The news of cyber vulnerabilities and retailer hacks seems never ending. This past week, another major fast food chain, Jimmy Johns, announced a data breach and possible loss of consumer payment information. Other recent big breaches include Target and Home Depot. Then came news of another security bug, “Bash” aka “Shellshock”, endangering the security of many websites. To help you protect your financial information in the digital age, I compiled a list of financial best practices and some recommendations for keeping yourself safe:
Credit versus Debit:
To protect yourself from fraud, ditch your debit card and stick with credit. Debit cards do not come with the same consumer protections as credit, even if the debit card carries a Visa or MasterCard logo. If your bank issues a debit card for ATM access, request an ATM only card that cannot be used in stores or do not carry the card unless you plan to make a cash withdrawal from an ATM.
Credit Monitoring and ID Theft Insurance? Generally I do not recommend these products. Credit monitoring only alerts you of suspicious activity. You can do this yourself by checking your credit regularly (a service we provide for our clients). As for insurance, you are not generally liable for fraudulent activity. Therefore, ID theft insurance is covering only out-of-pocket costs for fighting fraud. Insurance does not compensate for the aggravation and your time, only actual costs such as postage.
A more effective way to prevent fraudulent accounts from being established in your name is to freeze your credit with each of the three credit reporting agencies. Here is a guide offered by Financial Radio Personality, Clark Howard: Clark Howard Credit Freeze and Thaw Guide
Keep in mind that freezing your credit has its own downsides. Applying for or opening new credit will require work on your part to “thaw” your file. Also, some identify verification services rely on your credit file. Without access, you may not be able to validate yourself online.
Paper versus Electronic account statements:
Let’s face it, paper statements are just as vulnerable as electronic. Use whichever format you prefer and the one that you will be more likely to review promptly. Reviewing statements is your best defense against unauthorized activity.
Paper Statements can get lost in the mail and potential thieves can steal from your mailbox. Best practice would be to have a locked Post Office box to receive financial mail and never mail anything sensitive except through a locked mail collection box (Blue USPS Mailbox).
For electronic statements, do not count on your financial institution to retain digital records forever. Download them to a local (secure) computer and back them up regularly. Consider automating your computer backups with a system such as Mozy, Carbonite, or Box.com.
Use a secure, unique password for each financial website. Make your password long (12 or more characters) with combinations of upper and lowercase, numbers and symbols. When possible, enable two-step verification. This will require a separate authentication when a website is accessed from an unrecognized or new device. The two-step verification works because an access code is sent in a text message to your phone or in an email. The code is required to access your account in addition to the usual password, and thieves don’t have access to your phone or email from their device.
Consider a password manager system to generate and store your passwords. I use a system called LastPass. I only need to memorize one password, and LastPass can store all the rest. However, make sure your master password is very secure and change it often.
Shopping and Banking Online:
Only access financial information from your own devices and only if you have up-to-date security software with real time protection. Public computers or those used by others (e.g. in hotels or internet cafes) may have spyware or key loggers trying to capture passwords and other secure data.
Reputable institutions will not call you to request verification of non-public information (Social Security Numbers, Account Numbers, etc). Calls such as these are most likely scams. If you get a call requesting this type of information, hang up and call back the institution with a number you know to be real such as the phone number on the back of a credit card or website. In addition, the IRS almost never calls taxpayers, especially as first contact. Any notices regarding your returns will be by a letter sent through the US Postal Service.
Have any more tips? Leave a comment with your thoughts or suggestions.