PWN-Back Your ID (from Equifax, Experian, Transunion) Check-it-Protect It

From IIW

Pwn-Back Your ID from Equifax, Experian & TransUnion: “Check it & Protect It”

Thursday 11G

Convener: Thomas OMalley

Notes-taker(s): Thomas OMalley


Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


1. Notes received from Thomas OMalley:


Link to full document w/figures and images included -


https://drive.google.com/file/d/1E2v61i5X4c5AOHwRfy6BjRzwN1EHgdCq/view?usp=sharing


In this session, we discussed how the nation’s largest credit reporting agencies (CRA) have “pwned” (pwn- slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership) our “personally identifiable information” (Pii) and long-term credit histories from our existing lenders and other data sources.


As depicted below in Figure 1, the nationwide CRA oligopoly (EXPERIAN, EQUIFAX, TRANSUNION) created a new multi-billion-dollar (projected $18 billion by 2025) revenue stream from its “ID TheX Protection Racket” that the Big-3 CRAs (“the Cranos”) control and operate.


The CRAs’ current revenue model consists of zero cost-of-goods (COG = $0); specifically, your “personally identifiable information” (Pii) and credit histories provided by your existing lenders, along with other sourced data.


CRAs then aggregate all of your data into “credit reports,” which the CRAs then sell to both your existing lenders and creditors AND to new prospective lenders and creditors that want you to buy their loan and credit products. According to the former Equifax CEO who retired aXer its infamous data breach of 148 million people, his CRA’s “unique business model” earned CRA Equifax a 90% gross profit margin on its COG sold.


CRAs earn revenue on every credit report the CRAs sell to prospective new lenders, irrespective of whether lenders are dealing with genuine consumers or criminals using stolen identities or “synthetic” (i.e. fictitious) identities created with children’s SSNs. Instead of spending money to prevent new account fraud, the CRAs created the “identity theX services protection racket” that DOES NOT PREVENT new account identity fraud, but gives the CRAs a lucrative new revenue stream.


INSERT: Figure 1 - CRAs Pwning Your Pii and Financial Identity


We also discussed how people can “pwn” back and control their financial identity under the Fair Credit Reporting Act (FCRA).


The first step is to download your free annual credit report and check/fix errors in your credit reports maintained by the Big-3 CRAs - Experian, Equifax and TransUnion. See Figure 2, draX UX re-design of FrozenPii.com.


INSERT: Figure 2 - Free Annual Credit Reports


The second step is to freeze your Experian credit report, Equifax credit report and TransUnion credit report. See Figure 3, draX UX re-design of FrozenPii.com.


INSERT: Figure 3 - Free Credit Report Freezes


The FCRA requires CRAs to implement security credit freezes within one business day following a consumer’s on-line or toll-free telephone call request. The FCRA also requires CRAs to “unfreeze” a consumer’s credit report within 1 hour of the consumer’s online or toll-free telephone request. This allows a consumer to control release of their credit reports only to new lenders chosen by the legitimate consumer, not to lenders dealing with criminals.


The disruptive effect of large-scale consumer credit freezes would be the elimination of the consumer rip-off “ID TheX Protections Services” industry, which markets fear and sells an ineffective “early warning systems” of successful new account identity fraud. See Figure 4. Only free credit freezes can help PREVENT new account identity fraud.


INSERT: Figure 4- CRA Revenue Disrup9on from Scaled Credit Freezes


For more information about free annual credit reports, free credit freezes and free identity theX victim help services, see FrozenPii.com (new UX web design coming June 2019).