Lies, damn lies and press releases

Customer Support liarA recent press release from an “identity theft protection company” was so filled with misinformation, I had to double-check make sure it wasn’t April Fool’s Day.

Here’s what it said:

The Federal Trade Commission believes ID Fraud will be a significant issue during this tax season. Many people will consider freezing their credit report if they fear they’ve been a victim of ID Theft but national ID theft protection company, Protect Your Bubble, says consumers may want to be patient before going through the the credit freeze process.

Reasons To Rethink Freezing Your Credit During ID Fraud Scare

Here are some reasons you may want to consider for any stories you might be planning around tax season:

  • If you do put a freeze on your credit report it can take up to a month for the credit bureaus to do the unfreeze

  • During a freeze, all credit cards are frozen

  • Your debit card may also be impacted

  • Consumers may need to go to a cash lifestyle even to pay bills

  • All of your automated bill payments are then frozen and that can negatively impact your credit even further if/when you miss payment

It goes on, but each of those bullet points is patently, demonstrably untrue. In reality:

  • Unfreezing a credit report takes a few minutes by phone or online. Credit bureaus have to respond to written requests within three days.
  • Credit cards are not affected by a credit freeze.
  • Debit cards are not impacted by a credit freeze (freezes apply to credit reports, not bank accounts).
  • There’s no reason to go to cash when your credit and debit cards still work.
  • Automated bill payments aren’t affected, since neither your credit cards nor your bank accounts are altered by a freeze.

When I asked the public relations person who sent out the press release to explain, I got back an apology for for “miswording the bank/credit card payments in the pitch” but then she repeated some of the [baloney]:

If they [individuals] are alerted to the fact that they may have been a victim of ID Theft, they should not rush to freeze their credit report since it can be a lengthy process to unfreeze. Due to the growth in phishing scams consumers need to be cognizant of the realities of what may or may not be taking place.

Um, what?

I tried again, contacting the company itself. This is what I got back:

Upon reviewing the press release, we see how the statement about the payment of bills and credit cards when a credit report is frozen was misleading. You’re correct: A frozen credit account will not prevent you from paying bills. But, I think it’s important to point out that consumers will have a difficult time applying for a new credit / debit card while their account is frozen. In any case, consumers should check with their financial institutions and creditors to verify their unique policies.

I’m not sure why you’d have trouble getting a debit card, unless you were opening a new account and the bank ran a credit check. But the fact that you have to unfreeze your credit reports if you want to apply for a new credit card is indeed a potential downside. It’s a potential downside that wasn’t even mentioned in the press release, however. And the statements weren’t “misleading.” They were wrong. As in “Holy cow, we blew it, this is embarrassing” wrong.

Credit freezes are something you should consider if you’ve already been the victim of identity theft or you’re at high risk because your Social Security number has been stolen or exposed in a breach. Credit freezes pretty much prevent new account identity theft, where someone opens new credit accounts in your name. If you’ve got a freeze in place, you likely won’t need “identity theft protection,” which is an oxymoron anyway because the companies can’t protect you from anything; at best, they can give you early warning and help you clean up the mess. The press release’s suggestion that you hold off on a freeze “until there has been an activity reported against you specifically” is rather witless. Waiting for the bad guys to steal your credit after they’ve got their hands on the keys is like closing the barn doors after the horses have fled.

Credit freezes come with costs. You typically must pay to freeze and unfreeze your reports ($2 to $15 per bureau, depending on your state law, for each freeze and thaw). If you’re planning to apply for credit, change insurers or wireless carriers, or start utility service, you have to remember to thaw your report so those providers can have access. So there’s a hassle factor, but credit freezes won’t mess up your day-to-day financial life.

A final thought: The press release mentions tax season identity theft, a reference to the fact that identity thieves are filing phony tax returns right and left. But nothing–not a credit freeze, and certainly not an “identity theft protection company”–can protect you from that crime. That’s what’s so awful about it. For more, read my Reuters column, “Why identity thieves are targeting your tax return.



Want to protect yourself from tax return theft? You can’t.

Zemanta Related Posts ThumbnailA surge of bogus tax return filings has highlighted a grim truth: We can’t protect ourselves from this rising threat.

An underfunded, understaffed IRS manages to thwart many attempts, but still sent more than $5 billion in refunds to identity thieves in the 2013 tax year. Most state tax agencies aren’t nearly as sophisticated in detecting fraud, which is why the bad guys seem to be targeting them this year.

The core problem is that the key to your tax refund–as well as to your credit and your health records–is your Social Security number, which was never intended as an all-purpose identifier.

Even if you’re vigilant in protecting your  number, you’re still at risk, because a lot of companies aren’t so vigilant.

Court Ventures, now a subsidiary off Experian, sold an unknown number of records including Social Security numbers to identity thieves from a database of 200 million files. Anthem’s breach exposed 80 million people’s records. And they’re hardly the only ones. The US Postal Service, University of California Berkeley, the Oregon Employment Department, dozens of hospitals and medical centers–the list of places Social Security numbers have been stolen goes on and on and on. (Check out the Privacy Rights Clearinghouse chronology of breaches, showing more than 1 trillion records have been compromised.)

You may be able to beat the thieves to your tax refund by filing early–but that boat has already sailed for many victims.

Read more in my Reuters column, “Why identity thieves are targeting your tax return.”

Will Apple make breaches obsolete?

download (1)If your credit or debit cards haven’t been compromised, you’re part of a shrinking demographic. Database breaches in recent months have exposed tens of millions of cards to potential fraud.

But Apple’s new payment system has the potential to sidestep the bad guys and someday, perhaps, make breaches a thing of the past, according to’s Bill Hardekopf.

Apple Pay, announced Monday, allows people to pay for stuff with their phones, but your credit and debit card numbers won’t live there. The system generates unique tokens that are used instead. No longer would your sensitive financial information be sent into the ether, to be stored in insecure databases.

You can read more at “Could Apple Pay Be the End of Data Breaches?

Not to make you paranoid, but…

Zemanta Related Posts ThumbnailIt’s bad enough that tens of millions of Americans’ financial and personal data got hacked in recent database breaches (Target, Michaels and Neiman Marcus have admitted breaches, and more may be on the way).

But this week we learned that you’re much more likely to be the victim of identity theft these days than you were even a few years ago. From Kathy Kristof’s post on MoneyWatch:

If your data had been stolen three years ago, you only had about a 10 percent chance of falling prey to identity thief. Today, one-third of those who are affected by a security breach become victims of identity theft, according to Javelin Strategy and Research, which has done comprehensive annual studies of identity theft since 2006.

If your debit card information was stolen, the chance is even higher – 46 percent of consumers with a breached debit card in 2013 became fraud victims in the same year, according to the Javelin study.

As I wrote earlier, you should demand a new debit card (one with a new number) and change your PIN if you used your card at any of the affected retailers. Same goes if you used a credit card, although you have more protections from fraudulent charges when you use that type of plastic.

And you need to be vigilant. Scrutinize your statements and question every charge you don’t recognize. Beware of emails and phone calls purporting to come from your bank, your credit card company, even the IRS. The Target breach included email addresses and other personal information that could be used to deceive you.

If you really want to make yourself paranoid, watch this short video that shows how much data we leak in a typical day. It’s an eye-opener.

Thursday’s need-to-know money news

YCS4 coverGood credit, stolen credit and ways to save on travel to the vacation home you should have purchased when mortgage rates were historically low.

Five Reasons Why You Can’t Ignore Your Credit

While living debt free is a good thing, living credit free can have unforeseen and expensive consequences.

Here’s Everything We Know About The Rakuten/ Credit Card Breaches

If you’ve shopped at the online marketplace recently, you should pay very close attention to your statements.

26 Secrets to Save on Travel

Flying on a Saturday afternoon may not sound like fun, but it could save you big bucks.

Farewell 3% Mortgage Rates

Job gains and an improving economy signal the end of historically low mortgage rates.

Companies make it easy to hack your identity

The hackerYou might think breaking into a corporate database would be hard. Not so. A recent report from the Verizon RISK Team found the vast majority of incidents required minimal skills and took place in a few hours. Unfortunately, those breaches often weren’t discovered for months or even years–and it typically wasn’t the company but rather a third party that discovered a breach.

From a post on the study:

While one in 10 were so easy the average Internet user could have caused them, another 68 percent were the result of hacking attacks using the most basic methods, requiring relatively few resources to complete. Only one breach suffered in all of 2012 required “advanced skills, significant customizations, and/or extensive resources” to complete.

That is likewise reflected in the amount of time it took to cause most data breaches, the report said. Altogether, 84 percent took hours or even minutes to perpetrate, while these incidents typically took months or even years to discover. Nearly two-thirds of all breaches took at least that long, up from just 56 percent the year before, proving that it’s actually becoming more difficult to spot breaches, as well as contain them. While most were remediated in hours or days, nearly a quarter took months.

The take-away from this is that companies aren’t doing nearly enough to protect the information they collect about you. And the sad truth is that you have little control over what goes into these databases. You can do your best to protect your identity, and still have your information breached.

You should still take steps to reduce your exposure, steps like not giving your Social Security number to companies that don’t need it and refusing to give businesses permission to share your information. You should use tough-to-hack passwords and stop sharing secrets on social media. You also should monitor your credit reports and financial accounts.

Until companies get serious about protecting your data, though, you’re still a target for identity theft.