A few weeks ago, the IRS informed me that someone had filed a federal tax return for last year in my name and claimed a tax refund. In my case, the fraud have been discovered and IRS had not yet paid the bogus refund, as they apparently have for several hundred thousand or so other fraudulent filings. My real tax refund, tiny though it was, arrived unimpeded a few days later.
The way the scam basically works is that the criminal gathers enough of your personal financial data to electronically file a 1040-EZ and claim a tax return. The IRS is working with the electronic tax return filing industry to put better safeguards in place.
My wife freaked out when she heard. I didn’t. The difference was in our expectations.
“Some criminal has our Social Security number!” she pleaded.
“True,” I replied, “but it’s safe to assume that it’s been out there for quite a while."
News stories appear almost daily about massive security breaches. This one at the IRS. A few weeks ago it was the bank that issued my credit card. Target’s database was compromised by criminals gaining access through their HVAC service company. There’s a really good chance that your financial data has also been compromised and, at any rate, it’s safest to assume that it has been.
If ID thieves had rubbed a magic lamp in the mid-twentieth century and had been offered one wish, it would have been "tie every individual American's sensitive financial information to their Social Security number forever." Unfortunately for the rest of us, they didn't need a lamp.
A website called Information is Beautiful justifies its claim by organizing a history of major breaches in this fabulous display. See any merchants or websites there that you have used?
This brings up an important point. We worry that someone will access our home computers, tablets or smart phones and steal our financial data. While that is possible, it’s a lot easier to get our financial data by stealing millions at a time from Target than it is to sit around a coffee shop waiting for someone to log onto their bank account. The latter is actually a lot easier to protect against, and why pick up crumbs when the entire delicious cake is right there for the taking?
While the IRS works on ways to prevent fraudulent returns, there are some steps that retirees (or anyone, really) can take to secure their credit. I placed a freeze on credit reports at the three credit agencies, Experian, Trans Union and Equifax. Now, no one can use these agencies to approve loans or open new credit accounts in my name or my wife’s without my knowledge. The cost of placing, removing and replacing a credit freeze varies by state law, but there are exceptions for free credit freezes for seniors, minors, documented ID theft victims, etc.
The Federal Trade Commission explains how to place a freeze here.
Be sure to freeze the credit of both spouses!
There are valid considerations for not freezing your credit, as explained in this post by Consumer Reports. If you take out new car loans or apply for credit cards, you will need to remove the freeze and that can take several days. As the Consumer Reports article mentions, it may be easiest to find out which credit agency your car dealer uses and temporarily lift the freeze at only that agency for only that dealer (or a few).
My household's days of applying for new credit cards is long past and unfreezing my credit a few days before I buy a car every few years isn’t a burden compared to the peace of mind the freeze brings. And if having to unfreeze credit a few days before buying a car stops one of my relatives (you know who you are) from continuing to trade cars on impulse so he or she can later wallow in buyer's remorse, all the better.
Freezing our accounts included the unexpected opportunity to request that the agencies never again allow my credit history to be accessed by someone offering pre-authorized credit cards. This should cut by junk mail problem in half.
Another possible solution is to use an “Identity Theft Protection Plan” like the ones reviewed in this Huffington Post article entitled, "Do Identity Theft Protection Services Work?"
Most are not free, although when major breaches occur like the one at Target, the breached company frequently offers a year of such a service free to their customers who may have been exposed. To make my point, I currently have three such services monitoring my credit paid for by three different companies that "may" have offered up my personal credit information to hackers.
A credit freeze protects us from thieves opening new accounts but it doesn’t protect existing accounts. ID Theft services supposedly cover both. Fortunately, most credit cards and debit cards don’t hold us responsible for fraud if we report it in a timely manner. Debit cards, however, can handle the response to fraud claims in a less convenient manner than credit cards.
And lastly, I recommend that you assume your private and sensitive financial information has already been hacked. Even if it hasn’t been, you’re safer assuming that is has.