Tuesday, October 20, 2009

Credit Freeze: a Cold Day for Consumer Protection?

A security credit freeze is one way to achieve peace of mind instead of worrying about identity theft. I just tried to extend a credit freeze and replace a lost PIN. I forgot my PIN, so I needed a new one in case I wanted new credit. I contacted all three credit bureaus--Equifax (EFX), Transunion, and Experian--to request new PINs.

I learned in California, a credit freeze is indefinite, so I didn't need to worry about "extending" my freeze. (In less consumer-friendly states, a freeze may be limited to seven years unless extended by the consumer.) If you are a victim of identity theft, you may receive a credit freeze without charge. If you are not a victim of identity theft, you may have to pay a fee to activate a credit freeze and to unfreeze your account later. When you apply, you are given a PIN that allows you to temporarily deactivate the freeze.

It appears each company protects and allows access to consumer information in different ways. I am now convinced Congress and a few good law firms need to extend their influence over credit bureaus to better protect consumers' personal data.

Transunion: I had a good experience with Transunion, which provided me a new PIN over the phone. An agent who spoke perfect English answered my call. She walked me through the process perfectly. I had to give her my SS# and basic information over the phone. She confirmed other personal information also, and I had to provide a credit card limit and the issuing bank to get a replacement PIN. It felt good to see so many different levels of security questions before Transunion would reset my PIN. When I checked to see whether I was listed as an identity theft victim, the representative told me I was not listed as such. After confirming more information, she told me she had fixed the issue. I was pleased with Transunion's professionalism.

Equifax: I had a harder time with Equifax. The agent gave me a different mailing address than the one listed on Equifax's own website, so I got worried. When I asked to talk to a manager, it took several minutes before I was connected to him, and he didn't seem to think there would be a difference between the two PO Box addresses.

In addition, Equifax (EFX) just wanted basic information--full name, SS#, date of birth, and address. This information isn't extremely difficult to get, so I was surprised. Smart identity thieves could probably reset my PIN and potentially open my credit to abuse. I asked if more information was needed (like a copy of my driver's license). The manager said no information beyond the basic information was necessary, and he provided me with a confirmation number to assist the transaction when I sent Equifax the information over snail mail. Overall, I did not get a good feeling about Equifax's commitment to protecting consumer information.

Experian: These guys are geniuses...when it comes to avoiding phone calls. Unless you have a specific code of some sort, you can't get through to a live representative. I tried every trick I could, including hitting zero and random numbers, and the system terminated my call each time.

At the same time, I couldn't help but appreciate Experian's method. Unlike Equifax and Transunion, I didn't see any information on Experian's website specifically about a replacement PIN. Experian's snail-mail process creates one significant upside: the company has more stringent requirements before it allows you to re-set your PIN. Experian requires a copy of your driver's license and recent telephone record before issuing a PIN. I sent the information over the mail. We'll see how quickly Experian responds.

Overall, I am surprised at the differences between the three companies. Laws relating to personal information ought to be more uniform and more stringent. As my experience shows, we have a long way to go in terms of protecting ourselves.

Disclosures: I do not currently own any Equifax (EFX).

No comments: