Demystifying the identity 'protection' business

Commentary--With well over two hundred million personal data records lost or exposed in the United States in the last two years; chances are your identity is already lost, says IdentityTruth CEO, Steven D. Domenikos.
Written by Steven D. Domenikos, Contributor
Commentary--With well over two hundred million personal data records lost or exposed in the United States in the last two years; chances are your identity is already lost.

Your identity is much more than your credit. Your identity is your life and losing it puts your world at risk. So what are your options to protect your self and keep your identity secure? In the United States alone, there were 8.4 million victims of ID Fraud in 2006; with over $50 billion in losses. Over the last 5 years 27.3 million people have been victims of identity theft. As a result, the Identity Protection business is booming. The options are confusing, the vendor offers sound the same and the average person faces the daunting task of making the right choice. And that is not as easy as you may think.

There is no doubt that people are becoming more aware about identity theft on a daily basis. The steady flow of data breaches, exposures, frauds, and identity theft, supplies the stage for the solutions that have emerged. However, things are not exactly as they seem. Demystifying the protection racket and to uncover what the consumer is actually receiving is extremely important.

Currently, there are several traditional and emerging services available. The traditional solutions and most recognized ones, involve the three main credit bureaus which maintain credit profiles for all the U.S. consumers.

These solutions are referred to as: credit freeze, fraud alerts, and credit monitoring. However they are only effective for "new account requests" and would not be effective when an Identity Thief abuses a consumer's existing accounts (i.e., existing credit cards, ATM cards, etc). More to the point, the "new account" related losses were only 12 percent of last year's total Identity theft losses. For the remaining 88 percent of fraud, these solutions are mostly ineffective.

Credit freeze allows and individual to make his credit file private and to restrict access to it by anyone (typically a lender or a credit card issuer) for the purposes of determining credit-worthiness.

This process in most states takes $30 to do it, another $30 to undo it, and it lasts only 90 days each time. So to make it effective for an entire year would be at least $120. If consumers needs to "unfreeze" the file when they seek credit (e.g., credit card, car loan, cell phone) they would have to pay another $30 for a total of $150 in one year. The picture on the right illustrates the process. In addition to the out of pocket costs, the individual has the burden of managing this process, although some companies can manage it on the consumer's behalf for a fee.

The second option is fraud alerts. Because of the confusing terminology, the consumer' s expectations may not be met. The consumer can request for free to have a "fraud alert" placed on their credit file. When a lender or a credit card issuer makes a credit inquiry, the message "fraud alert" gets returned to the inquirer (and not to the consumer) from the credit bureaus. It is up to the lender to determine HOW and in what manner to notify the consumer that a request for credit has been made on their behalf. The credit can actually still be issued. The lender has at least 7 days to do that and it does not guarantee that the consumer will get any kind of "fraud alert"--(which is the primary reason why people buy this service). People are paying upwards of $100 to have "fraud alerts" on their credit file with the expectation of protection.

The third option is credit monitoring. Credit monitoring is placed with the credit bureaus and causes "triggers" (alerts) to be sent to the consumer when credit is requested, approved or denied. Cost range from $80 to $180 per year. It is not actually stopping anything, but rather just reporting on something that has already occurred. Again, these "triggers" will only be sent upon "new account requests" and they could be up to 7 days late.

It's important to understand that there is no silver bullet. The most effective approach needs to combine the features of today's best alternatives and go further to detect misuses as early as possible and most importantly detect suspicious activities beyond just credit cards. Proper alerting of identity risk (not just credit risk), answering the "so what’s next", and providing guidance to deal with problems should be integral in the next generation solution.

Steven D. Domenikos is the CEO of IdentityTruth, Inc.

Editorial standards