Credit yourself by staying vigilant
By Joel Dresang
I hate to say I told me so.
Eight months ago, when I reported that someone had tried to use my credit card without my knowledge, I said it wouldn’t be the last time.
Well, on Jan. 27, it happened again. My credit card issuer texted me to say it declined a $23.65 charge with my card at Aldo shoes.
“Was this you? Reply YES or NO. If yes, you will not be charged unless you try again. If no, we will close your current card and send you a new one. Msg & data rates may apply.”
I replied NO and braced myself.
Two business days later, coincidentally, the Federal Trade Commission began Identity Theft Awareness Week.
According to the latest data gathered by the agency, Americans suffered nearly 400,000 cases of credit card fraud in 2020. That’s more than double the incidents in 2017. ID theft of all kinds neared 1.4 million cases in 2020, up from 371,000 in 2017. Each year, credit card fraud ranks either first or second among ID theft crimes.
The Bureau of Justice Statistics says 90% of self-reported victims of ID theft fall prey to the misuse or attempted misuse of a credit card or other financial account.
Knowing I’m not alone isn’t much consolation, though. Instead, it galls me to see the pervasiveness of such crimes. From experience and research, I know I can’t fully protect myself.
After someone stole my identity and opened an Amazon card in my name six years ago, I installed a fraud alert through the credit bureaus, which warned lenders of fake credit applications. While fraud alerts and credit freezes (aka security freezes) can hinder new accounts by fraudsters, existing accounts remain vulnerable. The alert on my credit files did not stop crooks eight months ago from trying to use my credit card online at Nike and the PGA Tour Superstore.
I do what I can to prevent unauthorized use of my card: I’m careful about disclosing information from my card — particularly to parties I have not approached and verified on my own. I also make a habit of shredding canceled cards and documents with sensitive information before discarding them. I use two-factor authentication with financial institutions as an extra confirmation of my identity.
But most of my power is in detection, not prevention. Here’s how:
Scrutinize account statements. It pays to read through all the transactions on your monthly credit card bills. I’ve found it’s easier to do with paper statements, but I’ve gotten better about reviewing those I receive online too. Bonus: It’s healthy to regularly examine how you’re spending your money.
Challenge questionable charges. When you see a transaction you don’t remember, first try to verify it. Then call the card issuer to dispute it. Even small charges matter because fraudsters sometimes test their luck on a cheaper purchase before pursuing something bigger. (From the Consumer Financial Protection Bureau: How to fix mistakes in your credit card bill.)
Respond to fraud alerts. First, call the number on the back of your card to make sure the alert you received is legitimate. When your card issuer warns you of suspected fraud, reply right away. It can help minimize the damage and hasten restoration of your account.
Keep records handy. Knowing where to find recent statements made it easier for me to see which automatic payments were tied to my closed account. That way, I could head off any disruptions by switching them to another card.
Have a backup. I have a secondary credit card with no annual fee from my credit union. It helped the last two times my primary card got closed for fraud. (Debit cards tend to have less protection against fraud.) A recording at my primary card issuer said it would replace canceled cards in five business days, but it took seven — 11 human days — before my new card arrived. Meanwhile, it was the end of the month, and I had begun to receive notices from businesses warning that the card tied to my account wasn’t working.
The same day the government began ID Theft Awareness Week, I (coincidentally?) got an email from the administrator of the $700 million Equifax data breach settlement.
I was one of 147 million people whose sensitive data (names, social security numbers, birth dates, addresses, credit card numbers, driver’s license numbers) were compromised when hackers raided Equifax — one of the companies that does business with our personal and financial information.
Equifax got invaded in 2017. I got the settlement notice in 2022. The lapse was so long that news media reports assured consumers that the email was not a scam.
“Implementation of the Settlement was delayed by appeals;” the email said, “however, the Settlement is now effective because appellate courts have affirmed it.”
The settlement provides me with four years of free consumer monitoring services, including notice of changes to my credit report at all three national credit bureaus, up to $1 million in insurance to cover costs related to identity theft or fraud, notification of credit inquiries in my name and internet monitoring of attempts to trade or sell my personal information.
The settlement administrator assured me that I will not have to pay for anything. Nor should I have to worry about Experian – the credit bureau administering the plan — automatically enrolling me in expensive monthly services once my four free years are up.
But forgive me if I’m skeptical of how much the settlement will help me. After all, I’m getting these services only because Equifax, as the FTC alleged in a 2019 complaint, failed to make its network secure even after being warned of vulnerabilities.
“No amount of free credit monitoring is going to make up for the incessant scam and sham telephone calls, text messages and emails,” Washington Post columnist Michelle Singletary wrote of the settlement.
It’s helpful to have the credit bureaus be more transparent and vigilant on my behalf, but I’m not going to count on them or the services compelled by the settlement. On my own, I’ll keep doing what I can to protect my financial information. And I’ll keep studying my monthly billing statements for inconsistencies.
Joel Dresang is vice president-communications at Landaas & Company.
In a three-part series of Money Talk Videos, Jason Scuglik offers advice on personal financial security. Among his tips:
- Be sure you know who’s really sending an email.
- Scrutinize links in email.
- Beware of attachments.
- Know who you’re sending email to.
- Don’t send sensitive information through email.
- Create complicated, unique passwords for each account and keep them safe, ideally in an online password manager.
- Use two-factor or multi-factor authentication when available.
- Change your passwords immediately if you suspect they have been compromised.
- Update your devices’ operating systems and applications when called for.
- Don’t communicate sensitive information using public Wi-Fi.
- Back up important data with a portable hard drive or a secure online service.
Wake-up call: Protect against cyberfraud, by Joel Dresang
Watch accounts closely when card data is hacked, from the Consumer Finance Protection Board
Consumer Information on Identity Theft, from the Federal Trade Commission
Credit Freeze FAQs, from the Federal Trade Commission (en Español)
Why a Credit Freeze Alone Won’t Stop Identity Theft, from Consumer Reports
Protect your wealth from cyber scams, by Lisa Lewitzke
(initially posted March 4, 2022)
Landaas newsletter subscribers return to the newsletter via e-mail.