ID Theft Insurance: Oasis or Mirage?

October 6, 2008 by

A client concerned about identity theft might consider moving to the Dakotas. It’s best to stay away, however, from Arizona, California, Nevada, Texas, Florida and New York. All of these states reported that more than one out of every 100 persons was the victim of identity fraud last year. In the sparsely populated Dakotas, the rate is less than one-third of 1 percent, according to the Federal Trade Commission.

This may be interesting, but not particularly helpful. The question most clients have is how vulnerable they are to identity theft and the likely cost if they become a victim.

When it comes to ID theft insurance, the name is something of a misnomer. Too many people think that if someone steals money from their bank account, the insurance company will repay them. But this is not true for most policies. The typical ID theft insurance policy will not pay for stolen money but only for expenses associated with straightening out the mess. Actual losses require a separate very specific policy.

The Costs in Time and Money

Statistics on time and costs are inconsistent. Almost 600 hours and $1,400 in out-of-pocket expenses, not including lost wages, according to the Identity Theft Resource Center in San Diego. Some $422 in out of pocket expenses and 25 hours, says Javelin Strategy & Research, a Pleasanton, Calif., research company focused on financial service topics. However, two-thirds of victims have no out-of-pocket costs. Eighty-one hours, according Nationwide Mutual.

The good news is that both the number of victims and the dollars lost appear to be declining. A Javelin survey showed identity-fraud losses dropping 11.8 percent in 2007, to $45 billion. It tallied 8.4 million victims of identity fraud as of late 2006, down from 8.9 million in 2005 and 10.1 million in 2003.

Nevertheless, last year identity theft topped the list of consumer complaints filed with the Federal Trade Commission, accounting for 36 percent of the total.

Whatever statistic is correct, the major cost is the hassle factor — the hours spent talking to creditors, credit reporting bureau and law enforcement agencies that tend to give identity theft a low priority compared to violent crime. There can be the intangible costs of denied loans or higher interest rates.

Group Policies

The hassle factor is why a small percentage of employers offer identity theft insurance as a benefit, particularly since corporations often pay less than $3 a year per employee.

It makes sense as an employee benefit. It’s hard to imagine resolving an identity theft situation without some telephone calls during working hours. In addition, insurance is an inexpensive way to offer a little bit extra to employees.

Overall, about 3 percent of employers nationwide provided ID theft insurance, according to a 2006 survey by Aon Consulting. The number is expected to rise.

Metropolitan Life Insurance Co. said 55 of the Fortune 100 companies included an ID theft option last year. It offers ID theft restoration services at no additional charge to customers who take auto or home insurance as a voluntary benefit through their employers.

Other frequent purchasers of group policies are banks and credit unions. Citibank, for example, offers customers free ID theft recovery service, and MetLife has extended its coverage to customers of its online MetLife Bank. ID Theft 911, which provides restoration services, signed up 130 credit unions and community banks in 2006. As of this year, the company says it covers more than 11 million households in various programs.

Travelers and AIG are the largest writers of group ID theft expense reimbursement policies.

Individual Policies

Outside the corporate workplace, endorsements to homeowner’s insurance, providing identity theft expense reimbursement, are usually available. These generally are not underwritten in the traditional sense; the policy is issued with little investigation or consideration of exposures. They typically cost $50 to $70 for $15,000 to $25,000 in coverage.

Some companies, such as MetLife and Grange, offer identity theft protection at no extra charge with a homeowner’s policy. Others, such as Allstate and Travelers, sell it as a stand-alone policy or as a rider. Chubb and others have partnered with Identity Theft 911 to help customers recover or recreate missing personal documentation after a disaster or theft, and cover up to $25,000 in expenses with a $500 deductible.

Critics Say It Isn’t Worthwhile

If identity theft is apparently so prevalent, why is the pricing so modest?

The answer, some contend, is that ID theft insurance has little value, due to the scope of coverage provided. Consumer Reports and the Privacy Rights Clearinghouse in the U.S., as well as the Public Interest Advocacy Centre in Ottawa, are among the skeptics. Beware, they say, of deductibles that may be higher than likely expenses. Coverage for attorneys’ fees may be valuable, as long as purchasers understand that prior approval usually is required.

Another red flag is the fact that if a bank or retailer is proven negligent, any existing cyber liability insurance would likely respond to customers’ claims, subject, of course, to policy limits and language. However, recent surveys from the Computer Insurance Institute (www.gocsi.com) show that more than 70 percent have not purchased such insurance.

Many policies, including individual and group insurance for expense reimbursement, contain “other insurance” language, making the individual’s insurance excess over other collectible insurance. That is normal, but delays in claims adjustments prolong the victim’s financial pain.

Actual Financial Losses

Identity theft policies generally do not cover such financial losses as fraudulent charges or over-limit or nonsufficient funds fees. Insurers expect banks or credit card companies to erase these expenses. But the consumer still may want protection with a policy covering actual financial losses.

These are distinct from the individual ID theft expense reimbursement insurance, and include specific coverage for the actual financial loss. The best-known example is a joint venture between Travelers and the American Safety Council. This product, which also is not underwritten, is issued immediately after completing a simple Web form. There are several limits available. Although pricing is steeper than for the expense reimbursement coverage policy, the cost is still reasonable. It is available only at: www.identitytheftpolicy.com.

So far Travelers apparently has not been willing to allow its retail agency force to market this product. [Writer’s Note: I recently purchased a policy limit of $30,000, with no deductible, for an annual premium of $79. Again, the attraction of this particular policy is coverage for incurred financial losses, as well as associated costs and expenses.]

So who really needs ID theft insurance?

People earning more than $150,000 a year are the most likely targets, according to Javelin. Those who earn less than $15,000 are most likely to suffer long-lasting damage, and young adults between 18 and 29 are the most frequent victims, probably because they are least likely to take safeguards as shredding documents and using firewalls on computers.

What Are The Alternatives?

Given this background, consumers may prefer to focus on prevention services designed to make personal information almost unavailable through credit bureaus. Others focus on rectifying an ID theft, should one occur.

Diverse entities are getting involved. The large grocery store chain Kroger endorses a specific service that can be activated by calling a toll-free number or on the Web, and prepaying a fee for ID theft resolution services.

On the other end of the spectrum are prevention services such as LifeLock (www.lifelock.com), currently being promoted by a major national advertising campaign. LifeLock “guarantees” that it will eliminate public access to personal information except with the specific permission of the individual. If an identity theft still occurs, LifeLock promises to pay all costs up to $1 million

Its reputation has been somewhat tarnished by two recent lawsuits and the discovery that a Texas resident managed to get an online payday loan operation to lend him $500 using the LifeLock CEO’s Social Security number, which he had listed in ads promoting the effectiveness of his service.

In an Arizona lawsuit, plaintiffs claim the $1 million guarantee is misleading because it only covers a defect in LifeLock’s service. A California lawsuit by the Experian credit bureau accuses LifeLock of deceiving consumers and abusing the system for attaching fraud alerts to credit reports.

A similar service is IdentityGuard (www.identityguard.com), which monitors Internet “back alley” communication and chat rooms. Trusted ID (www.trustedID.com) combines prevention and resolution services, with monitoring of credit information, and risk assessment. These services generally cost from about $10 to $15 per month.

At least one of the credit reporting bureaus, Experian, offers a subscription service (www.freecreditreport.com) that provides credit reports and other basic services to consumers. Consumers already can receive free credit reports through the federal government’s Web site, www.annualcreditreport.com, but the confusion between services that require a fee and those that are free is understandable.

Other resolution/recover services include Trust (www.mytruston.com) and ECredit Freeze (e.creditfreeze.com). Also services such as Pre-Paid Legal Services Inc. (www.prepaidlegal.com), do not necessarily remedy ID theft but can address potential problem areas.

ID Theft Specialists

Finally, ID theft has produced new career opportunities in insurance. The Institute of Fraud Risk Management is offering a new professional designation — Certified Identity Theft Risk Management Specialist — that can be earned through study materials and passing a series of exams. [See www.tifrm.com] About 10,000 people have been certified.

It appears that the crime of identity theft is here to stay. The challenge is to be sure clients truly understand the risks and coverage. If they become a victim, brokers want to be certain they have led them to an oasis, not a mirage.

Significant ID Theft and Privacy Legislation

  • The Identity Theft and Assumption Deterrence Act (Federal, 1998). This early federal legislation formally established identity theft as a crime and made the Federal Trade Commission the primary U.S. government agency for establishing, maintaining and tracking ID Theft activities and incidents. In 2004 the Identity Theft Penalty Enhancement Act added prison sentences for some convictions of ID theft, including terrorism.
  • The Health Insurance Portability and Accountability Act (Federal, 1996). Although this legislation was directed at ending discrimination in hiring based upon pre-existing medical conditions, it also mandated protection of employee medical records under penalty of fines and/or prison terms.
  • The Graham-Leach-Bliley Act (Federal, 1999). This legislation requires financial service firms to send customers periodic notices of the firms’ privacy policies and practices, with a focus on how customers’ personal information is protected, used internally and disclosed to others.
  • The California On-Line Privacy Protection Act (Statutory, 2004). This law took effect in California in July 2004. After the late 2004 scandal in which ChoicePoint found that unauthorized persons had accessed its database of background information, 38 states plus the District of Columbia adopted various versions. The law requires notification of customers in the event of certain security breaches involving their personal information.

ID Theft and Resolution Services