Did you know that avoiding the Internet increases your changes of becoming a victim of identity theft? As crazy as it sounds, it is true. Many people believe that if they avoid the Internet they will limit the chances of exposing their sensitive information online. While it will reduce the risk of you sharing too much of your own information, it does nothing to prevent others from sharing your information. Let me explain.
According to the Identity Theft Resource Center, since 2005 there have been over 800,000,000 personal records exposed through data breaches. A data breach occurs when sensitive customer information maintained by an organization, such a doctor’s office or a financial institution, is exposed without consent. Exposure may occur by hacking or employee error, such as a stolen laptop. With over 800,000,000 records exposed, odds are your information was exposed at some point since 2005.
So what happens to the exposed information? That is the million dollar question. Often the information is sold online through websites in the dark web. The dark web, also know as the deep web, is the part of the Internet that is not indexed by traditional search engines. It is estimated that the dark web makes up 80-90% of the information available on the Internet.
Once your personal information is available online, it can be bought and sold numerous times worldwide. Criminals then use the information to commit identity theft giving them access to your financial accounts, your benefits and more. So how do they do it?
Fear of the Unknown
Avoiding participation in the digital age could actually increase your risk of becoming the next identity theft victim. But how could that be true? Many organizations today offer online account access. However, there is a segment of our population that is not comfortable conducting their personal business online. Criminals know this and use it to their advantage. If you have not set up online account access to your bank account, for example, then you are leaving it wide open for a criminal to do it on your behalf. Most of the time all it takes is for the criminal to call your bank’s 800 number, pretend to be you, answer a few identity-verifying questions and ask to set up online access. Next thing you know, someone else has full control of your bank account. I refer to this as online account take-over. But how did they answer the identity verifying questions? They bought your information (name, address, date of birth and social security number) online.
So what can you do to protect yourself and your accounts? Your first option is to create the online account yourself. Doing so will block a criminal from setting up the online account. The second option is to contact the organizations, your bank and credit card companies, and ask them if they can block online or electronic access to your account. If the organization does not have the capability of blocking online access, then you will need to ask them about other alternatives to protect your account from an imposter posing as you.
Introducing the Passcode
Another way to protect your accounts from an imposter calling your organizations’ 800 number is to use a passcode. A passcode is similar to a PIN or a password. When you call the number, the representative will ask you to verify this passcode. This is an extra piece of information that a criminal may not be able to buy online. Just make sure your passcode is not something a criminal could guess by profiling you. For example, do not use your spouse’s name, your pet’s name, your high school mascot, etc. Your passcode should be something that is only known to you. You could even use a made-up word. One of my passcodes is a word that my son said as a toddler. Since it is not a real word, it would be very difficult for someone to guess, let alone spell correctly. If the organization does not offer a passcode, then ask them if you can establish a PIN or a password. You, as the consumer, have the right to ask an organization what tools are available to protect your account and your information.
Who Offers Online Accounts
So exactly where do you need to be concerned about online account take-over?
- Financial institutions (checking, savings, mortgage, loans, etc)
- Credit cards
- Social Security Administration (click here to read more on this program)
- Utilities (electric, cable, cell phone, etc)
- Medical records
Please note that this is not an exhaustive list. It is merely to get you started. The best way to find out what is available to you is to contact organizations that you regularly do business with and ask them if they offer online access. If they do, then inquire about your options to protect your account. If the organization does not offer any security options, you may need to consider taking your business to an organization that is concerned about protecting you.