It seems that every time you turn around, there’s news about another information security breach involving people’s personal data. Just last week, marketing services firm Epsilon warned clients that hackers may have accessed the names and emails of thousands of users. Those affected included customers of such major companies as JPMorgan Chase (JPM), Citigroup (C), Capital One, (COF), Best Buy (BBY), Target (TGT) and Verizon (VZ).
Your information is everywhere in cyberspace, and identity thieves never take vacation: It’s enough to make a person feel downright insecure. Capitalizing on those fears, a crop of companies has sprung up offering identity theft protection services. The question is: How well do they protect you?
The Consumer Federation of America recently released a new report, Best Practices for Identity Theft Services, a follow-up to its 2009 study, To Catch a Thief: Are Identity Theft Services Worth the Cost?, which took a critical look at for-profit identity theft services. That report identified some serious problems in the industry, including misleading claims about preventing identity theft, unclear information about how services worked, and exaggerations about what guarantees or insurance provided.
Last month, the CFA, along with a group of identity theft service providers and consumer advocates, came up with a to-do list for the industry.
Over-Promising, Under-Delivering and Obfuscating
For starters, identity theft service providers should avoid making claims that imply they can provide complete protection against all forms of identity theft, detect all instances of identity theft, or stop all attempts to commit identity theft — claims that no service can legitimately make, notes the CFA.
The industry also came under fire for using misleading “testimonials and statistics” in its advertising, as well as for unclear disclosures about costs, cancellation and refund policies, and how to resolve complaints with the services, among other things.
The CFA recommended that identity theft service providers do a better job of making clear how their programs work, exactly what you get and don’t get, and what their privacy policies are. Companies that offer insurance or guarantees should make thorough and accurate information about what they cover and what is excluded easily available. Finally, it suggested that customers’ powers of attorney should only be obtained when needed to help those who request assistance, and should be only used for that purpose.
“The root of the identity theft protection industry issue is a fundamental lack of transparency,” says Robert Siciliano, a McAfee consultant and identity theft expert. “Most companies offering identity theft protection sell smoke-and-mirror offerings.”
Know What You’re Buying
Identity theft protection services typically run around $150 to$ 200 a year, so t he fees likely won’t bust your budget. Even so, you want to get your money’s worth. What yardstick can you use to see how a company measures up?
First, decide whether you want a proactive service which helps protect you before you become a victim of identity theft. These companies will scan underground websites for your social security number, credit card numbers and other personal information. They also monitor your files at the three credit bureaus, and alert you if there’s a change in your information.
Reactive services alert you only after an identity theft has occurred, explains Todd Davis, chairman and CEO of LifeLock, which offers identity theft protection services. Some firms offer remediation services, meaning they’ll help you cancel your credit cards and replace the contents of your wallet, contact your financial institutions, and work with you to complete the necessary paperwork to get your life back in order if you become a victim of ID theft. “Re mediation should be a necessity when selecting ID theft protection services,” says Davis.
How to evaluate a company
The CFA offers six questions to ask when shopping for identity theft services.
1. Does the company monitor more than credit reports? Consider services that scan other commercial databases, public records, rogue websites that sell stolen credit cards and social security numbers, and other places that aren’t as easy for you to monitor yourself.
2. How does the service help if you become a victim? Most identity theft services only provide advice about the steps you’ll need to take, but some take a more active role in helping victims resolve their problems. If you’re unclear how the service will help you should the need arise, keep shopping.
3. Will signing up with the service prevent you from getting your free annual credit reports? Some services obtain your credit reports by requesting the free reports that everyone is e ntitled to get once a year. That effectively prevents you from exercising your right a free report should you want it.
4. Should you look for identity theft services that offer insurance? Insurance generally reimburses you for lost wages if you must take unpaid time off work to resolve an identity theft problem, as well as for long-distance calls, postage and other expenses. Money that an identity thief steals from you is usually not covered. Since most identity theft victims have few or no direct expenses related to resolving the issue, insurance should not be an important factor in deciding which service to buy.
5. Does the guarantee really protect you? No service can absolutely assure you that you won’t become a victim. Read the guarantee carefully: It may not provide as much protection as you expect.
6. What are the costs and terms? Some services charge month-to-month, others require payment upfront for a year. Not all will provide a pro-rated refund if you decide to cancel before the term you paid for is up. Read the fine print and understand the cancellation policy.
Truth is, there’s no silver bullet that will protect you, whether you pay for protection or try to ward off identity thieves on your own. If you’re a do-it-yourselfer, there are some smart strategies to apply. First, under the Fair and Accurate Credit Transactions Act, each credit reporting agency is obligated to provide you with a free credit report every 12 months when requested.
“Hypothetically, you can obtain a credit report from TransUnion, then four months later from Equifax, and then four months later from Experian,” explains Darren Hayes, a professor at Pace University’s Seidenberg School of Computer Science and Information Systems. “Four months later, a year has passed and you can then ask TransUnion to send you another report, and so on.”
You can also consider placing a freeze on your own credit file, advises Mary Ann Campbell, a certified financial planner with IndexCreditCards.com. This adds an additional layer of security questions to the process of opening a new account. It makes applying for new credit more cumbersome, but it helps ensure that only you can add a new account in your name. Each state has its own rules and fees ($10-$15) for putting a freeze in place.
Otherwise, she says, limit the number of credit cards you carry, and leave your social security number and passwords in a safe place at home. Also, photocopy the front and back of everything in your wallet and put the copies in a file marked so you — or someone else you direct — can easily find it if needed.
Securely dispose of your mail: Shred pre-approved credit card offers and anything with account information.
Finally, says Siciliano, understand that no matter what you do, there is no such thing as perfect identity theft protection. “The fact is, you ca n’t protect yourself from all forms of identity theft, and the types that you can guard against require a Rain Man-like focus. One way or another, it’s going to cost you time or money, or both.”
Get info on stocks mentioned in this article:
- Manage Your Portfolio