In this report

Heading off identity thieves

5 simple ways to thwart crooks without paying for costly monitoring services

Last reviewed: August 2011

Big security breaches, like those earlier this year at Epsilon, a customer e-mail service provider, and Sony PlayStation Network periodically stoke the public's fear of identity theft. That, in turn, spells potentially lucrative opportunities for companies that sell products that promise to protect you from identity theft.

Soon after the news of the Sony breach of more than 77 million users' personal information, Equifax sent out a press release urging consumers to "consider the added protection of a credit and identity protection monitoring product," like its Equifax Complete, which costs $240 a year.

But as we've previously reported, ID theft protection products like credit monitoring are of dubious value because your fraud liability is already limited. They also charge you for things that you can do yourself—free. Moreover, the incidence of identity fraud is down significantly because of better safeguarding by financial institutions and more eagle-eyed consumers watching over their accounts.

So crooks are having a tougher time turning stolen identity information into cash and merchandise. You still need to be on guard, but you can protect yourself from security breaches by taking these five simple—and mostly free—steps.

1. Guard the cards

More than 86 percent of identity-theft crimes involve the fraudulent use of an existing account, such as a credit or debit card, according to a study released last year by the U.S. Department of Justice Bureau of Justice Statistics. Credit monitoring for newly opened accounts provides little protection against a raid on an existing account.

Meanwhile, why do you need $1 million in identity-theft insurance when most victims suffered no out-of-pocket costs last year, according to Javelin Strategy and Research, a California consulting firm. Banks and credit-card issuers—not you—are typically on the hook for the direct cost of such theft, though debit cards offer less protection than credit cards. Still, a minority of victims do lose money this way—$434 on average when a credit card is involved and $795 when a debit card is stolen, according to Javelin.

So you need to be vigilant. Sign up for free online banking to get full, secure control over your accounts via the Internet. Besides monitoring them, you'll be able to transfer funds, check balances, and pay bills. If your bank or credit-card issuer offers free e-mail alerts, which are designed to warn you of suspicious account activity as soon as it's detected, sign up for them. They're different from the costly credit-monitoring services that banks also sell, and that you don't need.

2. Freeze your credit reports

True identity theft, in which a crook uses your name, address, Social Security number, and/or date of birth to open new credit accounts for his or her own use, is a small threat, with a victimization rate of less than 1 in 100 consumers over a two-year period. But it's a nasty crime and much easier to prevent than to repair.

Your best protection is to place a security freeze on your credit reports today, before trouble strikes, at all three credit bureaus: Equifax, Experian, and TransUnion. A freeze prevents lenders who don't already have a relationship with you from looking at your credit report, which, in turn, stops them from getting the creditworthiness assurance necessary to extend credit in your name. Prices range from free to $20 depending on state law and whether you're already a victim of ID fraud. You can find links to security-freeze information on each credit bureau's home page.

3. Protect your computer

The Epsilon breach involved e-mail addresses. So you should be on high alert for phishing scams—seemingly legitimate e-mail messages that look like they come from a bank, credit-card issuer, online retailer, or other company you do business with, asking for personal information. Never respond to such requests, which typically direct you to a bogus website designed to capture your account user name, password, and other private information.

Of course, you should never click on links in unsolicited e-mail. Keep your Internet security software current, and put your personal data on encrypted flash drives. Store them away from your computer in case it's stolen.

4. Lock down your smart phone

You might not realize the extent of it, but your smart phone probably contains a wealth of information about your life, including phone contacts, private e-mail, and financial data. Avoid your own personal data breach by making sure your smart phone, tablet computer, and other mobile devices have security applications that guard against malware, encrypt your data, require password access, and can either locate the device or erase everything on it if it's stolen.

5. Respond aggressively to any hint of trouble

Watch for signs of ID theft, and respond quickly to stop thieves before they can act. That means keeping a list of all your credit and debit cards and contacting their issuers as soon as you realize they've been lost or stolen.

If you get notice of a security breach, the company that lost the data will typically provide free credit-monitoring and fraud-alert services for a specified length of time. Consider taking advantage of those, but remember to quit the services after the free period runs out.

This article appeared in Consumer Reports Money Adviser.

Posted: August 2011 — Consumer Reports Money Adviser issue: August 2011