The latest massive data breach at Equifax demonstrates the need to be vigilant about keeping your accounts secure, something that we’ve advised about from time to time. If you’ve already locked your credit, the Equifax breach, as disheartening as it seems, should be significantly less threatening than for those who are unprepared. If you would like to read more about how to protect your personal identify, both online and in general, please read our Identity Theft and Internet Security Newsletter from June 2014.
Here is our summary of best steps to protect against fallout from the Equifax breach and from future data breaches (there will surely be more):
Check whether your data was compromised and, if so, take Equifax up on their offer of free services to monitor and protect your sensitive personal information. Go to https://www.equifaxsecurity2017.com/ to begin the process. Once you are entered into their system, it will take a few days for the request to be processed. At first, it seemed you would need to waive claims against them, but that is no longer the case. You also don’t have to give them any credit card information. Once registered in the “TrustedID Premier,” system you’ll have access to the following free services:
- Equifax credit report
- 3 bureau credit file monitoring
- Equifax credit report lock
- Social Security number monitoring
Lock/Freeze your credit (MOST IMPORTANT).
This is a simple thing to do, and is the most robust way to protect your credit (and unauthorized access to your credit). By locking/freezing your credit (explained more fully below) with all three credit reporting agencies, you ensure that no one can access your credit using your Social Security number. A bank, credit union, credit card company, department store, or cell phone company looking to confirm your credit on a new account will be unable to do so and thus should refuse the account.
This does mean that accessing your credit for authorized purposes will be harder than before. However, for most people, having your credit inaccessible is not a hindrance. If the need for a credit report should arise (you want to open a new credit card, get an auto loan, etc.), you can place a temporary lift on the lock/freeze in order to give an authorized agent access to your credit report.
There is a slight difference between locking and freezing your credit (the different is when and how you are able to “lift” or “unlock” the report). The differences are easily explained here: https://www.transunion.com/credit-freeze/place-credit-freeze2
How do you freeze/lock your credit? Please follow the web addresses listed below to each of the credit reporting agencies and freeze/lock your credit. It is likely that a charge of $10-$15 will apply to each credit agency for each Social Security number (although many will waive this fee for persons over age 65). Please note that the three bureau monitoring through Equifax’s TrustedID Premier service will allow you to lock your credit with Equifax, but will not lock it with the other bureaus; you must contact them separately.
Use unique passwords in the places where you do business and on your email.
Not all passwords are created equal. Clearly one of the biggest ways to protect yourself is to use numerous, complicated and not duplicative passwords. Try to use as many characters, numbers and symbols as possible – best practice may be to use a sentence as your password. For example: Itravel2Europey$arly. In this example, we replaced letters with symbols and used numbers as well. Since many websites will send you an email to reset your password, your email password should be your most complicated and longest (at least 16 characters).
Enroll in two-factor or one-time password protection.
A one-time-password (OTP) token is a common method for what’s known as two-factor or multi-factor authentication. It provides you with a single-use numeric password that you use in addition to your usual password when logging into your account(s). These single-use passwords protect the security of your accounts, even if someone else has correctly guessed your existing login ID and password.
Schwab now offers soft token code delivery via a mobile app, giving you the option to leverage your existing smartphone instead of a physical token. Please contact a Schwab Alliance directly to enroll (800-515-2157).
Consider activating voice ID or including a verbal password (only available at some institutions).
For example, voice ID enables Schwab to authenticate you simply by having you say the phrase “At Schwab my voice is my password.” Visit com/VoiceID or call Schwab at 800-515-2157 to learn more about this service.
Again at Schwab, a verbal password provides an additional level of security when dealing with Schwab over the phone. If you add a verbal password to each of your account(s), that verbal password will be the primary authentication that Schwab requests before discussing the account or accepting any verbal account transaction instructions over the phone.
Check your recent transactions for any suspicious activity.
Equifax believes the breach occurred between May and July. Once you institute two-factor or verbal password authentication, the risk of unlawful access should diminish markedly, but it’s smart to check that no one accessed your accounts since May using the simple identifiers (Social Security Number; date of birth) possibly obtained in the data breach.