Fraught with Fraud: Tips for Increasing your Digital Security

“The police can't protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there's nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.” - Frank Abagnale

I was at a limited partners’ investor conference in Dallas, Texas this past week where Frank Abagnale led a discussion covering identity theft and information protection. Frank Abagnale, whose life inspired the movie Catch Me If You Can and the TV show White Collar, briefly told the story of his life - how he used check fraud and identity theft to travel the world as a young adult.  He was caught, spent less than five years in a United States prison before being released to work with the FBI. Over the past 44 years, Abagnale has worked within the FBI to investigate crimes committed by fraud and scam artists, and, as technology has continued to develop, this role has transformed into a significant online identity theft and identity protection role.

With an increasingly connected digital age, data and information have become a valuable resource.  Your name, date of birth, social security number, passwords, addresses, emails, etc. all sit online somewhere - whether in your online bank account, sitting within Gmail or stored as a note on your iPhone. With all these vulnerabilities, here are some things Abagnale suggested you can do to minimize the risk of security breaches.

Credit Freezing

A Credit Freeze is a newly free (per recent legislative requirements) tool that lets you restrict access to your credit report. Placing a credit freeze on your report makes it exponentially more difficult for identity thieves to open new accounts in your name because creditors, whom need to see your credit score to open accounts, are unable to access your credit report unless you have explicitly permitted it.

A credit freeze does NOT do the following:

• It does not affect your credit score.

• It does not prevent you from opening new accounts, but to open one, you must lift the freeze temporarily. Essentially, you are shutting off access until you open it again.

• It does not keep you from applying to jobs, renting an apartment or buying insurance.

• It does not prevent a thief from making charges to existing accounts.

You can place credit freezes on your accounts at the following addresses:

• Experian: https://www.experian.com/freeze/center.html

• Equifax: https://www.equifax.com/personal/credit-report-services/

• TransUnion: https://www.transunion.com/credit-freeze

Password Management

Passwords, at least in their current form, were invented in early 1960s. We’ve used the same functional technology of username/password for about 60 years now. They were meant for a desktop era and need to be re-imagined given the advances in machine learning and the number of vulnerabilities that exist with password security today. Frank Abagnale has a strong dislike for passwords and is currently working on developing new, more secure methods to verify one’s identification. While most of the technology is still early in development or not yet widely adopted, here are a few things that you can and should do today to bolster your online security.

Password Security

If your password is anything like “Password1”, “March2020” or “Mulcahy2014”, that should change.

In fact, the most common passwords in 2018 were the following: “123456” (and other variants), “password”, “111111”, “sunshine” and “qwerty.” SplashData, the publisher of this data, estimates that no fewer than 10% of people have used at least one of the 25 worst passwords on 2018’s list. Most sites now require a special character (@, !, #, etc.) and a number. When this requirement was broadly rolled out, my standard password changed from “Password” to “Password1!”. Clever, right? Not so much. 

Here’s a better way to create a password:

Bad: Michael

Better: M1chae!

Good: M1c.443L!

Best: ws5@20!A

LastPass, a company that exists as a password manager, published a list of 7 Bad Password Habits to Break Now.  Working backwards, here are some good password habits to adopt:

1. Use different passwords for every online account.

2. Have a secure, encrypted password system like LastPass or 1Password.

3. Update your passwords frequently. If you’ve used the same password since 1995, it’s time to change it.

4. Do not check the “Remember Me” option on website. If someone gets ahold of your device, they’ll have access to your online account.

5. Do not store passwords in the browser.

6. Do not share your passwords with others, especially if you use similar passwords across all sites.

7. Never email your password or share it over electronic mediums.

Two-Factor Authentication

Two-factor Authentication (2FA) is a service many websites have started to offer as an extra layer of protection which often requires a code from an app or text message in addition to a password to access your online account. Any inconvenience in time or effort is worth it for that second layer of protection that may protect you from falling victim to someone accessing your online account without permission. Here’s a quick video explaining 2FA in more detail.

Payment Methods and Data Security

The last item that Frank Abagnale highlighted was how to securely provide payment for goods and services. In Abagnale’s words, “I don't use a debit card. The safest thing is a credit card because you're using the bank's money. If someone accesses your information, they are stealing the bank's money, not yours.” Under the Fair Credit Billing Act (FCBA) with a credit card, your maximum liability for fraudulent transaction is $50, and many credit cards promise zero liability for all fraudulent transactions. With a debit card, your potential liability according to the Electronic Funds Transfer Act (EFTA) is virtually unlimited - depending on how quickly you notice the transaction (needs to be before 60 days).

What’s the worst method of payment? According to Abagnale, physical checks. On the check you give someone your name, your address, your bank account number, your routing number and what your signature looks like. That check is physically handled by any number of people before it is securely stored then destroyed.

The bottom line: In Abagnale’s opinion, credit cards are the safest way to provide payment for goods and services, both within stores and online. (I would just add - remember to pay them off promptly!)

Conclusion

It’s a dangerous world on the internet. There are plenty of soft spots for individuals to access your online account information, your personal information and ultimately your financial information. It is important to stay up-to-date on the latest security issues, topics and breaches. Here are a few resources to help you secure your personal and financial data and accounts:

• https://haveibeenpwned.com/: Search for affected emails due to password breaches and hacks.

• https://www.lastpass.com/ and https://1password.com/: Secure password managers

• https://passwords.google.com/: Check passwords and clear passwords stored with Google.

And specifically, for our clients who utilize Fidelity, Schwab or TDAmeritrade, use the below links to enable Two-Factor Authentication:

• Fidelity: https://digital.fidelity.com/ftgw/digital/security/dashboard/view

• Schwab: https://client.schwab.com/clientapps/access/securityCenter#/main/epass

• TDAmeritrade: https://invest.ameritrade.com/grid/p/site#r=jPage/cgi-bin/apps/u/AccountSettings?pagehandler=PHPersonalProfile