Equifax data breach and how it will affect you

Last week credit-reporting agency, Equifax, disclosed a data breach that has affected approximately 143 million Americans. You should assume that you have been affected. Equifax disclosed last Thursday (September 7) that personal client data consisting of Social Security numbers, dates of birth, names, addresses, driver’s licenses and credit card numbers were exposed through the breach.

Equifax first discovered this breach back in July of 2017. Equifax stated they immediately took action to stop the intrusion and hired an independent cybersecurity firm to conduct a through review to confirm the extent of the invasion and the information accessed. The company also reported the criminal activity to law enforcement and continues to work with the authorities.

After the breach, Equifax provided a website to verify if you were affected by the breach. Initially many have questioned the accuracy of their website and the data provided. This website also hosts important updates for consumers, FAQs, and how to enroll in the credit-reporting agency’s complimentary identity theft protection and credit file monitoring.

Equifax is offering free identity theft protection and credit file monitoring to all U.S. consumers, even if you are not impacted by the data breach. You may want to do this, but we do not feel this provides you with any real form of identity theft “protection.” It is more like a monitoring program than protection. Per Equifax’s website, “This offering, called TrustedID Premier, includes 3-Bureau credit monitoring of your Equifax, Experian and TransUnion credit reports; copies of your Equifax credit report; the ability to lock and unlock your Equifax credit report; Identity theft insurance; and internet scanning for your Social Security number- all complimentary to U.S. consumer for one year.” The enrollment for this offering must be completed by November 21, 2017.

A first step you can take now is to set up fraud alerts with all three major credit reporting agencies, EquifaxExperian and TransUnion. You will get an alert if someone tries to apply for credit in your name.

Another step you should take now is to put a credit freeze in place at each of the three credit-reporting agencies in an attempt to prevent becoming a victim of identity theft. A credit freeze at each agency prevents someone from establishing new credit in your name. Eve Velasquez of the non-profit Identity Theft Resource Center said on CBS News, “A credit freeze will lock the criminals out of opening financial accounts in your name, but there are other types of identity theft. And that includes medical, criminal and governmental.”

As of last Saturday, tens of thousands of U.S. consumers had initiated credit freezes. Credit freezes are open to anyone and are temporarily or permanently reversible. Equifax is currently not charging a fee to initiate a credit freeze. It is unclear how Experian and TransUnion will handle the fee to initiate and lift the credit freeze. Some states require consumers to pay a fee to lift a freeze. The fee range is about $5 to $10 and varies by state.

A credit freeze does not affect existing credit arrangements like outstanding loans or credit card accounts. Establishing a credit freeze helps to prevent others from opening new credit card and loans in your name. A credit freeze is not recommended if you plan to open up a new credit card or new car loan in the very near future. A credit freeze does not affect your credit score. If you establish a credit freeze, you will be given a personal identification number (PIN) that you would use when you need to temporarily or permanently reverse the credit freeze. It will take approximately three business days to lift a freeze per the Federal Trade Commission when and if you decide to lift the freeze. For more information and a helpful guide to a credit freeze, please see Alia E. Dastagir’s article, Equifax data breach: How to freeze your credit in USA Today.

Please be extra vigilant of the PIN that you are given if you decide to go the credit freeze route. Make sure the PIN Equifax and the other credit-reporting agencies gives you is a randomly generated number. Originally Equifax issued PIN numbers based on the date and time you called to set up your credit freeze, which are not considered secure.

A third step is to check your credit report. You are entitled to one free credit report per year from all three credit-reporting agencies. It is recommended to spread these out over the year, checking in every four months. You can access the credit reports here.

Separate from the credit report issue, we would again remind you to change your passwords to your online financial accounts. It may be a good idea to update and strengthen those passwords and or PIN numbers attached to those accounts. Our firm is a strong advocate of making sure you safely and efficiently manage your passwords. We have written several blog posts regarding this subject matter: 5 Password Security Tipsand How to securely and efficiently Manage Your Passwords.

Even if your name does not register as part of the Equifax data breach, we recommend monitoring your credit reports and updating your password(s) and any PIN numbers associated with your accounts.

As the world is more tech savvy, it definitely puts us on high alert with our personal information and the number of companies who have access to it. If you need further guidance or have questions regarding the data breach, please contact our office.

This week’s takeaway: Everyone should consider that they are affected by the breach and should establish a credit freeze at all three credit-reporting agencies. Please see the article, Equifax data breach: How to freeze your credit by Alia E. Dastagir, USA Today, for all three credit-reporting agencies contact information and how to guide to a credit freeze.

 

Additional helpful guidance and some of the information we gathered can be found with the links below:

Victim of Equifax data breach speaks out, Anna Werner, CBS News, 09/12/2017

How to defend yourself against identity theft after the Equifax data breach, Adam Shell, USA Today, 09/11/2017

After Equifax Breach, Here’s Your Next Worry: Weak PINs, Ron Lieber, The New York Times, 09/10/2017

Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees, Ron Lieber, The New York Times, 09/12/2017

4 Things You Should Do About the Equifax Hack, Tim Herrera, The New York Times, 09/10/2017

 

 

Beware of Fake IRS Tax Scams and Bill Notices

There have been increased reports of IRS tax scams.

We want to remind you of some IRS basics, to help prevent you from being affected by these scams.

The IRS will never initiate a first contact for a real IRS matter by phone, text or email. The IRS will only begin a real matter with a taxpayer by sending you a letter, which almost always includes many pages.

If you get an email, phone call or robo-call (automated) which seems like it is from the IRS, you should ignore it. Just hang up the phone.

Do not click on anything in one of these emails. Do not open any attachment to these emails. Never click on a hotlink. Do not reply to them. Just delete the email or ignore it.

The most recent “hot” IRS scam regards phony IRS CP 2000 forms. Real IRS CP 2000 forms are issued when the IRS feels there is matching issue, such as a discrepancy on your return, versus what an employer or investment firm has reported to the IRS. Unlike the fake, real IRS CP 2000 notices provide extensive instructions to taxpayers about what to do if they agree or disagree that additional tax is owed. A real notice requests that checks be made out to “United States Treasury.” To add confusion, the fake IRS notices frequently says the matter involves the Affordable Care Act.

If you are contacted by the IRS by mail, you should always forward that notice to your CPA or tax preparer immediately, to determine if it is authentic and to respond promptly, if necessary. If the notice has your social security number on it, you should mail or fax it; do not ever email any kind of document to anyone with your full social security number on it.

These same general concepts apply to emails, calls or texts you may receive from a bank or financial institution. If you are at all concerned that one of these is not authentic, do not click on any part of the email or reply to it. Call the institution using a phone number that is on one of your regular statements, to determine its validity.

For example, if you get an email from your credit card company requesting your social security number for their “verification records,” you should call the company. Do not provide this information if requested by an email.

Computers, cell phones and the internet have provided many benefits, but they are expanding as a source of scams and vulnerabilities. You should always be alert and careful. If you are ever unsure about some form of contact you receive, you should call the governmental agency or real company yourself, or our firm.

If you ever get a notice from Fidelity, which is our primary custodian, and you are unsure about the notice or if you have questions, please contact our office and we would be pleased to assist you.

We hope this information is helpful to you.

 

 

 

Why the Wells Fargo controversy is important to everyone

Two weeks ago, Wells Fargo, one of the nation’s largest banks, was fined $185 million for opening up bank and credit card accounts for customers without their approval, as well as phony accounts for fictitious people.

Even if you are not a customer of Wells Fargo, this development is relevant for two significant reasons:

  •  It is another reminder of the risk of investing in a specific company, as even ones with previously good reputations can get hit with unexpected bad news, which can hurt their stock price.
  • You should always understand how a bank, financial advisor or stock broker is being paid or incentivized to provide, sell or recommend a product, account or investment advice.

Wells Fargo is now under intense scrutiny and criticism for the actions of thousands of their employees who apparently acted improperly in an effort to meet aggressive sales goals and quotas.

As a result of this news becoming public, their stock has fallen. What is unknown is the impact of these events on the company’s future earnings and business reputation, and thus, Wells Fargo stock. Will they lose customers? Will potential new customers go elsewhere? Will top executives lose their jobs? Even if top executives don’t lose their jobs, this will certainly be a major distraction for Wells Fargo.

This is another example of why our firm’s stock investment philosophy is notbased on individual stock picking. Until the huge penalty announcement, this bad news was not factored into Wells Fargo’s stock price. Wells Fargo previously had an excellent reputation as a well-run financial institution.

We recognize that it is not possible to predict bad news like this, which is why we recommend owning a broadly diversified set of funds. This way, you are not hurt as much by the risk of bad news affecting a single company’s stock.

Incentives, commissions and trust

Wells Fargo employees were under pressure to generate account openings and new credit card accounts. They had sales goals and were incentivized to “cross-sell” products, even if it was not in their customers’ best interest. As a large publicly held company, Wells Fargo had growth targets which certain employees had to meet.

Warren Buffett’s Berkshire Hathaway is by far the largest shareholder of Wells Fargo stock, with nearly 10% ownership. Buffett has yet to speak publicly about these incidents, but many years ago he made the following statement, which is shown at every annual shareholder meeting: “Lose money for my firm and I will be understanding; lose a shred of reputation for the firm, and I will be ruthless.”

At our firm, WWM is compensated only by the management fee which is clearly disclosed to you during our initial meeting(s), as well as in the Investment Advisory Agreement (IAA) which all clients sign. We do not make more money for recommending a specific fund, bond or any other investment. We are fee-only investment advisors, which means you are not charged a sales commission or “load” when we buy or sell any investment on your behalf. We are proud that our firm meets a high “fiduciary standard,” which requires us to always act in your best interest. Period.

Most banks and large brokerage firms are compensated very differently than how WWM is, for investment advice or products. We are very transparent and clear about our fees. Most of these other firms do not clearly explain how customers are charged or what incentives may exist for certain products or investments they recommend.Most of these firms do not meet the high fiduciary standard which WWM adheres to.

For example, banks and insurance companies often recommend annuities to their customers, but they do not clearly disclose the commissions of up to 8% or the surrender charges you may incur if you don’t hold the annuity for many years. Brokerage firms may not charge a commission on a bond purchase, but they don’t tell you they “marked-up” the price to make a profit on the transaction.

Compared to many of the issues and causes of the 2008-09 financial crisis, the Wells Fargo actions are not nearly as bad. However, the cause of the Wells Fargo penalties, such as employee sales incentives and lack of transparency, are still symptomatic of many large financial institutions.

You should feel confident that as your financial advisor, we have no hidden fees and no sales incentives. When we provide advice to you, it is based solely on what we think is best for you and your family. Our actions and advice are not motivated to meet a revenue quota.

Our advice and service are motivated to develop and maintain very long-term, trusting relationships. Good things will follow from that, for you, our clients, as well as our firm.

How to save time due to credit card fraud

Credit card fraud continues to be a huge problem, despite the introduction of chip enabled credit cards in the US.

Twice during the past year I have had to replace credit cards, as the accounts/cards were fraudulently used. One of my sisters had one of her credit cards fraudulently used in the red card 01-28-16past two weeks.

Until chip technology acceptance at retailers and stores becomes much more commonplace, credit card fraud will continue. There is not much we can do to prevent this type of fraud as we shop at stores and eat out at restaurants, especially ones that do not yet accept chip-card technology.

One of the major hassles of having your credit card hacked is dealing with recurring payments that you have set up with that credit card. After a credit card hack, you have to log into each of the company websites that you have established for recurring payments, to give them the new credit card number, as well as the new expiration date and sometimes the security code.

Our recommendation: You should have a separate credit card just for recurring charges, such as utilities, subscriptions, iTunes, internet, cable, cell phone providers and more.

The purpose of this strategy is that for the credit card that you use for recurring payments, you should NEVER take or use that card outside of your home. Do not use it at a gas station, a retail store or restaurant. To re-use an old advertisement….don’t leave home with it.

This will be your “recurring payment only” credit card.

Doing this is the best way that you can prevent this credit card from being hacked, as most credit card fraud happens from the retail use of credit cards, not from establishing recurring payments through the card from credible companies.

This may be a major change in how you use your credit cards, but it will save you lots of time if another of your credit cards is fraudulently used and you need to get a new card account established. Hopefully, by adopting this strategy, getting a new card will just affect you for a few days, until you get a replacement card. It should prevent you from having to change all your recurring payment information.

Other credit card related recommendations and thoughts:

  • Use chip-enabled credit cards wherever possible.  If your credit cards do not yet have chips, contact your card company and tell them you want one.
    • Thank smaller retailers and establishments that have obtained chip-enabled credit card readers, as they are expensive.
  • You should review your credit card activity online regularly.  I suggest at least weekly.
  • At a minimum, carefully review your credit card statements at the end of every billing period to make sure all the charges are legitimate.
  • You should consider setting credit card alerts, so you will receive a text message or email if charges exceed a certain amount.  The problem with this recommendation is that most fraudulent activity starts with minimal charges, or around $100 or $200.  Thus, getting frequent email alerts on your regularly used credit cards maybe very cumbersome.  This will not prevent fraudulent activity, but help you identify it quicker.
  • The most common places that fraudulent charges are made, if your account is ‘hacked” are places like Home Depot, Best Buy, Lowes and in the Midwet, Meijer’s.  This does not mean you should not shop at these locations.  These are the places that people who do the fraudulent activity go first, when they start to shop with stolen credit card numbers.  These are the charges you should look for in your card activity.
  • You should provide to each of your credit card companies your email address and cell phone number, so they can contact you if they identify what appears to be unusual activity.  Again, this will not prevent fraud, but may stop it faster.

 

Link of the week: To learn much more about the benefits of using credit cards to obtain the most reward dollars, points and other perks, as well as airline and hotel loyalty programs and their credit cards, I recommend reading or following “The Points Guy” at www.thepointsguy.com or @thepointsguy on Twitter. The benefits can be worth thousands of dollars per year, if done strategically.
Thanks to my family members, who provided some of the above suggestions.