Identity Theft Basics

The holidays are coming, and chances are good that your credit card will get a workout. As you fork over your payment information to yet another retailer, it’s worth asking: Have I done all I can to cut my risk of identity theft?

If you’re not sure if you can answer that question affirmatively, or if you’re simply unclear about the risks identity theft really poses, read on.

We’ll cover the basics of identity theft, including what types are most common, the potential impact, and how you can reduce your chances of having personal information stolen. We’ll also discuss whether it’s worth it to fork over the cash for identity-theft and credit-monitoring services, and what you should do if you suspect you’ve already been a victim.

Lending Partner
Basic Plan
Premium Plan
  • Identity Guard
    Basic Plan
    Premium Plan
  • Discover® Identity Theft Protection
    Basic Plan
    Premium Plan
  • Identity Force
    Basic Plan
    Premium Plan
  • LifeLock
    Basic Plan
    Premium Plan

What is identity theft?

Any time someone uses your personal information without your knowledge, it’s identity theft. They could be stealing a wide range of data for a variety of purposes:

  • Financial information such as your credit card number and bank account numbers is a common target. Identity thieves can sell this information online to others for a tidy profit.
  • Basic personal information including your name, address, birthday, and Social Security number can help an identity thief apply for loans, bank accounts, and credit cards in your name. It can also ease the process of using your financial data to make fraudulent purchases. Some thieves may even use your data to apply for jobs, rent an apartment, or file fraudulent tax returns.
  • Insurance data and medical records can help an identity thief get expensive medical care in your name, leaving you on the hook for the bill.
  • Your child’s personal information is especially attractive to thieves because children don’t use their own Social Security numbers very frequently until adulthood.

In 2015, identity theft has been a particularly notable crime because of several high-profile data breaches. Target, eBay, Anthem, Home Depot, and JPMorgan all suffered massive breaches in the past year that left hundreds of millions of customers vulnerable.

Tax-related fraud is exploding, too, and was No. 1 on the list of identity theft complaints made to the Federal Trade Commission in 2014.

What kind of identity theft should I worry about most?

By a wide margin, the most common kind of identity theft in 2014 was misuse of a credit card or bank account, according to the Bureau of Justice Statistics (BJS). This problem affected a staggering 86% percent of identity theft victims.

In contrast, only about 4% of victims had more complex cases where their personal information was stolen in an attempt to open new accounts or commit other fraud.

Though no one should discount the threat of identity theft, this news should help you breathe a little easier. That’s because credit-card and bank account misuse is typically the easiest kind of identity theft to remedy.

You can fairly easily get a new card or account, and your financial liability is often limited. While the BJS says two-thirds of identity theft victims reported a direct financial loss, only 14% actually had to pay anything out of pocket. Moreover, 54% of victims of this kind of identity theft were able to resolve problems in no more than a day, according to the BJS.

Here’s why the impact of this crime is often blunted:

  • Federal law limits your liability for any unauthorized credit card transactions to $50, and you won’t have to pay anything if you report a card or card number stolen before it’s used.
  • If your debit card or ATM card number is used without your authorization, the rules aren’t as favorable. While you’re not liable for anything over $50 within a couple of days, you could pay up to $500 if more than two days pass between the time you learn of a loss or theft and the time you report it. Wait more than 60 days, and you’re liable for everything.
  • If you notice unauthorized charges in your bank account, contact your bank’s fraud department as soon as possible to dispute them. You may need to sign an affidavit as part of the bank’s investigation, but you’ll likely get your money back.

The scarier, worst-case-scenario identity theft occurs when someone uses a broad range of your personal information to apply for new accounts, or when you’re a victim of multiple kinds of identity theft — again, usually when someone has your name, birth date, and Social Security number — for more than one fraudulent activity.

It takes longer to resolve these cases: Only 36% of new-account fraud victims could resolve the incident in less than a day, according to the BJS. Just shy of 10% of victims had to spend more than a month cleaning up the mess.

What’s more, the longer the incident dragged on, the more likely they were to “experience problems with work and personal relationships and severe emotional distress.” And victims in these complex cases were subject to deeper out-of-pocket financial losses, too.

You might be worried about the other financial and legal problems identity theft can cause. For instance, it could impact your credit score, leading to higher interest rates and a tougher time being approved for new accounts. Maybe debt collectors will come knocking.

Victims of more serious identity-theft cases suffered these problems at a rate of 13% to 14%, the BJS reports, but that drops to just 2% to 3% for victims of simple account misuse.

Identity Theft Protection: What Should I Do to Safeguard My Data?

Identity theft remains is a real problem. Statistically, however, your risk of extreme financial loss remains relatively small.

How, then, do you protect yourself from identity theft without going overboard? Here are some common-sense measures you can take:

  • Shop smart online. Don’t use a shared public computer or an unsecured public WiFi connection for online shopping and banking: You never know who’s watching.
  • Make sure your home network is secure. Protect your network with the highest level of security your router allows, such as WPA2 encryption. Set up a firewall and invest in some security software to scan for malware and viruses.
  • Be vigilant with PINs, passwords, and other digital verification methods. Use different passwords and PINs across accounts, and make sure they contain letters, numbers, and symbols so they aren’t easy to guess. Enable your phone’s auto-lock feature, and see whether you can reset your phone remotely if it’s lost or stolen.
  • Check your accounts for suspicious activity regularly. While the majority of identity-theft victims were alerted by their bank or credit card company that something was amiss, you can’t rely on a fraud alert to catch everything. Request your free credit report every year via and check it carefully for any signs of fraud.
  • Speaking of alerts, sign up for them. Your bank can automatically alert you of a wide range of transactions, including purchases over a certain amount, ATM withdrawals, and international transactions. These can be your first tip-off that something’s amiss.
  • Shred paper documents with personal data. It certainly sounds old-school in this digital age, but one of the most common ways an enterprising thief can swipe sensitive information is right out of your garbage bin. Be sure to shred any papers with personal data before trashing them.
  • Don’t give out any personal information in response to unsolicited requests. No, an out-of-the-blue email from an African prince is not going to make you rich. No, you shouldn’t fork over your personal information to claim a prize in a drawing you never entered. And no, your bank will not ask you to verify your Social Security number and account information over email. Be very skeptical of any unsolicited requests for information, even from sources that appear legitimate — it’s easy for scammers to pose as your bank or some other trusted institution.

What about paid identity-theft and credit-monitoring services?

Services such as LifeLock promise to swiftly detect identity theft, alert you, and help guide you as you repair the situation.

We’ve reviewed the major credit-monitoring and identity-theft protection services, and you can see our recommendations in The Best Credit Monitoring Service. But note that while we think those services are the best in the industry, we don’t think most people need to invest in one of them.

Why? There are several reasons:

  • These services cannot actually “protect” you from identity theft: All they can do is monitor your credit reports, bank accounts, public records, and other sources to alert you after the fact.
  • In the majority of identity theft cases, your financial losses aren’t that great: As we mentioned above, only 14% of identity-theft victims suffered any out-of-pocket financial losses — and half of those who did lost less than $99. In contrast, you’ll spend a minimum of $10 a month, or $120 a year, for the least expensive plan with most credit monitoring services. The price doubles or triples for more fully-featured plans.
  • You probably don’t need identity theft insurance. A big selling point of these services is that they offer up to $1 million in identity theft insurance. But as Consumer Reports notes, you’re often already protected by federal law or your own homeowners or renters insurance.
  • You can remedy most cases of identity theft yourself: One feature of identity-theft and credit-monitoring services is an expert who helps you remedy the identity theft once it’s occurred. Again, for the vast majority of victims, there’s no need to pay for something you can do easily enough by yourself. According to the BJS, more than half of victims could resolve their cases in a day or less.
  • You’ll have to be vigilant about free trials: While most services have a free trial, you’ll be charged automatically if you don’t cancel within a specified period. Always read the fine print.

Services such as LifeLock are probably worthwhile in the most severe identity-theft cases, but remember that only 4% of cases could be classified as such, according to the BJS.

Since there’s no way to predict whether you’ll be among that unlucky minority, you can probably forgo these services — unless the peace of mind is worth a premium.

I’m Already a Victim of Identity Theft — What Should I Do?

If you suspect a case of identity theft, take a deep breath: Chances are good that you’ll be able to resolve things relatively quickly and painlessly. Follow the steps below to start making things right.

1. Notify your bank or credit card company

If you think a credit card or bank account number has been stolen, call your financial institution as soon as possible and talk to their fraud department.

You’ll probably have to flag all unauthorized charges so they can be reversed, and the bank or credit card company may open an investigation and require you to sign an affidavit. If you get a new account or credit card number, make sure you switch over any affected automatic payments.

2. Put a fraud alert — and maybe a freeze — on your credit report

Contact one of the major credit bureaus (Equifax, Transunion, and Experian) to place a fraud alert on your credit report — they will automatically notify the other two. This alert lasts 90 days and requires any potential creditors to verify your identity before extending credit.

If you’re a victim in a more serious case of identity theft, you may also be able to freeze your credit so that access is severely restricted — just note that you’ll have to lift it to allow any legitimate creditors access to your information.

3. Alert the authorities

First, file a complaint with the Federal Trade Commission here. Print and save the affidavit that your complaint generates. Then, file a police report. Send proof of both the FTC complaint and police report to the three major credit bureaus if you’d like to extend your fraud alert from its initial 90 days to seven years.

Keep the documents in a safe place in case any company seeks proof that your identity was stolen before reversing fraudulent charges.

4. Tackle any other fraudulent accounts

If unauthorized accounts were opened in your name, contact the fraud departments of each business. Ask them to close the accounts.

You may have to send your FTC affidavit and police report, or fill out a special form. Request proof that the account has been closed due to fraud and keep it for your records.

5. Continue to monitor your credit report

Once you have an FTC complaint and police report, the credit bureaus must honor your request to remove fraudulent information. You can still dispute fraudulent information without these documents, but the bureaus aren’t required to remove it, according to the FTC.

For more complex cases of identity theft, including tax fraud, child identity theft, and medical identity theft, follow the recommendations outlined at the FTC’s site.

When Thinking About Identity Theft, Perspective Is Key

Alarming statistics about identity theft are a dime a dozen. So are frightening stories about criminals who can drain your bank account, obtain a mortgage, or leave you on the hook for felonies you haven’t committed.

While serious cases of identity theft happen every day, you’re far more likely to find a funky charge on an existing account, and you probably won’t have to pay much, if anything — or spend more than a day — to remedy the situation.

If you are truly concerned, you can look into credit and identity theft monitoring services such as LifeLock or ADT Identity Theft Protection, but beware of their limitations, discussed above.

To learn more, check out some of The Simple Dollar’s past articles on identity theft:

Saundra Latham

Contributing Writer

Saundra Latham is a personal finance writer and editor. Her work has appeared in The Simple Dollar, Business Insider, USA Today, The Motley Fool, Livestrong and elsewhere.