I’ve been hearing and reading a lot about how identity theft and identity fraud are the fastest growing crime in America. That doesn’t become “real” until you get hit by identity theft yourself. And I did, just two days ago.
According to a 2017 study by Javelin Strategy & Research, 15.4 million Americans were hit by identity theft in 2016. It’s an increase of 2 million over 2015. That represents 6.15% of the US adult population.
Count me among the afflicted for 2017.
How I Got Hit by Identity Theft
My story takes place on the Saturday after Thanksgiving. An email notification came in from PayPal that there was a charge to my debit card in Haiti. Now I’ve never been to Haiti, and I certainly wasn’t there on Saturday afternoon. That was the first clue that something was wrong.
Since I make my living on the Internet, PayPal is my primary business account. It’s where most of my income is received, and most of my business expenses are paid. It’s a perfect platform because it’s instantaneous, easily processes international payments, and you get alerts on each transaction that affects your account.
One of the big security advantages with PayPal is that it’s safe for online transactions. That’s because only your email appears in the transactions, never any account numbers or personal identifiable information. In 13 years of having an account with PayPal, this is the first time anything like this has ever happened.
A PayPal account comes with a debit card, and it’s naturally subject to all of the potential security breaches that any other credit or debit card is. It wasn’t the account itself that got hit, but the debit card.
What I Did in Response
Notifications from PayPal are common, and I’ve gotten in the habit of verifying each one. Because of that, I was able to take action within a couple of hours of the charge. I contacted PayPal by phone, deactivated my debit card to prevent further charges, and placed a dispute resolution on the charge.
Since the debit card is a MasterCard, it’s covered by their 0 liability on fraudulent charges policy. I’ll be issued a credit for the amount of the charge, until the dispute is settled. In the meantime, my debit card cannot be used for additional purchases. A new one will be issued in a week.
The Range of Possible Outcomes
Given the range of possible outcomes, my situation is fairly tame. The charge was for only $39.22, so my concern isn’t about the amount of the fraudulent charge. But since I sometimes write about identity theft, and the many forms that it takes, I was well aware that this small charge could be the tip of a very ugly iceberg.
There are at least two fundamental types of identity theft. One is the theft an individual account. If it goes no further than that, then the damage will be limited to that one account. And since most financial institutions do have elaborate security setups, as well as 0 liability policies, it usually ends up being more of an annoyance than a genuine threat.
The second type does a lot more damage. That’s when your entire identity has been hijacked. A person has your name, address, telephone number, and most of all, your Social Security number. They may also have one or more account numbers connected to you. That’s all they need to impersonate you. With that information, they can drain your bank accounts, run up credit lines, borrow in your name, or even empty a retirement account.
My sister-in-law had her Social Security number stolen a few years ago. It affected everything about her life. She had to create a whole new identity under a new Social Security number. It took two years to resolve the theft.
They can even file a fraudulent income tax return, and collect a bogus tax refund under your name and Social Security number. This is referred to as income tax refund fraud, and it is also growing rapidly.
What Probably Happened in My Case
When you’re first hit by identity theft, you can’t know if it’s the isolated kind, or the complete hijacking of your identity. Mine looks to be the first kind.
What most likely happened was that I ran a charge on my debit card somewhere. I supplied the credentials for the card – my name, the card account number, the expiration date, and the security code on the back of the card.
If that information is enough for me to run a transaction, it’s also enough for anyone who has the credentials.
Now here’s a frightening realization: about 50% of identity theft is an “inside job”.
The “TV version” of identity theft is a group of shadowy (usually foreign) cyber hackers, mining data from large organizations. The reality is that it’s more likely to come from sources closer to the ground. You provide your card credentials to a person over the phone, and it ends up going in a different direction.
Consider this scenario: you make a purchase by phone, and you’re asked to provide your card credentials. The company that you’re doing business with is a reputable organization. But the person taking your information is a low salaried clerk. He or she may be looking to make some extra money. By swiping an occasional set of card credentials, they can buy that piece of jewelry, wardrobe, or laptop computer that they otherwise couldn’t afford.
That’s probably what happened in my case. I provided information to a clerk, who passed on to a friend or family member in Haiti.
Given that Haiti is a poor country, and that the charge looks to have been made at a small grocery store, I take comfort in the fact that the charge may have been used to feed a family.
I’m a Bad Example of a Good Christian
I’m a Bible believing Christian (or at least I think I am) and I’ve spent years reading and studying the Bible. One of the most fundamental teachings is “do not fear”. Some variation of the phrase reportedly appears 365 times in the Bible. Sources that have attempted to verify that claim say that it’s a lot less, maybe only 100+.
Whatever the number, it’s an act of faith when our trust in God is greater than our fears.
Here are some of the verses that I’ve frequently relied on in the past, which clearly spell out what our reaction to fear should be:
- ”Trust in the LORD with all your heart and lean not on your own understanding…” – Proverbs 3:5
- ”The angel of the LORD encamps around those who fear him, and he delivers them.” – Psalm 34:7 (I even keep this Psalm in my wallet.)
- ”Do not be anxious about anything, but in every situation, by prayer and petition, with thanksgiving, present your requests to God. And the peace of God, which transcends all understanding, will guard your hearts and your minds in Christ Jesus.” – Philippians 4:6-7
- ”And we know that in all things God works for the good of those who love him, who have been called according to his purpose.” – Romans 8:28
- ”Therefore humble yourselves under the mighty hand of God, that He may exalt you at the proper time, casting all your anxiety on Him, because He cares for you.” – 1 Peter 5:6-7
- ”Peace I leave with you; my peace I give you…Do not let your hearts be troubled and do not be afraid.” – John 14:27
It’s clear that God is trying to tell us something.
What did I do with All of that Biblical Knowledge?
I panicked, that’s what I did.
Rather than standing tall and trusting in my Maker, I caved in to fear. What can I say – I’m a hypocrite. But if this life has taught me anything, it’s that we’re all hypocrites. That includes both believers and non-believers. It’s part of our humanity.
But I’m disgusted with myself when the “peace that passes understanding” doesn’t rule in my life. I’ve gotten better about this over the years, but there are certain types of crisis that cause me to “lose it”. The potential theft of one of my financial accounts is apparently one of those.
My wife said that my reaction was natural, given that my PayPal account is my business account. That sounds fair, but I’ll be the first to admit that God has protected me through hundreds of trials in my life. I should know better.
But when this one hit, I wasn’t very Christ-like. My one consolation was that there was no one with me to witness my meltdown. It was not becoming of a believer, and it made me realize that I’m more of a work-in-progress than I like to admit to myself.
As has become my habit, I prayed before I attempted to deal with this. And true to form, it ended up being a much milder situation than I originally anticipated. It looks like I’ll come out of this slightly inconvenienced, but completely unscathed.
Of course, I didn’t know that going in. I have a very quick and vivid imagination, and it can conjure up scenarios that are straight out of the depths of Hell. It’s like thinking that you have cancer, and it turns out to be a wart. But while you were thinking it was cancer…you get the picture.
Random Thoughts on Identity Theft
Part of what caused me to panic was the slow response from PayPal. Historically, anytime I’ve had any issues with my account whatsoever, PayPal customer service is fast, and the issue is resolved quickly. But this being the Saturday after Thanksgiving, it’s likely that customer service was staffed by a skeleton crew.
The phone process took a good 90 minutes, most of which was spent on hold. The first three people I talked to didn’t seem to grasp what I was telling them. It also seemed obvious that they were based in foreign call centers.
It was a “Twilight Zone moment” for me in the early going. My account appeared to be hijacked, and PayPal was slow to respond. It was like one of those nightmares where the beast is charging at you at lightning speed, but the people who could help you are out on a coffee break.
The situation was finally resolved by the last person I spoke to. He was an efficient young man, likely based in either the US or Canada. He represented the PayPal that I’ve come to know and love over the years. But I had to wait almost an hour and a half to get to him.
In addition to resolving my issue, he said something comforting – this is the world we live in. Whenever we have a problem, it’s easy to take it personally. But identity theft has become so pervasive it’s virtually part of the cost of living life. It sucks, but we can’t take it personally.
In the The Four Hour Workweek, author Tim Ferriss even warned that you will be hit by identity theft at some point. You just need to accept that reality, and deal with it when it happens.
Protecting Ourselves Against Identity Theft
I’ve written about this subject many times on other websites, but never here at Out Of Your Rut. Now that I’ve been hit by identity theft, it’s time to address the issue.
If you’ve never been hit by identity theft, seriously consider implementing the following strategies:
Freeze your credit. This prevents someone from opening accounts your name, unless it’s directly verify with you. It will minimize the damage if your identity is stolen. Unfortunately, you have to put a freeze with each of the three credit bureaus:
Use cash for smaller transactions. Set a threshold – $50, $100, or whatever number works for you – and pay cash for any transactions below that amount. This will minimize the number of times you use your credit or debit card. The last thing you want to do is to be hit by identity theft because you used a card to pay for a $4 latte.
Avoid transactions giving out your credit/debit card credentials. Any time you do this you’re providing information to an individual. That person may represent a reputable organization, but may be tempted to use the information for other purposes.
Other Strategies to Protect Your Identity
Destroy the “evidence”. Any receipts or statements should be stored in a safe place. If not, they should be shredded. “Dumpster diving” is a popular source of identity theft.
Use a rechargeable debit cards. These are becoming increasingly popular. You can use them just like a regular credit or debit card, but they don’t have any identifying information. Any fraudulent activity will be limited to the balance that you have on the card.
View your statements regularly. You should have online access to all financial accounts, and you should review them carefully on a regular basis. Daily would be the best. The best strategy to deal with identity theft is to do as quickly as possible. Your options fizzle as time passes.
Set up credit alerts. Daily email or text alerts let you know if there has been any activity on your account.
Use dual accounts. If you have two of each account, you can continue to use one if the other has been compromised. This is a good idea for credit cards and checking accounts.
Use self-checkout. This is a strategy my wife uses, but I’m divided on it. Self-service is always an attempt to eliminate jobs, which is why I prefer using human manned checkouts. Her point is well taken. By using self-checkout you remove a pair of human hands from the process, eliminating one potential source of identity theft.
Have you ever been hit by identity theft? What did you do to fix the problem? Do you have other strategies to protect against identity theft?