Experian's Fundamental Breach of Data Protection Act 1998

VictimOfImpersonation

OK. In the last 24 hours I have established that Experian where involved in a real-time credit check as part of the bank's online credit card application decision process. Clearly whatever electronic message came back from Experian was unfit for any purpose to do with identifying a fraudulent application in my name by a third party.

I think both the card provider and Experian must have been playing a different game when they devised that particular link-up.

By the way. Today is Day 74 after that electronic link-up was made and the cocked-up decision let a fraudulent application through the net and all the systems just forgot about it, except for adding over limit and late charges (and interest I guess). Still no alerts on any of the three CRAs, still no corrections on Experian or CallCredit, still no CIFAS registration showing. Just a moderate dent in my Experian credit score so far for the mere fact I apparently took out a new credit agreement recently. Way to go fellas !

VictimOfImpersonation

Update over last 24 hours:

• No change to CRA files which still show the position as at the beginning of December.
• That includes the fact that I can see no CIFAS registration yet either.
• No telephone calls.
• No emails.
• No statements received for the fraudulent card account in question since it was issued 2½ months ago.
• What I have received in the last 24 hours is a special letter dated 2nd January 2014 addressed to me as an out of order new account customer, but it takes the form only of a gentle reminder to pay.

The account is over credit limit but the letter does not mention the credit limit, just the outstanding balance and it only asks for 5% of the outstanding balance which will do nothing to take it back under the credit limit. So next month no doubt they would plan to add a third £12 overcredit limit charge as well as interest.

There is nothing in the letter which actually says that the account is out of order. It's just a gentle reminder to pay something. I find this quite remarkable bearing in mind that the card was maxed out by early November and charges soon took it way over credit limit and no payment has ever been made on it. The card provider seems remarkably laid back about it.

Anyway, let us not forget that the card provider was told this was a fraudulently opened account over three weeks ago yet I have received two further computer produced letters since then sent oblivious to the fraud notification.

I am making this update on the Experian file because Experian ought to be the first CRA that gets updated by the card provider since they were partners in the joint entreprise to credit check the fraudulent application and ended up between then deciding there was no reason to reject it.

In these threads I have been roundly criticised along the lines of "Why don't you just follow procedures and report the error on your credit file to the CRA in the normal way?"

Well I did notify the card provider in the normal way and chase them, and I did notify CallCredit in the normal way and chased them.

Equifax appear to be oblivious of any new credit agreement so I can only assume the card provider does not have much of a relationship with Equifax. Equifax are the alert service I was subscribed to and they have singularly failed to pick up the fraud either at the time or since. I am not sure what useful purpose there is in contacting them about an omission based purely on the fact that some major credit card players seem to cut Equifax out of the game?

Experian is the only party with actual involvement in this fiasco that I have not notified directly. Via these threads I have told Experian company representative of the security hole in the arrangement they have with the card provider. He has not been best pleased by me refusing to make his job easy by identifying myself exactly and my insistence that they can easily establish the security hole if they do a date of birth mismatch query using their intelligence to categorise the breaches. The main reasoning for not notifying them directly has been very simple - it was a test - more than one in fact, and we shall alllearn from it (although industry insiders are clearly bored with the prospect of the rest of us learn unresponsive and mediocre their industries might be in responding to real criticisms), so anyway, the tests:

• Would they do a date of birth mismatch query on their entire database of any description in order to discover obvious fraud like mine?
• Having been central to the card provider's instant online credit check / decision to issue a new card, how fast would Experian update their record on the car provider's say so?

The answer to the first one I think we can assume is 'No, they don't want to' (I believe they would instantly have to report themselves to ICO and agree a clean-up schedule if they did a proper mismatch query on their database because I think with good reason that it contains a lot of obviously inaccurate data).
The answer to the second is that it is 24 days since I notified the card provider of the fraud and no correction seems yet to have been made.
It is now 77 days since the original Experian "live check" was used to assist the card provider in making an instant decision to issue a card to the fraudsters with solely a partial name and address and all other application data including date of birth being completely false.

Please remember there have been no alerts whatsoever - I discovered the fraud myself after an over credit limit charge notification letter arrived.

On the Are CRAs unfit for purpose and should they be reformed? thread I posed a question about whether any MSE'er had ever received an alert from a CRA which actually turned out to be actual fraud (as opposed to some other chase round the houses leading to a conclusion that it was some c¤ck-up or other frustrating non-event?

No-one confirmed that they knew of such an instance. One lending industry insider effectively just said don't be so stupid, hundreds will have been alerted.

I am struggling to believe that even tens might have been alerted, but I do know that 4 million of us have already been the victims of ID Fraud because CallCredit use the fact as a selling point for their alert services :mad:

VictimOfImpersonation

Ah, at last!

Some changes have occurred on my Experian file today :j

Your current score is: 999


Factors affecting your score:

5 Positive factors

• Your most recent mortgage account has been running for over 12 months
• The usage of your available credit indicates a lower risk
• The value of your highest credit limit indicates a lower risk
• The age of your accounts indicates lenders are likely to view you as lower risk
• You have a significant number of successfully settled credit accounts

» See more


0 Negative factors

• No Negative factors

2 changes since last report

• You have fewer recently opened credit accounts
• You are using less of your available revolving credit

I publish the above not only to show there has been a change, but in the hope that it might give some readers an idea of the sort of thing that Experian say contributes to what with them I think is a perfect score of 999.

So, I guess we'll never know* if Experian got their finger out and cleaned up the obvious dob mismatch themselves as part of a general data cleanup, or if it was as a result of the card provider requesting the deletion of the incorrect account. On my Experian file it is now as if that unalerted 75 day old fraudulent account never existed.*

*Edit: Actually we do know, it wasn't Experian that tidied it up, and it is not true to say my file is exactly as if the fraudulent account never existed - there is from today a good clue that it might have - a CIFAS registration record :j : "Victim of Impersonation {That's me}- Use, by another person, of this name and/or address"

rizla_king

http://experian.co.uk/consumer/questions/askjames357.html

James_Jones wrote:

Any lender that shares credit account information through a credit reference agency is certainly responsible for making sure the information is accurate and kept up to date. The credit reference agency should also take reasonable steps to make sure the information is correct too, such as making practical checks of the information as it is received.

VictimOfImpersonation

rizla_king wrote:

http://experian.co.uk/consumer/quest...kjames357.html

James_Jones_aka_Experian_company_representative: wrote:

Any lender that shares credit account information through a credit reference agency is certainly responsible for making sure the information is accurate and kept up to date. The credit reference agency should also take reasonable steps to make sure the information is correct too, such as making practical checks of the information as it is received.

(my underline) Rizla king you are a mine (or should we say diligent miner!) of the very best nuggets of pertinent information. Thank you from all of us who have to date suffered the insufferable comments that CRAs just record what they are given and should not be blamed for that.

MrSilk

VictimOfImpersonation, calm down, the whole point of posting here, is for help and advice, not to be ignorant towards other users. Get over it.

VictimOfImpersonation

MrSilk wrote: »

VictimOfImpersonation, calm down, the whole point of posting here, is for help and advice, not to be ignorant towards other users. Get over it.

What are you on about, Mr.Silk? Rizla king posted a very pertinent quote (not by a user but by the Head of Consumer Affairs of Experian!) and I am grateful for it and gave my thanks. Have you misinterpreted my thanks ?

MrSilk

VictimOfImpersonation wrote: »

What are you on about, Mr.Silk? Rizla king posted a very pertinent quote (not by a user but by the Head of Consumer Affairs of Experian!) and I am grateful for it and gave my thanks. Have you misinterpreted my thanks ?

Oops, apologies

VictimOfImpersonation

Well that's alright, Mr.Silk! Glad we cleared that up so fast :beer:

My apologies too for obviously having given you the impression that every time I post I am biting someone's head off !

... mind you, if James Jones is still wearing his, it would be nice if he responded here to straighten out an inconsistency or two

brettcta

won't somebody please think of the children?