By now you’ve heard about the recent spate of data breaches that took place over the holiday season with a number of retailers. The stories have ranged from the number of people potentially affected to a growing “blame game” between the financial services and retail industries over security. But, the media is only just beginning to touch upon the most important part of the story—your personal identification information was stolen and has probably already been sold to identity thieves.
As Fraud of the Day readers, you know why this is important: because all those identities are out there just waiting for the right criminal to come along and use them to steal government benefits or services. And, since tax season just kicked off on January 31, your federal and state tax refunds are high value targets for criminals.
Identity thieves—mostly organized criminal groups based out of Russia—are smart. They know retailers typically offer a year of free credit monitoring when a data breach becomes public. But, the criminals don’t mind because identities are like fine wine—the older they are the more valuable they are. These criminals will hold onto these identities for years for the purpose of credit card or bank fraud. They will even use data mining technology to find the most affluent identities and steal from them when the time is right. (Coincidentally, this is the same data mining technology retailers use to send you coupons and special offers based on your buying history.)
Here’s why it is so important to be focused on this during tax season. If your identity is used to file a tax return with the federal government or the 43 states that require you to file a federal return, you won’t know until you go to file for your return and find out someone has already collected your refund. You’ll never learn about Stolen Identity Refund Fraud (SIRF) from your credit report. So, even though identity thieves like to hang on to identities for a while before using them, the one exception to this rule is using the identity to steal government benefits or services—or your tax refund.
So, what can you do?
1. Demand action from Congress, the Executive Branch, state legislators and governors. Identity-based technology exists that can protect your identity. It’s time to take a fresh look at the SIRF problem and invest in new technology to solve it.
2. File your refund as early as possible. That way, you have a fighting chance of getting to your refund before the identity thieves.
3. Focus on fraud prevention. The more you do to protect your identity, the less chance you will have of being victimized. I put this into practice every day when working with the Federal Bureau of Investigation and designing check security features for my private sector clients. If you make the check difficult to counterfeit or forge, the criminal isn’t likely to try to forge your check; they are going to go to the next person who hasn’t taken all those precautions.
4. Don’t put personal identification information out on social media, or elsewhere on the Internet. Think about it, a popular social media site asks you for a host of personal information: your full name, email address, birth date (so friends can wish you happy birthday), job title and company, education and phone number. How much more information does a criminal really need to file for a tax return in your name?
When it comes to the recent data breaches, the damage is done. But, moving forward, you have a choice: criminals aren’t looking for challenges, they are looking for opportunities. If you make it easy for someone to steal from you, the chances are someone will.