Director, Consumer Campaign, U.S. PIRG Education Fund
Director, Consumer Campaign, U.S. PIRG Education Fund
New Report: Consumers Should Get Security Freezes Before Next Data Breach
Washington, D.C. – Credit monitoring and other services that are usually offered to data breach victims and other concerned consumers do nothing to prevent identity theft; they only detect certain types of fraud after it has occurred. A report released today by U.S. PIRG Education Fund aim to increase the awareness and use of the security freeze, also known as a credit freeze. The report explains that the freeze is the only security measure that can prevent new account identity theft.
“Only the security freeze can prevent someone from opening a new credit account in your name,” said Mike Litt of U.S. PIRG. “Credit monitoring services may tell you but only after you’ve already been victimized. Worse, they are often offered after simple retail credit number breaches, even though they offer no help against unauthorized use of your existing accounts, which is the fraud most likely to occur from that type of breach.”
A security freeze works by preventing a consumer’s credit report from being shared with potential new creditors, such as banks or credit card companies. Most creditors will simply not issue credit if they cannot see the applicant’s credit report or score derived from it. The report recommends that the best course of action for most consumers is to place security freezes with the three major national credit bureaus until they want to apply for credit, at which time they can easily unfreeze or “thaw” their reports.
“Whether your personal information has been stolen or not, your best protection against someone opening new credit accounts in your name is the security freeze, not the often-offered credit monitoring services, which only alert you after a new account has been applied for or opened,” added Litt. “For this kind of ID theft, only a security freeze offers peace of mind.”
The report, “Why You Should Get a Security Freeze Before Your Information is Stolen.” offers the following information for consumers:
- It explains the best steps consumers can take against new account financial identity theft, such as placing a security freeze on their “Big 3” credit reports.
- It explains the process of freezing and temporarily unfreezing reports when you need new credit yourself.
- It warns consumers about “phishing” and social engineering schemes used by thieves trying to obtain more information from breach victims, or any consumer, to enable more complex forms of identity theft. For example, a thief who has obtained only a credit card number may call you to trick you into giving up the Social Security Number needed to facilitate new account identity theft. Thieves will also send “phishing” emails containing malicious links. They will also seek to combine breached information with additional information easily available about you online.
- The report warns of newer types of identity theft and additional harms enabled by breaches of health insurance companies (theft of medical services), the IRS (theft of tax refunds) and even the federal government’s Office of Personnel Management (new account identity theft and reputational harm).
“Only the security freeze offers peace of mind against new account financial identity theft, but consumers still need to be vigilant about other identity threats and potential harms posed by the easy availability of non-public personal information, from both breaches and other sources,” said Litt. “Check your accounts regularly, don’t give out information to someone who phones – call the number on your bank or health insurance card instead — and don’t click on email links.”
The report reiterates that neither credit monitoring nor a security freeze can detect or prevent unauthorized use of existing credit accounts or other types of fraud or identity theft. Regarding fraud on existing accounts, many banks and credit card companies already have mechanisms in place to detect such fraud and remove unauthorized purchases. Positively, the report notes that as of October 1, nearly all credit and debit cards have been replaced with “chip” cards. At the same time, most merchants will also replace their “swipe” terminals with “swipe or dip” terminals. A “chip” card that is dipped does not transfer actual account numbers to the merchant’s computer at all, greatly reducing the number of potential existing account fraud victims. However, consumers should be aware that while chip cards will stop most in-person retail fraud they will have no effect on online fraud, although PIN debit cards will. Most banks, however, are only issuing “Chip and Signature,” not “Chip and PIN” cards.
“If you can avoid running up credit card debt, always use credit cards online, not debit cards,” added Litt. “If you haven’t lost your actual debit card, but only had the account number stolen, your legal rights are quite strong, but why face cash flow problems after losing money from your bank account while you wait for the bank to investigate and put it back?”
The report also notes that paid credit monitoring services, which generally range from $9.99/month-$19.99/month or more, are not necessary because federal law requires each of the three major credit bureaus to provide a free credit report every year to all customers who request one — if requests for reports from one of the three credit bureaus are staggered every four months or so, free credit monitoring can essentially be achieved.
“Sure, a credit monitoring service might detect theft faster than you might on your own, depending on when the theft occurs and when you check your reports. But is it worth the $10 – $20 or more in monthly fees to find out about theft after someone has already attempted to or successfully opened a new account in your name when you can monitor your own accounts and prevent such activity with less costly security freezes?” asked Litt.
U.S. PIRG Education Fund works to protect consumers and promote good government. We investigate problems, craft solutions, educate the public, and offer meaningful opportunities for civic participation. www.uspirgedfund.org
Download the report, “Why You Should Get a Security Freeze before Your Information is Stolen.” http://uspirg.org/reports/usp/why-you-should-get-security-freezes-your-information-stolen
This is one of a series of reports by the U.S. PIRG Education Fund that educates consumers about privacy and data security issues.
Links to our Online Fact Sheets:
How To Avoid Identity Theft: http://uspirgedfund.org/issues/usf/protecting-yourself-identity-theft
How To Use a Security Freeze: http://www.uspirg.org/resources/usp/tips-data-breach-victims