I really, really wish I could opt out of having accounts with the big 3 credit bureaus. Freezes don’t appear to work - they usually say that I don’t have an active freeze whenever I go to lift one. Or their website is down entirely. Or they won’t let me get to the freeze section without clicking no on their paid monitoring services 8 times. For Transunion all I needed to lift a freeze was the last 4 of my SSN, so how does that help?<p>I don’t want to have my information with these companies. Please let me not participate. It’s like every American was given a Chase Bank account at birth that we can’t close, it’s weird.
My favorite part of this system is when they give you a year of it as compensation for a data breach, saying it’s worth 12x its monthly fee (which they make up). That’s not even touching on the fact that their solution to losing your data is asking you for more of it.<p>I’ve never been lucky enough to be compensated with such a service. But it wouldn’t surprise me if they were so helpful that they even auto-enroll you in another (paid) year at the end of your free trial!<p>One also wonders why reforming the credit bureaus is not a bipartisan priority in Washington. Congress is apparently only interested in fighting over the issues that nobody can agree on. Don’t hold your breath for any progress fixing systems that anyone except a lobbyist can clearly point to as broken.<p>The problems might get some attention if the corporate media chose to hype them, but guess who buys a bunch of advertisements on their news channels?
<p><pre><code> > The best part about this lax authentication process is
> that one can enter any email address to retrieve the
> PIN — it doesn’t need to be tied to an existing account
> at Equifax. Also, when the PIN is retrieved, Equifax
> doesn’t bother notifying any other email addresses
> already on file for that consumer.
</code></pre>
Hang on, so the attacker doesn't even need to break into somebody's email account first, they can just guess the questions and put in their own email address?! This is insane.
"Finally, your basic consumer (read: free) account at Experian does not give users the option to enable any sort of multi-factor authentication that might help stymie some of these PIN retrieval attacks on credit freezes.<p>Unless, that is, you subscribe to Experian’s heavily-marketed and confusingly-worded “CreditLock” service, which charges between $14.99 and $24.99 a month"<p>It's great to see theyre taking the knowledge that being hacked doesn't matter and putting it to good use
I put a pin on my account after the first Equifax leak. Recently I needed to unfreeze it, and discovered that upon creating a “my equifax” account that I was able to unfreeze it WITHOUT THE PIN. Ive complained to the FTC (including screenshots) but haven’t heard anything. It’s so unbelievably insane these companies are allowed to operate with such massive ramifications to society and individuals!
Funny, I just called to put a Fraud Alert on my credit report. I encourage everyone to do it - so this way reputable lenders are supposed to call you when they're trying to open an account in your name. An attacker would have to port your SIM card as well...<p>However, all the information I was providing to set the alert, or remove it, is the exact information that any lender would receive on their application. The system if so horribly broken security-wise, I am shocked there aren't more accounts being opened left and right by people who got them from applications emailed to thousands of lenders over the years.
Experian somehow has allowed _someone_ to reset my account username and email not once but twice in the past month.<p>I'm, to put it mildly, not happy, and I've no confidence it's not going to get reset again tomorrow.<p>Yes, I use a complex randomly generated password.<p>They do send an email to your previous address on the account notifying you of the fact though, which is the one silver lining.
> and were surprised to find that just one of the five multiple-guess questions they were asked after entering their address, Social Security Number and date of birth had anything to do with information only the credit bureau might know.<p>And a lot more than the credit bureau know those two pieces of information.<p>Honestly, the US really needs a government run public key ID service. The government in providing passports and drivers’ licenses is already doing identity verification. If along with your passport they would allow you to register a public key that people could use to verify your identity, it would be a huge help.
It’s so incredibly frustrating as a victim of identity theft to have these fucktards give away my information without any form of care. I wish I had the means to sue them into oblivion.
Credit scams and identity theft are a problem for us because right now the banks don't have to pay any cost of those mistakes. The most direct way to solve the problem of credit scams and identity theft is to put the onus on the bank who opened up the account incorrectly to assume responsibility for the debt, not on the person whose account details were spoofed to create the account.<p>This is quite humorously illustrated by a "That Mitchell and Webb Sound" skit: <a href="https://www.youtube.com/watch?v=CS9ptA3Ya9E" rel="nofollow">https://www.youtube.com/watch?v=CS9ptA3Ya9E</a>
It's important to realize that the credit monitoring services you can buy are provided by the credit companies.<p>The same company, which may at times make false claims about you, is in possession of a service / technology they claim can detect those false claims.<p>Why is it not libel when these companies make false claims about me? Especially when they advertise that they have the ability to detect such false claims? "Pay us and we will not make false claims about you" they say. "Pay us and we'll double check with you before making claims we believe to be suspicious about you."
> A security freeze essentially blocks any potential creditors from being able to view your credit file, unless you affirmatively unfreeze or thaw your file beforehand.<p>I feel pretty sure they can probably pinky-promise that they really are inquiring about the right person and still do at least a soft inquiry.
Most of the times I've gotten the credit bureau-style security questions (for example, trying to get my credit reports, or trying to open a bank account),<p>- Every single one is answerable by reference to my Facebook page and a few old area phonebooks [remember when most people used to list their name, phone number, and <i>home address</i> for the world to see? ah yes. good times.]<p>- And they usually tell me I'm wrong, which would make me suspicious that I was a victim of identity theft, except that the answers I give usually match the data in the report I eventually receive.
When possible fill out the list of security questions with nonsense that you keep a record of/or understand the pattern of answers to. "What's your favorite sport?" "Potato".<p>I fill them out, screenshot the form and keep that screenshot in an encrypted file that I keep backups of. Not even text searchable that way.<p>Also completely ridiculous I have to do any of this.
Aside from the reported problem, Experian is the worst of the three. Freezing/unfreezing from the website doesn't seem to work, asks for all kinds of PII to be mailed in yikes! Yet it does work (so don't mail anything in!)<p>Total mess and they seem to have little to no incentive to fix/improve anything
If they mean that the InfoSec is a joke, okay fair enough, but a credit freeze itself is not a joke: it shifts more of the liability to the credit bureaus for allowing your record to be pulled, of in fact that does happen by a scammer. And they notify your device if you set up MFA.
Would anyone here be able to share their experience with freezing their children's credit? We wanted to do this when our kids were born but when reviewing each credit bureau's website, they are all asking to mail paper copies of SSN and birth certificates for each child in addition to the parents' SSN and birth certificates too. There doesn't appear to be any way to freeze a minor's credit online.
I've been exposed to the ludicrous US credit system through my fiancee who was affected by the Experian hack, and frankly, I completely get anyone who wants to see it all torn down. I find it ludicrous there are <i>three</i> different credit bureaus and they all seem to be equally incompetent for something as critical as an attempt to summarize a perception of your trustworthiness into a neat little file.
Meanwhile, I can't get equifax to unfreeze my credit. Whatever answers they have on file are wrong and tell me to call - except you cant reach a human without answering those same questions. They've yet to respond to actual mail I've sent them too.<p>Oh well, the other agencies unlock so it just takes a little talking whenever I need to run a credit check explaining equifax is jacked up.
I'm still waiting for the $150 Experian owes me for leaking my private info all over the internet, after hiring a music theory major as their chief information security officer. Luckily all the lawyers in the case are now driving Lamborghinis.
Can startup shake up this tripoly - TransUnion, Equifax and Experian? I am curious, what are the hurdles? To imagine any other way is impossible - if it is year 2050, I can't imagine these 3 to keep holding Americans hostage.<p>Edit: Changing from SV to startup.
Their credit score is a racket ...my two other scores from other agencies are higher and very, very close to each other.<p>Experian offers a boost product where you authorize them to monitor your electric bills, etc ..once I did ... gave them permission to do so my Experian credit rating went up to the same number (a point or two off) then the other two. What a racket!!!