Search This Blog

Tuesday, September 12, 2017

That mysterious pain is an underregulated industry kicking you in the face. Again.

Freeze your credit, they said. That'll protect you from identity theft, they said. Except: "A security freeze doesn’t protect you if the thieves break into the vault of the company that maintains the freeze. That’s what happened here, and we will now spend years seeing what happens next."  (NY Times) Yup. The bastards broke into the system where they keep the magic PIN that unfreezes your credit file.

That said, you should still freeze your credit, on the theory that maybe you're not already doomed. Not a very sound theory, but what the hell, hope springs eternal. That’s what they told my husband and me to do when we discovered we had an identity-theft problem. I believe their exact words were, “When you’re done waving goodbye to all your horses as they run down the road, never to be seen again, why don’t you go ahead and lock that barn door?”

You can freeze your credit with each agency online, by phone, or by snail mail. (More info here.) Depending on state law, it might cost a little money. Based on a sample size of two (my husband and me), each method offers advantages and disadvantages.

Online: You get your magic PIN immediately (for all the good it does you — see above). But you feel all queasy about sending your social security number and other identifying information over a system that seems less secure than the diary you had in junior high with the little lock and the key you kept in the special-treasures box in your desk drawer. And for some reason, sometimes after you input all your info, the damn thing still says “Sorry, Charlie, no can do,” forcing you to try calling anyway.

By phone: It’s still an automated system, only you have to wait to get your PIN by snail mail. But for some reason, it might work even when the online one doesn’t. Same queasy feeling applies. Plus there’s that robotic voice reminding you that your finances are actually overseen by AI gnomes from the uncanny valley.

Snail mail: Didn’t do it, but I suspect you’ll send off your request and forget the whole thing until you get a reply. If you get a reply. And that queasy feeling isn’t going away. Especially given the fact that one of the easiest ways to steal someone’s identity turns out to be putting in a change-of-address request for them, because the U.S. Postal Service has no security whatsoever. My husband and I learned this the hard way. In no time at all, all your mail could start going somewhere else. Oh, the post office will notify you of the change…AFTER it’s been made. And good luck getting it changed back. But I digress…

Be warned, the credit agencies' websites will do everything possible to direct you toward their credit-monitoring products, which cost money. They make it really difficult to find the free and/or cheap stuff, like requesting your free credit report or placing a freeze. That's because, unless and until you pay for their monitoring service, you are not their customer, you are just a pain in their ass. In fact, you (or your data) are the product they are selling to their real customers, the lenders. So when you freeze your credit, you’re making it harder for them to make money off you. Navigating credit agency websites is not unlike trying to find the bathroom in a casino. You just want to take care of urgent business that should cost you nothing, but somehow you keep winding up back at the slot machines.

WHY ARE WE NOT REGULATING THE LIVING SHIT OUT OF THIS INDUSTRY????

(Hint: "The Wall Street Journal reports that in the months leading up to the attack, Equifax spent at least $500,000 lobbying federal regulators and Congress to relax regulation of credit-reporting companies. Among the focus of its requests? Data security and breach notification, cyber security threat information sharing, and the coup de grace: limiting the legal liability of credit-reporting companies.")

PS — In an effort to control the free-fall of its reputation, Equifax has dropped its credit-freeze fees for those unfortunates in states where such fees are legal. For 30 days. And they’re not paying your fees at the other two agencies. But hey, you can always still pump quarters into their slot machine.

PPS -- The Equifax website told me my data was probably compromised, so I signed up for the free credit monitoring. That process was suspiciously quick, and the confirmation message said only something like, "your request has been received," so I suspect my data just went to a holding pen to be dealt with later. Probably a dot matrix printer in back of a Denny's somewhere. Which is probably more secure than whatever they were using before. And if those bastards start charging me for the monitoring service after the free year is up, so help me god, I will blog about it so hard. Not like it matters anyway though. A free year of credit monitoring is like saying, "This bank is protected by armed guards. Who go to lunch in an hour."

1 comment:

Kanokporn said...
This comment has been removed by a blog administrator.