that closing accounts could somehow help their credit scores. Credit scoring companies and experts have done their best to combat that myth, but in doing so have left some people thinking that they can’t ever close unneeded accounts. That’s not true either.

Your credit scores won’t be hurt by having “too many” accounts with high limits. That’s generally a good thing, since multiple lenders have deemed you creditworthy. You get the most credit scoring benefit, though, from accounts you’re actively using.

Leaving unused accounts open can leave you more vulnerable to fraudulent account takeover. At the very least, it adds to the hassles in your life, since you have to keep an eye on all your accounts. And conceivably a lender could balk at seeing a lot of unused credit lines, even if it didn’t hurt your scores.

You don’t want to close accounts if you’re trying to improve your scores or in the market for a major loan, such as a mortgage or auto loan. Otherwise, though, you shouldn’t worry about closing an account now and then if you’re not using it.

Filed Under: Credit Cards, Identity Theft Tagged With: , ,
November 14, 2016 By

Q&A: Getting help with credit scores after identity theft

Dear Liz: Would you please help readers learn how to fix credit scores after identity theft? I have been a victim at least eight times in the past five years. I have filed three police reports regarding these matters and sent them along with other proof to the big three credit report agencies. Only one quickly answered and deleted the false entries.

Answer: You have a friend in the Consumer Financial Protection Bureau.

In the past, complaints about credit bureaus went into a black hole. The Federal Trade Commission collected them but warned consumers that it couldn’t expect any action on their individual cases. The Consumer Financial Protection Bureau, by contrast, forwards consumer complaints directly to the financial company and works to get problems solved. The bureau says 97% of complaints get a timely response.

Before you make your complaints, though, you should check your credit reports again. One bureau may have been faster in responding, but the other two may have since deleted the bogus accounts.

Filed Under: Credit Scoring, Identity Theft, Q&A Tagged With: , ,
October 10, 2016 By

Q&A: The insecurity of bank security questions

Dear Liz: I recently opened an account at a bank that boasted “multi-factor authentication,” but I looked into the claim and it turns out the bank is using passwords plus answers to security questions, such as the name of your first pet, as the “multi-factor authentication.” I expect you know that the real multi-factors are something you know, like a username and password, something you have, like a code that has been sent to your phone or email, and something uniquely inherent to you, like a fingerprint. Clearly, this bank is misrepresenting its “multi-factor authentication.”

Answer: If there was any doubt about how insecure security questions are, it should have been settled with the hack of the IRS’ Get Transcript service. The criminals gained access to 700,000 taxpayer accounts by correctly answering multiple questions with answers supposedly known only to the affected taxpayers. In reality, the answers to many security questions can be purchased from black market databases or simply found by perusing people’s social media accounts.

If your financial institutions are still using security questions to identify you, you should demand to know why. If the institution doesn’t offer at least two-factor authentication (a password plus a code), you should consider putting your money somewhere else.

Filed Under: Identity Theft, Q&A Tagged With: , , ,
September 14, 2015 By

Q&A: Parental identity theft

Dear Liz: I have been dating my boyfriend for about eight months and he recently told me that his dad took out a credit card in his name when he was a baby. He has about $150,000 in debt because of this! This is a very serious, life-changing crime but my boyfriend is reluctant to take his dad to court. I’m worried about our future together and don’t know where to go from here.

Answer: Parental identity theft is unfortunately not uncommon — and the parents typically get away with it. Victims are reluctant to file the police reports necessary to clear their names because doing so could trigger criminal prosecutions of their family members.

If your boyfriend is not willing to file a police report, the debt is considered his and he probably will need to pay it, settle it or declare bankruptcy to move on with his financial life.

If he’s ready to hold his father responsible, the Identity Theft Resource Center at www.idtheftcenter.org has more information about filing police reports and starting the long process of cleaning up his credit.

Filed Under: Identity Theft, Q&A Tagged With: , ,
December 29, 2014 By

Q&A: Using a separate credit card for online purchases and automatic payments

Dear Liz: I saw your recent column from the couple upset about the inconvenience of having to reset the automatic payments when their credit card was reissued due to fraud. We had the same problem (our credit card has been reissued six times now!) and got some great advice I’d like to share. We got a separate credit card that is used for nothing but automatic payments and online purchases. It has never been hacked like our other card that we use constantly in the community because we earn airline miles. The last two times our regular card had to be replaced was in the Target and Home Depot hacking, but the other card has been fine so far. We are keeping our fingers crossed. Our issuer has now given us a chip card to replace the constantly hacked one, so I hope we have better luck going forward with both credit cards.

Answer: Several other readers wrote to say they do something similar by using different cards for different purposes, including devoting one to making automatic charges.

It might be wise to have a separate card just for online purchases, however, since the incidence of “card not present” fraud (including online and phone transactions) is higher than that for transactions where the card is physically presented to the merchant.

Filed Under: Credit Cards, Identity Theft, Q&A Tagged With: , ,