Blog

6 comments

6 Methods For Preventing, Protecting, and Detecting Theft After the Equifax Hack

Do you own a paper shredder? I used to do the “budget” version of tearing the account numbers into small bits of paper and then putting them in different trash cans. But could you imagine if you sent all your payment envelopes with your account numbers to the bank and they left them out in an unattended lobby? Or added post-it notes to each one with your username and password and then threw them in their trash without shredding them? Well, that’s essentially what happens when any one of these institutions gets hacked.

These hacks are becoming so increasingly common and widespread that shredding our documents or keeping our own passwords safe seem like almost negligible precautions. I’m not an expert in cybersecurity but worked on several digital products for the financial industry during my career as a user experience designer so got some exposure to the systems and flows that way. Running my own e-commerce store also gives me a “behind the scenes” view of how the other side of payment processing works. Honestly, both of those experiences make me even more concerned than I used to be, but have helped me learn about a few simple precautions you can take which I’d like to share in case you haven’t already.

Auto-Pay Card

Prevention

While hacking can make you feel powerless to keep your own information safe, it’s important that you still take every precaution you can… and that starts with the place where most of your financial transactions take place: your credit cards.

Method 1: Sandbox your credit cards

About 5 years ago, I started developing and refining my own personal system for managing different credit cards. It was primarily aimed at efficiency and reducing the number of cards I carried but in addition to being more convenient, I also think it’s a bit safer since different types of transactions carry different types of risks. All I did was strictly assign the credit card accounts I already had into 3 categories:

  • Auto-pay cards
  • Online shopping
  • Daily purchases

I even taped little labels on each one to keep them straight. I used an existing Visa card (since it’s accepted everywhere) for auto-pay and online purchases. Then for daily purchases I actually had both a Visa and an AMEX for points stuff. For the auto-pay one, I also suggest making a list somewhere of which things it’s set up to pay. I use Evernote for that.

This approach has two main benefits. First, it essentially digitally quarantines the information from these accounts. Once when some mysterious charges showed up my daily purchases card, I received a notification from AMEX. Ironically, it used the multimodal mobile notification system I had helped design! Since I indicated to the system I hadn’t made the charges, it connected me to a person.

When there are charges you didn’t make, it’s always good to ask whether their system shows that the card was present for the transaction. This can help you troubleshoot what kind of information the thieves had and how they may have gotten it. In this case, the representative said their records showed that the card was physically swiped even though I still had it in my possession. This can happen if someone gets your information (i.e., through skimming) and transfers it onto a blank magnetic card, easily purchased online. My usage behavior may or may not have made it easier for AMEX to detect the suspicious activity but it definitely made it easier for me to spot the charges which were different then the places I visit regularly.

The second benefit is that it makes it really convenient to swap out that card when it’s replaced. I didn’t have to modify any of my auto-pay accounts. Likewise, because you’re not using your auto-pay card for anything else, it’s sandboxed from the “risky” behavior you’re participating in through the normal course of using your credit card.

Method 2: Only take your “daily purchase” cards with you

Take a look in your wallet. Do you auto-pay anything with any of those cards? If so, it’s going to be a major pain in the butt to untangle the digital mess that comes about if you loose your wallet. It’s also pretty inconvenient if you have to cancel all your cards and don’t have another one handy. When i had to cancel my daily use AMEX, i was pretty much unfazed because I just used the other card until a replacement arrived. Leave the rest of your cards at home… a great use for any old “down-cycled” Tyvek wallets you may have.

This minimizes your everyday carry (EDC) but also serves as a physical sandboxing between your different accounts. The wallet you carry around doesn’t necessarily need to be a physical representation of your entire digital life. At this point if you have extra cards, you could consider cancelling them as well just to streamline what you have to track in your life.

Protection

Despite any additional steps you take, it seems practically inevitable that somehow some of your information will be exposed at some point, either by something you do or through one of the many institutions and companies you interact with digitally. If you assume that someone has your personal or account information, these are things which can make it more difficult for a criminal to get what they’re after.

Method 3: Place a Fraud Alert

If someone has your information, especially related to your identity, they may try and open up new accounts such as credit cards. In almost all cases, this will trigger a credit check with one of the three credit reporting agencies. By default, these agencies reply to these requests automatically with the requested information, such as your credit score. However, there are various ways to change this default with a "freeze" so the reporting agencies won’t provide any information without further confirmation.

This is a fairly strong prevention of damage being done, but it is a bit cumbersome to initiate… and when you actually DO want to apply for a credit card, or buy a house, or even apply for a job, you’ll need to temporarily lift the restriction or authorize a specific inquiry.

Each agency seems to offer some form of freeze and it usually costs $10-$15 for each one to both lock and unlock your report so that may not be worth it unless you know that your information has been compromised or you already have seen some indications of someone trying to use your information.

One service to consider which is slightly less powerful than a full freeze, but more convenient is to place a fraud alert on your file. This allows your credit report to be retrieved, but there’s a prominent note on it saying you suspect your information has been compromised. This should make anyone issuing credit ask for further proof before creating any new accounts. Here are a few advantages:

  • Free
  • Only report the alert with one agency and they are required to alert the other 2
  • Somewhat straightforward to implement with a phone call but you also need to send in physical documentation
Honestly, I have not set this up for myself… I called the TransUnion phone number and thought it was only going to take a minute or two with their automated system, but then they describe that you need to send them physical copies of a variety of identity information.

Update: Ok, so as I was proofreading this getting ready to publish, I went ahead and did the Equifax check for myself and it turns out I was affected by the breach! So I looked into the freeze a bit more and found that the Experian one has an online service which doesn’t require you to send in copies of documents. They will then notify the other two agencies on your behalf.

Method 4: Enable 2-factor authentication

This may seem similar to setting strong passwords and fall into the “prevention” category but in many ways it’s more powerful, especially if someone else already has your information. It basically means that in order to access your account, someone needs to go through an additional authorization step… or another “factor” in addition to the password. In practice, this is usually accomplished by inputting your mobile phone number, which allows the system to send a text to your phone with an additional code needed to complete authentication. These codes usually expire within a certain time and are also called one-time passwords (OTP).

Almost every online service, especially in the financial industry now offers some kind of similar authentication. Sure, it may take an extra few seconds but the security far outweighs any inconvenience. If you can’t find it in your account settings, it’s worth the time to call in and have them explain how to set it up for each of your accounts. I would argue this is more important than setting a strong password but I’ll let security experts hash that one out (pun for the security experts intended).

Detection

Okay, so you’ve taken a few simple steps to streamline your cards and somewhat protect your accounts. But how will you know if something does happen?

Method 5: Turn on paper statements

I know, this one is a bit counter-intuitive and it’s not environmental, but sometimes analog solutions are easiest to manage. Now that you’ve reduced the number of credit cards you use, get paper statements for these so you can take a quick look whenever one arrives. This should really only take 1-2 minutes as a sanity check to make sure you made the charges. If the cards are separated by use it should be much easier since you won’t see Netflix subscription charges right next to grocery store purchases.

This method works well for me and has also proven to be handy if I ever needed to go back and look for the record or a purchase. But I can understand if you skip this one and just follow the spirit of it, which is to check your online statements for irregularities.

Method 6: Enroll in credit monitoring

Confusingly, in addition to the fraud alert and freeze option, each credit reporting agency seems to offer its own additional credit monitoring product. I find it a bit disingenuous that Equifax’s offers their product TrustedID as a remedy for the breach they created… and that in the fine print it says that if you enroll, their partners can still get credit reports to send you pre-approved offers. Essentially, instead of offering a true freeze for free, they are gaining more customers for their service. Even if it's "free" they can sell your information to partners such as LifeLock. I even read that Equifax, alerted their partner LifeLock about the breach before the general public so that they could get their marketing and customer service ready. And their sign-ups have increased 10x.

This isn’t going to be a comprehensive comparison of the services out there but I will mention one I’m familiar with since I worked on a product related to it during my time as a UI designer. It’s called Credit Wise (formerly Credit Tracker) by and it’s a free service provided by Capital One. It’s powered by TransUnion®, one of the big 3 credit reporting agencies. Experian is the other one that hasn’t been hacked and Equifax is the one that got hacked. You can go here to check to see if your information was compromised.

The Credit Wise service is completely free (really) and has a well designed and highly rated app. Their business model seems to partly be to retain current credit card customers and advertise their own credit card products to potential new applicants as lead generation.

Note: I am not affiliated with the company or the app and get nothing if you choose to use it.

These aren't all the conceivable things you could do to protect your identity or credit. But if you’re not doing all of these things yet, they’re quick and easy to get up and running. Then you can move on to some more sophisticated measures which perhaps I’ll cover down the road.

Did you implement any of these as a result of reading this? Please leave a comment below and let me know if you’d like more info like this in the future... or if you have any additional tips to share which could help others keep their personal and financial information safe.

17 comments

Introducing Navy Soft Shell Minimal Wallets

Ever since I first introduced the Soft Shell wallets, I’ve wanted to add additional colors. But since I have this material custom produced, this introduces a couple of challenges…

First is the requirement that I order A LOT of it. Unlike most traditional fabrics where a distributor sells a few yards or rolls to product manufacturers, I have this material custom produced so need to buy the whole production run or literally a “lot" ;) 

The second challenge is that I can’t see what the colors will look like before I produce the material. Usually you can order swatches, which are small pieces of a material in the colors which are available. Then you just pick the color you like. Instead, I need to define a custom color to be produced. When I did this for the first time producing gray, it was a bit nerve wracking, but once I began to understand the process it actually was pretty cool to basically create exactly what I want.

As I started considering colors, I wanted something subtle and sophisticated, yet with just a bit of a pop of style. As it happened, I was really drawn to the blue of the shirt of one of my favorite tennis players Kei Nishikori so I special ordered it from Japan.
Kei Nishikori

As described in this post about defining our Charcoal color, I have the opportunity to send the factory physical objects as reference colors, then thy'll will produce a “lab dip” based on their color formula which most closely approximates it. At first glance it looks like a normal dark blue, but there are hints of other colors, which are brought out when accent stitching is applied, especially orange (like the collar of the shirt). So I sent this shirt in and waited for the lab dip results…

If you’ve ever tried to color match something, even just with an eye dropper in Photoshop, you know that there ends up being a range of colors so two lab dips were produced to cover this range and I was able to choose between them. Once I put my orange accent thread down on one of them, I knew I had a winner.

The Navy/Orange Soft Shell wallets are now in stock in both Original and MICRO sizes. MICRO RFID and Original RFID are also available for pre-order. They’ll ship out by Oct. 12th or sooner.
Or you can win one NOW for free! Just enter below and we’ll select the winner in a week.

Navy Giveaway 2

I’m really happy with the new Navy addition to the Soft Shell line… and I was careful to select the tone so it also goes well with the current Charcoal and Black products so you can easily mix and match with the Slim Pack.

Would you like to see Soft Shell come in additional colors? Let me know in the comments below!
4 comments

Slim Pack project complete!

It started with a simple question from my wife- What do you want for Christmas? When I couldn’t find a backpack I liked and heard from previous backers that they were also looking for a minimal backpack, I decided to make one.
Initial Slim Pack Sketch
After 2 years of designing and prototyping, I launched the campaign and the response was fantastic. But while folks loved the concept, there were also lots of suggestions for additional features and design elements. One of the great things about Kickstarter is that it facilitates a discussion directly between the customer and creator. When you walk into a department store, you can’t know who the designer behind a brand actually is, much less have a conversation with them. 
The first suggestion was to add just a bit more color… but not enough to distract from the minimal style. So I added two main elements: A bar tack accent stitch on the bottle pocket and some top stitching portions on the shoulders of the bag.
Bar tack close up
On the black bag, these top stitches are also black so it makes it more of a textural element than an overt color contrast. 
Close up of top stitching
The next main suggestion was to consider a charcoal backpack. As it so happened, I was already imagining this as a potential possibility down the road. It’s kind of a big deal to make a new color of Soft Shell since it needs to be custom manufactured and color matched, but I thought that our previous gray wouldn’t look as good for a backpack. So during the design phase of the Slim Pack, I defined a new darker gray and had already ordered it. It came in during the campaign, so I created a prototype Slim Pack. It looked so good, I decided to make this available during the campaign so folks would have the bag they most loved. And the Charcoal/Orange color combination ended up being incredibly popular.
Charcoal Slim Pack
There were also several functional elements that entered into the discussion… is there a clip for keys? What’s the handle like? Based on this feedback, I added a highly functional key clip with a rotating head so it doesn’t get tangled up and long leash so you can unlock a door without actually unclipping it.
Key clip addition
I also upgraded the handles to use an overmolded rubber grip, which is super comfortable in your hand.
Overmolded handle detail
Lastly, folks asked about the stability of the bag if they were active, such as while hiking or commuting on a bike. Some wanted a chest strap but others implored me not to add one since they hate how they dangle. So I came up with something I call Minimal MOLLE, which leverages the spacing of military webbing and allows things like a sternum strap to be added. Other things such as sunglasses or small pouches can also easily be attached.
Sternum Strap
By the end of the campaign, we had over 1,000 backers… which meant 1000 bags to make! This has been by far my most challenging project yet, from both a design and logistics point of view. Each bag ended up taking three times as long to make which also made the cost much higher. Even though we did all we could to make the process efficient, they’re made in a very small shop in San Francisco so are still essentially hand crafted one by one.
Slim Pack Components
The project has had more ups and downs than previous ones, but I can definitely say I’ve learned the most from this one. Sometimes I guess you learn more when things don’t go that smoothly. One of the things I learned was how supportive and understanding my backers have been throughout the process. With all the behind the scenes updates, folks began to feel like they were on the journey with me… and it was their comments along the way that encouraged me as well.
Kickstarter comment
Kickstarter comment
It took a bit of help from everyone to get the project done...
A little help from your little friends
But when folks got their bags, the positive feedback made it all worth it:

"Just wanted to send a quick thanks/kudos for the slimpack…. the air pressure from the plane popped open the person's water bottle…n Everything inside the other bag (nothing important fortunately) was also soaked. Slimpack contents though, including my laptop, were bone dry. So, thanks! Sure glad it arrived before my trip. :)"
- Nathan (Canada) 

"This backpack feels like the last backpack i'll ever own. Its attractive and understated, and i get compliments from people regularly, only to wax "and it's totally waterproof!” Anyway, i just feel like this is an incredibly functional object that makes essentially no compromises. Its the perfect backpack for me. Thank you so much!!"
- Greg W (Brooklyn, NY)

"My wife and I both love our backpacks! Mine works great when on my motorcycle, too. Love the fact that it rides high, not down on my waistline. Whatever difficulties you had in producing this project, just keep it up. This is the best minimalist backpack on the market, by a long ways!!"
- John M (Hixton, TX)

"Hi Dave: I don't like my bag. I absolutely LOVE it. It's so incredibly thoughtful in its design. Minimalist in appearance, but so functional, so light. Beautifully designed with function at the forefront, and yet so robust in its material and construction. You've done a marvelous job. I'm so impressed. This thing is beautiful. I was at the Airport earlier today, and I had 5 different people walk up to me and ask me about your bag. I unwittingly became a Slim Pack evangelist."
-Pablo (Durham, NC) 

"Hello! I took my backpack to our Canada Day Celebration in Ottawa and it poured rain all weekend. Everything in the backpack stayed dry as promised!"
-Evelyn (Canada)

"Hi Dave, I got your backpack and its amazing. Very light and stylish. Thanks a lot for this beautiful bag."
-KLEOPATRA V (Greece)

"Hello Dave, Just want to say, thanks for the bag and wallet, great products."
Alex A (Netherlands)

"Dear Dave, I just wanted to say thank you for creating the SlimPack.
It’s not an exaggeration to say that it has changed my life for the better: Since it’s arrival in late May I’ve used it as a daily commuter pack, used it as an on-board pack on international and domestic flights, used it as a conference bag, and it’s held up brilliantly—including soakings in foul weather where the contents remained toasty dry! I’m carrying both a Macbook Pro and a large iPad with far more comfort, and better posture, than with my previous backpacks."
-Andrew W (Australia)

"Will say, have never received so many compliments on a backpack before!"
-Amanda H (Massachusetts)

Now that the kickstarter bags have shipped, it’s a great feeling to have the project complete but I’ll also miss the process of creation.
Which leads to another question… what should I make next?
1 2 3 17 Next »