Peter Dazeley/Getty Images
If the news last month about a data breach impacting 500 million Yahoo user accounts sent you scrambling to check your credit report for signs of fraud, you’re not alone.
More than half of all U.S. adults say they personally checked their report after hearing about past security breaches, a new Bankrate Money Pulse survey finds, while two-thirds say they started monitoring their financial accounts more closely.
As identity fraud increases, employing smart financial habits directed at thwarting would-be fraudsters remains important. The number of fraud victims increased by 3% in 2015 to its second highest level in 6 years, according to statistics from Javelin Strategy & Research.
In all, 41 million U.S. adults have had their identities stolen, according to Bankrate’s survey, and another 49 million indicate they know someone who has been affected.
“We’re all paying for this type of fraud,” says Axton Betz-Hamilton, an identity theft expert and assistant professor of consumer studies at Eastern Illinois University in Charleston.
When banks and credit card companies write off fraudulent loans, they recoup those losses through higher interest rates, she says.
One victim’s story
Victims may pay an even higher price.
It took Betz-Hamilton, who discovered in 2001 her identity had been used to open fraudulent credit card accounts, 8 years to get all of the negative marks removed from her credit reports. Those bad loans and collections notices drove her credit score down to 380. (FICO scores range from 300 to 850.)
“The first thing I did was call my mom,” Betz-Hamilton, then a college sophomore, says. “I was crying. I told her I’d never own a home. I’d never own a car.”
In fact, Betz-Hamilton did eventually purchase a car, but had to settle for an annual percentage rate of 18.22% on her auto loan. Her first credit card carried an APR of 29.95%.
Find a low-interest credit card today.
In 2013, Betz-Hamilton finally learned who had stolen her identity: her mother.
Shortly after Pamela Betz’s death, Betz-Hamilton’s father discovered hidden among his wife’s possessions statements for fraudulent accounts. Not only had the woman stolen her daughter’s identity, she stole that of Betz-Hamilton’s father and grandfather, as well.
“Right after Mom passed away, I think Dad and I were going through the standard stages of grief,” she says. “After discovering this, the grief stopped and it hasn’t ever started again.”
In all, Pamela Betz took out 4 credit cards in her daughter’s name beginning as early as 1993, when Betz-Hamilton was 13 years old. By the time Betz-Hamilton caught the fraud, her credit report contained 10 pages of accounts and debts sent to collection.
Her mother stopped the fraud only after she couldn’t open any more accounts.
“My credit score was so bad, my identity couldn’t be used anymore,” she says.
How to protect yourself
Just as there’s nothing Betz-Hamilton could have done to prevent her identity from being stolen, there’s little you can do to prevent something like the Yahoo breach from happening.
“We’re not going to be able to stop these acts,” says Steven Grossman, vice president of strategy and enablement at Bay Dynamics, a San Francisco-based cyber risk analytics company.
But you can do things to protect yourself from ID theft, including:
- Regularly shredding unnecessary documents containing sensitive information.
- Checking your credit reports regularly.
- Requesting a credit freeze.
- Avoiding doing banking or other sensitive business on unsecured Wi-Fi networks that do not require a password.
We’re better at some of these behaviors than we are at others. The Bankrate survey found 71% of adults indicate they shred sensitive documents, for example, and 61% say they avoid using an unsecure Wi-Fi connection. But just 18% have ever requested a credit freeze.
“I think that’s another example of convenience versus security,” Grossman says. “It’s certainly a great thing to do, but it’s an inconvenient thing to do.”
When you freeze your credit, you keep potential creditors from seeing your report and, more importantly, ensure that no one can open a new line of credit in your name until the freeze is lifted.
Freezing your credit is free through the major credit bureaus if you can document you’re a victim of ID theft. Otherwise you’ll have to pay a fee.
Betz-Hamilton now keeps her credit frozen, and says the process to unfreeze your credit when you need to access it – like when buying a house, for example, — is “pretty streamlined.”
“I think it’s a great thing at all times, especially with all of these data breaches,” she says.
One other thing you should do, particularly in light of the Yahoo breach: Change your passwords and security answers and questions, says Benjamin Caudill, co-founder and principal consultant at Rhino Security Labs in Seattle. And make sure you create different passwords for each of the sites you regularly visit.
This is pretty standard advice anytime another major data breach hits the news, but it’s also advice many people don’t heed. The Bankrate survey found more than one-quarter of U.S. adults use either exactly the same or mostly the same passwords for their online accounts.
Caudill says he’s not optimistic the Yahoo breach, in which email addresses, encrypted passwords and sometimes unencrypted security questions and answers were stolen, will change consumer behavior.
People often think, “‘That’s a risk I’m willing to accept,'” Caudill says.
CARD SEARCH: Compare credit card offers today.
Methodology: Bankrate’s Money Pulse survey was conducted Sept. 15-18, 2016, by Princeton Survey Research Associates International with a nationally representative sample of 1,000 adults living in the continental U.S. Telephone interviews were conducted in English and Spanish by landline (500) and cellphone (500, including 316 without a landline phone). Statistical results are weighted to correct known demographic discrepancies. The margin of sampling error is plus or minus 3.8 percentage points for the complete set of data.