Putting a Freeze on Identity Theft

Really, must we all go back to cash-only transactions to protect our personal information?

In the past several years, millions of consumers have been put at risk of identity theft as their personal information has been either stolen from or left unprotected by the companies that collect it. The latest data breach involves TJX Cos., which operates T.J. Maxx and Marshalls stores.

The company recently revealed that the computer systems that process customer transactions had "suffered an unauthorized intrusion" and that some information had been stolen. In a statement, TJX said it did not know the full extent of the theft or how many customers might have been affected. The break-in involved the portion of TJX's computer network that handles credit card, debit card, check and merchandise return transactions for customers of T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the United States and Puerto Rico, as well as Winners and HomeSense stores in Canada.

TJX did what it was supposed to do and alerted law enforcement agencies. The company also said: "With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems."

As a customer of TJX's stores, I'm glad to know they are beefing up their security.

But then the company said something we all should keep in mind. "No computer security can completely guarantee the safety of data."

Therein lies the problem. No matter how many firewalls are built to protect our information, the con artists are actively working to outsmart the companies that store consumer data.

So what can consumers do?

Well, we can press our state lawmakers to enact legislation that would greatly reduce access to our credit files. I'm talking specifically about a way to put a "security freeze" on our credit reports.

A security freeze blocks access to your credit reports and credit scores. This is better than a fraud alert, which simply advises that you may be a victim of identity theft. With an active fraud alert, lenders can still access your file. However, with a freeze, consumers control access to their credit files. A security freeze prohibits, with certain specific exceptions, the credit-reporting agency from releasing your credit report or any other information without your express authorization. Often that means giving the agency a PIN or confirmation number.

With a security freeze, if lenders or businesses can't get access to your credit file, they aren't likely to issue new credit. This greatly reduces the ability of a thief to open a credit account in your name. A security freeze lets you decide when and with whom your credit information should be shared.

There is a downside to a security freeze. It can make it harder for you to take advantage of instant credit offers because you have to notify the credit bureaus to lift the freeze. In addition, to temporarily remove a freeze and to reactivate it later, you may have to pay a fee. Fees vary by state, but generally it's $10. In many states, senior citizens and victims of identity theft are not charged to place a freeze on their credit report.

Twenty-six states and the District have adopted laws that allow consumers to freeze access to their credit files to prevent crooks from opening fraudulent accounts with stolen information, according to Consumers Union. Maryland and Virginia currently do not have security freeze laws in place, but legislatures in both states are considering bills to enact this important consumer protection.

As the 2007 state legislative sessions begin around the country, 17 states are considering security freeze laws, the consumer advocacy group recently reported. Rather than complain that companies can't protect our information, we need to push our state lawmakers to enact legislation that makes it easier for us to protect ourselves.

Check whether lawmakers in your state are considering such a bill and then write to support the legislation. To see which state legislatures are considering security freeze laws go to http://www.financialprivacynow.org/, set up by Consumers Union. Click on "Learn More." Then look for "Current State Security Freeze Bills."

Many security freeze laws became effective last month. For more information on existing state security freeze laws go to the same site, click on "Learn More" and look for "States With Security Freeze Laws."

Among the states with security freeze laws, five give consumers the right to put a freeze on credit files only after they become identity theft victims. Those states are Hawaii, Kansas, Texas, South Dakota and Washington.

As more people become victims of identity theft, it's time to expand the security measures we use, says Gail Hillebrand of Consumers Union.

As Hillebrand says, a security freeze is "like putting a deadbolt on your front door."

Clearly, given the frequency of consumer credit information breaches, we need a stronger lock on our credit files.

· On the air: Michelle Singletary discusses personal finance Tuesdays on NPR's "Day to Day" program and online athttp://www.npr.org.

· By mail: Readers can write to her at The Washington Post, 1150 15th St. NW, Washington, D.C. 20071.

· By e-mail:singletarym@washpost.com.

Comments and questions are welcome, but because of the volume of mail, personal responses are not always possible. Please note that comments or questions may be used in a future column, with the writer's name, unless a specific request to do otherwise is indicated.