ID Theft/Data Security

CFA Issues Best Practices for Identity Theft Services

Aim is to Curb Misleading Claims and Promote Responsible Industry Practices

 |  Press Release

Note: CFA’s Best Practices for ID Theft Services have been updated since the publication of this press release. To view the new version, click here. To view the original version, click here.

Washington, D.C. – With security breaches and identity theft cases frequently in the news, consumers are worried about becoming identity theft victims. Responding to this concern, dozens of companies offer identity theft services. In 2009, Consumer Federation of America (CFA) took a critical look at for-profit identity theft services and identified some serious problems, including misleading claims about preventing identity theft, unclear information about how services worked, and exaggerations about what guarantees or insurance provided. 1 Today, CFA released Best Practices for Identity Theft Services, which were developed with a working group consisting of identity theft service providers and consumer advocates. “Our aim is to curb misleading claims in the identity theft service marketplace and promote responsible industry practices,” said Susan Grant, CFA’s Director of Consumer Protection, who led the project.

Members of CFA’s working group included Mari Frank, an attorney, author and expert on identity theft as well as representatives from: the California Office of Privacy Protection, Call For Action, Consumer Action, Debix, Experian (ProtectMyID), ID Analytics, ID Experts (Zander ID Services Plan), Identity Theft 911, ID Watchdog, the Identity Theft Assistance Center, Intersections Inc., Kroll, Privacy Rights Clearinghouse, and Worldwide Benefits Services (ID Theft Assist).

The best practices cover many different areas. Highlights include:

  • Misrepresentations about protecting against identity theft. Identity theft service providers should avoid making claims that would lead consumers to believe that they can provide complete protection against all forms of identity theft, detect all instances of identity theft, or stop all attempts to commit identity theft – claims that no service can legitimately make.
  • Testimonials and use of statistics. Identity theft service providers should be careful in using testimonials and statistics to ensure that they are not misleading.
  • Disclosures. The best practices call for clear disclosures about costs, cancelation and refund policies, how to resolve complaints with the service, and other important information.
  • Program features. Identity theft service providers should clearly explain how the features of their programs work and how those features may help consumers.
  • Protecting individuals’ information. The best practices recommend that identity theft service providers have clear and transparent privacy policies, use reasonable and appropriate safeguards for individuals’ personal data, and be careful about sharing it with others.
  • Fraud assistance. Identity theft service providers that offer assistance to victims should explain what they do to help them and any limitations or exclusions that may apply.
  • Insurance and guarantees. Identity theft service providers that offer insurance or guarantees should make thorough and accurate information easily available about what the policies or guarantees provide and any limitations or exclusions that may apply.
  • Powers of attorney. Powers of attorney should only be obtained when needed to help customers who request assistance and should be used only for that purpose.

“It was an honor to work with CFA on this important project,” said Linda Sherry, director of national priorities at Consumer Action. “The process was a model of collaboration between consumer advocates and industry. Consumer Action urges all providers of identity theft services to follow the guidelines to show that they are truly interested in providing the very best service, privacy protection and accountability to their customers.”

“I think the basic privacy practices recommended by CFA are particularly important. People become interested in purchasing these services because they want to have more control over their own personal information,” said Joanne McNabb, Chief of the California Office of Privacy Protection.

Consumer advocates who were involved in the project noted that in addition to providing guidance to the industry, the best practices will help consumers understand what identity theft services offer and look for those that follow good practices. “People worried about identity theft need real help, not empty promises. These best practices serve as a top-quality guide for identity theft services and an essential tool for consumers to use in selecting a responsible identity theft service provider,” said ID theft expert Mari J. Frank.

“Many individuals have misconceptions about the features that identity theft services do and do not provide. These guidelines will help consumers make informed decisions,” said Beth Givens, Director of the Privacy Rights Clearinghouse. Eduard Bartholme, Executive Director of Call For Action, said “These best practices for identity theft services provide consumers with a roadmap to use in selecting a provider.”

Anne Wallace, President of the Identity Theft Assistance Center, said “We know from our experience with assisting victims that identity theft can take a big emotional toll. We commend CFA and our colleagues in the working group for crafting best practices that provide consumers who are interested in purchasing identity theft services with objective criteria to use in choosing the programs that best fit their needs.”

Companies that participated in CFA’s best practices working group also expressed their support for the project. “The market for identity theft services has been plagued by misleading and deceptive marketing practices,” said Bob Gregg, CEO of ID Experts. “That’s why we applaud the efforts of the Consumer Federation of America to clean this up. ID Experts in conjunction with one of our valued partners, Zander Insurance, intends to follow these best practices 100 percent, and we encourage other companies to do the same.”

“Despite the claims of industry spin doctors, identity theft is not preventable. However, identity theft services can help minimize the risk of consumer exposure and provide early detection and a damage control plan,” said Adam K. Levin, Chairman and Co-founder of Identity Theft 911. “As with any emerging industry, some identity theft services do the right thing, others don’t. Identity Theft 911 is honored to be part of the effort to inject transparency and fairness into the marketing and conduct of these services.”

“As an industry leader for fifteen years, we have long spoken about the need for the marketing of identity theft protection products to be clear and accurate,” said Michael Stanfield, CEO of Intersections Inc. “We wish to thank Susan Grant and the Consumer Federation of America for bringing consumer groups and the industry together to discuss these important issues.”

Bo Holland, Founder and CEO of Debix, said “Consumers have a right to know what level of protection they are receiving. That is why we helped develop and intend to follow these best practices 100 percent.”

“Kroll has been talking with relevant agencies and consumer advocates since 2006 about setting standards in this area. We are delighted and proud to be part of this project with CFA. Kroll supports these best practices wholeheartedly, and will apply them wherever possible across our business,” said Brian Lapidus, chief operating officer of the Fraud Solutions business of Kroll.

Chris Ward, Principal of Worldwide Benefit Services, said “Worldwide Benefit Services was proud to contribute to creating a level of consumer standards for our industry. We believe that in providing our product, ID Theft Assist, we have always and will continue to fully live up to the principles announced today. We hope others will follow suit.”

“The emergence of various types of identity theft services has created a web of confusion for consumers, leaving them susceptible to deceptive and unfair marketing practices,” said Jennifer Leuer, general manager of Experian’s ProtectMyID. “Through this collaborative process we have created essential guidelines to help consumers understand what these services offer, and we’re also asking other identity theft services companies to raise the bar for themselves and the industry as a whole.”

Noting that it will take time to adopt the best practices, Ms. Grant said that in six months CFA will check on the progress of participating companies. CFA also plans to promote the best practices to other identity theft service providers. “With the help of our best practices working group, we’ll continue to push for honesty, transparency, and responsibility in the identity theft service industry,” said Ms. Grant.

As another part of the identity theft service best practices project, CFA offers tips for consumers, Nine Things to Check When Shopping for Identity Theft Services. The tips, Best Practices for Identity Theft Services, the 2009 report about identity theft services, and other CFA materials about identity theft are at www.consumerfed.org/idtheft. The Rose Foundation for Communities & the Environment Consumer Privacy Rights Fund provided a grant to help support CFA’s identity theft service best practices project. The Consumer Federation of America is an association of nearly 300 nonprofit consumer organizations that was established in 1968 to advance the consumer interest through research, advocacy, and education.

The Consumer Federation of America is an association of nearly 300 nonprofit consumer organizations that was established in 1968 to advance the consumer interest through research, advocacy, and education.