RealTime IT News

New Service to Put ID Protection in Your Hands

Business can buy all kinds of information about you these days -- even fraudulent ones can get their hands on your personal data, as the ChoicePoint and other data leak cases pointed out.

But can you get your hands on that same information to make sure no one's applying for a driver's license or committing a crime in your name?

A new product launching next quarter by credit information management company Intersections is aiming to make that possible, internetnews.com has learned.

Called Privacy Protect, the service could be the major leap forward in personal identity management.

The service will keep tabs on credit information as well as public information like DMV, criminal, and mortgage and real estate records.

For a subscription fee, the service will aggregate and track not only a person's credit information but other unique forms of information that can be used for fraudulent activities.

Privacy Protect will also track the trading and selling of stolen credit and debit card data on the Internet, a thriving underground market for the criminal set as evidenced by the arrest last year of 28 individuals connected with a stolen credit card and online fraud bulletin board service.

If new applications are made in the customer's name, or address changes at banks, the service alerts go out, for example. In essense, the service monitors publicly-available information that many companies use today to run background checks on prospective employees or customers. After all, if businesses can access your data, then why can't you track how they track it?

It's a service that should be available to everyone, said Amy Gergely, a spokeswoman at Intersections. "Our goal as a company is, with our credit data right now, to make sure people have access to the same information businesses have on them, and also to be aware of red flags that indicate fraud and to allow them to take action right away," she said.

"The new suite of services we'll be offering in the third quarter will expand that access and will allow consumers, if they monitor on a regular basis, to find those red flags before identity theft turns into fraud and results in financial damage."

Intersections is partnering with three companies to provide Privacy Protect: Seisint, a company holding one of the largest databases of public records in the United States; ID Analytics, which will provide a threat monitoring and risk assessment index; and Cyveillance, a company that offers Internet surveillance for exposed credit and debit card data.

ID Protection Enhancements a Wide Open Space

Outside of commercial services like those provided by credit management companies such as Intersection's Identity Guard, there is not a lot of information services a consumer can access to monitor who's checking up on them, beyond credit rating alert services.

The problem with today's credit rating alert services, which notify consumers when someone is using their name for things like getting a loan in their name, is that the alert usually comes too late to put a stop to the fraudulent use of the information and only shows if someone used your exact identity, said Avivah Litan, a research analyst specializing in fraud at Gartner.

"If they just stole your Social Scurity number, you'd never know through that [kind of credit alert]," she said. "And if they used your credentials to forge a driver's license or passports so they could have ID while they're doing something criminal, you'd never know that either."

Congress' Fair Credit Reporting Act (FCRA) allows for one free credit report per year from the three leading credit card bureaus -- Equifax, Experian and TransUnion -- and is a ho-hum gesture, Litan said.

She said Privacy Protect, on the other hand, will give consumers valuable insight into the use of their good name.

"Once consumers figure this thing out, it's going to be a huge winner, because they're going to see all kinds of things that they can't see now and basically open up this black box," she said.

"So they'll see if someone's applying for a driver's license in their name, if they're committing a crime with their name, if they're applying for a new cell phone, for example, or if [criminals are] using parts of their info to create a synthetic identity."

According to Consumer Sentinel's annual "National and State Trends in Fraud and Identity Theft" report published in February, the Federal Trade Commission (FTC) received 246,570 identity theft complaints in 2004, an increase of 31,477 from 2003. Of that number, 28 percent dealt with credit card fraud followed by phone/utilities fraud (19 percent), bank fraud (18 percent) and employment fraud (13 percent).

In addition, for the fifth year in a row, identity theft has topped the list of fraud-related complaints to the FTC. By many accounts, such as the FTC and Gartner, between nine million and 10 million consumers were victims of identity fraud in 2004.

According to Gartner , 9.4 million online U.S. adults were victimized by identity theft between April 2003 and April 2004. The losses amounted to $11.7 billion.

The headlines reflect the stats. The ease with which a determined criminal can gain access to an individual's information was thrown in a harsh light with the recent cases involving information peddler ChoicePoint and LexisNexis publisher Reed Elsevier .

ChoicePoint said nearly 50 fraudulent business accounts were created in the past that gave access to the Social Security numbers, driver's license numbers and other sensitive information of more than 145,000 people. Up to 750 consumers were confirmed to have been directly affected by ID theft cases.

While the ChoicePoint break-in involved social engineering -- the company was duped into giving access to thieves posing as businesses with legitimate data requests -- Reed Elsevier's is quite different. The company recently said the "misappropriation by third parties of IDs and passwords" as the cause for the leak of personal information of up to 32,000 individuals.

News of the Reed Elsevier break-in is of particular concern for officials at Intersections. The information breach was the result of a vulnerability at Seisint, which was bought by LexisNexis in September 2004. Intersections' Gergely said the company is closely following the implications.

"Since we actually provide this information to the end user, not to other businesses, we're actually empowering the customer to have access to that information for the first time so that they can monitor it and make sure they know what information businesses are sharing about them," she said. "We think it further underlines the need for our services."

Identity Guard, the current service the company offers, averages about $10 a month. The Privacy Protect offering, which goes further than Identity Guard, is estimated to be priced between $13 and $15 when launched.