Have you ever noticed an unauthorized withdrawal from your bank, brokerage, or credit card account? Such suspicious activity can mean only one thing: Your finances have been invaded.
The good news is that there are steps you can take to limit losses and help prevent unauthorized activity from happening again if you find yourself the target of financial fraud.
1. Act fast
Once a crook has access to your account, the fraud may not end with a single purchase, transfer, or withdrawal. “Swift action is critical when it comes to stopping fraud,” says Nicole Spagnuolo, vice president for financial crimes risk management at Charles Schwab.
What to do:
- Raise the alarm: It’s in everyone’s interest to identify suspicious activity as soon as it surfaces. Your financial institution can freeze the compromised account, issue a new card, reset a password, and perhaps even help track down those responsible. Be sure to initiate contact through a known number or website; never respond to an unsolicited email, phone call, or text—no matter how legitimate it may seem.
- Know where you stand: Financial institutions generally have security policies that outline how they handle fraud—including your liability, if any, in the event of unauthorized activity (see “The Schwab Security Guarantee,” below).
- Install antivirus protection: Viruses and malware are commonly tied to fraud schemes. Indeed, if a virus is left unchecked it can capture your new username and password, even if it was changed after the initial breach.
2. Go wide
“When one account is compromised, it’s reasonable to suspect others have been, as well,” Nicole says. One of the most common methods fraudsters employ is called credential replay or credential stuffing, in which they attempt to use credentials stolen from one account to log in to other accounts.
What to do:
- Change your passwords: Whenever you spot fraud in one account, change the credentials on any other accounts with the same usernames and/or passwords. Better yet, assign a unique password to each financial account, as well as every site where you store bank account or credit card information.
- Use a password manager: Of course, it can be difficult to keep all those passwords straight. Password managers, such as Dashlane and LastPass, can generate a unique password for every account, keep track of them all, and even securely auto-populate username and password fields.
3. Stay alert
It’s important to stay engaged with all of your financial accounts, even those you don’t use regularly. “It’s good practice to periodically check in on all your accounts so you can more easily detect fraudulent activity,” Nicole says.
What to do:
- Set up alerts: In addition to fraud alerts, many credit card issuers can notify you when they process online or over-the-phone transactions that don’t require a physical card. In 2018, such transactions accounted for 54% of all fraudulent activity worldwide involving credit, debit, and prepaid cards.1 Bank and brokerage accounts also offer alerts and notifications for certain types of transactions.
- Keep tabs on your accounts: Regularly review your statements and credit report to ensure no fraudulent activity flies under the radar. Each of the three major credit reporting agencies (Equifax, Experian, and TransUnion) is required to provide one free credit report annually, so consider requesting a report from one of the agencies every four months.
- Freeze your credit: Placing a security freeze with Experian, TransUnion, or Equifax can prevent others from opening a new credit card or loan in your name. Better yet, place a freeze with all three agencies to ensure maximum protection. If you need to apply for credit in the future, you can temporarily lift the freeze using a password or PIN.
4. Double up
You can stay one step ahead of fraudsters by adding extra layers of security to your accounts and the devices through which you access them. “Security features offered with your accounts can make it considerably harder for criminals to access them,” Nicole says.
What to do:
- Activate two-factor authentication: This safeguard, now standard among financial firms, issues a single-use code via email or text that you need to enter along with your username and password to gain access to your account.
- Enable biometric recognition: Biometrics let you unlock a device or log in to an account with your face, fingerprint, or voice. Unlike passwords, biometrics can’t be written down (or lost) and are much harder for criminals to replicate.
Going the extra mile
In addition to these four steps, consider reporting your experience to the Federal Trade Commission at ftc.gov/complaint. The agency’s reporting process isn’t designed to resolve individual incidents or recover funds, but your report helps them track trends in fraud and better understand the methods criminals are using, which may help financial firms improve their defenses.
It’s also a good idea to file an Identity Theft Report at identitytheft.gov. This entitles you to extra protections, such as placing an extended fraud alert on your credit report and preventing companies from collecting debts that result from identity theft.
1“Card Fraud Losses Reach $27.85 Billion,” The Nilson Report, 11/2019.