Best practices for identity theft services
With security breaches and identity theft cases frequently in the news, consumers are worried about becoming identity theft victims. Responding to this concern, dozens of companies offer identity theft services.
In 2009, Consumer Federation of America (CFA) took a critical look at for-profit identity theft services and identified some serious problems, including misleading claims about preventing identity theft, unclear information about how services worked, and exaggerations about what guarantees or insurance provided.
Today, CFA released Best Practices for Identity Theft Services, which were developed with a working group consisting of identity theft service providers and consumer advocates.
The best practices cover many different areas. Highlights include:
- Misrepresentations about protecting against identity theft. Identity theft service providers should avoid making claims that would lead consumers to believe that they can provide complete protection against all forms of identity theft, detect all instances of identity theft, or stop all attempts to commit identity theft – claims that no service can legitimately make.
- Testimonials and use of statistics. Identity theft service providers should be careful in using testimonials and statistics to ensure that they are not misleading.
- Disclosures. The best practices call for clear disclosures about costs, cancelation and refund policies, how to resolve complaints with the service, and other important information.
- Program features. Identity theft service providers should clearly explain how the features of their programs work and how those features may help consumers.
- Protecting individuals’ information. The best practices recommend that identity theft service providers have clear and transparent privacy policies, use reasonable and appropriate safeguards for individuals’ personal data, and be careful about sharing it with others.
- Fraud assistance. Identity theft service providers that offer assistance to victims should explain what they do to help them and any limitations or exclusions that may apply.
- Insurance and guarantees. Identity theft service providers that offer insurance or guarantees should make thorough and accurate information easily available about what the policies or guarantees provide and any limitations or exclusions that may apply.
- Powers of attorney. Powers of attorney should only be obtained when needed to help customers who request assistance and should be used only for that purpose.