How to protect yourself after the Equifax Breach & influence change
You are breached
Major company breaches have, and will continue to happen.
- Yahoo 2016: 1.5 billion customers
- Equifax 2017: 143 million customers*
- LinkedIn 2016: 117 million
- Sony 2011: 110 million
- List goes on…
The difference with the Equifax breach is that you can’t “fix” it. You can’t get a new card or change your password.
What this means for consumers is simple: consider any of your personally identifiable information to be publicly available.
- Your Name
- Your Social Security Number
- Your Birth Date
- Your Address
- Your Driver’s License Number
What can fraudsters do with this information?
- Take out new lines of credit with your name: this is called new account identity theft (or Application Fraud)
- Take over your existing lines of credit: this is called existing account identity theft (or Account Take Over Fraud)
- Apply to get your tax returns
- Other fraudulent activities (e.g. medical debt fraud, criminal record fraud, etc.)
Do something about it to protect yourself
Here are some tips:
- Check if you were affected by the breach (free): Consumers can check Equifax’s site EquifaxSecurity2017.com to see if they have been affected. You can then enroll in monitoring and freezing.
- Add credit score monitoring (free or paid): this will alert you if (but not prevent) something has affected your credit score (like someone applying for a loan under your name). Equifax provides this for free when you check if you were affected
- Watch for fake websites and emails (free). Thieves often use news of a breach to generate new attacks, posing as the affected company, and asking for your personal information (this is called phishing). Don’t give it to them.
- Add fraud alert (free, easy): requires lenders to verify your identity before issuing credit, making it tougher (but not impossible) for someone to open an account with your name
- Freeze your credit report (paid): this will prevent fraudsters (and you) from taking out any line of credit under your name since the lender will not be able to pull your credit score. Note: this will also prevent you from taking out credit.
Opt into credit score monitoring
Equifax is offering free credit score monitoring which you can opt into. One drawback is in the fine print which they have since removed (it forced you to opt out of a class action lawsuit).
There are other free alternatives:
- Mint.com. Also alerts you of any unusual spending.
- Credit Karma. Covers all 3 bureaus.
- annualcreditreport.com. Get your credit report for free once a year. Note: Anytime you are denied credit you are allowed to request your credit report for free
- AAA offers free credit protection services to many members
- Social Security Number Monitoring via your credit card (such as Discover)
- $1M Identity Theft Insurance: You can get identity theft insurance for free simply by signing up for Credit Sesame or Civic.
There are other paid alternatives (third-party service like IDShield or LifeLock) that offer more holistic coverage of suspicious activity.
Add a fraud alert
Fraud alerts require lenders to take additional steps in verifying your identity before extending you credit. This can help prevent a thief from opening any new accounts in your name. That said, the specific requirements, how they are enforced, and whether the personal information leaked can help fraudsters bypass this information is unclear. Bottom line: it doesn’t hurt (and it is free)
- Equifax: Online or by calling 1–888–766–0008
- Experian: Online or by calling 1–888–397–3742
- TransUnion: Online or by calling 1–800–680–7289
Freeze your credit report
Pro: This will prevent any company from pulling your credit report and therefore giving you a credit line (e.g. credit card, mortgage, personal loan, etc.). This will ensure that you will not be a victim of new account fraud.
Con: You will be declined if you try to take out a new line of credit. This is not advised if you are frequently taking out lines of credit (or are planning on taking one out in the near future). It can take as little as 15 minutes or as long as three days to lift the freeze, depending on the state.
Cost: Freezing and unfreezing a credit report is often not free. Fees range from $0 to $10 depending on your situation (e.g. age and whether you’ve been a victim of identity theft), the agency and the state.
How: you will need to freeze your credit report with each of the three major credit bureaus individually, for each person in your household. The reason for this is that most companies use one or more Credit Reporting Agency to make underwriting decisions. Note: many of these online services are out of service at the moment due to increased demand.
- You can access the Equifax Breach help site which allows you, after enrolling in TrustID Premier, to lock your credit report. Alternatively: Online
- For phone users, Equifax’s toll-free number is (866) 447–7559
- By certified mail: Equifax Security Freeze, P.O. Box 105788 Atlanta GA 30348
- Unfreezing an account: 1–888–298–0045, by mail using the address above or online
- Online. Press “My Free Identity Protection” which takes you to “TrueIdentity”. Enroll. You can then Lock your account or Freeze it, which is different than freezing your account in that it is free and self serve. Unclear if there are any differences for the consumer.
- Via phone: 1–888–909–8872 or toll free (877) 322–8228.
- By certified mail: TransUnion Fraud Victim Assistance, P.O. Box 6790, Fullerton, CA. 92834
- Unfreezing an account: Online or call 1–888–909–8872
- Online. Click on the “Credit Report Assistance” tab on the home page.
- Experian’s toll-free number is (888) 397–3742.
- By certified mail (consumers should make sure they get a return receipt): Experian Security Freeze, P.O. Box 9554, Allen, TX 75013
- Unfreezing an account: 1–888–397–3742 or online
If you want to use mail, check out a sample letter to send to the Credit Reporting Agencies.
Do something about it to influence a change
Think about and demand the right to our identity and data as a human right, protected by our government
Let’s be honest, having to pay money and spend time / energy ensuring that thieves do not use our identity is not ideal. This is especially true if the cause is poor data management by companies who specialize in data like Credit Reporting Agencies. Paying for protection leaves those less privileged in significantly more disadvantage.
Freezing your credit report sends a clear message to an industry in need of improvement
A credit freeze blocks the agency from selling your information. It’s an existential threat to them. If consumers continue to to freeze accounts, the value of Credit Reporting Agency data will sharply decrease. Businesses that use soft pulls on data to market to consumers (e.g. every credit card offer you received in the mail) will realize their addressable market will shrink. They will start looking for alternatives
Understand that businesses will need to use alternative data for your protection
There will be an increase their application fraud and account take over fraud. Businesses will need to move away from now available data (DOB, SSN, etc.) as a way to verify identity and/or authenticate users. Here are some ways:
- Use more physical assets such as facial recognition (Apple leading the way) and driver license scanning
- Leverage fraud vendors (ID Analytics, Emailage, Threatmetrix, Zumigo) during the application and authentication process
- Authentication applications: most US consumers have smart phones and can use apps like Authy to make two factor authentication easy
- Leverage new data points that are not corrupted: single sign on from your email account (assuming it is safe with multi-factor authentication), signing in through your bank account through Plaid, etc.
Investment in proper monitoring and tagging of fraud will provide the necessary data to keep fine tuning any internal or external detection processes.
As a consumer, expect more hurdles to authenticate in the near term until a proper solution is put in place
Seek out lending companies that are using alternative data to increase competition
We as consumers have no choice in how our data is being reported, stored, sold and consumed. We have been complaining about credit reporting agencies and the accuracy of their credit reporting files for decades.
Increased regulation will only partially help move the needle. The Big Three were regulated by the CFPB and the FTC, and yet here we are. What we need is new solutions to credit worthiness data. What we need is innovation.
What we need is competition.
A new type of Credit Reporting Agency is required that puts the consumer first. Wouldn’t it be nice to be in full control of your credit data?
- Be able to grant access to lenders in real time whenever you apply → this is Multi Factor Authentication meets Credit Report
- Get remunerated every time someone wanted access to market something to you (after all, it is your data)
- Know exactly what variables and actions led to a credit decision (outcome, rate and amount)
This will take time given 1. the current barriers to entry are so high and political landscape so complex, and 2. the current FICO score based on Credit Reporting Agency data is still an industry leading indicator of repayment rate.
But we are moving in the right direction.
- New data sources and risk modeling practices are digging in the market share of Credit Reporting Agencies & FICO.
- Businesses that build transparency into how credit decisions are made will gain consumer support in the long run.
- Innovative technologies such as the blockchain are making compelling cases for how data should be stored and accessed.
As consumers, let’s support these initiatives to get to a better world.
As builders of financial products, let’s hold ourselves and our partners accountable.
Many thanks to the experts: