Forgot your password?
typodupeerror
The Almighty Buck Crime Security

Big Data Breaches Give Credit Monitoring Services a Boost 48

Posted by timothy
from the glaziers-love-broken-windows dept.
Hugh Pickens DOT Com (2995471) writes "As attacks like the one on Target have exposed up to 40 million customer payment card accounts and the names, addresses and email addresses of as many as 70 million shoppers, Tiffany Hsu and E. Scott Reckard report in the LA Times that increased activity by data hackers has produced millions of victims but there has been one big winner: credit monitoring businesses. "It's almost a terrible thing to say, but these kinds of situations raise awareness of the need to protect yourself and to be more vigilant in checking your transactions," says Yaron Samid. Meanwhile services with names such as BillGuard and Identity Guard report a surge in sign-ups from people anxious to be protected. For example, the number of AAA Southern California members opting in for the club's identity theft monitoring service — whether for free or for an extra charge — boomed in January, up 58% from December." (More below.)
"I have to believe part of it was these different data breaches that have been occurring, people being concerned about that," says Jeffrey Spring. The BillGuard credit monitoring application, launched in July, uses crowd-sourced reporting from its members to issue alerts about possible payment card security concerns. Since the Target breach, the app's user base has ballooned by nearly half a million participants and identified $1 million in fraud. "We have built a crowd-source system of identifying fraud on debit or credit cards," says Samid. "The system will ask others if this charge is OK or not OK, and if system see a few people saying this is not an unauthorized charge, we alert others that it is potentially fraudulent. The more people that join the network, the more effective it gets." Card issuers and transaction processors have spent hundreds of millions of dollars dealing with electronic fraud in the last three years says Michael Moebs and consumers can soon expect increased annual fees to recoup the costs. "The view is data breaches and hacking have become a way of life, and the industry must get used to it.""
This discussion has been archived. No new comments can be posted.

Big Data Breaches Give Credit Monitoring Services a Boost

Comments Filter:
  • by Anonymous Coward

    Got to love consumers having to pay for the weakness of credit bureau's security and the need for a social security number and easily searchable public data "being secret".

    • I got a letter from Target that they (not me) will pay for 1 year of monitoring.

      • by Sporkinum (655143)

        I did too, and signed up online. It went into a black hole as far as I can tell. Nothing has been done.

        • by gnick (1211984)

          ...Nothing has been done.

          As far as you know. Any info you provided has been logged "somewhere". Recently, I needed to set some stuff for my wife - Completely innocent, but it could have been anything. She was at work so I couldn't really bug her with stuff I could do on my own. Starting with nothing but her name and date of birth (I had a lot more info, but it would have meant a long drive to retrieve - Her name and DOB I can actually remember without a hint), I came up with her SSN, a list of past addresses, credit inquiries,

          • by Sporkinum (655143)

            They screwed up my year of birth for my SSAN for a few years. I found out when I tried to efile my taxes several years ago. Rather than go through the hassle of digging up birth certificate and spending lots of time at the social security office, I figured out what they wanted and gave it to them on my tax form. They had one of the digits as a 7 and it should have been a 1. Probably an OCR error I would guess. I eventually went in and got it fixed. Had to waste a 40 mile round trip, and 3 hours of my time t

            • by gnick (1211984)

              My wife's was at least quick in the office - I made the appointment for her and she made the 200 mile round trip for about 5 minutes in the office. Then took a nap in the van waiting for the pizza place to open where we met for lunch.

      • by mjwx (966435)

        I got a letter from Target that they (not me) will pay for 1 year of monitoring.

        You have to wonder where Target gets the money to do that from.

  • by Anonymous Coward

    Are Credit Monitoring Services Worth It? [krebsonsecurity.com]

    In the wake of one data breach after another, millions of Americans each year are offered credit monitoring services that promise to shield them from identity thieves. Although these services can help true victims step out from beneath the shadow of ID theft, the sad truth is that most services offer little in the way of real preventative protection against the fastest-growing crime in America.

    [...read the rest on the blog...]

  • by Anonymous Coward

    What other industry has done so much damage to the economy? Whether it's parasitic fees for retailers, the ready availability of debt to anyone who can produce a social security number (a number that is not supposed to be used as a form of ID), likely-to-default mortgages traded in a shell game to retirement funds, or the great myth of the credit score running your life, you can be sure if there's something wrong going on it originated in the financial industry.

    • What other industry has done so much damage to the economy?

      Mortgage lending, to name the most obvious one . . . .

  • ... then there's money to be made prolonging the problem!
  • Freeze Your Credit (Score:5, Informative)

    by Jason Levine (196982) on Tuesday March 25, 2014 @10:35AM (#46573733)

    I was a victim of identity theft. Someone obtained my name, address, date of birth, and social security number and opened up a credit card in my name. (Apparently, Capital One doesn't care if you get Mother's Maiden Name wrong. So much for that being a "security question!") My only saving grace was that the criminals paid for rush delivery of the card and THEN changed the address. The card got sent out before the change of address was processed and it came to me instead of to them. Otherwise, I would have found out when the collection agencies banged on my door demanding I pay the thousands of dollars that I would have "owed."

    Unfortunately, the thieves weren't caught. The local police were woefully undertrained on technology. (They had an IP address of the web form filled out and the time submitted and I needed to show them how to find the ISP and what the next step should be.) They also weren't highly motivated. After all, I didn't lose any money and chances are they would do some legwork and then the case would need to be transferred to some agency out of state. The feds were completely uninterested as this was too small-time to warrant their attention.

    Even if the thieves had been arrested, though, who knows how many other people have my information. I did research on how to keep this from happening again and turned up three things:

    1) The Fraud Alerts are garbage. They are a voluntary note on your credit that credit issuers are supposed to check but sometimes don't. Plus, they only last 90 days. Once your information is out there, it's out there for good. Thieves aren't going to delete it after 90 days, why should the fraud alert end there.

    2) You can freeze your credit. It can be a pain because you'll need to pay to thaw it if you want to get a loan/credit card/etc, but it means that no thief can add a line of credit in your name. Period. Of course, credit agencies hate it when you freeze your credit since this means you won't be opening tons of store cards and the like which means they can't make money off of you by selling your name to those "you've been pre-approved!" card issuers. To a consumer, though, this is an additional benefit.

    3) Get your free credit reports and closely examine them, but don't get them all at once. You get one from each of the three major credit agencies each year, but for the most part they'll be the same. For maximum coverage, stagger them. For example, you could get Experian in January, Transunion in May, and Equifax in September. Then you could start back at Experian once January rolls around again.

    None of this is fool-proof, of course. No security ever is. But this does offer as good of a protection as you can get and there's no reason to make it easy on the criminals. Trust me: Even if you catch it before any damage is done, having your identity stolen is EXTREMELY stressful!

    • We use Zander Insurance's Identity Theft plan (http://www.zanderins.com/idtheft/idtheft.aspx). In the event of identity theft, they assign a case worker to do the legwork of cleaning up the mess. A credit freeze is only good IF the company issuing credit actually checks.

      So, disclaimers: I am not a Zander employee; I do not work for any affiliate of Zander. I heard about this on the Dave Ramsey show, so for the cost we thought it was a no-brainer.

      • A credit freeze is only good IF the company issuing credit actually checks.

        I would think you'd have legal recourse against a creditor dunning you for debts issued while you had a credit freeze in place.

        • by gnick (1211984)

          You'd think and you'd be right. But burning a couple of hours of vacation & $400 in lawyer's fees to recoup a $180 fraudulent charge doesn't really balance out.

      • A credit freeze means that nobody is allowed to access my credit file at all without the file being thawed. (Unless they have a pre-existing line of credit and even then they can only update that line, not open a new one.) If Experian, Transunion, or Equifax allowed someone to access the file without me thawing it, they could get in some serious legal trouble.

        The Fraud Alert is the item that's only good if the issuing company checks. Credit agencies like to bill it as a "solution" but it prevents identit

    • by mjwx (966435)
      Um, yeah.

      The number 1 way to protect yourself from having your card details stolen is to use it sparingly.

      I keep my credit card sitting in a safe at home, I never take it out with me unless I intend to use it for something (pre-meditated) because it's a huge vulnerability (especially if it has paywave/pass). An ounce of prevention is worth a pound of cure, that's more like a ton of cure when it comes to your money.

      People who have a dozen store cards and hand over their CC at the first opportunity a
      • My case wasn't one of my card details being stolen but of my name/address/SSN/DOB being stolen and used to open a new credit card in my name. How the thieves got my personal information I'll never know. It could have been from some credit agency, a doctor's office, my employer, or a dozen other places. It could have been a breach or an inside job. The identity thieves who opened the card in my name could be the ones who stole my information or the person who stole my information could have sold the info

  • I figure they would be an even bigger treasure trove of account information than the original sites that were breached?

  • Today; my bank! (Score:3, Interesting)

    by nextgens (1575645) on Tuesday March 25, 2014 @10:42AM (#46573787) Homepage
    No later than today I've blogged about another example of that: to make a long story short, my bank has "shared" my details with some 3rd party... whether they're 0wned or selling the data is yet to be answered. http://florent.daigniere.com/p... [daigniere.com]
    • From the bayesian avoidance text in your spam:

      We can kill you if you try to run when we attack you

      Spammers are getting serious these days.

  • by mprindle (198799) on Tuesday March 25, 2014 @10:46AM (#46573829)

    The problem with most of the credit monitoring companies is the little they do can be done by the consumer for a lot less. The real work comes when your identity has been stolen and the hundreds of hours it takes to clean up the mess. This is where you need a company that will do the legwork for you. I use Zander Insurance's ID theft program. I look at it as one more insurance that I pay per year. If/When I need them they are there and I won't have as much pain to endure and the massive learning curve to cleaning up ID fraud on your own.

  • ..that Anti Virus corporations such as Symantec and McAfee benefit from virus and worm outbreaks. Make of that what you will, you either believe there's a conspiracy or that they're just filling a needed niche. *shrug*
    • ..that Anti Virus corporations such as Symantec and McAfee benefit from virus and worm outbreaks. Make of that what you will, you either believe there's a conspiracy or that they're just filling a needed niche. *shrug*

      Why would any moron have modded this as a troll? I simply pointed out the parallel that there's a market for the AV service sector and they fill it, and that you can either just accept that, or be paranoid about it, just the same as the credit monitoring business. I made no judgement of my own. Looks like I made an enemy somewhere recently.

  • by Anonymous Coward

    Fraudulent credit monitoring services are not the answer to the problem of fraud. What we need is a simple credit card size device that lists the company, the date/time, and the amount and has a keyboard for authenticating the owner built right into it. That would ensure only the money authorized by the card holder could be transferred out.

    Such a device should be fairly simple technologically. The register would simply send the store number, the amount, and date/time. The user would check these with the cas

    • by dgatwood (11270)

      You're on the right track, but that implementation is way more complicated than it needs to be. Any PIN should be handled by the device itself, and should be easy to change to any arbitrary PIN. Or you might even use a fingerprint reader.

      You should be able to basically eliminate any additional risk from a modified device or payment terminal (except perhaps the risk of someone physically stealing the device and using it) by doing the crypto as follows:

      • The business generates the transaction receipt and si
  • So, I wonder if there are some sort of kickbacks and incentives shared between the credit bureaus and big data ....
  • by Anonymous Coward

    Just going to leave this here... http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/

  • There is also a significant increase in fraudsters posing as credit monitoring firms. People should be advised to be very, very careful when engaging such services.
  • by mschuyler (197441) on Tuesday March 25, 2014 @12:38PM (#46574917) Homepage Journal

    I had Lifelock when the Stratfor hack went down. Stratfor told us all Christmas Eve IIRC though the hack happened in early December. I and thousands of others verified our cards were in the wild, took action, cancelled cards, etc. Finally, in mid-January, Lifelock informed me that my card had been compromised with a single e-mail, long after I already had my new card.

    Totally useless.

  • Screw credit monitoring: what we need is some CongressSockPuppets with enough nerve to pass restrictions on the credit bureaus. For starters, they could require all negatory information to be redacted upon receipt of a notarized sworn statement from the account holder (until the credit bureau can provide proof to the contrary, said proof not being based on random letters from banks or collection agencies, etc). The current situation, which is essentially "prove a negative," is worthy of the Courtroom of

  • Banks and credit card companies should be monitoring accounts for fraudulent activities FOR FREE. They charge account holders monthly service fees to maintain the account. A basic tenant of maintaining the account is making sure that criminals are not racking up fraudulent charges / making fraudulent withdrawls.

    The whole "credit monitoring" industry is a system of a broken system.

    • by Ravaldy (2621787)

      My bank and credit card company already do fraud detection. Maybe it's only in the US that its not standard.

      I don't pay extra for the features.

    • by mjwx (966435)

      Banks and credit card companies should be monitoring accounts for fraudulent activities FOR FREE. They charge account holders monthly service fees to maintain the account. A basic tenant of maintaining the account is making sure that criminals are not racking up fraudulent charges / making fraudulent withdrawls.

      Erm, if they're charging you a monthly account keeping fee, it's not for free.

      They do this in Australia (as well as guaranteeing your savings up do a $1,000,000) but fraud continues unabated because people don't take basic precautions against fraud (like not using your card everywhere). However banks are happy to continue doing this as they can push the cost of fraud onto the merchants (who raise their prices so you end up paying anyway) and if people stopped using their credit cards they cant charge fee

  • Seriously, want to stop the spam, or the ability of somebody else to get your information?
    Call all 4 credit agencies and put a block on your data.
    With this, nobody can access this. If you go for a loan or a CC, then you will need to unblock it, BUT, it is actually cheaper and safer than paying these monitors monthly.

One small step for man, one giant stumble for mankind.

Working...