In the case of TransUnion, a locked-out customer can get around the PIN requirement by answering a slew of personal questions. “What is the point of issuing a PIN if you’re not going to require it for a lift of credit freeze? Especially on an account with an existing fraud alert?” Chuck asked Consumerist. Krebs’ discovery is reminiscent of an issue Consumerist covered last year when reader Chuck discovered that credit reporting agency TransUnion had allowed the fraudster who stole his mother’s identity to lift the credit freeze on her account over the phone, even though she’d taken the precaution of setting up a unique PIN to protect the account. Please choose the city from the following list where this street is located.”īoth of these questions could easily be answered by someone who has previously stolen your identity or can look you up on any number of social media networks. Nearly a dozen readers told Krebs they were able to retrieve their PINs by submitting the information and answering the questions, which included “Please select the city that you have previously resided in,” and “according to our records, you previously lived on XXX street. In the case of Experian, Krebs asked readers who have placed freezes on their account with the CRA to test process. The problem is, the type of questions asked for these kinds of verification tests - “Which of these streets have you lived on?” “Which of the following phone numbers have you previously had?” - are often the sort of thing that a good ID thief would have.Īdditionally, Krebs notes that many companies relying on these types of questions to authenticate a user have been hacked in the past, meaning that some customers’ answers are already out there. Krebs points out that Experian does in fact employ a second verification method in which customers requesting a PIN must answer four personal questions. So, to that end, a fraudster who is able to get their hands on this data could theoretically input that information into Experian’s PIN request form to obtain the code to unfreeze one’s credit. Namely because we know that most hacks involve the leak of this very same personal information. In the case of Experian, the company allows customers to request their PIN by providing their personal information, such as name, address, date of birth, and Social Security number.īut in the wake of Equifax’s breach - and any number of other hacks in recent years - this is a problem. To make sure these folks aren’t forever frozen out of their own accounts, many companies offer a work-around. Unfortunately, humans are fallible and sometimes they forget their PINs. With a freeze in place, even the bona fide account holders will need to take special steps if they want to apply for any type of credit or unfreeze the account.Ĭompanies like Experian - and many others that deal with customers’ personal information - provide a PIN that a consumer must provide in order to access or make changes to their accounts. In addition to placing fraud alerts on their accounts and signing up for credit monitoring, many consumers have chosen to freeze their credit.Ī credit freeze - generally free for identity theft victims - prevents lenders and others from accessing a consumer’s credit report in response to a new credit application. What’s The Freeze?Įver since Equifax’s breach came to light, consumers have been urged to take steps to protect their credit histories and their private information. Krebs On Security reports that a possible security flaw in Experian’s credit freeze process could leave victims of Equifax’s breach open to further fraud. This is a lesson some victims of Equifax’s recent data breach are learning after freezing their accounts with fellow credit reporting agency Experian. Placing a credit freeze on your accounts following a hack or issue with identity theft is only effective if the credit reporting agency you’re working with doesn’t give ne’er-do-wells the ability to unfreeze the accounts by providing the same information that any good ID thief already knows about you. The company regularly reviews its security practices and adjusts as needed. UPDATE: Experian tells Consumerist that its authentication processes go farther than previously identified steps.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |