Over the past 25 years as a credit expert, I have seen identity theft take first place in the threat to my clients’ peace of mind. It is so easy to be prepared for an attack you can see, but what makes identity theft so difficult to get in front of is the way the thieves attack you when you least expect it. Once your identity has been compromised, your information can be sold on the dark web and be used as long as 2-3 years after it is stolen. This means you have to do your due diligence to monitor activity on your credit file so that you can minimize the damage that is done. You have enough going on in your life, so you don’t need to add one more thing.
As you know there was a recent security breach at Equifax, one of the 3 main credit reporting agencies. Thousands of people had their personal information such as social security numbers, dates of birth, driver’s licenses, etc. stolen by the thieves that breached their online system. However, don’t be fooled that this is an isolated incident. Hackers make a living performing this type of invasive theft all of the time, but seldom does it reap as much personal information as the Equifax breach.
How can you confirm if you or your clients have been impacted, and if so what can you do?
This current news concerning Equifax is why we teach our clients and partners to monitor inquiries and any new account activity, making sure all information is accurate and any and all inquiries were run by authentic vendors, banks or financial institutions which you or your clients have applied for credit. Many people have the wrong idea about monitoring services and therefore have a false sense of security by assuming these companies are protecting them or will handle things if they are in fact affected by identity theft. No one can protect you against the possible threats of identity theft except you by reviewing the account information anytime an alert is presented, or by reviewing your credit reports once a month for possible errors. My team and I stress to our clients and partners that hyper awareness is the key.
Let’s define the two types of inquiries:
· Hard Inquiries – These are from companies and vendors that you have applied for credit, merchandise, services, property rentals/leasing. In most cases you or your client should recognize these company names, otherwise they should be treated as potential risks. In the event you don’t recognize an inquiry, it’s important to contact the company which placed the inquiry on your credit to ensure it is valid and belongs to you. *Important Fact – When you fill out an application or apply for credit, some companies may use a third party to pull credit, or they will “shop” your loan with multiple banks or vendors. Pay attention as some will use acronyms, abbreviations, or can appear under a different name other than the company you applied with.
· Soft Inquiries – These can be from companies and vendors which may not have been initiated by you or your client. The most common type of soft inquiries are from accessing your credit online or ordering your credit report over the phone, creditors and vendors offering pre-approved credit, employment screening, collection agencies performing skip tracing for current address information and confirmation of identity, insurance companies assessing current and future risk factoring, potential investors, and most important your current credit card companies, banks and lenders. *Important Fact – These inquiries do not affect credit decisions and are only seen by you. However, many companies such as insurance companies and banks are now using credit as a risk assessor, so these should be diligently reviewed as well.
How does the recent Equifax breach affect me or my clients?
The answer to this question is a hard one as we are on the receiving end of so much information coming from different trusted sources. For this reason, it’s hard to know what is real and what might just be fluff. Unfortunately there is no real definitive answer as to who was affected or the future impact of the breach. As we explained above there are constant threats to personal information and data breaches don’t just happen to credit agencies. Despite if you or your client were a possible victim of the breach, the reality is everyone needs to be on alert and take all of the necessary steps so that the answer to this question is in your control and not that of the identity takers and so-called protectors.
The important thing to understand is there is nothing anyone could have done to prevent this unfortunate situation, as security breaches will happen no matter what we do. Most consumers do not realize identity theft is a constant threat from multiple sources. The most common sources are online shopping, phishing emails, card skimmers, establishments that process credit card payments for merchandise/services, dumpster divers, and sadly even family members.
According to the 2017 Identity Fraud Study by Javelin Strategy & Research, there is a new victim of identity fraud every two seconds. While there are vendors who claim to protect you against identity theft or fraud, these companies can only alert you when you have had a potential threat to your identity. Unfortunately there is no technology, system, or company that can prevent a potential threat from happening.
What should you do if you see evidence of identity theft?
If you have reason to believe you have been a victim of identity theft, you should immediately go to your local police station and file an identity theft report. For example, you may notice alternate addresses on your profile where you have never received mail or are associated with a shared account on your credit, hard inquiries to open new credit cards, accounts you did not authorize, or any currently open accounts you do not recognize. We recommend as an additional precaution to place a security freeze on all 3 credit reporting agencies. If you have not yet encountered any suspicious activity on your reports or would be inconvenienced by freezing and unfreezing your credit, we recommend you place a fraud alert on all 3 credit reporting agencies. If you would like to learn more about freezing your credit file or the 3 different types of fraud alerts available, please visit the FTC’s website which lists some of the more common credit freeze facts.
· Security Freeze – Placing a security freeze on all three credit agencies is one of the safest ways to block anyone from pulling your credit reports. However, it can be inconvenient if you use your credit frequently or don’t plan ahead. Each agency will provide a security pin that will need to be placed in a secure password protected document or file. Anytime you wish to apply for credit or have your credit accessed for any transaction, you will need to unfreeze the appropriate credit agency. It’s important to ask each vendor you are applying for credit with, which agency they will need you to unfreeze and for how long. *Important Fact – Each agency will provide a date range for how long you can temporarily unfreeze your credit. You should always unfreeze your credit at least 24 hours before use and I would recommend not leaving your credit unfrozen for more than 7 days at a time.
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
· Fraud Alert – Consumers should file a fraud alert if freezing credit is not a convenient option and there is no current evidence of identity theft. A fraud alert allows creditors to acquire a copy of your credit report as long as they take steps to verify your identity. For example, if you provide a telephone number, the business must call you to verify whether you are the person making the credit request.
Conquer Credit Management Inc has over 25 years of experience in dealing with these types of complicated situations. Should you wish to hire an expert, there are several packages we offer including identity theft remediation, security freeze placement, fraud alert placement, and potential threat auditing. While you can find different services online, CCMI offers individualized programs that meet the needs of each of our clients. If you are interested in one or more of these services, please email email@example.com for more information.