Protect your ID to avoid anguish of having it stolen

By Ellen Marks / Assistant Business Editor/Albuquerque Journal
PUBLISHED: Sunday, December 28, 2014 at 12:02 am

You don’t know the meaning of the word “chilling” until you visit a county jail and find out your name is on the list of inmates.

Or when you’re applying for a job, and a background check by a prospective employer shows you’ve been arrested for possessing a stolen vehicle, tampering with evidence and other felonies.

Meet Mark Medley, who’s experienced all of the above and more. He’s never been a Bernalillo County inmate nor has he ever committed any felonies.

He is, however, a victim of identity theft. He became one in 2001 when his wallet went missing after a city Summerfest event. The person who stole Medley’s identity was picked up on other, felony charges the next day and identified himself to law-enforcement authorities as Medley.

The resulting horrors unfolded over a period of months, followed by much anguish and work that marked the “long journey to clear my name,” Medley says. That included the visit to the jail, at the suggestion of an attorney, to make quick confirmation of what was going on. It also included dealing with the financial aftermath, including checks that bounced because the thief had drained Medley’s account.

Along the way, Medley successfully worked on getting legislative approval for an identity passport theft program, a statewide database for police agencies and the motor vehicles division. It documents identities that have been stolen so authorities can verify that a background check on you may turn up false information. You can also get a special driver’s license marked with a small “V” – victim of identity theft.

Medley also started a nonprofit, ID Theft Resolutions, which helps victims and gives presentations on prevention.

Of course, the problem of stolen identity has grown tremendously since Medley was struck in 2001, primarily because of an explosion of new technology. In 2013, nearly 1,500 New Mexicans reported their identity was stolen, according to the Federal Trade Commission. Nationwide, identity theft was the No. 1 type of consumer complaint filed nationwide last year.

It’s a big problem, but there are ways to minimize your risk and there is help if you become a target.

It’s also a big subject, so this week I’ll list some ways to help prevent this from happening to you. Next week, I’ll give you a step-by-step on what to do in the aftermath.

Prevention pretty much comes down to becoming more aware and more conscientious about keeping track of things. First off, know what the thieves are targeting: primarily Social Security cards; ID cards or driver’s licenses; bank cards, checkbooks, credit cards and bank statements and account numbers; wallets or purses and mail, including junk mail and email access.

Take these protective steps, according to the FTC, the state Attorney General’s Office and Medley:
•Place outgoing “snail mail” in a secure mailbox. If you don’t have a locked mailbox, pick up incoming mail as soon as possible.
•Pay close attention to billing cycles. If a bill doesn’t arrive on time, it’s possible an identity thief has stolen it. Check with creditors so you can act quickly if you suspect theft.
•Protect your Social Security number by leaving your card at home in a secure location. Do not carry it with you on a daily basis. Be very careful about giving the number out. Ask why it is needed, how it will be used and what will happen if you refuse to provide it.
•Pay close attention to your credit by ordering a free copy of your credit report yearly. It is “one of the best ways to catch identity theft,” the FTC says, because it will alert you to any fraud or errors. It will show what credit accounts have been opened in your name, how you pay your bills and so on. You are entitled, under federal law, to one free copy a year through, 1-877-322-8228. Be aware of imposter sites that will try to charge a fee or get personal details. The email listed above will take you to the only authorized source.
•Place passwords on bank, credit-card and phone accounts. Choose a password that mixes random numbers with letters – in other words, not your birthday, your dog’s name or anything else a thief could guess.
•Keep your information safe online: If you shop online frequently, consider having a separate account for your online purchases. Send out your credit-card number or other personal information over a secure connection only. You can tell that it’s secure because its address will begin with “https” (the “s” lets you know it’s a secure site) and it will have a small padlock at the bottom of the page. Also, a window should pop up telling you the website is secure. Make sure you have virus protection, and update it regularly. Use a firewall program so your computer can’t be accessed by others, especially if you have high-speed Internet, which keeps your computer connected 24 hours a day. Never download files or click on links sent to you by people you don’t know or that seem odd in any way.
•Don’t give out any personal information – over the Internet, on the phone or through the mail – unless you were the one to initiate contact or you are sure about the identity of the person or the company.
•Store private documents only in secured lockboxes.
•Shred documents that you no longer need, including credit-card applications, insurance forms, health forms and billing statements. Don’t trust your garbage can. The Better Business Bureau occasionally offers free shredding. The next “Secure Your ID Day,” will be held from 10 a.m. to noon April 18 in the BBB parking lot, 7007 Jefferson NE.

Don’t fall for a bogus email offer, supposedly from “JetBlue Airlines Advertisement,” that promises to pay you $400 if you place a decal on your car advertising the airlines. If you bite, according to the FTC, the scammers will send you a check for more than that amount and tell you to deposit it, take your $400 and wire the rest to the company that will wrap your car. “Weeks after you wire the money, which could be thousands of dollars, you find out the deposited check was a fake,” the FTC says. Because you are responsible for any check you deposit, even if it’s a fake, you must pay the bank back, the agency says.

How Being an Identity Theft VICTIM Could Land You in Jail

When ordinary people become victims of identity theft, the legal repercussions can be enormous. To make matters worse, some victims not only have to deal with financial fraud but also face the risk of being jailed for crimes they didn’t commit.

Identity thieves may perpetrate crimes while masking their true identities with the names of their victims, which may result in the wrong person becoming imprisoned. South Florida resident Erie Salgado has been worried about being arrested ever since his identity was taken a decade ago in Puerto Rico, ABC affiliate WFTV in Orlando reported.

Since then, Salgado has been suspected of being a Massachusetts-based cocaine dealer and also went to jail for the identity mix-up last fall. After Salgado spent days trying to convince law enforce authorities they had the wrong guy before he was released from jail, Sheriff Wayne Ivey gave Salgado an apology. Ivey said that the phenomena of identity theft victims spending time in jail for crimes caused by someone else is occurring more frequently.

In 2013, 13.1 million Americans became victims of identity theft, according to a recent Javelin report.

Financial, Legal Impacts

After Salgado’s identity theft incident, his wife, Betsy, said the criminal actions of the identity thief has resulted in her husband’s credit being damaged, which is a common effect of having unauthorized persons open new lines of credit without victims’ permission.

“Victims who had personal information used to open a new account or for other fraudulent purposes were more likely than victims of existing account fraud to experience financial, credit and relationship problems and severe emotional distress,” the Bureau of Justice Statistics said in a recent report.

When victims try to clear their names, they can also run into obstacles, which can result in financial costs to the victims that may take time to resolve. The BJS said more than half of identity theft victims were able to prevent problems from escalating in a day or less. But some victims who had their personal information stolen wait much longer than that. The BJS survey showed 29% of victims waited a month or more before they were able to resolve issues concerning their identity. For Salgado, his problem has continued for almost a decade (and counting).

In acknowledging the growing problem of identity theft and in an effort to help victims, the Florida Department of Law Enforcement created a program to reinforce victims’ claims of stolen identities if asked by police officers.

If you’re worried about becoming a victim of identity theft, you should monitor your bank and credit card accounts for any suspicious charges. Also, you can use a free tool like the Credit Report Card to monitor your credit scores every month. Any unexpected change in your credit score could signal identity theft and you should pull your credit reports to make sure you haven’t become a victim.
By Brett Montgomery
February 18, 2014 8:30 AM

It can happen to you. And what you can do about it…

It can happen to you. And what you can do about it…
• March 6, 2014
• Christopher Budd (Global Threat Communications)

We’ve heard the phrase “it can happen to anyone” many times in life in many different contexts. The point of the saying is to humble us and remind us that no matter how smart and careful we are, bad things can still happen to us. We’re not so smart and careful that we can control everything.
In the realm of security and privacy, it’s very easy for people to start thinking that they can prevent bad things from happening if they’re smart and careful enough. There’s a tendency to think “Oh, people get malware because they’re stupid or go to bad sites like porn” or “people’s credit cards get stolen because they used it on dangerous sites or got malware on their system.”
While I’ve never gone so far as to think these things, I certainly think of myself as a relatively savvy, sophisticated user. I’ve been in the security and privacy business for over fifteen years. I do all the best practices, I’m careful. I’ve never had malware on my system to date (touch wood). I’ve never had my credit card stolen.
That is, until a few weeks ago.
My charmed life came to an end via email from my credit card company one Friday evening. It asked, did I make a charge for $268 with an online vitamin seller in Florida? I knew I hadn’t made that charge. I checked with my wife and she hadn’t either. So that would be no, that’s not my charge.
Fortunately I was home when I got the message and so immediately logged into my online account. I verified onlincharges, e the number for their anti-fraud division and called them while I was reviewing my pending charges. I saw the charge for dinner that I had just made, that was OK. I saw a couple of other charges of mine from the past day or two, those were OK. Then I saw a charge for $4.11 at a hotel in Naples, Florida. I’ve never been to Naples, Florida in my life, so I recognized that as a problem.
After a short wait, I was connected to an anti-fraud agent. I explained that the charge they asked about wasn’t mine. I also alerted them that the $4.11 charge was false (this was most likely a test charge to see if the card was still active). I told her that the other charges were valid. She denied the invalid charges, kept the valid ones and then we went through the process of cancelling that card and reissuing it.
Over the next couple of days I took time to do full security scans on all my systems that I use for online banking (they came up clean). I checked my other credit card statements for any unauthorized activity (no issues there). I’ve mentioned before that I have a real-time identity-theft and credit monitoring service: I was very happy to have that because that gave me confidence that nothing else had happened yet. I contacted my service and put a credit watch in place to thwart any possible future attempts to open unauthorized credit cards. I checked my credit report to make sure nothing slipped through and was opened without my knowing (nothing was).
Once I was done with all of that I then moved out of alert mode into watch mode and have been watching my statements closely to see if there’s any other unauthorized activity. So far, though, there hasn’t. I’ll keep watching closely like this for a few weeks yet.
So there’s the obvious question: how did this happen? None of the obvious means of loss apply to me here. I’ve never lost possession of my card save for at restaurants when you have to give it for them to run the check. So how this card was stolen is a mystery. Most likely the data was lost or stolen through issues with a back-end processor or a retailer.
And that’s really the point of this article. In this era of Target-type data breaches, the simple fact is that now more than ever these things really can happen to anyone. You can do all the right things and still fall victim because someone else isn’t doing the right thing. And this means you have to be prepared for bad things to happen unexpectedly, despite your best efforts.
To help you in case something like this should happen to you, here are ten tips on what to do to better protect yourself in case something like this happens to you and help you recover as quickly as possible.
Before an incident
1. Make sure all of your computers and mobile devices that you use for online banking and finance are fully up to date for security updates and signatures (and don’t use Windows XP after April 2014).
2. Make sure all of your systems that you use for online banking and finance run mature security packages when they can.
3. If your credit card company offers an alerting service for suspicious charges, sign up for it.
4. Consider enrolling in a real-time identity-theft and credit monitoring service.

If an incident occurs
1. If contacted by your credit card company about a suspicious charge, respond to it immediately. Make sure you verify the phone number they are calling from either on your card or on the card issuer’s website.
2. Work with your credit card company to review all charges and cancel and replace the card right away.
3. Do a full security scan of all systems you use for online banking and finance.
4. Consider putting a credit alert in place to help prevent new accounts being opened in your name.
5. Review your credit report.
6. Review all of your credit card statements. Consider doing so on a daily or near daily basis after the event. Also consider verifying by reviewing your paper statements (some malware can alter online statements to hide malicious activity).

New Mexico State Victim Resources:

Attorney General
Phone: (505) 827-6000

ID Theft Resolutions
Nonprofit 501(c)(3) organization committed to (1) educating the general public, public officials, and legislators about the challenges presented by identity theft; (2) providing effective steps for how to prevent and respond; and (3) helping victims recover their identity and protect their credit. Services include free assistance to help victims, a free family prevention checkup, and a no-cost mini-workshop for small businesses and their employees.
PO Box 10243, Albuquerque, NM 87184-0243
Phone: (888) 484-9118
Agencies that offer assistance to IDT victims:
New Mexico Legal Aid
Program Phone: (505) 243-7871
Legal Assistance: (505) 243-7871

Online Forms for Victims of Identity Theft
Security Freeze Law:
All consumers are permitted to place a security freeze on their credit reports. A security freeze prohibits, with certain specific exceptions, the credit reporting agency from releasing the consumer’s credit report or any information from it without the express authorization of the consumer. This prevents a credit file from being shared with potential creditors, blocking new accounts from being opened. To obtain a security freeze, consumers must send a credit reporting agency a written request by certified mail, provide proper identification and pay a fee, if applicable.
The credit reporting agencies are permitted to charge a fee of $10 for the placement of a security freeze, $5 for the release of a credit report to a specific person or for a specific period of time, and $5 to remove the freeze. However, there is no charge for victims of identity theft who provide a copy of a police report and for people 65 years of age or older.
Credit reporting agencies must place the freeze within three business days of receiving the request, and within five days, must provide the consumer with written confirmation of the freeze and a unique personal identification number, password or similar device to be used by the consumer when providing authorization for the release of the consumer’s credit report to a specific person or for a specific period of time or for permanent removal of the freeze. Requests for a temporary unlocking of the freeze must be completed within three business days. However, temporary unlocking must be completed within 15 minutes after the consumer’s request is received through an electronic contact method or by telephone, during normal business hours
Statute: §56-3A1 though 6:
Mandatory Police Report Law for Identity Theft Victims:
When a law enforcement officer interviews an alleged identity theft victim, the law enforcement officer shall make a written report of the information provided by the victim and by witnesses on appropriate forms provided by the attorney general. A copy of the police report shall be filed with the office of the attorney general.”
Chapter 29 NMSA 1978:

Identity Theft Passport Law:
A. The attorney general, in cooperation with the department of public safety and the motor vehicle division of the taxation and revenue department, shall issue an identity theft passport to a person who claims to be a victim of identity theft pursuant to Section 30-16-24.1 NMSA 1978 and who provides to the attorney general: (1) a certified copy of a court order obtained pursuant to Section 5 [31-26-16 NMSA 1978] of this 2009 act or a full set of fingerprints; (2) a driver’s license or other government-issued identification or record; and (3) other information as required by the attorney general.
B. An identity theft passport shall contain a picture of the person to whom it was issued and other information as the attorney general deems appropriate.
C. The attorney general may enter into a memorandum of understanding with the motor vehicle division of the taxation and revenue department for the development and issuance of a secure form of identity theft passport. When an identity theft passport is issued, the motor vehicle division shall note on the person’s driver record that an identity theft passport has been issued.
D. An identify [identity] theft passport shall be accepted as evidence of identity by law enforcement officers and others who may challenge the person’s identity.
E. The attorney general shall maintain a database of identity theft victims who have reported to a law enforcement agency or have been issued an identity theft passport. The attorney general may provide access to the database only to criminal justice agencies. For purposes of identification and authentication, the attorney general may allow access to specific information about a person who has become a victim of identity theft to that person or to that person’s authorized representative.
F. The attorney general shall keep on file each application for an identity theft passport and each police report of identity theft submitted by a law enforcement agency.
G. The attorney general shall prepare and make available to local law enforcement agencies and to the general public an information packet that includes information on how to prevent and stop identity theft.

Section 31-26-15 – Identity theft passport; database.

Identity Theft Laws:
Theft of identity consists of willfully obtaining, recording, or transferring personal identifying information of another person without the authorization or consent of that person and with the intent to defraud that person or another. “Personal identifying information” is defined as information that alone or in conjunction with other information identifies a person, including the person’s name, address, telephone number, driver’s license number, Social Security number, place of employment, maiden name of the person’s mother, demand deposit account number, checking or savings account number, credit card or debit card number, personal identification number, passwords or any other numbers or information that can be used to access a person’s financial resources. Theft of identity is a fourth class felony, punishable by eighteen months in jail and/or a fine up to $5,000.
Statute: §30-16-24.1:

Other Related Laws:
In addition to any other punishment, a person found guilty of theft by identity or of obtaining identity by electronic fraud will be ordered to make restitution for any financial loss sustained by a person injured as the direct result of the offense. In addition to out-of-pocket costs, restitution may include payment for costs, including attorney fees, incurred by the victim in clearing his/her credit history or credit rating, or costs incurred in connection with a civil or administrative proceeding to satisfy a debt, lien, judgment, or other obligation.
Statute: §30-16-24.1:

State law prohibits phishing, a form of identity theft when someone sends an e-mail that looks official but is used to trick the recipient into giving away personal information that can be used to access a person’s financial accounts or obtain goods and services. The law covers obtaining identity by electronic fraud, which consists of knowingly and willfully soliciting, requesting, or taking any action by means of a fraudulent electronic communication with intent to obtain the personal identifying information of another. It prohibits a person from sending emails that falsely represent another legitimate business and prohibits linking or sending the email recipient to a false Web page in order to collect identifying information. It is also unlawful to obtain identifying information from the e-mail recipient, directly or indirectly, for activities the recipient thinks is valid. Obtaining identity by electronic fraud is a fourth class felony, punishable by eighteen months in jail and/or a fine up to $5,000.
Statute: §30-16-24.1:
Theft of identity and obtaining identity by electronic fraud are considered to have been committed in the county where the person whose identifying information was appropriated, obtained or sought resided at the time of the offense; or the county in which any part of the offense took place, regardless of whether the defendant was ever actually present in the county.
Statute: §30-16-24.1:

Payment Cards
Fraudulent use of a credit card consists of a person obtaining anything of value, with intent to defraud, by using a credit card obtained fraudulently or an invalid, expired, or revoked credit card; by fraudulently representing himself as the cardholder, or by having a credit card issued in the name of another person without the consent of the original cardholder. Punishment depends on the value of the property or service obtained with the card. It ranges from a petty misdemeanor if the value is less than $250 in a six-month period; a misdemeanor if between $250 and $500, a fourth degree felony if between $500 and $2500, a third degree felony if between $2500, and $20,000, and a second-degree felony if above $20,000.

Statute: §30-16-33:

Anyone, other than the issuers, who possesses, receives, sells or transfers four or more credit cards, issued in a name or names other than his own is guilty of a third degree felony, punishable by three years in jail and/or a fine of up to $5000.
Statute: §30-16-30:

Social Security Numbers
State law restricts the public disclosure of Social Security numbers (SSNs) in order to prevent identity theft. It prohibits businesses from making the complete number available to the general public, including intentionally communicating a SSN to the general public or printing a SSN on a receipt issued for the purchase of products or services, including receipts for purchases of services from the state or its political subdivisions. It prevents businesses from printing a SSN on any card or material mailed to an individual unless required by federal law. It also prohibits companies from requiring a consumer to transmit a SSN over the Internet, unless the connection is secure or the SSN is encrypted, and from requiring an individual to use his/her SSN to access the Web site, unless a password or unique personal identification number or other authentication device is also required to access the site.
Statute: § 57-12B-1 through 4: