Last week I sent a concerned e-letter to my subscriber list about Irma. While we were watching, waiting, windblown, or waterlogged, and now millions managing without power, another type of crisis happened digitally with a data breach at Equifax.
I am as concerned about this event as I was about a hurricane.
My uber-brilliant colleague Ken Weingarten, CFP®, MBA of New Jersey (Weingarten and Associates website) crafted a very well thought-out opinion on what we should do in response. I am shamelessly copying his entire letter to his clients, because I don’t think I can improve on it.
Thank you, Ken!
The recent hack of the Equifax database has caused quite a bit of legitimate concern about our personal financial information. Many of our clients are wondering what, if anything we should do about this. We need to understand the risks involved when the ‘bad guys’ get a hold of our personal information. Identity theft can take many forms: applying for a credit card, filing a fraudulent tax return, applying for a driver’s license, and a few other things that we would hope would never happen to us. These risks are real and we need to be cognizant of them, but not necessarily fearful if we take prudent precautions to protect ourselves. We also must admit that no matter what we do, the hackers are going to keep coming and we all need to stay vigilant in monitoring our own information as much as possible. Heck, if Equifax cannot keep our personal information safe, who can? My response is to simply stay as vigilant as possible.
So, what to do? First, and foremost you should consider a credit freeze with all three credit bureaus. Here is a link to an article that discusses this topic with a few other tips. I should note here that if you freeze your credit you will have to temporarily unfreeze your credit whenever you apply for a loan of any type. It can be a bit of a hassle, but this hassle seems a lot milder than dealing with a fully identity theft issue.
Second, I am sure many are wondering about signing up for the free credit monitoring that Equifax is offering. I tend to agree with Clark Howard’s opinion on this one. There has been some discussion about a limitation on one’s ability to join a class-action lawsuit against Equifax, but that is not the case. I will likely sign up for Credit Karma myself once my current free monitoring ends as a result of a T-Mobile hack a while back!
Third, while credit monitoring is certainly important, you can do your own monitoring to a large degree by checking your free credit report at www.annualcreditreport.com. Every four months I send out a reminder to check your annual credit report from each of the three credit bureaus. (If you do one every four months, then you are taking full advantage of the once/year you are allow to obtain your credit report.)
On this same topic, you should also set-up alerts on your credit card for any purchase over a certain dollar amount. I’ve been using $50 to trigger an e-mail to let me know my card was used, but I’m thinking of lowering that threshold now. If you do not mind getting an alert for each charge, then lower the threshold to $1. Also, make sure you are using a chip and pin credit card at retailers. Finally, consider using cash at gas stations. We are pretty sure we had our card number stolen once before at a gas station and now use cash only at gas stations.
Fourth, you can set-up similar alerts on your bank accounts. Any money in/out of our bank accounts triggers an e-mail to me.
Fifth, you should monitor your investment accounts for any suspicious activity. We all receive statements either monthly or quarterly for our various accounts. You should at least take a moment and review the ‘activity’ section of these statements to ensure there were no distributions from your account that was unexpected. For our clients with accounts at TD you receive a letter in the mail whenever a distribution occurs. You also receive e-mail notifications letting you know that your monthly statements are available to view on the TD client web site. Also, any time money moves in or out of your accounts, I receive an e-mail alert. So, for clients of Weingarten Associates, you have an extra set of eyes on things. Finally, TD Ameritrade has proven in at least one situation recently that they have strong risk control procedures in place. We had an incident where a ‘bad guy’ was attempting a distribution from a client account and the folks at TD were able to determine that the person on the other end of the line was not the person they pretended to be! I’ve attached a document from TD Ameritrade with all sorts of good advice as well as information on their Asset Protection Guarantee. (Clients: please read that!)
Sixth, you should not send personally identifiable information through an unsecured e-mail. We have provided our clients with a secure portal to upload documents and you should use this at all times for sending us anything that is sensitive.
Seventh, you should limit writing checks. We never write checks any more. Rather we use our bank’s online bill pay now. Here is an article that goes into more depth on this topic.
The above is not meant to be comprehensive as there is probably no way to be truly comprehensive at this point. The most important thought I can leave you with is to be vigilant in monitoring your bank, investment, and credit cards. Be vigilant about how you handle your own information online and whom you respond to via e-mail. If an e-mail looks suspicious, it probably is. Only reply to people you know. If you receive an attachment that looks suspicious, delete the e-mail right away.
I hope this message provides at least a few nuggets of useful information going forward. Feel free to reach out via e-mail if you have additional questions.
If you would like to become a subscriber to Holly’s e-letter, “View From the Porch,” click here , scroll to the bottom, and type in your email address. New subscribers receive a coupon for a free e-book, “How Does Your Money Flow?”