Financial institutions (banks, credit card companies, title companies, brokerage firms, RIAs, etc) all take multiple steps to safeguard client monies. However, the one vulnerability none of these institutions can mitigate is the client themselves being the source of data breach. The basic method identity thieves use to begin hijacking personal data is getting the client to innocently give up information via an email, a phone call, a survey response or through a computer hack when the client accesses the internet via an unsecured network.
We use the word “begin” because most identity theft is not a one time event, but most frequently a long term strategy to aggregate data for larger financial gain. Once the initial bit of information is accessed (a password, an email hack, a laptop clone) the identity theft industry starts mining for incremental snippets of data (a birthday, a social security number, a login ID) to build a virtual resume of your financial profile.
Most people have common sense to be wary of a potential hoax; “if it’s too good to be true, it probably is!” or some such reminder we all learned as children. However, individuals need to recognize the identity theft industry is continuously and creatively evolving in the pursuit of your money. Multiple regulatory agencies including SIFMA and FINRA have tips available for protecting your financial data. Here are a few:
- Use Strong Passwords and PINs (Personal Identification Number) and Keep Them Secret. Use strong passwords and PINs that contain both numbers and letters and, if allowed, symbols. Do not share your passwords or PINs with others, and do not store them on your computer. If you need to write them down, store your list in a secure, private place. You should change your passwords and PINs regularly and use a different password and PIN for each of your accounts. There are many free cloud-based services that can serve to store your various passwords such as OneLogin, ZohoVault, and LastPass.
- Maintain Your Computer Security. Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must if you engage in online financial transactions. Make sure your computer has up-to-date security software, including security patches, that the software is configured for automatic updates, and that the software is always turned on. For laptops, be sure to use encryption software. Computer hardware and software providers also maintain security pages on their websites with tips for checking and improving the security of your system. The main operating systems by Windows, Apple and Google all have such features. Again, make sure the software is regularly updated.
- Use Your Own Computer. It is generally safer to access your online financial accounts from your own computer or device. Don’t use public computers to access your financial accounts. Public computers may contain software that captures passwords and PINs, providing that information to others at your expense. If you do use another computer, be sure to delete your “Temporary Internet Files” or “Cache” and clear all of your “History” after you log off your account. You should occasionally check to make sure that no one else has attached any device or added programs to your computer without your knowledge or consent. Consult the Help function on your browser and operating system to learn how to delete this information.
- Log Out Completely. Always click the “log out” button to terminate your access to your online financial firm’s website. Access may not be terminated if you simply close or minimize your browser or type in a new Web address when you’re done using your online account. Other users of the computer might be able to re-enter the site and have access to your account online if you do not properly log out. You also potentially expose yourself to “session stealing” if you have multiple Web pages open while logged on to your financial account. Avoid multi-tasking on multiple Web pages when checking your financial accounts online—or, if you must visit another site, use a different type of browser rather than opening another window.
- Be Prudent When Using Wireless Connections. Unsecured wi-fi connections do not provide as much security as either wired Internet connections, encrypted wireless networks or your mobile carrier’s cellular data connections. Many hotspots—wireless networks in public areas like airports, hotels, and restaurants—reduce their security settings so it is easier for individuals to access and use these wireless networks. This increases the possibility that someone may intercept your information. You may decide that accessing your online financial account through a wireless connection is not worth the security risk. If you use your own wireless network, make certain you secure the network with wireless encryption. Most cellular plans offer “Personal Hot-Spot” options where you can use your own cell phone’s cellular encrypted network and create a secure wireless link your laptop can use.
- Use Apps Wisely. If you use apps on mobile devices to access your financial accounts, be sure to password-protect your device—and make sure you select the highest security setting that the app offers.
- Check for Secure Websites. When accessing your financial account online, check to ensure the login page indicates it is a secure site. The address of a secure website connection starts with “https” instead of just “http” and has a key or closed padlock in the status bar (which typically appears in the lower right-hand corner of your screen). When you click on the padlock, the security certificate should confirm the identity of the site you are visiting. In Microsoft Internet Explorer 7, look for the address bar to turn green.
- Be Careful Downloading. When you download a program or file from an unknown source, you risk loading malicious software programs on your computer. Download software only from sites you know. Be wary of free software because it can be accompanied by other software such as spyware. Do not install software unless you know what it is and what it does and do not click on links in pop-up windows. Using anti-spyware software helps protect you from such programs. Remember: The more you download, the greater the odds you’re providing an access point for nefarious software.
- Don’t Respond to Emails Requesting Personal Information. Legitimate companies will not ask you to provide or verify sensitive information through email. If your financial institution actually needs personal information from you or your statement, call the company yourself—using the number in your files or on your statement, not the one the email provides! Do not respond to emails, such as “phishing” emails, seeking your password, PIN, or other personal information. Note: the IRS, US Treasury and Social Security Administration NEVER call individuals requesting verification of data or personal information.
- Read Your Statements. Read all your monthly account statements (bank, brokerage, credit card, etc.) thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made or authorized. Check to see whether all of the transactions that you thought you made appear as well. Be sure that your financial services firm has current contact information for you, including your mailing address and email address. If you see a mistake on your statement or do not receive a statement, contact your financial institution or credit card issuer immediately and follow-up in writing, where necessary.
- Secure Your Confidential Documents. Keep all your financial documents in a secure place, and be careful how you dispose of any documents with financial or other confidential information. Shred documents that have confidential financial or identification information before throwing them away.
Any financial institution serious about cyber-security will have resources to assist individuals protect their data. For the curious, more comprehensive terms and examples can be found in Schwab’s Fraud Encyclopedia.