Unlike antivirus software, ID protection services don’t directly protect your devices, data or passwords. Instead, they alert you when your email addresses or services you use online have been hacked and your personal info has been leaked.
So, in a nutshell, they can mitigate identity fraud, also known as ID fraud or identity theft, which can be a serious issue. But why you should use them?
Think of ID protection services as early-warning systems. Once alerted, you can change passwords, enable 2FA, and if needed, freeze cards and contact your bank. This approach should be used alongside antivirus software, a VPN and a password manager.
Here, we’ll explain what ID protection services are and how they work.
What are ID protection services?
ID protection services work by scouring dark web destinations for evidence that their customers’ personal details are being put up for sale.
‘Dark web’ is a catch-all term used to describe secure, private networks and heavily encrypted websites which are separate from the general world wide web, or the ‘clear web’.
While dark web sites are useful for people living in societies where governments have rolled out surveillance programs, dark web destinations are also used by criminals who want to sell and trade information.
People’s email addresses, phone numbers and other personally identifiable information (PII) can be used for fraudulent activity. It is then important to know what the risks of the dark web are and how to protect yourself.
A full set of PII – potentially enough information for someone to go on a shopping spree in your name – is sometimes referred to as ‘fullz’ or ‘fullzinfo’ on dark web marketplaces.
A fullz would likely include your name, date of birth, email addresses, bank details (including your account number), credit or debit card numbers, Swift codes, CVVs (bank card security codes) and expiration dates. With that information, someone could cause you a lot of financial pain. It could even lead to the police coming after you, if loans are taken out and then defaulted on.
If any of your PII is discovered in this way, you will receive an alert and hopefully some advice on what to do next, such as alerting your bank, changing any affected passwords and informing security services such as Action Fraud in the UK.
Jim Martin / Foundry
So, how do the ID protection services know what to look out for?
They simply use the information you give them, which means you need to hand over your bank details, card numbers and any other PII that you would want an alert for.
This also means the service providing the monitoring has to be completely trustworthy and ensure that it keeps that data secure for you.
How much does ID protection cost?
ID protection is usually a subscription service. Costs tend start from around £7.99, US$9.99 and AU$12.99 for monthly subscriptions or £19.99, US$89.99, and AU$99.99 for yearly ones.
That’s for an individual, but you can also get family plans to monitor the whole household’s details. Some examples include Bitdefender Digital Identity Protection, F-Secure ID Protection, IdentityForce (US. only, owned by credit agency TransUnion), Norton LifeLock (US only), and Norton Identity Advisor Plus (UK and Australia).
Additionally, you can get ID protection bundled with antivirus, a VPN and password manager with some security suites such as McAfee+, Bitdefender Premium Security Plus and F-Secure Total.
Likewise, Norton 360 Premium in the UK and Australia, and Norton Select + LifeLock in the US come with ID protection built in.
You will pay more, but they’re better value overall, as you can get all-round protection for your family and your devices.
How much does ID protection cost in the UK?
So the big question is what it’s going to cost you. This will give you a very good idea of what’s available right now (prices correct at time of writing).
Standalone ID protection services
Security subscription services featuring ID protection
How much does ID protection cost in the US?
Standalone ID protection subscription services
- Norton LifeLock – from $11.99/month for the first year, or $89.99 for the first year ($124.99/year thereafter).
Security subscription services featuring ID protection
- Bitdefender Ultimate Security – from $9.99/month for the first year ($17.99/month thereafter), or $89.99 for the 1st year ($179.99/year thereafter)
Do ID protection services help recover from a breach?
It’s important to understand that most ID protection services are there primarily to help prevent ID fraud from taking place. They are not designed to help you recover after your identity has been stolen.
Having said that, both the IdentityForce and McAfee+ services in the United States offer up to $1m to cover any expenses incurred as a result of your identity being stolen, and McAfee+ also provides up to $25k for ransomware cover.
Also, while ID protection services typically don’t help you recover any stolen money, your bank should reimburse you in cases of fraud.
Can I get free ID protection?
If you’re not willing to pay, there are a few good resources at your disposal.
Haveibeenpwned, perhaps better known as HIBP, is a free online email address checker which presents results in a clear and comprehensive manner.
Have I Been Pwned / Foundry
By entering your email address into the HIBP search bar, you will see in a matter of seconds if any websites or services linked to your email address have been compromised at any point in history.
It’s likely that if it’s a big data breach, such as the 2018 Currys PC World hack, or the 2020 Twitter leak, you will have already heard about it and (hopefully) secured your account with a new password.
If not, it’s still a good idea to change those passwords. HIBP also offers a free email notification service, should your email address get, as they say, “pwned in future.”
McAfee has a checker like this on its Identity Theft Protection page and F-Secure also has a free Identity Theft Checker tool. The only downside to these free checkers (often available from security companies) is that you have to run those checks yourself regularly and you won’t be notified of new leaks automatically.
DeHashed / Foundry
DeHashed offers a breach monitoring and notification service that’s free for individuals. Like HIBP, DeHashed will search the dark and the clear web for your personal information, and tell you if your search queries return anything. It also offers a free notification service, so it will contact you via text or email if any of your information appears for sale online in the future.
Similarly, Intelligence X has a search service that’s free to use, as well as more expensive paid tiers which are aimed at businesses and security researchers. In addition to entering email addresses, you can also search for US social security numbers and Bitcoin addresses.
Finally, there’s also Firefox Monitor, which features bulletins on recent data breaches, plus other useful information. As Firefox Monitor’s search tool draws on HIBP’s database, it shouldn’t tell you anything that HIBP won’t.
Should I buy an ID protection service?
Armed with the information above, you should be in position to answer that for yourself. However, a better question would be, “Should I buy a security suite with ID protection included?” because that is where the best value lies.
It’s hard to recommend subscribing to a standalone service when you can get a more comprehensive suite of security software for not much more money. For example, at the time of writing, Bitdefender’s solo ID protection offering is actually more expensive per month than the introductory rate on Premium Security Plus bundle – which comes with Digital Identity Protection.
All the tools we’ve talked about are undoubtedly useful. Anything that can offer insight into any old account associated with your email addresses that you might have forgotten about is worth making use of. A lot of the free tools available to you are very good as well, with DeHashed in particular offering an early-warning service for free.
Taking the time to learn some tips to protect your ID online, and then do an audit of your online profile is never a bad idea. Of course, an ID protection service can help in this regard.
If you’re in the market for an antivirus or security package, ID protection should absolutely be on your radar, but think twice before buying such a service on its own.
What should I do if my data was leaked?
The first thing you should do is change passwords on every account that has been compromised. If a password has been leaked and you use it for multiple accounts, then change the password on all those accounts and, please, use different passwords for each one.
If your primary email account has been compromised, consider switching email accounts, even if that means opening up an new one with the same provider (such as Gmail). If someone has access to your email account, they could intercept any password reset emails that you receive, potentially causing further damage.
If anything connected to your online bank or any financial services you use have been hacked, contact your bank and/or service provider and change all security details: passwords, memorable words, answers to security questions etc.
Check your credit rating with a credit agency as well, and ask for a free ‘Notice of Correction’ if you see anything suspicious on the report.
In the first instance, contact the police. If you’re in the UK, you can contact either Action Fraud (if you’re based in England, Northern Ireland or Wales) or Police Scotland (if you live in Scotland).
You’ll need to create an account with Action Fraud before beginning your report – create a fresh email account if you think or know that your primary account has been compromised.
You’re not required to create an account via the Police Scotland secure contact form – just leave contact details.
UK residents can also apply for Protective Registration from Cifas (Credit Industry Fraud Avoidance System). This is a paid service which costs £30 for two years’ worth of cover, and it places a red flag against your name on Cifas’s National Fraud Database.
Companies can then use this if your details are used to apply for things – additional checks to make sure it’s actually you buying things, and help stop someone from clearing out your accounts.
If you’re in the United States, you should report identity fraud to the FTC (Federal Trade Commission) at the IdentityTheft.gov site, where you can create an ‘Identity Theft Report’ and download template documents to send to credit agencies and businesses if you need to.
If you’re in Australia, you’ll need to file a report with the Australian Cyber Security Centre. Learn how to do that in its dedicated article.