Equifax Pays $65K To The State Of Indiana For Violating Security Freeze Law
Wednesday, January 14, 2009
During the run-up to the holidays, I almost missed this news item. It received coverage by news organizations in the State of Indiana, but lesser coverage elsewhere. According to the ConsumerAffairs.com site:
"Equifax Information Services has agreed to pay $65,000 to resolve allegations that the company failed to comply with Indiana's security/credit freeze law.... Attorney General Steve Carter obtained a consent judgment after charging that the credit agency failed to place security freezes and failed to issue freeze confirmations and unique personal identification numbers to Indiana consumers within the timeframes as defined by state law."
Basically, Equifax did not admit any guilt, and paid the fine since it violated state law. Hence, the word "allegation" was used above.
In Indiana, credit-reporting agencies are supposed to place a credit-report freeze within 5 business days of receiving a consumer's letter. According to Carter's allegations, Equifax didn't do that fast enough for 19 consumers, including a two-month delay for one consumer. In Indiana, credit reporting agencies are also required to notify consumers within 10 business days that their credit reports have been frozen. According to Carter, Equifax failed to do that for 24 consumers, and it took 6 months to notify one consumer.
It's good to see a state's attorney general looking out for the needs of consumers by monitoring compliance to Security Freeze laws. Most state have Security Freeze laws, and I wonder how many other states are monitoring compliance:
"It is believed that the Indiana Attorney General's Office is the first to enforce the consumer credit freeze statute against one of the three national credit-reporting agencies."
Attorney General Carter summed up the situation well:
"This law was enacted to give consumers a layer of protection against identity theft and other forms of personal identity fraud... The freeze doesn't provide the protections it was designed to give our citizens when the required timeframes and other requirements of the law are not followed."
I have a freeze on my credit reports and I encourage consumers to do the same, especially if your sensitive personal data has been exposed during a corporate data breach. But note, a Security Freeze is not a cure-all. And, read this review if you are considering Equifax's "3-in-1" credit monitoring service.
A friend of mine wrote this recently and clearly expresses my view on "alerts" and to some extent credit freezes.
When planning an identity protection strategy, fraud alert benefits must be considered however, they must not be exaggerated. When the laws were updated to allow consumers place fraud alerts on their credit reports, their purpose was to prevent further damage from suspected or actual loss or theft of personal information. The key words here are suspected and actual. Consumers who suspect they might potentially become victims of identity theft due to a related special case such as when a wallet is lost could place temporary fraud alerts good for 90 days until they resolve their identity theft issue such as replacing their lost credit card. On the other hand, consumers who have actually become victims of identity theft and have formally reported their identity theft case to authorities, may place an extended fraud alert to prevent further losses and damage to their identities. Preventing identity theft and further identity damage were the primary purpose of the consumer fraud alert laws. However, as these laws started to be abused by identity protection companies which offered automatic placement and renewal of fraud alerts on consumer credit reports every 90 days for a fee, these laws started to lose their effectiveness as creditors did not take them seriously. With the introduction of this new business which offered automatic fraud alerts even if there was never an actual or suspected identity theft case, every one who signed up for this service was suddenly a potential identity theft victim. Although, the laws were created with a good and honest purpose, and even though the extended fraud alert is still a good idea, I think the initial fraud alerts have lost their effectiveness.
In my opinion, fraud alerts are misused these days and start to lose their value and benefits as the abuse continues for the sake of business profits. Although, long term fraud alerts can be placed on credit reports based on reported identity theft facts, initial fraud alerts which can be renewed every 90 days are routinely placed on credit reports to warn creditors of potential identity theft risks whether or not the person has any indication of potential identity theft. This practice reduces the fraud alert benefits as I will explain shortly. When considering the protection of an identity, there are many fraud alert benefits that should be carefully considered, however, fraud alerts also present limitations for an effective identity protection strategy.
As more people routinely place initial fraud alerts on their credit reports, creditors start to view this practice as it is, routine, and fail to follow up with the person whose credit report alerts of potential fraud. In fact, the laws do not force the creditors to follow up with consumers regarding their fraud alerts.
To ensure maximum fraud alert benefits and effectiveness, they have to be placed only when personal information is lost or stolen and can potentially lead to identity fraud. In addition, although creditors have a vested interest to ensure they get their money back, the laws must force them to verify the identities of those who have placed fraud alerts. Most of the initial fraud alerts placed on credit reports today are not placed because consumers are either victims of identity fraud or suspect of becoming one based on facts. They just place the alerts because a company promises them full protection backed with a million dollar identity theft insurance while the laws are abused for the sake of business.
Consumer credit fraud alerts have many benefits and can be very effective for protecting an identity but they must be used responsibly while creditors are forced to take them seriously and act upon them before extending and granting credit.
Posted by: John Taylor | Wednesday, January 14, 2009 at 10:44 AM
As part of our research I read your article with interest.
ID Fraud Prevention starts at home.
We at OEM Partnership take ID Theft & Fraud seriously and have
developed a software program that hides your sensitive data and
enables access to it via a Picture of your choice.
No more Usernames and passwords to remember.
If you feel your passpicture has been compromised, simply change
Check out our free trial at
Posted by: Brian | Friday, January 23, 2009 at 01:46 PM
does Canada have credit freezes???
how do i find out???
Posted by: agee cee | Wednesday, February 11, 2009 at 02:28 AM
Thanks for the feedback. Glad that you find my blog helpful. I do not know about credit freezes in Canada. I will look around and see what I can find. Meanwhile, I suggest that you sign up for either the RSS or e-mail alerts, so when I post about Canada you'll know immediately.
Posted by: George | Tuesday, February 17, 2009 at 12:46 PM
as laws started to be abused by identity protection companies which offered automatic placement and renewal of fraud alerts on consumer credit reports every 90 days for a fee, these laws started to lose their effectiveness as creditors did not take them seriously. With the introduction of this new business which offered automatic fraud alerts even if there was never an actual or suspected identity theft case, every one who signed up for this service was suddenly a potential identity theft victim.
Posted by: Credit Repair Services | Thursday, August 26, 2010 at 10:20 AM
Do all of the states have a credit freeze in place?
Posted by: security guard training | Monday, August 01, 2011 at 11:50 AM
Security Guard Training:
The 3 major credit reporting agencies (Equifax, Experian, and TransUnion) all provide nationwide security freezes. So, consumers nationwide can lock down their credit reports. The fee to lock/unlock a credit report varies from state to state. You should check the fees for your state by visiting one of the above credit reporting agencies. Links to them are on the Resources page within this blog.
Posted by: George | Monday, August 01, 2011 at 01:45 PM