Be wary of Cifas Protective Registration

Theleak250

Two years ago my employer had a data breech and advised us to apply for a Cifas protective registration. It advised this would just mean extra checks if you applied for credit, a bit of hassle but it protects you further from fraudulent applications in your name using the stolen details. So I applied and it was added to my credit record. 

The problem is that many lenders simply will not bother conducting extra checks and will refuse you point blank to lend. I assume this is due to extra cost associated and lenders deciding it’s not worth it, and it’s cheaper just to say no.

I wanted to give a warning as all the official warnings I have seen state it would cause delays but doesn’t seem to mention it will cause you to get blocked by many lenders totally. Some lenders do carry out the checks, but overall I have found it’s a firm no. It’s not just lending either. Anything which involves a credit check can be refused. Current account application etc. Barclays stated they suspected an application was fraudulent. 

I would advise anyone to avoid Cifas protective Registration unless you are at a real risk of fraud. It should not be applied for lightly and can have serious implications if you want to lend. On the positive side, no fraud has occurred with my details. One could argue it has done its job, but it has caused a lot to inconvenience to my financial cashflow, luckily I was able to find alternatives but if I needed the lent money I would have been in difficulty. If you are genuinely at risk of fraud you should still apply for it, but please be aware of the above. 

masonic

It is not normal for a company to advise data subjects to take out a protective registration in the event of a data breach. The standard practice is to pay for those individuals to have credit monitoring for a reasonable period (e.g. a year). However, going down the Cifas route would make sense if you were not planning to apply for any accounts with credit facilities over the period. This is the closest thing to freezing your credit (as is available in the US). Your employer would appear to be in the wrong here.

By taking out the protective registration, you are warning the checking organisation that there is a greater risk the application could be fraudulent. It's not beyond the realms of possibility that some organisations would view that in itself as a red flag and opt not to take on that risk.

Theleak250

masonic said:

It is not normal for a company to advise data subjects to take out a protective registration in the event of a data breach. The standard practice is to pay for those individuals to have credit monitoring for a reasonable period (e.g. a year). However, going down the Cifas route would make sense if you were not planning to apply for any accounts with credit facilities over the period. This is the closest thing to freezing your credit (as is available in the US). Your employer would appear to be in the wrong here.

By taking out the protective registration, you are warning the checking organisation that there is a greater risk the application could be fraudulent. It's not beyond the realms of possibility that some organisations would view that in itself as a red flag and opt not to take on that risk.

I doubt there is much I can do about the bad advice sadly. 

Do you think it will be forever, even after the marker is removed? That companies will blacklist me? 

masonic

You can end a protective registration at any time. It might be worth doing so if it is hindering account applications. I don't believe it leaves any permanent record.

KittenChops

Theleak250 said:

Two years ago my employer had a data breech and advised us to apply for a Cifas protective registration. It advised this would just mean extra checks if you applied for credit, a bit of hassle but it protects you further from fraudulent applications in your name using the stolen details. So I applied and it was added to my credit record. 

The problem is that many lenders simply will not bother conducting extra checks and will refuse you point blank to lend. I assume this is due to extra cost associated and lenders deciding it’s not worth it, and it’s cheaper just to say no.

I wanted to give a warning as all the official warnings I have seen state it would cause delays but doesn’t seem to mention it will cause you to get blocked by many lenders totally. Some lenders do carry out the checks, but overall I have found it’s a firm no. It’s not just lending either. Anything which involves a credit check can be refused. Current account application etc. Barclays stated they suspected an application was fraudulent. 

I would advise anyone to avoid Cifas protective Registration unless you are at a real risk of fraud. It should not be applied for lightly and can have serious implications if you want to lend. On the positive side, no fraud has occurred with my details. One could argue it has done its job, but it has caused a lot to inconvenience to my financial cashflow, luckily I was able to find alternatives but if I needed the lent money I would have been in difficulty. If you are genuinely at risk of fraud you should still apply for it, but please be aware of the above. 

My bolding above - how do you know this, or is it just an assumption?  Perhaps there is another reason why your applications are being declined?


masonic said:

It is not normal for a company to advise data subjects to take out a protective registration in the event of a data breach. The standard practice is to pay for those individuals to have credit monitoring for a reasonable period (e.g. a year). However, going down the Cifas route would make sense if you were not planning to apply for any accounts with credit facilities over the period. This is the closest thing to freezing your credit (as is available in the US). Your employer would appear to be in the wrong here.

By taking out the protective registration, you are warning the checking organisation that there is a greater risk the application could be fraudulent. It's not beyond the realms of possibility that some organisations would view that in itself as a red flag and opt not to take on that risk.

My bolding above - if that were true, then those institutions are breaking the rules that they agreed to adhere to by being CIFAS members
.

masonic

KittenChops said:

masonic said:

It is not normal for a company to advise data subjects to take out a protective registration in the event of a data breach. The standard practice is to pay for those individuals to have credit monitoring for a reasonable period (e.g. a year). However, going down the Cifas route would make sense if you were not planning to apply for any accounts with credit facilities over the period. This is the closest thing to freezing your credit (as is available in the US). Your employer would appear to be in the wrong here.

By taking out the protective registration, you are warning the checking organisation that there is a greater risk the application could be fraudulent. It's not beyond the realms of possibility that some organisations would view that in itself as a red flag and opt not to take on that risk.

My bolding above - if that were true, then those institutions are breaking the rules that they agreed to adhere to by being CIFAS members

I'd be interested in which rules in particular would be broken in the scenario an institution performed a search, which flagged a protective registration had been taken out, and the insitution's didn't have the capacity to mitigate the risk of identity theft to its own satisfaction. This would seem to fall under Principle 5, but I don't have access to a detailed description of the rules, and the general principle below seems not to preclude a rejection on the grounds of risk appetite.

This Ombudsman decision letter suggests the refusal of an application without carrying out the extra checks does happen in practice (although this case involved a protective registration and several victim markers), and that the Ombudsman considers this practice unfair.

Hazzanet

I also have Cifas protective registration and from my point of view, it's, surprisingly, been no bother to me.  

Specifically, I've opened current accounts, credit cards and a personal loan since the registration has been in place and in all cases, I have either been approved straight away, or in the case of the loan, it referred but was approved two days later.  In no circumstances have I had to provide any additional information to move any application along.  

I suspect that the OP's issues are not down to the Cifas registration and possibly point to a different issue.  

Theleak250

There are no issues on my credit record. The issues only started after the marker was applied. For those that carry out the extra checks, the account is opened. Many do not get to that stage.

Hazzanet

Sorry to hear that; I've not had any problems, so perhaps this is a case of YMMV.  

Theleak250

I tried to open an account and was asked to complete verification at branch. A few days later they said the application is rejected due to credit record but would not say what. Surely it cannot be that a large bank doesn’t know what a fraud protection marker is? It’s totally ridiculous. A further warning. I have checked my record and nothing is there other than this protection marker. I regret the day I ever applied for it. 

Olenna

Theleak250 said:

There are no issues on my credit record. The issues only started after the marker was applied. For those that carry out the extra checks, the account is opened. Many do not get to that stage.

This is true but your employer has not done anything wrong. It's the individual's choice to go for additional protection or not. 

Speaking from experience, sorting out fraudulent accounts are very time consuming. Denials or refferals for anything important can be usually be successful with further ID plus it automatically drops off after twelve months anyway.