How to protect yourself from identity theft

Identity theft is a relatively modern problem. In some ways, it has become more difficult to have your identity stolen but in others, it has become easier. Protecting yourself against identity theft should be a proactive practice, and blockchain technology can help. In this article, we will outline the most common types of identity theft and how you can protect yourself against them

What is identity theft?

The first step in preventing identity theft is understanding what that means and being able to recognize it. Identity theft (also known as identity fraud by law enforcement) is defined as all crimes against individuals where personal and/or financial information is obtained illegally by using fraud or deception. The most common motivation for identity theft is financial gain.

Once someone steals your identity, they can do a number of things:

• Withdraw money from your bank account
• Apply for loans or credit cards under your name
• Use your health insurance to obtain medical care
• Steal your tax refund by using your Social Security number (SSN)
• Sell your information to other criminals
• Impersonate you online (also called catfishing)
• Commit criminal activities under your identity (ex. terrorist activities, murder, etc)

Identity theft is illegal in most of the world, usually punishable by jail time and/or fines. If identity theft is used to conduct criminal activity, the punishment is usually heavier. The majority of identity theft affects consumers, with the most common being credit card fraud according to the Federal Trade Commission (FTC).

Signs that your identity has been stolen

Once someone has stolen your identity, the signs are usually easy to spot. Most of us, at some point, have received a call from our bank asking about suspicious transactions, but there are other signs to look for.

• You stop receiving household bills. This can be an indicator that someone has taken your information and used it to change your billing address. If this happens, it’s best to call your utility providers and put a password on your account for any future changes.

• You are rejected for a loan or line of credit. If you have a good credit history and are suddenly rejected, this could be a sign that your identity has been compromised. Additionally, if you are approved but with higher interest rates, this can be another sign of identity theft.

• You receive bills for medical services you did not use. While identity theft for medical services is less common, it does occur. If it does happen to you, you should get in touch with the hospital that billed you for the services. Also keep an eye out for being rejected by a health insurance provider for a condition you don’t have, or your healthcare provider rejecting your claim because you have already reached your benefits limit.

• You are billed for purchases you didn’t buy. This is probably the most common form of identity theft. Most banks will give you a call if they see suspicious transactions, but you can be proactive by regularly checking your own accounts.

• Your tax return is denied. If you receive a rejection letter from the IRS (or your country’s equivalent) after filing your tax return, this could mean that someone else has filed a return under your name.

• “Test charges” show up on your credit card statements. Some criminals will make small charges, usually under $5, to make sure the card is still active. If these transactions go through, then the thief knows that they can make larger transactions.

• You receive calls from debt collectors for debt that doesn’t belong to you. This is a sure sign that someone has stolen your identity.

• You receive a notification that a company you work for or have an account with has been hacked. Usually, the company in question will let you know what steps you will need to take, or if you simply need to update your password. Either way, it’s a good idea to change your passwords anyhow and monitor your credit card transactions if necessary.
• You get a court summons in the mail. This is a result of criminal activity, and is unfortunately quite hard to disprove. If you think you may be a victim of this type of identity theft, you should contact law enforcement immediately.

If you notice any of these signs, it is important to take action immediately. There are also a number of steps you can take to prevent your identity from being stolen in the first place.

Preventing identity theft

An important first step you can take to prevent your identity from being stolen is to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements.

Another step you can take is to freeze your credit. This makes it a lot harder for someone to open a credit card or take out a loan under your name, as the bank won’t be able to run a credit check. It’s also free, and you can temporarily lift it if need be. However, it can be a bit of a nuisance as there are three separate credit bureaus you have to contact to do this in the US. You can also enroll in a credit monitoring service, such as PrivacyGuard or Credit Karma, or place a fraud alert on your credit.

Making sure you have strong, diverse passwords on all of your accounts is also key. We all know not to use passwords like “password” or “12345”, but having a strong password goes a lot further than that. Not only should you avoid personal things like pets or family names, but you should even avoid using words that are in the dictionary. If you find remembering different passwords for every account difficult, you can use a service like LastPass to generate unique passwords and safely store them for login.

How blockchain technology can help protect your identity

In recent years blockchain technology has built a reputation for providing an unbreakable and un-hackable payments infrastructure. If you're not aware of how a blockchain works, it typically goes like this:

1. Alice wants to send money to Bob - so she performs a transaction
2. The transaction is timestamped and recorded on a digital ledger
3. Once a certain number of transactions have been performed, they are collected in a "block" and cryptographically linked to the previous block of transactions - called a confirmation.

In order to alter her transaction, Alice would need to break the cryptographic hash of each of the blocks that have been added since. Given the complexity of the hashing algorithm and the resource-intensive nature of hacking this kind of infrastructure, this rarely makes economic sense. In short blockchain technology is set up in such a way as to make hacking it both technically difficult and uneconomical.

Given these impressive features, the question becomes: how can we utilize the secure and distributed nature of the blockchain to protect individuals from identity theft.

Well, since 2017, the SelfKey Foundation has been building an end-to-end identity management solution utilizing the Ethereum blockchain. This ecosystem will allow individuals and corporations to authenticate themselves online while minimizing the amount of personal information that needs to be shared.

As a simplified example, imagine going to the liquor store and having to show your driver's license to prove that you are of legal drinking age. The liquor store is legally compelled to ensure that you are of legal drinking age, but typical forms of ID contain much more information than is necessary at this junction. A US driver's licence for example contains:

• The full legal name
• Date of birth
• Photo
• Current residence
• Height
• Weight
• Gender
• Eye color
• Hair color
• Signature
• Document number

You can be sure that, in an online environment, all this information is stored and will be leaked in the case of a data breach.

But now imagine the same situation, but instead of an ID you show a notarized certificate simply showing a facial imagine and the sentence: "We, NAME OF NOTARY, hereby confirm that John Doe is of legal drinking age."

In this second scenario, you can see a simplified example of how the SelfKey ecosystem will use certifiers in order provide evidence but not information. In the case of a breach or a hack, no valuable information would be shared. All a hacker might know is that there is a man called John Doe and he's over the age of 21.

Then you combine this approach with the security and transparency of the blockchain, alongside decentralized identifiers, and you start having a strong identity management system that improves on the current system in many important ways.

Conclusion - How to protect yourself from identity theft

Unfortunately, identity theft is a problem that is not likely to disappear anytime soon and often, we only realize that our identity has been compromised once it is too late. There needs to be a shift in public thinking to be far more proactive in preventing identity theft. Stronger passwords, credit monitoring, and fraud alerts are all good actions to take, but they don’t ultimately solve some of the bigger problems.

It’s become a worryingly frequent occurrence for companies to be hacked, and there are plenty of opportunities for malicious actors to get a hold of your data. Most of us are in the bad habit of not reading the terms and conditions, and privacy policy of every website we sign-up to. We are often giving away a lot of our personal information and may not even realize it.

The time has come for us to take back control of our identity instead of waiting for companies, organizations, and government bodies to lose it. Self-sovereign identity is a very real possibility in the future, but the general population has to make the shift. More awareness needs to be put in place, and we need better solutions that actively prevent identity theft. Your identity is the one thing that should belong exclusively to you, let’s put the power back in your hands and let you decide who gets access to what information.

Download the SelfKey Identity Wallet and take the first step towards protecting yourself from identity theft.