Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    VictimOfImpersonation
    Experian's Fundamental Breach of Data Protection Act 1998
    • #1
    • 29th Dec 13, 2:57 PM
    Experian's Fundamental Breach of Data Protection Act 1998 29th Dec 13 at 2:57 PM
    In another thread, which discusses an MSE news story about worrying revelations on security of personal data at Compare The Market (an organisation which itself will have close links to CRAs by virtue of it collecting personal data and constantly causing ID and credit checks on our files), I have got into a surprising ding dong with Experian Company Representative. According to the signature, he is Head Of Consumer Affairs at Experian (UK I assume and not worldwide - they are a giant worldwide CRA).

    He does post at weekends when it suits him, but he has gone strangely quiet since I told him Experian were breaking the law.

    I have discovered that Experian tolerate false data on our records to the extent that if you have a good credit history, it seems a fraudster can use an incorrect date of birth to secure credit in your name with the barest name and address details, and Experian will accept that data and simply mark your file with a negative mark because a new credit agreement is registered in your name.

    They will not alert you to false date of birth data and it seems they will not alert the bank who gave them the data either because the bank will just carry on like normal same as the CRA until someone says "Hey, what are you playing at?"

    Furthermore, when I point out that there is an obvious date of birth mismatch, Experian Company Representative says date of birth is not the only identifying data they use . What planet is he on ? Those of us that understand relational databases have to wonder whether he has any skill in the realm of data science at all ?

    My Experian CRA record has tens of entries recorded over decades all with the correct date of birth, yet now it has one two month old one with a totally incorrect date of birth - the fraudulent credit agreement.

    I am an established case with very consistent personal data. If it can happen to my data record at Experian, it can happen to thousands.

    And the official Experian spokesperson on MSE (yes they have one surprise surprise) says date of birth is not the only identifying factor . He invites me to send an email to them to show them what's wrong with my records. I have declined because what I have discovered is so glaringly incorrect that it should never have made it past an input filter into the database.

    I have warned him that until they conduct a data clean up on their whole database and discover these dates of birth mismatches (which is an extremely easy task) Experian is breaking the law. Whether he is heeding my advice or not we don't know, because he has gone quiet for a day.

    I think as a responsible officer of Experian refusing to deal with the fundamental nature of the breach and treating it as if it is just a possible glitch on my file only which I need to tell him about, he may himself also be personally breaking the law.

    Sad to say but unless they get their finger out, Experian and their representative appear to have acted recklessly and continue to do so in their obtention and holding of personal data in our names and not heeding warnings to go look for mismatches and manage them correctly.

    I just cannot for the life of me understand how they can so nonchalantly obtain and hold any data against anyone's name when the date of birth they have obtained is wrong. It is not their business to simply be a repository of all transacted data that might be in our names, safeguarding it for ever in case there has been a typo by the people that gave it to them, and the rest of it may be ok. It is their business to reject incorrect data, especially when a fundamental input filter like date of birth shows the data cannot stand.

    All such fundamental mismatches should be quarantined and then verified/rectified with the source trying to input it or it must be destroyed. Whether that quarantine should be even be at the CRA or at the source is another very big question.

    Date of Birth is so fundamental to personal data processing.

    In my case this false data has stood for two months in their database.

    However many more cases are there like this ?

    I have told Experian I can tell them exactly if they let me query their database.

    If I can bloody well tell them how to do it with a standard database query that a 12 year old could do, then why are they doing nothing to clean up their act?

    I have another example of where Experian's personal data protection may be flawed, and that relates to gaining access to full online credit reports. I know that CRAs themselves are constantly under attack to release our data to fraudsters who would use it as an aide memoire to launch attacks. I have discovered that with surprisingly little security data being verified, in certain somewhat surprising circumstances Experian can be persuaded by phone to delete previous accounts or previous failed registrations where documentary evidence was demanded but never provided. If it was demanded previously then how is it suddenly not necessary on the strength of a phone call a year or two later? The inconsistency is worrying.

    I also have a fear that they might then allow a brand new squeaky clean registration with only 3 out of four registration security questions correct. The security questions are tough enough (if you dont already have a copy of a previous CRA report to crib from) but surely they must ALL be answered correctly to get access to a spanking new report?
    In my case a version of my credit report is already in the hands of fraudsters courtesy of another CRA with a security hole at the time, CallCredit now known more by its trading name Noddle.


    Running CRAs like this is not the way to protect us - this way we are all made more vulnerable.

    What on earth is happening? We are also very clearly being badly let down big time by the Information Commissioners Office. Do we have an Official ICO Representative on MSE?
    Last edited by VictimOfImpersonation; 29-12-2013 at 3:09 PM.
Page 4
  • VictimOfImpersonation
    What your file shows is that someone used your name to apply for credit when the credit was applied for.

    Lets be honest, this is the case, as nowhere on your file does it explicitly state you did this.
    Originally posted by CKhalvashi
    And now you are arguing that this is a good thing? I am even less confident now about what you stand for CK.

    If you want the information removed, speak to the creditor, as they are the only ones able to remove it, as was explained to you 3 pages ago.
    Ah, and there's the rub - I think I have made it clear that I what I want is to topple bad business or bring it to heel. In this case, the disappearance of that bad data from my file is the test of the resolution of my complaint, not the goal.


    Anyway, look at the time! Happy New Year ladies and gentlefolks (and you Experian Company Representative!), my celebrations start now, but please let's resolve to clean-up our acts properly in the New Year
    Last edited by VictimOfImpersonation; 31-12-2013 at 4:42 PM. Reason: Happy New Year!
  • goonarmy
    This is definately the place to clean up an act...
  • VictimOfImpersonation
    1 Negative factors
    • You have recently opened 1 or more new credit accounts. [No I didn't. A fraudster did. With an incorrect date of birth] Your bank of umpteen years and umpteen products issued it and told your CRA of umpteen years that you are 8 years younger than they have you down for. Experian swallowed it and coincidentally as this is a new credit agreement marked your file with this red negative factor and downgraded your credit score. Experian knows about the date of birth mismatch problem - it is a general problem onboard the good ship CreditExpert. It is easy to see everywhere on the ship. Not cleaned up yet though - costs to swab the decks ? Can't admit the decks are a in a bit of a state - bad show. We are the captain of the ship - it is all beneath us. Grandstand and brass it out. [Costa Concordia style ?]
    0 changes since last report

    See more ?
    Regrettably we expect so. Next clean-up status report tomorrow.
  • goonarmy
    Cant wait. So far, so good.
  • VictimOfImpersonation
    Not at all. We do care and we carry out rigorous checks on incoming information.
    by Experian Company Representative
    Clearly you are misinformed.

    You have maintained a large file on me for decades. It contains numerous records all with the same date of birth except the last one. Clearly there is no rigorous check that flagged up the new record for rejection or even for investigation. None whatever.

    Do you doubt that what I have said has happened?

    Explain carefully please.
    by me
    We still seem to be missing a careful explanation of how this could have the escaped the net, or an explanation of the net itself (which I am entitled to doubt actually exists).

    Meantime latest status report on my Experian Credit Report:
    1 Negative factors
    • You have recently opened 1 or more new credit accounts. [No I didn't. A fraudster did. With an incorrect date of birth] Your bank of umpteen years and umpteen products issued it and told your CRA of umpteen years that you are 8 years younger than they have you down for. Experian swallowed it and coincidentally as this is a new credit agreement marked your file with this red negative factor and downgraded your credit score. Experian knows about the date of birth mismatch problem - it is a general problem onboard the good ship CreditExpert. It is easy to see everywhere on the ship. Not cleaned up yet though - costs to swab the decks ? Can't admit the decks are a in a bit of a state - bad show. We are the captain of the ship - it is all beneath us. Grandstand and brass it out. [Costa Concordia style ?]
    0 changes since last report

    See more ?
    Regrettably we expect so. Next clean-up status report tomorrow. Maybe with more news from the bank too who are saying they haven't contacted the CFAs or CIFAS because I hadn't got the forms back yet that simply confirmed that I did not open a new account with them using a totally wrong dob (wrong day/wrong month/wrong year) and using someone else's bank account details with another bank. I only offered to complete the forms as a goodwill gesture because the Customer Relations guy seemed extremely apologetic and had relented in the face of the obvious to give me the dob info and the third party bank account detail. Marvellous isn't it?
  • kirkbyinfurnesslad
    Is this guy obsessed or what?
  • VictimOfImpersonation
    Is this guy obsessed or what?
    Originally posted by kirkbyinfurnesslad
    I am not sure it affects the price of eggs in KirkbyinFurness, lad(/dette), if that's what you are worried about.

    No I am not obsessed, just a bit of a pain when I get the bit between the teeth on stuff that company men don't want discussed.

    Anyway, see yer tomorrow with another crucial update if you can't stop yourselves! Meantime read again and digest if you've nothing better to do - and you meer53 if you don't wish to properly answer that question I posed on the other thread

    1 Negative factors
    • You have recently opened 1 or more new credit accounts. [No I didn't. A fraudster did. With an incorrect date of birth] Your bank of umpteen years and umpteen products issued it and told your CRA of umpteen years that you are 8 years younger than they have you down for. Experian swallowed it and coincidentally as this is a new credit agreement marked your file with this red negative factor and downgraded your credit score. Experian knows about the date of birth mismatch problem - it is a general problem onboard the good ship CreditExpert. It is easy to see everywhere on the ship. Not cleaned up yet though - costs to swab the decks ? Can't admit the decks are a in a bit of a state - bad show. We are the captain of the ship - it is all beneath us. Grandstand and brass it out. [Costa Concordia style ?]
    0 changes since last report
  • kirkbyinfurnesslad
    Anyone got some pins to stick in their eyes instead?
  • VictimOfImpersonation
    An update:

    The financial services organisation least responsible for the breaches of my personal data security in their processes contacted me out of the blue today. They are able to identify me through past business so can identify me and discuss matters candidly with me.

    But in this case they are actually the third party bank whose customer sort code and current account number were input as part of the fraudulent card application in my name on the website of a bank with whom I have done business for years. The name of the third party current account-holder is completely different to mine. I have asked whether there is any address link (e.g. following account takeover fraud) but they have been reluctant to release an assurance* on that yet.

    When I first contacted this bank, despite an in depth discussion with a senior customer relations person, I could not get an assurance that they would investigate (using the sort code and account number I passed to them which I'd obtained from the card provider), and especially I got no assurance that they would seek to protect their third party customer whose details were compromised.

    Regrettably I told them in my call before Christmas that it therefore had to be logged as an unresolved complaint. Within a few days I received a final decision letter on the complaint which broadly gave me no further assurance. I put it to one side and as yet have not named either bank on MSE.

    However, the news is that something has caused the third party bank to think again and to call me and tell me they have picked up the baton again, and I am grateful for their pro-activity.

    I just wish the first party bank and the CRAs were as pro-active. I can still see no CIFAS marker for example, and of course the fraudulent account with the completely wrong dob is still sitting on my credit report as if it were mine. I wonder if it will show as unpaid/in default soon ? Hopefully not since I was told the account was "suspended", but shall we see what happens ?

    Apparently it takes the average victim of ID fraud 7 months to discover their details have been compromised. I am sure that does not mean they discover all about how it happened. Only the banks and CRAs are party to that kind of intelligence unless we victims stumble upon it.

    Let's see how long it takes the banks and CRAs to discover exactly which way is up now we have given them some clues ! It's been over two weeks since I alerted them.

    I think it has been some days since I notified CallCredit and Equifax of exactly what had happened. I haven't even had a response from CallCredit ("Noddle") and Equifax simply said that they are not notified of every agreement.

    The task I set Experian is more difficult - they deserve it - I can see the incorrect date of birth in my records with them. I can't see the dob on the CallCredit entry, and I can see no entry at all on Equifax. So CallCredit may have, but Experian definitely accepted the wrong dob unchallenged. I imagine the card provider will eventually contact them to tidy things up.

    That should make it less of a headache for Experian if they are not going to do a general dob clean-up. But that's not the point, is it?

    Maybe that's what James is banking on though? I am not impressed if he is content to let me stew in my own juice if that is how he is justifying things to himself. It's not me that's stewing. It's the whole database with all those obvious unqueried mismatches in it. If it stews long enough on a low heat, will it be tenderised and germ free?

    The more I think about this, the more I am beginning to think CRAs have, and are rapidly acquiring, more data than they are willing to manage properly, and the longer that goes on, the less likely that they will ever be able to manage it properly. How fundamental a breach can you get if you are an ICO licensed data controller ?
    Last edited by VictimOfImpersonation; 03-01-2014 at 2:24 PM. Reason: * (See second paragraph) They have now, and again I am grateful for the pro-activity of this one outfield player
  • VictimOfImpersonation
    1 Negative factors
    • You have recently opened 1 or more new credit accounts. [No I didn't. A fraudster did. With an incorrect date of birth] Your bank of umpteen years and umpteen products accepted it and so did we, your CRA of umpteen years. Yep, Experian swallowed it and maybe CallCredit too but we don't know that for sure because CallCredit don't show dates of birth by indiividual credit agreement. They kind of accept that doesn't need mentioning more than once in a credit report I suppose (at the top!)? Anyway as this is a new credit agreement Experian marked your file with this red negative factor and downgraded your credit score. Experian knows about the date of birth mismatch problems - apparently it is not viewed as a general problem. I think I might contact all my credit providers and alter my dates of birth to something more meaningful - maybe so the first credit agreement shows 01/01/01 and the latest shows as 43/43/43 or something?
    0 changes since last report, but at least one other bank customer has now got their ID "shored up".
    • Tiddlywinks
    • By Tiddlywinks 3rd Jan 14, 9:58 PM
    • 5,351 Posts
    • 18,507 Thanks
    Tiddlywinks
    I am beyond caring... but look in to chuckle at how you really are deluded into thinking that your actions will make a difference.

    You have been offered the opportunity - by James - to submit details of the inaccuracies for their consideration but you have chosen not to do that.... the continuing issue is there because you have failed to engage despite an invitation to talk.

    This thread is just the self indulgent ramblings of an egotist.
  • Dovah_diva
    I don't think he realises no one cares - before too long he will be the lone voice in the wilderness. I suspect he was hoping Martin would rock up on his white charger, seize the baton and make this his new challenge.

    Poor lamb.
  • VictimOfImpersonation
    And your posts, Tiddlewinks are ... and yours diva ...?

    The difference between you and me is that I am aware of just how powerful MSE is and it doesn't require Martin to do anything other than resist any commercial pressure MSE might get to take down the threads. I am sure MSE will let me know if I publish anything they cannot bear.

    Much like the PDL companies they trade with, I don't much expect Experian to do anything they don't want to do. What I fully expect now is that the stink I created that has mobilised one bank and shortly the other I imagine will actually cause these incorrect entries to disappear in maybe a week or so, but before that happens, I expect Experian will receive another routine update from the card provider showing a third month with no payment. That will reduce my credit rating and I shall tell you if it happens.

    If the incorrect entries on my file do disappear, that will of course probably mean that Experian did nothing special to discover dob mismatches, and just waited for the bank to get in touch, but I think you can be sure that the banks involved will be investigating what the hell happened generally.

    Meantime I noticed tonight that Experian goes so gaily about the business of recording dates that in respect of two of my credit agreements the Experian record has been updated to 12/01/2014

    Accuracy is perhaps only a Utopian state of mind where they are concerned.

    Meantime I shall update you accurately each day until there is a change - you don't have to look, and you don't have to post
    Last edited by VictimOfImpersonation; 03-01-2014 at 10:24 PM.
  • Dovah_diva
    And your posts, Tiddlewinks are ... and yours diva ...?
    Originally posted by VictimOfImpersonation
    I can't speak for Tiddlywinks, of course, but I am simply checking in and posting for amusement value. I still think you are utterly bonkers, but in a charming, mad-old-Uncle-that-no-one-likes-to-have-for-Christmas-kind of way.

    At some point you'll get bored and will declare that the CEO of Experian himself turned up at your house, apologised for the screw up in person, offered you a five figure sum for your silence and then publicly resigned his post. Until that happens, I'll enjoy your ramblings. I especially look forward to the snapshot of your credit file. That's really exciting.
  • VictimOfImpersonation
    At some point you'll get bored and will declare that the CEO of Experian himself turned up at your house, apologised for the screw up in person, offered you a five figure sum for your silence and then publicly resigned his post.
    Originally posted by Dovah_diva
    I would not be so bold else they'd take the money back, diva - such is the nature of secret cosy commercially motivated agreements
    • luvchocolate
    • By luvchocolate 4th Jan 14, 7:59 AM
    • 1,901 Posts
    • 1,809 Thanks
    luvchocolate
    so many threads.....loosing the will to read them now..please victim rant over enough is enough
    • Morglin
    • By Morglin 4th Jan 14, 10:21 AM
    • 14,673 Posts
    • 26,992 Thanks
    Morglin
    I mentioned the fantastic quality of a large chunk of 60s and 70s state schooling earlier.

    I blame the schooling that beset the 80s and 90s. That was where it became the norm that to be a "swot" was to be hounded and ridiculed for being different, and an ability to blend in with the lowest common denominator and to follow the lead of celebs, monied sorts and wannabes was key to survival.

    Such a shame that made its inevitable way into the thinking of a whole generation.

    Loadsamoney!!
    Originally posted by VictimOfImpersonation
    For what it's worth, I was schooled through the 60's. Went to a good grammar school, but when I started my career in what was the Midland Bank, the most advanced technology they had was IBM ledger posting machines, and most of the work was manual - so, I'm unclear about all the techno available for your school!

    Most of what in available now, technology wise, hadn't even been developed in the 60's.

    I then went to work for a major finance company, and credit checking was a cumbersome process, involving sending for bank references, for those who actually had accounts, and checking with BDS as to financial status - it took days, and no one would want to back to that system, especially with the volume of credit applied for now.

    Banks lent on the premise of whether the bank manager (Demi Gods, in their own minds then!), actually liked a customer.

    So, it's not perfect now, you are correct, but it's better than it was.

    As to age, well, I'm retired, and I've led teams, but I have also worked under folk younger than me, and no problems with that.

    Age is no indicator of wisdom, as there are some terminally stupid 'oldies' as well as gormless youngsters!

    And, there are intelligent and wise folk in both groups.

    Schools now, as in the 60's, vary between good, bad and indifferent, and to denigrate younger posters on here, simply because they are younger than you, shows a lack of manners, to be frank.

    You obviously have a problem with the CRA's, but you cannot beat the system.

    Use your self proclaimed wisdom and put things right via the procedures laid down.

    Lin
    You can tell a lot about a woman by her hands..........for instance, if they are placed around your throat, she's probably slightly upset.
  • VictimOfImpersonation
    Hello Lin.

    No.
  • VictimOfImpersonation
    Just tidying up before bed and realised I'd not opened the post today (yesterday now).

    So then, I have a letter. My credit card provider has kindly added an extra 24 this month (well last month actually) to the fraudulently opened credit card account we have here under the microscope. One further 'Over Credit Limit Charge' and one 'Late Payment Charge'.

    Unfortunately, or fortunately, depending on how you see such things, no such news has yet reached Experian or CallCredit (Noddle). And of course nothing whatsoever about this account has ever reached Equifax (or if it did, they are clever enough not to link it to me!)

    So, would anyone like to bet what happens next?

    When exactly will Experian eventually learn of this 24 and reduce my Credit Score?


    Well, you are not going to believe this, but since I started typing this post over an hour ago, I have realised and established that this second letter I received in the last post relates to a second fraudulently opened account and surprise surprise it too was opened with an incorrect date of birth. The main fraud team at the card provider are not accessible until later this morning so I guess I have to sleep on the fact that there is what Charles Clarke might call systemic failure in the whole system which is supposed to protect our ID.


    Anyone gobsmacked yet?

    Will ICO and FCA wake up and start cracking the whip ?

    Find out here on MSE
    • Tiddlywinks
    • By Tiddlywinks 6th Jan 14, 12:30 PM
    • 5,351 Posts
    • 18,507 Thanks
    Tiddlywinks
    Yes, gobsmacked at your inability to grasp the fundamental issue.

    Once again with feeling... the CRA didn't authorise the fraudulent account - the card provider did.

    The CRAs will show the account as having arrears IF and WHEN the card provider gives them that data to report.

    Rather than spending your time moaning on here might I suggest that you talk with the card provider about their provisions of incorrect data to the CRAs.

    Oh, and engage with the CRAs about your 'beef' rather than repeating the same old drivel on this board.
    Last edited by Tiddlywinks; 06-01-2014 at 12:35 PM.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

263Posts Today

3,529Users online

Martin's Twitter