Credit monitoring as an employee benefit

Let's take a few minutes to talk about one way to give our employees tools to make better security decisions and improve the security of their finances.

A somewhat new form of identity fraud has been in the news lately: Tax Return Fraud (Krebs)(Fox)(NY Post)(Bloomberg): Bad guys are sending in tax returns using other people's information so they can claim a refund first.  The IRS estimates that they sent out over $5 billion in fraudulent returns last year.  Imagine how you would feel, tortuously completing your tax return only to get a message back from the government saying, "Sorry, you already got your money back."  60 Minutes did a good story on this last year and featured the story of one person who did an average of 15 returns a day with a modest return of 2-4 each time, resulting in almost $45,000 in profit every day.  This is a big issue that the IRS is working to try to solve, but if a fraudster is successful in using your information, the burden to prove the truth and clean up that situation is entirely on your shoulders.

Unfortunately, while it is important to know about this type of identity fraud, currently the best way to defend against it is to file your taxes as early as you can, and that still leaves a good window of opportunity for the bad guys.  However there are many other kinds of financial and identity fraud out there--by far the most prolific is still the creation of new credit accounts in someone else's name or unauthorized use of existing credit accounts--and the best defense against these other forms is credit monitoring.

The Federal Trade Commission requires each of the three credit reporting agencies to provide you one free credit report each year. You can get those reports at Do not confuse it with the myriad competitors out there, this is the only FTC-authorized website to get your free credit report.  The others give you your first one free, but usually you are also automatically signed up for a fee-based credit monitoring service.  Even tries to up-sell services to improve the efficacy of credit monitoring, so you have to look closely for the text link that gets you to your credit report without signing up for more.

When somebody does not have an active credit monitoring service, I recommend that they pull one of their three free reports every four months: in February (after the bills from the holidays come in), pull the report from Experian; in June, grab the report from Trans Union; and in October (before the shopping season starts), get the report from Equifax.  This gives a pretty good view of your credit all year and is entirely free.

But even though this resource is available and easy to use, most people either don't know about it or only bother to check every few years.  So now let's shift tone from what you as an individual can do to what we as employers can do to help.

We, as employers, can help provide a better way. Consider offering credit monitoring as an employee benefit.  Financial health monitoring right alongside physical health monitoring. It doesn't have to cost the enterprise anything more than the administrative costs to maintain the program. It can be offered as an employee-funded option on a pretax basis. I have seen organizations negotiate directly with one of the three credit reporting agencies for prices in the $10 range for credit monitoring all year, a very small out-of-pocket expense for the peace of mind of knowing that their credit is being actively analyzed and an alert will be pushed to them if something changes.

Organizations that have cyber insurance should consider working through their provider to negotiate the price, as this will likely result in a better cost for the credit monitoring itself and may result in lower insurance costs depending on your provider.  (This is a measurable positive element in security programs when viewed from the perspective of cyber security insurance underwriters.)

Credit monitoring helps to empower our people with better protections against threats to their financial health.  They are alerted as the earliest possible moment to issues that may be surfacing.  Timely information allows for timely response, easier defense and clean-up and, thus, more Convenient Security. 

Join the CSO newsletter!

Error: Please check your email address.

Tags IRSsecuritySecurity LeadershipBloomberg

More about BloombergEquifaxFederal Trade CommissionFTCIRSTrans Union

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Quinn R Shamblin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts