Posts Tagged ‘Protection’
Identity Theft Protection Services
Last Updated on Monday, 12 March 2012 01:57 Written by Celframe Security Team Thursday, 9 August 2012 10:43
By Henry Bagdasarian
Author of Identity Diet
This article is about the available identity theft protection services in the US market today, what services they provide, and whether they are useful. Although I have written about this topic in the past, I decided to write about this topic again because many times I receive emails from our blog readers about how to sign up for an identity protection service without knowing what services they need and what they are looking to sign up for, what the identity theft protection services entail and what their role might be in the entire process. If you read the Identity Diet book, you will come to understand that identity protection can not be fully outsourced to an identity theft protection service provider and that a comprehensive identity protection requires the proactive involvement of the identity owner.
Most identity theft protection services offer credit and public records monitoring services from information found in the files of government agencies and the credit reporting agencies. Notice I did not mention information directly obtained from the files of the creditor databases which means that if a credit account transaction is not reported to the credit reporting agencies, that specific transaction can not be tracked and reported to the consumers for follow-up. For example, if a credit account is opened in your name at Home Depot and used to purchase a refrigerator but the transaction is not reported by Home Depot in your credit reports, the transaction will not be detected and reported to you by the identity theft protection service provider. I also mentioned the need for consumers to follow up on reported transactions to ensure they are not unauthorized and fraudulent transactions. In most cases, the identity theft reporting companies also provide fraud assistance to their victimized members to refute and remove transactions reported on their credit reports and creditor files.
There are no specific guidelines for selecting an identity theft service provider and it all depends on consumers’ risk tolerance, risk exposure, and knowledge of best identity monitoring and detection techniques which they can reconcile to offered services in the marketplace for making an educated selection decision. Consumer knowledge of identity protection practices and awareness of identity theft risks are the most important aspects of a comprehensive identity protection plan as it certainly requires consumer involvement. Although, some identity protection components such as continuous monitoring of credit reports can be automated through the service providers, monitoring of all types of identity theft as well as identification of unauthorized transactions and monitoring of personal account transactions can not be outsourced and requires personal involvement. For example, identity theft protection services do not monitor debit or check transactions as well as criminal identity theft and medical fraud which are often more difficult to detect and recover from.
When looking for an identity theft protection service, some of the questions you should ask yourself and the service provider include what kind of credit monitoring the company provides, how it makes your life easy, whether you can do it yourself, where the company gets its information, how timely is their credit change reporting process, whether the reporting process is complete and what kind of assistance is offered to victims of identity theft. It is always very important to assess whether you can perform the offered services yourself and whether the outsourcing of some identity protection components makes sense for your situation given the cost. For example, consumers can obtain free copies of their credit reports annually from each credit reporting agency which means you can get one free copy each quarter from one of the consumer credit agencies. The last thing you want to worry about is the completeness and timeliness of the identity theft detection service for which you are paying.
The combination of your identity protection needs along with offered services and related costs should allow you to make an informed decision about which services to purchase. I remember once receiving an anti-virus software with my purchased identity monitoring and protection service the cost of which I’m sure was embedded in the total cost of the service, however, I did not need an antivirus software since I had already a well known software installed on my computers. Some services come with extra gadgets which you may not need but nevertheless end up paying for. If the services offered by a particular vendor are what you need given all available services in the marketplace and the cost is justified, then the offered identity protection services might be right for you.
Selecting an identity theft protection service provider is an important process for a couple of reasons. First, the services and related costs must be carefully assessed to make sure your money is not wasted and you receive the maximum benefit through automation and quality assistance. For example, some identity protection service providers might monitor your identity using only one source of consumer information which can save them money. In this case, companies which use multiple systems to make decisions regarding the safety status of a consumer’s identity might provide a more complete coverage. Second, the company must be reputable in good financial standing in order to continue providing improved services. To achieve the second objective, company financials must be reviewed if they are available, existing customers must be contacted if possible, online reviews must be read, Better Business Bureau information must be assessed to obtain information regarding complaints against a company, nature of the complaints and resolutions status.
It is very important to note that consumers do not need to sign up for identity protection services in most cases other than to automate parts of the identity protection process to save time, and receive resolution assistance. I would say these are the two most important reasons for outsourcing our identity protection efforts. Other than automation for timeliness of fraud detection and expert assistance for writing letters and refuting charges, most aspects of identity protection can be performed by consumers. Also as mentioned, automation alone does not eliminate consumer responsibility for following up with reported alerts by service providers.
Identity theft protection should be a proactive process rather than a reactive process. There are many steps that consumers can take to proactively monitor their identity components and detect fraud. For example, consumers can obtain and review their credit reports for free from www.annualcreditreport.com. Fraud alerts can be placed on credit reports if consumers suspect heightened risk of identity theft due to their unique circumstances. Consumers can also review their monthly account statements and promptly follow up on all unidentified transactions. Medical benefit statements must also be carefully reviewed to not only detect cases of medical identity theft but also detect and report practitioner fraud. Some financial institutions also provide online features to receive notifications regarding account transactions for verification purposes. All of these proactive steps and subsequent prompt follow up will immensely reduce the risks of identity theft and related consequences.
Some of the well known identity theft protection services include LifeLock, Debix, Identity Guard, and TrustedID, all of which I have used and reviewed in the past. If you are interested to learn more about the above mentioned services, read the identity theft protection services reviews at the bottom of this page. And if you want to learn more about the identity theft crime before selecting an identity protection service, visit the identity theft overview section of this website where you can find many articles regarding this crime.
Be identity safe
Visit the identity theft solutions page to read my reviews about identity theft protection services.
Free Identity Theft Protection
Last Updated on Sunday, 15 April 2012 11:17 Written by Celframe Security Team Tuesday, 7 August 2012 09:30
They say the best things in life are free and there are many free identity theft protection ways to prevent identity theft which can guide consumers how to stop identity theft.
To protect their identities, consumers typically research and find services online most of which are paid identity protection services but before consumers consider paying for such services, they must first understand the usefulness of the services as they apply to their situations, and, consider their own role in the identity protection cycle because most people believe that their responsibilities go away once they sign up for any of the paid identity protection services and this assumption can not be further from the truth. As far as I’m concerned, the best ways to prevent identity theft are free, however, paid identity protection services can be used to complement individual efforts for protecting against identity theft through automation and timely delivery of relevant information. Even when people sign up with the leading identity theft protection services, they still need to know how the identity theft service helps with identity theft protection and when or how they must follow up to ensure the effectiveness of the identity theft service. Without human intervention, most automated identity theft protection services are useless.
Now that we have established the necessity for consumers to take charge of their own identity protection efforts, let’s discuss some of the best free identity theft protection options widely available to all consumers:
Account Alerts – For those of us who use online banking, it is important to learn about and effectively use the online account protection features. Most banks have improved their bank account protection features which consumers can use to protect themselves against bank account fraud. For example, account settings can be adjusted to receive email notifications when an account transaction above or below a threshold hits the account such as credit and debit transactions of defined amounts relevant to various lifestyles. Learn more about account alerts.
Annual Credit Report – Thanks to recent identity theft laws, consumers can now request and review their free annual credit reports from all three credit reporting agencies to detect potential signs of identity theft. Some identity protection companies may brag about giving away free credit reports but this is a consumer right by law which should not be overlooked.
Fraud Alert – Placing a fraud alert on credit reports is free, easy to do and a great way to prevent identity theft. Once a fraud alert is placed, creditors must contact the credit applicant or account holder to confirm the identity. The Red Flags Rule is very clear about the responsibility of creditors for taking fraud alerts seriously. You can learn more about this free service in the fraud alert article or you can just place a fraud alert with one of the credit reporting agencies which will place the same with the other agencies.
Identity Theft Protection Articles – Consumers should take advantage of the www.identity-theft-awareness.com free identity theft protection services or other websites which provide valuable information to educate themselves. This site offers a free monthly identity theft protection newsletter as well as an active identity theft blog to allow consumers learn about best ways to prevent identity theft and how to stop identity theft.
When we consider that almost 50% of all identity theft cases are facilitated by lost or stolen physical identity components such as credit cards, wallets and identity components, by applying the best identity protection practices along with leveraging free identity theft protection services, consumers can have a huge edge against identity theft without spending a penny.
Read another article about free identity theft protection solutions.
The Security Hamster Sine Wave Of Pain: Public Cloud & The Return To Host-Based Protection…
Last Updated on Monday, 12 March 2012 01:18 Written by Celframe Security Team Wednesday, 27 June 2012 02:24
This is a revisitation of a blog I wrote last year: Incomplete Thought: Cloud Security IS Host-Based…At The Moment
I use my ‘Security Hamster Sine Wave of Pain” to illustrate the cyclical nature of security investment and deployment models over time and how disruptive innovation and technology impacts the flip-flop across the horizon of choice.
To wit: most mass-market Public Cloud providers such as Amazon Web Services rely on highly-abstracted and limited exposure of networking capabilities. This means that most traditional network-based security solutions are impractical or non-deployable in these environments.
Network-based virtual appliances which expect generally to be deployed in-line with the assets they protect are at a disadvantage given their topological dependency.
So what we see are security solution providers simply re-marketing their network-based solutions as host-based solutions instead…or confusing things with Barney announcements.
Take a press release today from SourceFire:
Snort and Sourcefire Vulnerability Research Team(TM) (VRT) rules are now available through the Amazon Elastic Compute Cloud (Amazon EC2) in the form of an Amazon Machine Image (AMI), enabling customers to proactively monitor network activity for malicious behavior and provide automated responses.
Leveraging Snort installed on the AMI, customers of Amazon Web Services can further secure their most critical cloud-based applications with Sourcefire’s leading protection. Snort and Sourcefire(R) VRT rules are also listed in the Amazon Web Services Solution Partner Directory, so that users can easily ensure that their AMI includes the latest updates.
As far as I can tell, this means you can install a ‘virtual appliance’ of Snort/Sourcefire as a standalone AMI, but there’s no real description on how one might actually implement it in an environment that isn’t topologically-friendly to this sort of network-based implementation constraint.*
Since you can’t easily “steer traffic” through an IPS in the model of AWS, can’t leverage promiscuous mode or taps, what does this packaging implementation actually mean? Also, if one has a few hundred AMI’s which contain applications spread out across multiple availability zones/regions, how does a solution like this scale (from both a performance or management perspective?)
I’ve spoken/written about this many times:
Where Are the Network Virtual Appliances? Hobbled By the Virtual Network, That’s Where… and
Dear Public Cloud Providers: Please Make Your Networking Capabilities Suck Less. Kthxbye
Ultimately, expect that Public Cloud will force the return to host-based HIDS/HIPS deployments — the return to agent-based security models. This poses just as many operational challenges as those I allude to above. We *must* have better ways of tying together network and host-based security solutions in these Public Cloud environments that make sense from an operational, cost, and security perspective.
Related articles by Zemanta
* I “spoke” with Marty Roesch on the Twitter and he filled in the gaps associated with how this version of Snort works – there’s a host-based packet capture element with a “network” redirect to a stand-alone AMI:
@Beaker AWS->Snort implementation is IDS-only at the moment, uses software packet tap off customer app instance, not topology-dependent
they install our soft-tap on their AMI and send the traffic to our AMI for inspection/detection/reporting.
It will be interesting to see how performance nets out using this redirect model.