One of the biggest problems in the American corporate-financial system is identity theft and various forms of credit fraud. The traditional solution is “credit monitoring,” in other words companies which monitor US consumers’ credit reports and alert on potentially fraudulent activity. But how well does this approach actually work?
Brian “Soon to be a major motion picture” Krebs writes from his own experience, as the target of a near-constant stream of harassment from the Internet underground. He of course subscribes to such services, but in his opinion — they’re not quite as useful as they seem.
While the services will alert to fraudulent credit activity, their coverage is quite limited. They do nothing to tell you about numerous forms of related fraud (like fraudulent activity on your credit card, ordering cable service in your name, hijacking your identity on a fake ID and getting arested, or tax refund fraud — just to name a few).
Worse, if there has been fraudulent activity, the services are only minimally helpful in getting the damage un-done.
Much better is setting an alert in your calendar every 90 days to file a free “fraud alert” with the big three (plus the little-known fourth) credit bureaus. By requiring creditors to contact you first, this effectively stops credit fraud dead in its tracks.
Similarly you can be your own credit monitoring service by getting a free credit report every four months… or just waiting until you get your personal data compromised in one of the inevitable big breaches, at which point the affected retailer will probably buy you free credit monitoring.
In a larger sense this can also be seen as a study into the fast-and-loose private-sector American approach to security, which is to say roughly, “make it work 80% of the time and come up with band-aid fixes when stuff breaks.”