As consumers, we are plagued by the inability to choose how our personal information is used by the vendors we need on a day-to-day basis - retailers, healthcare organizations, payment providers, technology companies, etc. All of these groups have experienced major data breaches in the last year, leaving hundreds of thousands, if not millions, of consumers to be victimized at the hands of fraudsters. The media, security vendors and identity protection providers tell us that we need their products to effectively prevent, detect and resolve any fraud issues that may come our way.
While companies file these efforts under the "educating consumer" silo, as the consumer we are left unsure as to which products and technologies are best suited to meet our needs. Having just wrapped up the "2013 Identity Protection Services Scorecard: Adjusting Tactics in the Face of High Consumer Turnover," and as a former fraud investigator for one of the biggest banks in the world, I've realized that there are a few keys things consumers should look for when considering ID protection services.
As Javelin found in this year's 2013 Identity Protection Services Scorecard, consumers spent $3.2 billion dollars on identity protection services (IDPS) subscriptions from May 2012 to May 2013. This revenue was generated by the 25 million consumers who paid an average of $19.28 per month for one or more IDPS subscription for some portion of the 12-month period.
The question is not, "Are consumers willing to invest in protecting their persona information?" It's, "What is the best product to protect my personal information and what features should I look for to accomplish this goal?" To that end, I also considered the types of identity fraud that Javelin knows consumers are experiencing (from our annual Identity Fraud study).
Here are three of the top features every consumer should look for in an identity protection product:
- Financial account monitoring– this is more than just monitoring a consumer’s credit, which will only find changes to a credit report (and in some cases this may not be until at least 30 days after the activity has occurred). IDPS providers have begun to monitor a wider range of financial accounts, including new and existing checking and savings accounts, among others. Most identity fraud involves the misuse of financial accounts, some of which may occur at financial institutions where the victim has never had an account and as such the victim wouldn’t be notified until it was far too late. Being able to get immediate notification of these activities is critical to reducing the impact of fraud that affects millions of consumers every year.
- Identity fraud insurance– consumers can suffer substantial financial losses as the result of identity fraud. For example, average out-of-pocket costs for a victim of new account fraud in 2012 was $952, while victims of account takeovers spent more than twice as much. While victims may not have been responsible for the fraud committed with their information, many are still paying a price that makes insurance a worthwhile feature.
- Internet scanning – Providers with this feature will monitor the web, including less than reputable chat rooms and forums for criminal activity involving their customers’ PII. This is incredibly important because data breaches are becoming a more common occurrence with much of this information being traded among criminals online, yet not every data breach results in an official notification being sent to affected consumers. An IDPS provider with this service can discover and protect consumers from data breaches which they may never have become aware of on their own.
More details can be found in 2013 Identity Protection Services Scorecard: Adjusting Product Offerings to Counter High Customer Turnover