Equifax Has Chosen Experian. Wait, What?
Krebs on Security
NOVEMBER 1, 2018
A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service. The news came in an email Equifax is sending to people who took the company up on its offer for one year of free credit monitoring through its TrustedID Premier service. Here’s the introduction from that message: “We recently sent you an email advising you that, until further notice, we would be extending the free TrustedID ® Premier subscription you enrolled in following the September 7, 2017 cybersecurity incident. We are now pleased to let you know that Equifax has chosen Experian ® , one of the three nationwide credit bureaus, to provide you with an additional year of free credit monitoring service. This extension is at no cost to you , and you will not be asked to provide a credit card number or other payment information. You have until January 31, 2019 to enroll in this extension of free credit monitoring through IDnotify , a part of Experian.” Equifax says it will share the name, address, date of birth, Social Security number and self-provided phone number and email address with Experian for anyone who signed up for its original TrustedID Premier offering. That is, unless those folks affirmatively opt-out of having that information transferred from Equifax to Experian. But not to worry, Equifax says: Experian already has most of this data. “Experian currently has and is using this information (except phone number and email address) in the fulfillment of the Experian file monitoring which is part of your current service with TrustedID Premier,” Equifax wrote in its email. “Experian will only use the information Equifax is sharing to confirm your identity and securely enroll you in the Experian product, and will not use it for marketing or solicitation.” Even though people who don’t opt-out of the new IDnotify offer will have their contact information automatically shared with Experian, TrustedID Premier users must still affirmatively enroll in the new program before then end of January 2019 — the date the TrustedID product expires. Equifax’s FAQ on the changes is available here. EQUIFERIAN ® ? Talk about the blind leading the blind. It appears that in order to opt-out of the information sharing or enroll in the new Experian program, people will need to click a customized link in the email that Equifax is sending to TrustedID enrollees. I’m not aware of another method for opting our or signing up, but I’ve asked Equifax for clarification on that point. Consumers who don’t want Equifax sharing their phone number and email address with Experian need to opt-out by clicking a link in an email. Fundamentally, I see no problem with people using these credit monitoring services as long as they are free. Credit monitoring services can be useful in helping consumers dig themselves out of the mess caused by identity theft. The chief danger I see in relying on credit monitoring services to stop identity theft, however, is that these services traditionally have not been very good at doing that. As I’ve written ad nauseam, credit monitoring services are more useful at detecting *when* someone opens a new line of credit in your name. What this means is that while they might let you know when someone has stolen your identity, they’re not likely to prevent that from occurring in the first place. The best mechanism for preventing identity thieves from creating and abusing new accounts in your name is to freeze your credit file with Experian, Equifax and TransUnion. This process is now free for all Americans, and simply blocks potential creditors from viewing your credit file. Since very few creditors are willing to grant new lines of credit without being able to determine how risky it is to do so, freezing your credit file with the Big Three is a great way to stop all sorts of ID theft shenanigans. I explain in much greater detail how to freeze your files and what’s involved with that in this post from September. Please note that if you haven’t yet frozen your credit and you’d like to take advantage of this offer from Equifax/Experian, it’s a good idea to enroll in the IDnotify first, as it’s often not possible to enroll in credit monitoring services *after* you’ve frozen your credit. That said, Equifax’s FAQ suggests this might not be the case, noting that if your Equifax credit report is frozen, the security freeze will stay in place for people who enroll in the new program. I imagine this arrangement should help the credit bureaus steer more people away from freezing their and toward their respective “ credit lock ” services, which the bureaus have marketed as just as good as a credit freeze but also easier to use. All three big bureaus tout their credit lock services as an easier and faster alternative to freezes — mainly because these alternatives aren’t as disruptive to their bottom lines. According to a recent post by CreditKarma.com , consumers can use these services to quickly lock or unlock access to credit inquiries, although some bureaus can take up to 48 hours. In contrast, they can take up to five business days to act on a freeze request, although in my experience the automated freeze process via the bureaus’ freeze sites has been more or less instantaneous (assuming the request actually goes through). TransUnion and Equifax both offer free credit lock services, while Experian’s is free for 30 days and $19.99 for each additional month. However, TransUnion says those who take advantage of their free lock service agree to receive targeted marketing offers. What’s more, TransUnion also pushes consumers who sign up for its free lock service to subscribe to its “premium” lock services for a monthly fee with a perpetual auto-renewal. Unsurprisingly, the bureaus’ use of the term credit lock has confused many consumers; this was almost certainly by design. But here’s one basic fact consumers should keep in mind about these lock services: Unlike freezes, locks are not governed by any law, meaning that the credit bureaus can change the terms of these arrangements when and if it suits them to do so. Did you receive this offer from Equifax/Experian? Are you planning to opt out or enroll? Sound off in the comments below. A Little Sunshine Data Breaches credit freeze credit lock creditkarma.com Equifax breach Equifax has chosen Experian Equifearian Experian breach security freeze TransUnion TrustedID Premier