Risk
5/4/2008
08:30 PM
Connect Directly
RSS
E-Mail
50%
50%

ID Theft Monitoring Services: What You Need To Know

Fee-based services say they'll protect your identity, privacy, credit, name, and more. Find out what they can and can not do -- and learn what you can do to defend yourself.

But monitoring is not necessarily the best way to prevent or even defend against identity theft. "I think a freeze is a much better way to control your credit," says EPIC's Roschke. "It prevents things from happening without your permission. And in many ways, that's better than credit monitoring, because you don't have to keep an eye on it. You've just locked it up."

Five (Mostly) Free Alternatives to ID Theft Monitoring Services

Instead of paying for identity theft monitoring, consumers can roll their own monitoring, prevention, and reaction program, mostly for free. Here's where to start:

  1. Watch your credit reports. Everyone is entitled to see a free credit report annually from each of the three credit-reporting agencies (Experian, Equifax, and TransUnion). To obtain yours, see AnnualCreditReport.com.

  2. Use credit freezes. A credit freeze (aka "security freeze") locks credit reports so only you or current creditors can see it. It can also be unlocked on a per-creditor basis, for example if you're going to buy a house, car, or get a new credit card.

    The cost is $10 per bureau to place a freeze and $10 to lift a freeze, though this varies by state, and may even be free, especially for senior citizens or victims of identity theft. (For a state-by-state breakdown of costs, see Consumers Union.) This approach is better suited to financially established people, versus younger people who may need fast access to credit.

  3. Place fraud alerts. Under the Fair Credit Reporting Act, consumers may place a fraud alert on their credit report for 90 days -- renewable indefinitely -- which warns potential creditors that there's been fraudulent activity. Also available: an extended, 7-year alert, which also excludes you for 5 years from "pre-approved" credit card offers. First, however, you must file an FTC identity theft report.

  4. Avoid debit cards. Attacks which steal card numbers via ID-swiping devices -- often installed at gas stations and grocery stores -- are on the rise. "That information can be sent overseas, and there's a whole industry that makes up fake credit or debit cards," says Stephens. Suddenly, your account may be empty. While credit card losses are typically capped at $50 (if not waived, as long as the financial institution doesn't suspect you of fraud), no such protections exist for debit cards.

  5. Look to resolution services. Public agencies and non-profit organizations can help you clean up identity theft for free. Start with the Privacy Rights Clearinghouse, MassPIRG's How to Clean Up Identity Theft, and the FTC's Fighting Back Against ID Theft.

What No Identity Theft Monitoring Can Catch

One word of warning: Credit monitoring, credit freezes, and fraud alerts cannot protect against three kinds of identity theft:

  • Medical ID Theft. "This is where someone fraudulently uses your insurance information to obtain care in a hospital emergency room," says Stephens. Thanks to the cost of insurance, it's a growing threat, with a grim potential side effect: it creates a fake medical record in your name, perhaps listing a different blood type or incorrect allergies. In a worst-case, emergency room type of scenario, this can be fatal.

  • Social Security Number Fraud. Undocumented workers may steal your Social Security number for employment purposes. "All of a sudden, you're going to get a W-2 from the IRS that says, why didn't you report this income?" says Stephens.

  • Criminal Identity Theft. If someone is arrested and has fake credentials in your name, then their fingerprints and resulting criminal record may also end up in your name. "Then they don't show up at the court date, and a warrant goes out on their arrest, and probably what happens is, you get pulled over at a traffic stop, and hey, you have a warrant out against you," says Stephens.

Previous
4 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AlertBroadcast
100%
0%
AlertBroadcast,
User Rank: Apprentice
1/10/2014 | 5:31:47 PM
Identity Theft Prevention Fallacy
A lot of people don't really understand that these id theft services can't "prevent" identity theft or credit fraud from happening. That's up to the individual. However, the good identity theft monitoring services can definitely help minimize the damage that is caused if & when your identity is stolen. Just being alerted to any suspicious activity that may appear on your credit report or that has your social security number attached to it is invaluable in stopping the problem before it grows out of control. A great site for anyone looking to learn more about identity theft is stopidentitytheft.org. I ended up signing up for Identity Guard after reading their credit monitoring suggestions. Hope it's ok to post a link here. http://www.stopcreditfraud.org/credit-monitoring-services It's worth looking at for those of you who have been thinking about an id monitoring plan.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.