Wednesday, September 27, 2017

How to be Vigilant in the Aftermath of the Equifax Hack: Part 1 (Securing Bank Accounts and Credit)

Ever since the Equifax hack was announced on September 7, 2017, I’ve been seeing the words “practice vigilance” and “be vigilant” with little or no explanation about how to actually do this. According to online dictionaries, vigilant means “being on the lookout for danger” or “being keenly watchful and ever alert.”  That sounds fine, but the reality is personal identification information (PII) of 143 million people is now “out there” in perpetuity. In addition, “staying vigilant” is often unsustainable because it requires time and mental energy.


What to do? Convert vague advice into concrete action steps that can be practiced for the remainder of your life. Why? That is how long your PII can be misused. Hacked data can remain dormant for years before it is actually misused. In addition, people can only take action to stop new account fraud (see credit freezes, below). Other frauds, unfortunately, can only be detected after they happen. Below are 20 vigilant practices to put into practice:


  • Carefully Review Credit Card Statements- Look for unauthorized charges and/or unknown merchants; especially beware of small charges (e.g., $1) that fraudsters may make in anticipation of larger charges later and suspicious recurring charges for products or services that were not purchased
  • Carefully Review Bank Account Statements- Look for unauthorized withdrawals and account transfers
  • Reconcile Your Checkbook Monthly- Look for unauthorized transactions and checks with changed payees
  • Secure Your Debit Cards- Know that it can take weeks to recover funds that are stolen from a bank account
  • Use Credit Instead of Debit- Do this for better fraud protection and to postpone payment for a purchase
  • Secure Your Checkbook- Keep it out of plain sight and immediately report missing checks to your bank
  • Consider a Credit Freeze- Prevent lenders from reviewing your credit to head off new fraudulent accounts
  • Use Strong Computer Passwords- Don’t use your birth date because this information has now been exposed
  • Shred Personal Documents- Use a crosscut shredder to destroy old credit card, bank, and broker statements
  • Check Your Credit Report- Request one credit report every four months on a rotating basis from the “Big Three” credit bureaus (Experian, Equifax, and TransUnion) via
  • Monitor Your Credit Score- Look for a sharp drop in your score, which could indicate fraudulent activity
  • Never Let Your Cards Out of Sight- Use credit and debit cards for payment only where you can swipe them yourself. For gasoline and restaurant meals, try to pay at a register or keep attendants and servers in sight
  • Secure Electronic Devices- Put passwords on laptops, tablets, and phones if used for financial transactions
  • Practice Digital Security- Guard passwords, PINs, security questions, and other account login information
  • Secure Sensitive Data at Home- Do this when contractors, caregivers, and others have unsupervised access
  • Smash Old PC Hard Drives and Cell Phones- Do this to assure that sensitive saved data cannot be misused
  • Beware of Phishing Frauds- Delete suspicious e-mails and text messages that request PII and/or payment;
    remember that future phishing schemes may be more personalized as a result of PII stolen in the Equifax hack
  • Avoid Remote ATMs- Do not use ATMs far from bank cameras that may have skimming devices attached
  • Beware Public Wi-Fi Connections- Don’t use unprotected Wi-Fi for purchases or banking transactions
  • Take Advantage of Free Credit Monitoring- Sign up for post-hack credit monitoring, when offered; it doesn’t cost you anything and will save on regular costs that typically range around $120 to $150 per year.

Many of the above actions can become personal habits or “decision rules” that you simply adopt as a matter of practice (e.g., checking credit reports and bank statements). Others can be implemented on an “as needed” basis (e.g., smashing hard drives). The next time someone says “be vigilant,” don’t brush it off. Take positive action to protect yourself against future frauds and to detect possible fraud from your data that was stolen from Equifax.

Wednesday, September 20, 2017

Credit Freeze Information in the Wake of the Equifax Hack

Credit Freeze Information in the Wake of the Equifax Hack

I guess I touched a nerve with my post about the Equifax hack last week. Over 600 people have viewed it so far. This week's post is the sequel. I'm pleased to report that, after 8 dropped phone calls, 3 inaccessible web sites, and 2 certified mail requests, I have (finally) frozen all my credit with four credit reporting agencies, probably for the remainder of my life.
Credit experts recommend that consumers freeze their credit to reduce their risk of becoming an identity theft victim. This has to be done individually with each of the “Big Three” credit reporting agencies (Equifax, Experian, and TransUnion), plus some experts also recommend doing a freeze with a lesser-known credit reporting agency called Innovis to “cover all the bases.” That means making 4 separate freeze requests per person or 8 requests for a couple.
By freezing your credit, you prevent potential creditors from accessing your credit file, thereby preventing identity thieves from opening accounts in your name. However, credit freezes will not deter non-credit related frauds such as tax refund identity theft and health insurance fraud. For that, consumers are simply told to “be vigilant.”
Credit freeze requests can be made online, by phone, or by certified U.S. mail. Expect to devote some time to this task. Below is contact information for each credit reporting agency for each method of contact to request a credit freeze:


Equifax: 800-685-1111

Experian: 888-397-3742

TransUnion: 888-909-8872

Innovis: 800-540-2505

U.S. Mail

Equifax: Equifax Security Freeze, P.O. Box 105788, Atlanta, GA 30348

Experian: Experian, P.O. Box 9554, Allen, TX 75013

TransUnion: TransUnion LLC, P.O. Box 2000, Chester, PA 19016

Innovis: Innovis Customer Assistance, P.O. Box 26, Pittsburgh, PA 15230-0026

The costs of security freezes vary from state to state. Fees may or may not be charged to add a credit freeze, temporarily lift (thaw) a credit freeze (e.g., when you need to apply for a loan), and remove a credit freeze. Different fees for credit freezes may also apply depending on whether someone is or is not a victim of identity theft. Equifax has waived their fee for everyone until November 21.

For mailed security freeze requests, include the following information in a cover letter format:
  • Full name (with middle initial) and former name, if applicable
  • Current address and former addresses within the last five years
  • Social Security number
  • Full date of birth (month, day, year)
  • Signature
  • Photocopies of two forms of identification such as a government-issued identity card and proof of residence such as phone bill or utility company bill.

Wednesday, September 13, 2017

Coping With the Aftermath of the Equifax Hack

I usually try to avoid long lines and peak crowds as a way to reduce wasted time and mental stress. It didn’t quite work out that way this week. As everyone knows by now, about 143 million Americans had key pieces of their personal identification information (PII) stolen in the Equifax hack. We’re talking about the “holy grail” of PII for identity thieves: Social Security numbers, birth dates, addresses, credit card numbers, and other key data.


As if that wasn’t enough, consumers were basically told to “deal with it” ourselves: check our credit reports, sign up for free (for now) credit monitoring, request a fraud alert, and freeze our credit. All at our own expense (both time and money), of course. If the traffic on I-95 in Florida fleeing Hurricane Irma looked bad, imagine millions of Americans simultaneously trying to take the four recommended actions noted above. Yes….total gridlock.


While I’ve toyed with the idea for years, the Equifax hack immediately convinced me to freeze my credit. By taking this step, you prevent potential creditors from accessing your credit file, thereby preventing identity thieves from opening accounts in your name. Unfortunately, this is easier said than done. I’ve been at it for four days now and encountered two “temporarily unavailable” web sites and phone calls that drop with busy signals.


We’re told to “keep trying” and I will, until I am credit frozen by the “Big 3”credit reporting agencies or CRAs (Equifax, Experian, and TransUnion). Some credit experts are also recommending freezes with another agency called Innovis. Too much is at stake not to. Unfortunately, each CRA must be contacted separately. That’s 4 contacts per person. It would be so much easier if we could contact one central site like for credit reports.


To avoid online and phone gridlock, you can also request credit freezes by certified U.S. mail. I found an Indiana government web site with helpful template request letters but double-check the addresses for security freezes on each CRA’s web site. Some did not match the templates. Even after doing all this, you’re not done. Your PII is now basically “out there” in perpetuity. Credit freezes will also not deter non-credit frauds such as tax refund theft and health insurance fraud. For that, we are simply told to “be vigilant,” probably for the rest of our lives.

Thursday, September 7, 2017

The Dangers of "As Soon As….” Financial Planning

I recently worked with three colleagues on a research study about financial decision-making. The sample consisted of 1,538 individuals who completed an online survey during June 2016. The target audience was young adults and 69% of the sample was under age 45.We asked questions about financial decision-making related to three key financial goals: student loans, homeownership, and retirement planning.

Results of this study provided evidence of “As Soon As I…” (a.k.a., “When I…” and “After I…”) financial decision-making. In other words, many respondents appeared to be living a postponed financial life and delaying retirement savings until a certain life event occurred or another financial goal, such as repaying student loan debt or buying a home, was achieved.

By postponing savings, the wealth-building effects of compound interest cannot be maximized. For every decade that someone delays saving for a financial goal, the amount of monthly savings that is needed is 2 to 3 times higher. To accumulate $1 million at age 65, assuming a 6% average annual return, 25 year olds must invest $6,462 per year, 35 year olds $12,649 per year, 45 year olds $27,185 per year, and 55 year olds 75,868 per year.

My advice: save for later life financial goals early and often and fund multiple goals concurrently instead of consecutively. For example, reduce debt, save for a house, and fund a 401(k) together at the same time. Instead of practicing “As Soon As” financial planning, resolve to set aside money for several high priority goals at the same time. Remember…compound interest is not retroactive! You can’t earn interest on money that was not saved.

Loud Budgeting: A Financial Discipline Strategy

  Have you heard the term “loud budgeting?” It started gaining traction earlier this year on TikTok (where else?) and has been covered by fi...