"And that costs Experian money, not only by driving up the costs of verifying the credentials of creditors,"

You mean they don't even verify the creditials of creditors before releasing credit reports currently? Are you sh*tting me? And you have to report a fraud in order to get them to check?

And if you have been a fraud victim it's too late, they've already handed out info to someone they shouldn't. So the fraud lock fixes nothing.

Wow, I can't believe how sloppy UK is with peoples private data.

"Wow, I can't believe how sloppy UK is with peoples private data."

Yup - tis true. However, this is about Experian in the USA....

Um, this story is about the U.S., not the U.K.

heh... just another reason that I stopped using credit (besides the horrible rates) for anything if I can help it.

just stop using credit. if anything pops up on your report, then you know someone is up to no good.

Oh sorry, that's not somewhere El Reg and its readers want to go.

Simply put, there is no connection between a person and his claimed ID in the UK. In the US it's slightly better --- as survival without a driving licence implies living as a hobo, the licence is your de facto ID. Not so in the UK.

I found anybody's gasbill, I now can go to the library and take out a few DVDs and never return them? Fine. I need a serious verification of my ID, this means asking what are the places I lived the last 5 years (mind you --- mostly on the continent, so they have no IDea to verify them as No Speako Dago it the UK's motto)? Well, given that anybody could have posed as a landlord phoning to verify those facts, it's a bootstrapping problem [you knew there was an IT angle!], and it boils down to meaningless security-through-obscurity.

Fail.

The three major credit reporting agencies *sell* the data they collect. Experian has in the past even run their own spam-for-hire operation. And if an enterprising ID thief has sufficient resources, they can buy large blocks of consumer names, addresses, and social security information - it has been done.

And there is almost no legal protection against these parasites in the USA. The law requires the CRAs to remove derogatory information automatically after a certain period of time, and to place an annotation from the consumer on disputed debts, but unless you have the financial resources of Bill Gates (so that yo ucan take the CRAs to court), there's no enforcement; and a phony "creditor" can renew derogatory information simply by "selling the debt" to another branch of the same company, under a different corporate name, so the only way to really get the info removed is to pay the blackmailer.

I'd be enormously happy if LifeLock and Experian drove each other, and the other 2 CRAs, out of business.

I don't think so.

We are talking about business. If you spend £3 billion on combating fraud worth several million you haven't fixed the problem (losing money) you've just moved it to a different place.

Now look at the implications of the value of succeeding in hacking a "perfect" system and you'll see more problems.

As far as I'm concerned, fraud is a cost of doing business, just like defaulted loans. Companies have just managed to externalise the cost of their poor identity checking and placed it on individuals. Since companies are just a legal fiction to facilitate benefit to individuals (and can write off fraud against tax), in my view, the companies should bear the cost - that would prompt them to be a little more thorough in their identity checking. When the cost of identity-checking balances the cost of fraud we should have the optimum system.

That would mean cheap, easy checks for DVD rental and rather more expensive ones for mortgage applications. That seems reasonable to me.

The problem is that companies want cheap IT solutions (automated credit checks) rather than more expensive "get to know the customer" systems. The overall cost to society is likely to be the same, its just a question of who pays.

Having said that, it would seem to make sense for charges to be made when a corporate makes a request. It would appear that the legislation around this area is a little sloppy.

All these ID theft protection services are ridiculous scams, charging their customers monthly fees that are not necessary.

If you live in the US and have not put a permanent security freeze on each of your 3 credit reports yet, review the details, scanned correspondence, and links to the individual US state regulations regarding credit report security freezes at http://dralspire.com/node/229

Experian alerts are a fraud. I have an alert placed on my record and I recently applied for a 45K secured credit from a UK bank. All credit checks happily went through and the credit was approved without triggering the alert.

Frankly, it is about time for the alerts, credit record locking and credit record reporting to become a regulated industry.

Just a gas bill?

Last year I applied for a library ticket and I needed 3 separate forms of ID to get it.

Yeah, every time i call my bank or try to find out that my credit cards are secure I hold my ID card up to the phone. Isn't it magic how they can see it?

Wanker

I second this. The bastards keep selling my details on to banks and I have to chase after them to stop them from doing it. It's very annoying.

The only thing these basteward credit card companies understand is their bottom line.

Here's a way to zap them for a quick five bucks, it costs you nothing, it is not illegal and it is untraceable.

You can do it as many times as you want, too.

Whenever they send you yet another credit card offer at zero percent APR for ten seconds then 32% a month, double cycle billing. $1,000 overlimit charge, etc, go through the offer and find the Business Reply Envelope which is almost always in there.

Make sure there are no code numbers, offer numbers, etc. on it, and then affix a PRIORITY MAIL sticker to the envelope - you can get these free at your local post office, all you can haul away. Now mail back the empty Business Reply Envelope, or if you want, add some literature from the Jehovah's Witnesses before you seal it. (They deliver that free, too, and you sometimes find it at the post office as well.)

Mail this from a drop box, you don't want to hand it to the postman, you want to get it into the mail stream anonymously before they have a chance to refuse it.

According to the USPO's terms of service, return postage is guaranteed on Business Reply Envelopes - they HAVE to pay it, no matter what the content or the postage.

The Priority Mail sticker means they are going to pay about $5.00 for this one, instead of the usual 60 cents or so. There is absolutely nothing they can do except pay the five bucks - each time. Every time. Times thousands of thousands of people who are simply expressing their undying love for our Visa and MasterCard overlords.

Oh yeah, pass this along, lets make a viral e-mail that does some good!

Here's the link to the relevant page at the USPS:

http://pe.usps.com/text/QSG300/Q507a.htm

It does indeed say "Priority Mail". :)

That's an old way of getting back at spammers. An even better way would be to send them promo info from another company (again, making sure you don't have any personally identifiable info on those).

Ashtrays. Empty your ashtrays into the envelope. Much funnier.

If If they really wanted to help prevent fraud they'd let me get free credit reports whenever I wanted and allow me to deny access to my credit report unless I pre-approve a creditor. That would cut down on their overhead wouldn't it?

I hope 10000 lifelocks setup shop and experian goes out of business under the load. Credit companies are only out to screw you as hard as they can.

take the magnets from dead hard drives - grind them up - insert into envelope -

magnetic dust + automated letter opening equipment == ???

: )

pengy - cause he's cute

who are Experian and what right do they, or indeed any credit reference company have and to hold financial data on anyone? Who gave them that right, did you? were you consulted? Why are you not given royalties when they sell this information.

Who are the bigger criminals here. Experian for gathering all this data on you without your permission and selling it to whomever they wish, or another setup designed in all appearance to offer a false sense of security whilst ripping off the former a well as the public?

without these checks, the cost of credit would he higher for everyone.

And dont give me any of that "I dont use credit" crap. Do you have a postpay mobile phone? What about your landline, do you pay for calls before or after you make them (outside of your "free allowance") do you pay for your Internet by usage? Etc. Etc.

By being able to weed out the bad risks, those of us who are financialy responsible pay less. Its only the deadbeats who would want to restrict access.

they recieved the data from the very businesses who use it... Asked for a loan? Took out a utility contract recently? I bet it says there in the ts&cs that data on you can be passed onto credit reference agencies.

Its not illegal, you agree to it when you use one of their clients. Didnt read your ts&cs? More fool you.

Nope, never read them, not anymore, have they changed much in 20 odd years? I Bet that they're still as tiresome. And still having a good go at eroding ones rights, probably in more ingenious ways too. One gets a good sense of false security from not reading them.

...and then enjoy your stay in Guantanamo Bay!

...for experian - and any other company who rake in millions of pounds through shitting on people with financial difficulties.

now can we have another story about a painful - preferrably deadly - disease which only affects bailiffs please!

There are many people who just don't know what's actually going on in the credit reporting/credit protection industry, and your article here does a great job of showing what individuals' interests might be. Great reporting!

The background behind what's going on here tends to be stuff that most people don't think about, but companies like <a href="http://www.identitytheftsecrets.com/an_interview_with_likelocks_mike_prusinski_and_rev.html" title="Lifelock">Lifelock are challenging an industry which is controlled by three companies, who are really entrenched in protecting their position in the market, which is likely what's going on here (at least in our estimation of how this legal battle is shaping up).