CFA Issues Best Practices for Identity Theft Services

On Thursday, March 10, 2011 the Consumer Federation of America (CFA) released Best Practices for Identity Theft Services (PDF) to address consumer concern about misleading marketing and exaggerated protection guarantees. Identity theft services typically monitor individuals’ credit reports for any activity, including inquiries and new accounts, and monitor public records for postings such as liens and judgments. Anomalies could be a sign that the individual is a victim of identity theft. The best practices are the result of 16 months of research and discussion by a multi-stakeholder task force that included Privacy Rights Clearinghouse (PRC) along with other consumer advocates and representatives of industry and government.

"Many individuals have misconceptions about the features that identity theft services do and do not provide,” said Beth Givens, Director, Privacy Rights Clearinghouse. “These guidelines will help consumers make informed decisions when selecting such services."

The best practices are composed of 24 guidelines governing marketing practices, how services are explained, and fraud assistance services. Highlights include:

  • Misrepresentations about protecting against identity theft. Identity theft service providers should avoid making claims that would lead consumers to believe that they can provide complete protection against all forms of identity theft, detect all instances of identity theft, or stop all attempts to commit identity theft – claims that no service can legitimately make.
  • Testimonials and use of statistics. Identity theft service providers should be careful in using testimonials and statistics to ensure that they are not misleading.
  • Disclosures. The best practices call for clear disclosures about costs, cancelation and refund policies, how to resolve complaints with the service, and other important information.
  • Program features. Identity theft service providers should clearly explain how the features of their programs work and how those features may help consumers.
  • Protecting individuals’ information. The best practices recommend that identity theft service providers have clear and transparent privacy policies, use reasonable and appropriate safeguards for individuals’ personal data, and be careful about sharing it with others.
  • Fraud assistance. Identity theft service providers that offer assistance to victims should explain what they do to help them and any limitations or exclusions that may apply.
  • Insurance and guarantees. Identity theft service providers that offer insurance or guarantees should make thorough and accurate information easily available about what the policies or guarantees provide and any limitations or exclusions that may apply.
  • Powers of attorney. Powers of attorney should only be obtained when needed to help customers who request assistance and should be used only for that purpose.

“If you’re thinking about purchasing identity theft monitoring services, you can use these best practices as a shopping guide.” said Givens. “These services range in price from $120 to $240 per year, so it’s wise to choose carefully.” The PRC recommends consumers read its Fact Sheet 33: Identity Theft Monitoring Services to learn more.

Privacy Rights Clearinghouse has been a member of the CFA since 1999. The PRC was a national leader in identifying the problem of identity theft. “Since 1994, we’ve been at the forefront of identifying and bringing attention to identity theft,” said Givens. “We are pleased to continue that effort today through these best practices for the identity theft services industry.”

The Best Practices for Identity Theft Services and other CFA materials about identity theft are at