ID Theft Protection Services

**brown2RAVEN** · 04-05-2017, 07:42 PM

A couple years ago the company who does payroll for my employer was hacked and all our information was compromised. They provided a free ID theft protection service for a year. I figure once your stuff is out there it's out there and kept the service up. The one they used is AllClear which seems to be a pretty simple no frills service. When I applied for a loan or my wife opened a credit card they notified me, so I know they are doing something, just not sure whether or not there are better options.

I'm curious what peoples opinions and experiences are with ID theft protection services.

**wickedsolo** · 04-05-2017, 08:32 PM

I've heard of AllClear. They're not a bad service.

So, here's the deal, I work in this industry. My primary focus is cybercrime and fraud. What I'll post in here is exactly what I use when consulting with banks and law enforcement.

First, I think that credit monitoring services are great for people that don't know how to keep up with their own digital footprint. If you're not the type of person that checks their credit report a few times per year, checks their financial accounts consistently, and uses multi-factor authentication for online accounts...then you definitely should be ok with paying for a service like Lifelock or AllClear.

However, I'm not going to tell you or anyone that monitoring services are completely necessary because there are habits you can adopt and technology you can implement in your daily routine that will do more than just a credit monitoring service.

For instance - AllClear notifies you when someone creates a new credit card using your personally identifiable information (PII). While this is good to know, it doesn't solve the actual problem for you, which is how'd the bad guy(s) get your PII in the first place? To open a credit card account in practically every country, you need a social security number or something of the like tying your identity to a crediting system.

Regardless of whether or not you cancel AllClear, I would strongly recommend the follow:

1) Check your checking and savings account weekly. This is probably the most important thing you can do for yourself. Look for suspicious charges that you and your spouse cannot identify. Immediately report suspicious account activity to your bank by calling their fraud department. Request new cards be issued immediately and existing cards be terminated.

2) Check your credit report once per year at least.

3) NEVER use debit or check cards or any card directly linked to your checking/savings account for online purchases. Don't do it. Yes, it is safe to buy things online at reputable outlets (Amazon, for example), but only use credit cards not linked with any savings/checking account.

4) Enable SMS Alerting for purchases. Whenever I use my credit card, I get an email and a text message with the transaction date/time/amount/place of business. Most banks have this alert feature for checking/savings accounts too.

5) Implement multi-factor authentication for any and all online accounts. So, online bank accounts, any online outlet where you shop (Amazon, Ebay, Best Buy, etc), social media (Facebook, Twitter, LinkedIn), personal email accounts, and so on. If you're unsure about what multi-factor authentication is, I can explain further.

6) Have two personal email accounts. One is only for communicating with family, friends, and linked to online banking outlets. The second is what you use for Facebook, LinkedIn, job sites, Craigslist, etc.

7) When paying for gas at the pump or getting cash out from ATM machines, check the card insert slots for card skimmers. If you can pull the card slot/card reader off, don't use it. Notify law enforcement. ATM card skimmers have gotten increasingly sophisticated in the last 5 years, but they're most often found in gas stations and malls where the ATM machines are kind of out of sight/out of mind. If you want to know more about ATM skimmers, I'd recommend googling ATM Skimmers and Brian Krebs. Krebs is an asshole, but he's done a lot of extensive reports on skimmers and fraud.

8) Use complex passphrases or passwords. It's ridiculous that in this day and age people still use passwords like "pwd123" or "123abc". It's shocking how high the percentage of internet users do not employ good password practices. I recommend using a pass phrase as I think that is easier to remember. Within the passphrase, alternate upper and lower case and use numbers and special characters in place of letters.

Example: p@S$w3Rd_1$_stR0nG

Last thing I'll say about passwords, I know it is a huge pain in the ass, but don't reuse passwords for multiple online accounts. If your login password for your bank account is the same as your Facebook account, you're asking to get hosed. Use different, unique passwords for each online account and change all of your passwords at least twice a year, if not more frequently.

Always assume that your PII is going to get stolen at some point. It's inevitable. However, if you get in the habit of doing some of the things I mentioned above, you'll be a lot better protected than the average person.

Sent from my iPhone using Tapatalk

**brown2RAVEN** · 04-06-2017, 08:10 AM

Wow. That was one hell of an answer. Thanks.

I knew you worked in this general field, but I thought you were more in the prevention / damage control on the system type of thing(more technical than practical). I guess either way you need to be familiar with both sides of the crime. That was a whole lot of good information to digest. and share.

I do follow a lot of those practices, just not as well as I should.
I never use a debit card linked to my bank account, mostly because its easier to keep a handle on the balance.
Passwords I need to be better with. I tend to use same ones and not change enough, but I have been making them more complex. I have goto passwords that I use on sites that "don't matter" like this site I have been using for decades.
Definitely have to change some things.
I use the multi-factor authentication for some accounts, but not all.
Probably need to change some email habits as well. Trusting too many sources.
I will keep Allclear until something sells me on changing to another service. I'm expecting that to be a pain in the ass, so I only want to do it once.

What is your opinion of paypal? I do use that for some billing, not sure if it' acts as a firewall between my bank and billers or a back door into my bank.

Thanks again.

**wickedsolo** · 04-06-2017, 08:21 AM

Originally Posted by brown2RAVEN

Wow. That was one hell of an answer. Thanks.

I knew you worked in this general field, but I thought you were more in the prevention / damage control on the system type of thing(more technical than practical). I guess either way you need to be familiar with both sides of the crime. That was a whole lot of good information to digest. and share.

I do follow a lot of those practices, just not as well as I should.
I never use a debit card linked to my bank account, mostly because its easier to keep a handle on the balance.
Passwords I need to be better with. I tend to use same ones and not change enough, but I have been making them more complex. I have goto passwords that I use on sites that "don't matter" like this site I have been using for decades.
Definitely have to change some things.
I use the multi-factor authentication for some accounts, but not all.
Probably need to change some email habits as well. Trusting too many sources.
I will keep Allclear until something sells me on changing to another service. I'm expecting that to be a pain in the ass, so I only want to do it once.

What is your opinion of paypal? I do use that for some billing, not sure if it' acts as a firewall between my bank and billers or a back door into my bank.

Thanks again.

Paypal is a good service, so long as you are linking it to a credit card not associated with your primary checking/savings account.

Keep in mind though, Paypal is heavily targeted by cybercriminals. It's a gold mine for them.

This was just a couple of months ago:
https://www.hackread.com/paypal-limi...phishing-scam/

**CptJesus** · 04-17-2017, 06:20 PM

Going to tack on to this and suggest you use a password manager such as 1password, or if you want a local option, KeePass.

You'll just have to remember one very very strong password, and then generate random passwords for everything else. No more password re-use between sites.