Answers about StolenID Search
In the past few days, we’ve seen thousands of people make comments about our StolenID Search service. We appreciate everyone who sees value in the service as well as those who have questions.
We feel that it makes good sense to help address all those questions in one common forum. So, we’ll use the TrustedID blog, which usually focuses just on news related to identity theft, as a venue to answer your questions/concerns related to our new service. Please post all your future questions and concerns about StolenID Search here, as comments. We’ll answer as many as we can.
Here, then, are the top questions people have expressed in recent days:
Why did you create StolenID Search?
Early detection is vital in preventing identity theft. That’s where StolenID Search comes in. A simple and secure search tells you if your data has been compromised, so you can take control and act quickly against fraud or identity theft. StolenID Search is intended as consumer-empowering, free service.
We’re a trust-worthy company with a strong consumer advocacy thread in our corporate DNA. Last year, we launched another consumer activist site, which increased awareness and enlisted support for more sensible federal consumer protection policies in Congress.
We thought carefully about offering this service before launch, and consulted with experts, including The Identity Theft Resource Center, before concluding it strongly served the public good. There is nowhere else where consumers can get the kind of insight we’re offering for free.
Is entering the data into www.stolenidsearch.com safe?
Yes, for three reasons:
First we save no personal information that goes into the search box at www.stolenidsearch.com . We do retain information about the issuing bank of the credit card (we can tell that from the first 6 digits of a credit card) but we do not retain the sensitive part of the card – the last 8 numbers which are your account number. As soon as we finish the search we immediately purge your sensitive data.
Second, our search is anonymous. We never ask you who you are. Your credit card number or social security number alone has little value. It’s when these numbers become associated with a name, an address, a date of birth, a expiration date, or a CVV2 number, that things start to get dangerous. We never know any of this information; therefore, searching for a number with StolenID Search is unlikely to harm you, even in the worst case scenario.
In some cases, a SSN alone may help a fraudster perpetrate tax id theft or employment id theft. This happens because today few employers verify to see that a name and social security number match. In fact, until recently, it was impossible for an employer to even check that they matched. This is now changing because of headlines like this. Employers can now do verifications here. But there are dozens of ways to get a valid SSN today, from online services, from private investigators, even from the SSA itself. But again, because we save none of the data entered into our search box, even in the worst case, your risks are extraordinarily limited.
Finally, our site is built using the highest levels of security available on the Internet. It’s not appropriate to explain details, but suffice to say that we spend our days thinking about security, and we’ve been collecting far more sensitive information from our customers over the years. We have never experienced any data breach at TrustedID.
Isn’t this going to enable criminals? They’re going to use it to check credit card numbers to find out if they’re “good.â€
It’s highly unlikely that StolenID Search is going to be the next best asset for credit card thieves. Just because a credit card number doesn’t show up in our database doesn’t mean it works. And just because it does show up in our database doesn’t mean it’s been cancelled by the issuer. So what would the real value of our service be to a fraudster? It’s not clear.
In the long run, StolenID Search could diminish the potential marketplace for stolen data if we are successful in creating a single clearinghouse for this type of information. This would benefit everyone except the criminals, as we’re able to quickly alert consumers to the compromise of their information. That’s our goal, but it will take time to get there. Therefore, it’s so important to understand our big vision behind this advocacy effort, which is to help empower the consumer to protect themselves from identity theft.
Will StolenID Search encourage a new breed of phishing sites?
We certainly hope not. But any successful site breeds the potential for copy cat phising sites. We see that everyday in our inboxes with scams related Ebay, Amazon, Bank of America, Citibank, etc. In fact, we encourage more dialogue on educating people on “phisihing†scams on the blogs and in the media.
We are employing cutting edge technologies to ensure that phishing sites with names similar to StolenID Search or misspellings of StolenID Search do no lead to phishing attacks.
In this case, we believe the good that can be done by a site like StolenID Search is far greater than the potential risk of a would-be phishing site. Just as we believe the good done by online banking is greater than the bad done by phishing sites that mimic them.
If you’ve got key logging software on your computer and you visit www.stolenIDsearch.com, you’re going to be putting your data at risk.
We recommend that everyone today use some form of anti-spyware and anti-virus protection software. The risk is simply to great not to. It’s worth the $50. Do it. And do it before you get to our site, please.
If you have key logging software, it’s highly likely that the damage is going to be done before you get to StolenID Search. You’re going to create the real problems when you’re at your online bank, logging into an investment account. Again, risks exist, but we suggest that the potential benefits outweigh the potential bad.
Can we trust StolenID Search like other search engines we know?
We believe the answer is yes! Our service was built in consultation with industry experts, including Identity Theft Resource Center, the country’s leading organization for identity theft protection. TrustedID is an established company committed to consumer advocacy and the prevention for identity theft.
But more broadly, yes, consumers need to be very vigilant when they do anything online, especially providing personal information. They should always look for secure sites (shown by HTTPS:// in the url). They should make sure that URLs of sites they are visiting are not misspelled. They should not click on links in emails, but rather type the URL into a web browser themselves. They should look for “HackerSafe” and “Verisign Secured” logos on websites. And they should be running anti-virus and anti-key logging software on their PCs. I also personally recommend free services like SiteAdvisor. These suggestions, plus a little common sense, will keep 99% of consumers safe online
It is also important to note that StolenID Search is an anonymous service. We know nothing about the hundred thousand plus people who have used our service in recent days. Even if we were fraudsters, not knowing anything about you (ie: name, address, date of birth, expiration date, security code, etc) makes it much harder to use this information in a fraudulent way. Also, please keep in mind that we save NONE of the personal data that goes into our search engine. That information is purged immediately.
StolenID Search is unique in its ability to give ordinary people free access to valuable information. There is no other way to do this today. If individuals want this benefit, we encourage them to use our service.
As always, we really appreciate your feedback. You’re welcome to respond though comments on this blog, or send me your thoughts directly.
Scott Mitic
CEO, TrustedID
Scott |at| trustedid |dot| com
