For expert advice on identity theft risks, Kiplinger interviewed Raj Ananthanpillai, founder and CEO of Trua, an identity verification and screening company. He has over 30 years of experience as a tech entrepreneur, and one of his companies helped develop TSA-Precheck for air traveler security. 

Why is this a golden age of identity theft?

Everybody is giving away their Social Security number, date of birth or where they live, whether it’s to sign up for a gym membership or for discounts on groceries because they think they’re getting something of value. But these companies are collecting your personal information. Not only does that put you at risk if the data is hacked, but companies may turn around and sell it to third parties. Some of this information is then stolen and bartered on the “dark web” — where users and website operators are anonymous and untraceable.

Companies are supposed to get your consent before sharing your information with third parties, but it’s on 13 to 15 pages of fine print that 99% of people can’t understand, so they agree to the terms.

What should you do if a company asks for your Social Security number?

It depends on the company.

Social Security numbers were created to record wages and earnings for the IRS and to determine eligibility for government benefits. Somewhere along the line, people started using them to establish an individual’s identity, and it has proliferated. 

If the entity asking for your Social Security number isn’t a financial institution, government agency or employer, you should ask why they need it, what they are going to do with it, how long they’re going to store it and whether they share it with any third parties. If they’re using your Social Security number for identity verification only, you should ask whether there’s another way to establish your identity.

Is it risky to give a company your cell phone number?

Yes, because it may be used to commit fraud.

These days, cell phone numbers are being used as a piece of verification data to prevent fraud in digital transactions. In addition, as online vendors collect cell phone numbers, they use them for marketing purposes, which means you may receive a lot of spam. They may also sell them to third parties that collect and barter them on the dark web. You can end up getting a lot of calls and texts from scammers who are trying to trick you into giving up personal information or downloading malware. Scammers may also try to use your cell phone number to access your online accounts.

How can we use ChatGPT and other forms of generative AI safely?

Never give one of these programs your personal information, such as your Social Security number, date of birth, mother’s maiden name or even your work history. If you provide this kind of information to ChatGPT and ask it to write you a résumé, for example, you never know where the information will go or whether it’s going to be used for a nefarious purpose. And with artificial intelligence, there’s even more proliferation of information that could be hacked or stolen.

How can we safeguard our information, especially when companies say they need to verify our identity?

Get a reusable digital identity that you can use over and over again, either in person or electronically with businesses that offer it. A reusable verified digital identity, like the one my company offers, is an “all-in-one” ID proofing and authentication solution. Users provide some basic information and Trua verifies it — using government-issued identification, Social Security numbers, dates of birth, names, aliases, addresses, and so on — and issues a reusable TruaID.