Background Information and Resources
Identity Crime Risk Categories
Tax Refund Identity Theft
When someone files a bogus tax refund in your name through the IRS or a state or local agency, you may encounter long delays in waiting for your legitimate refund as well as in restoring your identity. Learn more from the IRS
New Financial Credit Account
Identity criminals use personal information to open new credit card, loan, or even mortgage accounts, and then conduct unauthorized transactions. These crimes often go undetected for an extended period of time, extending losses.
New Financial Deposit Account
Identity criminals use personal information to open new deposit accounts at banks, credit unions, investment firms, and involve bogus deposits at some point in the process. These crimes in checking, savings, share draft, money market or other accounts often go undetected for significant time, extending losses.
Existing Credit Card Account
Misuse of an existing credit card is the most common form of identity fraud. Credit card companies generally cover all losses, yet the average victim can suffer out-of-pocket costs of time and money if crimes are not detected and reported to meet stated requirements.
Existing Financial Account (other than credit card)
Identity criminals misuse existing financial accounts through methods beyond credit cards, such as through debit cards, checks, Internet payments, or brokerage accounts. While less common than existing account credit card fraud, average per-victim losses are also tend to be higher.
Phone or Utilities
Identity criminals create or takeover phone accounts or even utilities accounts to avoid paying for valuable services. They also target phone accounts because other providers (such as financial institutions) sometimes rely on them to verify identities, and when this happens losses can mount.
Evading the Law
While less common, identity criminals may assume another’s identity in order to avoid incarceration, perhaps because their own identity record is tarnished with prior criminal activity.
Employment or Wage-Related
While less common, individuals may assume another’s identity in order to obtain gainful employment, perhaps because their own identity record is tarnished by undesirable activity.
Medical ID Theft or Privacy
New or existing medical account fraud can enable identity criminals to obtain money, prescriptions for medications with street value, or medical treatment, all in the name of the legitimate identity-holder. While generally expected to be less common, these crimes can lead to substantial out-of-pocket costs of time and money, and other harms. Learn more from the FTC
Identity criminals can obtain government services or payments, for example to obtain official documents such as a driver’s license or passport and all the privileges that they enable. When extensive personal data–including existing government documents–are breached, risk is heightened.
Other Existing Account Misuse
This category include almost any of the less-common crimes identity criminals sometimes commit, such as obtaining unauthorized access to video or music services, taking over email accounts, converting loyalty rewards into cash or other valuables, and almost anything else imaginable.
Frequently-Discussed Victim Actions
Set fraud alerts
Fraud alerts are free for identity theft victims, and when you request one through a credit bureau they will also notify the other two large credit bureaus on your behalf. Fraud alerts instruct companies who are considering opening new accounts on your behalf to take greater precaution than they normally would. Learn more from the FTC
Freeze your credit
Have your payment card reissued
If your card was breached and then used for fraud, call your bank and have it reissued. If fraud hasn’t been discovered, you still might want to ask your bank, credit union, or other card issuer about getting it reissued. No matter what, if your card data was compromised it is more important than ever to monitor account activity more frequently, including signing up for alerts and reviewing statement details.
Notify banks/others of breach
If your identity records were reported as breached, tell your most sensitive providers–starting with banks, credit unions, and other payment account issuers–right away. Most have the ability to watch your activity more closely, to stop potential fraudulent more effectively.
Setup two-factor authentication
Two-factor authentication goes beyond simple log-in names or passwords, relying on a second method such as a secret message or code sent to your phone in order to make life things harder on identity criminals. While two-factor authentication might slow you just slightly when you log in to your most important accounts, it’s also much more likely to stop identity criminals from getting in altogether.
Change all affected or similar passwords
If your account credentials were compromised, immediately change the password (even if it was a complex and unique one). In addition, change the password for every other one of your accounts that uses a similar password, because identity criminals know that many people use the same or similar passwords at multiple accounts.
Use unique and strong passwords
If your account credentials were compromised, it’s even more important to start using stronger passwords for every account. Best practices include using a password manager, or memorize a method of changing the password for every site to include at least 8 characters, upper and lower case letters, numbers, and no words or numbers found in a dictionary or commonly associated with you (for instance, don’t choose a family member or pet’s name, because criminals have grown accustomed to expecting this).
File your taxes as soon as possible
When you’re the first person to file for your tax refund, identity criminals can’t nab any money that’s owed to you first. If a data breach of credentials such as your Social Security number or income information has raised your risk of tax refund identity theft, it’s more important than ever to file your taxes as soon as possible.
Request an IRS PIN (Personal Identity Number)
While IRS PINs are only available on a very limited basis–to filers in FL, GA, DC, or those who meet other strict IRS eligibility requirements, they add an important authentication layer to those who are authorized to obtain them.
Report lost or stolen ID to the agency that issued it
If your were informed that your official identity document or related information–such as a driver’s license or passport–was exposed, inform the agency that issued it right away. They should be able to explain options for replacement and other available safety precautions.
Lookout for social engineering
When your contact information is exposed–such as a phone number and either email or street address–you’re more likely to be contacted by identity criminals who will pretend to represent a trusted authority such as your financial institution, the IRS, medical firm, or law enforcement. Identity criminals using this method often start the conversation by alarming you that there’s a security problem, and then provide some personal data in order to gain your trust and ask for even more private data. Many of the payment card data breaches in the ITRC database also exposed a phone number or email address, which can cause an identity criminal to turn to social engineering once the card issuer has blocked the card from further use. If you comply with the identity criminal’s request, you’ll be on the likely path to being a fraud victim soon after.
Buy new account monitoring
A few of the many available commercial identity protection services tap into bank-owned data networks that go beyond credit monitoring to inform you if someone has attempted to open a new financial deposit account in your name. If Breach Clarity indicates high risk of new financial deposit account fraud and you’re deciding which identity protection service to buy, look for this specific feature.
Setup advanced account controls
Financial institutions (and a few others) increasingly provide advanced account security features that partner with you to make life harder for identity criminals. Examples include allowing you to prevent certain types of transactions, such as those in certain countries, for particular types of merchants, or over a particular dollar amount. Check with your bank, credit union, card issuer, or investment firm to learn more.
Buy public records scanning service
If your sensitive records were exposed, they may be used to open accounts or conduct transactions that must be publicly reported, such as a legal action or transaction conducted in your name without your knowledge. Some commercial identity protection services scan a large amount of public records on a recurring basis to spot activity you might otherwise not be able to detect.
Buy P2P (peer-to-peer) network scanning service
If your sensitive records were exposed, they may be used to open accounts or conduct transactions that are only viewable on P2P sites used by criminals to transact or dump such data. Commercial identity protection services can sometimes find records on P2P sites that you might otherwise not have access to.
Buy internet scanning service
If a breach causes you to be at increased risk of ID fraud, it can be more more important to identify where your other sensitive data are already available–which could be combined with your breach records to conduct fraud in your name. Commercial identity protection services scan parts of the Internet where your personal data might already be available online.
Monitor account activity
Monitoring account activity is even more important after a data breach increases the risk of existing account fraud. Breach Clarity attempts to tell you which types of accounts have the highest risk of fraud, so you can focus there first. While financial institutions and other types of account providers offer account monitoring for free, a few commercial identity protection providers also include methods that may consolidate activity for all accounts into a single place where you might be more likely to see everything at a single glance.
Set up account activity alerts
While everyone should sign up for mobile or other alerts as a way to detect possible fraud, it’s even more important after a breach. Account alerts are getting better and more common all the time, so don’t overlook this important safety tool. Once you set up account alerts, plan on having to adjust them a few times to strike the right balance, so you neither ignore them nor fail to get enough of the right alerts that allow you to partner with your financial or other providers to stop an identity criminal before fraudulent charges in your accounts start to add up. Account alerts are also a great way to stay on top of your finances.
Get free credit reports
Monitoring credit activity regularly can spot potential fraudulent opening of new accounts or even misuse of an account that you haven’t used in awhile. You’re entitled to one free credit report from each of the three top bureaus (Equifax, Experian, and TransUnion) each year through the Federally-mandated annualcreditreport.com site. Your financial provider may now directly offer credit report information as well, along with other online third-parties such as CreditKarma and NerdWallet.
Buy credit monitoring service
Commercial credit monitoring services can provide ongoing review of activity potentially conducted in your name through just one credit bureau (which is good) or all three of the major bureaus (which is much more complete!). Credit monitoring can spot potential fraudulent opening of new credit accounts or even misuse of a credit account that you haven’t used in awhile. Many also have the advantage of sending you updates based on ongoing credit usage, rather than relying on you to check in with them, or only providing one update per year. Credit monitoring is often bundled in as part of an overall commercial ‘identity protection’ service, to offer other potentially important safety features.
Get expert resolution advice (available for free)
Because it can be complicated to resolve identity misuse, expert advice can be helpful. Breach Clarity’s non-profit partner The Identity Theft Resource Center offers free advice to all victims of data breaches or identity fraud.
Buy expert resolution help (with Power Of Attorney)
Some commercial identity protection services also offer the ability to take over the task of resolving any potential fraud or other misuse, by having you sign a legal power of attorney that gives them the legal authority to act on your behalf. Certain types of fraud can take more time and expertise to resolve–such as tax refund, new financial or medical–and this is where expert resolution services that utilize a power of attorney can work with financial institutions, tax authorities, medical firms, and more on your behalf.
User commercial services offered by the breached organization
Surprisingly, most people who are notified of a data breach and offered commercial services fail to take advantage them. Don’t make this mistake, and instead take advantage of any commercial identity protection services offered by a breached entity. Don’t stop there though, because no service offers assurance of protection against the increased risks of fraud created by data compromise. Review all the action steps recommended by Breach Clarity, some of which you can only do yourself.
Buy family/child 'identity protection’
Some breached organizations extend commercial identity protection to family members who also had their private data exposed, which can be important to prevent identity harms with children, seniors, or other family dependents. Because child identity theft can be debilitating and can take years to detect, don’t overlook the value of child or family identity protection.