Identity thieves can strike anywhere, any time. While they seem like nameless, faceless boogeymen, they really can be deterred. Learn how to protect yourself.
Lots of debit cards buying gas in Mexico. Lots of checks issued to a Walmart in Michigan, just hours after a transaction in Rockford. A $17,000 cash withdrawal to a mysterious prince in a far-away land.
When something unusual happens to a customer’s account, a little alarm goes off at Alpine Bank’s loss prevention department, in Rockford. This team of four women spends each day ciphering bank records and transactions, catching fraudsters in action. The team is the first line of defense against identity thieves, who impact some 9 million people every year, according to CreditReport.com.
Identity thieves can strike anywhere, at any time. They often remain nameless, faceless boogeymen, but they can be deterred, when careful consumers take appropriate precautions. Protecting yourself from trouble doesn’t have to be a hassle – oftentimes, simple procedures are the most effective.
“Identity theft, in its most basic form, is just using somebody else’s identifying information to commit fraud,” says Jessica Hendon, security officer for Alpine Bank. “When you say identifying information, you can be talking about Social Security number, bank accounts, online banking, debit card number – any way you can commit fraud falls under identity theft.”
Common Scam: Check Washing. Mail is stolen right out of your box. Maybe some bills, or a check with your bank numbers. They take the checks home, wash off the ink and write it for a big purchase. Or, if they’re less sophisticated, they print your account number on homemade checks, then pass off the counterfeits.
To steal your identity, thieves need just enough information to look like you. They take a name, address, Social Security number, bank account number, credit card number, computer passwords or personal information, like hometown, mother’s maiden name and household pet. In Illinois, identity theft happens anytime somebody uses your information and accounts without authorization.
In seven years of security for Alpine Bank, Hendon has seen some pretty dumb and some pretty clever ways to obtain personal information. The old-school methods – purse-snatching and mail grabbing – still are popular. But thanks to online technologies, thieves are getting sophisticated. All they need is that juicy morsel.
Whenever somebody requests sensitive information, know for certain who you’re talking to.
“You should know the ways your bank will contact you,” Hendon says. “If your bank is going to contact you by email or text messaging, you should know they will contact you that way. We don’t use text messaging here yet, but if we think there is something wrong with your account, we’re going to call you.”
If you receive a call, Hendon says, take the caller’s name, then hang up and call the number you know to be most reliable. If it’s legit, that person will be available.
In some cases, the identity thief is a family member or friend – someone in a position to know a lot about the victim. In many more cases, though, they’re just anonymous individuals who obtain information and sell it through a food chain of thieves, says Bob Bisconti, owner, Bisconti Computers, 6465 E. Riverside Blvd., Rockford.
“When we’re dealing with identity theft, they’re petty thieves,” Bisconti says. “They’re trying to get millions of dollars. Keep in mind that the average identity thief wants the easy way out. They don’t want to work. They’re thieves; they don’t work.”
Many times, they put debit or credit card information onto an old hotel key or gift card, then run up the tab, says Hendon. In other cases, thieves buy a car or a home, and maybe open a credit card under your name. They’re reckless with their purchases, and the bigger the items they buy, the better. Sometimes, they make erratic choices.
“When we got robbed, they took our checks and they went to Woodman’s,” says Frank Graceffa, owner of Paper Recovery, 7972 Crest Hills Dr., Loves Park, Ill. “They knew the policy there was to cash three checks within a 24-hour day. They went from Rockford to Green Bay, Wis., and back, using our checks to buy all staples. They bought packs of cigarettes and beer. They bought bread and milk, stuff they need to eat, and never wrote checks for over $200.”
Common Scam: Skimmers. A fraudster pays the waiter at a restaurant to scan cards on a pager-size device. The fraudster plugs the device into his laptop, then sells the information or programs old hotel keys and gift cards for a shopping spree. Sometimes, fraudsters plug scanners into ATMs or gas pumps. These devices are easy to spot, if you’re aware of your surroundings, says Hendon. “If anything looks loose, or is sticking out, or just doesn’t look right, or you see a clue, just give it a wiggle,” says Hendon. “An ATM or gas pump swipe shouldn’t wiggle. There shouldn’t be anything loose.”
Protecting Your Finances
Check your bank account statements regularly, advises Hendon. That way, you’ll notice unusual activity quickly.
“Keep a transaction register, and compare it with everything on your statement,” she says. “Unfortunately, not everyone keeps a transaction register. If you don’t, and you can’t remember where you used your debit card a month ago, use online banking and check it once a week. That’s a lot easier to remember.”
Hendon also suggests periodically checking credit reports, which may reveal fraudulent activity such as car and home purchases, which are otherwise harder to detect. Also, if you catch fraud quickly, says Hendon, it’s less likely to be reported on your credit score.
When it comes to debit cards and online banking, some consumers remain wary of the direct access thieves have to a bank account. But those tools are definitely safe, says Hendon, because banks have legal and financial incentives to protect consumers.
“When it comes to those consumer laws that protect our customers from taking losses, unfortunately a lot of times those losses come back on the bank,” says Hendon. “So we want to protect the bank financially and our customers.”
At Alpine Bank, protections include daily limits for debit card purchases and extensive training for tellers. If you’re asked for a photo ID, don’t be frustrated, says Hendon. That’s how they know it’s the real you.
Under Regulation E of the Electronic Fund Transfer Act, consumers are not liable for fraudulent activity, so long as it’s reported within 60 days. The bank investigates the consumer claim and quickly grants “provisional credit,” allowing customers to make purchases without liability.
“We have up to five days to give them provisional credit,” says Hendon. “That’s so that they can pay their mortgage and get their groceries. Provisional credit, though, means that after our investigation, if we find out those charges weren’t fraudulent, or that the transactions were authorized, we can take that money back.”
Most fraudulent activity is caught by the loss prevention center, where computer programs constantly patrol transactions. When something is flagged, it’s quickly evaluated by the security team. Anna Hallstrom, a certified fraud examiner, looks for purchases that are out of the ordinary, or geographically conflicting, such as debit card swipes in China just minutes after being used in Rockford.
“Trust your gut instinct,” she says. “You trust that something just doesn’t feel right about a transaction.”
Common Scam: Phishing. “Get in touch with my accountant at Cotonou Republic of Benin and he will release cheque of ($2,6m) which I kept for your compensation before I left my country,” reads the email. “Contact her with the following information…” Sometimes, they pretend to be your bank, represent a long-lost relative, or send you lottery winnings. “They’re trying to get you to give out account information, get you to make a payment, or get you to a bad web link which takes you to a bad site where you’ll put in your good information,” says Hendon.
Protect Thy Passwords
Most people don’t give two thoughts to their passwords, but simple ones like “Rover123,” or “Bob” are an open invitation to hackers.
“The person with strong, hard passwords that take months to crack is better protected from a thief who doesn’t want to spend months trying to get in,” says Bisconti, who’s spent 18 years developing digital security for homes and businesses.
When creating a safe password, Bisconti suggests using at least eight characters, mixing letters, numbers and symbols. Don’t use anything easy, like family or pet names, birthdays and places of work. Also, switch them up. To keep track of his many passwords, Bisconti maintains a secured spreadsheet – six pages long – with all of his passwords. He also recommends using password vaults, secured websites that let you store and remember passwords. Thirdly, change passwords periodically.
“Now, you’re keeping one step ahead of your enemy,” says Bisconti. “You’ve got a tough password with alphanumeric symbols. You’ve got a different password for every account. And now, you’re changing those passwords. It took him months to crack in and you changed everything on him. He’s going to say, ‘Forget about it.’”
Even secure passwords are no good if you’re not careful. Bisconti discourages sharing private information on public computers. Don’t check Facebook or email, because hackers can hijack those units.
“I’ve done this for some customers and unfortunately, I’ve seen it done to some customers,” he says. “Hackers create a program that steals everything you type. Everything you typed, they saw. Every website you visited, they saw. Every photo you pulled up, they saw.”
Once a hacker accesses those accounts, he begins stealing your identity. Also beware of those public Wi-Fi networks, at coffee shops and hotels. If you’re not transmitting encrypted information, you never know who’s listening in.
Facebook and social media also are open doors for criminals. Sometimes, hackers can glean enough information to crack your password. Old-fashioned criminals discover that you’re not home.
“With social media, people get hit because they’re too social,” says Bisconti. “They put too much private information out into the public. If they don’t know how to use those safety tools properly, they’re letting all their friends and friends’ friends see their information.”
Bisconti also cautions parents to watch their children. In some cases, kids don’t even realize when they give out sensitive information online. Put the family computer in an open room, says Bisconti, and monitor their activities.
“Teach them, monitor them and test them,” he says.
Common Scam: Dumpster Diving. Yes, some criminals do scrounge through the trash, and yes, they are known to assemble shredded paper if it yields information and account numbers. “Just throwing your name and address in the garbage, or putting shred bags out by the curb, is like a big neon sign to people who steal identities,” says Graceffa.
Destroy the Evidence
Everything at Paper Recovery remains under lock and key. Certified in on-site and in-house shredding, with the National Association of Information Destruction, the company is careful to ensure that confidential information remains that way. When businesses or individuals drop off old documents, they can actually watch them in the shredder. The company loans out disposal bins that remain under lock and key, and if there’s a lot of paper, they’ll send a truck with a built-in shredder.
“We bring them back here, they’re put into the secure plant and they’re shredded,” says Doug Mark, director of marketing and sales. “They have to be shredded within 48 hours, so there are requirements that we have to follow to ensure that they’re destroyed and destroyed within a timely manner.”
Anything with sensitive information should be destroyed.
“A lot of those old, cancelled checks, old tax information, any kind of documents you’ll be getting rid of that somebody could glean information about you from,” says Mark. “Just about anything with account numbers or routing numbers could leave you very vulnerable.”
Businesses and medical clinics are legally required to keep certain information. But they’re also legally obligated to shred those private documents, from time to time. Simply dumping papers in the trash openly invites criminals, but a secured site is one of the safest places to eliminate sensitive information.
“The benefit is that you know those documents are destroyed,” says Mark. “And that’s the critical aspect of it, that you know from a certified recycling and document destroyer that those documents are destroyed, so you have the peace of mind that it’s done.”
Common Scam: Smishing. “This is your bank,” the message begins. “Your debit card may have been compromised. Call (800) 555-5555 to reactivate your card, or it will be shut down.” If you follow those instructions, you’ll become a victim of identity theft. “It’ll ask for your card number, and your PIN and even the number on the back,” says Hendon. “So they take your information to make a counterfeit card.”
Despite our efforts, criminals sometimes get the best of us. If you suspect your identity has been stolen, first contact your bank and credit card companies, to report suspicious activity and to freeze your accounts. File a report with your local police, and bring evidence to support your claims. While local departments can’t always investigate, they do compile information. The FBI maintains a complaint database that it uses to investigate and prosecute large-scale identity theft. Victims can visit ic3.gov to add themselves to the federal database, or find more information on the Illinois Attorney General’s website.
The best advice, though, comes from an old wartime slogan.
“Its just like in World War II, they used to make these posters that said, ‘Loose Lips Sink Ships,’” Bisconti says. “Always be careful who knows what.”
A Lot of Confetti
Rockford is officially the paper-shredding capital of the world. This September, Alpine Bank, Paper Recovery and Iron Mountain collected 253,318 pounds of paper from people in 2,300 vehicles at four Rockford-area locations, beating out Salt Lake City for a spot in the Guinness Book of World Records for most paper shredded in one day.
From early in the morning, the cars were lined up. Customers delivered boxes, bags, garbage cans, pickup trucks and flatbed trailers filled with old documents. Nearly 450 cars had already passed through the bank’s East State Street drop-off by 10 a.m.
Freddie Hoff, a records manager and adjudicator for Guinness World Records, spent the day ensuring that every pound of paper was collected. In every records attempt, adjudicators ensure that a record is possible, measurable and breakable.
“When we get out here, we’re looking to see that the record was broken, and later in this event, when the paper is being weighed, I go with the trucks to make sure that it’s shredded,” she says.
Collecting paper was an easy task, compared to some events she’s judged.
“Most People Dressed As Smurfs was the best, because I’ve never seen that many blue people before,” Hoff says. “That was taking place in New York City, but it was a multiple-venue event, so there were adjudicators in 11 different countries all over the world. It was World Smurf Day.”
Identity Theft Checklist
Here are suggestions from the Illinois Attorney General:
Protect your mail. Know when pickup occurs and don’t let mail build up.
Protect papers with personal information. Keep your documents and shred them when no longer needed.
Protect your Social Security number. Hide your card and don’t share your number.
Watch your credit and debit cards. Know where they go and when they’re used.
Protect account numbers, passwords and PIN numbers. Don’t share them with anybody.
Protect your information when shopping online. Use only trusted sites, and share sensitive information only on a secured connection, where the URL begins: https://