United States: Identity Theft Protection: A Public Priority, An Employer Opportunity
The Problem, Issues, Solutions, and Benefits

Identity theft is the number one consumer crime in America, and still growing rapidly. In 2004, almost one in twelve households were victimized by some form of identity theft, and surveys indicate that approximately one fifth of Americans have been victims at one time or another. The total amount of identity fraud in 2004 reached a staggering $200 for every man, woman, and child in the US. Estimates of actual individual losses vary widely, but figures of approximately $500 average out-of-pocket loss, plus another $800 in recovery expenses per incident are considered reliable. In addition, identity recovery activities typically take scores or hundreds of hours, and often drag on for years. Once stolen, identity information enters an enormous international marketplace, and is often sold and resold many times, used again and again in a variety of scams, posing a recurring, persistent threat and hassle for the victim. This year alone, over 50 million identities have been stolen from public and private databases, and many experts worry that a wave of fraud should be anticipated over the coming months and years, as this information is sold into the criminal world and used to perpetrate increasingly sophisticated frauds.

Smart identity thieves go after major assets and quick scores, extracting large sums using a victim’s identity, and then moving on. Homes, and to a lesser extent cars, boats, and other high value assets provide a perfect opportunity. As the average value of a home in the United States has skyrocketed, the following relatively simple scam that drains your home’s equity has become all too frequent . and is just one example among many.

The thief obtains a copy of a homeowner’s Social Security number and a phony driver’s license in the homeowner’s name. Using this fake identification, the thief forges a quitclaim deed, which transfers the homeowner’s interest in a property to a third party. The property can then be transferred to anyone the thief chooses. Once the transfer has taken place, the thief applies for a home equity loan, takes the money, and quietly walks away. In another variation of this scam, the thief simply sells the house and pockets the money. Property transfers of this type can often be accomplished without drawing undue attention. Imagine the shock of the rightful homeowners - often with a fully paid-off home - when they attempt to sell their home or get a loan, and discover that their equity has been stolen! Or even worse, when an enthusiastic home buyer shows up, expecting to move in! Similar scams can occur with other real assets, such as boats, land, cars, etc. This type of high-value theft can cause irreparable financial harm, as well as a lifetime of hassles with credit.

Not too many years ago, before computers and telecommunications revolutionized the way business and personal transactions took place, identity theft was a difficult and dangerous proposition. Forgery of legal documents was time-consuming work, and required rare expertise and equipment. Identity impersonation was a dangerous activity, fraught with personal risk on every attempt. And even in the early years of the information age, things were hardly easier for an identity thief, because identity data was maintained in only a few databases, with very high levels of security. For all practical purposes, the process of stealing and using a false identity was just as difficult as it had been in the paper era, or the handshake and look-in-the-eye era before that. The Internet and related recent developments have changed all that. In the blink of an eye data is everywhere, everything is connected, and transactions take place in the virtual anonymity and speed of cyberspace. Your identity is scattered in thousands of databases; only a hacked password away from being stolen, transmitted and sold around the world, and used by legions of criminals in an untold number of impossible-to-trace fraudulent transactions. Over a few short years, a huge underground marketplace has blossomed to trade data stolen from mailboxes, payroll files, online accounts, and credit databases, and new scams are unearthed daily to capitalize on the stolen identities. Although legislators are starting to become aware of the problem, and slowly working on laws to improve consumer notification of thefts, and limitations of liability for certain fraudulent charges, the truth is that the problem will continue to get worse before it gets better.

Identity thieves have become much more sophisticated in recent years, taking advantage of the windfall created by the combination of massive database breaches and new technology. The perfect storm of opportunity has formed from:

• Recent successful thefts of tens of millions of identities from huge financial databases

• The ease of assembling a complete profile of an individual using simple web resources and public information

• The instant worldwide market for stolen identity information

• New printer technologies that enable cheap document forgery

• Online transactions, which enable easy impersonation while using stolen data

Identity theft is an enormous challenge. Dealing with it effectively requires a comprehensive approach - prevention of a wide variety of rapidly evolving threats, constant monitoring of numerous sources for exposure, insurance against losses and expenses, and if necessary, expert guidance and support through the identity recovery process, provided rapidly and efficiently.

The first step in stopping identity theft is to assess the areas where you are at risk, so that you can take effective steps to protect yourself. In many ways, this is the most important step - basic awareness and understanding are absolutely critical in helping you to focus on the problem areas and take the simple steps that will provide the greatest protection. The Identity Guardian^TM includes detailed assessment tools in each of the major risk areas, measuring each user’s unique exposure profile, and providing customized recommendations that address the specific weaknesses identified.

The next step is to safeguard your data from exposure. Computer-based thefts of data are becoming ever more sophisticated, and directed at larger and larger populations. Every day, security experts discover new threats and uncover new storehouses of stolen data - often in the millions of records - so sound information security practices coupled with quality anti-hacking tools are critical. Thefts of private information from mail, discarded papers, online sources, and public records are another huge danger, and attention to some simple recommendations will produce a dramatic reduction in your risk.

Although many people are generally aware that viruses and their younger electronic cousins - spyware and adware - are dangerous, most are worried primarily about the potential damage to their computer or the loss of valuable data. But while these are valid concerns, they overlook the big picture. Although a small percentage of the authors of viruses and other intrusive software - collectively termed "malware" - are just pranksters trying to wreak a little havoc, the vast majority of them use these and other electronic attacks to steal personal information from target computers, or to breach security to steal information held by companies.

The volume of these attempted break-ins is enormous - enough so that almost every unprotected PC has tens or hundreds of infections. In a very large number of cases, the intrusions are specifically intended to steal identity information from you, or from other computers in your network. And the threat only grows every day, with the rapid spread of wireless Internet connections, the increasing sophistication of malware, and the continuing vulnerability of Windows and the Internet Explorer browser. It is imperative that users protect themselves with an upto- date electronic shield of anti-virus and anti-spyware tools, a firewall, and other practices designed to secure their computer. The Identity Guardian^TM includes access to a range of advanced and effective tools in each of these categories.

Although identity theft has received a great deal of publicity, most people still do not pay enough attention to basic preventive measures. Safeguarding your identity requires disciplined vigilance to ensure that your various identity records contain "the truth, the whole truth, and nothing but the truth". You must verify that the information in all the important sources is correct, and then regularly monitor any changes that might indicate identity theft or some other error, and respond to any suspicious activities quickly, thoroughly, and properly.

Navigating the vast and growing universe of identity databases, verifying their information, and keeping up with changes in each of them can be an overwhelming challenge, unless you have well-organized, accurate, and comprehensive guidance. The Identity GuardianTM provides a complete program for you to follow, and the tools to ensure that each critical action is completed on schedule, and each data source properly managed.

Maintaining your privacy is all about preventing others from getting access to your private information. That means:

Eliminating unwanted contacts is an important first step in reducing the number of people who have access to your private information, and the opportunities for theft:

• It eliminates most opportunities for thieves to steal your information from mail, email, or telephone interactions.

• It limits the spread of your contact info and identity info to third party databases.

• Eliminating this huge volume of intrusions - and the spread, sale, and exposure of your information that goes with it - can reduce by perhaps 10x the number of exposures of your identity info, and thus drastically reduce the opportunity for theft.

Next, reduce to a bare minimum the number of parties that have your identity data, and restrict them from releasing it to anyone else. It is easy to lose sight of the tremendous number of institutions that have your information, including schools, professional associations, credit providers, employers, etc, but if you follow simple practices to control your information, your exposure to identity theft will be drastically reduced.

However, if you neglect these practices, it is only a matter of time - and not much time, at that - before you join the huge and rapidly growing population of identity theft statistics.

Finally, you must prevent people from getting direct access to your data from discarded or stolen documents, available online sources, or by cracking your passwords or PINs. In addition, you should take simple precautionary steps that will minimize your risk of identity fraud if your wallet or purse is lost or stolen. And if a loss or theft does occur, switch into recovery mode immediately to prevent losses and safeguard your identity from damage or misuse.

The explosive development of the Internet means that in less than a decade, most of us have gone from a situation where little or none of our private data was visible to the general public, to one where our profiles are available to anyone on dozens of websites, including identity thieves who seek out this information. While many people are dimly aware that their personal information can be searched out with a little effort, most have not adjusted their security consciousness and behavior to reflect the radical new threats that the Internet has enabled. This understandable, but misguided carelessness is one of the most important factors leading to identity theft.

Most people manage their online persona, including personal websites, photo sites like flickr.com, personal blogs, and online communities they participate in, as if they and their friends are the only ones who have access. In fact, professional identity thieves seek out these sites, mining them for bits of information they can use to steal identities. Personal data like SSN, birth-date birth-place, and driver’s license number should obviously be removed, but even less sensitive information, like the names of family members, pets, etc., can be exploited by thieves, who will use these personal details to contact financial institutions, the DMV, and others, pretending to be you.

The rule of thumb for your identity data is to provide it only on a "need to know" basis. Many vendors ask for this information, because they can use it for marketing, or sell it to others, or because it makes some process easier for them, but very few actually need it. Remember, it is you who bears all of the risk and cost of identity theft, not the vendor, so it is vital that you take responsibility for limiting your exposure.

You should also carefully review the information on your credit report, as well as medical, driving, social security, and other public sources, and financial account records. Inaccuracies in these records can cause you serious financial or other harm, and are an excellent indicator of identity fraud. You should establish a regular schedule for checking and verifying this data, and, most important, you should carefully review your account statements and bills each month. The Identity Guardian^TM walks you through this process step by step, and provides tools to assist with each one. Once you have completed that stage, you are ready to take advantage of monitoring tools, including credit monitoring. We offer two types of monitoring, including a unique and highly effective address change detection and alert service, as well as a high quality credit monitoring offering, which together will provide you with the earliest possible detection and warning of any identity theft.

There are two basic types of identity fraud. The first, which is easier to detect and resolve, is when a thief simply uses your existing accounts and credit cards to make fraudulent purchases. These charges will show up on your account statements, and with a little attention can be quickly detected, and then contained by closing the accounts. In most cases, your maximum liability will be $50 per account if the false charges are detected and addressed in a timely fashion. The second type is when the thief uses your identity to open new accounts, receive loans or lines of credit, or take fraudulent ownership of assets, while using an address different from yours. This type of fraud is much harder to detect, and can potentially lead to much greater financial losses and be much more difficult to resolve. A variation on this type is when the thief runs up charges on your existing accounts, but changes the billing address in the account profiles, or files a change-of-address with the post office. In all these cases, the key is that by using a different address, the thief makes it difficult for you to ever know that the fraudulent activity is taking place.

Fortunately, there are a number of massive reference databases that track your address and other information whenever accounts are opened or updated, or major assets are bought or sold. If a thief uses your identity to open or update any kind of account, loan, credit, or asset with a different address, that new address will show up in the reference databases, linked to your identity.

The Identity Guardian^TM provides a unique, proprietary service that monitors these databases, giving you visibility to the data, and alerting you to any changes that might indicate identity fraud. This is a very effective tool for early detection of the second, more dangerous type of identity theft, and a very important part of your protection program.

Credit monitoring services are heavily advertised, and many people have the impression that, by themselves, they will provide a high level of protection against identity theft. This is a serious misconception, which is important for consumers to understand, so that they will pay proper attention to less sexy practices that provide more effective security. While monitoring services have their place in a comprehensive identity protection arsenal, they are by no means the most important arrow in the quiver.

The major credit reporting agencies track information related to credit history, for every individual in the United States with a record of credit activity. Any time a financial account or credit card is opened, a loan is extended, or ownership of a major asset is transferred, a credit inquiry will be recorded with at least one of the agencies, and an update will be made to the credit record of the owner. Credit monitoring services can therefore be a very effective tool for detecting that an identity thief is doing any of these things in your name. The Identity Guardian^TM includes access to one of the top credit monitoring services.

Identity theft is a complex problem, with threats coming from many directions. Understanding and prevention of these multiple exposures is critical, and The Identity Guardian^TM is the only solution that deals effectively with each of the major risk areas, including computer vulnerability, online data, personal information, public and private identity databases, and credit reports. And The Identity GuardianTM includes constant updates in each of these areas, to deal with fast-evolving threats, and ensure that customers have the most current, expert, and complete protection possible.

But prevention is only part of the solution: continuous monitoring of new exposures is also vitally important, including key databases that provide early warning of suspicious theft activity. Credit monitoring is useful, but often flags activity precious weeks or months after the fact, and is therefore only part of the required equation. The Identity GuardianTM includes a proprietary program to monitor major reference databases for suspicious activity, and provide real-time alerts, along with access to a leading credit monitoring service. Finally, of course, a real solution must deal effectively with thefts when they do happen. The Identity GuardianTM provides $25,000 in identity theft coverage from AIG, the world’s largest and most experienced insurer, with an additional $2000 in coverage for damage to computer hardware or software. AIG’s expert case workers will also navigate identity theft victims through a thorough and efficient process to recover and protect their identity going forward.

Identity theft has been the subject of a great deal of hype, but there’s a lot of fire along with the smoke. The growing threat, the heavy cost, and the long-term impact are real. But almost all of the purported solutions that emerge daily - capitalizing on the atmosphere of fear that the hype has raised - are seriously inadequate, missing most of the key elements. The complexity and fast-changing nature of the problem make it difficult for consumers to separate the wheat from the chaff, and many are seduced by a brand name or by scare tactics, throwing good money away on ineffective solutions. An effective identity theft protection program should include:

Only The Identity Guardian^TM includes all of these critical elements, and at an extremely competitive price - actually lower than most of the alternatives that provide far less.

Many employers are beginning to realize that identity theft protection can be a highly valuable addition to an employee benefits program, and The Identity GuardianTM has been developed to respond to that need.

Recent surveys indicate that identity theft is at the top of the list of financial concerns of Americans, especially for professionals, who have more exposure and more to lose. Over 40% of consumers have reduced their online ecommerce in response to this threat. Over 75% consider identity theft to be a serious threat to them personally. And a similar percentage have indicated a willingness to pay for effective solutions - a recent study found most willing to pay $88 per year for insurance coverage alone.

In this context, free or discounted access to a leading identity theft protection program can be a highly marketable competitive differentiator in the employee marketplace - attracting and retaining the best people. This offering can be especially compelling in areas where employees are most aware of the threat, such as financial services, technology, and other professional domains. And the ongoing hype cycle around identity theft only reinforces the appeal of this benefit.

Importantly, identity theft protection also has a real and significant return on investment (ROI) for the employer, as well as for the employee. Conservative estimates yield a calculated return for the employer of approximately $180 per year per employee, based on avoidance of time lost to recovery alone. Other factors like reduction of redundant computer security expenses, identity protection training costs, and others can increase this return substantially. Our highly favorable pricing for employer-sponsored programs yield a payback period of 5 months or less. The value to employees is even greater, including the avoidance of significant out-of-pocket losses and expenses, resulting in an average financial value of well over $300 per year per employee - 3 times the cost of even the purely voluntary, non-sponsored benefit.

In addition to being the most comprehensive and effective program on the market, The Identity Guardian^TM is specifically designed to meet the needs of benefit programs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.