Article: Experian Site Can Give Anyone Your Credit Freeze PIN
By: Brian Krebs
Date Published: September 21, 2017
In one of Brian's newer articles, he talks about how the "security" that is in place to get the pin number to unfreeze "a consumer credit file... at Experian" really does nothing for those who are at risk of identity theft. To receive the PIN to remove someone's freeze, an individual needs the "person's name, address, date of birth and Social Security number" which would be easy enough for an identity thief to get their hands on due to the multiple security breaches at companies that hold all of this information, one example of this is the Equifax data breach.
The next step in getting the PIN to unfreeze an account requires the individual inputting the information to successfully answer a series of KBA questions, or knowledge based authentication questions. Sadly, most individuals make it easy to guess this information by posting a lot of this on social media or other sites, and all an identity thief needs to do is do a little bit of digging.
Along with all of the specific users’ information, the identity thief would only have to put an email into the system to receive the new PIN "and swear that the information is true and belongs to the submitter." Krebs even went so far as to sarcastically say that the fact that they must swear they are who they say they are would keep almost all identity thieves away. In other words, Brian believes that it is way too easy for an identity thief from unfreezing credit files. Krebs suggested that one way to help with this problem is to use snail mail to send the code or by sending it to a known email address for the specific credit file.
Thanks to this article, I feel a lot more informed on this topic. Before reading this, I was very unaware on how easy it was to unfreeze other individuals credit files through Experian. The public needs to know that when they answer KBA questions, they need to make it something that most people do not know or what can be found on the Internet through social media. Hopefully, over the years, more restraints are put on the companies that give out the freeze codes. I believe that the idea that companies should send out the PIN's through snail mail to the known address of the card to keep the codes from identity thieves, as well as government laws put in place to keep this information safer from being misused are good ideas. One idea that might be possible as technology progresses is to use fingerprints once we are able to make finger print scanners more precise and less costly. However, since we do not have this technology very easily accessible yet, the best way to stay protected is by staying up to date on any new progress as it comes out.
Article: https://krebsonsecurity.com/2017/09/experian-site-can-give-anyone-your-credit-freeze-pin/#more-40828
Photo: https://krebsonsecurity.com/tag/credit-freeze/
By: Brian Krebs
Date Published: September 21, 2017
In one of Brian's newer articles, he talks about how the "security" that is in place to get the pin number to unfreeze "a consumer credit file... at Experian" really does nothing for those who are at risk of identity theft. To receive the PIN to remove someone's freeze, an individual needs the "person's name, address, date of birth and Social Security number" which would be easy enough for an identity thief to get their hands on due to the multiple security breaches at companies that hold all of this information, one example of this is the Equifax data breach.
The next step in getting the PIN to unfreeze an account requires the individual inputting the information to successfully answer a series of KBA questions, or knowledge based authentication questions. Sadly, most individuals make it easy to guess this information by posting a lot of this on social media or other sites, and all an identity thief needs to do is do a little bit of digging.Along with all of the specific users’ information, the identity thief would only have to put an email into the system to receive the new PIN "and swear that the information is true and belongs to the submitter." Krebs even went so far as to sarcastically say that the fact that they must swear they are who they say they are would keep almost all identity thieves away. In other words, Brian believes that it is way too easy for an identity thief from unfreezing credit files. Krebs suggested that one way to help with this problem is to use snail mail to send the code or by sending it to a known email address for the specific credit file.
Thanks to this article, I feel a lot more informed on this topic. Before reading this, I was very unaware on how easy it was to unfreeze other individuals credit files through Experian. The public needs to know that when they answer KBA questions, they need to make it something that most people do not know or what can be found on the Internet through social media. Hopefully, over the years, more restraints are put on the companies that give out the freeze codes. I believe that the idea that companies should send out the PIN's through snail mail to the known address of the card to keep the codes from identity thieves, as well as government laws put in place to keep this information safer from being misused are good ideas. One idea that might be possible as technology progresses is to use fingerprints once we are able to make finger print scanners more precise and less costly. However, since we do not have this technology very easily accessible yet, the best way to stay protected is by staying up to date on any new progress as it comes out.
Article: https://krebsonsecurity.com/2017/09/experian-site-can-give-anyone-your-credit-freeze-pin/#more-40828
Photo: https://krebsonsecurity.com/tag/credit-freeze/
Comments
Post a Comment