On Monday and Wednesday we took an in depth look at the free dark web scan being offered by Experian. As we found out on Wednesday, I was not too impressed with the results of the free scan. Better information is available from HaveIBeenPwned.com.
What is Experian really offering? The free scan just looked for the email address I provided, the same as HaveIBeenPwned. But, for the low, low price of $9.99 per month, Experian will also provide an ongoing scan for email address, social security number, phone numbers, drivers license, medical IDs, bank accounts, credit and debit cards, and passports. This would be a much more comprehensive scan, and frankly more valuable.
I decided to give the 30-day free trial a try. In order to make this possible, I had to provide Experian with more personal information. Of course, this information is probably going to be stored unencrypted in a poorly defended Experian web server that will be a magnet for cyber-criminals, but what of that? Hmmm.
So using an alias, I started to fill out the four step form. Step one collected name, address, phone and email information. My fake address of 666 Armageddon Way was rejected as invalid, so I provided a real address that was not mine. At step two, they wanted my social security number, date of birth, a user name and password to set up the Experian account, and credit card information for my subscription billing. Being unwilling to provide SSN or credit card information, I stopped. Presumably steps 3 and 4 would have you providing drivers license, bank, medical insurance, and passport information.
A quick search of reviews on Google confirmed this, although providing some of the information is optional. But whatever you didn’t provide would not be searched for, so this would limit the effectiveness of the service. Nowhere was I able to confirm if this information is to be stored in an encrypted form. But I was able to confirm that this information will be used for marketing purposes by Experian, sister companies, and affiliates. I was also able to confirm that any legal actions you might want to take against Experian for some future breach would be subject to arbitration.
So I am NOT recommending this service. This is just not worth the risk, and there are other organizations that are security focused, not credit focused, that can provide this service. At this time, I have nothing to recommend other than HaveIBeenPwned, but stay tuned. This is an interesting service option that we may eventually need to have just like home, auto, and business insurance. I will be looking for reliable alternative services, and report on them in the future.