As information security professionals, we sometimes get asked how people can protect their personal financial information. Here are some guidelines to help you secure your information and avoid identity theft.
Credit starts at the credit agencies, of which there are four: Equifax, Experian, TransUnion and Innovis. These are the companies that verify your credit information to lenders when applying for a loan or a credit card. Getting copies of your credit report regularly allows you to check for and correct any errors. It is common for an agency to have incorrect or outdated information on their report, especially if you have other family members with the same name.
When planning a major purchase such as a house or a car, it is important to check the reports from all four credit agencies. Not only do you not know which of the agencies your lender may use to check your credit, each agency keeps their own unique records so what shows up on one report may not show up on another. Consumers are allowed to request a free report from each company once per year. Start reviewing your reports well in advance as it can take weeks or months to go through the process of removing mistakes, and you want the best possible credit score in order to get the best loan terms.
If you know you are not going to apply for any new loans or credit cards in the near future, you can request a free credit freeze from credit agencies. Freezing your credit means that no new accounts can be opened in your name without your permission. This is a great way to help avoid identity theft and someone opening a card in your name that you don't even know about. Each agency has its own process for freezing your credit, including some having a temporary duration or keeping it frozen until you open it back up.
Links to freeze your credit:
In addition to monitoring your credit manually, there are many companies that will handle it for you. They offer a wide range of services, including:
Credit monitoring services vary in offerings and pricing. Some of the most common credit monitoring services are listed below, although there are numerous others.
In addition to credit monitoring, another important area of concern regarding identity theft is password security. In addition to creating secure passwords (find a good method here), you should be sure to set up multi-factor authentication (MFA) whenever possible. This will add in a second check when logging in, such as facial recognition or receiving a text. It is a safe assumption that many of your passwords have been leaked onto the dark web when a website you use got hacked. Hackers will take the usernames and passwords they find online and use them at any site they can think of. This is an attack method called credential stuffing. So, if your Amazon password is the same as your Citibank password and Amazon gets hacked, it is pretty much guaranteed that your Citibank account will be making funds transfers that you did not authorize. Using MFA greatly protects against this.
If you have trouble remembering your passwords, you can use a password vault. Vaults are apps or websites that keep encrypted copies of your passwords and any other information you want (bank account information, social security numbers, etc.) that you can access with a master password. If you have one of these apps on your phone, you only have to remember one master password to unlock the app and then you have access to all of the passwords you store in it. This is an excellent replacement for the Microsoft Word document on your computer or spiral notebook on the desk next to your computer.
Just like credit monitoring companies, there are many password vault companies and they have different costs and features. Some of the most common are:
These are just some of the ways you can help protect yourself from identity theft. Keep your eye on the Rowan Announcer and IRT blog this month as we share more security tips during National Cyber Security Awareness Month!
By Jerry Patterson, Director of the Information Security Office, and Mike Davie, Associate Director of the Information Security Office