My friend was truly panicked.
Last week, American Express called on a recorded line, to verify a recent credit card application. She had not applied for credit and they suggested she put a fraud alert on her social security number. She did so with TransUnion only.
Yesterday, Capital One called on a recorded line to verify a credit card application. They saw the phone number listed on the application was different than the phone number on the credit bureau listing and wanted to ensure she had indeed applied for credit. They did not see the TransUnion fraud alert because they did not check that bureau, but another bureau instead.
Today she received another call from Chase on a recorded line to verify a credit card application. They had already issued the card but had just seen the fraud alert on TransUnion and decided to call. They promptly cancelled the card, as they told her that the applicant had enough personal information to issue the credit.
“What about the ones that don’t call?” she asked.
In the course of the conversation, she stated she had surgery a few months ago. The hospital had required her to provide her social security number, but she was uneasy when she provided it. She could not remember the last time she had been required to provide her social security number.
And yet, here it is a few months later, and someone is trying to steal her identity. Coincidence? I think not. Chase would not have issued immediate credit without a social security number.
That is why a social security number is a major score to a thief. And this growing problem has shown no sign of slowing down.
“Our AMA policy is to discourage the use of Social Security numbers to identify insureds, patients, and physicians, except in those situations where the use of these numbers is required by law and/or regulation.”
Unless you are a Medicare patient, you are not legally required to provide it. However, new Medicare cards are being sent without social security numbers, with complete transitioning by January 1, 2020 to a new system that does not need or require those numbers. Period. “The biggest reason we took the SSN off of Medicare cards is to fight medical identity theft for people with Medicare.” Even they recognize the problem of these numbers being stolen.
Only your employer, the IRS, your bank, and a lender have a legal right to your social security number.
When a patient is coerced into providing a social security number, it is the healthcare provider’s responsibility to secure all the information provided. If the provider does not secure ALL patient information, it is a HIPAA violation.
What is your alternative to providing a social security number?
Leave that field blank and see if they ask for it. This is not the time to compulsively fill in all the blanks. This blank is best left, well, blank.
Politely ask why they need it. Most of them are clueless as to the reason why. It used to be a part of insurance but not now, unless it is Medicare, Tricare, or CHIP for not much longer. To secure a payment, all they need is a payment. They do not need your social security number.
In some practice software, it is a required field. Tell them they can fill the field with zeros.
Offer to provide another form of identification but not your social security number. Not even the last four digits of your SSN should be provided since it is easy enough to figure out the first five digits, which are where and when the card was issued, and where and when you were born.
Speak with the doctor directly. Tell them there is a problem since you will not provide your social security number due to security issues. It is sensitive information that when breached, can cause life impacting ramifications. Tell the doctor about the AMA’s own policy. Stand your ground.
What do you do if you know your information has been breached or your identity stolen?
Freeze your credit individually with all three bureaus. Go to each of the bureaus (Equifax, TransUnion, and Experian) websites and search for information on “Freeze Credit.” We do not need our credit unless we are purchasing a large ticket item for which we will need credit approval (house, car, etc.). You can unfreeze it when you do need it. Freezing is much more absolute than a fraud alert, as you can tell from the story above.
Notify your banks. Be aware if they change your account number, all your auto withdrawals will need to be changed to the new number.
Check all three bureaus’ credit reports, not just your FICO number. Ensure a the credit information is valid.
Report the identity theft to the FTC (IdentityTheft.gov).
Report the identity theft to the police. Have a report on hand.
Years ago, when my travel became frequent, I obtained LifeLock. When Equifax was breached, I froze my credit. My credit cards are still compromised a couple of times a year but they have always been caught by the credit card company.
One compromise was charging away in Las Vegas at the H&M Store, McDonald’s twice, and a few other insignificant places. These were probably gang members who purchased the numbers off the dark web and placed those numbers on what looked like a valid card.
Another compromise was charging gas in FL, while I was driving on I-35 in South Texas. Another credit card company was alerted to the compromise because the chip reader was not used in any of the purchases. A fake credit card can be made with valid numbers BUT it cannot duplicate a chip. That is why the chip technology is so important.
I do not visit any shady places but there are sometimes shady people that work at restaurants, hotels, etc. Be ever so vigilant. It seems more often than not that my weekly blog post is addressing someone else’s attempt to steal money from us in one form or another.
We live in a very different age and cannot afford to be complacent.