Protecting Your Identity in Cyberspace
Americans by and large these days seem more concerned about having their personal information, aka their identity, stolen by computer hackers or other criminals than they are by other crimes that might be considered more dangerous.
Recent high-profile data breaches at major retailers and some universities have cast a spotlight on cyber-based identity theft, and hackers are apparently becoming more successful. About one out of three people who received data-breach notifications letters in 2013 became a victim of fraud, up from one out of four in 2012 and one out of five in 2011.
Additionally, in my CPA practice, during this past filing season we saw a significant increase in the number of clients that the IRS has identified as a victim of identity theft in the area of tax filings, causing major delays in refunds and other inconveniences.
There is hope that new technology will help combat this threat. For example, banks and retailers in the United States are shifting from the old magnetic-strip technology used on payment cards to a more secure standard called EMV (Europay, Mastercard, and Visa), in which cards are embedded with a computer chip and each transaction is approved using a unique authentication code.
Shoppers tap a card on a reader or insert it into a slot before signing or entering a PIN. By the end of 2015, it's expected that about 70% of U.S. credit cards and 40% of U.S. debit cards will contain chips.
EMV does not provide additional protection for a card while online, but another advanced technology called tokenization, which generates a random alphanumeric sequence of each transaction, may become more common for online transactions.
So what can you personally do to thwart cyber-thieves? Here are three key safeguards to consider to help protect your identity:
- Create strong, separate passwords for each account, with at least eight characters and a variety of upper- and lower-case letters, numbers and symbols. Don't use automatic log-ins that save your user name and password. While this is inconvenient to be sure, it greatly reduces the risk of hackers being able to access your accounts and personal information.
- Before entering sensitive data online, look for the "lock" icon on the status bar of your Internet browser, which indicates an encrypted site. Never submit such information on sites that are not encrypted.
- Similarly, in the address bar of your browser, make sure the address of the site on which you are about to enter personal information begins with the protocol "HTTPS" and not just "HTTP". The "S" indicates more secure communication over a computer network.
- Enable the encryption and password features on your smartphone.
Of course, if you believe that a payment card has been used fraudulently, report your concern immediately to the bank or company that issued the card. And, if you haven't already, you should also consider signing up for fraud alerts from the issuer. By doing so, when the issuer detects a transaction out of the ordinary that could potentially be fraud, they can call, email or even text you immediately to see if you recognize the transaction. I can personally vouch for this, as on more than one occasion, such an alert has flagged a problem on my account and put a stop to it immediately!
(The author wishes to thank Pete Pallone of Pallone Financial Services, Inc. for providing some of the information used in this article.)
