This year it is estimated that more than 10 million of us will lose an average of $5,000 apiece, but not on the stock market's swinging pendulum or because of a racetrack gamble. You'll lose it simply because someone else pretended to be you and used your own personal information to get their hands on your money or credit. In some cases, they may even use your identity to get out of a crime they committed - and you might not even know that all of this is happening until it's too late.
According to the Federal Trade Commission (FTC), 27.3 million Americans have been victims of identity theft in the last five years, including 9.9 million people in the last year alone. According to a survey released September 2003, last year's identity theft losses to businesses and financial institutions totaled nearly $48 billion and consumer victims reported $5 billion in out-of-pocket expenses.
Anyone who uses an ATM, shops or enters contests on the Internet is a potential victim. If you are a member of an association, or if your building maintains a Web site with personal information on its residents, you are already a potential victim.
In December 2003, New York University reportedly notified almost two thousand students that their names and social security numbers had been posted on the Internet. The school sent out an email to the students, who had given this information to the school when they signed up to play intramural sports. The information has since been removed, but it is unknown at this point what damage was already done.
Even if you have any personal papers with your confidential information on it, you may still become a potential victim. Throwing away personal papers might seem secure, but think again. While the idea of dumpster diving might cross the line of even the most resourceful treasure-hunter, the fact is that there has been a recent upswing in the number of dumpster divers searching for more than just a secondhand loveseat or interesting junk. As the old saying goes, "˜one man's trash is another man's treasure," and for some with criminal intent, that treasure is your own personal information.
Unfortunately, while you might think it's easy to get your identity back, it can actually cost you hundreds of hours and thousands of dollars to resolve the problem and repair your credit - but the damage may already be done.
The fact is that one in four Americans will have their identity misused or stolen within the next year. "These numbers are the real thing," according to Howard Beales, director of the FTC's Bureau of Consumer Protection. "For several years, we have been seeing anecdotal evidence that identity theft is a significant problem that is on the rise. Now we know. It is affecting millions of consumers and costing billions of dollars. This information can serve to galvanize federal, state, and local law enforcers, the business community, and consumers to work together to combat this menace."
"How concerned consumers should be that their information is online depends partly on what type of information is given out," says Jordana Beebe, communications director of Privacy Rights Clearinghouse in San Diego. "In addition to identity theft, there are other concerns about posting personal information online. For example, putting the name and address of someone who is also a stalking victim [online] can actually put their life in danger. Everyone should be given the option to have control over the information that is going on a site."
Beebe recommends that all co-op/condo boards create a risk management plan, a policy in writing with specific guidelines about uploading personal and building information online. "Have a plan in writing that puts contingencies in effect and live by those rules," says Beebe.
To prevent identity theft, it's also important to recognize how skilled identity thieves gain access to confidential information. According to Beebe, "It's very difficult to always find out how the thief gained access because in many cases, law enforcement is too understaffed to go after the crime."
However, Beebe continues, there are a few common methods that thieves use to get information. "It can be a back end entrance, such as an insider, an employee or a representative who has access to trusted information. It may also depend on how you get rid of outdated information. If it's not properly destroyed, a dumpster diver can get their hands on it."
Some other common ways that thieves steal this information is to hack into computer systems, pose as someone who is responsible for this information, divert mail to another address with a change of address form or even steal mail, such as pre-approved credit card solicitations, new checks and tax forms.
Beebe also recommends that condo/co-op boards and management screen the person in charge of putting this sensitive information online and know what information should and should not be put online. "Has this person been subject to a background check?" asks Beebe. "Members may feel more secure about giving out information to someone who's been screened." Screening includes checking for a criminal past and other fraudulent activity.
So what should and should not be on the Web? According to Beebe, "Personal information in financial documents such as account numbers or information on account co-signers that might allow someone to work their way through and get information and access to financial bank accounts - that information should not be posted online. With the right kind of information, a criminal can put enough pieces of the puzzle together to represent themselves and do some financial damage, even to an association or board."
If management wants or needs a Web site, a security consultant can review the site and make sure security is up to snuff and doesn't compromise any personal information.
While the incidence of identity theft has been increasing, so has the number of Americans who are paying their bills online, but don't fret. "Fortunately, online billing is not really a source of problems," says Beebe. "The companies that use these secure servers would be reluctant to do so if they didn't have a secure network."
Management may also consider purchasing identity theft insurance, an insurance that protects its members if they are victimized. "This is designed to help the individual recover their identity and with all the time and effort it takes to clear their name," says Mark Camillo, director of alliances for AIG Affinity Group Services in New York.
"You incur expenses, including taking time off work, a lawyer for civil suits, fees, notary, and re-filing for loans to get your identity back," says Camillo. An approximate cost of this insurance is a $6,000 premium per year divided as membership dues. For example, if a cooperative corporation has 1,000 members, each member would be charged six dollars per year for the insurance. The insurance costs can easily be added to regular maintenance fees.
This insurance protects its members whether the fraud occurs as a result of the co-op's Web site or directly through an individual's credit card or computer. This does not, however, protect the association or co-op itself from liability. There are different insurance policies to protect against liability, but who remains at fault if someone is victimized?
"If the theft can be traced back to a network security lapse and it can be proven it came from there, the company may be liable for a security breach," says Beebe. "That's why it's important to have a security consultant check your site and have a program in place to know what to do if something were to happen."
Individuals can also purchase identity theft insurance through most insurance carriers or credit bureaus. This privacy and fraud protection helps consumers monitor and manage their credit information and protect them from identity theft. If theft occurs, the packages covers some expenses to re-establish identity, including legal fees and lost wages. There may be annual premiums or monthly fees, depending on which package you select.
Prevention is the key to stopping identity theft, which means that you should be very aware of all of your financial information, including all financial statements and your credit report. A credit report is a detailed listing of all of your outstanding debts, such as student loans, car loans, mortgage payments, credit card debt and so on. Credit reports are updated monthly so it is really helpful to check your credit report regularly. According to a survey by the FTC, some consumers weren't aware about the fraud on their accounts six months after the fraud occurred. Pay close attention to all financial statements. As soon as you see something that you do not believe that you did, contact the company immediately.
There isn't a surefire way to prevent becoming a victim, but you can minimize the risks. Start by asking questions: find out how your personal information is going to be used and let a company or association know if you don't want something disclosed.
Invest in a locked mailbox or post office box to secure your mail from thieves. Don't throw away papers. Businesses, associations and individuals should invest in a crosscut shredder to assure that the information is properly destroyed and cannot be pieced together. If you have a fireplace, burn the paperwork instead.
So you've opted out of all the junk mail and phone solicitations; but what do you do if you think you've become a victim? Close the accounts that you believe had been victimized and contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file.
According to the FTC, "the fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge."
Once you have completed these steps, file a police report and a report with the Federal Trade Commission. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations.
If a management company thinks their Web site may have been compromised, it's their responsibility to notify their clients immediately. Similarly, says Beals, "If a board feels they may have been compromised, they have an obligation to notify their members, and their bank - depending on what information was posted - and take steps to minimize their financial [exposure]. It's better to be safe than sorry."
Leave a Comment