There’s another reason I haven’t written of late — I’ve been dealing with a little identity theft fun.
Tuesday afternoon I signed into my Yodlee account to checka few things, and noticed that my bank accounts hadn’t updated. For the uninitiated, Yodlee is an account aggregation service, essentially a cool little online app that tracks all of your accounts in one place. Banking, brokerage, mortgage accounts, even rewards points. At some point it merits its own post, but you can click here for a more detailed description.
But back to my bank accounts. Yodlee was telling me that my bank accounts wouldn’t sync due to a password issue. So I went to my bank website, attempted to sign on, and lo and behold, my password didn’t work. In lieu of access to checking and savings, I saw a scary little screen pointing me towards a phone number, which I promptly called.
I was informed by Fraud Services that a logon to my account was performed from Eastern Europe, specifically Russia, and based on that they shut my access down entirely. It’s a pretty scary thing to hear, if you haven’t had something like this happen to you. Fortunately, all account balances were in order and no fraudulent transactions had occurred. According to my bank, the typical process is for thieves to garner the information and sit on it for several months before acting, to make the trail a bit blurrier.
So on one hand, you feel vulnerable and insecure that there was a breach. On the flipside, you recognize that your bank noticed it at the moment it occurred and took some degree of action. After having my identity and background vetted better than some VP candidates, I was walked through the process of setting up entirely new accounts. A few random and specific thoughts and pieces of advice:
- I was told by my bank that this was most likely spyware-related. I keep a pretty clean computer, but it is very much possible this is true. I even found and removed a pretty nasty trojan several months ago, so it could have been related to this. I swept my computer with multiple spyware programs and will do so more regularly than I had been.
- On the whole I was rather impressed by the way my bank handled things, even getting capable and seemingly concerned humans on the phone to work with. But, why hadn’t they made an attempt to call me? Would that have been so hard? Or shoot me an email. I did receive a letter in the mail within a few days, but I would think that time is of the essence.
- While all balances and Billpay setups transferred over to the new accounts, I do have to get new account numbers to the companies where I have direct deposits and auto-withdrawals set up. They will continue to push these transactions from the old account numbers for 60 days. Fair enough.
- As a precaution, I have changed passwords to every frigging account I have online. This, my friends, is a time-consuming process. For starters, websites like to bury the place where you change your password. Somewhat understandable. Also, since I do use Yodlee, this means I have to change each password in two places.
- I have an updated pen-and-paper list of all my new passwords, which I will keep in a secured location. I will probably go about the trouble of changing the major user name/password combos twice a year. Seems like a sane thing to do.
Another word about Yodlee, since one of the reasons some are afraid to use the service is that it puts all of your passwords in one location. Yes, this is true, but keep in mind that I learned about this event through Yodlee. Put simply, I had a security breach and learned about it faster than I ordinarily would have because of Yodlee. Had the breach involved a website I don’t check as often, i.e. my mortgage or even a credit card account, it would have been even more helpful.