Now that CFA’s Best Practices for Identity Theft Services have been out for a year, CFA decided that it was time to see how identity theft service providers are measuring up to them. The best practices are voluntary; there is no trade association that requires identity theft service providers to adhere to these best practices, nor does CFA provide any “seal of approval” or certification program. CFA strongly encourages all identity theft service providers to implement the best practices to help consumers understand exactly what they offer and under what terms. Having now examined identity theft services’ websites through the lens of the best practices, CFA makes recommendations in this report for improving how key information is provided to consumers.