Risk
5/4/2008
08:30 PM
50%
50%

ID Theft Monitoring Services: What You Need To Know

Fee-based services say they'll protect your identity, privacy, credit, name, and more. Find out what they can and can not do -- and learn what you can do to defend yourself.

But monitoring is not necessarily the best way to prevent or even defend against identity theft. "I think a freeze is a much better way to control your credit," says EPIC's Roschke. "It prevents things from happening without your permission. And in many ways, that's better than credit monitoring, because you don't have to keep an eye on it. You've just locked it up."

Five (Mostly) Free Alternatives to ID Theft Monitoring Services

Instead of paying for identity theft monitoring, consumers can roll their own monitoring, prevention, and reaction program, mostly for free. Here's where to start:

  1. Watch your credit reports. Everyone is entitled to see a free credit report annually from each of the three credit-reporting agencies (Experian, Equifax, and TransUnion). To obtain yours, see AnnualCreditReport.com.

  2. Use credit freezes. A credit freeze (aka "security freeze") locks credit reports so only you or current creditors can see it. It can also be unlocked on a per-creditor basis, for example if you're going to buy a house, car, or get a new credit card.

    The cost is $10 per bureau to place a freeze and $10 to lift a freeze, though this varies by state, and may even be free, especially for senior citizens or victims of identity theft. (For a state-by-state breakdown of costs, see Consumers Union.) This approach is better suited to financially established people, versus younger people who may need fast access to credit.

  3. Place fraud alerts. Under the Fair Credit Reporting Act, consumers may place a fraud alert on their credit report for 90 days -- renewable indefinitely -- which warns potential creditors that there's been fraudulent activity. Also available: an extended, 7-year alert, which also excludes you for 5 years from "pre-approved" credit card offers. First, however, you must file an FTC identity theft report.

  4. Avoid debit cards. Attacks which steal card numbers via ID-swiping devices -- often installed at gas stations and grocery stores -- are on the rise. "That information can be sent overseas, and there's a whole industry that makes up fake credit or debit cards," says Stephens. Suddenly, your account may be empty. While credit card losses are typically capped at $50 (if not waived, as long as the financial institution doesn't suspect you of fraud), no such protections exist for debit cards.

  5. Look to resolution services. Public agencies and non-profit organizations can help you clean up identity theft for free. Start with the Privacy Rights Clearinghouse, MassPIRG's How to Clean Up Identity Theft, and the FTC's Fighting Back Against ID Theft.

What No Identity Theft Monitoring Can Catch

One word of warning: Credit monitoring, credit freezes, and fraud alerts cannot protect against three kinds of identity theft:

  • Medical ID Theft. "This is where someone fraudulently uses your insurance information to obtain care in a hospital emergency room," says Stephens. Thanks to the cost of insurance, it's a growing threat, with a grim potential side effect: it creates a fake medical record in your name, perhaps listing a different blood type or incorrect allergies. In a worst-case, emergency room type of scenario, this can be fatal.

  • Social Security Number Fraud. Undocumented workers may steal your Social Security number for employment purposes. "All of a sudden, you're going to get a W-2 from the IRS that says, why didn't you report this income?" says Stephens.

  • Criminal Identity Theft. If someone is arrested and has fake credentials in your name, then their fingerprints and resulting criminal record may also end up in your name. "Then they don't show up at the court date, and a warrant goes out on their arrest, and probably what happens is, you get pulled over at a traffic stop, and hey, you have a warrant out against you," says Stephens.

Previous
4 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
clickyspinny
100%
0%
clickyspinny,
User Rank: Apprentice
11/22/2014 | 10:24:05 AM
Web Identity Monitoring
These guys provide a service for seeing and monitoring the info that's posted about yourself on the web. Cool way to easily know what info there is posted about you all around the internet. www.webidentitymonitor.com
IdentityTheftAid
50%
50%
IdentityTheftAid,
User Rank: Apprentice
8/16/2014 | 11:42:12 AM
Re: Identity Theft Prevention Fallacy
I'll agree 100% with AlertBroadcasts comments.  However there are proactive steps individuals can take to help prevent identity theft.  Shredding mail, having a secure mail box, not sharing sensitive information on social network websites etc., are just a few examples of ways to help protect yourself on a daily basis.  Many of the credit monitoring services are just reactive to dectected threats.  Some, on the other hand, have processes in place to help stop identity theft in advance, such as password encryption software for your pc, keystroke encryption, internet scanning to see if your identity is being sold on black market websites and much more.  Similar to the StopCreditFraud.org website, we have a comprenensive list of services that will provide that extra level of preventitive protection, as opposed to just standard monitoring.  You can see our list here.  http://www.identitytheftaid.org/identity-theft-protection.  No matter what service an individual chooses, having somethign in place is better than waiting to find out that you had your identity stolen 6 months ago, and your credit is utterly destroyed.  
AlertBroadcast
100%
0%
AlertBroadcast,
User Rank: Apprentice
1/10/2014 | 5:31:47 PM
Identity Theft Prevention Fallacy
A lot of people don't really understand that these id theft services can't "prevent" identity theft or credit fraud from happening. That's up to the individual. However, the good identity theft monitoring services can definitely help minimize the damage that is caused if & when your identity is stolen. Just being alerted to any suspicious activity that may appear on your credit report or that has your social security number attached to it is invaluable in stopping the problem before it grows out of control. A great site for anyone looking to learn more about identity theft is stopidentitytheft.org. I ended up signing up for Identity Guard after reading their credit monitoring suggestions. Hope it's ok to post a link here. http://www.stopcreditfraud.org/credit-monitoring-services It's worth looking at for those of you who have been thinking about an id monitoring plan.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.