Effective, thorough Complex The Universe Identity

1 UniverseComplexTheofIdentityTheftEffecti ve, thoroughprotection is morethan just locking upyour Theft is a broadly-used termthat has achieved consumer awareness,but the term itself does very little toimpart the vast ways individuals are atrisk on a daily basis. To have the mostthorough and effective protectionagainst Identity Theft, consumersshould employ a combination ofservices to address each of their areas of risk. Affinion has assembledall of these components with its world-class suite of Identity Theftprotection PERSONAL INFORMATION the very key to your Identity is likelyto be compromised in the coming calculated in 2007 suggestthat approximately 264 million piecesof other people s personal informationwere exposed by Identity theft orfraud1 that s almost as high anumber as the 2007 population of301,139, may not necessarilybecome a victim of Identity theft, butwith your personal information readilyavailable for anyone to use, thelikelihood of becoming a victimincreases exponentially.

2 But, that s thebad is our government hastaken a reasonably proactive stance onSee Universe , Page 2By Frank W. Abagnale Consumers must now be notified bythe responsible party (that possessespersonal data) in the event theirpersonal data has been, or is suspectedto have been, exposed in a data breach(currently a law in 39 states).A Fraud Alert is Not EnoughFraud Alerts are a free service forconsumers. When a Fraud Alert isplaced on your credit file, creditgrantors are required to take additionalsteps to verify that the creditapplication is not fraudulent. TheFraud Alert includes the consumer sphone number, and creditors generallycall the consumer, as this is the fastestand most secure method to verify thatthe consumer is the one requestingcredit, not an impostor. Sometimes,creditors use alternative methods,including challenging questions orrequesting additional identification,to verify the Alerts are getting a lot of pressthese days, perhaps driven by LifelockIncorporated s advertising watch in awe as Lifelock s CEOdoles out his Social Security number tothe general public, confident in itssecurity.

3 Unfortunately, this creates afalse sense of security as fraud alertsprevent only one of the three majoridentity theft attacks commonly wagedagainst s business like othersproviding undifferentiated services isfocused on setting Fraud Alerts. Theselimited service providers take this free,government-provided service andchargethe consumer for Group agrees that FraudAlerts are effective and can be animportant part of a complete identitytheft solution. However, simply settinga Fraud Alert is not A ComplementarySolution Inside AffinionAffinion has entered into a partnershipwith Debix, the creator of the world sThe Complex Universe ofIdentity TheftEffective, thorough protection is more thanjust locking up your theft and fraud. In 2003,Congress passed the Fair and AccurateCredit Transactions Act, whichamended the Fair Credit Reporting Actto provide potential victims of identitytheft with certain rights andprotections.

4 At the state level,additional laws have been enacted toprevent Identity theft. The keycomponents of such legislation includethe following: Consumers are allowed one freecredit report from each of the threemain credit bureaus (Equifax,TransUnion, and Experian) each year.(Fair Credit Reporting Act, 612; 1681j) Consumers who have a good-faithsuspicion they have been or areabout to become the victim ofidentity theft, can place a fraud alert on their credit file. A fraud alert stayson the consumer s credit file for atleast 90 days, and requires anypotential creditor to contact theconsumer at the phone numberprovided or take other reasonablesteps to verify the Identity of theperson applying for credit. (FairCredit Reporting Act, 605A; 15 1681c-1)From Universe , Page 12 Figure 1: Debix in Action - Actual Crime Prevented3first and only electronic IdentityProtection Network.

5 This IdentityProtection Network utilizes FraudAlerts to allow banks to send anInstant Authorization to any consumerin the 1 illustrates the core capabilityof the Network. The white dotsrepresent approved transactions wherea creditor sent an instant authorizationcall, and the consumer approved it byverifying their VoiceKey after enteringtheir 4-digit PIN into their pre-registered phone. In security jargon,this is called multi-band, multi-factorauthentication. The red dots representattacks where the consumer declinedthe account and reported it as instant this report occurs, theconsumer is transferred to a Debix callcenter to assess the situation anddetermine the proper course of actionwith law enforcement while the thief isstill active. The network also providesan audit trail of the incident tosupport the before have consumers, banks,and law enforcement been able tocommunicate in real time to preventidentity theft and pursue the criminalswhile the trail is hot.

6 In the fourthquarter of 2007, Debix subscribersresponded to 30,618 instantauthorization calls from banks andalso stopped 380 fraudulent accountsfrom being opened by reporting themas fraud. Of these, Debix escalated 29hot cases to law enforcement ashighlighted in Figure service providers take theinformation from customers who wantFraud Alerts issued, and send theinformation to the credit only follow-up activity is to re-send the information after 90 days,which is how long initial Fraud Alertsremain is the onlycompany that isactually withthe consumer during an actual account opening fraudulent or not. The competitionhas no idea what is happening withthe consumer s s Complete Suite of ServicesAffinion Group feels that Fraud Alertscanhelpcombat Identity theft, but theyare nota complete solution becausethey address only one of the threecommon categories of attacks.

7 Forconsumers wanting to take all possiblesteps to prevent Identity theft, FraudAlerts only help keep new fraudulentcredit from being issued. They areuseless when it comes to the other,more prevalent varieties of identitytheft and November 2007, the Federal TradeCommission (FTC) published theirannual report on Identity a survey of actual identitytheft victims performed by SynovateCorporation, the FTC was able todetermine three main categories ofidentity theft:New Accounts & OtherFraud, Misuse of Existing Non-CreditCard Account or Account Number,and Misuse of Existing Credit Card orCredit Card Numbers Aren t Pretty and They Don t LieFraud Alerts do stop new fraudulentcredit from being issued, which is themost damaging form of Identity theft,but new account fraud is onlyestimated to be 22% of the identitytheft problem. Non-credit accountmisuse and existing account misusetogether represent nearly 78% ofidentity theft as reported by actual thieves will sometimes changethe billing or mailing address on anexisting account.

8 They may also try toget new cards issued in their name orsome other name. This is commonlyreferred to as account takeover. Intheir report on Identity theft, the FTC writes:Account takeover was reported by 9% ofvictims who experienced existing creditcard misuse, and 11% of victims whoexperienced existing non-credit cardaccount misuse. Because new accountfraud involves the creation of an entirelynew account rather than the misuse ofan existing one, account takeover doesnot apply to that type of Identity is important to note here thatlimited Fraud Alert service providersdo absolutely nothing to stop ornotify a consumer that an existingaccount has been , the only available means todetect account takeover is throughregular monitoring of all yourstatements and credit account fraud refers tofraudulent activities that do notinvolve the misuse of an existing ornew financial account.

9 In fact, 12% ofvictims reported non-account misuse the most common form being aperson s name and/or personalinformation being given to the policewhen a thief was stopped or chargedwith a again, limited fraud alert serviceproviders like Lifelock will do nothingto protect or alert an individual of thistype of Identity theft. Detecting thistype of fraud can only beaccomplished through publicinformation review and are hundreds, perhapsthousands, of Identity thieves whowon t actually use your compromisedSee Universe , Page 4 Figure 2: ID Theft Attacks Stopped and Reported to Law Enforcementpersonal information to steal youridentity they ll just sell it all tosomeone else who will. The sale ofpersonal information generally takesplace in underground Internet chatrooms. In fact, the President s IdentityTheft Task Force and the SecretService estimate there are 20,000 usersof those underground chat rooms and carding sites.

10 Limited fraud alertservice providers can t alert you if yourpersonal information is exposed inthese chat rooms. To date, the onlyreliable method of detection is real-time chat room Consumer Needs MoreThorough ProtectionThere have been a number ofgovernmental data breaches recentlywhere state and federal governmentshave lost constituents personalinformation. Despite the recentproactive federal legislation, theseorganizations have provided only partof the solution to help consumersprotect themselves. While severalgovernment organizations haveselected Debix to protect theseconsumers from new credit fraud, it isnoteworthy that these organizationshave not provided any form ofmonitoring for account takeover,public exposure of data, or non-financial account misuse. This is aparticularly vital component when thecompromised data includesconstituents credit card numbers,payment processing information, andother data that could be manipulatedfor account takeover or , the FTC estimates thesetypes of fraud make up nearly 78% ofidentity have the most thorough andeffective protection available, consumersshould employ a combination of dailycredit monitoring, public informationmonitoring and reporting, real-timechat room monitoring, and the Debixsolution.