Help Clients Avoid Identity Theft with the Right Protection Resources

Posted by Sean Mackey

February 28, 2018 at 1:30 PM

help clients avoid identity theftI’ll take a wild guess: you didn’t become a financial advisor to remediate identity theft. But because this kind of fraud can drastically affect their finances, clients often look to you for guidance to help them keep their identities protected.

As news of the Equifax breach broke in September 2017, hundreds of Commonwealth advisors reached out to the firm’s Information Security team, asking how to help clients avoid identity theft. Because of Equifax’s poorly managed response, the situation seemed to change hourly; it became a challenge for us all to process the news, develop an appropriate response, and help clients take the right steps to secure their personal information.

How much less stressful would that week have been if we knew of a few tools to help keep our identities safe? Although it isn’t feasible to master every potential identity theft scenario, it’s definitely worth your time to learn how to provide your clients with enough guidance to initiate a recovery plan.

A New Kind of Risk Tolerance

Everyone has a different risk tolerance; what works for one potential identity theft victim may not work for another. Similar to risk tolerance in the markets, some clients are willing to stomach considerable risk when it comes to protecting their information. Others won’t take any chances.

So, how can you help clients with varying risk tolerances? Start with these steps:

  1. Lay out all the identity theft tools and resources on a spectrum—from the most basic protection to the most advanced.
  2. Identify the benefits and risks for each solution.
  3. Empower your clients to choose the option that fits their own comfort levels for risk.

Here, we’ll go through four different protection resources and services that are available to the general public. We’ll go across the spectrum, starting from the most lightweight and ending with the most robust, with a focus on the benefits and risks of each one. Keep in mind that these tools may be used concurrently.

Credit Monitoring

This service monitors individuals credit files for any changes or suspicious activity so that they don’t have to check on it themselves. Credit monitoring can send alerts (most often via e-mail or text message) when there are hard credit inquiries or when new lines of credit are opened. If anything looks fishy, individuals can report the unauthorized activity to the company holding that account, as well as the major credit bureaus. At this stage, some incidents may be remediated.



  • This service often is offered free of charge after major breaches (e.g., Equifax and Anthem) when social security numbers (SSNs) have been exposed.
  • Credit monitoring does not restrict individuals’ access to their credit files.
  • Credit monitoring is reactive. Individuals are notified only after unauthorized activity has occurred.
  • Individuals must entrust another company with their SSNs.
  • Only credit is monitored; other accounts are not.

Fraud Alerts

A fraud alert is a cautionary note that individuals can place on their credit reports. It tells credit lenders or service providers that they may have been a victim of identity theft, so they must verify with account holders before making any changes to their credit. Usually, verification happens over the phone, but there is no standard means of verification currently defined by law.

Fraud alerts come in two flavors: initial fraud alerts, which last only 90 days; and extended fraud alerts, which extend that time to seven years. Extended alerts require an identity theft report, which must be filed with the Federal Trade Commission (FTC).



  • Fraud alerts are completely free.
  • They are easy to set up. Individuals can submit a request to one major credit bureau, and that bureau will notify the other two bureaus.
  • Fraud alerts do not restrict individuals’ access to their credit files.
  • The verification process isn’t clearly defined by law.
  • Verification could potentially cause delays in credit changes.
  • Accounts that are already open are not protected by this measure.

Credit Freezes

As the name indicates, this tool freezes credit files so that no one—including the individual who placed the freeze—can open a new line of credit. To open a new line of credit, individuals will have to unfreeze their credit files first (with a personal identification number [PIN] provided to them) and then freeze their accounts again when they’re done. This is the most heavy-duty tool individuals can administer on their own to secure their personal information, but it has some consequences.



  • A security freeze is the most effective preventative measure because without the PIN, no changes can be made to a credit file.

  • The application process requires a separate submission for each of the three credit bureaus, and some states charge a fee.
  • A freeze restricts individuals’ access to their credit. They must unfreeze it to allow changes. (Changes may be permitted for specific companies at specific times.)
  • This does not restrict access to accounts already open. Fraudulent activity can still occur in those accounts.

What about credit locks? A credit lock functions similarly to a credit freeze, with a few notable distinctions:

  • Equifax and TransUnion offer credit locks for free; Experian charges $5 for the first month and $25 for each month thereafter.
  • Rather than a PIN, a credit lock may provide other authentication options, such as a username and password.

Credit locks are not backed by law, which may obfuscate liability claims if the lock doesn’t work properly.

Identity Theft Protection Services

Identity theft protection services provide an all-in-one suite of tools and resources that can help clients avoid identity theft. Although we can’t recommend any specific product, the better services offer real-time credit monitoring at all three major bureaus, customized account alerts (for more than just credit), and a 24/7 call center.



  • These services combine the benefits of other tools (e.g., credit monitoring and alerts) in one place.
  • When 24/7 support is available, it can help guide individuals through the appropriate steps to mitigate the situation at any time.
  • Some services can monitor accounts outside of credit files.

  • Individuals must entrust other companies with their SSNs.
  • These services can be costly (depending on their pricing tier).
  • Quality may vary depending on the company. Before subscribing to any service, individuals should perform due diligence.
  • Most services will not help with identity theft that occurred prior to membership.

Helping Victims of Identity Theft

A great starting point for victims of identity theft is By following the site’s simple prompts, victims can select their identity theft situation, access guidance and resources specific to them, and file identity theft reports with the FTC.

Preventing a part two. After remediation, maintaining healthy account hygiene can help clients avoid identity theft in the future. Here are some tips to share with clients:

  • Encourage them to change account passwords for any accounts that may have been compromised.
  • Ensure that your clients’ passwords are unique for each account. That way, if one account is compromised, the attackers potentially can’t access other accounts.
  • Teach your clients to enable multifactor authentication wherever possible. Multifactor authentication asks users to provide more than one form of identification to log into their accounts. For example, in addition to entering a password or PIN, users are prompted to access something they have, such as a smartphone or a hardware token.
  • If clients suspect that their e-mail accounts may have been hacked, instruct them to review the mail-forwarding rules and delete any rules they don’t recognize. Attackers often add forwarding rules so that when accounts send or receive certain e-mails, those e-mails are forwarded—even after individuals have regained access and changed their passwords.

Becoming an Information Security Resource

In the wake of the Equifax breach, if your clients haven’t come to you for guidance on how to secure their personal information already, you’re bound to find yourself in a situation where you need to help clients avoid identity theft sooner or later. A basic understanding of these resources and services can help you reassure your clients that options are always available for defending against identity theft.

Have your clients asked for guidance on how to secure their personal information? How do you stay on top of information security threats to help clients avoid identity theft? Please share your thoughts with us below.

Cybersecurity in Focus: How Commonwealth Protects You Data

Topics: Information Security

New Call-to-action
The Independent Market Observer, Brad McMillan

Follow Us