|
September 22, 2017 - Since the Equifax data breach, I've joined the millions of Americans who have frozen their credit files. It isn't the easiest process. In fact, all of the CRAs (Experian, Equifax, TransUnion) have made their credit freeze web pages difficult to find… at least that's my opinion. But how secure are you once you have implemented a credit security freeze? It may be the best way to protect your credit in the wake of a data breach but there are still issues that could leave you vulnerable to fraud and identity theft.
For the record, you can find the correct pages to freeze your credit here:
Experian - https://www.experian.com/ncaconline/freeze
Equifax - https://www.freeze.equifax.com
TransUnion - https://freeze.transunion.com
It's easy to get frustrated when you attempt to freeze your credit. Call me a cynic but it's almost like the process has been designed that way. One CRA told me that I would need to send them various forms of information via certified mail if I wanted a freeze. I had to make three attempts before I was eventually rewarded with the privilege of being forced to pay $10 to protect data that I never gave them permission to store in the first place. But I digress. The point here is that you are unsuccessful at first, keep trying.
This isn't the first time I've frozen my credit. When I did it years ago, it was all handled via the mail. When I eventually lifted the freeze, I never bothered to re-freeze my file. While handling this sort of thing by mail can take some time, it is probably more secure than online. All consumers should be aware of a couple of things.
First, the credit bureaus will allow you to set your own PIN. As tempting as it may be to make your PIN simple to remember, doing so really defeats the purpose of using a credit freeze in the first place. Let the CRAs set your PIN for you. Then make sure you store that information in a secure place. NOTE: TransUnion forces you to set your own PIN. Moreover, it is a relatively short six-digit PIN. Don't use your birthday, your kids' birthday, or any other number sequence that is easily figured out.
Second, some of the CRAs will allow you to reset or recover your PIN online. That's frightening. Earlier this month, the blog Krebs on Security published a report on Experian's interface for this and how weak the security to accomplish a reset is. It's well worth the read. Today I found out that TransUnion offers a similar capability, with similar security. Unfortunately, if a criminal can figure out the PIN for your credit file, that same criminal can lift the freeze on your file and take out new credit in your name. This is another good reason to allow the CRAs to set your PIN for you when it's allowed.
Given the scope of the Equifax data breach, we highly recommend that everyone take out a credit freeze. But don't get complacent and think that a credit freeze will protect you under all circumstances. Even after implementing a security freeze, all consumers need to remain vigilant.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Identity Theft 
