Do It Yourself Identity Theft Protection

By now you have probably heard the commercials. The CEO of the company gives you their social security number to prove that they have his identity locked down. He is so confident in their process that he is willing to give the world his name, information and SSN.

I probably get asked twice a week about this service, so I decided to take a look at it a bit closer. What I found was a pretty easy manipulation of the credit management system in the US combined with some customer service and consumer offloading of tedious work. What does that mean? It means that you can outsource your identity theft protection to them or you could save $10 a month and do it yourself – IF YOU REMAIN VIGILANT.

How does it work? It works like this. Inside the US credit reporting system, there exists a  mechanism called “fraud alert”. This mechanism can be placed on any account, at any time, by the consumer. The purpose of the mechanism was originally to give people who have already been a victim of identity theft a tool for ensuring that no further damage would occur. The mechanism works like this:

  1. The consumer, or someone with their power of attorney, contacts the major credit reporting agencies and requests a “fraud alert” be placed on their account.
  2. The credit agency places the “fraud alert” on the appropriate credit file. There is no charge for this, it is required by law.
  3. The credit agency MUST contact the consumer prior to approving any change, addition or new activity on the consumer’s account. Failure to do so is a violation by the credit agency of federal lending laws.
  4. The consumer must either approve or disapprove the addition or change. If they disapprove, the creditor should refuse the account activity – THUS STOPPING THE FRAUD.
  5. ** PAY ATTENTION TO THIS ONE ** The credit reporting agency removes the “fraud alert” after 90 days from the date of placement. The consumer, or their legal agent, may renew the “fraud alert” at any time after that 90 day period.

So, that said, you could save the $10 per month and contact the credit reporting agencies yourself. You simply call them and ask that the “fraud alert” be placed upon your own file. If you do that every 90 days, you will have protection from credit attacks caused by identity theft. The key is, you HAVE to do it every 90 days. Miss a day, and you have exposure…

Before you run to the phones, you should also know that having the “fraud alert” on your accounts can be a bit frustrating if you actually want to use your credit or open new loans, accounts, etc. Sometimes, creditors will simply refuse the accounts until the “fraud alert” is removed – regardless of your consent to open the account. Other than that, it is a pretty tight mechanism for protecting your information.

There has been a lot of media attention to the company in question that has made this service popular. They seem to be everywhere. Their marketing is certainly working – though I would estimate, mostly due to consumer fear. My guess is that it won’t be too long until the fears they seem to be playing to will lead to saturation and slower growth, but my friend Alex always told me “You can sell just about anything for $10 a month.”

So, at the end of the day, is this a service you buy or a task you manage yourself? Is it worth worrying about, or is it something you deal with if you have a problem? Only you can decide if you are capable of managing the work or if you would rather have someone do it for you. No matter what you decide, at least you know the facts. As with most security things, it is less magic and mystery and more of a common thing.

Should you decide to do it yourself, here are the contact numbers for the three primary credit reporting agencies and for the primary checking account verification house in the US (same thing applies)….

Equifax – 1-800-525-6285
Experian – 1-800-422-4879
Trans Union – 1-800-916-8800
Chex Systems (check fraud management) – 1-800-428-9623

This entry was posted in End-user Focused, General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

3 thoughts on “Do It Yourself Identity Theft Protection

  1. Pingback: Some Notes This Monday AM | RiskAnalys.is

  2. Pingback: MSI :: State of Security » What To Do When Your Identity Gets Stolen

Leave a Reply