Debix Identity Protection

My previous health insurance company (Health Net) recently offered me a Debix identity protection service (now renamed to AllClear ID) for two years which monitors and notifies of changes reflected in the credit report. According to a letter I received from Health Net dated March 14, 2011, IBM which handles the data center operations of the company notified Heath Net on January 21, 2011 that it could not locate several hard disk drives which included member information such as name, address, health insurance, Social Security Number (SSN), and financial information.

IBM is a global organization serving many companies which handle personal information of millions of customers. I’m deeply surprised that their hard drives were not encrypted and somewhat curious as to how many other companies are affected by this and other potential incidents. IBM offers shared or co-location data hosting services and when there is an incident such as lost hard disk drives or a lack of control such as encryption, more than one company is affected. This highly publicized incident doesn’t reflect well on IBM as businesses which outsource their IT operations to IBM expect nothing but the best service and controls. I’m sure IBM will survive but why can’t we learn from past incidents and save ourselves the unneeded headache as well as waste of money and time we all have to endure? Recently I wrote a piece of article about the ripple effect of information protection negligence and this is a good example of a company’s negligence going beyond its business boundaries and affecting its clients and their customers.

Although I currently use another identity protection service which also monitors our SSN and credit card numbers, I decided to take advantage of this generous free offer and sign up for a two year Debix identity protection at no charge to me. I said generous because the most I have seen companies offer following an incident has been credit monitoring for a period of one year, however, Health Net seems to have been able to negotiate a good deal for its customers with IBM.

I registered for Debix credit monitoring in March 2011 and the registration process was very similar to other identity protection services, however, the credit report change notification is provided by phone which I have not seen with the other services I have signed up for thus far. The registration process required my name, date of birth, social security number, gender, email address and phone number. To register my children who were also victims of the incident, no phone number or email address was required as expected. During the registration process, I was instructed to record my name and a unique phrase on the phone which I could use to confirm calls I receive from Debix in the future. I also received an email with a link to confirm my email address.

As I mentioned, the only difference I noticed between Debix and other credit monitoring services is the way Debix notifies its customers regarding credit report changes which is by phone. Others notify by email, however, some also provide monitoring of other identity components such as credit cards, health insurance, and social security numbers although I have not received any notification regarding suspicious use or listing of my other identity components other than credit report changes. Therefore, I’m not even sure how effective these services are although I believe as an industry, we have a good handle on automated credit monitoring practices.

In conclusion, Debix or AllClear ID identity protection service provides a straight forward credit monitoring and change notification by phone.

Read other service reviews after this Debix identity protection service review.