Rob Goebel, Lana Kotioukova/CreditCards.com
Rob Goebel, Lana Kotioukova/CreditCards.com With credit card data breaches and personal stories of fraud in the headlines, it’s no wonder experts keep reminding us that we need to be vigilant. But when does being credit smart turn into credit paranoia?
Consider this: About 31.8 million U.S. consumers had their credit card details hijacked in 2015, according to Javelin’s 2016 Data Breach Fraud Impact Report. Credit card fraud was the second most common form of reported identity theft behind tax- and wage-related fraud, according to the Federal Trade Commission’s Consumer Sentinel Network Data Book.
But how do you make sure that the desire to protect your credit information and financial accounts doesn’t cross over into an obsession that wastes your time and money?
We talked to several identity theft experts to figure out how far you should go to protect your credit information and financial accounts.
1. Do you need to get one of those RFID-blocking products?
From wallets to jeans to vests to sleeves, there are a variety of RFID-blocking products on the market that claim to protect you from electronic pickpockets. These products are intended to block people who are walking around with RFID scanners to steal your account information without your knowledge.
The problem is that the vast majority of credit cards in the U.S. do not even use radio frequencies, rather they have magnetic stripes or EMV chips, says Liseli Pennings, deputy training director for the Association of Certified Fraud Examiners. “For the skilled thief, RFID scanners are not the most valuable use of their time or the most valuable method,” she says. “These products prey on people’s fears. In all actuality, there are much easier ways for people to get your card information.”
The only products that use RFID technology are contactless payment cards that you can wave or tap to pay, such as Visa PayWave, MasterCard PayPass, American Express ExpressPay and Discover Zip. However, these are only used by a small fraction of consumers.
Robert Siciliano, CEO of IDTheftSecurity.com, points out that the bad guys are spending most of their energy on breaching big corporate databases. As such, the companies making the RFID-blocking products are the ones truly profiting off of consumer confusion, he says. “I would bet they are making more money selling their items than scammers are in stealing card data,” he says.
The verdict: Save your money.
2. Are mobile payments safe?
While some people are leery about adopting new technologies such as a mobile wallet, these payment options, including Apple Pay and Samsung Pay, offer more protection than pulling out your plastic, says Siciliano. “It’s a safer and more secure way to pay. With a physical card, a human can easily swipe your card and store your information,” he says.
The only vulnerability with a mobile wallet is if your device is not password protected, he says, since losing your phone or having it stolen would give someone access to your accounts.
Another thing to consider if you tend to shop or pay bills on the go is network security, says Pennings. “Free Wi-Fi is really dangerous to use. Always use Wi-Fi that requires a username and password when doing mobile banking or purchasing,” she says. You can also download a VPN (virtual private network) for an added layer of encryption when using public networks.
The verdict: Embrace payment technology, password protect your devices and use secure networks.
3. Do you really need to shred everything?
“Think about your identity sort of like a puzzle. The more pieces a thief has, the easier it is for them to commit ID theft,” says Eva Velasquez, president and CEO of Identity Theft Resource Center. For example, having your email address out there is not sensitive because it’s just an address, but if someone gets your password, it’s very serious, she says. Once the hacker figures out where you bank, they can click on the “forgot password” link to gain instant access to your accounts.
That’s why Siciliano says that by default, he just shreds everything that has any personal information on it. “I think, how could a criminal use this against me? How could they pull a ruse to extract even more information?” he says.
One example of something that seems harmless is an airline boarding pass that people often toss in a trashcan. While it doesn’t have critical data on it, what it does provide is intelligence, says Siciliano. “A criminal can call you and pose as the airline to get more information out of you,” he says.
The experts say: Shred what you can, especially anything with your Social Security number or financial account information. And, ladies, empty your purses of any receipts and bills, and never carry around your Social Security card, adds Velasquez.
4. Is storing your credit card information with online retailers asking for trouble?
This is a situation in which consumers can weigh the convenience versus the risk, says Siciliano. If you don’t want to have to type your credit card number into Amazon every day, it’s probably OK to save it there.
“The vulnerability isn’t Amazon getting hacked; it’s consumer bad habits and negligent behaviors that cause trouble, such as using weak passwords,” he says. Having unique, complex passwords across all of your accounts will make it more difficult for thieves to get access to your financial information should there be some sort of breach, he says.
For instance, the once-popular website MySpace announced in May 2016 it had been hacked. Even though most people haven’t used MySpace in 10 years, there are probably people still using the same password for all of their other accounts, making them vulnerable.
Beyond better passwords, if you have the option to choose multistep authentication for your sensitive accounts, do it, says Velasquez. That’s when instead of just signing in with a username and password, you have to complete an additional step, such as entering in a code that is sent to you via text message or answering security questions. “Consumers push back that it’s inconvenient, but it can save you heartache later,” she says.
The experts say: Only store your credit information on secure websites you trust and use frequently. The exception: Don’t ever do it with your debit card. “Protections are not the same, and it’s possible to lose access to your cash,” says Velasquez.
5. Are fraudsters really looking at your social media profiles?
“The Achilles heel of security online is social media,” says Pennings. “Most people post things innocently without realizing how expansive the reach could be,” she says.
Consider that the common security questions on sites include things like your pet’s name, the street you live on, and your mother’s maiden name – all nuggets of information that thieves could probably figure out by browsing your social posts.
And just for kicks, try this: Go on Instagram and type in “passport.” It will turn up dozens of photos of people’s boarding passes and passports – with names, flight numbers and other identifying information totally visible. Plus, local connections know that you’re not at home. Scary!
The verdict: Keep social accounts private, and be extra mindful about putting anything too specific online.
6. Should you pay for identity theft protection?
There are two big measures you can take to protect yourself from new account fraud, says Siciliano, but they both involve a cost. You can purchase identity theft protection, in which a company will monitor and alert you to all activity related to your Social Security number. Or, you can put a credit freeze on your credit reports with the three major credit bureaus (Experian, Equifax and TransUnion). This also comes with a fee, and requires you to “thaw” your report anytime you wish to open a new account – otherwise, no one can open a new, fraudulent account in your name.
For existing account fraud, the truth is there’s really nothing you can do other than monitor your account activity. “Pay close attention to your statements and refute unauthorized activity as a reactive method of managing your credit,” says Siciliano. He recommends setting up text alerts and email notifications with your creditors and banks to keep tabs on transactions in real time.
The verdict: Paying for some form of ID theft protection is really a matter of personal preference. If you lose sleep worrying about it, the couple hundred dollars per year might be worth the peace of mind. However, if you’re diligent about checking your credit report each year via annualcreditreport.com, you can probably skip a fee-based service.
The bottom line? “Don’t think of protecting yourself from fraud and identity theft as all or nothing,” says Velasquez. By being savvy to how thieves think, safeguarding your personal information really only requires minimal effort on your part. No RFID-blocking jeans required!