Saturday, May 9, 2015

Should I freeze my kids' credit?

I was having coffee with a friend and fellow information security professional a few weeks ago when he told me that not only did he and his wife get letters from Blue Cross/Blue Shield regarding the Anthem breach, but so did each of his children. He has since frozen their credit with all three credit bureaus to protect it.

According to Marc Goodman, author of Future Crimes, kids are fifty-one times more likely to be victims of identity theft than adults. In the United States, 500,000 children become the victims of identity theft every year. And their parents don't even know it. Most of these kids don't find out about this crime committed against them until they are over 18, when they apply for student loans. Nineteen states allow parents to freeze their child's credit. For details, see Identity Theft Poses Extra Troubles for Children, a New York Times article posted April 17, 2015.

Every parent having a youngster at home should read that article and consider freezing the child's credit. I've received the same advice from friends of mine in the U.S. Secret Service and the FBI: The best protection you have against identity theft is to freeze your credit.

The credit bureaus claim it is an administrative nightmare for them, and I buy that, but a credit freeze doesn't pose any significant challenges to the consumer. Thawing your credit temporarily while you change cellular carriers or apply for a loan is easier than you might expect. Granted, freezing your credit won't stop someone who has pilfered your social security number (SSN) from filing a tax return in your name or using your medical insurance if he can gain access to your personal and group ID numbers, but credit freezing is one line of defense that shouldn't be overlooked.

Let's face it, the truth is that the bad guys are one step ahead of us. Protecting personally identifying information (PII) from falling into the hands of malicious actors is getting harder and harder to do. Why? Because our PII is stored electronically in countless databases in systems all over the world. All it takes for someone to steal your identity is knowledge of your name, SSN, date of birth, and address.

Three out of four of these identifiers can be too easy for anyone to find. (This is why it is not a good idea to post your birthday on your Facebook page.) The fourth, your SSN, is something you should protect to the best of your ability. Never give your SSN to someone who calls you on the phone, and never enter it on registration forms (like at your doctor's office) where there is no need-to-know. And don't carry your SSN card with you. For more information, see the U.S. Secret Service web page referenced at the end of this posting.

If you know your PII has been breached, freeze your credit; at the very least, subscribe to a credit monitoring service. Most retailers, financial institutions and other providers (like Anthem) will offer credit monitoring for free for a year or two following a compromise of your data. For more information, see the Consumer Financial Protection Bureau article, Should I use a credit monitoring service to protect myself from identity theft?, which compares credit monitoring to credit freezing.

Additionally, the FTC offers plenty of helpful information for consumers. See their web page Consumer Information | Identity Theft, or download Taking Charge: What to do if you identity is stolen (PDF format).

No comments:

Post a Comment