The threat of identity theft is on the rise. As technology advances, so do the techniques used by identity thieves.
From Social Security benefits to banking, a lot of our personal and financial information has gone online. Identity thieves are adept at discovering these new channels before we do and creating accounts using our personal data. That’s why avoiding doing business on the Internet does not necessarily protect you from ID theft. In fact, it can put you at greater risk.
Here are few identity theft techniques that I’ve seen more and more over the past year—and strategies for preventing each.
In 2014, the Social Security Administration launched a new program called “My Social Security Account,” or “MySSA” for short. The program was designed to make it more convenient for people to view their statements and/or manage their benefits online. Once you have created your MySSA account, you can apply for benefits, change the bank account for your direct deposit, or view your estimated benefits summary.
It should be noted that if you have not physically set up an account in the past twelve months, then you do not have a MySSA account. Unfortunately, the SSA has not done enough to notify people of this program. However, identity thieves are well aware of the program and have been taking advantage of it.
Over the past twelve months, I have seen an increase in Social Security fraud cases. I have tracked every single one of these cases back to the MySSA program as the source of access.
How They Do It
Setting up a MySSA account is easy. Simply visit www.SSA.gov, click on the box that says “My Social Security Account,” and follow the instructions. All you need is your name, date of birth, address, and social security number.
All of this is information identity thieves can buy online. In a weak attempt to prevent fraud, the SSA, through an agreement with Experian, will ask you qualifying questions based on the information on your Experian credit report. Again, most of the answers to these questions can be found through a simple Internet search or through public records available online. Once the qualifying questions have been answered properly, the account is activated. Now the identity thief has full access to your benefits.
How to Prevent It
There are two things you can do to protect your social security account. The first option is to create your MySSA account before an identity thief does it for you. Each SSN can have only one account, so the first one to get the account wins.
The second option is to opt out of electronic access. This will block you, and more importantly, an identity thief, from accessing your information online. You can opt out online, by phone, or in person.
Here are a few warning signs that someone has hijacked your social security account through the MySSA program:
1. While attempting to create an account, you are notified that you already have one.
2. You receive a letter in the mail from the SSA that says “Thank you for setting up your MySSA account.”
3. There is an inquiry on your Experian credit report from the SSA.
4. You do not receive your benefits when expected.
If any of these should happen to you, contact the SSA immediately. I suggest you contact them first by telephone. Depending on the situation, the SSA may require to visit your local SSA office.
If so, ask them what documentation you will need to present as proof of your identity. This may save you from having to make a second trip. Oh, and don’t forget to pack a lunch and a dinner, as you may be there for quite some time.
Online Account Access
Just as with the MySSA program, identity thieves are attempting to gain online access to other types of accounts. If you have not set up online access to your bank account, credit cards, and other accounts, you run the risk of an identity thief doing it for you.
Last year, I had a client who refused to set up online access to his bank account. He thought, as many do, that doing so would put him at a greater risk of becoming a victim. Today, just the opposite is true. My client learned this the hard way.
How They Do It
Over the course of six months, someone removed $250,000 from my client’s bank account. The identity thief simply called my client’s bank, pretended to be him, provided all of my client’s sensitive information, and asked to set up online access.
The thief then proceeded to link my client’s bank account to re-loadable gift cards. It was just that easy.
These gift cards can be purchased anywhere gift cards are sold. To verify the account, the gift card company will make a transactional deposit into the linking account. The identity thief then logs into the victim’s account, finds the transactional deposit, and reports it back to the gift card company.
Once verified, the identity thief can begin to transfer money from the victim’s bank account to the gift card.
How to Prevent It
As stated earlier with the MySSA program, you have two options: Set up online access, or opt out of electronic access.
The process for setting up online access depends on the company. Some will allow you to set it up online through their website. This is typically true for credit cards. Others require you to call them or visit a local branch to initiate the online account. Contact your providers and ask them how to set up access to your accounts online.
If you prefer to opt out of electronic access, you’ll need to contact the companies directly and ask if they offer the ability to opt out from online access. Some do, some don’t.
If they don’t, you should ask them what security options they provide. A few options might be to set up a password, passcode, or PIN to be used when conducting business over the phone. If they do not offer any alternatives, then go ahead and set up online access to your account.
Remember, you don’t have to use the online access. The goal here is to set it up before an identity thief does it for you.
Benefits of Online Access
Having online access to your accounts does provide you with additional benefits. One of these benefits is the ability to monitor your accounts anytime from anywhere. No longer do you have to wait thirty days to receive your paper statement in the mail to learn that your account has been compromised.
Another benefit is that many organizations offer account alerts. A few examples would be minimum balance, card not present, or large transactions. The types of alerts vary by organization. Using the alerts allows you to detect potential fraud immediately.
Early detection = faster recovery and limited liability. They are typically free, so take advantage of them.
Want to learn more? Check out Carrie Kerskie’s new course, “Conducting Identity Theft Investigations,” available at PIeducation.com.
About the Author
Carrie Kerskie is a licensed private investigator in Florida and owner of Kerskie Group, Inc., an agency specializing in identity theft victim restoration and investigation services. She has written numerous articles and spoken at hundreds of industry events on the subjects of identity theft and data privacy, and she’s the author of the book, Your Public Identity: Because Nothing is Private Anymore. Check out her website at carriekerskie.com, and follow her on Twitter: @CarrieKerskie.