Fraud Alert or Credit Freeze: What's The Difference?

While discussing identity theft with a business acquaintance, the topic came up about how best to protect our identities. The person mentioned that they had a Credit Freeze in place, but that it was only good for 90 days. This was a clue to me that the person had a Fraud Alert in place and not a Credit Freeze. A comparison of the two options:

	Fraud / Security Alert	Credit / Security Freeze
Definition	A special message attached to a consumer's credit file that indicates the individual may be a victim of identity theft. The alert may require potential lenders to contact the consumer via phone before issuing credit.	A feature for national credit reports where all companies and potential lenders (except where exempted by law) cannot access a consumer's credit report without the consumer's permission.
Advantages	1. Free for consumers 2. Alert durations available for 90 days or 7 years. Military personnel: Active-Duty Alert (12 months) 3. After adding an alert at one credit bureau, the other 2 credit bureaus automatically add an alert	1. Generally, free only for identity theft victims (IL, NM, and RI: free for all residents 65+) 2. Stops identity thieves from opening new accounts or getting credit, loans, or mortgages in your name 3. Stops credit bureaus from distributing your credit report 4. Consumer can lift or remove the freeze when needed for potential lenders (PIN number provided)
Disadvantages	1. Credit bureaus still distribute your credit report 2. Identity thieves can apply for credit or loans and approval may still "sneak through"	1. If you are not an identity theft victim, fees apply to add, lift, or remove a freeze at each credit bureau 2. You must add, lift, and remove a freeze separately at each credit bureau 3. To apply for credit, you must temporarily lift the freeze on your credit reports. This may cause a delay getting credit approval 4. Banks and companies that provide consumer data to the credit bureau will not be allowed to update the name, address, SS#, and birth-date data on your credit reports
Availability	Nationwide	Nationwide, including Puerto Rico, Guam and the U.S. Virgin Islands
Other	1. Adults only	1. Adults only 2. Temporary freeze lift: 3 days minimum and 30 days maximum

Want to learn more? You should be aware of certain identity-theft situations where neither a Security Freeze nor a Fraud Alert will prevent. Also, the Security Freeze laws in many states do not cover consumers' C.L.U.E. insurance reports. You still should shred snail-mail and paper documents with sensitive personal data. And, for maximum protection you should also take advantage of the opt-out resources.

Debix, LifeLock, and TrustedID

A recent issue of the New York Times discussed three new companies which offer consumers identity protection solutions:

"This week, a young company called Debix, which places automated calls to its customers every time someone opens credit in their name, will announce that it has raised a round of financing from private investors..."

Investors in Debix include Gideon Yu, the former chief financial officer of YouTube and the current chief financial officer of Facebook, and Launny Steffens, a former vice chairman of Merrill Lynch.

"A raft of new companies like Debix, LifeLock, and TrustedID say they can make it easier for consumers to protect themselves — for a monthly fee of about $10."

Time will tell if theses companies can deliver the promised value to consumers. In my opinion, the value for consumers is based on a complete solution covering several services:

• Monitoring of credit reports with notification via multiple channels
• Monitoring other reports with sensitive data about consumers, like C.L.U.E. insurance reports
• Assistance with credit restoration and payment on fraud insurance claims
• Assistance with criminal fraud restoration both in the U.S. and in other countries
• Assistance with and restoration from medical identity theft
• Assistance with effective opt-out choices
• After a data breach, coordination of credit monitoring coverage with the employer's or former employer's credit monitoring offer
• Durability: the identity theft protection company should have staying power. Consumers may be reluctant to switch vendors since it involves disclosing sensitive personal data

AARP And Identity Theft

When I was in my mid 40's, I joined AARP. At that time, I needed to learn a lot about elder care since my mother had died and my dad was seriously ill. (He died in 2002.) I figured that reading the print version of the AARP Magazine was the best way to learn the language of retirement (e.g., Medicare, Medicaid, etc.), and to learn about the issues related to elder care.

the magazine has some really interesting and inspirational articles, like the recent interview of the actor Morgan Freeman. During the years, I've subscribed to AARP's various e-mail newsletters and RSS feeds. The AARP web site recently published a good article about identity theft, titled Block Your Credit Reports to Prevent ID Theft.

If you are unfamiliar with the subject of identity theft, or if you want simple clear descriptions (like the difference between a Fraud Alert and a Security Freeze), then this is a good starter article. The article includes sample letters for users to request a Fraud Alert from one of the three national credit bureaus. The article should have included toll-free phone numbers for the three credit bureaus, but didn't.

As I mentioned, this is a good starter article. While the article doesn't tell you everything, it provides the basics in an easily readable format, so a consumer can place a Security Freeze on their credit report.

Fraud Alert Renewal: Easy & Fast

During the last week of September, I called the Experian credit bureau to renew the Fraud Alert on my credit file for another 90 days. I called since Experian has an easy and quick phone system for consumers.

During the phone call, Experian advised me that it would automatically notify the other 2 national credit bureaus, which would also place a Fraud Alert on my file at their services. The entire phone call took maybe 5 minutes max. About 3 days later, I received via surface mail from Experian a written confirmation of the transaction:

"We have added an initial Security Alert to your credit file as requested on your behalf by one or more of the nationwide consumer credit reporting companies. This message, which will expire after 90 days from 09/27/2007, alerts credit grantors to verify your identity in case someone is using your information without your consent. As an additional precaution, we have removed your name and address from pre-screened offer mailing lists for six months."

The next day after that, I received via surface mail confirmation from the TransUnion credit bureau of my Fraud Alert renewal. I placed the initial Fraud Alert on my credit report at all three national credit bureaus back in July, after IBM notified me of their data breach. If you want to place a Fraud Alert on your credit report, the TransUion site lists phone numbers for all three national credit bureaus.

I fully realize that limitations of the Fraud Alert tool. The national credit bureaus make money by selling consumers' credit reports to (hopefully responsible) creditor companies. The Fraud Alert tool doesn't stop the credit bureaus from selling my credit report to credit grantors. The credit bureaus simply append an alert notice to my report. If you want to learn more, the Experian site lists the reasons companies purchase consumers' credit reports. Since credit bureaus don't notify consumers when our credit report is distributed, I use my credit monitoring service for notification.

Now that 2 of the 3 national credit bureaus will offer the Security Freeze tool starting in November 2007, I look forward to using that tool to really lock down my credit report so that nobody has access to it, unless I authorize access. As each credit bureau releases details about its Security Freeze program, I will share my findings in this blog.

Will I let the Fraud Alert expire on my credit reports once I have the Security Freeze in place? I haven't decided yet about that.

Fraud Alerts

After IBM informed me that IBM had lost data tapes with my personal data, one of the first things I did was contact the three credit bureaus in the USA. These thieves didn't have to do any dumpster-diving, or break into my snail-mail-box, or hack into IBM's computers, since the data tapes fell off the back of the truck.

A Credit Bureau is a company that compiles and distributes credit and personal information about consumers to creditors. This credit information may include payment habits, the number of (existing and prior) credit accounts, the balance for those accounts, and the length and place of employment. There are three credit bureaus in the USA: Equifax, Experian, and TransUnion. The Identity Theft Victims Guide lists the phone number, mailing address, and web site for all three credit bureaus.

Creditors are the companies that loan money or sell goods "on credit" to consumers. A variety of companies contact a credit bureau for the credit data of a consumer applicant. For example, when you apply for a loan (with a bank, auto company, or finance company) or apply for a wireless phone plan, that company (or bank) will contact a credit bureau to learn more about your habits with money. The company's goal is to learn enough to decide if you are a good credit risk or not. Consumers deemed a good credit risk receive the loan and pay less for the same goods; typically a lower interest rate. Consumers deemed a poor credit risk won't get the loan, or if they do will pay a higher interest rate.

One scam is when identity thieves pretend to be somebody else to apply for a loan, mortgage, or buy a large dollar-value item. The thief uses the identity victim's good credit and, of course, doesn't pay off the loan or pay for the product. Then, the creditor seeks the identity theft victim to pay for the loan or purchase that the victim never made. So, anything that makes it difficult (or impossible) for identity thieves to access credit information is a good thing.

One tool to make it difficult is a Fraud Alert. A Fraud Alert is a "flag" or indicator on a consumer's credit file that the individual may be a victim of identity theft. The Fraud Alert requires the creditor to contact the consumer via phone before issuing credit.

Consumers have a choice of a fraud alert for 90 days (my choice) or seven years. At the end of the period, the consumer can extend the alert by contacting the credit bureaus.

To place a Fraud Alert on your credit file, you simply contact any one or all three credit bureaus. (I left nothing to chance and contacted all three by phone.) Each credit bureau will inform the others of your Fraud Alert request. All credit bureaus will send a written confirmation of your Fraud Alert. The Equifax confirmation included this:

If you are a victim of fraud, the first step in protecting your credit information is to add a fraud alert to each of the credit files maintained by the three national credit reporting agencies. Adding a fraud alert may aid in the prevention of further fraudulent activity. We were successful in adding an alert to your Equifax credit file.

The TransUnion confirmation included this:

"We have received a request and added to your credit report an initial Fraud Alert. The alert will remain on your file for 90 days, as specified by the expiration at the end of the statement, and will be provided to anyone who receives a copy of your credit report. The alert will inform all credit grantors to take precautionary measures to verify the identity of the applicant before extending credit."

The confirmation also stated:

"As TransUnion is a credit-reporting agency, your credit report may be released to credit grantors who are active members of our agency. In order for the credit grantor to view the Initial Fraud Alert on your file, the credit grantor must first access your credit report."

As I read all three confirmations, I began to understand that the system is tilted to allow all three national credit bureaus to continue to distribute my credit file with my fraud alert appended. A careless credit bureau could still pass personal data to a thief pretending to be a valid creditor, and the identity thief could still take advantage of my (and your) good credit. This has happened to one data aggregator! See any news story about ChoicePoint at C/Net or PRC or InfoWorld or Consumer Affairs.

Definitely not a bullet-proof system. I felt a slightly better. Not great, but slightly better. A little protection, but not bullet-proof. I like bullet-proof.

This is one reason why I believe that the U.S. commerce system is tilted away from consumers and towards companies - to facilitate profit-making and lending credit. By sharing consumers' credit information, companies can make more money, but both the companies and the consumers incur risk. If I am going to participate in a system where I incur risk, I want rewards for my risk. Conversely, if companies want to benefit from sharing my personal data, then they'd better adequately protect my personal data. If they can't protect it, don't use my personal data and delete it!

If you feel this way (or not), I'd love to hear from you and why. In my opinion, the system needs to be balanced between companies and consumers, with stronger protections for consumers who typically have less resources than a corporation.

The TransUnion confirmation also stated:

"Under federal law, you are entitled to request a free copy of your credit report within the next 12 months."

This was good news at a time when I was receiving plenty of bad news. It's always good to get something for free... especially when you need it.

Next entry: IBM's offer