BUSINESS

  safeguarding information

A Case of Taken Identity

My experience and how you can protect yourself and your patients

JASON SMITH, O.D., M.S., FORTY FORT, PA.

In September, Home Depot revealed that hackers stole 56 million credit card numbers from its stores. In August, a Russian crime ring was implicated in nabbing 1.2 billion user names and passwords and more than 500 million e-mail addresses from 420,000 websites. In July, JPMorgan Chase & Co. announced it had been the victim of a cyber attack that resulted in the theft of names, addresses, phone numbers, e-mail addresses and internal customer information from 76 million households.

Given that the Target hack, which compromised the credit card and personal information of more than 100 million customers, occurred in December 2013, it seems identity theft has fast become an epidemic.

Here, I discuss my experience as a victim of identity theft and how you can protect yourself from this crime.

Personal experience

Eight months ago, I received a call from the fraud office of Citibank. My first thought was that the individual on the phone was a scammer trying to get information from me. After I confirmed he was a legitimate employee of Citibank — I called the number he called from, and inquired about his employment with Citibank — he informed me that someone had charged $6,000 to my Citibank credit card to pay first semester tuition at the NewSchool of Architecture and Design in San Diego, Calif., and asked whether I authorized it. I told him I did not. He said I would not be charged for the $6,000, he would cancel my existing card and issue a new card to me and that Citibank would try to investigate the unauthorized charge.

Through the next three weeks, I received credit card applications from Home Depot, Dress Barn, JCPenney, Seventh Avenue, Tiger Direct, Avenue, PacSun, Sears and QVC. I discovered these credit card scams were being processed through Comenity Bank of Columbus, Ohio.

I contacted every company that wanted me to authorize a new credit card and cancelled those applications. Also, I got in touch with Comenity Bank’s fraud department to discuss potential credit card problems and to inform them I never authorized any new credit cards.

Through this process, I found out that whoever was attempting to use my identity did not have enough information to process credit information. So, while this individual could have cost me thousands of dollars, no credit card information was ever processed, meaning none of my bank accounts were at risk. That said, I sought professional credit protection to get the identity theft problem under control. After enrolling with three such companies, all negative issues with my identity were resolved.

I never did find out how the thief got my information, although I was told it was likely through hacking into my personal computer.

Protection

Identity thieves have numerous ways of obtaining your personal information. To prevent them from using your name and finances, follow these steps:

Identifying Phone Scammers

The Federal Trade Commission recommends you ask yourself the following questions when receiving a phone call from a telemarketer:

• Who’s calling… and why? Telemarketers must tell you the call is for sales, the name of the seller and what they are selling prior to their sales pitch, according to the law.

• What’s with the fast talk? Callers in a hurry who use high-pressure tactics to get you to buy whatever they’re “selling” may be hiding something. Most legitimate businesses give you time and written information about an offer before asking you to buy.

• If it’s free, why do I have to pay something? If you have to pay for something, it’s not “free.”

• Why do I have to “confirm” my account information or give it out? This often means the caller doesn’t have the information he/she claims to have, or they have your billing information and are trying to get you to say, “okay,” so they can say you approved a charge.

• What’s the time? Telemarketers can call between 8am and 9pm, as per the law. If you don’t want to receive any telemarketing calls, place your phone number on the National Do Not Call Registry (https://donotcall.gov).

1 Never carry your social security card. I realize it’s wallet size, but should you lose your wallet or it gets stolen, you risk losing your identity. In addition, never write it on your checks, and only give it out when absolutely necessary, recommends USA.gov.

2 Keep your PIN number to yourself. Refrain from sharing your PIN number with others, and never write it on the credit/debit card or on a piece of paper inside your wallet, suggests USA.gov.

3 Be mindful of roaming eyes and those who can see over your shoulder. When in a store or at a bank, always shield your credit card and PIN number with your free hand to block potential thieves.

4 Install firewalls and virus-detection software. Doing so gives your computer an excellent chance of thwarting hackers.

5 Shred personal and patient documents. Identity thieves can go through your personal garbage or the garbage of businesses to obtain useful personal information, so safeguard yourself and your patients by shredding all sensitive documents and blackening social security numbers, birthdates, insurance numbers, Medicare numbers and/or credit card information. Shredding companies often offer on-site shredding so that someone from your office can witness the shredding process.

6 Erase printer data. If your office or home printer has an internal memory drive, your personal, financial and/or medical information can fall into the wrong hands. As a result, erase the data before discarding, selling or trading any printer. If you decide to buy a new printer, make sure it has an encrypted hard drive or no hard drive with memory.

7 Obtain professional credit protection. These companies will detect problems, protect your credit and resolve any ongoing disputes or problems. Such companies include Experian, Equifax, LifeLock and TransUnion.

8 Monitor your billing and accounts. Look for unauthorized withdrawals, and keep tabs on money you are supposed to receive every month. If you can’t cash a check, even though you have sufficient funds, collection agencies or debt collectors start contacting you about purchases you never made, or medical providers or insurance companies send you bills for services you did not use, these are all red flags for identity theft. Finally, if the IRS notifies you that more than one tax return was filed in your name or that you did not report income from an employer you do not work for, you may be the victim of identity theft.

9 Monitor your credit report. If you note unfamiliar charges on your credit cards or your credit score has gone down, these are red flags for identity theft as well.

10 Keep receipts. Do this so you can be on the lookout for unauthorized transactions, recommends USA.gov.

11 Promptly collect your mail. You don’t want anyone going through your personal account and billing information. Also, if you’re going away or the office is going to be closed for one or more days, consider having the post office hold it for you.

12 Keep personal and patient information in a place you believe is safe from thieves. A safe is a good example of a safe place.

13 Don’t give personal information to anyone you don’t know. Some identity thieves are great actors who may pretend to work for legitimate companies. They sound authentic on the phone and before you know it, you have given personal information, or someone in your practice has revealed information that should be protected by Federal HIPAA laws. (See “Identifying Phone Scams,” page 53.)

Safe and sound

All eyecare professionals must have an ongoing strategy to protect vital personal, professional, patient and financial information. You may falsely believe that identity theft may never occur on your watch, but it can. It happened to me. OM

Dr. Smith is in private practice in Forty Fort, Pa. He is a prolific writer on several optometry-related topics. Send comments to optometricmanagement@gmail.com.