ABOUT two weeks ago, I was alarmed by a phone message from my bank alerting me to some "unusual activity" on my debit card. Unusual wasn't the word. Someone had gone on a shopping spree - $556.46 and $650.81 at one store, $264.99 and $300 in charges that were pending at another - and none of it was mine.
My debit card was still in my wallet. I hadn't used it in days. The bank said thieves might have created a counterfeit card. Someone - a store clerk, waiter, whoever - could have used a card reader to harvest the information imbedded in the magnetic strip to create a fake one. The bank assured me the debit account was closed and the thieves no longer had access to my cash - but who could be sure? How much of my personal information did these thieves get?
Between bouts of tears and frantic phone calls to my bank, I became obsessed with what I might have done to prevent this.
The recent spate of data breaches was worrisome, but I never expected to become a victim. Maybe I should have. Companies like Citigroup, Bank of America, ChoicePoint and LexisNexis have lost, misplaced or otherwise exposed the personal information of tens of millions of Americans. Even the government concedes it lost records containing the Social Security numbers of more than a million employees.
UNFORTUNATELY, although there are steps you can take to protect yourself - and you should - there are no guarantees. "You cannot protect yourself completely," said Edmund Mierzwinski, consumer program director at the U.S. Public Interest Research Group in Washington. "The best thing you can do is react swiftly if it does happen."
That said, Mr. Mierzwinski endorsed the preventive measures offered by Privacy Rights Clearinghouse (www.privacyrights.org), a nonprofit consumer advocacy group, and by the Identity Theft Resource Center (www.idtheftcenter.org), also a nonprofit. Besides the standard advice to shred personal documents, following are some tips I found useful:
¶Avoid letting your cards out of your sight. Do not let store clerks take your card away on the pretext that there's a "problem."
¶Restrict the access to your personal data by signing up for the National Do Not Call Registry (www.donotcall.gov); remove your name and address from the phone book and reverse directories - and, most important, from the marketing lists of the credit bureaus to reduce credit card solicitations. The site www.optoutprescreen.com can help.
¶Consider freezing your credit report, an option available in a growing number of states. Freezing prevents anyone from opening up a new credit file in your name (a password lets you gain access to it), and it doesn't otherwise affect your credit rating.
¶Protect your home computer with a firewall, especially if you have a high-speed connection.
¶Rein in your Social Security number. Remove it from your checks, insurance cards and driver's license. Ask your bank not to use it as your identification number. Refuse to give your Social Security number to merchants, and be careful even with medical providers. The only time you are required by law to give your number, Mr. Mierzwinski said, is when a company needs it for government purposes, like tax matters, Social Security and Medicare.
¶Curtail electronic access to your bank accounts. Pay bills through snail mail. Avoid linking your checking to savings. Use a credit card for purchases rather than a debit card. Although I was able to get all $1,772.26 reimbursed, I was lucky. While individual liability for fraudulent credit card purchases is only $50, it can be higher for debit cards: up to $500 or even all the money in your account in some cases.
These and other preventive steps may help, but people really can't safeguard their money and their data on their own. Robert Douglas, the chief executive of PrivacyToday.com, a privacy advocate, believes that this is not an issue of consumer responsibility but of corporate negligence. "These companies are trying to tell people it's their fault, but the largest breaches have been within the financial services industry itself," Mr. Douglas said.
Mr. Douglas and Mr. Mierzwinski say that shredding documents is fine, but calling your state and local representatives is better. "Companies have refused to give consumers control over their financial DNA and they've refused to take responsibility for their actions," Mr. Mierzwinski said. "What will stop identity theft are stronger notification laws and stronger penalties, which we don't have now."
