Skip to main content
Iowa Attorney General
Main Content

How to Avoid Identity Theft

Identity theft crimes are on the rise causing nationwide concern.  Your personal identifying information can be accessed in a variety of ways.  An imposter can misuse your information to open fraudulent credit card accounts, secure deposits on cars and housing, obtain employment opportunities, create insurance benefits, and rob retirement earnings.  This form of financial sabotage can devastate your credit and require endless hours of telephone and written communication to resolve.  In the meantime, you may experience difficulty writing checks, obtaining loans, renting apartments, and even getting hired.  While following these precautionary steps is not a guarantee, it will greatly reduce your chances of becoming the next identity theft victim.                                                                                                                                      

1.  Your Credit Report:  Your credit report is a very important compilation of information about you. It lists a number of personal identifiers, such as your Social Security number, your date of birth, current and past addresses and employers.  It also reveals present and past mortgages, loans, credit cards and utility accounts, as well as any other reported debts. It discloses the status of those accounts, whether they're up-to-date, paid in full, overdue, or in collections. Each of the three national credit reporting agencies (Equifax, Experian and TransUnion) are private industry competitors who collect data independently and organize it in a credit report with your name on it.  All of the account information each credit agency has collected is used in a mathematical equation to determine your credit score.  Thus, your credit score may vary as each credit agency determines your credit score based on the information it has collected about you.  Any public information, such as liens, judgments, bankruptcies, even criminal convictions against you, is also recorded.  Items which are negative, such as overdue or charged-off accounts, may remain on your report for seven (7) years. Bankruptcies can continue to be recorded on your report for up to ten (10) years. Whether you apply for a job, apartment, loan or set up an account with a new cell phone provider, the company will most likely check your credit report.  Even insurance (car, health and home) companies routinely check a potential client’s credit report before quoting an insurance rate.  Since credit reports touch nearly every facet of our lives, it is especially important that the information contained within those reports be accurate and current. 

Free Copy of Your Credit Report:  Order your credit report once a year from each of the three national credit reporting agencies (Equifax, Experian and TransUnion) to check for inaccuracies and fraud. You are entitled to a FREE copy of the credit reports compiled by each of the three credit  agencies. You can get one free copy from each credit agency every twelve months. You can order all three reports at once, or you can get them one at a time every four months or so. Monitoring your credit card statements and your credit reports are the most important steps you can take to safeguard your credit identity because you can catch errors and detect identity theft early. Equifax, Experian and TransUnion are private industry competitors who collect data independently.  Thus, all three credit reports must be reviewed to ensure the accuracy and safety of your credit information. Your free credit report does not contain your credit score as it is the work product and thereby property of  the respective credit  agencies.  The Federal Trade Commission required the three national credit reporting agencies to create a joint clearinghouse for consumer requests, so ordering your credit report is very easy online, by phone, or by mail:
Phone (toll-free): 877-322-8228
Annual Credit Report/Central Source
P.O. Box 105283
Atlanta, GA 30348

Disputing Errors:  Once you receive your credit report, look for suspicious activity, such as fraudulent accounts, incorrect addresses or indications of delinquent payments. Send a dispute letter to each credit reporting agency AND credit grantor that lists erroneous information.  Request the credit agencies, in writing, to permanently remove any erroneous information and inquiries from your credit report. A sample dispute letter is available here:

Placing a Security Freeze on Your Credit Report:  Iowans have an innovative tool to prevent identity theft, the legal right to tell the three national credit reporting agencies (Equifax, Experian and TransUnion) to place a  “security freeze” or block on sharing their credit reports.  A security freeze prevents potential creditor grantors and other third parties from accessing credit reports without your approval. Most businesses will not open credit card or other accounts without checking your credit history.  If your credit reports are frozen, an identity thief would be unlikely to get credit in your name.  A security freeze is free to identity theft victims who have filed an identity theft police report.  For others, there is a one time $10 fee to place a security freeze with each of the credit agencies, or $30 total for the three credit agencies.   You must write to each of the three credit agencies and provide your identifying information.  A “security freeze” will not lower your credit score.  A security freeze remains in place until you ask to remove it (in order to apply for a new job, for example, or for a home or auto loan.)  To lift a security freeze, consumers must contact the credit agency utilized and pay the required fee.  By Iowa law, the maximum each credit agency may charge is $12.  Please note that a security freeze cannot prevent all types of identity theft.  However, financial identity theft is the most common form of identity theft.  
Opt Out of Credit Report Marketing Lists:  Remove your name from the marketing lists of the three national credit reporting agencies (Equifax, Experian and TransUnion.).  The credit agencies collect important information about you such as if you pay your bills on time, how much you owe, and whether you've filed for bankruptcy or been sued or arrested. The credit agencies then sell your information to creditor grantors, insurers, employers, landlords, and other businesses who want to evaluate your credit.  Opting out of the marketing lists will limit the number of pre-approved credit offers that you receive in the mail.  Financial institutions mail over 3 billion pre-approved credit offers a year!  When in transit or tossed into the garbage, such solicitations are a likely target of identity thieves who use them to order credit cards in your name.  To remove your name from marketing lists, request removal online, by phone or by mail:                                                                         

Phone (toll-free): 888-567-8688
Opt-Out Department
PO Box 2033-A
Rock Island, IL 61204
 Equifax, Inc
PO Box 740123
Atlanta, GA 30374
Consumer Opt Out
701 Experian Parkway
Allen, TX 
TransUnion Corp.
Name Removal Option
PO Box 505
Woodlyn, PA 19094




2.  Removing Public Information:  Consider removing your name and address from the telephone book, reverse directories, and city directories.  By eliminating your name from these sources, you can reduce access to your personal information from places like the Internet (which mainly use public information resources as a database), telemarketers, and identity thieves.

To block your address, call or write:

Century Link
Or contact your local
telephone service provider

No fee when the account is set up

To remove your information from the phone book ("non-listed"), call or write:

Century Link
Or contact your local
telephone service provider

One time set up charge and
$5 monthly fee

To remove your information from the phone book and directory assistance ("non-published"), call or write:

Century Link
Or contact your local
telephone service provider

One time set up charge and
$5 monthly fee

To remove your information from the city directory, call or write to:

Polk City Directories/ InfoUSA
Attn:  Consumer Requests
1020 East 1st Street
Papillion, NE   68046



National Do Not Call Registry:  The Federal Trade Commission (FTC), the Federal Communications Commission (FCC), and the states Attorneys General are compiling and enforcing the National Do Not Call Registry to make it easier and more efficient for you to stop getting telemarketing calls you don’t want.   Placing your telephone number on the registry will stop most, but not all, telemarketing calls.  Registration is free and you can register up to three (3) telephone numbers such as your home and cell phone numbers.    

Register online at

Register up to 3 telephone numbers and you will receive a confirmation by e-mail.

Call 888-382-1222 toll-free

You must call from the telephone number that you wish to register.


More Marketing Lists:  Remove your name, home mailing address, telephone number, and e-mail address from many national lists by opting out of the Direct Marketing Association’s marketing lists.  The Direct Marketing Association is the largest national trade association serving approximately 80% of the direct and interactive marketing field. This service is only available for individuals and "home" addresses (not businesses).  You will be removed from the Direct Marketing Association member lists for three (3) years.

To remove your name from national mailing lists for a $1 fee write:

DMA Choice
Direct Marketing Association
P.O. Box 643
Carmel, NY 10512

Or remove your name from national email, postal mail and telephone lists for a $1 fee go on-line:


3.  Voter Registration Records:  Iowa law allows individuals to delete their middle name, email address and telephone number from voter registration records.  (Iowa Code section 48A.11)  Your local County Auditor's Office can give you or mail you a Voter Registration Application to change the information contained within your voter registration file.  Fill out the entire form and simply write "delete" in the areas you want to protect from public disclosure.  This form is also available in most telephone books in the government listings. 
4.  Personal Checks: Ordering  When you order new checks, consider removing "extra" information such as your Social Security number, assigned driver's license number, middle name, and telephone number.  The less personal identifying information you make available, the more likely an identity thief will choose an easier target.  Do not have new checks sent to your home mailbox.  Pick them up at the bank instead. 

Personal Checks: Storage  Store your new AND canceled checks in a safe place.  Cleaning, home improvement, service or utility personnel and even friends of friends can take advantage of being in your home and helping themselves to more than your hospitality.  In the wrong hands, cancelled checks could reveal a lot of about you, including information about your other accounts by looking through the payments you have made, so avoid writing individual account numbers on the memo portion of each check. 

Personal Checks: Negotiating
Ask that merchants not hand-write your Social Security number on your checks because of the risk of fraud.  Currently, there is no law against a merchant requiring you to divulge your Social Security number before accepting a check, so you may need to be assertive.  Offering an assigned driver's license number is usually an adequate substitute.

Never permit your credit card number to be written onto your checks.  Iowa law prohibits a merchant from recording your credit card number or expiration date as a condition of acceptance of a check for the sale of goods or services.  Iowa law does NOT prohibit a merchant from requesting that you display a credit card, and it allows the merchant to record only the name and issuer (bank name) of the credit card.  However, a credit card number may be requested and recorded in lieu of a deposit to secure payment in the event of loss, damage, or default.  (Iowa Code section 537.8101)

5.  Credit Cards:  Reduce the number of credit cards you actively use to a bare minimum.  Carry only one or two credit cards in your wallet.  Always take credit card and ATM receipts with you.  Never toss them in a public trash container. Watch the mail when you are expecting a new credit card that you have applied for or a reissued credit card that has expired.  Immediately contact the issuer if the credit card does not arrive. Cancel all unused credit card accounts. Even though you do not use them, their account numbers are recorded in your credit report, which is full of data that can be used by identity thieves.  Cut up the unused card, return it to the credit card issuer and request that the account be “closed at customer’s request”.

6. Credit Card Convenience Checks:  If your credit card issuer sends random issue convenience checks, request (in writing) to be removed from the mailing list.  Credit card convenience checks are easy prey for identity thieves to steal and use while often times, the consumer is unaware that the random checks were even issued.  Your credit card billing statement should contain a different address for "correspondence" to the issuer.  Do not send your requests to the same address where you send your credit card payments.

7.  Inventory Portable Personal Information:  Keep a list or photocopy of all your credit cards, account numbers, expiration dates, and telephone numbers of the customer service and fraud departments in a secure place (not your wallet or purse) so you can quickly contact your creditors in case your cards have been lost or stolen.  Do the same with your bank accounts.

8.  Callers Requesting Information:  Never give out your credit card number or other personal information over the telephone unless you have a trusted business relationship with the company and YOU HAVE INITIATED THE CALL.  Identity thieves have been known to call their victims with a fake story that goes something like this: "Today is your lucky day!  You have been chosen to receive a free trip to the Bahamas.  All we need is your credit card number and expiration date to verify you as the lucky winner."  Identity thieves pretend to be the IRS, your credit card fraud department, the hospital emergency room, or anyone else to “panic” you in to giving up your personal information.                                                                                                                                                                                               
9.  Safeguarding Mail:  Install a locked mailbox, a front door slot at your residence or use a post office box to reduce mail theft.  When you pay bills, do not leave the envelopes containing your checks in your home mailbox for the postal carrier to pick up.  If stolen, your checks can be altered and then cashed.  Never write your credit card account number or Social Security number on the “memo” portion of your checks when making a payment.  Many people have access to your personal check (as it makes its way through the postal and payment system) and the information can simply be copied for fraudulent use later.  Due to an increased risk of theft and vandalism, it is best to mail bills and other sensitive items at the post office, rather than from your residence or neighborhood drop boxes.

10.  Privacy Notices: Watch for the “Privacy Notices” you receive once a year from businesses (banks, credit card companies, investment services, mortgagers, insurance agencies, etc.) that you have a financial relationship with.  The Financial Services Modernization Act (also known as Gramm-Leach-Bliley or GLB 15 U.S.C. sections 6801-6810) requires businesses that provide financial services and products to annually disclose the following:

  • Privacy Policy: Your financial institution must tell you the kinds of information it collects about you and how it uses that information.
  • Right to Opt-Out: Your financial institution must explain your ability to prevent the sale of your personal information to affiliates and/or third parties.
  • Safeguards: Financial institutions are required to develop policies to prevent fraudulent access to confidential financial information. These policies must be disclosed to you.

In most cases, if you fail to respond to the Privacy Notice, you are allowing the business to share, sell, or trade your personal information to anyone! The burden is on you to opt-out--that is to say "no" if the business wants to sell or share your personal information to other businesses (affiliates and/or third parties.)  So, the next time you get a privacy notice in the mail, make an affirmative decision on how you want to share your personal information.

11. Internet Access and Purchases:  Don’t own a computer but you need access to the Internet?  You aren't alone. Unfortunately, some  information and services are only available via the Internet.  Some accounts require the holder to have an email address as a basis for communication and identification.  In today’s high-tech environment, not having access to the Internet will be even more challenging.  There are several places that provide public use computers, as well as Internet access, at little or no charge as follows:                                                                                          

  •           Public library
  •           Community center
  •           Senior center
  •           Community college or university
  •           Office supply store
  •           Book store, café, coffee shop, gaming center, hotels, rest areas, restaurants and truck stops

One of the benefits for consumers using the Internet, a global system of interconnected computer networks, is the ability to purchase products and services around the clock electronically from the convenience of their home or office.  One of the drawbacks is the potential for fraud and deception.  Use caution when using a debit card or before providing personal information (such as your Social Security number or date of birth) on the Internet.  Read the browser’s and the merchant’s security and/or privacy statement.  Look for the words Secure Sockets Layer (SSL) or Secure Electronic Transaction (SET) to establish if the website is encrypted which means your information is converted into a code to prevent unauthorized access between parties.  You can check on the security of a website by clicking on the site identity button on the left edge of the location bar (the padlock, exclamation mark, etc.) which is also color coded to show the type of certificate being used. Check to see if the web address includes an “s” for example https://.  The “s” indicates that the website uses SSL or SET encryption to transmit information.                                                                                                                                                                                

12.  Passwords, Passphrase and Personal Identification Numbers (PINs): Avoid using common, easy to guess passwords and PINs.  Consider using a “passphrase” which contains multiple words that create a phrase to access your computer or accounts.   Create an acronym from an easy-to-remember piece of information that is meaningful to you using a combination of use of capitalization, numbers and special characters.  Passphrases are generally easy to remember and fun such as “I love to read the newspaper!” could be “Il2rtn!” to create a strong passphrase.

Don’t reuse the same password for multiple accounts.  Don’t share your passwords with anyone.  Change your passwords regularly.  Memorize your debit card PIN and don't record it on anything in your wallet or purse.  Add extra protection to your accounts by setting up a password for access. Shield transactions when you enter your PIN at an ATM or a point of sale terminal to avoid “shoulder surfers”.  Never respond to email messages asking for your account number, password or PIN.  Click “no” if a computer application asks you to automatically save your password.  

13.  Protect Your Social Security Number:  Your Social Security number is the key to most of your personal information such as your financial accounts, medical and insurance records, and government files making it a prime target of identity thieves.  Iowa law requires you to disclose your Social Security number to the Department of Transportation when applying for an Iowa driver's license, however you will be issued an “assigned” drivers license number.  Your assigned driver's license number can be utilized in a variety of ways (cashing personal checks, filling out non-governmental forms, etc.), thus protecting your Social Security number from unnecessary public disclosure.  Iowa law protects your personal identifying information on your driver’s license from public disclosure. (Iowa Code section 321.11)

You may wish to utilize an "assigned" driver's license number rather than your Social Security number whenever possible.  Release it only when required by law (such as tax forms, employment records, banking, stock and property transactions, driver's, marriage and professional license applications, etc.) or when in your best interest.  If a government agency requests important personal information, including your Social Security number, a Privacy Act notice should accompany the request.  (5 United States Code section 552a(e)(3))  This notice will explain whether disclosure of such information is required or requested, the use that will be made of the information, and what will happen if you refuse to provide all or any part of the information.                           

14. Income Earnings Statement:  Review your Social Security statement annually for inaccuracies or fraud.  To request your statement write, call, or log on to:

Social Security Administration
Office of the Inspector General (OIG)
Riverpoint Office Complex
455 SW 5th Street, Suite F
Des Moines, IA 50309
Phone:  800-772-1213 toll-free
website to download a statement application:

15.  Monitor your monthly statements:  Carefully review your monthly bank and credit card statements, utility and cell phone bills for unauthorized charges or fraudulent use.  Be aware that under current laws, phone companies are obliged to let other carriers use their billing systems for a fee.  More and more unscrupulous third parties are billing consumers on their phone bills for goods such as: special services, calling plans, or memberships that they did not order and do not want (a practice commonly called "cramming").  Many unauthorized charges result from “free” trial offers which are always followed by some type of charge following the brief trial period because the goods or services are never really “free”.  Be aware that some long distance telephone companies resort to deceptive tactics to switch your service without authorization (a practice commonly called "slamming").  You may contact your local telephone company to verify your long distance carrier and request a "freeze" on your account so it cannot be changed without your specific authorization using a password.

16.  Discarding personal information:  Do not toss credit card convenience checks or pre-approved credit offers in your trash or recycling bin without first tearing them into small pieces or shredding them.  Do the same with credit card receipts, banking statements, utility bills, and so on.  Home shredders can be purchased in most office supply and discount stores for a minimum cost.  Desktop computers, laptops and smart phones can all be harvested for personal, private or sensitive information such as;  financial information, passwords, PINs, contacts, photos and email.  Learning how to properly and permanently eliminate personal data before you discard or recycle your electronic equipment is critical.  By adopting responsible information handling practices, you can reduce the risk of fraud.

17.  Retail Data Collection and Storage:  When you fill out credit or loan applications, find out how the company disposes of them. If you are not convinced that they store them in locked files and/or shred all paper records before discarding them, take your business elsewhere.  Some auto dealerships, department stores, car rental agencies, and video stores have been known to be careless with customer applications.  Also an employee at the business with "insider access" may retrieve your personal information to sell or use fraudulently.  When you pay by debit or credit card, ask the business how it stores and disposes of the transaction slip.  Avoid paying by a check or debit card if you think the business does not use adequate safeguards.

18.  Retail Data Sharing:  Magazines, credit card companies, clubs and organizations, charities, manufacturers and retailers sell lists of their subscribers, customers, members and donors to other businesses.  Your information is reproduced and sold in countless ways.  You should always exercise caution when providing personal identifying information via the Internet, mailing a rebate, survey or warranty card, entering a drawing or sweepstakes, donating money, and even subscribing to magazines. 

19.  Be Aware:  Minimize the amount of information a thief can steal, do not carry extra credit cards, your Social Security card, birth certificate, or travel passport in your wallet or purse, except when needed. When in public places, always be aware of your surroundings.  Thieves commonly use a distraction in cramped public places, such as elevators, escalators and revolving doors to "bump and lift" your money, identification, and credit cards.  Be especially cautious with bags and purses that can be an easy target for a thief to "grab and run."

© 2018 State of Iowa Office of the Attorney General. All rights reserved.