An exterior photograph of a Target store in Martinsburg, Virginia.
Attention Target and Neiman Marcus shoppers. If you got a security breach notice, you’d best take it seriously. The latest comprehensive study on identity fraud found that the threat of a crook using your stolen data has soared.
If your data had been stolen three years ago, you only had about a 10 percent chance of falling prey to identity thief. Today, one-third of those who are affected by a security breach become victims of identity theft, according to Javelin Strategy and Research, which has done comprehensive annual studies of identity theft since 2006.
If your debit card information was stolen, the chance is even higher – 46 percent of consumers with a breached debit card in 2013 became fraud victims in the same year, according to the Javelin study.
Worse, the risk is not isolated to fraudulent charges being made on the card that was lost. Increasingly, identity fraud is moving to “account takeovers” where the crook will change the address, password or phone number on anything and everything from your utility bills to your PayPal account, running up charges while locking you out.
And one successful fraud can spread like a cancer for two reasons. First, U.S. industry relies heavily on “knowledge-based verification,” says Steve Schwartz, president at Identity Guard, an ID theft monitoring service. And the knowledge that serves as a key to your account is frequently the type of information that’s shared openly on social media sites like Facebook. For instance, your bank’s security questions might be the name of your best friend; your dog; your favorite book or song. Sound familiar?
Secondly, if a criminal is able to hack in and nab one password, they may have the keys to the rest of your password-protected accounts, including your eBay, Amazon, email and bank accounts, too. The reason? As you open more online accounts that require passwords, it becomes increasingly difficult to keep track of them all, so we humans respond by using one password for everything. Thus, if you can figure out the password to someone’s email account and you may have the key to their credit card and banking relationships too.
What can you do to protect yourself?
First, if you were a victim of a security breach and were offered free account monitoring, take it. This will take some of the onus for meticulously monitoring your accounts off of your shoulders. But make sure you continue watching your accounts even after the free monitoring period expires.
Also consider putting a fraud alert – or even a credit freeze – on your credit file. The fraud alert requires companies to contact you before opening a new account in your name. A credit freeze stops anyone (including you) from opening a new account based on your credit file. The freeze is obviously a severe course, but may be appropriate for those who have no immediate need for additional credit. The fraud alert, meanwhile, is temporary but can at least make you a less attractive victim by making it inconvenient for a criminal to take over your credit identity.
Choose your passwords carefully and make sure that they're not all the same.
It is also important to pay attention to the type of data you’re sharing publicly. Your close friends know your favorite song. The rest of the world doesn’t need to. Take it off your Facebook account, or review your privacy settings to make sure that data isn’t going out to any crook who might be tempted to focus on you out of the millions of consumers in their vast database of stolen information.
Opt in for two-factor authentication, where possible. In many cases, your bank will offer the option of being contacted via email or text anytime there’s movement in your account. That gives you the ability to monitor fraudulent activity in real time and stop it before it gets out of control.
Finally, ask for an identifier that’s not linked to your Social Security number, suggests Al Pascual, senior analyst of security risk and fraud at Javelin. The vast majority of banks and credit card companies use your Social Security number is a primary identifier, allowing anyone with this number access to your account. But Social Security numbers are too easily stolen, he says. Ask to block your SSN as a form of identification and set up something that is known only to you.
© 2014 CBS Interactive Inc.. All Rights Reserved.