by Amanda Welsh, Ph.D.
While I was having dinner with colleagues at the Financial Planning Association's annual convention in San Diego in 2005, the topic of identity theft came up. One planner triumphantly pulled out her credit card to show us how she had scratched the three-digit security code off the back to prevent fraud. In reality, she merely had restricted her ability to shop online in exchange for protection against a type of fraud that would probably cost her no money and very little time.
More and more planners are educating their clients on identity theft—a growing source of financial fraud that everyone should protect against. Unfortunately for their clients, many planners have learned about identity theft from media reports that offer more sizzle than substance. In order to give the best, most helpful advice, it's critical for financial planners to take the time to separate identity theft myths from reality.
The news tells us that 10 million Americans fall victim to identity theft each year, that victims spend up to 600 hours cleaning up the problems, and lose around $500. While this is true in the aggregate, these numbers hide the fact that about half of identity theft cases involve only the most basic credit card fraud, for which the consumer is not held liable.
Credit card numbers are pretty easy to steal and abuse, but most cases are handled in minimal time with no financial loss to the individual. A well-known federal law limits liability to $50—and it's rare to have to pay even that. What's more, because credit card companies and retailers foot most of the bill for fraud, they are pretty aggressive about tracking purchases and flagging anything that seems unusual before problems get too far out of hand. They keep an eye on you and they have simple, well-established procedures for resolving problems.
Bad credit card charges aren't the real identity-theft problem. What you really need to protect against are problems created when someone opens new accounts in your name or pretends to be you when they are arrested or fall under suspicion for a crime. Although less common, the danger of this happening is still quite real. The FTC estimates that your chance of becoming a victim of serious identity theft is about 1 in 66 annually. Over a ten-year period, each individual's risk is closer to one in ten. Since losses from serious identity theft can be significant, it is well worth taking preventive action to lower the chances you'll fall prey to this kind of problem. To understand what offers the best protection, however, you have to understand your vulnerability.
Many believe that the Internet is the source of all identity-theft problems. The Internet does create dangers but not, as popularly imagined, from hackers or online shopping. When it comes to online perils, you are far more likely to become a victim through your own carelessness. "Phishing" e-mails—fake e-mail messages purporting to be from legitimate companies and asking for account numbers—lure hapless consumers into revealing key financial information to crooks. Even innocuous-looking e-mail messages from unknown sources can trigger installation of software that captures the sequence of keys typed on a keyboard of passwords and account numbers, for example. This information is relayed to crooks who use it to figure out your most carefully protected information. These kinds of attacks, where millions of potential victims are tapped with a single e-mail message, are far more common than those where only one individual is targeted at a time.
Another point of vulnerability from technology comes from corporate computers. When companies create large databases containing information on millions of customers, they create attractive targets for theft. News reports in the past year have highlighted how frequently your information can be lost by or stolen from them. Legislation that helps protect consumers is under consideration but the burden will likely always fall on the individual to ask pointed questions before sharing sensitive information.
Close to Home
While many people overestimate the danger of technology, many also underestimate the dangers close to home. A study on identity theft sponsored by the Better Business Bureau found that when it could be identified, the source of information loss was very likely to be theft of mail from mailboxes. Indeed, local dangers—the place you live, the people around you, the devices you carry—are more varied and more real than most people imagine.
Methamphetamine addicts are paid to steal mail in even the best neighborhoods. Sometimes, family members—the people with easy access to all of our information—have a drug, gambling, or alcohol addiction that drives them to extreme action. Almost 15 percent of all identity theft is carried out by someone the victim knows. Unprotected information in the things you carry, like your wallet or PDA, is another recipe for trouble. Lost or stolen wallets account for almost 20 percent of identity theft.
Armed with better knowledge of the true dangers, what should you tell your clients? The strategies for increased protection from identity theft fall into three broad categories:
1. Increased awareness
2. Changing unsafe behavior
3. Limited investment in protective technology
A landmark Federal Trade Commission survey suggests that victims who discover their identity theft in the first six months are considerably less likely to lose money or get into situations that require significant investment of their time. The best way to stay aware is to order your credit reports on a regular basis. You can also check your bills online—online banking is fairly well protected, and checking your accounts frequently offers you more protection than waiting for a once-monthly statement. Paying more attention to neighborhood activity and understanding family problems can help, too.
Changing Unsafe Behaviors
Given that stolen wallets often lead to identity theft, it is important to limit what you carry in your wallet. Don't keep any written passwords or anything with your Social Security number. Instead of defacing a credit card, the planner I had dinner with would have done better to worry about the insurance card that used her Social Security number as the identifier.
Use safer forms of money. Although credit card numbers are easily compromised, credit card fraud doesn't present nearly the same problems as those created by forged checks. Checks offer a lot of sensitive information to anyone who can read. Cleaning up the mess of bad checks can be quite time-consuming and frustrating. And by the time you discover the problem, your money is already gone. Unless you have significant money management issues, use credit cards when you can. Keep the checkbook out of your purse or wallet.
Finally, think twice before answering e-mail from unknown sources or sharing information with companies.
Limited Investment in Protective Technology
Anyone using a computer connected to the Internet should install basic protective technology: a firewall and antivirus software. While these two solutions aren't a substitute for common-sense behavior, they can help protect against some malicious programs floating about out there. It's also a good idea to invest in encryption software—especially to protect information on things that can be easily lost or stolen, like your laptop, smartphone, or PDA.
There is, of course, much more we can all do to lower our risk, but even these simple steps can offer reasonable protection. Financial planners are uniquely positioned to offer a valuable service by helping clients navigate the often frightening, modern danger of identity theft—as long as they focus what the real risk is and address that risk with the right precautions.
Amanda Welsh, Ph.D., helps planners protect high net worth clients from all kinds of information misuse and is the author of the Identity Theft Protection Guide. She can be contacted at firstname.lastname@example.org