Experian rejects ID theft notification proposal

Yep, that sounds about right

I've (unfortunately) some experience working with Experian, and their data, both consuming it and providing it, and I'd have to say that 'unhelpful' and 'beligerent' are the two most apposite words I can come up with to describe them.

It isn't in their intererest to have you in control of your own credit data, because their revenue is dependant on selling access to that data to anyone who wishes to see it.

And the only thing Experian care about is their revenue, which in it's own way is only to be expected, since they are a commercial outfit.

It most certainly isn't in their interest to have to bear responsibity for the 'security' of such information, since they are so promiscuous with it, and that's setting aside the (fortunately now waning) practice of chucking customer data around in flat text files on floppy disks. I kid you not

Force some legislation on the buggers, say I. They hold more data on individuals in the UK than an ID card database ever will and have no other motivaton to be decent, and so they aren't especially.

cause unnecesary concern?

Quote: 'such a scheme could cause “unnecessary concern” amongst individuals where a breach has already been “managed” '

What she meant to say was: 'such a scheme could cause “unnecessary embarrassment” amongst Experian execs where a breach has already been “covered up”.

@steve: Not only Experian

not only Experian,

pretty much all Highstreet Banks!

I used to work for a financial software house, that suppplied the vast majority of all highstreet banks.

these banls provide data as you already mentioned in clear text, on floppies, unencrypted and if is, then only zipped with a five or six letter password.

they even email data completely unsecured.

For several years, I was in a position, where I could have easily diverted eight and nine digit figures without anyone noticeing.

and if somebody had it would have been extremely easy to prove a fake glitch in the system.

I can only say, that Banks and Insurance Companies are legalised crime.

Best regards

Amazing contradiction

"Credit rating giant Experian has rejected the notion of automatically informing UK citizens when their ID details may have been hijacked"

So exactly why do Experian offer a service to do exactly that (which, at the moment, is free for 30 days) ? Here is the URL

http://www.joincreditexpert.com/freecreditreport/?sc=410049&bcd=experianratgintrcnov

"Get ID Fraud Alerts via SMS or email" - it's a limited offer !

Come on author Jo Fay, do some research and comment or join the other high class iPhone / Paris Hilton editorial club at El Reg!

Entirely expected

I have to point out that CA HB1386 (the law refered-to in the article) wasn't passed at the insistence of the California financial institutions. What was anyone extecting Experian to say?

In the first six months

In the first six months of the year, we have been notified by nine different companies that they have somehow or another leaked our information to an unauthorized third party. All of these were California companies, which were required to notify everyone, regardless of residence. I wonder how many other companies have lost our data.

I agree with Morely. My personal data belongs to me. I'm surprised Experian hasn't objected to the freeze. Nor the credit companies.

Data protection - need right of deletion

At the moment, data protection law allows you to demand that a company tells you what data they hold about you. (I don't think there's any right to make them correct errors though). What we need is to be able to demand that they simply delete the records. I, for one, want the power to demand that Experian do not keep a file on me (and I have a good credit rating, with "nothing to hide").

Not a contradiction at all

They want you to pay for the service, they certainly don't want you to get it for free!

Here in the US, there's no chance of getting any kind of privacy legislation as all the politicians are bought and paid for by exactly these outfits. It's up to the UK and EU to act as examples to the rest of the world as to how this whole system is corrupt, dishonest, and broken.

At the moment,they lose my data (as happened with TJX), I have to get new credit cards and then I have to spend hours sorting out new billing, contacting people, cleaning up the mess when things don't get paid. I never even got an apology or any kind of payment from TJX or their bank.

What is needed is legilation that forces these outfits to reimburse all affected for their costs. If my identity is stolen, reimburse me at a rate of $75 an hour for my time spent cleaning it up. When executives put those costs into their cost / benefit analysis, they'll start treating the problem seriously. Right now they (sort of) apologise, retire to the golf club, and let consumers carry the cost of cleaning up their mess.

Good credit rating

Richard Neill thinks, like many, that he has a good credit rating, because he has nothing to hide - presumably no missed credit card or mortgage payments, no adverse court judgements, and the like.

This constitutes a bad credit rating as far as financial lenders are concerned, because they know in advance they cannot make any extra profit out of him thru late-payment and other penalty charges. To them, he is a dead-weight in their customer portofolio. That is why they want to know about him. They will never delete a record on the basis that it is "clean".

It's NO surprise that Experian doesn't want to... they SELL your info!

Sadly, I have had a less-than-pleasant experience with Experian. Experian looking after your information is like the fox guarding the henhouse.

After getting copious quantities of junkmail through the post, long hours of investigating, playing hard ball with the companies who kept sending me mail and badgering their customer services staff they all eventually copped to having bought the info from Experian.

When I confronted Experian, they were very cagey about that, but eventually admitted that they must have. No wonder they won't notifiy you when they are the ones who sell it to others...

Delete Credit file? - Yeah right!!

So you have a good credit rating do you?

Where do you think that information comes from?

It comes from your credit file with Experian/Calldata/Equifax- who happen to hold more info about you than Experian btw!

Each mortgage/bank loan/car loan/mobile phone/credit card payment you make is recorded, as paid on time, late, defaulted, account closed etc..

Make your payments on time and in full and your credit rating will go up over time, as you are considered a good customer + low risk. Dont and it's recorded, as late, defaulted, etc. Hence when you go for a loan, mortgage/credit card/ whatever, they can see what risk you are. No company lending money/credit/services is wanting customers that dont pay - it's hassle for them to chase you and that equals expense that isn't profit making.

Delete your credit file? Say good bye to your credit rating then. With no history of you making payments how are you expected to be assessed? No credit history = no credit rating = no loans/mortgages/credit cards/mobile phones etc.. Unless of course you want PAYG phones + door to door collectors for your 420odd% loan (see Provident website for rates haha!!) and mortgages from companies of questionable ethics + rates.

I think the reason why Experian dont want to be alerting you to credit file activity is that with the UK having the worst debt in europe, it will keep them very very busy in an unprofitable way. What company on earth is going to do that?

What they should be doing is alerting you to the fact that you should be paying off your existing debt, instead of buying that new car/upgrade or holiday you've been after. Then maybe UK debt would come down. ID fraud is but a mere drop in the ocean, compared to the debt in this country.

If you think we'd get the option to tell a company to delete information about us your kidding yourself.

Imagine calling the DVLA to delete all your points because you dont think they shouldn't have that info... next time pass on the crack pipe.

Eamon

additional rant

Data Protection Act does allow you to have a copy of the information a company holds about you, and that it be correct and upto date - so if it's wrong Mr Richard Neill, tell them.

Remember, read the small print + tick the box NOT to have your info passed to third parties. If they pass it on they are breaking DPA.

Eamon

Don't give away what you can charge for

Maybe Experian wont notify cizitens because they are part of the system where companies charge you for "ID theft protection". Oh! I'm such a cynic. ........ Nick.

Credit Reference and the Information Commissioners Office

The Credit Reference agencies do not do too bad a job really, but they are holding data that is owned by others, and this includes the most offensive low life debt collectors who are acting for the banks.

The abuses by banks, and their agents, with individual’s data are legion.

The Information Commissioners Office is simply useless at enforcing the provisions of the Data Protection Act. The miniscule number of prosecutions by the ICO, combined with indifference by the ICO to the complaints of consumers, against a background of the UK failing to implement even the most basic required provisions of the EU directive on Data Protection. And at the same time diluting the existing provisions of the UK Data Protection Act with such nonsense as "Relevant Data", result in a UK Data Protection Act that can be ignored by all. It is worthless, totally utterly worthless.

My life has been destroyed with proven breaches of the Data Protection Act by banks and others over the last eight years that continue to this day. Armed with confirmation by the ICO of a Final Assessment that confirms multiple serious breaches I've issued High Court claims against Abbey National, who have resorted to fabrication of disclosure evidence and false sworn witness statements. But they did not need to resort to these criminal measures since the courts treat the UK Data Protection Act as being of no consequence anyway.

Abbey National even instructed the ICO to breach the Data Protection Act, and the ICO promptly did as their masters requested.

There can be no other conclusion, the ICO are useless, the Data Protection Act is useless, and the courts indifferance concerning breaches of the Data Protection Act is worthless.

Consumers are being shafted, and will continue to be shafted.

Hmmm. Experian in the UK

I know Experian is a multi-national so I can't comment on countries than the UK and my info is a few years out of date, but I used to work with the Experian computer/databases and the following is a very high level view of what is stored.

If you have anything owning to a credit-provider then they register the fact that a payment is required at a certain point. If a payment is received successfully then they record that. If it isn't then they record that also and they record if, for some reason thay payment was subsequently not required after all. So a three state flag. (actually is also sorted how late a payment was also)

"CompanyX 1 1 1 1 2 1 2 3 1 1 1 0 0 0 "

Companies purchasing services from Experian would typically simply take Experian's "summary" information on how good a credit risk you are - the number of payments wanted on time compared to how many were received. Offset by the severity of late payments. Basically that's the "credit rating". What they do with that information is up to them. Many credit providers like payers who are often slightly late, but not too much, as they incure charges and provide income for the companies. The information held is supposed to cycle out over seven years.

If you have never taken anything on credit, no loans, mortgages, catalogue purchases (student loans don't count I'm told) then you will not have a credit history/ record AT ALL. This is *not* the same as a good credit history and in fact if you are 28(ish)+ and have never had credit you may find it hard to do so. The tip we used to give such people was to take out a catalogue account, make a small purchase and make all the payments, regularly and on time.

Banks typically hold their own information and take more information from Experian than just the basic "credit-rating". They use this to generate a Delphi score which is different for each bank and involves lots of high voodoo. You have access to your credit history and can request corrections if you can prove they are wrong but good luck finding out about the Delphi score(s).

P.S.

I don't know if this has changed much but Equifax used to mirror the Experian data (though not all of it) over night and so typically lagged by 24 hours or so, but had the same info - a reason they were always a bit cheaper - they were a reseller basically.

Horse... Stable... Hey! Who left that door open?

"Remember, read the small print + tick the box NOT to have your info passed to third parties. If they pass it on they are breaking DPA."

DPA is a joke. It barely covered the situation when it was introduced and remember that when they do break it (which many household-name organisations seem to regularly and apparently quite casually in my experience), you'll pretty much have to go about 'enforcing' it yourself.

re: Additional Rant

"Remember, read the small print + tick the box NOT to have your info passed to third parties. If they pass it on they are breaking DPA."

Excuse me while I pick myself up the floor from all the laughing. Breaching the DPA is still the rule, rather than the exception. The DPA's office has no teeth, and until it gets some, large data aggregators (Experian, Axciom, et al) and their customers will continue to flout the regulations.

Corporations will always game the system while the benefits are larger than the pitfalls.

Check your credit records for free...

Apropos of this thread, you can, at least, check your credit records for no charge and make sure that all the information held about you is correct.

See <http://www.moneysavingexpert.com/cgi-bin/viewnews.cgi?newsid1101485056,23650,#free> this thread from Money Saving Expert.Com for details and while you're at it, sign up to his exceptionally useful free weekly newsletter!

NB I have no connection with this site other than being a satisfied user who has saved large amounts of money on cards, bank accounts, savings accounts and so on!