Tax season had barely begun when we got the news that hackers had broken into Intuit’s online TurboTax service and stolen customer refunds. Others used the service to create fake returns and collected refunds this way. Originally up to 18 states reported upticks in fraudulent activity.
This comes on top of near-weekly stories about personal data collected by supposedly secure systems that get “compromised” with tens of thousands of customers potentially learning, sometimes months later, their social security numbers, banking information, and credit card numbers have been compromised or used for illicit purposes.
Just last month, news came out about Premera Blue Cross discovering a security breach two months earlier, impacting as many as 11 million of its customers. Yes, I said 11 Million
It’s enough to make you take a second look at those ads for identity theft prevention or fraud protection services. But can they really help?
Identity Theft and Fraud Protection Services Can Only React To Security Breaches
It’s a little misleading when companies tell you they will protect your identity because no one can do this. What these services can do is monitor your information and let you know when it’s been compromised. How quickly they notify you, and how tuned in you are to their alerts, plays a big role in catching someone before they grab more of your information. But, make no mistake, despite the claims, these companies are not protecting your identity from hackers.
These services vary quite a bit, according to the Privacy Rights Clearinghouse. Most of them scan for signs that someone is trying to open a new account with your stolen information, but they can’t actually prevent the theft; that’s already happened. They may not recognize when a current account has been hacked and used; you would, though, when you review your monthly bills.
LifeLock, is one of the better-known services. Their tagline is “Relentlessly Protecting Your Identity.” One of the benefits LifeLock offers is something called Lost Wallet Protection. What it does is contact credit card companies, banks, DMVs, etc. when you've lost one of the cards you've already provided them when you registered with the service. This saves you time, which is a premium for some people.
The services are kind of pricey for many and may give a false sense of security because they do monitor—but again, can’t actually stop—incidents leading to fraud. To me, they sound more like an insurance policy than a protective service. Like insurance companies, they come in after the damage is done and help clean up the mess.
Premera Blue Cross is offering two years of free credit reporting to its members. This is standard for companies that screw up. We can only hope they also take steps to strengthen their anti identity theft measures.
Take Sensible Steps to Guard From Identity Theft and Fraud
You can do a lot of what these services do on your own; the “service” is more of a time-saver then anything else. LifeLock’s blog and Facebook page provide a lot of useful information you can implement on your own. And you probably should take a number of these steps even if you hire someone to help you.
A good first step is to arrange for a security freeze on your accounts with the three credit reporting agencies; when you want to apply for credit, you unfreeze it with a password. Only you can do this, however; third parties can’t. Expect to pay for this service, too, unless you’re already a victim of identity theft or fraud.
Last year, MakeUseOf.com offered several good solid practices to reduce the likelihood your information will be targeted by thieves:
- Protect your passwords by creating strong ones. Don’t repeat them, and update them regularly. I use LastPass to create and store passwords for me. There are lots of similar products out there.
- Use different email accounts to minimize damage if someone hacks in to one of them. At the very least, get separate email accounts for business and personal use. And don’t use the same password on your different email accounts.
- Use different payment methods when you shop. Don’t always use the same credit card. Or, use a service like PayPal to put another layer between you and the Bad Guys.
- Review your bank and credit card statements. Do this every month, not just once a year when you’re preparing your tax returns.
- Don’t store credit card information on merchant sites where hackers have access to them.
- Educate yourself about phishing, holiday, and Craigslist scams. And be weary of email you receive from people you don’t know, or email that just looks funny or “off” in some way.
Now, please don’t get me wrong. I’m not encouraging you to forgo engaging the LifeLocks of the world. Instead, I’m suggesting that even if you do engage an identity theft protection company, you must continue to be vigilant. Keep your guard up. Remember, these companies only act AFTER the fact.
Do you have anything to add to this story? If so, leave it in the Comments below.