Solution 38

It can sometimes be difficult to obtain your credit reports while living outside of the country. If you have family or friends back in the states who are taking care of your affairs, you may consider asking them to write to the Credit Reporting Agencies (CRAs) for you, utilizing the information in Letter Form 124C. Activity duty military living on base in a foreign country may use this same form as well.

If you are an American citizen not in the military, and you would like to request your credit reports, you will need to write to the three CRAs and send them a package of information proving your identity. If the country you are in has an equivalent of Certified Mail and/or Return Receipts, make sure you send your package that way so that you can track it.

  • Equifax P.O. Box 105139 Atlanta, GA 30348-5139
  • Experian P.O. Box 2002 Allen, TX 75013
  • TransUnion P.O. Box 2000 Chester, PA 19016

Your cover letter should include:

  • Your full legal name or the name that is on your passport or other identification papers
  • Your date of birth
  • Your Social Security number
  • Your current or previous U.S. address

Include in your package:

  • Two proofs of your current mailing address (such as a copy of your driver’s license, utility bill, insurance statement, bank statement or telephone bill that shows your name at your current mailing address)
  • Copy of a government-issued ID card such as your state ID or driver’s license
  • Copy of your passport and the visa stamp
  • Copy of your Social Security card

Related Resources:

LF 124C – Request a 90-Day Fraud Alert

FS 100 – Financial Identity Theft: The Beginning Steps

FS 124 – Fraud Alerts and Credit Freezes

This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Letter Form 29

Many people find out that they are victims of identity theft when they try to open a new line of credit.  This can be a shock.  This sense of shock can be even more overwhelming when you are told you are listed or somehow identified as “deceased”.

ITRC Letter Form 29 is a sample letter which may be sent to a creditor, credit reporting agency (CRA) or governmental agency alerting them to the fact that you are not deceased.

Related Link:

ITRC Solution SN 29 – Death Reported in Error

Click to download the form:

LF 29 Form

This letter form should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to ITRC thanks the CRA’s in providing material for this guide.

Copyright, Identity Theft Resource Center®, all rights reserved. Created by ITRC

ITRC Solution 29

Many people find out that they are victims of identity theft when they try to open a new line of credit. This can be a shock. This sense of shock can be even more overwhelming when you are told you are listed or somehow identified as “deceased.”

Your first priority is to find out who reported your death, when, and why. It is important that you take appropriate steps to correct the information at the originating source. After the information is corrected at the originating source, you will then have to notify any other entities that have you listed as deceased.

Listed below are some possible reasons and solutions. If these scenarios do not match your case, please contact the ITRC for further no-cost assistance using our toll-free number, (888) 400-5530.

Credit Card Company: If one person on a joint account dies, and that death is reported to the credit card company without expressly noting that the surviving cardholder(s) will take over the joint account, the credit card company may close the account due to “death.” Should this happen, the surviving cardholder(s) must contact the credit card company and correct the misinformation.

Credit Reports: A death claim may be inaccurately reported due to a typographical error or mixed records. This might be caused by a miscommunication from a credit card company because that credit card company inadvertently mixed the information of two different customers. There are also cases when a vengeful “ex” has managed to get a funeral director to send in a false “certificate of death.”

Call the three Credit Reporting Agencies (CRAs) and request a credit report or fraud alert at the numbers provided below. If you are listed as deceased in their database, the automated system will notify you that they cannot respond to your request for a fraud alert or credit report.

  • Equifax: 800-525-6285
  • TransUnion: 800-680-7289
  • Experian: 888-397-3742

If you are unable to get a report, fill out ITRC Letter Form LF 29 – Death Reported in Error and mail it to the three CRAs using the addresses below. Be sure to mail all correspondence via certified, return receipt.

  • Experian
    P.O. Box 9554
    Allen, TX 75013-0949
  • Equifax
    P.O. Box 74021
    Atlanta, GA 30374-0241
  • TransUnion
    P.O. Box 2000
    Chester, PA 19016

Social Security Administration (SSA) office and Vital Records: If you find out that your name is on the “National Death Registry” you will need to take steps to locate and amend the death certificate and then remove your name from the registry.

  • In order to amend a death certificate you need to first obtain a certified copy of the death certificate from the county clerk or recorder’s office where the death was reported. A form to amend or correct a death certificate is available from your state’s vital records office. On your death certificate, it will name the informant (who reported the death). This person should be contacted so they can sign as one of the supporting affiants on the State Vital Record Amendment Affidavit Form.
  • To remove your name from the death registry, you will need to make an appointment at your local Social Security office. The SSA will require you to provide a copy of a valid photo id, a certified copy of the amended death certificate and a police report (if one was filed).

Other governmental notification: This scenario may include a notification letter from the Internal Revenue Service or other governmental entity (i.e. unemployment benefits, welfare, SSI, VA/Military). In these circumstances, steps must be taken to satisfy the criteria established by the particular agency involved by contacting them directly.

In all correspondence, the following documentation should be provided as evidence that you are not deceased:

  • A photocopy of your driver’s license or state identification card.
  • A current notarized letter from your doctor, on letterhead stationery, stating you are alive and have been under the care of that doctor for __ years.
  • A statement from you including the fact that you are alive, and a request to be told the name and location of the originating source for the death certificate.
  • In the absence of one or more of the above documents, you may provide work records, employer statements, pay records, military records, and school records, generated after the date of death recorded on the death certificate. Wherever possible, such records should be notarized.

Related Link:

ITRC Letter Form LF 29 – Death Reported in Error


This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Solution 18

If you received a phone call, filled out a form, or gave out information and think you could be a potential victim of a scam, we recommend you take the following steps:

  • Contact the credit reporting agencies (CRAs) to place a fraud alert on your credit reports (see ITRC Fact Sheet FS 124). These are currently 90-day “advisory only” fraud alerts. You may re-establish a fraud alert with the credit reporting agencies on day 91.
  • Cancel all credit card, bank account, or ATM/Debt account numbers given out. Password-protect those accounts.
  • Notify DMV if driver’s license number was also given.
  • Monitor your credit reports using the annual credit report system by staggering out your requests between the three credit reporting agencies every four months.
  • Monitor the monthly statements sent to you from the compromised accounts closely. If there is a questionable charge or change of information then report it to the fraud department of that company immediately and close that account.
  • File a police report stating you have responded to a scam. If you become a victim, this will be necessary to mitigate your case. Also, you may use this police report to obtain a 7-year fraud alert or a credit freeze.


Links to Resources on our Website:

ITRC Fact Sheet FS 123 – Scam Assistance

ITRC Fact Sheet FS 125 – Federal Annual Free Credit Report Law

ITRC Scams & Consumer Alerts


This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Solution 15

It can be unnerving to be told that your information has been compromised in a breach. There are some steps you can take at this time. Remember, just because you’re a victim of a data breach does not mean your information will be used by an identity thief.

Your response to this breach will depend on the type of information that was compromised. Should you become a victim of identity theft, help is just a phone call or email away.

Financial Accounts:

This includes checking accounts, credit cards, money market funds, stocks, and bank accounts:

  • Close ONLY the affected accounts and have account numbers changed.
  • Password-protect all your accounts, the new ones as well as the closed. This restricts thieves from re-opening closed accounts.
  • Monitor your account and billing statements closely.
  • Report any fraudulent activity immediately to the bank and law enforcement.

Social Security Numbers:

  • Call the credit reporting agencies to place a fraud alert. We recommend that you call all three. You will go through the automated system when you do this.
  • Once you place fraud alerts on your credit reports you should receive a free credit report for your review. Please go over these reports to look for any signs of identity theft.
  • Use the annual credit reports system to monitor your credit report over the next year. Stagger them out by ordering one every four months.

Other Items:

  • If your health and auto insurance information is compromised, change the policy numbers or have the accounts flagged for unusual activity.
  • If it is HR data that was compromised, change account numbers for your 401-K, life insurance, and accounts holding your stock options. Password-protect these accounts.

Related Links:

ITRC Solution SN 03 – Contacting the Credit Reporting Agencies to Place a Fraud Alert

ITRC Fact Sheet FS 129 – I received a security breach letter: what do I do now?


This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Solution 12

These are general steps to be taken, no matter what type of check fraud it is (see ITRC Fact Sheet FS 126 for types of check fraud).

  • With any check fraud, you should report the crime to the police as soon as it is discovered and get a copy of that report. You will need to send a photocopy of the report, along with a letter or fraud affidavit, to any merchant, collection agency or financial institution where a bad check has been passed. See ITRC Letter Form LF 126 – Initial Victim of Identity Theft Statement and Fraudulent Checking Account Information Request.
  • All requests should be made in writing and in a timely manner.  All correspondence should be sent “certified mail, return receipt requested.”
  • Whenever possible, speak with the fraud investigation department and not customer service or bank managers.
  • Close any compromised financial accounts. When working with the fraud department, ask that a password be placed on the account, especially if the financial institution refuses to close it. This will also help to verify or authenticate you as the holder of the account.
  • Warrants – It is possible that a criminal warrant will be issued by the local prosecuting attorney for a bad check (if written for more than several hundred dollars).  Once you make contact with the merchant or financial institution, ask if they have referred this to the police, the state’s attorney, or the district attorney’s office. If so, request that the merchant or financial institution contact that agency and request they withdraw that warrant. Find out what documents they need in order to clear the warrant. Make sure you receive a letter stating that the warrant has been withdrawn or cleared, and that your name is not in the warrant system.  Your name needs to be cleared from the local level database, state level database and national level database (if placed there).  You can call the “Court Clerk” in the county where the check was passed to find out if a warrant exists in your name.
  • Contact all the check verifications companies listed below.  If a check is denied, ask the merchant which Check Verification company they use so you know where to start.  You have the right to have erroneous or fraudulent information removed from the report, upon written request and with proof (i.e. a police report or a collaborating letter from a bank, per the Fair Credit Reporting Act).

Check Theft:

  • Notify your bank both orally and in writing. Immediately close this checking account and any connecting financial accounts. Request a Stop Payment be placed on stolen check number(s).
  • Request for a “re-credit” or refund of the lost funds.
  • Request your bank flag the check/s as stolen. Your bank should notify the receiving bank to hold the check intact for law enforcement purposes. In other words, ask them to flag it so they can make sure any accepting bank holds onto the check rather than destroying it as they are allowed to do under Check 21 – Refer to ITRC Fact Sheet FS 126.
  • Get a copy of the check for your file – requesting a substitute check if you cannot get the original.
  • Make sure you get a Letter of Clearance or confirmation from your bank that the account has been closed and is marked “closed due to theft and not to be reopened.”
  • Save this letter and send a photocopy of that letter and the police report to any merchant who has accepted a check from the closed account.  ITRC Letter Form LF 126 may be used as a cover letter to the merchants, or check verification companies, which may have accepted fraudulent checks written with your information.
  • Request letters from each merchant once they have declared that you are not responsible for the charges.  Keep these in a safe location along with your other sensitive documents.
  • Open a new account, adding a strong password so that no alterations can be made to this account such as change of address, adding additional users, etc., without your permission.
  • Request that your bank notify all check verification companies.  Most check verification companies will not take information from consumers.

Pitfalls: Merchants don’t know this account is closed and may accept checks long after you have closed the account.  Be patient. They are also victims of this crime.


To report fraudulent use of your checks contact:

  • ChexSystems: (800) 428-9623
  • Certegy/CPRS: (800) 437-5120
  • SCAN: (800) 262-7771
  • TeleCheck: (800) 710-9898

Several of these companies do provide a “consumer report.” Order reports from those that do provide them.  They should be free.

Security Alert on Consumer Reports

ChexSystems and SCAN will let you place a 90-day Security Alert on your consumer report with them.

Phone: 800-513-7125
or: 888-4-STOLEN


For instructions on how to place the Security Alert click ChexSystems

Related Links:

ITRC Fact sheet FS 126 – Check Account Takeover and Check Fraud

ITRC Letter Form LF 100-1 – Initial Victim of Identity Theft Statement and Fraudulent Account Information Request to Credit Issuers and/or Merchants

ITRC Letter Form LF 100-2 – Confirmation of Conversation / Letter of Clearance

ITRC Letter Form LF 126 – Initial Statement of Checking Account Fraud


This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Solution 9

Many people find out they are victims of identity theft when they try to open an account. It often comes as a shock. This is one reason we encourage using the annual credit reports system to monitor your credit throughout the year.

If you are refused a new line of credit because you are a victim of identity theft, we recommend the following steps:

  • Contact all three major credit reporting agencies to place a fraud alert on your credit reports. (Refer to ITRC Solution SN 03) You will want to obtain your complimentary copies of all three credit reports.
  • Go through the reports and highlight all fraudulent accounts, and incorrect information. (See ITRC Fact Sheet FS 128 – How to Read your Credit Report.)
  • Contact your local law enforcement to file a police report stating you are a victim of identity theft. Take your highlighted credit reports as evidence. You will need to obtain a copy of this police report to clear any fraudulent activity.
  • Contact all the companies where fraudulent accounts have been opened, any collection agencies that are involved, as well as any company with a pending application. Please refer to ITRC Solution SN 01 – Clearing Fraudulent New Account and ITRC Solution SN 04 – Clearing Name with Collection Agencies. Please speak with the fraud department, not the customer service department.
  • Ask the fraud department what is required to clear you from this account and to remove it off of your credit reports. (Please refer to ITRC Letter Form LF 100-1 or ITRC Letter Form LF 116) Let them know that you have a police report that you can send to them. Once the company has found it to be a fraudulent account, they must remove it from your credit reports.

Related links:

ITRC Fact Sheet FS 100 – Financial Identity Theft: The Beginning Steps

ITRC Fact Sheet FS 106 – Organizing your Case

ITRC Fact Sheet FS 116 – Collection Agencies and Identity Theft

ITRC Solution SN 03 – Contacting the CRA’s to place a Fraud Alert

ITRC Solution SN 10 – Filing a Police Report


This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Fact Sheet 148

This guide includes:

The Non-prime Population:

Traditionally, the non-prime (or sub-prime) population has been described as a group of people who are unable to obtain credit through traditional channels because they are considered the greatest credit risk.

Now, with the economic downturn, it is harder for even more consumers to obtain traditional lines of credit, loan approvals, or even low APRs due to changes in lending practices. Adding to this hardship, consumers coping with salary reductions or the loss of employment are often unable to make their monthly payments, eventually causing their consumer credit scores to drop. As a result, many Americans find themselves struggling with the credit granting criteria of prime lenders (lenders who offer traditional credit). Once considered “prime consumers,” this new and growing population now falls under the category of “non-prime consumers.”

As it becomes harder for consumers to obtain traditional lines of credit, more consumers are using alternatives. According to the study Changing Patterns and Behaviors of Non-Prime Payday Loan Consumers by Clarity Services, Inc., “ … between February 2010 and August 2011, there was a substantial shift in the types of consumers who request payday loans, with the more stable, higher earner segment increasing by over 500 percent.” Payday loan lenders and other companies issuing non-traditional credit are major players in granting short-term loans to this growing population of consumers.

These lenders are often the only institutions offering non-prime consumers access to a reliable cash-flow source. According to Clarity Services, Inc., “the total annual impact to US delinquencies would be $2 billion if payday lending was not available to consumers who take out short-term alternative loans for the purpose of paying back other past due commitments.”

Applying for and Taking Out a Payday Loan:

Consumers are able to apply for payday loans in person at a brick and mortar (storefront) institution or online. When you apply for a payday loan online, you may be applying with one lender or a whole network of lenders. Many of the web sites that advertise loans are third parties that take applications for loans and offer them to lenders in their network. Because of this process, one application can be seen and approved by multiple lenders. It is up to you to decide which loans to take, if any, and to be aware of the fees and due dates of payments.

If you have taken out a payday loan, it is important to note that credit reports from the three major credit bureaus (i.e. Experian, TransUnion, and Equifax) typically do not include information on the payday loan dollar amount borrowed by the consumer or the amount owed unless the lender has referred the account to collections.

Identity Theft and Payday Loans:

Since payday loans typically do not appear on credit reports from the three major credit bureaus unless an account has been sent to collections, a victim will often not know about a fraudulent payday loan until he or she has been contacted by a lender or collections agency. An identity theft victim with payday loans in his or her name may have to utilize several resources in order to understand the extent to which their identity has been compromised. First, if you have been contacted by a collections agency, please refer to ITRC Factsheet FS 116: Collections Agency and Identity Theft and follow the steps provided.

If you have been contacted by a lender or you are contacting a lender about an overdue payday loan that you did not authorize, ask to speak to a representative who can handle fraudulent claims. When speaking to the representative, state that the payday loan in question is fraudulent and you are a victim of identity theft. Then inquire after any other loans in your name. Once you have obtained the information you requested, ask about the clearance process, which may vary according to lender. Follow all the steps the lender gives you to ensure proper removal of all fraudulent activities. Also inquire about any alternative credit bureaus (i.e. not one of the three major bureaus – Experian, Equifax, TransUnion) that offer credit reports that may contain any loan inquiries and/or funded loans from the lender. Request a credit report from any of the bureaus that the lender names. If the credit report(s) show fraudulent activity, refer to ITRC Factsheet FS 100: Financial Identity Theft: The Beginning Steps and ITRC Factsheet FS 100A: More Complex Cases for mitigation steps.

Payday Loan Scams:

According to the Internet Crime Complaint Center (, payday loan scammers made a reported amount of more than $8 million in 2011. However, since not all victims report their losses, it is likely that the amount is even higher. Payday loan scams usually follow the same basic formula. The scammers will contact consumers at all times of day and night. In addition, the fraudsters often claim to be attorneys, part of a government agency, or employees of legitimate-sounding banks or companies. The scammers then state the consumer owes money towards a loan and needs to repay it immediately.

While these victims may have applied for payday loans or may have received loans in the past, they owe no money to the callers. Somehow, the fraudsters have gotten ahold of the consumers’ account and personal information. The fraudsters typically know information such as SSN, address, names of relatives or references, or perhaps the name of a lender that the consumer would recognize. The fact that the scammers have this information makes the scam victim believe that the caller is part of a legitimate company which received a loan application. Also, these fraudsters will intimidate people in a number of ways: using abusive language; threatening lawsuits or jail time; and calling or threatening to call relatives, coworkers, or employers.

The Fair Debt Collections Practices Act details consumers’ rights and states what debt collectors are not allowed to do. Refer to ITRC Fact Sheet FS 116A: Your Debt Collection Rights for information regarding the act. If the person calling refuses to provide you with written notice of a collection (also known as validation notice), or violates the FDCPA in any other way, hang up and do not give any information about yourself because this is likely a scam.

For more information about protecting yourself, please refer to:

ITRC Factsheet FS 123: Scam Assistance

ITRC Factsheet FS 124: Fraud Alerts and Credit Freezes.

You can also report a scam call by contacting the Federal Trade Commission (FTC) and your state Attorney General.


This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Letter Form 140

ITRC Letter Form 140 is a sample letter to request a senior family member or dependent adult’s credit report be frozen by the three credit reporting agencies (CRAs). Please read Fact Sheet FS 140 to know what to include with this letter.

Always send items Certified Mail Return Receipt.

Please DO NOT send the ITRC any personal documents or letter forms as we cannot gather information for you or clear fraudulent activity that may appear.

P.O. Box 740256
Atlanta, Georgia 30374

PO Box 2000
Chester, PA 19016

PO Box 9532
Allen, TX 75013

Click to download the form:

LF 140 – Requesting Credit Freeze for dependent Adult


This letter form should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC thanks the CRA’s in providing material for this guide. Copyright, Identity Theft Resource Center®, all rights reserved. Created by ITRC

ITRC Fact Sheet 134

The business traveler often carries electronic storage devices and documents for reference or work while on planes, in hotels, and in the spare time between meetings. There is often information you may need in case your office or a customer contacts you during your trip. However, some of the information included may be sensitive personally identifying information (PII). PII includes Social Security numbers, employee identification numbers, addresses, insurance policy numbers, credit card or payroll information, financial account numbers, and other items that could be readily used by an identity thief.

Business travelers must stay alert for situations that an identity thief might use to try to steal this information, and also guard against inadvertent loss or exposure of PII. Any person could be looking for the opportunity to gain access to sensitive information in your possession, waiting for a good opportunity. In this respect, you should not trust anyone you meet with any PII. Housekeeping staff, bellmen, security guards, TSA agents, front desk clerks, and many others you encounter during your trip could have the opportunity to access your data if you are not aware.

You must realize that once you remove PII from your office, you are solely responsible for its protection and security. In addition, even inadvertent exposure or loss of such information (without theft involved) could trigger state breach laws which can require:

  • Law enforcement data exposure notification
  • Consumer or customer notification of those exposes
  • Media notification

These data exposure events (data breaches) may cost your company money, consumer trust and negative publicity.

Rules for the Road

The following items should be considered when you are on the move:

  • Laptops, Computer Storage Devices, and PDAs with personally identifying information (PII) – The best way to protect this information is by using data encryption to encrypt the device prior to leaving the workplace. While many people believe password protection is sufficient they can be bypassed by anyone with enough knowledge and capability. Encryption is the gold standard in data protection. Do not carry the encryption code in writing with you. Commit it to memory.

    Prior to beginning your trip, make time to consider which files really need to be carried on the trip. Although it is usually easier to do a “data dump” to your laptop, such action may expose large amounts of sensitive data to unnecessary risk. Take only those files which are likely to be needed during the trip.

  • Make an effort to keep your laptop in your control at all times. Be especially alert when going through airport security when crowds and security procedures may cause some chaos. Do not put your laptop through the security x-ray scanner until you are in position to be the next person through the metal detector. Thieves are waiting for those moments to distract you while an accomplice picks up your laptop from the opposite side of the x-ray scanner. By the time you get through the metal detector, your laptop is long gone.

    Other protective measures include: GPS tracking devices for the laptop; fingerprint readers to access laptop files; and remote wipe capabilities that enables you to delete all the information off a device in case you lose it or it is stolen. Finally, it is important to log out of your computer when it is not in use, even if it is for just a few minutes.

  • Paper Documents with PII – Sensitive documents should always be kept in a locked briefcase that is secured at all times. As in the case of data files, select only those files for the trip that are likely to be needed. Do not leave sensitive documents in baggage that must be checked for flight.

    If, during a trip particular documents become no longer necessary, see that they are shredded at the first opportunity. Most hotel business centers have crosscut shredders available for your use. Do the shredding yourself. All documents should be cross-cut shredded when no longer needed.

  • Hotel Safes – Be sure to take advantage of hotel safes if you are leaving your laptop, PDA or storage devices in a hotel room, even for a short period of time. Many persons have access to your hotel room when you are not there. Leaving any of your valuable items in the room, in this case PII, is providing an opportunity to a thief. You must recognize that the information you carry is a target for an identity thief.
  • Business Center Computers – There is always a higher risk in using a public computer. In addition to leaving information (history) on the computer about your cyber travels, there may be malware or viruses that have been installed on the computer. These might be a virus, key-logger, Trojan, or worm that you then allow to transfer to your company network when you log in to your company network. Key-loggers are programs that record and store each and every keystroke you make while using an infected computer. That keystroke data is quietly stored for later access by the thief. When it is retrieved, the thief will have an exact record of all the websites you visit, files you access, including your company network, and your user name and password that were used to access any accounts you visited. This information is a goldmine for an identity thief.

    A better choice would be to use your own laptop and connect to a hotel network while using a virtual private network (VPN).

  • Personal and Business checks – Leave personal checkbooks and checks at home. If necessary, keep business checks in a secure location (hotel safe) when not needed. Checking account takeover is one of the hardest types of financial fraud to remedy. ITRC recommends that you use cash, traveler’s checks or credit cards for purchases.
  • Leave bills at home – Taking personal bills and financial account information with you during your travels puts you at greater risk for identity theft. Unfortunately, many people have access to your room while you are away at meetings and victims have reported that financial account information and checking information has been stolen in this way.
  • Pickpockets – Business travelers should be aware that in addition to wallets, pickpockets are also looking for laptops and PDAs that are temporarily out of your control. This can easily happen at airports, in hotel lobbies and in restaurants. Remember, out of sight means out of control. Thieves may travel in pairs and watch where you put your belongings long before you know you are even a target.
  • Shoulder surfers – Many business travelers are tied to cell phones or PDA devices 24 hours a day. In public areas, identity thieves use “shoulder surfing” to gain access to your personal information. That term used to only apply to those who looked “over your shoulder” to see information. With the common use of cell phones, we forget that we are in a public venue and may talk about things that a thief can overhear and use. (This pertains to public payphones as well.) In other words, if you wouldn’t want to see it on a billboard, don’t talk about it on a phone in public. This includes PII as well as company proprietary information.
  • Mail – If you travel frequently, you might want to consider having a P.O. Box rather than allowing mail to accumulate in your mailbox. If you do not have a locked mailbox, and don’t want to get a P.O. Box at the post office, at least put your mail on “postal hold” while you are gone.

Rules for the Company

There should be a person in your company or organization that audits information and tracks who has access to PII files or records. This person should be the first person notified in the event information is misplaced or lost. This way, a response team can be alerted to follow a pre-established protocol regarding information containment as well as implement the steps which need to be taken at that time by the company or agency.

For additional information about ways to reduce identity theft risk while traveling, please refer to:

ITRC Fact Sheet FS 122 – Identity Theft Travel Tips

This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to