The Federal Trade Commission will tell you that, if your client gets hit with a full-fledged case of identity theft, he's going to spend up to 300 hours repairing the damage. The question is ... how many of those hours will be spent by you and your staff?
"It's not my problem!" you retort. Or is it? Aren't you the same advisor who tells your clients to come to you before all their other advisors? Don't you already offer to help them with all things financial? Isn't your marketing strategy one of letting them know you'll have their financial well-being under control? If so, then how can you abandon them when ID theft strikes? You can't.
What you can do, though, is help them prevent it. Many advisors are already learning that the problem of ID theft requires a proactive strategy. But do their efforts help, and do they even understand what identity theft really is?
What Is It, Really?
When Richard Feight used his credit card at one of a hundred different places recently, someone retained his card numbers. Says Feight, an advisor with Creative Financial Design of Lansing, Mich., "The thief was using my credit card in California at gas stations and supermarkets, and I've never even been to California." Feight simply called Citibank, identified the improper charges-which added up to about $2,000-and the company took them off his bill. After 90 days, everything was straightened out.
Is this identity theft? Technically, yes, though it's really more just run-of-the-mill credit card theft. It can occur when a waiter or store clerk copies the information from your card while running a charge. (Of course, with the proliferation of cell phone cameras, they can now just take a picture of the card.) Thankfully, credit card companies routinely forgive charges by unauthorized users if one's credit card information is stolen.
In another case, Lauren Lindsay's client left her purse in her car and a thief broke in and stole it. What he found was the client's checkbooks for two banks accounts-and two bank account numbers. The thief next figured out how to sign on to the client's online bill-pay service and was poised to extract money from her accounts. Says Lindsay, who is with Personal Financial Advisors LLC in Covington, La., "Fortunately, we closed the accounts before he could pay himself anything."
But that's not where it ends. Because the client had automatic bill-paying set up with some vendors, checks were bounced during the account-closing process. Adds Lindsay, "We not only had to help our client close her old accounts and open new ones with the bill-pay feature re-enabled, we also had to work to get back some of the fees she'd paid when electronic payments from the stolen account bounced." All in all, Lindsay guesses she spent several hours a week for six weeks helping her client undo this mess.
Is this a case of identity theft? Yes. And more complicated to fix than credit card fraud.
How about Richard Feight's second ID theft attack (yes, if you believe in luck, some people definitely need more of it). We all know identities can be stolen over the Internet, but who would see this scam coming? "I was speaking with someone in a chat room," says Feight, "and they said, 'Check out my Yahoo page,' providing me with a link. I logged into [what I thought was] Yahoo with my usual user name and password, but nothing came up. Then I discovered I was locked out of my own Yahoo account."
What's going on here? The thief craftily tricked Feight into giving up his user name and password, but how would he convert that into money? "He wasn't able to," says Feight, "because I use a different user name and password for Yahoo than I do for any of my financial accounts." If that weren't the case, the thief could have visited different banking sites until he found one where Feight's user name and password opened the door. As it was, though, Feight still could have been harmed. "I keep e-mails on Yahoo with PDF attachments, such as receipts for online purchases. Potentially, the thief could have found something of value in these e-mails before I got the problem cleared up."
Most readers know this as one variation of "phishing," where a thief sends a stranger an e-mail requesting that he or she click on a link and supply confidential information. What makes Feight's case unusual is that the thief first gained his trust, and then lured him in with a promise to share something of interest, rather than what might have more commonly been an attempt to gain access to his financial accounts.
As Feight proved ... if the thieves are getting smarter, so are their intended victims. Some, that is. But unfortunately not the woman Carol Friedhoff met while conducting an identity theft presentation in Ohio this June for the Women and Money conference. "In my session, there was a young college student who had attempted to rent an apartment but was turned down," says Friedhoff, owner of Savvy Outcomes in Dublin, Ohio. "She learned someone had been using her Social Security number since she was 13. Two years after her rental attempt she was still recovering from the incident."
What's remarkable about this is that thefts involving Social Security numbers often take longer to straighten out, but also, the theft occurred when she was a child! This isn't uncommon, it turns out. This author's own daughter had her identity stolen in high school when it was discovered that the ID tags the students wore around their necks during school hours thoughtlessly displayed the kids' Social Security numbers, which the school had adopted as student ID numbers.
Now, let's take the circumstances of Friedhoff's case and make them more relevant to you. Suppose the young woman in Friedhoff's story had been a high-net-worth client for whom you were managing a trust account. You charge her 1% on $1.5 million and, for that fee, you manage her investments and just about anything else she needs-even finding her a cat sitter (don't laugh; some advisors do this and more). Who is she going to turn to when she finds out her identity has been stolen?
How Not To Prevent Identity Theft
(While Thinking You Are)
The three major U.S. credit bureaus-Experian, Equifax and TransUnion-would have you believe that monitoring your credit report is the best way to prevent ID theft. After all, if someone steals your identity and begins opening bank accounts, credit cards or-God forbid-lines of credit, that activity is going to show up on your credit report. It makes sense to monitor that report, right?
Apparently, many financial advisors think so. Jorie Barnett Johnson of Financial Futures LLC in Manasquan, N.J., recently sent an e-mail to clients exhorting them to review their credit reports annually. In every one of his financial plans, Marc Schindler of Pivot Point Advisors LLC in Bellaire, Texas, includes the following: "As a pre-emptive first line of defense against identity theft ... we recommend getting a free [credit] report every four months." And in the paper on its Web site, entitled "Identity Theft and Credit Monitoring," Pinnacle Financial Advisors LLC of Marlton, N.J., starts off with, "Obtain a free copy of your credit report from each of the three major credit reporting agencies yearly."
What's wrong with this advice? It's certainly well-intended, but does it go far enough? Not even close, says Todd Davis, founder and CEO of LifeLock (www.lifelock.com) of Tempe, Ariz., a leader in the field of ID theft prevention. Checking one's credit report periodically or subscribing to a credit report monitoring service is closing the gate after the horse has already escaped. "LifeLock differs from all other ID theft services," says Davis, "by preventing theft. Learning that your credit has been tampered with after the fact is too late," he emphasizes.
And the key to prevention is deceptively simple and effective-so effective that Davis prominently displays his Social Security number (457-55-5462) on his company's Web site for all to see. (Davis says every week or two someone tries to buy a Dell computer, or maybe 500 pounds of meat, using his credit, but they get nowhere. "The system works," he says.)
There are four steps to LifeLock's process: 1) Set up fraud alerts with the three major credit bureaus; 2) every 90 days when the alerts expire, set them up again; 3) remove your name from pre-approved credit card mailing lists; and 4) only after these three critical steps are taken do you check your free credit report. If a LifeLock client still has his identity stolen, LifeLock will cover his related losses and expenses up to $1 million-a guarantee they've had to uphold only 14 times even though they have 350,000 customers.
If these steps are so simple, you ask, why does anyone need LifeLock? They don't, says Davis, but hundreds of thousands of customers use them anyway, because how many of us-for every one of our clients-want to keep track of expiring fraud alerts and write the necessary renewal letters, much less spend time trying to get off of junk mail distribution lists? LifeLock's annual fee of $110 per adult and $25 per child is small change for anyone with accounts worth protecting, and it's more convenient to have LifeLock guarantee that these tasks will be done than to remember to do them yourself.
The Anatomy Of A Social Security Number Theft
What happens when a Social Security number is stolen? Debbie Bausch, a registered paraplanner with Clayton Financial Services Inc. in Topeka, Kan., can tell you. "A client of ours doesn't really know how he lost his Social Security number, but thinks it may have happened while in Colorado on business," says Bausch. The thief did what most identity thieves do-he used Bausch's client's name and Social Security number to open up a line of credit in another state, but put his own address on the account.
"Our client doesn't typically use his credit cards but decided to go ahead and pull his credit report anyway. By the time he discovered the line of credit, the thief had run up a balance of $22,000 and the account was in default." The client immediately followed Bausch's firm's advice to file a police report and contact the Federal Trade Commission, plus all three credit bureaus.
Although Bausch's client caught this incident early enough to preclude lengthy disentanglement efforts, this is exactly the kind of situation that causes most ID theft victims to go off the deep end. The invoices for the line of credit were going to the thief's address, hiding the existence of the credit line from Bausch's client. It could have been years before the line was discovered.
So how would the services included in LifeLock's bundle have protected Bausch's client? Very simply, the account wouldn't have been opened until the client's intention was confirmed by the bank. Yes, the thief's address was attached to the client's Social Security number on the thief's application for credit, but the client's phone number is attached to that Social Security number in credit bureau records. When a fraud alert is in effect, the bank must speak with the actual owner of the Social Security number before a new account is opened or a charge is approved.
Suppose, for example, the thief had gone to purchase a computer at Circuit City. The store clerk might ask, "Would you like to open an account with us and get 10% off your purchase?" The thief would reply in the affirmative. The store clerk would ask for the name, address and Social Security number, and the thief would provide the client's name and Social Security number and his own address. The client has a high credit score, so the credit would have been granted-unless there were a fraud alert in place.
If so, none of this would happen because the bank providing the credit line would have discovered the fraud alert during the application process and would then have telephoned the client to ask if he was opening a new credit line. The client would say "no," and the thief would have been turned away by the store clerk. If the thief were questioned by the credit bureau at the point of sale, he might be asked questions only the client would know the answers to, like, "Who's your mortgage with?" or "What address did you live at five years ago?" Either way, the thief is denied credit.
Now step back a bit, assume no fraud alerts were in place, the client had multiple credit lines opened in his name and, after several years and much time, finally succeeded in eradicating the problem. "People can clean up their mess," says Davis, "but the thief can just turn around and sell your information to someone else. I might steal your identity, sell it to 10 buyers and, a year later, sell it again." ID theft, in other words, can be a deadly virus you never get rid of.
Pre-Approved Credit Cards And Children
Let's say Bausch's client didn't have fraud alerts in place and Circuit City had granted the new credit line to the thief. That would just be the beginning, says Davis. "The store would likely grant the thief credit and, now that the stolen Social Security number is attached to the thief's address, the thief starts to get pre-approved credit card solicitations in the mail-which he responds to, accumulating even more credit."
But the real gold mine, says Davis, is getting hold of a child's Social Security number. "Thieves love using children's Social Security numbers because they can generally open an account with any name and address. The credit bureau responds saying there's no credit history and grants the request. The thief can then build up more credit lines, max them out, and the victim-a child-has no way of knowing." Thieves will break into doctors' and dentists' offices, says Davis, knowing they are likely to find files full of children's Social Security numbers.
Here's another vulnerability related to children (and adults). Do your kids, or clients' kids, have MySpace pages? Do they share music across peer-to-peer networks such as Limewire? Of course they do-those are typical online meeting places for kids.
Says Davis, "If you don't have a firewall in place, many people know how to get into your hard drive when you're using a peer-to-peer network like Limewire. Once he's in, he simply does a search for 'password' or 'log-in'" and finds anything that might enable him to tap into financial accounts. Or he might find that PDF file containing the parents' last tax return replete with Social Security numbers at the top.
Much confidential information is found as well by "dumpster diving," but, says Davis, "We see an increasing trend of thieves going after peer-to-peer networks and social networking sites since these sites have so many users." "Hmmm ... search through my victim's actual trash or hack into his hard drive-I'll take the latter," reason savvy thieves.
Other Precautions
So the fraud alert is what may ultimately save your client's hide, but there are still things he and you can do to prevent the situation from getting that far out of hand.
First, make sure clients are using firewalls. Many clients are novices when it comes to computer security. In fact, until later versions of Microsoft's XP operating system, computers were sold with no firewall in place; it was the user's responsibility to find and install a firewall such as those available for free from companies like ZoneAlarm (http://www.zonealarm.com) or Comodo (http://www.comodo.com).
Second, says Bobbie Munroe with Fraser Financial in Atlanta, have your clients opt out of pre-approved credit card offers at http://www.optoutprescreen.com. Third, follow the lead of Paul Ahern with WealthTrust Arizona in Scottsdale and conduct client seminars on ID theft prevention. "Arizona leads the nation in ID theft, so we had the attorney general's office come in and speak to two workshops packed full of clients. Arizona [like certain other states] is at the top of the list because retirees are easy targets."
Fourth, don't forget to secure mailboxes. In some communities, residents are required to have curbside mailboxes from which thieves can steal all manner of valuable documents. Advise clients to install locking mailboxes that allow anyone to insert mail, but only the key holder to remove mail.
Make sure your clients establish fraud alerts, eliminate pre-approved credit card offers and follow our other simple precautions, and your practice should never be the victim of your clients' identity theft.
An independent financial advisor since 1981, David J. Drucker, MBA, CFP®, has been an industry influential for many years. Learn about his books, public appearances, Practice Lifecycle, Virtual Office News and the annual "Technology Tools for TodayTM" Conference at http://www.DavidDrucker.com.