Consumer Action News

Released: December 16, 2015

Credit Reporting Issue - Winter 2015

Download: Credit Reporting Issue - Winter 2015 (credit_reporting_winter_2015.pdf)

Correcting credit report errors has gotten easier
Healthier policies for medical debt reporting
More consumers eligible for free credit scores
Managing delinquent debt found on credit reports
Steps to set up a security freeze
Job seekers’ rights
Data breach notification laws: Patchwork of protections
A call for accountability for data breaches
Permissible?
About Consumer Action

Web Bonus

Frozen out: One consumer’s journey to serious theft protection

Correcting credit report errors has gotten easier

By Monica Steinisch

Consumer credit reports are notorious for being laden with errors. One in five consumers has an error in at least one of their reports, according to a 2013 Federal Trade Commission (FTC) study.

While not all of these errors are monumental, even a small mistake can be expensive, potentially resulting in higher rates on credit, loans and insurance and lost opportunities for housing, employment or even a cell phone account. Thanks to the efforts of the Consumer Financial Protection Bureau (CFPB), the New York State Attorney General’s office, other state AGs and a league of consumer advocates, consumers are finally getting a fairer shot at accuracy in their credit reports.

Unjust process

In addition to being alarmingly common, credit report errors have also been frustratingly time-consuming and difficult to correct. The dispute process requires you to submit a form or letter (see the FTC’s sample letter) about the mistake to any of the three national credit bureaus (Equifax, Experian and TransUnion). You may also submit supporting documentation. Generally, you should also contact the creditor or debt collector that furnished the incorrect information to the credit bureaus. “Furnishers” and credit reporting bureaus have a legal obligation to report accurate information.

While this seems like a relatively straightforward process, consumer complaints indicate that it’s been anything but.

Much of the difficulty has stemmed from the automated process that the credit bureaus use for handling disputes. Consumer complaints are outsourced to workers who convert the dispute to a three-digit code that is then transferred to the furnisher (creditor or collector). If the furnisher says the disputed information is correct, that response, more often than not, automatically closes the case, leaving the dispute unresolved and the erroneous information stuck on the credit file.

Dispute improvements

Since 2012, consumers have been able to file credit reporting complaints with the CFPB, which ensures they get a response from the credit bureaus. Consumers can upload documents supporting their dispute—anything from a billing statement or proof of identity to a police report—directly to the credit bureaus. The credit reporting agencies must forward the evidence to the company that reported the error.

The CFPB now requires credit reporting agencies to provide it with “accuracy reports” that list the names of the top 25 furnishers with the largest number of consumer disputes, the types of errors disputed and information about dispute outcomes. Based on the data, credit bureaus are expected to identify if there’s a problem with a particular furnisher and explain what action is being taken to remedy the problem.

As part of a March settlement between Equifax, Experian, TransUnion and New York State Attorney General Eric Schneiderman, the credit bureaus now are required to use specially trained employees rather than an automated process to review all consumer documentation submitted with disputes involving fraud, identity theft or mixed files. (Mixed files typically occur when accounts owned by consumers with the same or similar names end up on the wrong person’s report.)

For all types of disputes, if a creditor (furnisher) says the information it reported is correct, a trained credit bureau employee must review the consumer’s documentation before dismissing the dispute.

The credit bureaus also must provide clear instructions about what consumers can do if they’re dissatisfied with the response they received. Options include appealing to the furnisher, filing a complaint with that company’s government regulator, filing a complaint with the CFPB or adding a short statement to their credit file explaining the ongoing dispute.

If a correction is made to a report as the result of a credit bureau dispute, the information must be corrected with every credit reporting agency that the creditor (furnisher) reports to, and the consumer must receive a free copy of the corrected report.

Credit bureaus also will be required to delay reporting overdue medical debts on a credit file for six months. (See more about this in “Healthier policies for medical debt reporting.")

Consumers whose credit reports have been marred by overdue fines (for parking tickets, overdue library books, etc.) will get a reprieve. Debts like this, which do not arise from an agreement to pay back loans or extensions of credit, will no longer appear on credit reports.

Improvements to the credit report dispute process will be implemented over the next three years, but don’t wait to order your free credit reports at AnnualCreditReport.com to check for errors.

If you’ve already received your three free reports for the year, you’re entitled to another round if you have recently been denied credit, employment or insurance or been offered higher interest rates based on your credit report. You also qualify for a free report if you’re unemployed and searching for a job, receive public benefits or know that there are errors in your report due to fraud or identity theft.

Healthier policies for medical debt reporting

By Monica Steinisch

Roughly half of all debt collection items that appear on credit reports are for medical bills, according to a study issued by the Consumer Financial Protection Bureau (CFPB) last December. This striking statistic drives home just how many consumers are affected by medical debt.

Many consumers with medical debt on their credit reports have otherwise clean credit records and even may have the ability and willingness to pay. (The CFPB reports that half of medical debts are for amounts under $207.) Perhaps because they have health insurance, many simply don’t realize that there’s an outstanding bill that they are responsible for. Regardless of how small or unintentional, this debt could wreak havoc on a consumer’s credit score—until now.

Industry comes around

Any derogatory (negative) items on your credit report can have repercussions—denied housing and loans, higher interest rates on credit, increased insurance rates and, in some cases, rejected job applications. But past-due medical debt can be the most vexing. First, you may not even realize that you owe a medical debt because you reasonably assume from medical billing statements you receive that bills are being paid by your health insurance provider. Second, until very recently, a medical debt could be as little as 30 days delinquent and be reported on your credit record—hardly enough time to iron out any billing or insurance issues, and sometimes even before you’ve received the first bill.

In a tacit acknowledgement that the current system of medical debt reporting is both unfair to consumers and unhelpful to businesses in predicting creditworthiness, the three major credit reporting agencies (Equifax, Experian and TransUnion) have agreed that medical debts would not be placed on credit reports for 180 days. This would allow reasonable time for insurance claims to be processed and errors or confusion about payment responsibility to be ironed out.

The 180-day grace period was part of a settlement with the New York Attorney General’s office in March and must be implemented by June 2018. Outstanding medical debts also will be dropped from consumers’ credit reports as soon as they are paid by an insurance provider rather than be stuck on a credit file for the next seven years.

The change in how medical debts are reported follows an earlier announcement from FICO, creator of the most widely used credit score, that it would alter its formula so that medical debt wouldn’t be weighted as heavily in credit scores. According to FICO, consumers who have no other negative information in their reports can expect an increase of 25 points in their scores. However, changes to FICO scores will occur over time, as creditors update the scoring model they use. FICO’s competitor, VantageScore, made a similar change to de-emphasize medical debt.

Consumers who benefit from the changes can thank the CFPB, which conducted the research that exposed how the existing system overly penalized consumers for medical debt sent to collections.

What to know

The obligation to delete medical debts paid by an insurer kicks in September 2016 and applies retroactively. To monitor this, visit AnnualCreditReport.com to request a free copy of your report from each of the three credit bureaus. This also is a good way to find out if you have medical debt on your credit reports that you didn’t know about.

With the rise in deductibles in health plans since the implementation of the Affordable Care Act, many people don’t know that their insurers expect them to pay a much larger share of medical costs. If you’re not carefully watching the “Explanation of Benefits” sent by your health insurer, you could easily miss a charge stemming from the requirement to pay a higher proportion of certain health care costs before you satisfy the annual deductible. Those who visit out-of-network providers also may find that their medical bills are higher than expected, even if they’ve paid a co-payment at the office.

Look not only for medical debt but also for errors—accounts you have never owned, old accounts or activity that should have dropped off the report by now, misreported activity, incorrect balances, etc. The credit bureaus are also improving their error resolution process, so there’s never been a better time to address any mistakes on your reports and possibly boost your credit scores.

More consumers eligible for free credit scores

By Ruth Susswein

Credit scores—the numerical analysis of your credit history—have not been freely available to consumers the way credit reports are now.

This means that the individualized three-digit numbers that can make or break your chances of getting a loan, or determine what rate you’ll pay, have been hidden behind a pay wall.

Buying your score has cost up to $20, so it’s no wonder that these numbers remained a mystery to most consumers. But thanks to the encouragement of a federal watchdog agency, many credit card issuers and other lenders are now providing their customers with free scores.

It’s estimated that more than 100 million consumers nationwide now have access to free scores.

The Consumer Financial Protection Bureau (CFPB) encouraged credit card issuers to disclose consumers’ current credit scores online or on their monthly credit card statements. Discover Card Services and Barclaycard were the first to offer cardholders free access to the gold standard in credit scoring—FICO scores. Since then, most major credit card issuers have begun supplying scores online or in monthly bills. (Capital One implemented its Credit Tracker scoring simulator for customers a couple of years ago, but it doesn’t work off of FICO scores.)

For non-customers?

For those who don’t have free access to a credit score via a credit card account, the card comparison websites Credit Karma, Credit.com and Credit Sesame offer free credit scores online. Credit.com makes a free score available from both Experian and VantageScore, based on your Experian credit report. Some sites explain how to interpret a credit score and how to improve it.

Be aware that these free scores require you to provide personal information. Consider whether or not you want to provide personal details in order to get a free score. Chances are, these companies will market other credit-related products to you. For example, fine print at Credit Sesame states that, in return for a free score, you will be trading personal information about your loan payments, home value, credit scores, credit reports, etc.

You can also get a free credit score at Bankrate.com. Its fine print notes that you agree to be contacted by Bankrate and its marketing partners but have no obligation to purchase any products or services.

FICO credit scores are available for free to consumers who seek financial help through non-profit credit counselors. FICO and VantageScore (3.0) scores range from 300-850. (VantageScore is not as widely used by lenders and creditors as FICO is.)

Consumers who are denied credit or who receive a higher interest rate than others (“adverse actions”) are entitled to free access to the score that the lender used in its decision-making process. The key reasons for credit denial based on one’s credit score also must be provided.

Credit scores are dynamic, and change based on many variables, including:

whether you pay your bills on time;
how much debt you owe; and
how much unused credit you have available (credit line).

Although you may think you have just one credit score, the reality is that consumers have many scores. FICO alone sells dozens of different score types. Some scores weigh certain payment history information more heavily than others, which can affect the final number. For example, a mortgage lender may want a score that weighs your auto loan payments more heavily than your credit card payment history. Each formula results in a different score.

‘Educational’ score

Some free scores are “educational” scores—meant to inform you, but not used in actual lending decisions. At the website FreeCreditScore.com, consumer data giant Experian offers a free PLUS Score, which is an educational score. Capital One’s free Credit Tracker offers cardholders a TransUnion educational score and provides a tool to analyze how different credit scenarios might affect the user’s credit score.

An educational score can provide some information on how risky you generally appear to a lender, but these are not the same scores used when evaluating you for a loan or a credit card. However, the free scores provided on credit card websites and statements as well as adverse action notices are the actual scores lenders rely on.

Consumers with lower credit scores who enrolled in Barclaycard’s free FICO credit score program appear to have benefited from the free information, according to a recent study by the Federal Reserve Bank of Philadelphia. Consumers who reviewed their scores monthly were more likely to have reduced the amount of credit they used in relation to their available credit line. “Overall, credit card utilization by the most risky cardholders seems to decline after they enroll in the [free credit score] program,” according to the report’s author. Using less than 30 percent of your available credit line improves a credit score.

Ordering credit reports

Examine your credit score and your credit report before renting an apartment, applying for a car loan or mortgage or starting a job search to make sure that there are no errors that may hurt your chances.

Credit scores are based on the payment information in your credit report. By law, consumers are entitled to a free credit report once a year from each of the top three credit bureaus (Experian, Equifax and TransUnion) at AnnualCreditReport.com.

Besides the standard consumer credit reports, there are a wide variety of specialized reports used by various industries. Take a look at Consumer Action’s Insider’s Guide to Specialty Consumer Reports to learn how to get free access to specialty consumer reports that monitor such things as insurance claims history, check verification and banking history, tenant history and more.

Managing delinquent debt found on credit reports

By Alegra Howard

If you become “delinquent” on a debt (meaning you have a debt that’s 120 days or more past due), the original creditor often will “write off” the debt as a loss on its own books. Such debts are reported on your credit report as “charged off.” (Charged off and written off mean the same thing.) A charge-off is a negative (derogatory) on your credit report and can remain there for seven years.

However, this is rarely the end of the matter—you still owe the debt. Most creditors sell or transfer debts to collection agencies or debt buyers for pennies on the dollar. These companies have the right to collect the debt from you. If your original debt has been handed over to a third-party collector, it should be noted on your credit report as “Transferred to...” or “Sold to…” along with the name of the new owner.

The collection agency that buys the debt will attempt to collect what you owe and often will add fees and interest on top of the original debt. Before responding to a debt collector, know your rights. For information on your rights when dealing with debt collectors and how to avoid debt collection scams, check out Consumer Action’s fact sheets.

Sold or transferred debt

Once debt is sold or transferred, it may show up as a new collection account on your credit report, though not all debt collectors report to the credit bureaus. The right to collect the debt can be resold to other collection agencies, even after only a few months. The first collection account, then, would be reported as sold or transferred, and the new, active collection account would be added to the credit history. All entries for the same original debt—charged off and transferred—remain on your credit report for seven years from the original delinquency that led up to the charge off. (Bankruptcies remain on your credit report for 10 years.)

The collection agency is required by law to list the original delinquency date for the account to ensure that the collection account is deleted at the correct time. If you pay the debt, the status should be updated as paid, but the collector is not required to remove the entry from your credit report before the end of the seven-year time frame.

Settling your debts

Debt collectors don’t have to remove accurate collection reports, even if you pay the debt. If you want to pay off a debt or offer less than the full amount to settle the matter, attempt to negotiate with the collector to remove the paid-off collection account from your credit report. Some people have been successful with this tactic.

Do not agree to pay a debt without receiving a letter that outlines your agreement. Never provide your bank account or payment card information as part of a payment plan—this will allow collectors to take money directly from your bank account or debit your card.

IMPORTANT: Before you pay any debt, make sure to ask for the amount you owe, with details of fees and interest, and the age of the debt. Debt collectors have a limited number of years—the statute of limitations—to sue you to collect. This period varies by state. (Learn more about these “time-barred debts” at the Federal Trade Commission’s website.)

As noted, you may be able to settle the debt for less than what you owe. If the collection agency agrees to your offer, but won’t agree to remove the collection account from your credit report, it doesn’t hurt to ask that it be listed as “satisfied in full,” which looks better on your credit report than “satisfied” or “settled.”

Get all such agreements in writing.

While some creditors may see “satisfied” or “settled” debt as a positive, it is just as likely to be perceived as negative, since it means that you didn’t pay the full amount owed. If not removed, the debt’s updated status will remain on your credit report for seven years.

It’s discouraging to know that paying collection accounts won’t immediately improve your credit, but as the information gets older, it has less of an impact on your credit scores. This is particularly true if you are taking active steps to build a new, positive credit history by paying your credit accounts and loans on time.

Steps to set up a security freeze

If you’ve been a victim of identity theft, a data breach or just want to be as fully protected as possible, consider placing a security freeze on your credit report. If you are an ID theft victim, you will need to make your request in writing. Others may request a freeze online or by phone. Here are some tips.

Make a copy of your photo identification (such as a driver’s license).
Include your full name, Social Security number, date of birth and addresses of where you’ve lived in the past two years.
Include a copy of proof of residence (utility bill or bank statement, for example).
Enlarge the information you copy to make it easier to read.
Obtain a police report (incident or ID theft report) from your local or state authorities.
Write a cover letter to each of the Big Three credit bureaus requesting a security freeze.

If your credit lines are linked to your spouse, partner, parent or child, place a freeze on their credit files, too.

The credit bureaus will send written confirmation that a security freeze has been placed on your file and provide you with a personal identification number (PIN) to lift the freeze if you need to apply for credit, a loan or wish to remove the freeze permanently. Store the PIN safely for future use. Check the fees and requirements for your state at one of the major credit bureaus: Experian, Equifax or TransUnion.

Job seekers’ rights

By Alegra Howard

A recent survey found that among job seekers from low-to-middle-income households carrying credit card debt, one in four applicants had to agree to a credit check as part of the application process. One in 10 job seekers were told they were not eligible for a job because of information found in their credit report. These eye-opening findings are compiled in a report titled Discredited by the New York City-based public policy organization Dēmos.

Since employers don’t usually have to give a reason for not hiring you, the actual number of applicants hurt by damaged credit histories is believed to be much higher. Credit reports were never meant to predict job seekers’ ability to perform at work, so it’s important to know your rights.

Employment reports

Employment reports are background checks on candidates applying for a job. Before getting the report, the employer must tell you that they might use the information to make a decision related to your employment, and must ask for your written permission. You don’t have to give your permission, but if you’re applying for a job and you don’t provide it, the employer may reject your application.

Employment reports typically search for criminal background, credit history and public records (such as bankruptcy filings, evictions, etc.).

According to the Federal Trade Commission, if an employer, or potential employer, decides not to hire, keep or promote you based on financial information in an employment report, it must tell you—orally, in writing or electronically. This “summary of rights” must provide you with the following information:

The name, address and phone number of the company that supplied the credit report or financial background information;
A statement that the company that supplied the background information didn’t make the decision to take the negative or “adverse action” and cannot provide specific reasons why an employer chose not to hire you; and
Notice of your right to dispute the accuracy of any information in the credit report and your right to an additional free report from the company that supplied the credit information (you must request the free report within 60 days).

Questionable tactics

According to Nolo.com, a legal information website, an increasing number of employers prescreen applicants through web searches. How employers use this information may veer into discrimination. The best defense against having your online presence and posts used against you is to place strong privacy restrictions on your social media accounts. Also, watch what you post publicly, and Google yourself before beginning a job search.

For examples of how employers may illegally discriminate against job seekers, see the U.S. Equal Employment Opportunity Commission web page Discrimination by Type.

Several states have passed laws prohibiting employers (or potential employers) from asking applicants to provide their usernames or passwords for social media accounts. These states include California, New Jersey, New Mexico, Illinois, Michigan, Utah and Maryland, according to Nolo.com.

Limits on credit checks

While the economy continues to recover from the brutal recession, many consumers have found that their credit records took a hit due to lost jobs or a reduction in work hours. Since difficult economic circumstances aren’t a good reason to deny a job to a qualified person, there’s been a movement to restrict the use of credit checks in hiring. Senator Elizabeth Warren (D-MA) reintroduced the Equal Employment for All Act that would prohibit the use of credit information in hiring. Similar legislation has been proposed in the House but none is expected to pass.

Currently, 11 states limit or ban the use of credit reports in the hiring process: California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington. However, some jobs relating to public finances, public safety and cybersecurity are exempt from the credit check ban.

New York City passed one of the broadest bans earlier this year. The law prohibits most employers from considering credit history when making employment decisions.

The law took effect in September 2015 and expands the definition of “credit history” to include a job seeker’s credit report, credit score, prior bankruptcies, judgments, liens, late payments, charged-off debts, items in collections, credit limit or prior credit report inquiries. The price for employer non-compliance is a steep fine and the right for aggrieved job applicants and employees to sue, with the promise of hefty financial settlements paid by the employer.

Next steps

If you live in a state that restricts an employer’s ability to access your credit report when making hiring decisions, and you believe an employer has violated state law, contact your state’s Department of Labor to file a complaint.

You can contact the Federal Trade Commission if you believe that an employer checked your background report without receiving your permission, or rejected you without sending you the required notices (www.ftc.gov or 877-FTC-HELP/382-4357).

Report job discrimination to the U.S. Equal Employment Opportunity Commission (EEOC). If necessary, the EEOC will refer you to an appropriate state agency.

Data breach notification laws: Patchwork of protections

By Lauren Hall

Data breaches are an ongoing threat to consumers and companies alike. Just a few months ago, a major breach occurred when hackers stole the Social Security numbers, home addresses, birthdates and other personal information of 15 million T-Mobile users from the Experian credit bureau.

The cell phone provider had entrusted Experian with customer data for the purpose of credit checks, but, unfortunately, hackers found their way into Experian’s servers. The breach exposed the personal information for customers and applicants of T-Mobile from September 2013 through September 2015. (No payment information was stolen.)

President Obama has called for a federal law that would require companies to publicly report data breaches within 30 days, but currently there is no national law governing how or when companies must notify those impacted by a breach. (Many states do have breach notification laws.)

Rules exist requiring federal government agencies to implement security programs and provide data breach notification to consumers—particularly since some agencies (the Department of Veterans Affairs and the Department of Health and Human Services, for example) collect sensitive information about the public. Under HIPAA—the Health Insurance Portability and Accountability Act—the federal government requires private health plans and health care providers to notify individuals when their medical information has been breached. The Federal Trade Commission (FTC) also requires web-based companies that collect personal health records to notify consumers of a data breach.

The FTC is the primary enforcer of U.S. privacy laws (under the Federal Trade Commission Act). The agency can open investigations, issue cease and desist orders and file complaints in court. It can also levy financial and criminal penalties on entities that fail to protect consumer data. However, most private businesses in the United States are not held to the FTC standard and instead are regulated by a variety of state directives when a data breach occurs. Every state except for Alabama, New Mexico and South Dakota requires notification of a security breach when personal information is involved, but the protections are inconsistent.

Some states don’t adequately define what information constitutes a data breach worthy of notification. Others fail to give a timeline dictating when consumers must be notified.

Most state data breach laws are reactive, meaning they are only triggered after a breach has occurred, but some states, like California and Massachusetts, have enacted laws intended to prevent breaches in the first place by limiting companies’ responsibility (called a “safe harbor”) for notifying consumers about a data breach when the company uses strong encryption to protect sensitive consumer data.

California has one of the strongest data breach notification laws on the books, requiring all businesses and state agencies to notify California residents if their unencrypted personal information has been hacked.

Companies that encrypt consumer data are given a pass on notification requirements, which is seen as a way to encourage companies to use strong encryption technology.

Furthermore, the company or agency responsible for the breach is required to provide advice on how victims can protect themselves, such as instructions on how to change online passwords, etc. California consumers can sue for intentional notification violations.

California’s law also applies to compromised medical and health insurance information.

At least 29 states have enacted laws that require entities to hide, destroy or dispose of personal information. For information on the laws in your state, visit the National Conference of State Legislatures website.

A call for accountability for data breaches

By Lauren Hall

After the Experian breach of T-Mobile customer data in October, Consumer Action joined a coalition of consumer, civil rights and data privacy groups urging the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) to take immediate action.

The coalition—composed of advocacy groups including the National Consumer Law Center, Consumers Union, Consumer Federation of America, National Consumers League, U.S. PIRG and Consumer Action—called for a federal investigation into the privacy hack to determine the conditions surrounding the data breach, the extent of the breach and its impact on consumers.

Experian reported that only T-Mobile’s records were affected because it houses T-Mobile data on a separate server. Nevertheless, the data breach impacted approximately 15 million consumers.

The coalition also urged Experian to offer free security freezes to all affected consumers.

Echoing the concerns of the consumer coalition, Senator Sherrod Brown (D-OH) began demanding answers from Experian. Senator Brown asked Experian to provide free security freezes to consumers, pointing out that “people should not have to pay any fees to prevent identity theft due to a breach by companies that have mishandled their information.”

A security freeze is an effective tool in helping consumers prevent identity theft in the wake of a data breach. It restricts access to a consumer’s credit report, thereby preventing anyone from opening new accounts in that person’s name. It offers greater security than a fraud alert because a freeze requires lenders, banks, etc. to call the consumer for permission before opening new credit in his or her name.

(A security freeze can only be lifted by the consumer who placed it, and it can delay access to future credit.)

A fraud alert warns creditors who review a credit report that the consumer was a fraud victim but does not expressly prevent the opening of new credit accounts.

Permissible?

The federal Fair Credit Reporting Act requires that only those with a “permissible purpose,” such as underwriting decisions, can access credit reports.

Generally this means you must have applied for credit or insurance, or you are an existing customer.

Otherwise, the company seeking information must use it only to make a firm offer of credit or insurance (prescreening). And, if you have “opted out” of prescreened offers, your info is off bounds. If your credit report is accessed without a permissible purpose, you have a right to sue. To opt out of prescreened offers, call 888-5-OPT-OUT (567-8688) or visit www.optoutprescreen.com.

About Consumer Action

Consumer Action is a non-profit 501(c)(3) organization that has championed the rights of underrepresented consumers nationwide since 1971. Throughout its history, the organization has dedicated its resources to promoting financial and consumer literacy and advocating for consumer rights in both the media and before lawmakers to promote economic justice for all. With the resources and infrastructure to reach millions of consumers, Consumer Action is one of the most recognized, effective and trusted consumer organizations in the nation.

Consumer education. To empower consumers to assert their rights in the marketplace, Consumer Action provides a range of educational resources. The organization’s extensive library of free publications offers in-depth information on many topics related to personal money management, housing, insurance and privacy, while its hotline provides non-legal advice and referrals. At Consumer-Action.org, visitors have instant access to important consumer news, downloadable materials, an online “help desk,” the Take Action advocacy database and nine topic-specific subsites. Consumer Action also publishes unbiased surveys of financial and consumer services that expose excessive prices and anti-consumer practices to help consumers make informed buying choices and elicit change from big business.

Community outreach. With a special focus on serving low- and moderate-income and limited-English-speaking consumers, Consumer Action maintains strong ties to a national network of nearly 7,000 community-based organizations. Outreach services include training and free mailings of financial and consumer education materials in many languages, including English, Spanish, Chinese, Korean and Vietnamese. Consumer Action’s network is the largest and most diverse of its kind.

Advocacy. Consumer Action is deeply committed to ensuring that underrepresented consumers are represented in the national media and in front of lawmakers. The organization promotes pro-consumer policy, regulation and legislation by taking positions on dozens of bills at the state and national levels and submitting comments and testimony on a host of consumer protection issues. Additionally, its diverse staff provides the media with expert commentary on key consumer issues supported by solid data and victim testimony.

Frozen out: One consumer’s journey to serious theft protection

By Ruth Susswein

The only really effective tool in preventing identity theft and new account fraud is a security freeze on your credit file. A security freeze puts a lock on your credit report, preventing access to your credit history without your express permission. Most companies will not open new credit accounts for frozen files without pulling your credit report first, which can stop credit thieves dead in their tracks.

Recently, Sarah* from Massachusetts learned that she was a victim of identity theft when she received a privacy notice for her “new” Green Dot prepaid card. This caught her attention since she didn’t own a prepaid card.

It turned out that someone had opened a Green Dot prepaid card in her name. The Green Dot issuer only would tell Sarah that the card had been purchased at a CVS store using her name and Social Security number (SSN). The company suggested she file a report with her local police department. Going forward, Green Dot told Sarah it only would discuss the matter with the police and only if it was compelled to do so under subpoena.

Sarah proceeded to contact all three major credit reporting bureaus—Equifax, Experian and TransUnion—to place a security freeze (or credit freeze) on her credit files. She said the bureaus’ automated systems made it extraordinarily difficult to claim the free security freeze she is entitled to as an identity theft victim under Massachusetts law.

As a stopgap, she was able to place a temporary (90-day) fraud alert on her credit file. A fraud alert is a free-to-place notice to creditors who review your credit history to carefully verify your identity before extending credit. It can make it harder to commit fraud but it does not prevent new accounts from being opened.

The process of adding a fraud alert was fairly simple, but the bureaus did try to sell Sarah a credit monitoring plan without ever mentioning that she had the option to freeze her credit file for free. She questioned if the credit bureaus were more interested in making money off of her credit history than curbing ID theft. Sarah surmised that the bureaus make it difficult to place a free freeze on a file so that consumers will have to pay a $5 fee to establish a freeze. (In Massachusetts, consumers also pay a $5 fee to lift the freeze when they apply for new credit and $5 to permanently remove the freeze.)

“It became increasingly clear that no one wanted me to put a freeze on my account,” said Sarah. “It’s very convenient if you pay for it. Money wasn't the issue, but when I tried to assert my rights, it cost me much more in copied documents, postage, time and aggravation.”

To establish that she was a victim, Sarah had to provide the credit bureaus with:

Three separate cover letters (one for each bureau) stating she was an ID theft victim and including the required personal information (Social Security number and date of birth);
A police report documenting the ID theft;
A copy of her license;
A copy of a utility bill;
A copy of the prepaid card disclosure letter that alerted her to the ID theft; and
A copy of her letter to Green Dot stating the prepaid account is not hers.

Sarah wisely mailed each packet by certified mail (with return receipt requested) at a cost of $6.74 each, for a total of $20.22 in postage for her "free" security freeze.

Experian was “the best of the worst,” according to Sarah. She spent one hour on the phone with the fraud department to learn why they didn’t place a freeze on her file, only to be told they needed more information. A little more than one month after making the request, Experian finally placed a freeze on her file and sent her a PIN to unlock her credit record if she needed to apply for credit in the future.

Equifax responded to Sarah saying that she didn't include all the necessary personal information (although she had sent it). It sent her a free credit report and a form to opt out from receiving unsolicited marketing mail. But instead of a security freeze, Equifax put a fraud alert on her file and suggested she buy its ID theft protection product! After about an hour of waiting to reach a human being, Sarah was told her “documents were not legible.” Ultimately, she received a security freeze and PIN to unfreeze her file if needed.

TransUnion told Sarah her information was incomplete and that there was “not enough proof” in the letter provided to her by the police. Instead, she should send a “full police report.” Sarah ended up paying $5 for the TransUnion security freeze, even though there should have been no cost. She then received the freeze immediately.

“It’s disturbing that the system is so flawed,” said Sarah. “It’s my credit history, yet we as consumers don’t have control. This is just wrong, I’m the victim. Yet I had to give them all my private information—repeatedly. It’s backwards. It doesn’t make sense that I have to pay to protect my personal financial history. They should pay me to have access to my financial history.”

After learning of the unauthorized Green Dot card, it took Sarah more than a month to secure a freeze at all three bureaus. She expressed concern that most consumers would give up before they got the protection they’re entitled to—not everyone has easy access to a computer, a copier or the money for the mailings.

She suggests the system needs standardization and simplification, such as a “one-stop-shop” at the U.S. Postal Service where consumers could request a security freeze using a standardized form for ID theft victims that would be sent simultaneously to all three major credit bureaus.

Today, consumers may have to pay $3 to $10 (or more in a few states) per credit bureau to place a security freeze on a credit file, plus certified mail costs. Additional fees to lift and reinstate the freeze can run up to $12 per file. Seven states (CO, IN, ME, NY, NJ, NC, SC) offer free freezes for all consumers. Some states do not charge ID theft victims or senior citizens. For costs and details of each state’s credit freeze law, visit Consumers Union (publisher of Consumer Reports).

Other helpful resources:

Why you should get security freezes before your information is stolen, by U.S. PIRG.

The FTC’s step-by-step guide Taking Charge: What to do if your identity is stolen.

*Not this consumer’s real name

Download PDF

Credit Reporting Issue - Winter 2015 (credit_reporting_winter_2015.pdf)