Help Clients Avoid Identity Theft with the Right Protection Resources

I’ll take a wild guess: you didn’t become a financial advisor to remediate identity theft. But because this kind of fraud can drastically affect their finances, clients often look to you for guidance to help them keep their identities protected.

As news of the Equifax breach broke in September 2017, hundreds of Commonwealth advisors reached out to the firm’s Information Security team, asking how to help clients avoid identity theft. Because of Equifax’s poorly managed response, the situation seemed to change hourly; it became a challenge for us all to process the news, develop an appropriate response, and help clients take the right steps to secure their personal information.

How much less stressful would that week have been if we knew of a few tools to help keep our identities safe? Although it isn’t feasible to master every potential identity theft scenario, it’s definitely worth your time to learn how to provide your clients with enough guidance to initiate a recovery plan.

Everyone has a different risk tolerance; what works for one potential identity theft victim may not work for another. Similar to risk tolerance in the markets, some clients are willing to stomach considerable risk when it comes to protecting their information. Others won’t take any chances.

So, how can you help clients with varying risk tolerances? Start with these steps:

1. Lay out all the identity theft tools and resources on a spectrum—from the most basic protection to the most advanced.
2. Identify the benefits and risks for each solution.
3. Empower your clients to choose the option that fits their own comfort levels for risk.

Here, we’ll go through four different protection resources and services that are available to the general public. We’ll go across the spectrum, starting from the most lightweight and ending with the most robust, with a focus on the benefits and risks of each one. Keep in mind that these tools may be used concurrently.

This service monitors individuals’ credit files for any changes or suspicious activity so that they don’t have to check on it themselves. Credit monitoring can send alerts (most often via e-mail or text message) when there are hard credit inquiries or when new lines of credit are opened. If anything looks fishy, individuals can report the unauthorized activity to the company holding that account, as well as the major credit bureaus. At this stage, some incidents may be remediated.

A fraud alert is a cautionary note that individuals can place on their credit reports. It tells credit lenders or service providers that they may have been a victim of identity theft, so they must verify with account holders before making any changes to their credit. Usually, verification happens over the phone, but there is no standard means of verification currently defined by law.

Fraud alerts come in two flavors: initial fraud alerts, which last only 90 days; and extended fraud alerts, which extend that time to seven years. Extended alerts require an identity theft report, which must be filed with the Federal Trade Commission (FTC).

As the name indicates, this tool freezes credit files so that no one—including the individual who placed the freeze—can open a new line of credit. To open a new line of credit, individuals will have to unfreeze their credit files first (with a personal identification number [PIN] provided to them) and then freeze their accounts again when they’re done. This is the most heavy-duty tool individuals can administer on their own to secure their personal information, but it has some consequences.

What about credit locks? A credit lock functions similarly to a credit freeze, with a few notable distinctions:

• Equifax and TransUnion offer credit locks for free; Experian charges $5 for the first month and $25 for each month thereafter.
• Rather than a PIN, a credit lock may provide other authentication options, such as a username and password.

Credit locks are not backed by law, which may obfuscate liability claims if the lock doesn’t work properly.

Identity theft protection services provide an all-in-one suite of tools and resources that can help clients avoid identity theft. Although we can’t recommend any specific product, the better services offer real-time credit monitoring at all three major bureaus, customized account alerts (for more than just credit), and a 24/7 call center.

A great starting point for victims of identity theft is identitytheft.gov. By following the site’s simple prompts, victims can select their identity theft situation, access guidance and resources specific to them, and file identity theft reports with the FTC.

Preventing a part two. After remediation, maintaining healthy account hygiene can help clients avoid identity theft in the future. Here are some tips to share with clients:

• Encourage them to change account passwords for any accounts that may have been compromised.
• Ensure that your clients’ passwords are unique for each account. That way, if one account is compromised, the attackers potentially can’t access other accounts.
• Teach your clients to enable multifactor authentication wherever possible. Multifactor authentication asks users to provide more than one form of identification to log into their accounts. For example, in addition to entering a password or PIN, users are prompted to access something they have, such as a smartphone or a hardware token.
• If clients suspect that their e-mail accounts may have been hacked, instruct them to review the mail-forwarding rules and delete any rules they don’t recognize. Attackers often add forwarding rules so that when accounts send or receive certain e-mails, those e-mails are forwarded—even after individuals have regained access and changed their passwords.

In the wake of the Equifax breach, if your clients haven’t come to you for guidance on how to secure their personal information already, you’re bound to find yourself in a situation where you need to help clients avoid identity theft sooner or later. A basic understanding of these resources and services can help you reassure your clients that options are always available for defending against identity theft.

Have your clients asked for guidance on how to secure their personal information? How do you stay on top of information security threats to help clients avoid identity theft? Please share your thoughts with us below.