Ever since the Equifax hack was announced on September 7, 2017, I’ve been seeing the words “practice vigilance” and “be vigilant” with little or no explanation about how to actually do this. According to online dictionaries, vigilant means “being on the lookout for danger” or “being keenly watchful and ever alert.” That sounds fine, but the reality is personal identification information (PII) of 143 million people is now “out there” in perpetuity. In addition, “staying vigilant” is often unsustainable because it requires time and mental energy.
What to do? Convert vague advice into concrete action steps that can be practiced for the remainder of your life. Why? That is how long your PII can be misused. Hacked data can remain dormant for years before it is actually misused. In addition, people can only take action to stop new account fraud (see credit freezes, below). Other frauds, unfortunately, can only be detected after they happen. Below are 20 vigilant practices to put into practice:
- Carefully Review Credit Card Statements- Look for unauthorized charges and/or unknown merchants; especially beware of small charges (e.g., $1) that fraudsters may make in anticipation of larger charges later and suspicious recurring charges for products or services that were not purchased
- Carefully Review Bank Account Statements- Look for unauthorized withdrawals and account transfers
- Reconcile Your Checkbook Monthly- Look for unauthorized transactions and checks with changed payees
- Secure Your Debit Cards- Know that it can take weeks to recover funds that are stolen from a bank account
- Use Credit Instead of Debit- Do this for better fraud protection and to postpone payment for a purchase
- Secure Your Checkbook- Keep it out of plain sight and immediately report missing checks to your bank
- Consider a Credit Freeze- Prevent lenders from reviewing your credit to head off new fraudulent accounts
- Use Strong Computer Passwords- Don’t use your birth date because this information has now been exposed
- Shred Personal Documents- Use a crosscut shredder to destroy old credit card, bank, and broker statements
- Check Your Credit Report- Request one credit report every four months on a rotating basis from the “Big Three” credit bureaus (Experian, Equifax, and TransUnion) via www.annualcreditreport.com
- Monitor Your Credit Score- Look for a sharp drop in your score, which could indicate fraudulent activity
- Never Let Your Cards Out of Sight- Use credit and debit cards for payment only where you can swipe them yourself. For gasoline and restaurant meals, try to pay at a register or keep attendants and servers in sight
- Secure Electronic Devices- Put passwords on laptops, tablets, and phones if used for financial transactions
- Practice Digital Security- Guard passwords, PINs, security questions, and other account login information
- Secure Sensitive Data at Home- Do this when contractors, caregivers, and others have unsupervised access
- Smash Old PC Hard Drives and Cell Phones- Do this to assure that sensitive saved data cannot be misused
- Beware of Phishing Frauds- Delete suspicious e-mails and text messages that request PII and/or payment;remember that future phishing schemes may be more personalized as a result of PII stolen in the Equifax hack
- Avoid Remote ATMs- Do not use ATMs far from bank cameras that may have skimming devices attached
- Beware Public Wi-Fi Connections- Don’t use unprotected Wi-Fi for purchases or banking transactions
- Take Advantage of Free Credit Monitoring- Sign up for post-hack credit monitoring, when offered; it doesn’t cost you anything and will save on regular costs that typically range around $120 to $150 per year.
Many of the above actions can become personal habits or “decision rules” that you simply adopt as a matter of practice (e.g., checking credit reports and bank statements). Others can be implemented on an “as needed” basis (e.g., smashing hard drives). The next time someone says “be vigilant,” don’t brush it off. Take positive action to protect yourself against future frauds and to detect possible fraud from your data that was stolen from Equifax.