April 2009

Recently I was asking myself whether or not to enroll in one of the identity theft protection services.  This began a long and winding road of research that raised more questions and unfortunately did not lead to a clear answer.  I found this a difficult topic as the horror stories are scary making it ripe for preying on fears.  After doing some research, thought it helpful to share what I learned and hopefully get more feedback from others.

What is the issue and what can happen?

I am certainly no expert, but did find the information on Wikipedia to provide a nice introduction including references.  

Ultimately there appear to be varying degrees of identity theft.  For example someone can steel your current CC information and end up billing goods to your current cards.   I have personally been a victim of this at least twice (once in the US and once overseas).   Thankfully both times the CC company caught it before I did and had already started corrective action before notifying I was notified.  The biggest pain in this case was having your current card get canceled and your left to update auto-payment services.  

The more severe case is where criminals use your information to obtain credit in various forms which is then tied to your identity (but generally with different addresses).   In addition they can use children’s information which may take longer to surface since children rarely need credit reports.  In these cases, you may not be aware it has occurred for some time and it seems clear if you are a victim of this crime you can be left with a real mess to resolve.

How real is this risk?

While there is much written about the number and severity of “thefts” each year, there seems to be debate about what these numbers mean.

  • As summarized by the Privacy Rights Clearinghouse from the Javelin Strategy & Research Survey of 2007, while decreasing over recent years the number of US adults who reported identity fraud was 8.4 million in 2007. 
  • However you can also find articles such as this one from Bruce Schneier posted in 2005 talking about the issue of Identity Theft Over-Reported.  Although a dated article, it raises a point of how much is hype to drive an industry (I am not making a conclusion here, simply pointing out a consideration).
  • And just last week (April 16), this article came out in the Washington Post suggesting that Organized Crime Behind a Majority of Data Breaches.  This would likely indicate heightened risk (compared to just some hackers) as one can assume their intention is to try and profit from the data.

Ultimately I think we can conclude that identity theft is real and carries at least a reasonable level of  risk.  Therefor you as a consumer must make a calculated decision of “Cost+Headache of prevention” vs “Cost+Pain of identity theft.”

What are the possible services

There is quite a list of options ranging from credit monitoring to identity protection services.  Rather than try to list them here (and certainly miss some), suggest you start with a Google search on “Identity Protection Service.”  While not an endorsement, following my research I had narrowed down my selection of services to the following:

  • TrustedID – provides a monitoring service
  • Debix – provides a monitoring service
  • LifeLock – provides a monitoring service
  • Zander Insurance Group – recommended by Dave Ramsey, while not a service provide directions on what to do and insurance.

It should be noted that generally the actions these companies perform on your behalf can be performed on your own.  The services simply offer to do the work for you (some requires periodic updates for example) along with varying forms of insurance although the requirement and quantity is debated.  Generally the cost is relatively low for a single individual, however if you have a family the cost can quickly climb especially when considering you must pay it annually.

How do the services compare

To understand how these services might compare I asked for internal feedback from coworkers and research the net.   My request for internal feedback included asking for feedback from anyone who has used a service or has an opinion on the risk of identity theft.  Interestingly I received only 2 responses from about 3500 employees (certainly not all saw the request).  This small response is likely telling in itself.  Assuming only 10% saw my request, then 2 responses represents 0.5% maybe suggesting this is either an unknown issue or one that most are not concerned about.  One respondent said they felt these services don’t really do much for you, but this person did recommend Debix and uses it today.  A second respondent claimed to have been using one of the services when the identity of their child was stolen and did not find out until they entered university!  From searching the net, it is clear these services are not perfect (they do not claim to be either) and so the question remains of how much do they help – a subjective question which is hard to answer.

I also found it interesting how both of my internal responders shared about the headaches that signing up for these services can bring.  The process involved in these services generally involves performing actions which should trigger further validation to occur whenever someone trys to obtain credit (or do something that req’s credit like opening a checking account), the goal being to prevent this fradulent credit from being obtained.  With the number of activities which may leverage your credit information (more than you might expect), it sounds like you need to be prepared to complete additional authorizations and verifications if the services are working properly!

From my research, I found the following guides and comparisons helpful:

Would love to hear from you

Do you have any experience with any of these services?   I would love to hear from real customers as to positive/negative experiences.   Ultimately my purpose here is to make a decision, but am hoping to learn a little and possibly help others with some unbiased information and references (meaning I am not paid nor affiliated with any of these groups) .


Have you ever been faced with a project, feature or requirement which initially caused you to ask how an Agile process could possibly be applied?  Maybe it seemed too complex, too many moving parts, or simply too big.  If so, let me say – this should be an immediate red flag!

After facing this scenario on multiple projects (some before Agile was well understood) and considering the outcomes and challenges experienced, I have come to appreciate ever more clearly how this response should be an immediate warning sign that Agile is exactly the process needed to deliver successfully.  Recall that “successful delivery” is not just about date but delivering the right release. 

The reality is those projects which seem the most daunting and complex, likely have a significant number of unknowns (or details).  These might be technical, feature, usability – but clearly the simple fact that you do not yet understand or it seems too big opens the door wide to leveraging Agile to ensure the best right product is delivered as soon as practical.  While most of us can appreciate it is not possible to resolve all “unknowns” upfront, when not managed properly these unknowns when compounded can be big factor in a projects failure.

Leveraging Agile will create an environment which helps give all stakeholders improved visibility as a complex project unfolds.  Considering these projects rarely go as originally expected (either by choice or by necessity) – this transparency should help ensure the right participants have ownership in the ultimate outcome.

Don’t become a victim to the false belief a project is “too big” or “too complex” – push to leverage Agile!  Even if you are getting pressure to fix a date & cost – you need Agile and your team will likely benefit, so maybe suggest a trial run of a few iterations.

If you are an Agile expert or been through a similar situation, I would love to hear from you including any lessons learned.

One of the challenges with traditional software development was to understand and estimate software through problem decomposition.   This process has involved taking a complex problem specification through recursive decomposition until you have a set of problems which are well understood.  Ironically it is much like how we are taught to solve problems from advanced math disciplines such as differential equations (everyone should try one of these classes).

Unlike a math problem with a concrete specification, software concepts tend to be much less understood.  These traditional software methods would depend on designers, architects and leads performing the decomposition required to provide specific designs and exact estimates.  Unfortunately this cannot occur without a complete specification.  While this problem should be obvious, often teams fall prey to pressures created by those removed from the process who do not understand. 

Agile processes embrace the reality the specification is a work in progress and instead focus on a compositive process whereby a solution is built up one step at a time.  Instead of wasting time & resource on an arbitrary big picture definition (which may not be right from the outset), the focus switches to building up a solution with regular checks and balances. 

Would you agree that Agile effectively helps reverse this backwards approach?  How might this change your approach to leveraging agile?