It's a crime in which the perpetrators are unseen, the victims often unaware that it’s even happened – until, that is, their lives are disrupted. Identity theft is rapidly expanding, and according to Experian, 40% of consumers worldwide have already been a victim at least once. In the United States alone, someone falls victim to identity theft every two seconds, according to Javelin Research. And in a recent F-Secure survey, 7 out of 10 consumers agreed they could likely become a victim of cybercrime or identity theft. 

As widespread as identity theft is, and as high as consumer awareness is, a story of protection from identity theft is a new angle that remains largely untapped for operators with their customers. F-Secure looks to change this by giving consumers an option for identity protection via their broadband provider. 

An insidious online crime 

Identity theft occurs when someone uses another person's identity or personal information without permission to commit a crime or fraud. In our digitally-enabled world, this information is all too accessible to anyone willing to hack it - or to buy what's already been hacked.

A common form of identity theft is account takeover, which is made easier by two enabling factors: One, the tendency of consumers to use weak passwords and to reuse those passwords across multiple online accounts; and two, the prevalence of company data breaches, which have hit most major service providers. Nearly 32% of breach victims in 2016 later experienced identity fraud, compared to just 2.8% of individuals not notified of a data breach in 2016, according to Javelin.

Breaches put entire databases of customer information including usernames and passwords into the hands of criminals. Using automated tools, cyber thieves set about cracking these passwords, converting them from encrypted hashes back into plain text. Weak passwords are the “low hanging fruit” - as the quickest to crack, they are then used to attempt logins across multiple services.

Once an attacker obtains access to an account, he or she can assume the role of account holder, taking advantage of the account’s privileges. That may mean performing bank transfers, making credit card purchases online, transferring loyalty points, watching Netflix for free, or any other action that benefits the attacker in some way. The attacker can also change the account password, locking out the rightful account owner and ensuring the attacker’s ability to access it. The more accounts for which the victim has used the same password, the more damage the attacker can do.

Stolen credentials, credit card details and other personal information from data breaches also make it to the Dark Web, where they are bought and sold by cyber criminals for use in various other forms of identity theft. And when criminals would rather hack fresh data, there’s always commodity malware. Having infected a device, malware can perform various malicious tasks, such as logging a user’s keystrokes - another way of stealing passwords or credit card details.

Consumer concerns, victim challenges 

In the ecosystem that is the cybercrime industry, consumers are right to be concerned about the exploitation of their personal data. 58% of consumers, according to F-Secure, are worried about someone hacking into their bank account and stealing money. 56% are worried about losing their personal information as part of a data breach. 55% are worried about online shopping fraud, like theft of credit card numbers, and 54% are worried about someone hacking their social media and email accounts.

Victims of identity theft report damage in various areas of their lives: Stress and anxiety while trying to get the problem under control; loss of finances when a thief steals money from a bank account or credit card or purchases items in the victim's name; and loss of credibility when credit is tarnished, affecting the ability to get a job or a loan. There are also legal implications with the process of restoring one's identity, and worst case, the victim may have to answer for the misdeeds of the perpetrator.

What's more, a general lack of guidance about how to respond to identity theft, as well as a lack of national and international processes for dealing with it, leave victims on their own. Victims often find that the police have limited interest and resources for investigating the crime, as their attention is diverted towards "bigger" crimes.

Response is everything 

Consumers can take steps to protect themselves with good password practices such as using unique, strong passwords and two-factor authentication. The kicker, however, is that with the preponderance of breaches, consumers can take all the necessary steps to protect their information, and still have their data exposed through an organization's loss of control of it.

The key, then, is in responding to a leak of personal data quickly, to get out in front of the problem and mitigate the effects. But according to a report by the Identity Theft Resource Center, the typical discovery time for victims to find out their identity has been stolen is three months – long enough for the perpetrator to do significant harm. And those are the luckier ones - 16% of victims don’t find out for three whole years.

Operator opportunity

It's clear that consumers can use assistance navigating the world of identity protection, and the data shows they are open to help. 52% told F-Secure that they find the idea of an alert system when private or sensitive data has been leaked or stolen an attractive security product benefit. 26% are willing to pay for such a system, and 34% would like to buy it through their mobile or broadband operator.

Operators looking to generate revenue with a high ARPU service can respond to this growing need and concern among consumers. Effective identity protection combines preventive mechanisms that help consumers lower the risk of their data being misused in the first place, with detective technology that picks up on any exposure or misuse of data that does happen and alerts the user. F-Secure ID PROTECTION combines these two elements - preventive password management with detective ID monitoring and alerts, for full-scale protection.

The best in identity protection technology 

F-Secure ID PROTECTION’s password manager makes it simple and intuitive to create and store a strong, unique password for each account, drastically reducing the risk of account takeovers. ID monitoring scans and monitors all corners of the internet including the Deep Web, where academic and government repositories live, and the Dark Web, where illegal information is bought and sold. Instant alerts notify the victim whenever his or her personal information has been part of a breach or otherwise abused or exposed on the web. Consumers are guided through step-by-step instructions if a breach has occurred. 

With F-Secure ID PROTECTION, operator customers get best-in-class monitoring and alerting. Due to a combination of expert human intelligence and cutting-edge automated scanning technologies, F-Secure has the shortest lead times finding exposed data after a breach, and one of the highest hit rates for email addresses. ID PROTECTION finds items at a detailed level, such as plaintext passwords associated with an end user’s scanned email address, and its high response speed enables the user to take immediate action to stop any further abuse.

New messaging, healthy profits

A story of identity protection is an angle operators largely haven't tapped into, and it offers new marketing angles and unique value propositions that harness legitimate consumer concerns. Additionally, F-Secure ID PROTECTION offers an attractive pricing structure. Comparable services offered directly to consumers command a heavy monthly fee, giving operators the opportunity to undercut these fees while still maintaining a healthy profit margin.

An identity protection solution is complementary to internet security solutions such as F-Secure SAFE, which protects users from malware and viruses such as password-stealing keyloggers. The combination of both services together gives operators the opportunity to tell a full story of digital protection.

Sources: 
Experian 2019 Global Identity and Fraud Report 
Javelin Research 2014 Identity Fraud Report
Javelin Research 2017 Identity Fraud Report
F-Secure Identity Protection Consumer (B2C) Survey, May 2019, conducted in cooperation with survey partner Toluna, 3600 respondents in 9 countries (USA, UK, Germany, Switzerland, The Netherlands, Brazil, Finland, Sweden, and Japan), 400 respondents per country.