A few years back one of our California clients experienced a data breach at their local bank and became increasingly concerned about making sure their assets were protected from potential identity thieves. These particular clients have English accents and it would be hard to impersonate one of them on the phone, but in any event we developed a special password between us to provide absolute certainty that they were who they said they were. Of course, in the digital age, it is much easier for someone to pretend to be much older or younger and assume a completely different identity. Identity thieves have found that it is much easier to infiltrate accounts when the financial relationship is more digital and less personal, but it has been determined that most theft of this type occurs in close proximity or even the same household.
Roommates, co-workers and family members with access to personal identification and email logins can most easily take advantage of these items. Please make sure that whenever possible, financial transactions are confirmed verbally. Doing business on the internet without multiple authentications, security questions or personal filters has grown increasingly dangerous. We would encourage everyone to be especially diligent and request notifications anytime addresses are changed, emails are updated or ACH profiles for additional bank accounts are added to financial profiles.
From May through July, hackers exploited a website vulnerability at Equifax, one of the major consumer credit reporting agencies. If you have a credit report, there is a chance your sensitive and personal information including Social Security numbers, birth dates, addresses, and driver's license numbers, may have fallen into the wrong hands. The stolen information could be used in tandem with passwords taken from other databases to commit financial crimes against you, reported a source cited by Consumer Reports. The Federal Trade Commission also has created a blog on this topic for those who wish to learn more at www.consumer.ftc.gov .
Here are eight steps to take to help protect your assets and credit:
- Find out if you were affected. From a secure computer or encrypted network connection, go to the Equifax website, www.equifaxsecurity2017.com. Scroll down and click on 'Potential Impact.' You will be asked to provide your last name and the last six digits of your Social Security number.
- Enroll in TrustedID Premier. If your data has been breached, Equifax will offer enrollment in TrustedID Premier. The program provides up to $1 million in ID theft insurance, Social Security Number Scanning, 3-bureau credit file monitoring, and the option to freeze your Equifax credit report.
- Place a fraud alert or credit freeze on your other credit reports. Experian, TransUnion, and Innovis also provide credit reporting services. Contact each of the companies to place an alert or a freeze on your credit report:
* A fraud alert warns both current and prospective lenders they must take reasonable steps to verify your identity before providing credit. When you're a victim of ID theft, an alert can be put in place for up to seven years.
* A credit freeze is different. It restricts access to your credit report. If you request a freeze, the credit agency will send a letter with a personal ID number (PIN). Keep the PIN in a safe place. You'll need it to unfreeze your accounts, according to the Federal Trade Commission.
- Change your passwords. Create new passwords for online banking, brokerage, and financial accounts. Each account should have a unique password. Best practices suggest passwords have 12 to 14 characters.
You may want to consider using a password management application. They're designed to store and retrieve passwords so you can keep track of multiple long, unique password combinations without security issues like storing passwords improperly or failing to remember them.
- Activate two-factor authentication. Two-factor authentication provides an additional layer of security for email and other accounts. After you enter your user ID and password, you'll be asked for a code to verify your identity. You can have the account provider text a code to your phone, although that creates vulnerability if your phone is stolen. A better option may be to download an authenticator app so you can generate your own code.
- Beware email links. Some fraud attempts are obvious: text or email from a Nigerian prince or an update request from a financial institution where you don't have an account. Others may be more difficult to spot. As a rule of thumb, if you receive an email with a link requesting you update or make changes to a financial account, don't click on it. Call the financial institution or go directly to its website to make any changes.
- Keep an eye on your accounts. Check bank, brokerage, and other financial statements for suspicious transactions. If you find unauthorized activity, report it to the institution and the proper authorities.
- Join us and learn more on October 3rd. We will be hosting Pat Egen, cybersecurity expert to talk about how to more effectively protect yourself and loved ones from hacks and identity theft. Please feel free to call us at (423) 870-2140 for more information.
Joe D. Franklin, CFP is Founder and President of Franklin Wealth Management, and CEO of Innovative Advisory Partners, a registered investment advisory firm in Hixson, Tennessee. A 20+year industry veteran, he contributes guest articles for Money Magazine and authors the Franklin Backstage Pass blog. Joe has also been featured in the Wall Street Journal, Kiplinger's Magazine, USA Today and other publications.
Important Disclosure Information for the "Backstage Pass" Blog
Please remember that past performance may not be indicative of future results. Indexes are unmanaged and cannot be invested into directly. Index returns do not reflect fees, expenses, or sales charges. Index performance is not indicative of the performance of any investments. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Franklin Wealth Management), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Franklin Wealth Management. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Franklin Wealth Management is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of Franklin Wealth Management’s current written disclosure statement discussing our advisory services and fees is available for review upon request