When the going gets tough, the worried buy credit-monitoring services.
As the number of data breaches rises, there's a growing cottage industry of companies selling protection to consumers. The companies can help monitor and prevent outright identity theft for those who lack the time and technical know-how to keep a constant eye on their credit reports or monitor the Internet to make sure their personal information, such as their Social Security number, hasn't been stolen. But they won't stop a more common crime: preventing a thief from using your credit-card number to make fraudulent purchases.
CardCops, a division of Affinion Group Inc., scours online chat rooms where criminals buy and sell stolen information. LifeLock Inc., Debix Inc. and TrustedID Inc., among others, monitor credit reports and search public records for evidence that their customers' information isn't being misused.
While many of these companies were launched several years ago, they say they are experiencing a spike in the number of people signing up for their services now -- prompted, they suspect, by a new twist on data breaches that has grabbed headlines.
In the past, cyber criminals directly targeted retailers and other merchants, so consumers often knew they were affected because they had been customers of those stores. Lately, however, hackers have targeted companies that process credit cards for a large number of merchants -- often leaving consumers in the dark as to whether their information was stolen.
In January, Heartland Payment Systems Inc., which processes more than 11 million credit-card transactions a day, said criminals gained access to its records. It would not reveal how many cardholders are affected, but industry analysts say it could be one of the biggest data breaches ever. Another large card processor, RBS WorldPay Inc., a division of Royal Bank of Scotland Group PLC, said in December that its data were breached, affecting some 1.5 million cardholders. Meanwhile, rumors of a third major payment-processor breach are circulating widely in the industry.
The number of reported data breaches of all kinds in the U.S. climbed to 656 last year from 446 in 2007, according to the Identity Theft Resource Center, a nonprofit organization based in San Diego that helps identity-theft victims. These breaches affected some 36 million records -- including Social Security numbers, credit-card accounts and other personal data.
Overall, more than 250 million records containing personal information have been lost or stolen since 2005, according to the Privacy Rights Clearinghouse -- and that's driving more consumers to companies that say they can prevent theft.
They don't catch everything. Mary Gingrass, a 46-year-old plastic surgeon from Nashville, Tenn., signed up to use Debix's services in late 2007, after her Social Security number and other personal information were stolen in a data breach.
Dr. Gingrass later forgot she was registered with the service. But last September, when a thief tried to use her information to open new credit-card account, Debix alerted her and foiled the attempt.
Yet Dr. Gingrass says that Debix didn't catch the several thousand dollars that one criminal charged to a card she has from retailer Dillard's Inc. She's still trying to resolve that incident, though she doesn't expect to be held liable for the charges. She's also had to cancel many of the cards and fill out the forms needed to settle other incidents herself.
Still, Dr. Gingrass says the Debix representative was "very helpful" and walked her through the entire process, greatly reducing the stress of the ordeal. She recently signed up her husband and her children for the service.
Julie Fergerson, vice president of emerging technologies at Debix, says that her company plans to add a service that alerts customers when someone tries to change the address associated with existing accounts, which should make it harder for a criminal to take these over.
The services, which usually cost less than $100 a year, typically place an alert on a customer's credit report, which requires the person to approve over the phone any attempts to access the file or open a new account. In the event that a fraud takes place, they say they help customers fill out the right forms, and help them reach out to credit bureaus, banks and other institutions.
Statistically speaking, the risk to any individual from data breaches is small. Fewer than 1% of breach victims ever suffer credit-card fraud or identity theft, according to Javelin Strategy & Research, a research company focused on the payment industry.
The services are limited in scope and don't protect against a criminal illegally accessing someone's checking or brokerage account, says Avivah Litan, an analyst at technology-research firm Gartner Inc., based in Stamford, Conn. And some lenders don't always follow the restrictions that the services put in place, such as notifying someone before running their credit report.
Debix's Ms. Fergerson says that little can be done about someone taking over an existing checking or brokerage account. She says that lenders and merchants are getting better about following alerts placed in credit reports.
Consumers who are concerned that their credit-card number was stolen should "just cancel [their] card and get a new one," says Todd Davis, CEO of LifeLock. He concedes that consumers can do many of the things that LifeLock does free, but he says that his service is targeted at people who "have something to protect" and who "don't have the time to repair problems."
At the same time, banks and credit-card companies have gotten better at protecting consumers against credit-card fraud, the most common type of identity crime. Since 2005, for instance, Visa Inc. has assigned every transaction a "risk score" that lets the bank that issued a card know the chances that a purchase is fraudulent before it approves the transaction. A purchase that deviates from this pattern is assigned a higher risk score. MasterCard Inc. and American Express Co. also have similar systems to protect cardholders.
Last year, Visa launched an optional service that sends cardholders a text message every time a charge is made on their cards.
Still, some consumers aren't taking any chances. Ben Paxton, a 36-year-old graduate student from Charlottesville, Va., says he's now considering one of these identity-protection services after dealing with fraud attempts on and off for about two years.
He hasn't suffered any losses, but it has been a trying experience. "What's frustrating is that I'm not a financial expert or an expert on fraud," he says. "I don't know what I am doing and it is very difficult to get help."
Linda Foley, founder of the Identity Theft Resource Center, recommends that consumers research these services for themselves before buying one. She adds that organizations like hers are available to offer free help to people who have been victims of identity theft.
But Amy Rosen prefers having someone else looking out for her. The marketing professional from Chicago signed up for a service from TrustedID last year after twice having cellphone accounts opened in her name in 2004 and 2007. While the service hasn't yet stopped any new fraud attempts, it has given her peace of mind. "This is the one thing that makes me feel like I'm protected and that someone else is looking out for me," says Ms. Rosen.
Source : http://online.wsj.com , By Ben Worthen
No comments:
Post a Comment