By Ken Hatfield
Financial Advisor, Partner
Portfolio Advisors, Inc.
Back in 2010, I received a solicitation from Experian, one of the three major credit reporting agencies (Experian, Equifax and TransUnion), offering a free introductory period of their credit monitoring services. I had never checked my own credit and was curious about what was in my report. I decided to take advantage of their free trial offer. Of course, in doing so I had to provide them with my credit card information and was informed that the service would automatically continue at the end of the trial period. Of course I had no interest in keeping the service beyond the trial period but, as you might suspect, I failed to cancel the service. I procrastinated and reasoned that it was kind of neat to get my monthly credit rating and occasionally look at my credit report. The small monthly charges were largely out of sight and out of mind. My procrastination to cancel the service dragged on for nearly a year. Ultimately, I became tired of wasting my money. I decided to pull the plug at the first of 2012. Good thing I didn’t.
In late 2011 I received an email from Experian alerting me that a new account had been opened in my name at Lowe’s. I called Lowe’s directly to clear up the confusion. I was shocked to learn that sure enough someone had opened an account on my behalf. I was surprised to learn that they had my home address, email address, phone number and Social Security number. After proving to the Lowe’s representative that I was who I said I was, they immediately agreed to cancel this account. Fortunately, credit cards had not yet been mailed out and even if they had, they would not be activated or able to be used. Stunned, I wondered how this could have happened and what further action I should take.
My next step was a call to Experian and the other credit monitoring agencies. As it turns out, there were five or six additional accounts that were in the process of being opened by using my information. I called all of the stores and was told the same thing. Applications for accounts were filed using my credit information. As it turns out, I was lucky and was able to intervene, shutting down their attempts before any damage was done. One peculiar thing occurred. A credit card in someone else’s name was sent to our home. I informed the authorities of this, but never heard back from them. Needless to say, the authorities are consumed with this type of activity.
My displaced frustration in having not canceled my credit monitoring service was replaced with my newly discovered wisdom of having stayed the course. Pleased with myself, I now faced the arduous task in navigating through decisions needed in order to protect my credit going forward. After spending a good deal of time with credit rating services and the authorities, I decided that a reasonable strategy was to place credit alerts across all three credit monitoring services. Should anyone seek credit information about me, I would be alerted. As a victim, I learned that alerts can be enabled for a ninety day period but can also be extended for seven years if a police report is filed. I resisted the temptation of a seven year credit freeze opting instead for seven years of credit alerts. I thought this would provide a level of comfort and allow time for intervention before any damage was done. I hope I made the right decision. Time will tell.
I learned that consumer actions in stopping credit applications, coupled with applying credit alerts and credit freezes, can be an effective barrier in frustrating a perpetrator to the extent that they will often give up and move on to their next victim. This respite may however be temporary I learned, as credit fraud can be “the crime that keeps on giving.” Apparently, once information is stolen, it can be sold to others over and over again. As such, I now realize that seven years of maintaining alerts or freezes is not enough and one must continue to be vigilant in monitoring their own credit.
How does a criminal actually use information that is stolen? One devious tactic is employed in the comfort of their own home. By using stolen credit information and their home computer, they can open on-line accounts. Once they submit an application, they simply sit back and wait until they are notified that the account has been opened. Once the account has been opened, the home based criminal simply needs to edit the account profile. Why would they do that? Simply, a new delivery address or P.O. Box can be established allowing them to order and receive gift cards from the retailer. The gift cards are ordered in small quantities and amounts up to $50 so as not to raise suspicion. These gift cards can then be sold on the streets for cash or actually used as a form of currency. The faceless criminal has in effect created a currency that is, practically speaking, nearly impossible to trace and rarely raises suspicion.
That’s basically the gist of my painful experience with this topic. Now, what can you do?
1. Check your credit reports regularly. You do not need to pay for a service to do so (though I continue to pay for it). The three credit reporting agencies are each required to provide this information once per year. Effectively, you then can check your credit three times a year with a different agency each time. The reports can be requested at www.annualcreditreport.com.
2. If you are concerned (and even if you’re not), that you may have been a victim of the breach at Equifax, you should visit the Federal Trade Commission Website at www.ftc.gov. On their home page, you will find access to an area entitled “Equifax Data Breach – Tips for Consumers.” Here you will be provided a direct link to Equifax in order to determine whether or not your information may have been compromised. On their website, they will offer use of their service free for one year. Of course they most likely want to charge you for the service after that. This should, however, be an offer that you consider, especially if you do not already have a credit monitoring service and are not monitoring your credit yourself.
Additionally, the FTC site provides other valuable resources and information. It includes explanations in the differences between credit freezes and fraud alerts as well as a video entitled, “What to do After a Data Breach.”
Last but not least, I understand that the credit rating agencies are overwhelmed right now and wait times are long on the phone. Much of what we have talked about can be done online but I am also hearing that this process is slow and arduous. The best advice that I can give is that you should be patient and diligent. This problem is not going away anytime soon and law enforcement is overwhelmed with this crime that is now out of control. Unfortunately, your personal engagement is required to ensure some measure of safety.
In my case, I have not had a re-occurrence of events since 2011. However, I have no false illusions and my radar is up. Yours should be too. If I can answer any questions that you may have, please feel free to contact me or my office. Good Luck.