Can I change my Date Of Birth on Bank & HMRC records as easily as changed passwords?

VictimOfImpersonation

In other threads where I have complained of no query being raised when a fraudster opened an account in my name with the wrong date of birth, some commentators have counselled that date of birth is "only part of verifying your identity" or some such. They have argued that it is not critical.

In these days of Genesreunited, Ancestry.co.uk, Companies House et al, where such data may inadvertently be open to prying eyes (or possibly was for some period when organised crime could have hoovered it all up), we are all pretty much aware I think that it might be sensible for ID protection purposes to change any record of Mothers Maiden Name to something truly secret.

Has the time come when we should in fact do anonymise all DOB records too? I.e. a different dob with every provider or indeed every data controller including departments of HMG? If you think that sounds crazy then thank Buzby coupled with relative indifference from Experian company representative for setting me off on this curious tack!

Would the banks allow it ? I cannot believe they are quite ready for that!

shortcrust

Surely all this could be contained in one thread? Perhaps you should start a blog.

VictimOfImpersonation

Which thread?

As a victim (twice at this address now) I am very interested in protecting my ID and until the last time, did not even twig that "Mothers Maiden Name" could (and probably should) be changed. My actual DOB was compromised then. So maybe that's when I should have changed it too! With my accounts therefore, "MMN" is already now just a secret extra password and is not my mother's maiden name.

I would genuinely like to know from bankworkers or CRAs or even government workers whether we could/should start securing dob data-fields as a secret password too.

There does seem to be grave confusion now about DOB being a part of a unique key to identity. In a doctor's surgery it gets you far, but in a fraud protection scenario it makes you vulnerable twice over (once because it may already be compromised yet so many banks use it as security question, even after they know it is compromised(!), and twice because CRAs and banks don't any longer seem to cross check it on new applications for credit in your name). Their behaviour suggests they are just blindly following their own commercial lending risk algorithms without a thought for our ID protection.

Like Buzby, I have been giving false dobs for years to online marketeers where I thought it did not matter and instead if I ever saw one of those particular false dobs linked to my name I would know that there was a leak and I was right.

The date of birth that resulted in the recent fraudulently opened credit card account in my name was unlike any dob I have ever used - it is completely random. But the CRA asserts that because they no longer treat dob as part of any unique identifying key data, they should be forgiven for letting it through and letting it stand.

This thread is specifically about a considered reaction to that surprising assertion about dob specifically. Have you any thoughts about dob specifically?

Tiddlywinks

I refer to my response on a previous thread of yours:

http://forums.moneysavingexpert.com/showpost.php?p=64206029&postcount=34

CRAs simply record the data provided by the financial organisations.

As to Government departments... Companies House records the DOB as it is one of the only unique identifiers we have as individuals. Director details are a matter of public record and that is why they are publicly searchable.

HMRC deals with taxation matters and is perfectly entitled to retain your details - why do you think this is an issue?

You are now sounding more paranoid and I suggest you seek help as this is becoming obsessional.

Buzby

Sure - why not? I've been doing this for 50-odd years, (since 'Over 21' ceased to be an option. There is little point making it easy for fraudsters, OR CRA's.

sharpy2010

What on earth are you all on about?

VictimOfImpersonation

Tiddlywinks wrote: »

You are now sounding more paranoid and I suggest you seek help as this is becoming obsessional.

You need a mirror first. Then tell us what you see in it. I am flattered that you keep returning to my posts, and we can only speculate on what brings you to them time and time again.

[Deleted User]

VictimOfImpersonation wrote: »

You need a mirror first. Then tell us what you see in it. I am flattered that you keep returning to my posts, and we can only speculate on what brings you to them time and time again.

Simple, near enough every single post of yours is slating the CRA's - and there more and more in this part of the forum.

100+ posts that are near enough solely you slating the CRA's, or saying they are not fit for purpose, not this not that.

Your bad experience has seriously made you obsessed with trying to destroy CRA's.

When the CRA's offer to help (Which they have in multiple threads) you reject there offer. This not only completely undermines your whole argument but also diminishes the value of any of your responses. You are beginning to come across as seriously deluded.

Besides, CRA's are just collectors of info - NOTHING ELSE. They JUST show the information THEY are given. Your problem is the BANK - NOT the CRA.

Twisted_Cherry

I've never used my mother's maiden name when asked...

Joe_Bloggs

You need a mirror first.
we can only speculate

Very witty.

How can we prove who we are online without having to resort to spouting generally online/biographical data to a new financial institution ?

As it stands the banks make money the smart criminals take their share. The criminals will never be prosecuted or investigated because it would not make financial sense.

If you want to be part of the solution then suggest an alternative means of ID .

J_B.

VictimOfImpersonation

Joe_Bloggs wrote: »

As it stands the banks make money the smart criminals take their share. The criminals will never be prosecuted or investigated because it would not make financial sense.

I agree whole-heartedly. I have long believed that to the banks, organised crime is just increased turnover.

If you want to be part of the solution then suggest an alternative means of ID.

I have started to explore this in this thread and in other threads. Internet banking (account applications and account servicing) has made account takeover fraud easier. If I have 4 UK credit cards with one bank, I can register them all separately from anywhere in the world I think under separate username accounts. That means if a fraudster gets his hands on a new account like with me, he can instantly go online and start an online banking account purely on the strength of owning one card in my name. That is not multi-level layers of an onion type security. It is weak vertical security.

I mentioned for example how in some western European countries, the equivalent of NI number is used as a unique username and the same username and login security protocols/routines are used by both government websites and the banks. I reported that if you like it is seen to work as conveniently as the Facebook validation option does when you login to MSE and a myriad of other websites who accept Facebook validation for login.

That is why I have asked here about DOB being degraded and in another thread about whether CRAs have access to our NI numbers or passport numbers for example.

I think the answer is yes they already do, but it would be politically suicidal at the moment for them or their pals in government to admit it. Conversely there are strong arguments why they should be using those and refusing all entries and enquiries that don't include that hard data.