Cyber Crime

Five Tips For Dealing With The Capital One Breach

A pro-active approach to managing your credit going forward

A public service from WalletHub, the free-credit-score website. Reprinted with permission. Visit here.

In the aftermath of Capital One’s announcement on Monday that roughly 100 million credit card applications had been compromised in a data breach, exposing an estimated 77,000 bank account numbers and 140,000 Social Security numbers, many consumers likely have questions and concerns for their own wallets. With that in mind, the free-credit-score website WalletHub has some tips for how potential victims can keep their financial info safe.

You can check them out below, followed by additional commentary from WalletHub CEO Odysseas Papadimitriou, formerly a senior director at Capital One.

Dealing With A Credit Breach

Sign up for 24/7 credit monitoring
This way, you’ll find out immediately if someone tries to open an account in your name. (WalletHub, for example, offers free 24/7 monitoring of your TransUnion credit report.)

Enable Two-Factor Authentication
Capital One was hacked, but your cell phone wasn’t. So use it as another layer of protection when logging into your email account and financial websites.

A Freeze Is Better Than an Alert
It probably isn’t necessary in this case, but if you really want to protect yourself from fraudulent borrowing, freeze your three major credit reports (Equifax, Experian and TransUnion). This will prevent anyone but you from accessing them, thus making it impossible to take out a loan or line of credit. A fraud alert, in contrast, doesn’t actually do much.

Suppress Fraudulent Info
While you can dispute run-of-the-mill credit report inaccuracies, it’s best to use a process called “suppression” / “blocking” to get rid of negative info resulting from identity theft. In short, this makes it so the records in question can’t make reappearance after they’re initially removed.

Never Respond to Unsolicited Requests for Information
Don’t be surprised if you see an uptick in unsolicited calls and emails requesting personal information. Just remember: Never answer if you didn’t ask to be contacted.

For more advice, check out WalletHub’s identity theft guide as well as the steps you should take if your identity is stolen.

Q&A with WalletHub CEO Odysseas Papadimitriou

Does this mean it’s not safe to apply for a Capital One credit card?
“I don’t believe that people should avoid applying for Capital One credit cards because of this breach. Pretty much any other big company could easily be in Capital One’s shoes right now, as they’re all under digital fire from hackers. You actually have to give Capital One some credit for how they’ve handled the issue thus far. They assisted in the swift apprehension of the perpetrator and were transparent in their announcement. Capital One has been among the most technologically sophisticated credit card companies for years, and you can bet they will double down on making this type of breach as unlikely as possible in the future. Given that, and the fact that Capital One credit cards are some of the best on the market, there’s no need for consumers to stay away.”

How worried should recent Capital One credit card applicants be?
“Recent Capital One credit card applicants should certainly be more worried than usual, and especially vigilant, following the company’s data breach. But the bottom line is that most people’s personal information has probably already been stolen at least once, considering the many big data breaches that have occurred in recent years. So we should all be worried, and we should all sign up for free 24/7 credit monitoring, set up two-factor authentication, and review our credit card and bank statements closely.”

While you can dispute run-of-the-mill credit report inaccuracies, it’s best to use a process called “suppression” / “blocking” to get rid of negative info resulting from identity theft. In short, this makes it so the records in question can’t make reappearance after they’re initially remove...

What explains Social Security numbers being stolen from business credit card applications?
“Some people may find it curious that the roughly 144,000 Social Security numbers stolen in Capital One’s data breach were from applications for business credit cards. But that’s actually standard. Nearly all small business credit cards require applicants to list their Social Security number. The reason is that most small businesses are an extension of their owner’s personal finances, and applicants generally have more personal credit history to evaluate. Business owners are also held personally liable for business credit card balances. ”

Excerpts from WalletHub’s ‘Identity Theft: What It Is, How It Happens & the Best Protection’

How Does Identity Theft Happen?
“The human imagination and creativity are endless when it comes to stealing things,” says Peter Keane, dean emeritus and professor at the Golden Gate University College of Law. In other words, while the following list represents the most common means that criminals use to gain access to victims’ personal information, according to the FTC, it’s certainly not exhaustive.

Your Trash: Dumpster divers may be able to piece together enough information from old bills, financial statements, etc. to get your name, address, account number, bank name, etc. They can then use this information to open new accounts in your name or even assume your identity entirely.

Your Mail: By stealing your mail, criminals may be able to take advantage of a pre-approved credit card offer, open account in your name, and go on a spending spree.

Phishing: We’ve all received those e-mails from phony financial institutions asking that you provide certain information for their records or from friends asking for help out of a financial pickle. That’s phishing in action. More specifically, cyber criminals try to deceive unsuspecting consumers into opening and/or responding to e-mails designed to capture your personal information for fraudulent purposes.

Skimming: Thieves are sometimes able to manipulate credit card processing machines and ATMs by inserting a device that captures the account information of whoever uses it.

Straightforward Theft: Less sophisticated criminals make take a smash-and-grab approach to identity theft, stealing purses, pickpocketing people in crowded places, or even stealing personnel records from companies.

Conning: Anyone who has ever called a bank or retailer’s customer service number knows that you must go through certain steps to verify your identity before the person on the other end will discuss the particulars of your account. Smooth-talking criminals can sometimes charm or explain their way around these safeguards and get the company representative to provide them with the information needed to fill out financial account applications, a change-of-address form, or the paperwork needed to get a replacement driver’s license in your name.

Address Manipulation: While you have to “verify” your identity when you change your address by providing a valid credit card or debit card that the USPS will charge $1 to as a test, that’s not an insurmountable task for identity thieves who already have access to one of your credit cards or debit cards. They might therefore be able to divert your mail and gain access to other aspects of your life.