Identity Protection Directory: Purpose and Scope

The identity protection service sector in the United States spans credit monitoring providers, identity theft restoration firms, fraud alert administrators, consumer reporting agencies, and the federal agencies that regulate them. This directory maps that landscape — defining which service categories are covered, how entries are evaluated, the geographic scope of coverage, and how practitioners, researchers, and service seekers can navigate the resource effectively. The Identity Protection Listings index is the operational core of this directory; this page establishes the structural logic behind it.

What is included

The directory covers five primary service and information categories operating within the US identity protection sector:

  1. Credit monitoring and alert services — providers that track changes to consumer credit files held by the three major consumer reporting agencies (Equifax, Experian, and TransUnion), which are regulated under the Fair Credit Reporting Act (15 U.S.C. § 1681).
  2. Identity theft restoration services — firms and nonprofit organizations that assist consumers in disputing fraudulent accounts, recovering stolen tax refunds, and filing reports with law enforcement or the Federal Trade Commission.
  3. Dark web and credential monitoring services — commercial providers that scan breach databases and closed-network forums for compromised credentials tied to a consumer's email addresses, Social Security numbers, or financial account identifiers.
  4. Fraud alert and credit freeze administrators — services that facilitate placement of fraud alerts under 15 U.S.C. § 1681c-1 or security freezes under 15 U.S.C. § 1681c-1(i), including free consumer-facing tools operated by the bureaus themselves.
  5. Regulatory and government recovery resources — the FTC's IdentityTheft.gov platform, the Consumer Financial Protection Bureau's dispute infrastructure, and the Social Security Administration's fraud reporting channels.

The directory does not include general cybersecurity vendors, enterprise IAM platforms, or financial fraud products not directly tied to consumer identity theft as defined under FTC regulatory frameworks.

How entries are determined

Entries are evaluated against a defined set of inclusion criteria applied uniformly across all service categories. The process operates in three phases:

Phase 1 — Category eligibility screening. A service or resource must fall within one of the five categories listed above. Products that bundle identity protection as a secondary feature of a broader financial or insurance product are excluded unless the identity protection component operates as a standalone, separately documented service.

Phase 2 — Regulatory standing verification. Entries are cross-referenced against publicly available regulatory records. Credit reporting agencies and their affiliate services must demonstrate active registration or compliance posture under the FCRA, as enforced by the FTC and the Consumer Financial Protection Bureau (12 C.F.R. Part 1022). Government-operated resources — such as the FTC's identity theft recovery tools — are included by default given their statutory mandate under the Identity Theft and Assumption Deterrence Act (18 U.S.C. § 1028).

Phase 3 — Descriptive accuracy review. Service descriptions submitted or sourced for directory entries are reviewed against the provider's own published documentation. Claims that cannot be verified against primary-source materials — provider websites, regulatory filings, or published FTC guidance — are not included in the directory entry.

This sequence distinguishes the directory from aggregated consumer review platforms, which apply no uniform regulatory or descriptive accuracy standard. The distinction matters because the identity protection sector includes providers whose service claims intersect with regulated financial activities.

Geographic coverage

This directory operates at national scope within the United States, structured around the federal regulatory architecture governing consumer identity protection. The primary statutory anchors include the Fair Credit Reporting Act (15 U.S.C. § 1681), administered by the Federal Trade Commission; the FTC's Identity Theft Program requirements under 16 C.F.R. Part 603; and the FTC's consumer-facing recovery infrastructure at IdentityTheft.gov.

State-level variation is acknowledged but not resolved within the directory. All 50 states have enacted data breach notification statutes, and state attorneys general hold independent enforcement authority over consumer protection violations that intersect with identity theft. The directory notes where a service category is subject to state-specific licensing — such as credit services organization statutes in Texas or California — but does not evaluate individual provider compliance at the state level.

Federal territory coverage (Puerto Rico, the U.S. Virgin Islands, Guam) is not included in the current scope. Where a federal law explicitly extends to U.S. territories, that extension is noted in the relevant regulatory framing rather than in individual service entries.

How to use this resource

The directory functions as a structured reference for three distinct user types: consumers navigating an active identity theft incident, professionals researching the competitive and regulatory landscape of the identity protection sector, and researchers documenting the structure of consumer protection service markets.

For service seekers managing an active incident, the fastest path is through the Identity Protection Listings, which are organized by service type and include direct links to government recovery tools. The FTC's IdentityTheft.gov platform generates personalized recovery plans at no cost and is the primary federally mandated resource for incident response.

For professionals and researchers, the directory supports comparison across service categories — particularly the distinction between passive monitoring services (which alert consumers after credential exposure) and active restoration services (which engage in dispute processes on the consumer's behalf). These two categories carry different liability profiles, pricing structures, and regulatory exposures, and are listed separately throughout the index.

Detailed guidance on navigating the directory's organizational logic, filter criteria, and entry format is available on the How to Use This Identity Protection Resource page. The scope boundaries defined on this page govern all entries across the directory and are applied consistently regardless of provider size or market visibility.

📜 7 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Read Next

Identity Protection Listings This listings reference organizes that landscape by service category, qualification basis, and geographic reach — giving... How to Use This Identity Protection Resource The Identity Protection Listings and supporting reference material on this site are organized to reflect that regulatory and... Cybersecurity Directory: Purpose and Scope This page defines what the directory covers, how listings are structured, the standards applied for inclusion, and how the...