LAST YEAR, 14.4 MILLION people were victims of identity fraud, according to the 2019 Identity Fraud Study from research and advisory firm Javelin. Nearly a quarter of victims had unreimbursed personal expenses related to the fraud, and the median loss was $375 among cases reported to the Federal Trade Commission.
While not all fraud rises to the level of identity theft, it was the third most common complaint made to the FTC in 2018. Identity theft happens when someone uses your personal information to open new financial accounts, file tax returns or even make fraudulent medical claims.
“There’s a whole litany of areas in which identity theft can make your life more challenging,” says Mike Tanenbaum, cyber head for insurer Chubb North America. Not only is it a crime that can cost you money, but it could require significant time and effort to resolve.
To minimize the damage, here are 10 steps to take once you realize you may be a victim of identity theft.
- File a report with the Federal Trade Commission.
- Contact your local police department.
- Notify the IRS and your identity theft insurance, if applicable.
- Place a fraud alert on your credit reports.
- Freeze your credit.
- Sign up for a credit monitoring service, if offered.
- Tighten security on your accounts.
- Review your credit reports for mystery accounts.
- Scan credit card and bank statements for unauthorized charges.
- Open new credit card and financial accounts.
1. File a report with the Federal Trade Commission.
The FTC compiles information about identity theft cases. It doesn’t have the ability to pursue criminal charges, but its information may be used by law enforcement agencies such as the FBI to track down perpetrators.
To file a report with the Federal Trade Commission, visit www.identitytheft.gov. As part of the reporting process, you’ll receive a recovery plan and even prefilled letters and forms that can be used to file police reports and dispute fraudulent charges.
Keep in mind that identity theft is defined as impersonating another person or using their information for financial gain. “One piece of information alone doesn’t usually identify you,” says Lena Licata, director in process, risk and technology solutions at accounting firm EisnerAmper in Iselin, New Jersey. By itself, a security breach doesn’t constitute a stolen identity and doesn’t need to be reported to the FTC.
2. Contact your local police department.
The next step is to file a report with your local police department. Although the police may not be able to do anything if your identity was stolen by criminals online and overseas, your report could help them track down someone who is stealing information locally.
“The police report is to protect yourself,” Tanenbaum says. It creates a paper trail that could be useful in the future. For instance, if someone uses your information to commit a crime, having documentation of identity theft could make resolving the matter easier.
Some states have specialized units that handle complaints such as identity theft. “In Jersey, there is an entire cyber taskforce,” Licata notes. If your state has an office such as this, file a report there as well.
3. Notify the IRS and your identity theft insurance, if applicable.
There are two other entities you may need to contact depending on your situation. First, you should notify the IRS if your Social Security number was used to file an income tax return. Do this by submitting a Form 14039 Identity Theft Affidavit, explains Neal Stern, a CPA member of the American Institute of CPAs’ Financial Literacy Commission.
Next, contact your identity theft insurance provider if you have one. Some companies, such as LifeLock and IdentityForce sell identity theft protection services that include insurance coverage. However, you may also have benefits through your homeowner or other insurance plan. For instance, Chubb offers complimentary identity theft resolution services to its policyholders.
Regardless of how you have coverage, “contact the company to learn their procedures for filing a claim that can help you cover the costs of rebuilding your financial life,” Stern says.
4. Place a fraud alert on your credit reports.
Now it’s time to follow up with the three major credit bureaus – Experian, Equifax and TransUnion – and request a fraud alert be placed on your account. The fraud alert stays on your credit report for a year, and it notifies any institution that pulls your credit report to the fact your identity may be compromised. The alert should prompt creditors to take an extra step to verify the identity of the person opening the account. You only have to request a fraud alert from one of the credit bureaus and that company should notify the other two firms. Requesting a fraud alert is free.
5. Freeze your credit.
For an added layer of protection, you can initiate a credit freeze which will completely cut off access to your credit report. That means the credit bureaus won’t share your report with anyone who requests it. You’ll need to contact each bureau individually to request they freeze your credit. The process is free, and Tanenbaum recommends freezing credit reports for children as well since they too can be victims of identity theft.
6. Sign up for a credit monitoring service, if offered.
If your information was accessed in a data breach, you may be offered complimentary credit monitoring. These services watch credit reports for suspicious activity and send alerts whenever a new account is opened.
If you aren’t offered free credit monitoring, you can sign up for a reputable service yourself. LifeLock, one popular provider, has plans ranging from a $9.99 a month standard plan for Social Security number and credit alerts to a $29.99 per month service that will watch bank and 401(k) accounts as well as look for any crimes committed in your name. Both come with reimbursement for stolen funds. Pricing is good for the first year and increases in the second year.
Other options include Complete ID plans available through warehouse club Costco for $8.99 to $13.99 a month and PrivacyGuard which charges $1 for the first 14 days and then $9.99 to $24.99 per month after that. Plan benefits vary by company.
7. Tighten security on your accounts.
Cybersecurity experts are quick to point out that most people don’t practice what they call good password hygiene. “Most people never change their password,” Tanenbaum says. Even worse, they use the same passwords or a close variation on every site.
Using a password manager is an easy way to ensure all your accounts have strong passwords. These services generate passwords that cannot be easily guessed and then store and autofill them on websites so users don’t need to remember each one.
LastPass offers a free password manager for one user. The company also has a premium plan for $3 a month that includes file storage and priority support services. Tanenbaum likes Dashlane, which also has a free version as well as a $4.99 per month premium service that includes a VPN for encrypted web browsing while on public Wi-Fi.
Other ways to avoid future instances of identity theft include shredding documents with personal information, not carrying your Social Security number in your wallet and not clicking on links in emails from suspicious or unknown senders. Delete any personal information such as addresses and phone numbers off public profiles on social media and other sites. Whenever offered, enable two-factor authentication, which will require both a password and a code delivered via email, text or phone for access to an account.
8. Review your credit reports for mystery accounts.
Whether you’re a victim of credit card fraud or a stolen identity, you need to check your credit reports for any accounts you may not recognize. By law, you’re entitled to at least one free credit report from each agency each year. While plenty of websites and creditors promise free credit reports, the official site to request them is AnnualCreditReport.com.
9. Scan credit card and bank statements for other unauthorized charges.
Pull up your other accounts and scan old statements for other charges you don’t recognize. “Identity thieves may start with charges or withdrawals as small as $1 to test the waters,” Stern says.
Don’t forget to review dormant or infrequently used accounts as well. If you find unknown charges, call the financial institution to alert them of the problem and request the account be locked or closed.
10. Open new credit card and financial accounts.
Identity theft victims should talk to their financial institutions to determine how best to avoid further damage. It most cases, that will involve closing and reopening accounts, even ones that haven’t been compromised. It can be a tedious process, but a necessary one to avoid a thief from gaining future control of your money.