President/General Counsel of Cherry Creek Title Services, Inc.
Agent of Commonwealth/Fidelity and First American
A credit freeze is a very effective and free tool to avoid being a victim of identity fraud. It costs nothing; lasts for seven years, and you can release it temporarily or even just for the benefit of one prospective creditor. And, you don’t need to have been a prior victim of credit fraud and provide a police report to qualify for a freeze. You will need to add the freeze separately to the three major credit bureaus: Equifax, Transunion and Experian. Just go to their respective websites.
For your credit card accounts, set-up your profile so you get text messages and/or emails every time a charge is placed on your account. This way you know immediately if your card has been compromised and can contact the credit card company to freeze that card from any further charges. You aren’t responsible for fraudulent charges, but it’s a lot easier to have just 1 or 2 that you instantly stop than wait until the end of a billing cycle and discover dozens of fraudulent charges amounting to several thousand dollars. Plus, you’re giving the credit card company/merchant services company immediate notice and an opportunity to make the decision whether they’ll absorb the loss or pass it on to the merchant.
I recommend using soft or hard tokens for any of your financial accounts that offer them. A hard token is a small physical device that generates a random number which changes continually. Most change every 60 seconds. To access your brokerage account, bank account, etc., you must enter the number on the token in addition to your password. A soft token is a code sent to you via text message or through an app that you enter along with your password. Tokens make it extremely difficult for a fraudster to gain access to your financial accounts. Get in the habit of looking daily at all of your financial accounts online. I recommend buying an inexpensive extra computer like a Chromebook that you never use for email nor to surf any sites on the internet other than just your known financial account sites. Malware typically infects your computer via email attachments and malicious websites. By having a separate computer that is NEVER used for email nor for searching the web, you eliminate the opportunity for malware to invade your computer and steal your financial information.
Regarding your personal checking account, use a computer based program like Quicken and reconcile your bank account daily. It only takes a few minutes, and that will enable you to see any fraudulent checks or ACH debits immediately so you can take immediate action with your bank. FDIC covers you on your personal account. Buy secure checks for personal or business accounts that cannot be washed. I use Safechecks based in California, but other companies such as Intuit sell secure checks. Pay as many bills as possible through your credit card and via ACH payments minimizing your check activity. For those that still hand write their checks, besides using secure checks, fill them out with a Uniball 207 pen.
A business account doesn’t have FDIC coverage so you should add positive pay to your business accounts. It allows you to inform the bank, typically via an upload of an .xls or .csv file, of the checks you write so that any items that you haven’t pre-authorized become exception items. You then have typically until around 2:00 p.m. to reject them from being paid. On your business account, you’ll want to add ACH filters or blocks; wire blocks (at least an international one if you send wires), dual authentification, a soft or hard token to send and verify wires; and clean computers dedicated solely to wires and financial matters that you lock up when not in use. Sit down with your banker at least once a year to discuss your account security features and new products and procedures your bank offers to keep your money secure. Lock up your checks and your financial computers since fraudsters often garner their information from people working on office cleaning crews. They switch keyboards so they can monitor keystrokes to procure your passwords; access your USB ports to install malware, steal checks, etc.
If you have an entity such as a corporation or LLC in Colorado, for no cost, you can secure your entity by procuring password-only access from the Secretary of State. If your entity is based in another state, make sure it either already requires a password or see if you can add one. The password makes it far more difficult for a fraudster to file any documents regarding your entity. Business identity fraud exists, and that’s why the state offers the ability to secure your entity.
Cross-cut shred anything financial or with your name, social, account numbers etc. I read about fraud activity regularly, and much of it still originates with the theft of information procured from your trash or from your outgoing mail containing checks. They either wash the stolen checks or print up new checks in your name with the MICR line information (routing and account number) they steal off your check. So only send your mail through a secure mailbox. Most neighborhoods have mail stations with locked outgoing mailboxes as do most office buildings. If you have to, go to the post office.
On your non-secure computers, add an anti-malware program such as Malware Bytes and an anti-virus software program such as AVG. Image your computer once a month on a portable drive. I back up my personal and business computers daily both to the cloud and also to another drive. I run windows defender in windows 10. I back up my QuickBooks and Quicken files plus key spread sheets on a thumb drive daily. Open no email attachments unless you’re positive you know where it originated, and I recommend never answering your phone if you don’t know the caller. People still get duped all the time into providing confidential information or even making payments by fraudsters posing as the IRS or one of your financial accounts. The IRS and your bank will never call you seeking such information or payments. Most fraudsters won’t be leaving you voice mail when you fail to answer their call.
Regarding email accounts, for all your email activity that contains any confidential or non-public information, do not use a public email account such as Gmail. I pay $55.00 per month for 10 email accounts hosted by a secure email server that filters out spam emails and emails containing malicious content. I send my personal email through Comcast and use Gmail accounts for those I don’t wish to have my primary personal email information.
I recommend storing your password and account information on a password protected spreadsheet, and of course, make them complex and change them regularly.
This article is intended for educational purposes only and not as legal advice. You can also view dozens of educational videos on the Cherry Creek Title Services’ YouTube Channel.