I have been thinking a lot about identity theft as I’ve covered the massive TJX security breach this year. I have recently reported that the size of the breach has increased from its original 47 million cards to 94 million cards, which is nearly one card per U.S. household.
The TJX breach certainly is a high-watermark breach, but it’s nowhere near the only one, nor the only big security breach. To get an idea of just how many security breaches there have been and where they have occurred, the Privacy Rights Clearinghouse has chronicled a history of security breaches here.
The credit issuing and reporting system in the U.S. is out of control. Rather, it might be more accurate to say that the credit system has not institutionalized changes to reflect changing risks in the Internet era. The factors that have led to the epidemic of data security breaches include:
- The proliferation of financial and private information in banking, merchant, service provider, and consumer information systems
- The exuberance with which creditors grant credit to consumers
- The lack of controls to ensure that the person requesting credit is actually who they claim to be
If we just sit around and wait for the government to fix this, we’ll all be robbed blind first. We must take some action on our own, now, until the credit system introduces effective controls on its own. I recommend you take these measures to protect yourself.
- Set up a fraud alert with one or more of the three credit bureaus (Experian, TransUnion, Equifax). This will alert you to any changes in your credit file.
- Examine your credit report carefully at least once per year.
- Close credit accounts that you no longer use.
- Consider getting your mail at a PO Box or a Private Mail Box (PMB), to reduce the possibility of mail theft.
- Reduce or discontinue your use of credit.
- Pay cash. Whenever you are paying with a credit or debit card, you are leaving information behind that can be used to commit fraudulent transactions.
- Double-lock your banking and credit information in your home and place of business. In other words, put all documents containing private and financial information in a safe or locked room within your home or business.
While it is true that all of these measure take time and money, they take far less of each than the effort required to clear your credit if you fall victim to identity theft.
We have been victims ourselves. My wife’s driver’s license was stolen, and it was subsequently used to write bad checks in her name. My credit card number (and name+billing address) was stolen from employees at a shipping company, and over $2,500 in fraudulent transactions charged against my debit card. Neither resulted in a wide scale identity theft against us, but they could have had we not taken action quickly.
Don’t wait for someone else to fix this for you.
Peter H. Gregory 
I’d recommend (and have done) steps 2,3,5,6 first. Why? Because these apply economic pressure on the organizations that play fast and loose with my financial security. Basically, I’m saying to them “Until you clean your act up, I’m going to reduce my patronage of your services.” And that is how you effect change.
There are invaluable services available through PrePaid Legal Services and their marketing of complete ID theft monitoring and RESTORATION. this includes all forms o ID theft and fraud, not just the financially related occurrences. Call me if you are interested in this approach.
Thanks very much for allowing this comment 830 249 7748 I am in Boerne, TX.
Your third factor is key and generally ignored: “The lack of controls to ensure that the person requesting credit is actually who they claim to be.” Why should consumers be responsible for this part of the problem? It’s very convenient for merchants to process transactions based solely on a plastic card and a number checked against a database, but if that’s all they do to verify identity of their customer, why should the impersonated be damaged?
Our threshold for negligence on the part of merchants is too low. Make them financially responsible for submitting charges without verifying identity, and this problem will go away. There will be customer inconvenience as merchants adapt, but more reliable identification technology will not be invented until it is necessary financially.