Risk
5/4/2008
08:30 PM
50%
50%

ID Theft Monitoring Services: What You Need To Know

Fee-based services say they'll protect your identity, privacy, credit, name, and more. Find out what they can and can not do -- and learn what you can do to defend yourself.

But monitoring is not necessarily the best way to prevent or even defend against identity theft. "I think a freeze is a much better way to control your credit," says EPIC's Roschke. "It prevents things from happening without your permission. And in many ways, that's better than credit monitoring, because you don't have to keep an eye on it. You've just locked it up."

Five (Mostly) Free Alternatives to ID Theft Monitoring Services

Instead of paying for identity theft monitoring, consumers can roll their own monitoring, prevention, and reaction program, mostly for free. Here's where to start:

  1. Watch your credit reports. Everyone is entitled to see a free credit report annually from each of the three credit-reporting agencies (Experian, Equifax, and TransUnion). To obtain yours, see AnnualCreditReport.com.

  2. Use credit freezes. A credit freeze (aka "security freeze") locks credit reports so only you or current creditors can see it. It can also be unlocked on a per-creditor basis, for example if you're going to buy a house, car, or get a new credit card.

    The cost is $10 per bureau to place a freeze and $10 to lift a freeze, though this varies by state, and may even be free, especially for senior citizens or victims of identity theft. (For a state-by-state breakdown of costs, see Consumers Union.) This approach is better suited to financially established people, versus younger people who may need fast access to credit.

  3. Place fraud alerts. Under the Fair Credit Reporting Act, consumers may place a fraud alert on their credit report for 90 days -- renewable indefinitely -- which warns potential creditors that there's been fraudulent activity. Also available: an extended, 7-year alert, which also excludes you for 5 years from "pre-approved" credit card offers. First, however, you must file an FTC identity theft report.

  4. Avoid debit cards. Attacks which steal card numbers via ID-swiping devices -- often installed at gas stations and grocery stores -- are on the rise. "That information can be sent overseas, and there's a whole industry that makes up fake credit or debit cards," says Stephens. Suddenly, your account may be empty. While credit card losses are typically capped at $50 (if not waived, as long as the financial institution doesn't suspect you of fraud), no such protections exist for debit cards.

  5. Look to resolution services. Public agencies and non-profit organizations can help you clean up identity theft for free. Start with the Privacy Rights Clearinghouse, MassPIRG's How to Clean Up Identity Theft, and the FTC's Fighting Back Against ID Theft.

What No Identity Theft Monitoring Can Catch

One word of warning: Credit monitoring, credit freezes, and fraud alerts cannot protect against three kinds of identity theft:

  • Medical ID Theft. "This is where someone fraudulently uses your insurance information to obtain care in a hospital emergency room," says Stephens. Thanks to the cost of insurance, it's a growing threat, with a grim potential side effect: it creates a fake medical record in your name, perhaps listing a different blood type or incorrect allergies. In a worst-case, emergency room type of scenario, this can be fatal.

  • Social Security Number Fraud. Undocumented workers may steal your Social Security number for employment purposes. "All of a sudden, you're going to get a W-2 from the IRS that says, why didn't you report this income?" says Stephens.

  • Criminal Identity Theft. If someone is arrested and has fake credentials in your name, then their fingerprints and resulting criminal record may also end up in your name. "Then they don't show up at the court date, and a warrant goes out on their arrest, and probably what happens is, you get pulled over at a traffic stop, and hey, you have a warrant out against you," says Stephens.

Previous
4 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
clickyspinny
100%
0%
clickyspinny,
User Rank: Apprentice
11/22/2014 | 10:24:05 AM
Web Identity Monitoring
These guys provide a service for seeing and monitoring the info that's posted about yourself on the web. Cool way to easily know what info there is posted about you all around the internet. www.webidentitymonitor.com
IdentityTheftAid
50%
50%
IdentityTheftAid,
User Rank: Apprentice
8/16/2014 | 11:42:12 AM
Re: Identity Theft Prevention Fallacy
I'll agree 100% with AlertBroadcasts comments.  However there are proactive steps individuals can take to help prevent identity theft.  Shredding mail, having a secure mail box, not sharing sensitive information on social network websites etc., are just a few examples of ways to help protect yourself on a daily basis.  Many of the credit monitoring services are just reactive to dectected threats.  Some, on the other hand, have processes in place to help stop identity theft in advance, such as password encryption software for your pc, keystroke encryption, internet scanning to see if your identity is being sold on black market websites and much more.  Similar to the StopCreditFraud.org website, we have a comprenensive list of services that will provide that extra level of preventitive protection, as opposed to just standard monitoring.  You can see our list here.  http://www.identitytheftaid.org/identity-theft-protection.  No matter what service an individual chooses, having somethign in place is better than waiting to find out that you had your identity stolen 6 months ago, and your credit is utterly destroyed.  
AlertBroadcast
100%
0%
AlertBroadcast,
User Rank: Apprentice
1/10/2014 | 5:31:47 PM
Identity Theft Prevention Fallacy
A lot of people don't really understand that these id theft services can't "prevent" identity theft or credit fraud from happening. That's up to the individual. However, the good identity theft monitoring services can definitely help minimize the damage that is caused if & when your identity is stolen. Just being alerted to any suspicious activity that may appear on your credit report or that has your social security number attached to it is invaluable in stopping the problem before it grows out of control. A great site for anyone looking to learn more about identity theft is stopidentitytheft.org. I ended up signing up for Identity Guard after reading their credit monitoring suggestions. Hope it's ok to post a link here. http://www.stopcreditfraud.org/credit-monitoring-services It's worth looking at for those of you who have been thinking about an id monitoring plan.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?