The Equifax Breach: Part Two Analysis

Let us move on to the ways to protect ourselves in the future by using a credit freeze or fraud alert.  These options can protect your personal, private, and confidential information after a security breach and effectively add extra protection against identity theft. We have discussed them briefly in the past, although now, it seems appropriate to dive into further analysis. What are credit freezes and fraud alerts? How do they add more protection against identity thieves? What other actions might someone take to create additional safeguards?

Credit Freeze

The first and most basic way to prevent harm from identity theft is through a credit freeze, also known as a security freeze. A credit freeze is more or less what it sounds like–i.e., it “freezes” your credit where no lender can get access to your credit unless the consumer decides to lift it. Even then, the freeze cannot be undone without a pin number issued at the time of the freeze.

However, this also provides difficulties. If a credit freeze occurs, it may lead to unforeseen consequences, as applying for some services, like cellular or internet service, may become complicated due to the existence of the freeze. Furthermore, the unfreezing process may be lengthy, and occasionally results in an extra cost. Finally, the process is governed by a patchwork of state laws, as there are no federal regulations for the process. For example, California’s Civil Code 1785.10-1785.19 permit a credit freeze for a cost of no more than ten dollars (five if the consumer is 65+ years old) and the same cost to lift the freeze even if it is temporary. California prohibits fees from a person who has been victimized by identity theft.

Fraud Alert

A fraud alert works slightly differently. First, it occurs under the Fair Credit Reporting Act. This allows individuals to place what is called a “fraud alert” free of charge. These fraud alerts may last 90 days to 7 years, depending on the severity. In an unconfirmed event, protection would last for 90 days with proof of identity. In a confirmed case, protection would last for 7 years with proof of identity and a copy of an identity theft report.

The fraud alert does not lock down credit, though it puts the burden on the creditor to take reasonable measures to verify identity. Naturally, this may not be completely foolproof, depending on how much information was leaked to others.

What are the other methods?

Finally, there is two-factor authentication process. With critical accounts, this is a measure that best occurs as a preventive step rather than a reactive one. It works by combining something you know (e.g., password) and something unique to you or something you physically possess (e.g., PIN code, biometrics).  As an example, even if a hacker manages to get into a bank account due to a password leak, he/she may be blocked by a second step needed to transfer funds, such as a code sent to a phone or a biometric marker.

At our law firm, we assist clients with legal issues related to internet and technology. Please contact us to set up an initial consultation.