Identity theft is an ever-increasing threat given the level of sophistication and organization of today's criminals. But, unless you’ve been a victim yourself, it’s easy to shrug it off. “Not my problem,” right? According to our most recent survey, however, chances are you may already be a victim of identity theft.
In light of the growing number and overall severity of data breaches, FinanceBuzz surveyed 1,400 U.S. adults to learn about individual experiences with identity theft. And the results are pretty remarkable.
We asked a number of questions that would give us a better understanding of how widespread identity theft is, which activities could have led to it occurring in the first place, and what people are doing (or not doing) to protect themselves.
Here’s what we found.
- 60% of the surveyed U.S. adults have had a fraudulent charge show up on a credit card or debit card, and 63% of respondents said they spotted the charge first, not their bank.
- More than a third of respondents said they've never used a credit monitoring service (36%) or requested a free copy of their credit report (34%). More than two-thirds have never frozen their credit report (67%).
- When it comes to online security, 64% of respondents admit to writing down their online passwords, and 80% say they reuse a password on multiple sites despite the security risk. Only 15% have used a password management tool in the past month.
- 75% said that someone stealing funds electronically from their bank account is equally bad or worse than having someone steal from their home.
- 1 in 5 (20%) report giving personal information over the phone to a scammer.
You’re more likely to be a victim than not
Identity thieves are always on the hunt for easy access to people’s personal information — and, unfortunately, these criminals are relentless. Despite the efforts of companies to strengthen their fraud detection and prevention, identity thieves continue to try to steal your sensitive information. Often, they’re succeeding.
According to our survey, 60% of the Americans surveyed report having had fraudulent charges show up on their credit cards or debit cards.
Most surprising, though, was that more than 63% of these victims report having found this fraudulent activity themselves; their banks or credit card issuers were not the first to spot it.
Although this may suggest people are regularly checking their statements and account activity — which more than 68% of respondents claim to have done within the last month — it raises the question: how effective are banks at alerting you to suspicious activity?
A Juniper Research report on online payment fraud found that spending on online fraud detection and prevention by banks and other companies would increase to $9.3 billion by 2022. That’s an increase of 22% from when the report was issued in 2017.
Of course, not all the responsibility can be placed on the companies we choose to do business with, which is why it’s great to see that more people are reviewing their accounts than not. But, although regular account auditing is useful for spotting potential identity theft, reviewing your accounts is a reactive measure and doesn’t protect you against fraud occurring in the first place. And the numbers speak for themselves — the majority of U.S. adults responding to our survey have indeed fallen victim to identity theft in some form.
So what are they doing about it — and what should they be doing?
People are worried, but worry isn’t changing their behavior
Security breaches are costing U.S. consumers $19.4 billion of their own money. There are a variety of tools and security measures made available that can help combat this, but many of these tools just aren’t being utilized by enough people. Here are some of the places where we are making mistakes when it comes to protecting our identities:
Overlooking credit monitoring
U.S. consumers appear reluctant to take the appropriate actions to spot identity theft, let alone prevent it from happening in the first place.
Our survey found that more than 1/3 (34%) of people have never requested a free copy of their credit report. Every one of us is entitled to an annual free credit report from each of the three major credit bureaus — Experian, Equifax, and TransUnion. Credit reports can often be the first indicator that you’re a victim of identity theft. Regularly checking your report allows you to find names you don’t recognize, accounts that aren’t yours, and Social Security numbers that don’t belong to you. If you spot errors or signs of identity theft, you can then take steps to address them.
Furthermore, credit monitoring services make it easier than ever to passively stay on top of your credit. Credit Karma provides free credit monitoring, and many credit card issuers provide this service to their customers as well. However, according to our survey, more than 1/3 of Americans (36%) report having never used a credit monitoring service.
It’s important to not only monitor your own credit report, but also that of your child(ren) if you are a parent. In our survey, 5% of respondents claim their child’s identity had been stolen.
Practicing poor password management
Poor password management remains a top threat to data security, according to the 2019 Verizon Data Breach Investigations Report (DBIR). Our survey finds that 80% of Americans have reused a password across multiple websites, and 20% have never changed their passwords on banking websites.
Although using simple passwords and reusing the same passwords on unimportant sites might seem okay to do, you should take a different approach to handling passwords on sites with sensitive information. Password managers such as LastPass and Dashlane use generators to assign complex passwords to any individual website, and then allow you to encrypt and store those passwords online so you don’t have to remember them or write them down. Although this can help combat the issue of poor password management, nearly 69% of respondents report they’ve never used a password manager and 64% said they have written their passwords down.
Given the nature of a password manager, you might expect these programs would be a target for identity thieves. So you might question whether keeping all your passwords in one place is the best idea. However, password managers use a number of security measures to protect your stored passwords. At the end of the day, strong encryption algorithms and multifactor authentication are safer than writing down and reusing the same password over and over again.
Proactive steps you can take to prevent identity theft
Credit monitoring, checking your credit report, and reviewing your bank and credit card statements are all reactive measures — meaning, they will help you spot identity theft after it has already taken place.
So what can you do today to make it less likely that you’re a victim tomorrow?
- Secure your internet connection (especially in public). 34% of our survey respondents report that they have shopped online using public Wi-Fi within the last month. If you ever use public Wi-Fi, the biggest mistake you can make is not using a virtual private network (VPN). A VPN allows you to create a secure connection to another network, shielding your browsing activity and maintaining your data security from prying eyes. If you’re visiting a website on which you’re transmitting sensitive information, even something as simple as shopping online, it should be done on a private Wi-Fi connection such as a VPN to ensure your payment information stays protected.
- Don’t share your credit card number or PIN. 28% of our survey respondents said they’re worried about a friend or relative using their identity or personal information without their knowledge. Although only 16% said they’ve shared their credit card number or PIN with family or friends within the last year, the point is this information should be kept to yourself. It’s called a personal identification number for a reason.
- Be mindful of your passwords. What happens if an identity thief obtains the one password you use across all websites and accounts? Protecting your sensitive information can start with a strong password, but it shouldn’t be the same password every time.
- Use fraud alerts. If you’re a victim of identity theft or want an added measure of security, you can ask any of the three major credit bureaus to place a fraud alert on your credit report. A fraud alert is a notice placed on your file that alerts credit card companies and other potential lenders that you may have been a victim of fraud. This encourages those looking at your report to take additional steps to verify your identity before extending new credit. That credit bureau is also required to tell the other two agencies to do the same as well. This will make it harder for identity thieves to open new accounts in your name. Fraud alerts are free and an initial alert lasts one year. If you are a victim of identity theft, you may also consider placing an extended fraud alert (which lasts seven years) or freezing your credit entirely.
Most common types of fraud
Despite the fact that the majority of respondents claim to have been the victim of identity theft, there is a silver lining: the most common type of identity theft experienced was stolen or used credit card information.
Although no form of identity theft is ideal, under federal law, your responsibility for unauthorized charges on a credit card is limited to $50 — you just have to dispute the fraudulent charge within 60 days after the first bill with the error was delivered to you. If you report a lost or stolen credit card before it’s used, you are not responsible for any unauthorized charges.
In addition to the legal limits of your liability for unauthorized use of your credit card, several credit card issuers provide a $0 fraud liability policy. In other words, these card issuers guarantee you’ll never be held responsible for account activity that is deemed fraudulent.
Debit card fraud isn’t as forgiving, and this type of fraud was found to be the second-most common type of identity theft experienced by our survey respondents. Although they are protected under the Electronic Fund Transfer Act (EFTA), consumers face more liability when it comes to unauthorized charges on their account when using a debit card, depending on how quickly they report it.
In order to be held to the same $50 maximum loss, you need to report a lost or stolen debit card or fraudulent transfer within two business days of learning about the loss or theft. After two days, but less than 60 days after your statement is sent to you, your maximum loss jumps to $500. After 60 days, there’s no limit to the losses you can be held responsible for.
Would you rather…
As a part of our survey, we posed a dilemma to find out whether people viewed electronic theft to be worse than someone breaking into their house to steal money.
Surprisingly, 75% said someone stealing funds electronically from their bank account is equally bad or worse than having someone steal from their home. Although this may come as a surprise at first, it makes sense. Whereas a break-in tends to be an isolated incident, identity theft can carry on for years.
According to a report issued by the Identity Theft Resource Center, “[T]he emotional ramifications of identity crimes continue to leave victims negatively impacted well beyond the initial incident, impacting how they manage their daily lives in perpetuity.” So, although someone might not be physically touching your belongings, it doesn't mean that theft has less of an impact on you. Victims in the study reported feeling powerless, betrayed, and violated, while also dealing with physical consequences, such as issues with their sleep habits, increased stress levels, and even persistent headaches.
Financially, what you can lose electronically is often greater as well. You probably don't have a lot of cash lying around your home, but the value of your electronic information is plentiful. And if you were a victim of burglary, your homeowners or renters insurance might help you replace stolen items. But, unless you have a service such as LifeLock, you probably don’t have insurance for identity theft.
Other identity theft scams to watch out for
Criminals employ a variety of methods to steal your sensitive information. Although some may be more effective than others, you can be susceptible to any of them if you don't know what to watch out for.
Aside from the massive data breaches that can expose your information, here are some other scams to be aware of:
Credit card or debit card skimming is a type of theft in which criminals use a small device to steal your card information during an otherwise legitimate transaction. The device is designed to blend in and is placed on top of real card readers at gas station pumps, ATMs, etc. This device reads the magnetic strip on your card, storing the card number in the process. Although the number of cards compromised via skimming jumped more than 500% in 2015, 2016 saw only a 70% increase, and 2017 only 10%, according to FICO.
Although this suggests the problem is being better handled, the next time you go to insert your card, you might still want to inspect the card reader for signs of tampering. Skimmers are meant to be removed, so if a card reader feels loose, you may have found a skimmer. Alternatively, if you know an establishment, ATM, or gas pump is at risk of being manipulated, you could avoid it altogether. This can include secluded ATMs or poorly lit gas pumps. According to our survey, nearly 57% of respondents have avoided using certain ATMs, gas pumps, or retail establishments for fear of skimming.
1 in 5 (20%) of our survey respondents said they have given out personal information over the phone, only to later find out it was a scam.
Phone scammers employ a number of tactics to try to steal your money or personal information: making false promises on opportunities for investments; pretending to be from a government agency and threatening you with jail or lawsuits if you don’t pay them; or telling you that you’ve been selected for an offer or have won a lottery. Government agencies don’t act this way, and if a situation sounds too good to be true, it probably is. If this happens to you, hang up, block the number, and report it at ftc.gov/complaint.
FinanceBuzz surveyed 1,400 U.S. adults using the Pollfish platform. The survey was conducted between Jan. 31 - Feb. 4, 2020.