Friday, August 9, 2019

One Important Takeaway from the CapitalOne Hack

As part of a far-ranging conversation I had with a recent high school graduate, we touched on the CapitalOne hack. That breach did not affect her, but I said that she needed to act as if all her financial information was already available to criminals. Is it, even for one so young?

Doesn’t matter. The point was we all should act as though someone knows our Social Security Number, our driver’s license, our address, has our bank account numbers, credit card numbers, Medicare number, and health insurance ID. We should assume they know our credit score, have our picture, know our immunization status and all our other medical records. They have some of our old passwords (of course we change them frequently—well, maybe we’ve forgotten to do that), know our mother’s maiden name, where we attended school, the names of our first pet and our best friend growing up. They know our cell phone number, favorite usernames, and account numbers for many of our online accounts.

Act as if every important bit (or byte) of information about you is available to crooks, and you won’t be far wrong. If they don’t already have some piece of information, I have no doubt in some future breach they will.

Which means what, throw up our hands in resigned disgust and wait for someone to steal our money, our credit card, our identity? Of course, not. We can’t stop crooks from trying to steal, but we can make it very hard for them to succeed.

Two Steps You Can Take Today

Set up Alerts. Every credit card. bank account, mutual fund and brokerage account I have allows me to receive alerts whenever a transaction occurs. When I first started getting alerts, I chose them to apply for transactions over (say) $100. No more. Now I choose the smallest threshold their system allows--$.01 if they let me. I receive a text alert or email notification of every deposit, withdrawal, credit card purchase, interest credit, etc. It’s my first line of defense. If I don’t recognize any transaction, I go online and check out its particulars. (Note, I never follow a link in a text or email—it might be a phishing attack. I always access the applicable website directly through my browser.)

I’ve caught stolen credit card numbers minutes after the crooks made their first purchase and worked with the credit card fraud department to catch the thieves. A store once entered duplicate charges, which I spotted and had them immediately correct. I even noticed that a restaurant put through a $.10 tip when I had intended a $10.00 tip and corrected that mistake.

Yes, I get more emails and texts than I otherwise would, and this doesn’t stop theft, but it takes very little time for me to verify the transactions, and it limits the damage of a breach. Besides the extra peace of mind the alerts provide, catching a problem early saves time and aggravation straightening out the bad charges. As a bonus, the criminals get very little reward for their time.

Freeze Your Credit. Consider the second step of freezing your credit. I say consider because freezing your credit is a great idea to stop fraud, but it comes with potential inconvenience. Freezing your credit means the company cannot release your credit information. If someone steals your identity and tries to set up a credit card in your name, the issuing entity won’t approve the application because they want to see your credit first. Each of the three major credit reporting agencies, Equifax, TransUnion, and Experian, has a process that allows you to freeze your credit. It’s free to both freeze and unfreeze your credit, but it takes some effort.

The disadvantage occurs because many transactions that require setting up a new account require a credit check. Want a new cell phone line—credit check. Want a store credit card—credit check. Mortgage—credit check. Leasing a new car—credit check. Applying for a new job—credit check. When I moved from Savannah to Madison, I unfroze my credit for a fixed period—long enough for me to set up the gas, electric, internet, etc. accounts—and then it automatically refroze. With a one-off—say you apply for a new credit card—the credit agencies can issue one-time permission for an institution you identify to check your credit during a short window.

It can be a bit of a pain, and it can delay a purchase process, but if you can put up with the hassles, freezing credit provides a strong block to any bad guys setting up fraudulent accounts in your name. [NOTE: at least some of the credit bureaus have set up a premium service to “Lock” and “Unlock” your account that accomplishes the same effects as freezing, for which they will charge money. These plans offer an easier way to lock and unlock your credit reports and provide additional monitoring reports. I haven’t analyzed the specifics of those programs because those benefits are not worth it to me. However, if you think you’ll need to frequently freeze and unfreeze your accounts, you might want to consider them.]

In future posts, I’ll discuss other ways to keep yourself financially safe in an unsecure world.

*****

James M. Jackson authors the Seamus McCree series. Full of mystery and suspense, these thrillers explore financial crimes, family relationships, and what happens when they mix. False Bottom, the sixth novel in the series—this one set in the Boston area—is now available. You can sign up for his newsletter and find more information about Jim and his books at https://jamesmjackson.com.

Thursday, August 1, 2019

A Debit Card Scam

Each of us has our preferred method of paying for things like pizza delivery. Some prefer cash, some credit cards, others debit cards, and a growing number use their smart phones. I’m leery about using a debit card that allows anyone direct access to my bank and only use them to get cash from an ATM. I rarely use cash, don’t trust my phone, and use credit cards with rewards whenever I can, paying off the balance each month. Which makes me a bit of a dinosaur.

If you use debit cards, make sure the cards never leave your sight. This cautionary tale comes from the Toronto, Canada area and involves pizza delivery.

You order your pizza and it arrives on time. You pay with a debit card and there’s a problem with the machine or the driver “left the machine in his car.” He’s apologetic and courteous. “Happens all the time.” He takes your card back to his car where the transaction goes through fine.

Except, the only transaction that happens is the driver takes your debit card and gives you back one that looks the same but is a fake. They leave not to deliver another pizza, but to the nearest ATM to remove money from your bank account.

The “beauty” of this scheme is the “driver” isn’t the real pizza driver. He’s an entrepreneurial scam artist willing to invest a little money in the scheme. He intercepts the driver before the pizza gets to your door, pays for your pizza, and delivers it to you in the hope you’ll fall for his debit card swindle. If you pay in cash, the scam artist is just out his time—although he might collect a tip.

It might be pizza in Toronto or a salesclerk in a convenience store in Oshkosh; the key to preventing this kind of debit card fraud is to never let the card out of your sight.

* * * * *

James M. Jackson authors the Seamus McCree series. Full of mystery and suspense, these thrillers explore financial crimes, family relationships, and what happens when they mix. False Bottom, the sixth novel in the series—this one set in the Boston area—is now available. You can sign up for his newsletter and find more information about Jim and his books athttps://jamesmjackson.com.