State PIRG Main Consumer Page U.S. PIRG Home Page State PIRGs Home Page State Model Consumer Laws Updated 20 Nov 2004

Credit Report and Identity Theft Pages Home

1) Prevent ID Theft Page

2) Clean Up ID Theft Page

3) All About Bureaus and Credit Reports Page

State Model Law Page



What Is Identity Theft?

Identity theft is the crime of stealing an individual’s personal identifying information for the purpose of committing fraud or theft.  According to a Federal Trade Commission (FTC) survey, the most common types of identity theft are credit card fraud, utility fraud, bank fraud, employment-related fraud, government document or benefit fraud, and loan fraud.  While it may be impossible to completely prevent identity theft and it may not be worth it to take every possible preventative step, this page describes some reasonable low cost or no-cost steps to reduce your risk.

Identity Theft: The Crime of the New Millennium

Identity theft is one of the fastest growing crimes in the United States.  A recent FTC survey reported that, between 1998 and 2003, 27.3 million Americans were victims of identity theft.  During 2003, over half a million Americans filed complaints of consumer fraud and identity theft with the FTC. Approximately 42 percent of all complaints filed were in regard to identity theft.  The FTC estimates that ten million Americans were victims of identity theft in 2003.

Costs to Consumers

Fraud costs consumers almost half a billion dollars annually.  According to a major report by CALPIRG and the Privacy Rights Clearinghouse, the average consumer spends 175 hours and $808 “out-of-pocket” to remedy identity theft.  In total, this crime drains the economy of over $50 billion annually, and some of that cost is borne directly by consumers. 

Even if the theft is discovered, consumers may continue to experience negative effects, such as increased insurance or credit card fees, higher interest rates, and persistent collection agencies that refuse to clear false records.   Furthermore, the emotional and psychological impact suffered by identity theft victims cannot be understated.  They must struggle for months or even years to restore their good name.

You can find out more about federal identity theft and fraud statistics, broken down by state and city, by going here to the Federal Trade Commission’s ID Theft Clearinghouse Back to Top


Check Up On The Credit Bureaus. Get Your Free Credit Report.

See PIRG's main Credit Report and Identity Theft page for the details on how to get free credit reports on request or go directly to, how to get free credit reports after credit denial or for other reasons. Check your credit card for fraudulent accounts. If you suspect identity theft, you are eligible for additional free reports.


Protect Your Social Security Number and Your Personal Information

Limit exposure of your Social Security number by giving it only when it is absolutely necessary.  Look in your wallet-- see if it is printed on any identifying cards. Get those cards changed, especially your drivers' license if it still has a Social Security Number on it. Do not ask your financial institutions to print your SSN or drivers' license number on your personal checks. Saving time at checkout isn't worth the increased risk of id theft.  In fact, why print any details on your checks? If a business requests your SSN for check cashing purposes, ask to use another type of identifying information. Urge universities and other schools, employers, health clubs, video clubs and other organizations not to use Social Security Numbers on your ID or membership cards. If they do, ask to use an alternate identifier.

The FTC advises consumers not to give personal information, like bank account numbers and Social Security Numbers, over the phone, through the mail, or on the Internet to individuals or businesses, unless the consumer has initiated the contact or is certain of the business’s trustworthiness. 

When Giving Out Your Social Security Number Gains Privacy

When you contact the credit bureaus to obtain your credit report, or to “opt-out” of receiving so-called credit and insurance offers (see below), the bureaus ask for your Social Security Number. In this case, if you are sure you have reached the bureaus (and aren’t a victim of a “phishing scam,” we do recommend giving out your Social Security Number. After all, the credit bureaus already have it and are using it to verify your identity. Obtaining your credit report or opting out of credit and insurance offers are two ways to increase your privacy. PIRG will continue to lobby the FTC to urge that the bureaus be prohibited from using the SSN as a unique identifier. It’s not a good one: it is too easy to obtain because too many firms and agencies use it. The FTC is currently considering improving opt-out notices. Back to Top


Identity Theft in the Workplace

According to a 2002 report by the credit bureau Trans Union, theft of business records is the number one source of identity theft.  The FTC reports that 90 percent of business record theft involves stealing payroll or employment records.  In addition, there are reported cases of thieves obtaining employment in small businesses such as doctors’ offices to gain access to, or “harvest,” patient or customer records.

Employees should ask what policies are in place to protect their personal information.  Privacy policies should:

·                    Prohibit the use of SSNs as an identifier.

·                    Restrict access to employees’ and customers’ personal information. 

·                    Detail basic security precautions, such as locking storage areas where sensitive information is kept, using passwords to access personal information, and training employees who handle sensitive information.

·                    Guard against identity theft by employees of third-party vendors, like temporary or contract workers.

·                    Require destruction of personal information once it is no longer needed.  Back to Top


Be Careful Online 

In recent years, identity thieves have been using the Internet to perpetrate their crimes.  In 2003, 55 percent of consumer fraud complaints reported to the FTC were Internet-related, accounting for $200 million in losses. 

There are several steps you can take to protect yourself.  First, do not download or open files from strangers; opening a file could expose your computer system to a virus that allows strangers to access your personal information.  Second, use a “firewall” for high-speed Internet connections, and use a secure browser that encrypts, or scrambles, information you send over the Internet.  Finally, if you are making purchases online, use a credit card, not a debit card.  Credit cards provide more consumer protection and less liability in the event of theft.  Back to Top


Phishing’s The Name; Scamming’s The Game

Beware of a new type of scam known as “phishing.”  In these scenarios, thieves set up look-alike websites of legitimate businesses and trick consumers into entering their personal information by sending them e-mail messages that warn them that their account is about to expire.  Never “click-through” an e-mail link in a message purporting to be from your bank to get to your supposed bank or other financial institution’s security department to verify your account.

Remember that phishing scams are extremely sophisticated. When you click through, the outer “frame” of the site you are taken to looks very professional for one reason—it may actually be (not simply appear to be) your bank’s site, but the trick is this: data entry box where you type your confidential information is not. Instead, it transports your information to the scammer’s computer, often in another country. Don’t fall for it!

Consumer groups suggest that if you get an e-mail message requesting your account information, or other personal information, you should call the business at its published phone number – look on the back of your credit card or at your statement. Or, separately  log onto the business’ website by typing its known address yourself,  not by clicking the bogus link in the e-mail message.

 Back to Top


Read Website Privacy Policies:

A website’s privacy policy should address the following:

·                    How and why is personal information being collected? 

·                    How is the information used?  Is it for a purpose other than that for which it was provided? 

·                    Is encryption used when transmitting information?

·                    Do you have the option of prohibiting any secondary use or of not providing any personal information? 

·                    If you must provide personal information, can you access and correct it, and how long will it be stored?

·                    How can you bring a complaint?  Back to Top


Watch Out For Debit Cards and Don’t Use Them On The Internet

A debit card is an enhanced ATM card. It can be used in an ATM machine with a secret secure PIN, but it can also be used at merchants, with or without a PIN. When you use it without a PIN, you run a greater risk of fraud. Remember, debit card fraud, even if ultimately reimbursed by your bank, often involves the thief vacuuming out your bank account (and sometimes your attached overdraft line of credit). So, even if your bank makes good, you will face hassles, such as other checks bouncing.

PIRG strongly recommends using credit cards, not debit cards, in Internet transactions.  (Even then, if you don’t feel right about a transaction, find another merchant!) Your liability when you use a credit card is clearly limited by law to only $50, and rarely do you even pay this in fraud situations. Plus, when you use a credit card, you have the legal right to dispute with you’re your credit card company payment for items that do not arrive, arrive damaged, or do not work as promised.

Your legal rights when you use a debit card are less. Debit cards are governed by the weaker"Electronic Funds Transfer Act," while credit cards by the stronger Truth In Lending Act. Although PIRG believes all plastic cards should give you the same rights (debit rights should be upgraded), that is not the case in law.

Although debit cards may be more convenient than other types of payment, consumers should be cautious when using them.  Debit cards are legally riskier than traditional ATM cards or credit cards.  Banks may claim to give equal rights to debit cards, but that is by contract and policy, not by law. While you are only liable for $50 if your credit card is used fraudulently, you may be liable for $500 or more (all the money in your account plus your overdraft line) if your debit card is misused.  Furthermore, laws regulating credit cards offer consumers protection if the goods they order are defective or don’t arrive; these protections aren’t available if you use a debit card.  Visa and Mastercard claim to require that their card-issuing banks offer greater debit card protection in SOME circumstances, but remember, even if they honor their promise, you are still going to face the hassle of getting your own money back after your checking account is vacuumed out.

It is best not to use a debit card at all.  You can tell your bank not to issue a debit card for your account. Ask for a plain old, PIN-only, ATM card.

If you do use a debit card, make sure you always keep it in your possession.  If your ATM or debit card has been stolen or misused, report it immediately to your bank branch and request a fraud affidavit.  Obtain a new card, account number, and password.

Another problem with debit cards is that some merchants-- gas stations, restaurants, hotels, car rental agencies) often place estimated “blocks” on cards that sometimes aren’t cleared properly or promptly. Since these blocks are generally larger than the actual transaction, consumers may bounce checks inadvertently. For example, gas stations presume everyone drives a tractor-trailer truck, or at least an SUV, and block $50-100 or more even if you only buy $10 worth of gas. The transaction may not clear for several days-- it is not instantaneous. Hotels may block for several extra days, plus estimated use of the "mini-bar" and telephone, and don't unblock until after you settle up. A car rental firm may choose to block the value of the deductible on your car rental insurance ($500-1000 or more). These blocks are not adequately disclosed nor are they removed promptly, and some banks will bounce other checks and transactions against blocked funds. Here’s more PIRG information about debit card rights. Back to Top


Credit Cards

Limit the number of credit cards you carry every day. 

Keep a list of your credit card and bank accounts in a secure place that can be easily accessed in case you are a victim of theft.  Include account numbers, expiration dates, and telephone numbers of customer service and fraud departments.  Do not carry this list in your wallet, and if you store it on a handheld computer, make sure the information is encrypted. 

If you are expecting a new or reissued credit card, contact the issuer if the card does not arrive when you expect it.

You have the right to cancel inactive credit cards.  If you no longer receive regular monthly statements because you do not use a card with a zero balance, you may not notice unusual or fraudulent activity until it is too late.

For more information and helpful tips to avoid the credit card debt trap, where you run up massive balances at high interest rates, see PIRG’s Truth About Credit Pages. Back to Top


Keeping Track of Financial Accounts

Reconcile your check, credit card, and other account statements on a regular basis and notify businesses or banks of any mistakes.  Review your utility and subscription bills to make sure any charges are yours.  Make a list of your bills and the approximate time of month you receive them.  If you do not receive billing statements, notify the company immediately.

Personal Documents

A number of states require credit card number truncation on receipts. In a few years, it will be required everywhere. But it still makes sense, especially if you travel, to use common sense: After making transactions at an ATM or business, take your credit card, debit card, and ATM receipts.  Do not dispose of these receipts or any documents with personal identifying information in public receptacles.  “Dumpster divers” may use your information to order credit cards or gain access to your bank account. 

When you order new personal checks, pick them up at the bank rather than having them sent to your home.  When you close a checking account, destroy all of the checks immediately. Back to Top


Opt-Out-- Stop Receiving Solicitations

An effective way to protect yourself from fraud, and to reduce the amount of junk mail you receive, is to opt out of junk mail.  If it is not discarded properly, junk mail can be a source of personal information for thieves.  Likewise, telemarketers may ask for personal information that could be used fraudulently.  

To stop receiving pre-approved credit or insurance solicitations derived from credit reports, you can “opt-out” for five years or permanently.  Listen carefully for the “opt-out permanently” option when you call – you’ll need to receive and sign a notice of election sent through the mail.  Contact the credit bureaus’ joint notification system at 1-888-5-OPTOUT or 1-888-567-8688.

To discontinue non-credit offers generated by lists kept by the major credit bureaus, write to each.

  • Experian: Consumer Opt-Out, 701 Experian Parkway, Allen, TX 75013
  • Equifax: Options, P.O. Box 740123, Atlanta, GA 30374
  • TransUnion: Marketing List Opt Out, P.O. Box 97328, Jackson, MS 39288

To be removed from mail, e-mail, and telephone marketing lists, visit the Direct Marketing Association website.

The Federal Do-Not-Call List: 888-382-1222 (TTY 866-290-4236)..

To protect your mail, install a lockable mailbox.  If you are going on vacation, have your mail held at your local Post Office, or picked up by a person you trust.  When mailing, use a USPS mailbox. Back to Top


Should You Subscribe To Credit Monitoring Services?
No. When you seek to obtain your free report by law, you will be offered the "opportunity" to instead purchase a credit monitoring service that allows you multiple copies of your report or perhaps other bells and whistles, such as email notification anytime there is a "ding" to your report. PIRG believes that federal law provides you with adequate opportunities to obtain your credit report for free. Don't pay extra for a credit monitoring service. We are disappointed that the credit bureaus use scare tactics to sell these products ("Your report could be full of mistakes!" "You could be a victim of identity theft!") even though their sloppy practices are the real problem that has led to the ID theft epidemic.

Should You Buy Identity Theft Insurance?
Probably not. PIRG believes that insurance should be designed and priced to prevent certain serious risks. Identity theft insurance doesn't meet that test. However, some consumers may gain peace of mind by purchasing a low-cost ($25 or so) add-on rider to their reputable homeowners' insurance or tenant insurance policy for identity theft. PIRG has no information, at this time, about positive or negative experiences with identity theft policies-- please let us know.


Warning Signs of Identity Theft May Include The Following:
Phone calls from your bank's security department asking about purchases you did not make, phone calls from debt collectors about debts you do not owe, your card being rejected in a merchant transaction, the appearance of odd accounts on your credit report, receiving bills for accounts you did not open, etc. If you have any suspicion that any odd occurrence -- one of these or something else that doesn't smell right -- contact the credit bureaus and exercise your rights!

Identity theft can strike anyone at anytime. Did you do all this and were you still victimized? Go to PIRG's Cleaning Up Identity Theft Pages
Return To PIRG's Main Credit Reporting and Identity Theft Pages