washingtonpost.com
Identity Theft

Nancy Trejos
Washington Post Personal Finance Writer
Tuesday, January 15, 2008 1:00 PM

Washington Post staff writer Nancy Trejos and Adam Levin, chairman of Identity Theft 911 LLC and a former director of New Jersey's Division of Consumer Affairs, were online Tuesday, Jan. 15 at 1 p.m. ET to discuss ways to protect yourself from identity theft.

A transcript follows.

Read more in Nancy's story: Identity Theft Gets Personal (The Post, Jan. 13).

____________________

Nancy Trejos: Hello all. Thanks for reading my story on Sunday. And thanks for joining us for this chat today. Adam Levin is also here to answer your questions. We're looking forward to discussing this issue with you.

_______________________

Upper Marlboro, Md.: It makes no sense to me that America can't keep track of who is real and who is phony these days. I find it so hard to believe that anybody can take my name, my social, my place of birth, and get away with it. This makes me a target because I just don't get it. So how is it possible that America finds it difficult to put a plug on identity theft and how did it get so out of hand?

Nancy Trejos: The problem is that too much of our personal information is out there, thanks to the data revolution. Think about all the entities that have access to your personal information. Not only your banks but your pharmacy, your doctors, your cable TV company, your cell phone company, federal agencies, your local government. You have control over how well you protect your information but you have no control over how well those entities protect it. There are many ways that identity thieves can get your information, from dumpster diving to "skimming," in which they use a special storage device when they process your debit or credit cards, to sending emails pretending to be your financial institutions. The law enforcement authorities I talked to said these people are often hard to find. And because your bank or credit issuer will usually reimburse you for most or all of your loss, the cases are often dropped. Nonetheless, President Bush has set up a task force to come up with recommendations to battle identity theft. One was to eliminate the unnecessary use of social security numbers by federal agencies. So identity theft is definitely on everyone's radar screen right now but it remains to be seen what concrete steps are taken to battle it.

_______________________

Reston, Va.: Can people take their names off of the online databases so they will not be hit by identity theft?

Adam Levin: While there are a number of ways to opt out of junk mailings and call lists, the problem is that our information is all over the place.

Government sites

Public data bases

Retailers databases

The soon to be National Health Information Network

The list goes on and on.

We need to face reality that we have a major national problem which requires consumers to become as educated as possible about the issue, do what is necessary to mitigate their risk of exposure (shred, protect their mail, enroll in credit and public record monitoring programs, secure online access to their accounts, ensure that their computers have the best virus, anti-malware and firewall protection, and be guarded as to whom they provide their information) and know where they can go to get resolution assistance if they are victimized.

_______________________

South Carolina: What can you do when you find out that a family member has used your ssn and name, then you try to get your free credit report but they need several things to prove that is you, but your not sure if you should send them a copy of your ssn/DL/and pay stub with your name and ssn on it.....

Adam Levin: You need to get a police report. I know that is hard for people when a family member is involved, but you must. And, you need to provide the credit reporting agency with whatever information it needs in order to prove you are you. Sad, but reality.

Now, for consumers who are working with companies that do resolution - either through their institution or directly with those particular entities - the path to reclaiming your identity may well be less painful and quicker.

_______________________

Alexandria, Va.: Comment: I found Nancy Trejos' piece on identity theft so scary but helpful that I immediately clipped it and saved it in my file cabinet financial file, in my reach now. The hook was how a debit card - so casually used - was victimized. Thanks.

KTS

Adam Levin: KTS: Identity theft is something to be feared. It requires people to be very alert to everything about their personal finances and their personal information when in the past we simply took certain things for granted. Mailboxes that lock, special computer protections, shredding, monitoring credit and public records, reviewing accounts online daily - all unthinkable in the past - must now be part of our thinking.

Remember how we never thought terrorism was a domestic problem before September 11?

As we are entering a Presidential election year - when it comes to identity theft, we are not living in red states or blue states, we are all living in the same state - a state of emergency.

_______________________

York, Pa.: I'm often told I need to supply my SS # with request for information, such as medical insurance etc. I'm uncomfortable doing so but wont get service unless I do. How can this be avoided?

Adam Levin: When it comes to dealing with medical professionals, I find that if you are presenting an insurance card and - in most cases they don't allow you to leave the office without paying for the visit - you have a right to refuse to give your SSN and most will agree. A doctor once told me that the only reason that the request for SSN was on his "New Patient Form" was because it had been there for years, even before he began accepting insurance, so it simply remained AND few people have ever objected. Frankly, I think a picture id is more important than a SSN (eventhough thieves are creating forged documents with doctored - please excuse the pun - pictures).

_______________________

Arlington, Va.: I am a detective for a police department and investigate identity theft. I find the most difficult part of the process dealing with the banks, merchants and businesses who drag their feet on supplying investigative info. or hide behind demands for subpoenas for records. This problem can't be solved until businesses are held accountable for poor record keeping, no investment in prevention and lack of desire to assist law enforcement. Target company, however, is an exception and is an excellent partner in detecting and prosecuting identity thieves. Bally fitness has been notoriously unhelpful. Please comment. Thanks.

Adam Levin: Detective: It is in everyone's best interest - if we are to contain the identity theft epidemic - to cooperate, collaborate and communicate. Regardless of the party involved, lack of cooperation just impedes law enforcement's ability to nail the perp. One problem I find dealing with business is that they tend to be more protective of their trade secrets and intellectual property than they are of their most precious asset, the personal identifying information of their customers. That's why there have been so many database breaches. That's why consumers are becoming so distrustful of business in general.

While I can't comment on the helpfulness of any particular business, I can say that any business that fails to cooperate with law enforcement when you guys are on the trail of an identity thief is literally assisting the criminal get away with the crime. Not a "goodwill" builder.

With this epidemic, it is in the interest of all consumers (every business person is a consumer) to stick together, do the right thing and cooperate.

_______________________

River Forest, Ill.: I went to the Equifax Web site and couldn't find any link to request a free report. All I could find were reports with a fee attached. How can I access my report without incurring a charge?

Adam Levin: Go to http://www.annualcreditreport.com

You are entitled to a free copy of your credit report from each of the 3 credit reporting agencies. If you are not interested in enrolling in a monitoring program, then visit that site 3 times during the year (perhaps every 4 months) and order a report from a different agency. This gives you 3 snapshots of your credit profile during different time periods.

_______________________

Arlington, VA: Adam,

A former Jersey guy asks: Is it overkill to tear my name and address out of everything that goes into the garbage, and then shred the identifying bits?

I've gotten into the habit of doing this, which is tedious, especially with junk mail (credit card offers are the worst offenders) that repeats my name and address multiple times. But I wonder if I'm just wasting my time.

I have a listed phone and various public databases make it pretty easy to find who I am and where I live. Obviously account numbers get shredded, but what about simple name/address?

Adam Levin: Greetings, Jersey Guy: You can never be too careful. Removing any personal identifying information for any document is a good habit. It is tedious. That's why you should just use the shredder as much as possible (crosscut I hope). You are correct about the fact that there is way too much information available out there. You should also consider enrolling in both credit monitoring and public records monitoring programs.

You can never be too alert or too aware of what is floating around in cyberspace with your information attached to it.

_______________________

St. Louis, Missouri: Hi:

Great article on Identity Theft. I recently taught a class to Teen Parents to educate them about credit. One of the things I tried to teach them was how to access their free credit report. Much to my surprise, I was told by the credit bureaus that their credit report could not be accessed unless they were 18 year or older. As a social worker, I have worked with many young people whose parents have used their social security numbers to gain access to utilities, cell phones etc and the teen does not find out until they apply for credit themselves. There seems to be a real disconnect between what we say and what we actually do; on one hand we are told to teach young people about financial responsibility but when they need to take the first step to find out what their credit report looks like, they are prevented from doing so. Can you comment on this? Thanks.

Adam Levin: As society becomes more sensitive to the identity theft crisis, I believe that children will gain the right to access their reports. It is appropriate that as part of their financial intellectual evolution they have this right. One of the credit reporting agencies permits the creation of a file for a child and then its suppression. The other 2 require evidence of an identity theft before they will correct the file and then suppress it. Also, the age of majority issue relates to personal financial responsibility so there has been a bias against even permitting access to any channel that would enable unenforceable transactions. I am an advocate for financial literacy and in my view, the younger the better.

_______________________

Richmond, Va.: A very helpful article, thanks. But my question is: I have a card that is both debit and credit. So, I am proteced when I use my credit function, but extremely vulnerable if I use the debit function? Or is my credit/debit considered a debit card?

Adam Levin: Credit cards offer more protection. $50 maximum liability. Many credit extenders have zero liability policies. Debit cards present greater liability issues depending upon when you report the misuse. Liability can exceed $500 if you take too long to notify the institution.

_______________________

Brooklyn, N.Y.: Nancy,

During your move that you mentioned in the article did your identity theft hinder your efforts of setting up utilities and changing the address on your bills?

i.d. theft victim 2

Adam Levin: When your identity has been compromised, it will have an impact on your ability to establish accounts with utilities.

_______________________

Takoma Park, Md.: Hi, great article. I have my credit and check cards marked "SEE ID" in marker like the police officer suggested, but what's the deal with merchants not accepting them unless they are signed? The post office recently changed their policy to not process unsigned credit cards for "our protection and the customer's protection". How does signing the card protect anyone? It's not like retail clerks are handwriting experts and need to verify a signature.

Adam Levin: I know a number of people who refuse to sign their cards and write ASK FOR MY ID on the back. I have not heard that they have been refused purchases because of it.

_______________________

Gaithersburg, Md.: Ms. Trejos,

Did you ever determine how a thief obtained your personal information? I use my debit card everywhere. I get annoyed when the person in front of me at Giant takes up extra time writing a check (like the Visa commercials in which a person paying with cash brings everything to a screeching halt when everyone else is using their Visa debit card). My debit card is linked to my Home Equity Line of Credit with the same bank, so a thief could steal thousands of dollars even though my checking account has minimal funds (except on payday). Never any overdraft fees! I love the convenience, but I don't want to get wiped out by some scumball thief.

Adam Levin: No question that debit cards are wonderful instruments because they do force consumers to set psychological spending limits.

As I indicated earlier, credit cards offer more protection but can create an unreality regarding the question, "Can I afford this."

If you are wedded to using your debit card, just make sure that you are very focused on checking your account activity EVERY DAY.

_______________________

Charlotte, NC: Nancy, do you have any idea how the thief got your debit card number? It sounds to me like you are reasonably careful with it.

Nancy Trejos: Hi. The police are still investigating it. They have come up with a couple of theories. Unfortunately, I cannot say much more about the investigation because the detectives asked me not to. But it seems they are close to coming up with some answers. I will probably do a follow-up story once someone is charged with a crime.

_______________________

Fairfax, Va.: There's so much in the news nowadays about protecting your identity that I'm amazed to see how clueless some people can still be. I work in the HR department of my organization and on our new hire form it asks for Visa information - meaning if you're here on a WORK VISA we need the information. Not frequently, but often enough that causes me to raise my eyebrows, new employees will provide their credit card information with no questions asked. Credit card number and expiration date. If I was a less ethical person I'd be shopping right now! I received a phone call about a purchase I made and they asked me to verify the last 4 digits of my credit card and I refused. They said they were understanding but it left me with an uneasy feeling. People need to be more aware, ID theft is a serious concern!

Adam Levin: You can never bee too careful.

People have been conditioned to answer questions. We have the power to say "no."

Just pick your battles and make sure that if information is requested, you understand and trust the person asking the question.

If you receive an email, never give personal information through that medium. Go to a secure site.

If you receive a call from the fraud department of a credit extender, look at the number on the back of your credit card and call it, ask for the fraud department.

Never give information to anyone you don't know. Simple rule.

_______________________

Los Angeles, Calif.: I am an identity theft victim and took all the actions to clear up my records and to implement a seven year freeze with the BIG 3. I still get airline frequent flyer credit card offerings, though.

Recently, I got a privacy notice for a Sears/Citibank account supposedly closed one year before. I phoned Citibank, keyed in that former credit card number and was able to hear my credit limit, etc. When I spoke with a human operator, she asked for my password and threw hints until anyone could have guessed the password. Their security department seemed unconcerned when I reported this. They could not see what the big deal was since the account was closed. I learned that their operating procedure, even in the case of documented ID theft via that card, is to open a new account but not to give out the new card number.

Any advice to me or the credit card issuers about vigilance?

Adam Levin: This sounds like the continuing battle between security and convenience. If you have a question regarding something like this don't go to the customer service folks, ask to speak to the security department. Different type of people, different training.

_______________________

Houston, Texas: A few thoughts from a victim of ID Theft:

1. Take the 7 year Fraud Alert-won't hurt you, and may stop some additional ID theft. Your credit & liability is better protected by your posting of 7 year fraud alert on file.

2.Once an ID theft victim-often repeatedly a ID theft victim - your ID info is sold on criminal websites. Every 1-2 years after initial attack, someone else tried to use our stolen ID info and some retail stores, on-line sites, and banks are loosey-goosey enough to let ID thieves use your stolen Id even though the alert is available to any security conscious company.

3. Even though we opted out from receiving credit card offers in the mail, we continue to receive 6-8 per week. Why are credit card companies NOT concerned about ID theft?

4.Will you please continue to follow-up this story with more articles about ID theft? Washington Post hasn't had a consumer protection reporter since March, 2007. This is a topic of great interest and urgency in this era of non-regulation and non-consumer protection.

Adam Levin: Unless and until the credit card companies view identity theft as a national crisis and not a cost of doing business, nothing will change. I wonder how much of the recently announced credit card default crisis can be attributed to account compromise? This might well be an interesting follow-up article.

_______________________

Austintown, Ohio: Hi Nancy and Adam,

Enjoyed your informative article. I can truly sympathize with your recent dilemma. Two points: As someone who had their major brand name credit card number stolen-not the card itself-first, am I now at more of a risk for Identity Theft? I, of course, notified the card company and was reissued a new number and not held responsible for the stolen charges. Second, is there anything more I should have done? I did and do review the three credit reports throughout the year. Thank you. George

Nancy Trejos: Hi. Sounds like what happened to you was similar to what happened to me. I had my card number--not the card itself--stolen. I wonder if the thieves were able to get any more information on you and how they were able to get ahold of your card number. When I went to the police, I was told that I was more at risk of identity theft because the thieves, in my case, also had my address, phone number, and some other identifying information. In any case, it sounds like you did the right thing by notifying your card company. If you are really concerned about how the thieves were able to get your card number, I would also ask for a 90-day fraud alert from one of the three credit bureaus. That credit bureau will in turn contact the other two. And I would keep monitoring my credit reports in the future. There's probably no need to go as far as a security freeze, which would keep any future creditors from accessing your credit reports, but that is always an option if you are really concerned about protecting your identity. It will cost you money unless you have a police report showing that you are a victim.

_______________________

Chantilly, Va.: This was absolutely horrifying. Like you, I use(d) my debit card instead of hauling out the Visa, feeling all virtuous at keeping my debt load down. Now it looks like about the only way to be safe is to pay everything by cash and try to stay out of any kind of network at all, which just isn't feasible. Should I cut up my debit card and not use it at all?

Adam Levin: You shouldn't cut up the card. And, we are living in a world where credit is critical. So, use whatever makes you feel comfortable, just track your activity religiously and make sure that every charge you see makes sense. The second you see something that doesn't jar your memory, immediately call your bank or credit card company and ask for information.

Never forget that with all the protections in place, the ultimate guardian of the consumer is the consumer. No one has the interest in protecting you as you do.

_______________________

Lynda, California: I signed up for Equifax's Gold 3 in 1 program but I can see some gaps. I found out that they can't name and number match; they call it a split file or "sub file.". Someone can use my SSN and their name and it won't necessarily be picked up. What can I do?

Adam Levin: You are talking about synthetic identity theft - the newest and hardest evolution of the crime. There is absolutely no surefire way to protect against this. Further, there are a number of identity theft situations which may never touch your credit file (criminal, medical).

That's why credit monitoring is never enough. You need to have both credit and public records monitoring. And you need to be aware of other reports like:

CLUE (Choicepoint) relates to insurance claims filed in your name

Health insurer annual payout reports

SSA annual earnings reports

_______________________

California, Md.: I recently had my credit card number used to purchase a large amount of items from a foreign company. I also got a call from Bank of America but they did not inform me as to any personal information that the identity thief also had. How would I go about getting that information and how does one file an FTC complaint?

Nancy Trejos: You should call back Bank of America and ask them if they know exactly what type of information the thief had about you. I would also encourage you to file that FTC complaint. It's easy. Just go to www.ftc.gov. Once you have that complaint printed out, you can go to your police station and file a report. That's another good step to take because for one thing, they might be able to find the person or people who stole your card number. For another, you will have proof that you were a fraud victim in case your bank or creditors asks for it. A police report would also be required if you want to get a security freeze without having to pay for it.

_______________________

Washington, D.C.: In the past 2 years, I have received at least 4 letters from financial co's stating that my personal information may have been compromised: my mortgage companies (USAA and Citibank -which have sold my loans 3 times in 3 years), my bank (BOA); PayPal (my account was charged from online gamers in Asia); and a store charge card (DSW shoe store). All stated that my personal customer and credit card data had either been among missing tapes sent via mail, or otherwise possibily stolen or improperly accessed.

This doesn't include my husband's experiences - which are worse - or even all the spoof emails we receive daily.

Like so many, we get credit card applications and junk mail sent in my mother's, mother-in-law's, and 5 mos. old daughter's names -- despite opting-out and asking to be removed from lists.

One year, I tore the backs off every catalog and junk mail and called to ask where they got our name and to cease and desist. They were mostly third-party marketing partners with AMEX or purchased our name/address from a related company.

It just keeps multiplying and we can hardly keep up with the shredding.

What makes my blood boil is then receiving solitications to buy ID theft insurance from these same companies or outside ones, or seeing that cutesy singing FreeCreditReport.com TV commercial which is simply another racket to foist ID protection responsibility on the consumer and provide another revenue stream to a company.

You were once a consumer advocate, why in the heck should consumers be expected to purchase ID protection when it's the companies that are being reckless and irresponsible? Seems pretty obvious that cos are buttering both sides of their bread here. If you can "purchase" ID protection, then obviously companies can somewhat protect our information, so why aren't they being required to do so?!

Adam Levin: As a nation we still haven't gotten the message. I own a company which provides identity theft education and resolution to the customers, members, policyholders, students and employees of 450 institutions (over 11.4 million households representing almost 30 million consumers). Many of those institutions provide our services free. Some charge minor fees ($15-$45/year) as part of endorsements to homeowners and auto policies. Many give the services to their employees through Employee Assistance or Benefits programs.

Over the past couple of years, it is becoming clearer to consumers and businesses that a collaborative effort requires just that and identity theft resolution expenses should be borne by the institution.

As thousands of insurance companies, credit unions, employers and even some banks are now making these services available free (or at minimal cost) to those affiliated with them, you should inquire as to which institutions offer such a program free in your area.

Consumers deserve to be protected. Do business with those companies that will stand up for you - not stand on you.

_______________________

Fairfax, Va.: Can you take a minute and explain exactly why it is a very bad idea to use a debit card everywhere you shop? I never use it for online shopping, but the errands around town, groceries, lunch, doctor co-pays, gasoline, etc. that is the only way I ever pay. What is it about a debit card that makes that a bad idea? Yes -- I do check my balance about 3 times a week. Is it that the account information is somehow recoverable from the card swipe terminal? I don't get it. Please specify! thanks.

Nancy Trejos: You are less protected with a debit card than a credit card. As Adam mentioned earlier, you are liable for only up to $50 of any charges on your credit card. The same goes for a debit card--only if you notify your bank within two business days, according to the Electronic Fund Transfer Act. After that, you could lose up to $500. If you wait 60 days, you could lose it all. So if you're going to use a debit card for your everyday purchases, make sure you check your balance and account activity frequently. The other problem with a debit card is it's actually your money that you are putting out there. According to the FTC, there is a practice called "skimming," in which thieves use a special storage device when they process your debit or credit cards to keep your information.

_______________________

Alexandria, Va.: Hello, thanks for taking the time to chat. Would either of you address the effectiveness of companies like Lifelock that offer ID protection services? Do they really work or is this just false security? Thanks.

Adam Levin: I have always been uncomfortable with an organization that creates the impression they have something that can prevent identity theft. Consumers can mitigate their risk of exposure by educating themselves about the subject, enrolling in programs that can detect untoward activities in their public and credit files, freeze their files (or do fraud alerts) and engage in smart personal activities like protecting their mail, shredding, checking their accounts online, purchasing and continuously updating their anti-virus, firewall, and anti-malware software and doing business with companies that can provide restoration services in the event of a breach. I believe that while waving one's SSN in cyberspace and on TV as if it were the flag might be savvy marketing, it doesn't send a very responsible message to the American consumer.

No device can guarantee 100% protection. And, placing fraud alerts on consumers files can be done for free (why pay $10/month?). But some folks feel more comfortable having someone else do the work.

Never forget that the ultimate guardian of the consumer is the consumer.

_______________________

Upper Marlboro, Md.: There are so many companies advertising to protect your identify for a cost. What would you recommend in terms of using one of these companies. Ths one company provides a million dollar guarantee. Do these companies protect ones identity? Help

Adam Levin: I have always been uncomfortable with an organization that creates the impression they have something that can prevent identity theft. Consumers can mitigate their risk of exposure by educating themselves about the subject, enrolling in programs that can detect untoward activities in their public and credit files, freeze their files (or do fraud alerts) and engage in smart personal activities like protecting their mail, shredding, checking their accounts online, purchasing and continuously updating their anti-virus, firewall, and anti-malware software and doing business with companies that can provide restoration services in the event of a breach. I believe that while waving one's SSN in cyberspace and on TV as if it were the flag might be savvy marketing, it doesn't send a very responsible message to the American consumer.

No device can guarantee 100% protection. And, placing fraud alerts on consumers files can be done for free (why pay $10/month?). But some folks feel more comfortable having someone else do the work.

Never forget that the ultimate guardian of the consumer is the consumer.

_______________________

Philadelphia, Pa.: I'm outraged at the success of companies such as LifeLock, which make money by charging consumers to fix a problem that the credit bureaus and banks created. What's the best way to monitor your credit report with shelling out extortion money to LifeLock or other monitoring services?

Nancy Trejos: I can't comment on the pros and cons of LifeLock because I haven't looked into it enough, but if you don't want to pay for your credit reports, you are entitled to one free credit report a year from all three credit bureaus. Go to http://www.annualcreditreport.com. I would go on it three times a year and get one credit report from each bureau every four months. That way, you can get a snapshot of your credit history throughout the year.

_______________________

Millersville, Pa.: After reading your article (and printing it for my husband and grown daughters to read), plus reading all the Q&A submitted so far, it sounds like a good idea for everyone to have the Fraud Alert put on their accounts. Thoughts?

Adam Levin: Better a credit freeze than a fraud alert. Studies have demonstrated that some 30 percent of credit extenders don't necessarily pay attention to fraud alerts. Credit freezes, now available in every state - either by state law (39 + DC) or through credit reporting agencies new 50 state program, while somewhat cumbersome do give somewhat better protection. However, there are still a number of gaps.

Credit and public records monitoring and personal protective measures are important as well.

_______________________

Ogden, Utah: you left the most obvious way someone gets your information out of the story: They steal it from your wallet.

About four years ago the same thing happened to me, i got a call that my debit card was in Reno having a goodtime to the tune of $10,000 while I was home in Ogden. I'm a newspaper reporter so I was agressive in chasing the situation down myself and one very interesting thing happened.

A reno cop who specializes in this sort of theft asked me "did you go to the gym the day before?" I said I had, and he said "OK, this is what happened. Someone opened up your locker, took one card out of your wallet, took it outside to a waiting van in which he had an accomplice. They drove to Salt Lake and, while driving, the accomplice made a fake driver license with your name on it. He caught a plane to reno, went straight to a casino, bought something cheap to see if the card still worked, and then hit one of those machines that issues checks."

The thief, it turns out, was an eastern european mobster, the gang was working gyms, trailheads, anywhere in a five state area around Nevada where people lock up their wallets in lockers. The police said their job would be a LOT easier if casinos would require two forms of ID to cash checks, but they don't. Credit card companies also have very lax security that makes the thieves' jobs easier.

My $10K was eaten by my credit union and the thieves got away. Moral of the story: Always count your credit cards after going to the gym and don't use one of those cheap Master-brand locks, which can be opened very, very easily.

Adam Levin: A variation of your experience happened in Wisconsin. The result was that several members of the legislature had their personal information exposed.

You should always limit the number of debit/credit cards and documents that you carry on your person which contain financial or personal information about you.

How many folks leave too much information in the glove compartment of their vehicles? How many people carry around laptops that have unencrypted files in them?

_______________________

Rosslyn, Va.: RE: Writing Ask For ID on cards... Look on your the back of your credit cards. Most of them say "Authorized Signature - Not Valid Unless Signed", so technically, writing "Ask For ID" is not a valid signature and merchants are right not to accept it.

Adam Levin: Technically correct. In the world we live, and in light of the heavy price merchants are paying for becoming duped by id thieves, many are willing to ask for id and skip the signature requirement. It's like the old line, "If you don't ask, you don't get."

_______________________

Washington, D.C.: To echo the detective, a couple of months ago Ebay sent me a letter saying a new account had been opened up using the CC number on file in my own account. The email suggested "if this was not you who opened the account, go to this link," which was the start of an hour-long trip through support articles and two live chat sessions with someone who ultimately informed me that he could only help me with my own account, not someone else's (i.e., the one opened with my CC). He gave me a link to send an email directly to the fraud dept, who responded 2 hours later saying the new account had been closed, and I shouldn't see any charges.

(I did cancel the card, which has been replaced; and a small tip to others - when I first got the Ebay email, I did not click on its link, but instead went to Ebay and checked my messages in my account and found that the email was indeed genuine).

Here's the REAL frustrating part: Ebay would not tell me if the fraudulent account was opened with my correct address, phone number or even my name, let alone IP address or anything else that may help me to prevent a similar incident -- due to privacy policies!!! So its concern over the privacy of someone who started a fraudulent account with a stolen CC number took precedence over legitimate interests in preventing further fraud. For future reference, should I have filed a local police report in this case; does the CC company usually follow up with such incidences?

Adam Levin: Did you check your credit report after the incident. That's the best place to start.

If you think privacy policies are a bit crazy in that instance, take a look at the issues with medical identity theft.

_______________________

Buffalo, N.Y.: A cousin is putting together an extensive family history, with lots of information about people who are alive (e.g., birth and marriage dates). My brother-in-law raises the issue that all that information can easily be used in identity theft. The cousin has all this information on her home computer and is considering sending it to family members on CDs. What's the best way to compile a family history and still maintain some security?

Adam Levin: Make sure wherever the information is collected and stored, it is encrypted.

_______________________

Fairfax, Va.: Last spring I got a call from a collection agency asking to confirm if I was related to a "name" and that name was my sister. I refused to answer since I wasn't positive who was calling. After searching on the internet, I found my address listed to my sister's name and other variations like my first name, her last name(married name) tied to my current and previous addresses. I called her to ask if she ever used my SSN and she said no. I got my credit reports and her name and one of her previous addresses appeared but the credit reporting company couldn't verify how it got there. At this point in time, there are no improper financials appearing on my credit reports. I have placed fraud alerts and contacted the FTC. Also, our SSN are similar...just the last digit is different.Although that is just a brief synopsis of my situation, my question is can our names be linked (many variations of my name appear on a report a PI ran) just by our SSN being transposed (what my sister is claiming to have happened) or should I be worried that she has used my name/SSN on a financial document? Another question is if she used my name to cosign a loan, would it appear on my credit report?

Adam Levin: Transpositions as well as similar name situations can happen.

If anyone co-signs a loan the name they use can be linked to the credit history generated by the payment history tied to that loan. Just keep an eye on your credit report. Perhaps you should get a credit monitoring program just be feel a bit safer.

_______________________

St. George, Utah: I hesitate to even give my SSN to the 3 agencies that maintain a report on your credit.

Can you explain the process when your SSN is used at a store to provide credit? Does the store then give your SSN to all 3 agencies? Can they only check with one agency? Why might one agency not have all your data? How far back have the agencies collected SSNs from inquiries? Where can I find out more about this process?

Thanks.

Adam Levin: Each of the 3 agencies have educational sections.

Also, there is a wonderful new book by John Ulzheimer who spent over 13 years working first at Equifax and then FICO.

"You're Nothing But A Number." He gives quite an explanation of how the system works and how people can better manage their credit.

_______________________

Arlington, Va.: Last week, I had fradulent purchases show up on my Visa card. I was puzzled, since the card never left my wallet and the charges were made at a Walmart store in another state, 1,000 miles away. My credit card company said that my card must have been "skimmed" at some point and a fake card was created. My credit card company removed the fraudulent charges, issued me a new card number, and told me not to worry about it. My questions are: (1) Should I still file an FTC and police report in Arlington and place a fraud alert with the credit bureaus? (2) What is "skimming" and how can I prevent it? and (3) Will this impact my credit score at all? I am concerned because the old number was closed and a new number was issued. Thanks! Great article!

Nancy Trejos: You were a victim of fraud, so I would file an FTC complaint and get a police report. If anything, it helps the FTC keep track of these crimes and determine the extent of the identity theft problem. The police report will help you if you want to take some extra steps to protect yourself, such as the security freeze, which, again, keeps prospective creditors from accessing your credit report and then issuing new lines of credit.

Skimming is the theft of credit or debit card information during a legitimate transaction. The thieves use a storage device to record your information. Sometimes it's an inside job. For example, you use your card at a bar and some employee records the card number and security code. I don't think there's much you can do to prevent it. The merchants and law enforcement authorities have to do their part to make sure it doesn't happen.

And it should not impact your credit score if your credit card company acknowledges that it's fraud and reverses the charges.

_______________________

Baltimore, Md.: I don't understand why the title of the article suggests identity theft. Your identity wasn't stolen, your debit card information was. No one opened up new accounts in your name, they only tried to buy some shoes with a stolen credit card. Not a new game, and not identity theft.

Want to talk identity theft? How about someone opening a money laundring acount in your name, which then later cause all your investment accounts to be closed and liquidated. Not just my checking account, 15 years of savings, IRAs, etc.

Adam Levin: As the laws have evolved, the government has begun to blur the lines between existing account compromise and new account fraud. Both are considered identity theft (though categorized differently). While one is much more devastating than the other, one can lead to the other. Both a not good and need to be better defined and more vigorously prosecuted.

_______________________

Silver Spring, Md.: Every time I go to a new doctor the paperwork always asks for my Social Security number. Is this legal or required? I don't feel comfortable giving it out because doctor's offices have open non-locked file areas, anyone in the office or cleaning staff can access them. Generally I no longer fill this out.

Adam Levin: Excellent question. It is not required. Many simply ask for the SSN because that's what they have always done. They have your insurance card and most won't let you escape their offices without paying the bill. Therefore, leave the SSN line blank. If they demand that you provide it, demand to get a full report regarding their security procedures.

_______________________

Nancy Trejos: Thanks for all your questions. We apologize we couldn't get to them all. There were so many. This is obviously something that has touched many of you out there. We hope we were able to help.

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.

View all comments that have been posted about this article.

© 2008 Washingtonpost.Newsweek Interactive