RapLeaf, Facebook, Data Mining, and Privacy
Former BigBad Employees Pursue Back Wages

A Review of Bank of America PrivacySource

A couple weeks ago, I received a letter from Bank of America via postal mail:

"Records Request
Please Review Important information Below
Please Reply Within: 14 Days"

You have the right to a free credit report from AnnualCreditreport.com or 877-322-8228, the ONLY authorized source under federal law."

"Complimentary Credit report and Credit Score -- Your signature is required to try the Bank of America PrivacySource(®) at no cost for 30 days so you can receive delivery of your Compiled Credit Portfolio. your benefits will include the following:
1. Your Complimentary Triple-Bureau Credit Report
2. Your Complimentary Triple-Bureau Credit Score
3. Daily Monitoring notifications"

I had not heard of the PrivacySource service before. I had heard of the PrivacyAssist credit monitoring service from BofA, and reviewed it in this blog. Inside the BofA PrivacySource envelope was a single sheet of paper with this offer and a return envelope. I read the entire offer letter looking for a website address. When I receive an offer like this, I expect the offer letter to provide a website address so I can learn more. Surprisingly, the offer letter didn't mention a website: neither a BofA website nor a PrivacySource website. Not good.

I then performed a few Google searches for PrivacySource which turned up this BofA page. I followed the PrivacySource link at the page bottom, and then entered my state on the next page. The problem: the BofA site redirected to a Privacy Assist page which didn't mention anything about PrivacySource. This was confusing and frustrating. Maybe PrivacySource is replacing BofA's PrivacyAssist credit monitoring service. Or maybe PrivacySource isn't available in my state. The BofA website didn't say. Not good.

After some more searching, I found a page at the CreditReportCamp.com site which mentioned the website address for Privacy Source: PrivacySource.Bankofamerica.com. It should not be this hard to find a website address. Whoever built the BofA PrivacySource website failed miserably at SEO. BofA should have listed the website address in the offer letter. And, the BofA website should have linked me directly to it.

But, back to the offer letter. Part of the way down the page, the letter included some important information:

"By signing this form you are authorzing a debit from your Bank of America checking account to the amount of $12.99 per month for a membership in the Bank of America PrivacySource (®) service unless you cancel within the 30_Day Trial Offer period.

That told me a lot. PrivacySource is a credit monitoring service. The offer was similar to offers I've seen before from FreeScore.com and the major credit reporting agencies, except there were two freebies: a "Triple-Bureau Credit Report" and a "Triple-Bureau Credit Score." That sounded nice.

Like most people, I like free things. But, what is a Triple-Bureau Credit Report, and what does it look like? Is it a summary, or does it provide the same details as a credit report from Experian, Equifax, or TransUnion? The offer letter didn't say. Nor did it include an example report. It's hard to evaluate an offer when the service doesn't provide an example report. Not good.

I also wanted to know what a "Triple-Bureau Credit Score" is. Is it the same as a FICO credit score? Or is it a VantageScore? There are several different brands of credit scores available, and I want to know what I am buying. The offer letter didn't say. Nor did it provide a sample score. Not good.

Near the bottom of the offer letter, there was this important information in tiny type:

"By signing this form, you authorize bank of America to share your Social Security Number with Trilegiant, the service provider of the Bank of America PrivacySource service, and authorize Trilegiant and its credit information providers, which may include First Advantage Credco and FAMS, to obtain and monitor your credit files and information from the credit reporting agencies..."

Well, that said a lot. Trilegiant operates the credit monitoring service for BofA under the brand name PrivacySource. I know a little about Trilegiant as I wrote briefly about it previously in this blog. And, Trilegiant was involved in 2008 in at least one class-action lawsuit, which the company settled for $25 million:

"Trilegiant, a subsidiary of Cendant Corp., has also been the target of actions by attorneys general in California, Connecticut and Florida. In 2006, it settled charges brought by 16 states alleging that Trilegiant and Chase Bank had deceived consumers into paying for membership programs."

This is the best vendor BofA could find for its credit monitoring service? More troubling are the recent consumer complaints about Trilegiant.

But let's get back to the BofA PrivacySource offer letter. The language of this authorization troubles me... particularly the "may include" phrase. It essentially says that BofA through Trilegiant will share my sensitive personal information with other companies and doesn't name all of companies, only a couple of possibilities. That is partial and insufficient disclosure to me. Not good.

And, who is First Advantage Credco? And FAMS? I did a little searching and found this First Advantage Credco profile on LinkedIn.com. The company's official website is credco.com, and it appears to be in the midst of a name change to CoreLogic. CoreLogic Credco appears to collect and data mine consumer information, with perhaps an attempt to enter the credit report marketplace.

I have not been able to determine who FAMS is. If you know, please share a description and website link in the comments section below.

About the PrivacySource website, to its credit the site does provide sample credit reports and credit scores. I compared the reports to actual credit reports I already have from Experian, Equifax, and TransUnion. The PrivacySource credit reports look like summaries. To adequately manage my finances, I need the real thing -- not summaries.

Consumers who visit the PrivacySource website should read the service's Terms and Conditions. This is important to understand what you get for $12.99 per month. You get a credit monitoring service and no credit resolution services. If you are the victim of identity theft and fraud, you'll need both services-- you'll need resolution service to help you communicate with various companies, lenders, and government agencies to fix your credit and all affected financial records.

PrivacySource uses CreditXpert Credit Scores (TM) from CreditXpert.com. Consumers should be aware that this is a different credit score brand. It is not the same as FICO from the Fair Isaac Corporation. The My ID Alert service from Capital One also uses CreditXpert Credit Scores.

If you have the time, you might compare PrivacySource and PrivacyGuard.com, Trilegiant's credit monitoring service. I didn't bother comparing the two sites because I'd already made up my mind about PrivacySource. First impressions are important. The PrivacySource offer letter was underwhelming and the site was difficult to find.

Is BofA PrivacySource for you? Only you can make that decision. It's not for me. Why? First, the letter didn't contain enough information for me to to make a decision, and it didn't include the service website. Second, the difficulty I encountered with finding the PrivacySource website gave me the impression that if the company can't do that well, the actual service is probably problematic, too.

Third, the sample credit reports seemed like summaries and not the full detail. Fourth, I prefer a comprehensive service that includes both credit monitoring and resolution services. Fifth, there are more comprehensive services that also help with medical identity theft and fraud.

If you already signed up for PrivacySource, please share your experience below. I've Been Mugged readers would love to hear your experiences, good and bad. If you have experiences with FAMS and/or First Advantage Credco, we'd like to hear about that too.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Randelll  Rivers

I have had the same type experience with Privacy Source. I agree that the service seems to be nothing more than a summary. Even at $12.99/monthly monitoring, this comparatively is no bargain. I got mugged for $121.** which through BofA further translated to $165.14. I am not through with this one yet, but it won't be long...


I have privacy source, and the credit report is actually very detailed - once you actually sign up. Its a small book, very lengthy and goes into details for your whole credit history, even cards I forgot I have like Macy's, and cards closed many years ago. You can view the summery, or view the full credit report which I printed once, and It came out to a medium sized book ~70pages.

I haven't tested its helpfulness by being scammed or mugged (and I hope I never have to), so I can't report on that.

Didn't know that it had no resolution services... will have to check that out. On their site they say:

"Should you become the victim of identity fraud, the Bank of America PrivacySource® service can help you through the recovery process. You'll be assigned a fraud resolution specialist who will work with you to help restore your identity, and support you along the way."

It also says I can be protected with insurance up to 25,000 dollars... don't know if thats included or I have to pay more for it. Its not clear in the wording.

Let me know what's your best identify theft program, cause its a REALLY big scare of mine.



Thanks for sharing your experience. It is good to hear that the credit reports are detailed, since the website did not explain or show this well.

Resolution services means a lot more than a little bit of insurance ($25k) and access to a phone rep. The contract you agreed to lists what they will/won't due to help resolve damage from ID-theft and fraud, and what you have to document to qualify for the insurance. I have seen some plans where the rep is the victim's legal agent.

It is hard for me to say what is the best service, as everyone's needs are different. Some people need family coverage; others need comprehensive coverage; others need medical records coverage; some need coverage for military family members; some need access to help outside the USA; and so forth.

A "one-size-fits-all" approach does not apply here.


R. Scribner

As I am closing my BofA account, I did an online cancellation of Privacy Source only to be told that it is NOT a BofA service!! I had never heard of Trilegiant until the BofA "agent" informed me that I would have to contact the "merchant" Something is definitely not right here and I am embarrassed to admit that I did not do the research I should have. After all, I TRUSTED BofA...Never again!


I reached this blog by Googling First Advantage Credco, LLC ("Credco"), First Advantage Membership Services, Inc. ("FAMS"). All of their use is governed by California law as they are located there.

Any how, my credit union (CU) had a breach and offered this service from "Kroll Inc." to me at no charge, so I've been reading through the Terms of Use and Privacy Policy for Credco who is the company that you actually agree to do business with. My CU indicates that this is one of the top agencies to alert, prevent and if needed resolve any problems for you with their "Enhanced Identify Theft Consultation and Restoration".

But of course the Terms of use in the end - really indicate that Credco or its subs, partners, etc, etc, etc, are not liable for any bad service or no service. So, what really can one expect? I will probably sing up for it for the one account - since it is suppose to be of at no cost to me as stated in the CU letter - "we have engaged Kroll Inc. to provide you with ID TheftSmart service at no cost to you." But, if one signs up - they have to have carte blanche - and all of this because one CU account was breached. Ain't Technology great!



Welcome. I hope that you will become a continuing reader of this blog.

Thanks for sharing your experience. A fair amount of skepticism is healthy. When IBM Inc. had a data breach in 2007, they selected Kroll to administer their complimentary credit monitoring service to breach victims -- of which I was one. That free credit monitoring service lasted for one year, and thankfully I did not have to use Kroll's resolution services to fix any damages from identity thieves.

Yes, "carte blanche" as you wrote or Power of Attorney (the legal term) is often used in these situations so the service can work aggressively on your behalf. You are very wise to read the entire terms and conditions of the contract. That is what explains what you get, what you don't get, what they will do for your, and what documentation you have to collect in order to obtain certain benefits.

I took that opportunity to learn about identity theft, and encourage you to do the same. Use your experience with Kroll's service to help you learn and decide what to do when Kroll's service ends. You will be an informed consumer and better able to decide what other credit monitoring service you want to subscribe to, if any. You will be more skilled at distinguishing between the good offers and the bogus ones.

In my experience, I placed Fraud Alerts on my credit reports, and then placed a Security Freeze on my credit reports. There are plenty of credit monitoring reviews in this blog to read and inform yourself. As an informed consumer, you will be able to decide how much you want to do yourself versus pay a service to do for you.

No single service fits everyone's identity needs. Good luck and let us know what happens.



I just canceled my Privacy Source membership after countless calls to their company. First, I called them and asked whether i was charged or not. They said as of today at 12am, i was charged 12.99 and it's pending on my credit card. However, i told them i tried to cancel yesterday since my trial would have ended yesterday 2-28-11. I said i wanted to cancel my account and get a refund because i should have been allowed to enjoy my last day of the trial and be able to cancel it. The lady kept trying to say her sales pitch and i kept asking, will i get my refund? After awhile, she said that she will cancel my account and give me a refund. She gave me a confirmation number. However, i feel like she's not going to give me a refund back. Anyone have any recommendations on what i should do?


I am trying for free credit score. Please share your experiences about the complimentary credit report/credit score that you received.



I signed up for PrivacySource years ago with Bank of America. I stopped using my card months ago. Well, come to find out, the annual charge was placed on my card in feb, 2011(i was not on the monthly plan...i was on the yearly). Well anyway, i never got a bill from bank of america. What I did receive was a notice from PrivacySource that they had reported me to Experian for being 60 days late! The only black mark on my credit!! How ironic that the company that was supposed to be protecting me is the one that screwed me! Cancelling membership today!!!


An excellent link about how Bank of america and Privacy Source deceive customers (it's from 2006, but unfortunately still happening now in 2011):




Thanks for the link. That story described a crappy experience. This highlights some of the problems with programs that auto-include features that customers did not ask for, and bury the details in contractual fine print. Unfortunately, it is a popular marketing tactic still today. The result: consumers are forced to read the fine print and cancel within the time allotted by law.

One option consumers have is to "vote with your feet" -- that is, if you are a BofA customer, move your money to a local bank or credit union:


While local banks may not have as extensive a network of ATM machines, some local banks (like Free Republic here in Massachusetts) will reimburse you for cash withdrawal fees. Do your research before moving your money.



I found this article in the midst of research on Trilegiant for my Dad. He's had a long standing Wells Fargo credit account, and they are forever trying to upsell him on insurance and other "affinity marketing" offers. He was sent a letter offering pretty much the same credit monitoring deal you saw for BoA. I'd advised him not to chuck it. My plan was to dump the service within the trial period once the free report was delivered, a stunt I've pulled without incident in the past, before the FTC mandated limited free access to credit reports.

At first blush I had a few problems with the offer language and letter layout, but not enough to kill the deal. To explain:

The letter calls the service "Enhanced Identity Theft Protection". This of course is not all a credit report is for, and the FTC's "least sophisticated consumer" might be led to believe the "protection" is somehow active, like a guard on duty, and not a convoluted DIY project. All that's promised is the usual triple combo report, FICO score, and periodic alerts. Disputing credit reports can involve deep reserves of patience for a slanted process ranging near the difficulty of blindfolded tax form preparation.

Having been on similar product trials, I know a triple report is useful as a peek but not so much for invoking all of FCRA and FACTA. To be most effective, a credit info dispute must be made on paper with the specific information furnisher, which ideally means having the furnisher report separately.

A banner near the top says in large red type: "Credit report review [new line] Immediate action requested" Below this to the right is the note "Please reply within: 14 days". This flips the usual order of call to action and building urgency in a sales pitch, somewhat suggesting that ignoring the notice will cause harm to the consumer. The letter has a little blue sticker reading, "Send me my credit report and credit score", which is meant to be peeled and applied four inches down on the return form where one provides a signature and last four of the SSN. Seems to me the dumb sticker is superfluous, and reminds me of too many cheesy marketing mailers for magazine sales and sweepstakes entries.

The front and back of the return form has all of what I consider the critical fine print about Trilegiant and FCRA provisions. I would think to scan or photocopy the whole thing before mailing, but certainly my sense of caution would not be shared by most offer recipients. Still, considering all the above concerns, I wasn't too worried until I actually examined those disclosures, finding them vague in parts.

The authorization text is quite clear on my ability to cancel within 30 days. The opt-out only says "unless I call to cancel". Wouldn't I want to send this cancellation in writing too? I'm also told the clock starts "when I receive my membership materials". Who decides what date that is? Are we using the fuzzy Mailbox Rule of presumed delivery, since almost certainly they'll be too cheap to use Certified or a tracking code? Suppose that first "material" is a welcome letter and the combo report doesn't arrive until day 29?

More worrisome is the credit report pull language you've flagged. "I authorize Trilegiant ... and its service providers, which may include FAMS ... [to pull] ... from any consumer reporting agency ...." So much to unpack ... This literally means Wells Fargo is outsourcing credit monitoring to a giant marketing firm which in turn may farm out to some unnamed "provider" which may fetch reports from furnishers I've never heard of. All clear as mud, right? Nowhere does the promo letter say the Big Three bureaus will be furnishers. Many firms exist which buy and repackage Big Three reports, which may introduce the chance of data distortion. Moreover, the "consumer reporting" part is so vague it could apply to firms which don't specialize in credit at all.

Now sure, the disclosure also says terms of use are coming "with my credit report". Could I see those before signing? I'm not given any means of inquiry to Trilegiant. I'd be less worried here except for seeing the ridiculous pile of complaints and lawsuits lobbed at TLG in recent years. They all talk about a "trap and shoot" business model like that of Video Professor, Girls Gone Wild, and many other creepy subscriber services. What I fear is doing everything by the book yet still not being permitted a clean exit from Trilegiant.

Arguably this July 2005 report was among the most damning, raising questions about why TLG feels a need to hide behind so many brand names:
Inside Trilegiant's Marketing Machine

I am most alarmed by the mysterious mention of "FAMS" as a possible operative. As in your example, this alphabet soup name is not explained and eludes easy search engine tracing. However, it's an acronym I recognized immediately from my ongoing study of a cousin industry. The FAMS I know is Financial Asset Management Systems, a debt collector known like its many peers for hostile and illegal practices. If it matters, the FAMS Senior VP of Sales & Marketing lists on his resume two of the Big Three credit bureaus, and also NCI and Van Ru, two large and infamously lawbreaking debt collectors.

If TLG's "FAMS" is the very same, these four letters poison the whole deal. It would circumvent if not disable FCRA to give a backstage pass to a scofflaw debt collector, which would normally not have a statutory "permissable purpose" to pull reports unless a debt account was at issue. What then would stop a collection agency from going fishing for anything it can turn into a bogus claim, and/or reporting false information back to the bureaus to extort "tributes" from subscribed consumers?

In the face of so much to distrust, I'm walking my Dad briskly away from this offer.


Dear Resident47:

Thanks for the detailed reply and product review. I appreciate the FAMS explanation. I agree with the points you have raised, and think that other readers will find your comments helpful.



I will never again trust what any agent from Privacy Source says. I have tried on multiple accounts to contact and close my account, but they always say they will close it.. its been 4 months and I have 4 seperate bills from them even though I called to cancel it. BoA is very close to losing my business as well. Shady practices from all corners of that company.


I never even signed up for Privacy Source. I was temporarily the representative payee for a person on disability. I opened an account for disability to deposit to. After two months the person got her own account. The balance was zero for a month and then I got a notice that it was overdrawn. Privacy Source had withdrawn $12.99. Then Bank of America charged me $35 for overdrawing the account. I called BofA because I could not understand how the account had gotten overdrawn. The Bank of America representative did not know what Privacy Source was. I suspected it was an in-house scam and after I had asked enough questions the representative finally admitted it was Bank of America and not an outside entity. At the time I had never heard of Privacy Source. I certainly never signed up for it. Why would I sign up for a privacy service on a representative payee account?

Bill Bennett

I have been with Privacy Source for a number of years. I realize there is more complete info I can access online on my account. But I decided I just couldn't afford it this year. And after reading these and other comments and for other reasons (example my credit union provides free credit reports quarterly) I decided to cancel the service. I called the number on my renewal notice and got through to a live person in short order (maybe I lucked out timewise). He did give a spiel on what I would be giving up, but kept it reasonably short then went ahead and cancelled the service, giving me a confirmation number.

online flash games

I have privacy source, and the credit report is actually very detailed - once you actually sign up. Its a small book, very lengthy and goes into details for your whole credit history, even cards I forgot I have like Macys, and cards closed many years ago. You can view the summery, or view the full credit report which I printed once, and It came out to a medium sized book ~70pages.

I havent tested its helpfulness by being scammed or mugged (and I hope I never have to), so I cant report on that.

Didnt know that it had no resolution services... will have to check that out. On their site they say:

Should you become the victim of identity fraud, the Bank of America PrivacySource® service can help you through the recovery process. Youll be assigned a fraud resolution specialist who will work with you to help restore your identity, and support you along the way.

It also says I can be protected with insurance up to 25,000 dollars... dont know if thats included or I have to pay more for it. Its not clear in the wording.

Let me know whats your best identify theft program, cause its a REALLY big scare of mine.

The comments to this entry are closed.