Fair Credit Law Group, LLC

• Home Page
•  » Resources
•  » Guarding Against Online Identity Theft

Guarding Against Online Identity Theft

By Kristin Edelhauser

As the online shopping season kicks into high gear, our experts show you how to protect yourself and your site against identity theft.



'Tis the season for eggnog, mistletoe and…cyber crooks? It's unfortunate, but as consumers become more comfortable with online shopping, cyber crooks are getting better about finding newer, sneakier ways to trick them into passing on personal information for their own gain.

According to the Electronics Retailing Association, consumers are expected to spend more than $24.3 billion online this holiday season--that’s double-digit growth from last year’s numbers. But as Christopher Faulkner, CEO of CI Host, a Dallas-based web hosting and website management company points out, with the onset of Cyber Monday on November 27--the kickoff to the online shopping season--cyber crooks are more than ready to pounce on online consumers.

Unfortunately, it's simply the nature of the season that has cyber crooks drooling over the increased opportunities for theft. As Todd Davis, CEO of ID theft prevention company LifeLock in Tempe, Arizona, says, there are simply too many large purchases coming through this time of year for credit card companies to be as vigilant as they normally are. "During the holiday season, thieves know they can put more on a card without being caught." According to Davis, 40 percent of all annual instances of identity theft occurs between November 15 and December 31.

So what's a consumer to do? Be proactive. A good first step, Davis says, is to place a fraud alert on your credit report prior to becoming a victim. "Placing a fraud alert with the major credit bureaus--Equifax, Experian and TransUnion--is a great frontline of defense." By doing this, Davis explains, any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.

The LifeLock CEO is so confident in fraud alerts that he was willing to give us his Social Security number for this article. "I want people to understand, number one, your information's out there. The idea that you're going to hide it is impossible." But by placing a fraud alert on your credit report, Davis believes consumers can stop identity theft from occurring altogether. (If you decide to do this, understand that you need to re-issue a fraud alert every 90 days, unless you've already reported an identity theft to the credit bureaus, in which case the fraud alert lasts for seven years.)

Placing a fraud alert on your credit report is just a first step. Here are four more ways you can avoid unsafe transactions as you spread holiday cheer:

• Before you provide any personal information online, always check to see that the padlock at the top or bottom of your browser is closed and locked.
• The webpage address you're doing online business with should begin with "https:"--this means that a secure connection has been established. The main home page of the site may not have "https:", but once you begin entering any personal information on a separate page, it should appear in the browser.
• Check the site you're on for any third-party verification devices, such as VeriSign, TRUSTe or the Better Business Bureau. Also check for contact information. Be cautious of any sites that don't offer a phone number.
• If a site asks you if you'd like to keep your credit card information on file for future use, say no--this could be unsafe if a cyber crook were to hack into the retailer's database. Instead, provide your card number with each purchase you make.

If you do happen to fall victim to identity theft this holiday season, here are the top five steps our experts recommend you follow:

• Call the three major credit bureaus to place a fraud alert on your credit reports. This will prevent an identity thief from opening any new accounts under your name.
• Shut down the credit card account you believe has been tampered with so the credit card company can cancel your card, reverse the charges and get a new card out to you as soon as possible. And don't panic: During the holidays, credit card companies are usually quick to re-issue a new card overnight.
• File a local police report. You'll need multiple copies of the report to send to creditors to prove you've been a victim of identity theft.
• File a complaint with the FTC. It's important that you log any occurrence of identity theft with this agency.
• Pull copies of your credit periodically to check for new fraudulent charges. Once your information's out there, it can be resold multiple times, so it's a good idea to regularly check your credit report, especially during the first year after you discover the identity theft. For more detailed information from the FTC on what procedures to follow if you become a victim, visit their identity theft site.

As a business owner, you want to do all you can to protect your online customers and make them feel secure when they shop on your site. If you operate a retail website, here's some expert advice on how to help make your site safer for your holiday shoppers:

• Set up a secure website. Set up firewalls and SSL encryption, and get third-party verification from a company like VeriSign or TRUSTe. "VeriSign is probably the best for transaction verification," says Davis, "while websites like TRUSTe are extremely good for making sure your site isn't hackable."
• Scan your website for vulnerabilities. Faulkner recommends using a company like ScanAlert to scan your website for intrusion points where people can penetrate your security and get in behind the scenes of your site and into your database.
• Post your privacy policy very clearly on your website, usually in the footer at the bottom of the page. "Your privacy policy should contain information on what kind of data you're collecting, how you're going to collect it, how you're going to store it, and if you're going to sell it to third parties," Faulkner says. "More importantly, I've seen a lot of merchants now updating those privacy policies with what types of security measures they're taking to store that data."

It's time to protect your rights with an experienced attorney, not a paralegal.

Se Habla Español