Is identity theft protection worth it? In short, it depends on a few different factors all of which are discussed.
Identity theft is rising, leaving many concerned about their financial security. With so much of our life moving digital, having reliable protection against this crime seems rational.
But determining whether or not identity theft protection (for brevity, “ITP”) is worthwhile depends on several factors, including how individual attitudes towards potentially compromising personally identifiable information (PII).
PII is the primary driver of identity theft and most other fraud types. ITP does nothing to address this, which is one of its shortcomings. External Data Privacy (EDP) solutions are built around a framework that includes Proactive Risk Mitigation (PRM) and is thus able to take the necessary actions to reduce the amount of publicly-available and for-sale information criminals use to orchestrate identity theft.
Note that PRM stands in direct contrast with the purely reactive nature of ITP. This is an essential point to grasp if you desire a solution that mitigates the risk of identity theft by getting out in front of the problem, which, as we discuss in detail, is the acquisition, publication, dissemination, and sale of data.
What does Identity Theft Protection do?
Identity theft protection is a service marketed as a safeguard from identity theft via monitoring personal data. ITP typically involves monitoring personal information, such as Social Security numbers (SSN), credit card numbers, and other sensitive data. If potential identity theft is detected, the platform will alert the user, who can then take action and possibly prevent additional damage.
Multiple vendors exist in the $11 billion ITP market, including the antivirus software company Norton and Transunion’s IdentityForce. The pricing and features are widely diverse as a result. For example, Norton will, of course, include antivirus as part of its packages. IdentityForce monitors changes in personal data across a wider number of sources than its competitors but, strangely, includes no credit monitoring sans the highest-tier service.
In general, the most basic ITP services include:
- SSN activity alerts
- Monitoring one of three credit bureau reports
- Funds reimbursement (in the event of identity theft)
More “Premier” ITP solutions may also provide additional services in the event of identity theft, including
- Court records
- Crime alerts
- Investment account alerts
- Payday loan applications
- Property title monitoring
- Social media monitoring
- Service orders (e.g., cable, utilities, wireless)
- USPS address change requests
Higher tiers of identity theft protection solutions may also offer the following:
- Out-of-pocket reimbursement (may help offset legal fees, lost wages, and stolen funds)
- Three-bureau Credit report monitoring
A (closer) look at the numbers
The most common argument by ITP providers is the steady rise of identity theft. According to the National Council on Identity Theft Protection (NCITP), the number of identity theft cases in 2021 totaled 5.74 million, a 67% increase over 2019.  The number of identity theft cases in 2022 is expected to be the highest on record. Providers also cite the total cost of identity theft NCITP cites the total amount of identity theft in 2021 as $5.8 billion. 
However, there is more to these statistics than meets the eye. Let’s take a closer look.
First, we must consider the average cost of identity theft. The median cost to identity theft victims was just $500, per the NCITP.  Norton Lifelock’s “Select” package, its most basic ITP offering, includes “stolen funds reimbursement” of up to $25,000. Norton’s “Ultimate Plus” includes up to $1 million.
Such large amounts of stolen funds are represented in an insufficient number of identity theft cases.
Perhaps a better answer to the question “Is identity theft protection worth it?” would center around the damage to one’s credit score as a result. But even here — even with top-tier, high-cost ITP —services are limited to helping “restore” credit rating after the fact.
Credit damage is another effect of identity theft one should mitigate proactively. Once again, PRM involves stripping criminals of ammunition via scanning for and deleting PII and reducing risk.
What is Personally Identifiable Information (PII)?
It’s important to understand that PII is the primary driver of the continued rise in identity theft cases. Identity theft protection does not remove this information.
The reasons typically given for the growing numbers of identity theft include the expanding use of digital technology, such as mobile devices, and the rapid expansion of online services. Less discussed, however, is the extraction, publication, circulation, and sale of personally identifiable information (PII).
Criminals use PII to locate potential victims. PII data include general information, such as a person’s name, address, and date of birth, to more precise data, such as financial account numbers, driver’s license numbers, and social security numbers (SSN). PII also includes biometric data, such as fingerprints, facial pattern recognition, and voice recognition.
Criminals such as hackers and social engineers scan the Dark Web and Data Brokers for PII to craft surgical strikes in the form of spear phishing and other attacks. Spear phishing attacks are becoming increasingly difficult to detect because of the high levels of personalization contained within the communication (usually an e-mail), which lowers the victim’s inherent defenses.
EDP addresses ITP’s biggest flaw
Despite what many people think, identity theft protection does not remove PII from the dark web. ITP doesn’t remove PII from the web, period.
Too many individuals believe that ITP removes personal data from the web, according to a survey by the Consumer Federation of America (CFA). As a result, the CFA issued a press release essentially accusing ITP providers of advertisements, leading to “the potential for advertising that plays on consumer fears.”
External Data Privacy solutions, however, do remove PII. High-quality providers of EDP solutions focus their efforts on Data Brokers, who are arguably the biggest contributor to identity theft.
Data Brokers are companies that collect, store, and sell personal information about consumers. This information can include names, phone numbers, e-mail addresses, credit card numbers, SSNs, and other sensitive data.
Data Brokers make this information available to third parties without your knowledge or consent. Data Brokers’ databases have been deemed “attractive to cybercriminals,” and are thus primary targets to those who would commit identity theft.
Several Data Brokers have already been breached, and several others have been convicted of conspiracy to commit fraud by selling private data to known fraudsters and criminal organizations.
In short, Data Brokers are a menace to privacy, potentially to financial security, and a legitimate threat to sell your personal information without regard to whom they are selling.
Privacy Bee’s EDP-focused solution can assist individuals and organizations with scanning for, deleting, and monitoring PII from over 350 of the most notorious Data Brokers and people search sites.
Identity theft protection is worth it for some; not for others
Identity theft protection can be a valuable tool for protecting your personal information and financial assets, but it is only sometimes worth the cost. ITP may best serve high net-worth individuals, families, and those whose lifestyle or job necessitates investing in ITP.
Identity theft protection services may be worth it for those concerned about stolen personal information. Similarly, is also likely a worthwhile investment for those with families and higher-net-worth individuals.
However, individuals who are diligent about monitoring their credit reports and accounts (identity theft protection is different from credit report monitoring) may not need an ITP service, especially considering the rising costs of ITP.
ITP services, being reactive, do nothing to mitigate the risk of becoming an identity theft victim. While quantifying the number of customers who sign up for ITP with the notion of prevention is impossible, studies such as that undertaken by the CFA indicate many consumers sign up for ITP assuming it will monitor and delete information from parts of the web.
As mentioned, this is not the case, and acquiring this capability means a more proactive approach via investing in an External Data Privacy solution.
We highly recommend a 100% free scan of exposed personal data.
[1,2,3] 2023 Identity Theft Facts and Statistics. (2023, January 30). IdentityTheft.org. https://identitytheft.org/statistics/
 Consumer Federation of America (2019). Too Many Consumers Believe Identity Theft Services Can Remove Personal Data From The Dark Web. https://consumerfed.org/press_release/too-many-consumers-believe-theft-identity-services-can-remove-personal-data-from-the-dark-web/