Online Security

Protect Your Identity

Online loans are very convenient, and, in many cases, safe, but it is important to remember to keep security in mind.

As with any transaction you complete on the Internet, loan applications involve putting trust in a site’s security—so you should always make sure that you know what you are doing with your personal information.

Some items to watch out for are scams, phishing, and identity theft. Here we’ll talk about these and how to try managing them.

Identity Theft

Identity theft occurs when someone wrongfully obtains another person’s identity for illegal purposes, according to

In 2014, 17.6 million people in the United States aged 16 and older were victims of identity theft, according to the U.S. Bureau of Justice Statistics.2

Some of the most common types of identity theft are:

  • Criminal Identity Theft: Stolen identity information is used to commit crimes and/or escape punishment.

    • Though all identity theft is a crime, this particular type refers to the crime of using someone else’s name and identifying information when cited or arrested for some other crime, according to the California Dept. of Justice.3
    • Example: A theft suspect gives someone else’s name to a police officer when questioned.
  • Medical or Benefits Identity Theft: Stolen identity information is used to access health care or other work- or government-related benefits.

    • This type of theft could result in incorrect entries in the victim’s medical history and/or credit report.
    • Example: Someone uses someone else’s health insurance number to obtain health care insurance coverage.
  • Financial Identity Theft: Stolen identity information is used to commit a crime that results in financial injury to the victim.

    • Example 1: A thief steals a credit card (or credit card information) and makes purchases under the victim’s name.
    • Example 2: A thief uses someone’s personal information (e.g. Social Security Number) to open bank accounts, credit cards, or loans in the victim’s name.

According to the U.S. Bureau of Justice, the unauthorized misuse or attempted misuse of an existing account was the most common form of identity theft, with 16.4 million victims in 2014. Of those victims an estimated 8.6 million experienced credit card fraud.2

63% of victims of identity theft did not realize that they were victims until they reviewed fraudulent charges on an account or a financial institution contacted them about suspicious activity.

How Does Identity Theft Happen?

Identity thieves have gotten better at stealing information. Their techniques range from physical theft of documents to virtual thievery through use of sophisticated technology. Thieves have become so adept that many identity-theft victims are unaware that their personal information has been stolen.

Some ways that identity thieves can wrongfully obtain your personal information include:

Stealing physical information: One of the oldest methods of identity theft is the physical theft of documents containing personal information. Attractive targets include pre-approved credit card offers and bank statements. Thieves can get this information by stealing mail or digging through trash. Shredding all sensitive documents before throwing them out will help protect you.

Stealing information when you make unsecured online purchases: Making purchases on unsecured websites may allow thieves to steal your credit card and other personal information. When prompted to enter payment information on the Internet, make sure the website’s URL starts with “https.” This indicates the site has an added level of security and protection for information transferred online.

Email phishing: A thief may contact you by email posing as a representative of your bank, and asking you to verify information such as your bank account number or personal identification number (PIN). This should make you suspicious, because banks and other financial institutions rarely initiate these types of conversations through email. If you believe the email may be legitimate, call your bank and ask instead of responding by email.

Voice phishing: Phishing for information over the phone also is common. Identity thieves who use this tactic typically ask for the same information as they do in email phishing scams. It is essential to verify that your bank or financial institution is contacting you. It is far safer to respond by hanging up and calling the bank or financial institution yourself.

Other methods of identity theft include stealing credit card information by using handheld scanners, or by illegally modifying ATMs with a faulty scanner and keypad. In the latter technique, thieves can steal debit card numbers and PINs when a victim uses an illegally modified ATM machine.

Safeguard Your Identity

Check your credit report regularly

Monitoring for signs of identity theft is just one of the reasons why it’s important for consumers to check their credit reports regularly. It’s also a good way to make sure that there are no errors on your file—errors that may be dragging down your score.

Securely dispose of material with your personal information on it

As mentioned earlier, there are many ways that thieves can obtain personal information, including the “old-fashioned way”—finding pieces of paper with your information on it. It’s just as important to dispose of your information carefully—perhaps by shredding it, for instance—in order to make sure that thieves can’t get to it.

Be safe on the computer and on the Internet

Equally important is taking steps to ensure the safety of your information on the Internet and on the computer more generally. For computer and Internet safety tips, see the General Online Safety section.

In general, it is important to keep track of who has your information at all times.

Know Your Rights

As an American citizen, you have various rights regarding identity theft. It’s good to know something about these rights in order to be an informed consumer and act appropriately if you believe that your identity has been stolen.

The point of knowing about your rights is to help you remain in control of your identity. For more information about your rights, visit the Federal Trade Commission website.

After Detecting Identity Theft

Regularly checking your credit report is a key tool for helping recognize signs of identity theft. Pay particular attention to any unfamiliar details that may be listed in the personal information section (such as your address details), in the hard inquiries section (to see if anyone has been authorizing credit checks in order to apply for a loan or credit card in your name), and in the list of accounts (in case someone has recently opened a new bank account or credit card or taken a loan in your name).

If you’ve checked your credit report and found signs that suggest that your identity has been stolen, there are certain steps you should consider taking.

File an identity theft report

First, go to the FTC website (or call the FTC) and create an Identity Theft affidavit. Second, file a report with your local police department. Together, the FTC Identity Theft Affidavit and the police report constitute an identity theft report, which can be used as proof to businesses that you have been a victim of identity theft.

Next, you may want to contact the credit-reporting agencies. According to the FTC website, these organizations have a few different protection options you can consider requesting:

Initial Fraud Alert

  • An initial fraud alert is implemented at no cost to you.
  • An initial fraud alert can be placed if you suspect identity theft.
  • This type of alert lasts for 90 days, but can be extended.
  • It can be requested from any one of the three major credit-reporting agencies. The agency you contact will then notify the other two agencies.
  • Creditors must take reasonable steps to verify anyone apply for credit in your name.
  • When you place an initial fraud alert, you are entitled to a free credit report from each of the three major credit-reporting agencies.

Extended Fraud Alert

  • You can get an extended fraud alert on your credit file if you have already created an Identity Theft Report.
  • You must send the Identity Theft Report to each credit-reporting agency (remember the Identity Theft Report consists of both the FTC Identity Theft Affidavit and the police report).
  • Potential creditors must contact you before they extend credit in your name.
  • An extended fraud alert stays in effect for seven years.
  • Your name won’t appear on marketing lists for prescreened offer of credit for five years, unless you request to be put back on the list.
  • An extended fraud alert allows you two free credit reports within 12 months from each of the three credit-reporting agencies.

Credit Freeze

  • A credit freeze allows for a more stringent control over your credit.
  • Credit freezes must be requested separately from each credit reporting agency.
  • You must unfreeze your account in order to allow anyone to access your credit report. Some companies (i.e. creditors) that you currently are doing business with may still be able to access your credit report, even if you have placed a credit freeze.
  • Availability and cost of a credit freeze may vary.

To temporarily or permanently unfreeze your account, you typically would need to contact each credit-reporting agency and use the personal identification number that you received when you requested the freeze.

One important thing to note about credit freezes is that they may not prevent misuse of your existing credit accounts, so you must continue monitoring your credit carefully. They do, however, help prevent new credit accounts from fraudulently being opened.

The availability, length, and cost of a credit freeze depend on state law. In some states, credit freezes do not expire and remain attached to your credit profile until you request their removal. Some states charge a fee, usually about $10, when you request a freeze. There may also be a fee for unfreezing an account temporarily or permanently.

General Online Safety

The first step for a consumer concerned with online safety should be to become educated about the different threats that they may face online. Two threats to be aware of are general scams, where you are defrauded by companies or individuals, and identity theft, by which your information is obtained for illegal purposes or otherwise misused (perhaps for making purchases, opening accounts, receiving credit, or other actions).

The second step is to take measures to help ensure that you’re using websites responsibly.

Some practices you may want to consider adopting to stay safe:

Computer caution

  • Be sure to get firewall and anti-virus protection for your computer.
  • Only use computers you trust when you access websites that require your personal information.
  • Avoid using public computers for websites that require personal information.

Password safety

  • Create passwords that are difficult for people or malicious computer programs to guess.
  • Don’t share your passwords with other people.
  • Don’t reuse passwords on more than one site.
  • Try to change your passwords regularly (perhaps somewhere between every 1-6 months).

Skip the shortcuts

  • Avoid using an automatic login to sites—especially when using sites that require your sensitive information, you should be careful not to use an automatic login option to bypass the login process.
  • Always log out from such sites once you’re done using them.

Look before you type

  • Never enter your information in pop-up boxes.
  • Don’t respond to suspicious emails, especially if they tell you to reply with your personal information.
  • Check to make sure that you’re only entering information into secure sites—check that the URL bar shows a green lock in the locked position when you’re on a site and the URL begins with “https://”.

Careful Credit monitoring

  • Take advantage of your credit report access rights and request the free credit reports that you are entitled to each year from each of the main credit reporting agencies.
  • Regularly review your credit report carefully for inaccuracies.
  • Contact the credit-reporting agencies promptly if you encounter any errors.

Stay alert

  • Keep up with security news—if there’s a security breach at a company, financial institution, or website that you use, you should know about it. Once you know about it, contact the company to find out whether you should take any actions in response to the breach.