This could not come fast enough, I cannot fathom how this is not already mandatory as Credit Freeze is the best tool a consumer has to fight against identity theft. I should be able to unfreeze when I know I am going to take out a line of credit and freeze when I know I will not take out a line of credit. The fact that there are private entities out there charging me to do this is insanity.
Default to frozen by default would be the proper fix.
A credit freeze is analogous to "deleting" a hypothetical mandatory FB account (we all know they don't actually delete your data but at least you aren't publicly visible).
They need some way to unfreeze it, so presumably when you freeze it, you give them a password or keyword or some other shared secret to use to unfreeze it.
They can't have a shared secret with you by "default". But they collect all sorts of private information about you by default... so maybe they shouldn't do that?
That's got nothing to do with making "frozen" the default. They give me a pin when I prove I am the person they have information on. This process does not change if the current status of my credit is frozen or unfrozen.
In comparison, here's what it cost me in September to place a credit freeze in a state that does not regulate its cost (Pennsylvania):
TransUnion: $10
Experian: $10.70
Equifax: free (they made it free after they were hacked - until June 30th)
Innovis: free (always free as far as I can tell)
And it worked really, really well. I had to apply for a corporate Amex at work soon afterwards. I was rejected because my credit was frozen and was asked to call. I temporarily unfroze my credit while on the phone (on Equifax, because it was free) and Amex ran my credit right then and approved me.
Having that kind of control was amazing. If I need to allow a credit check, I can do a 24 hour or 7 day unfreeze. It's such a minor inconvenience for completely blocking credit thieves.
It's a ripoff, yes, but it's better than spending hours on the phone fixing your credit after it's been stolen. I fully support this federal legislation to make it free.
Isn't it crazy how the banks have somehow convinced people that when the bank loans money to a fraudster that somehow your credit has been stolen? No - the bank had money stolen from it by a fraudster. When the bank lies to the credit bureau that you have defaulted on a loan, the bank should be fucking punished heavily. Can't some US Senator (Elizabeth Warren?) please point out this fact and introduce legislation to fine the banks? Everyone (minus epsilon bankers) would love it.
This may sound controversial, but politicians should also limit credit reporting agencies to finite, fixed number of players. Like two or maximum three.
Sometime after Equifax hack, I froze our credit on TransUnion, Experian and Equifax. But wasn't aware that e.g. Innovis exists.
So ok, I will now go there to put a freeze in place. But now that I realized there maybe other CRAs, DDG tells me I should maybe do something about FICO[1] and PRBC[2] too.
Or of course we could do the smart thing, and tell our elected representatives to work towards abolishing/repealing whole CRA industry. I'd wager that what ever rises from those ashes, could not possibly be the horror CRA industry is today.
I hadn't heard of Innovis either until I read the New York Times article encouraging everyone to freeze their credit:
Christina Bater, managing director at Barrett Asset Management in New York, suggests freezing your file at the little-known company Innovis, too. Hey, why not?
Seems to me like it would be better to require an opt in from the person having their data harvested so that bad actors could more easily be punished by the market, and to incentivize passing value from the data collection to the person on whom it is being collected.
If when a bank gives false statements (what is Owellianly called identify theft) to the credit agencies, this should be highly punished and the problems we are having with leaking true information about people would go away.
I don't think that is controversial. It makes sense to me.
My ideas are likely more controversial, though:
I think building and maintaining credit should be transparent. No secret formulas.
I think it should be possible to build credit simply by paying your bills and rent on time, possibly adding some money saved as well. Living well within your means doesn't build credit and it should.
One should have to report people's credit to all credit agencies. This process should be simple, and ideally handled by a government clearinghouse or other agency that the credit agencies split the costs for. This does make more than one agency somewhat redundant, but I think for the American landscape it is a better option than simply using the one agency for everything.
And lastly, I think we should require companies to report timely payments if they report untimely payments. Otherwise, even those accounts going to collections cannot be reported as bad debt. This helps the previous point about being able to build good credit simply by living within your means possible, yet lets folks that have never paid a bill have zero credit.
I agree fully, as the beneficiaries of the credit reporting services are banks/credit lending services. The customers, us, are the clients of this lender.
Moreover, why wouldn't it be opt-in? That's right, have the data be exchanged when loans are requested. How often do people apply for mortgages, credit cards and so forth? Definitely not 365 days of the year.
It's worth noting, as far as I can tell, that product offering ("Lock & Alert") is not (legally) the same as a credit freeze.
Which means they aren't legally bound not to release your credit report to whomever they want (aka whoever pays them), and even in their own FAQ they admit they have far more exceptions for who can ignore the lock (plus vague wording) than a credit freeze legally allows (compare [0] and [1]).
Further, one should ask why they are providing this free and easy service, while their actual credit freeze system is awful (at least in my experience)? Perhaps to push consumers to the not legally binding option so that they can continue to sell your "locked" credit report without legal consequences?
Most of those exceptions Equifax listed seem to be the same as on the government site you linked to: pre-screened credit offers, government agencies, debt collection, etc.
European countries require an identity card, passport or at least a driving license (not everywhere) to do anything remotely involving credit. Identity theft is simply not a thing.
In Italy, if you don't pay an IOU, you generally get placed on a global registry. It's not easy to get off the registry, but IOUs are very very regulated and not too common. It's a little easier if you just haven't paid back a loan for a month, but I don't know exactly because (unlike the US) I have only gotten a loan once in my life for my first car. Unlike the US, by default you are considered to be a good payer, you don't need to build up a credit history.
I am interested in how it works in Canada, because it probably has some similarities with the US system.
This should be a requirement in order to align Credit companies interests with the interests of their "users". If they get defrauded often enough that the administration costs of freezing and unfreezing become problematic, they will likely finally try to stop getting hacked.
I'm a big free market guy, but the idea of a private entity profiting off of collecting my personal financial information (and charging ME to have some degree of control over it) is absolutely insane
+1. If ever there was a place for a not-for-profit federal organization, this is it. Edit: Like others have pointed out, it's just beyond believe what information these CRAs hold on us.
I don't think most people would care about having their info collected if they did not fear that the information would be corrupted with lies from banks who have been the victims of loan fraud. If credit reports only had true information, "identity theft" would not exist. Somehow the banks get away with lying to the credit bureaus about you defaulting on loans. And the credit bureaus are not penalized for propagating the lies.
Not sure why a law can't be passed to fix this propagation of lies. Free speech limitations?
I recently had to unfreeze my credit, but I was traveling so I did not have the PIN that they gave to me when I froze my credit.
Experian was fairly difficult to do, and required I prove things in a pretty non-trivial way. It involved sending a fax, which was annoying, but not exactly horrible.
Equifax, the company that got hacked, let me unfreeze it discouragingly easily. They asked me some questions on the phone that I figure were likely available in the leaked data, with only one or two questions needing a little more access.
The two questions that needed more access were frightening to me, though. They asked me to confirm an up-to-the-minute balance on either my bank accounts or the cost of a few things I purchased very recently (I forget which it was). Either way, why do they have that data? Why does the company that got hacked have that? I certainly never gave them permissions to have it, and I would like to revoke their permission to have this information.
There was a recent Planet Money on the origin of the credit reporting agencies and the idea has always been to have a bidirectional flow of customer data. If a bank wants to opt out of contributing customer data they would also have no visibility into credit worthiness when making loans.
Equifax, the company that got hacked, let me unfreeze it discouragingly easily
My wife and I just went through this due to a recent identity theft incident. Our experience in setting up a freeze with Equifax was the opposite of ours. My wife (and she's the financial manager of the house!) actually got refused by their online tool, and we had to call up and go through it all again with a human.
The fact that you had difficulty freezing your credit, and the person your replied to found it discouragingly easy to UN-freeze their credit, does not bode well for Equifax in either case.
Do you mean your credit card balance, or do you actually mean your bank account (=checking/savings) balance? Big difference. I certainly hope they only have the former.
Given that it feels like everyone and their brother's camel seems to have access and input into our histories and the (just. holy shit.) levels of information these firms have access to and records for regarding just about everything we do with a dollar this is as good a start as any.
Data hoarding industries like these, those that really have too much sway over individuals' well being and access to basic services, needs to be the second most regulated thing on the planet. Or maybe third.
I just went through this stuff after an identity theft incident. While locking my Equifax file, I learned something surprising:
Locking your Equifax credit report prevents access by potential creditors and lenders, but there are exceptions. ... Companies that wish to make pre-approved offers of credit or insurance to you ...
Equifax maintains consumers’ credit reports and provides information to certain customers, including credit card companies and lenders, so that they may offer pre-approved offers to consumers as permitted by law. Consumers that prefer not to receive such offers should visit www.optoutprescreen.com, or call toll free at 888-5-OPT OUT (or 888-567-8688).
So I'd really encourage everyone to do that opt out thing, too.
the opt out pre screen system? I ran across it years ago on lifehacker or something. signed up, jumped through their hoops, and the amount of junk mail I receive has dropped to almost none.
I need to get the fiance to do the same thing, because after buying the house, she's getting 20+ credit card offers/etc per week. it's ridiculous how much of it masquerades itself as legitimate business mail too. mixed in with the medical bills.
Interesting yes there is also "National Do Not Mail List" which is maintained but the Direct Marketers Association.[1]
However the US post office also sells your address when you fill out a change of address form. This is why all those new home services offers start showing up. And there is no way to opt out of this. See:
When people say hackers are not reliable I laugh at them aloud. I was introduced to a competent hacker. cyberhackez@gmail.com when I had marital issues with my husband, he help me hack into his facebook account. I couldn’t believe it when he did it in 4 hours. he is very good and trustworthy. He offer other facebook, whatsapp instagram hacks.I want to fully recommed cyberhackez@gmail.com for helping me. He saved my life literally, at least I owe him publicity
While this is good, it's another instance of Congress slapping a bandaid on a gunshot wound and calling the problem solved. We wouldn't need freezes if we had an identity system which wasn't immutable (ssn). For once can we fix the root cause of a problem rather than treating symptoms.
I’ve been trying to freeze my infant son’s credit and they’ve made it absurdly and maliciously complicated.
In addition to mailing a physical letter requesting the freeze to each organization, they require copies of his birth certificate AND social security card AND my social security card AND my drivers license AND proof of address (I.e. utility bill) AND a form from the Social Security Administration AND a court order/power of attorney or notarized statement of an authority to act on his behalf. And money of course.
That court order requirement is a doozy. I don’t even know how to get one of those. So I haven’t pursued it further, which I’m sure was their intent.
And of course there’s the question about how wise it is to send these sloppy, negligent organizations all this sensitive info. Hopefully they fix this racket by the time he turns 18.
Why are you trying to freeze his credit? I don't think he'll even be in their systems until he gets his first financial account, presumably years later.
> A 2011 report on child identity theft from Carnegie Mellon University's CyLab found that of the participants surveyed, the rate of identity theft for children was 51 times higher than that of adults. Social Security numbers are of special interest because they can be associated with any name and birthdate, the report showed. They also offer thieves a clean financial canvas.
Anything short of holding credit agencies, banks, and anyone who improperly leaks data or acts on false data liable for their actions is an improper solution here. Why should I have to freeze my credit, when it's the bank or credit agency's fault that someone opened a fraudulent account and it should be them and only them that pay to fix this up? This bill is a joke and only serves to reinforce the notion that it's the consumers' fault that banks act on fraudulent information.
It's not the consumer's fault that banks themselves commit fraud, so why do the consumers then have to pay for the consequences? With shit laws like this on the books, it's hard to get angry at people who rob banks: they're doing what our legislators failed to do for them. I don't even see that as immoral anymore, especially compared to current law that protects the thieves and banks and throw the consumer under the bus.
I didn't see this mentioned in the article but the issue is not just the fees but the fact that a "credit freeze" only last for 90 days which means you need to reapply the freeze every 3 months. This is a game of attrition and over time consumers are less and less likely to re-up their freeze.
yeah i was going to say because when i signed up to robinhood and gave them my arm, leg, hands, feet and more (bank account number, picture of my license, etc) they sent me an email telling me I needed to remove the freeze on my credit report.
Ummm no those freezes are there to stay and gives me some piece of mind!
Yes you are right. I conflated the two. That said given the the whole system is known to be compromised one should be able to put a fraud alert on their credit file for longer than 90 days. Or maybe even a permanent fraud alert.
It seems like they could be complimentary since a creditor needs to call you to get approval before extending credit in your name. With both of these even if your credit was unlocked the credit issuer would still be required to get your verbal approval.
credit freeze fees and fees related to identity protection are an extortion/a shakedown plain and simple. Companies like Equifax sell your data then charge you a fee to block access to that which they sell, if you don't your opening yourself up to identity theft from behavior that they themselves have caused.
reply