<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d14658917\x26blogName\x3dWhat+Would+You+Say+It+Is+You+Do+Here?\x26publishMode\x3dPUBLISH_MODE_HOSTED\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://blog.vitriol.net/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://blog.vitriol.net/\x26vt\x3d-1706885970164302789', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Sunday, July 13, 2008

Love (and Credit Monitoring) Don't Cost a Thing

Either I've been living under a rock, or credit monitoring and protection services have really amped up the marketing. The other night, some credit monitoring service had a commercial on every time Casino was interrupted by a break, and then I saw that last night's NASCAR race was the Lifelock 500. I have a sneaking suspicion that people must be paying for these services.

If you gain extra piece of mind from paying a credit bureau a monthly fee to protect the data they've aggregated about you, then this post isn't going to help you much. I'd just like to outline how I monitor my credit by taking advantage of the Fair and Accurate Credit Transaction Act of 2003 (FACTA).

The main thing to remember is that the law gave consumers one free credit report from each credit bureau per year. The offical site is www.annualcreditreport.com. When you access a credit report via this site, the credit bureau will offer credit score monitoring and a bunch of other crap for a fee. You can decline it all, but definitely admire the credit bureaus for making lemonade out of those lemons. Read their Frequently Asked Questions to understand the options available to you.

Since the credit bureaus tend to have overlapping information, I check a different one every four months. As far as I'm concerned, that's a good enough interval to find out if inaccurate information has been reported, or if someone is attempting to open account with my information. I can't stress enough that the credit bureaus have very little interest in verifying the information reported for legitimate accounts, so make sure your banks and credit cards aren't reporting incorrect information, too.

The other facility that FACTA provides is the ability to place a Fraud Alert on your account, which tells a potential lender that it needs to positively identify anyone trying to open an account with your information (not surprisingly, a few lenders still don't bother to verify the information), because you may be a victim of identity theft. Fraud alerts are good for 3 months. Companies like Lifelock use this provision to provide their services. Instead of having to remember to renew your fraud alert every three months, Lifelock does it for you. The credit bureaus hate that, and claim that the fraud alert is only supposed to be used when there is a good chance your identity is at risk. Well, given the shoddy state of data security, and the absolute disinterest by the credit bureaus in protecting your information, a case can be made that everyone's identity is always at risk. I invite you to check out the Attrition Dataloss web site I just linked, they basically scour the news to provide a centralized listing of all the data breaches reported, and it will leave you more than a little disappointed in the state of data security.

So, those are the freely available methods to monitor and protect your identity, and the credit bureaus add little to them. For the most part, they will sell you arbitrary access to the reports at any time, credit score information and alerting. Of these, alerting is the only service of value. If you can get a free report once per year from each bureau, then why worry about anything except changes?

Enter the great state of California. It turns out that some governments will actually take steps to protect their citizens. In this case, California passed a law a couple years ago that required any business with customers in California to notify those customers when a data breach involving customer data is discovered. Until that law passed, companies tended to sweep it under the rug when a box of backup tapes fell off a truck, a laptop was stolen a database was hacked. More states are following suit, but it goes to show that until someone holds corporations accountable, they will not do the "right" thing (if they're publicly held, they could be sued for actions not required by law that affect shareholder value). Feel free to support politicians that support laws that help people in their daily lives (as opposed to renaming french fries to freedom fries, for example). Sorry, got a little carried away there. Where were we?

Now, we get letters when it data breaches happen, and in order to cover their butts, these businesses have adopted the standard practice of providing free credit monitoring to anyone that could be affected by a data breach. I just enrolled my wife and I in 24 months of free alerting because Mellon Bank lost a bunch of backup tapes that contained my identifying information, including Social Security number. Even though the bureaus try to sell add-ons to these offers as well, these are paid-for services on the part of the company reporting a breach, and so there's absolutely no good reason to not take advantage of the service when offered. Don't pay for it, though. The "good news" is, some company with your identity information will lose it soon, and offer to pick up the tab.