Are identity protection services worth the money?
Identity-protection services cannot prevent your personal data from being lost in a data breach, but they can help in other ways.
Sat, Apr 14, 2012 at 12:39 PM
Just hearing about the latest avalanche of compromised credit-card information can lead the calmest of consumers to hysterically speed-dial an identity-protection service's 1-800 number.
For subscription fees that can range from $10 to $25 per month, these services promise your good name and credit will be guaranteed safe from scammers and cybercrooks.
But before you plunk down your cash, remember this: Most of the identity protection that such services provide can be carried out by you for little or no money.
"We are telling people: Contact your banks, monitor your statements and take proactive steps," said Karen Barney, program director at the Identity Theft Resource Center, a nonprofit information organization in San Diego. [5 Simple Steps to Help Prevent Identity Theft]
Meeting a demand
There's no question that identity theft is a real problem. According to the 2012 Javelin Strategy & Research Identity Fraud Report, released in February, some 11.6 million people were the victims of identity fraud in the United States in 2011.
When a data breach is reported, "consumers need to have a heightened level of awareness of what information was breached, and whether it was malicious in nature, or accidental," Barney said.
Forking over cash for services provided by companies such as LifeLock, IdentityGuard and ProtectMyID is a personal choice, Barney said. The ITRC's own programs let callers and emailers know about the services that are out there.
Still, she and other experts maintain, consumers can monitor much for themselves.
In many cases, Barney says, the entity suffering the data breach — for example, an online merchant or a health-care provider — will offer identity-protection services to those affected, such as tracking accounts for signs of fraudulent activity.
Often, Barney said, a breach of financial information will not end up harming the consumer, because it's confined to a "level 2" type of attack. That's a data breach that involves only credit-card numbers, which offer built-in protections to the end user.
Much worse is a "level 1" attack, which involves Social Security numbers linked to names — the holy grail of identity theft.
It's true that commercial identity-protection services can save the consumer time and energy, experts say. The services facilitate the removal of client names from solicitation and junk-mail lists, and obtain and monitor credit reports.
Some of these services also offer forms of identity-theft "insurance," but a consumer will have to read the fine print to see exactly what is covered.
Yet because every person can obtain free credit reports once a year from each of the three major credit bureaus — Equifax, Experian and TransUnion — a consumer can receive a free report every four months and get the same information the protection services provide.
(Experian owns the identity-protection service ProtectMyID as well as the commercial service FreeCreditReport.com, which isn't really free. You can get real free reports at AnnualCreditReport.com.)
A subscription with an identity-protection service, which can run you from $120 to $300 a year, cannot prevent your name, Social Security number, credit-card numbers or other personally identifiable information from being lost in a data breach.
The service will, however, alert the credit bureaus to ensure that that information isn't used to open new accounts, for instance. And it will let you know if someone else tries to get another card in your name.
Taking charge of your own identity protection
But again, you could alert the credit bureaus yourself as soon as you learn your data has been compromised. There isn't a security solution that can completely stop all attacks, LifeLock spokeswoman Tami Nealy said. But LifeLock can "stop new account fraud," Nealy added.
For the consumer, protecting personally identifiable information means not giving it out freely, as well as being taking the time and effort to read the privacy policies of companies with which one does business.
For instance, it's important to find out if your personal data will be resold or shared. A company that gives your email address to third parties may be giving out other information about you.
And of course, canning the practice of willingly spewing personal information about yourself on unfamiliar websites and social-networking services will also go a long way toward strengthening your identity protection — and without pesky monthly fees.
The Washington, D.C.-based Consumer Federation of America issued a report in 2009 regarding identity-protection services. It found "serious problems, including misleading claims about preventing identity theft, unclear information about how services worked and exaggerations about what guarantees or insurance provided."
The federation also provides a checklist of things to find out about a service before subscribing.
Susan Grant, Consumer Federation of America director of consumer protection, said an updated, more detailed report will be issued in a few weeks with in-depth information for consumers. It'll include more disclosure about the promises identity-protection services make to consumers, and will assess whether those promises are kept.
In the end, identity-protection services might offer some benefit and convenience, but they're certainly not a guaranteed safeguard for your precious identity, Grant said.
"They might be able to alert you more quickly," if there is an issue, she said. "But there is a limit to what these companies can do."
Related on SecurityNewsDaily:
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.