Effects of the Equifax Data Breach, Part 2: Credit freezes
In the wake of the Equifax data breach, the credit reporting agency is offering free credit monitoring and freezes to help customers protect their banking accounts. While these services can help consumers put a halt on account activities, how effective is it in stopping identity fraud?
In the recent article, “Free credit freezes from Equifax,” the global credit monitoring company is letting consumers put a freeze on their accounts free of charge through Jan. 31, 2018. Freezing an account may stop anyone from accessing a credit file for a limited time, but it can’t block fraudulent activity, altogether. Here’s why.
- Doesn’t cover top three agencies: Placing a freezing only with Equifax still leaves Transunion and Experian -- which along with Equifax make up the top three credit reporting agencies -- vulnerable to fraud. Because businesses can pull credit from any of the top agencies, thieves can potential take out new credit under another person’s name using the other credit monitoring agencies.
- Only a short-term fix: These free services are only for a limited time. While credit freezes may put a temporary stop on all account activities, they fall short of protecting consumers over the long haul. With sensitive customer information in the wrong hands, Equifax identity theft victims could be susceptible to fraud scams for years to come. Shielding their accounts only for a few months could cost consumers roughly $5 to $10 each time they want to put a freeze on their accounts.
- Doesn’t stop social engineers: Criminals can leverage the exploited personal information to build customer profiles and socially engineer contact center agents. Banks that still rely on knowledge-based authentication (KBA) tools to identify customers over the telephone channel are particularly vulnerable because crooks can correctly answer security questions designed to thwart bad actors from impersonating real customers attempting to access and take over existing accounts.
- Reactive response: With each new data breach, financial institutions react by taking swift action to mitigate their risk of fraud. While this can help on some levels, it isn’t enough. A reactive approach to combating fraud is simply not effective in today’s customer environments. To better protect customers and their financial assets, banks and businesses need to be proactive. Deploying customer identification process that don’t rely on personal information is one way stop social engineers from defeating conventional knowledge-based solutions.
In the aftermath of a massive security breach such as Equifax and Yahoo, which has now grown to three billion hacked accounts, organizations must understand that the best defense against such fraud attacks is taking a proactive approach. Deploying automated authentication solutions that don’t rely on sensitive customer data can help organizations identify in real-time spoofed calls and innovative impostors early in the authentication process to help reduce a bank’s risk of knowledge-based identity fraud and other threats before and after a large data breach.
Be sure to check back next week when I will explore the long-term impact a data breach can have on an organization and its brand reputation.