More than once in the last 6 or 7 years, I’ve received messages in the mail that tell me either my information or my children’s personal data has been lost or stolen. A laptop stolen from Sutter was the latest example to potentially affect me directly. I’m usually baffled as to why companies allow machines out in the “wild” to contain personal data and not also have more sophisticated encryption techniques.
Many are freeware and/or open source – Take TrueCrypt for example. It’s free and according to their FAQ, “it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors)” to crack the password. I’ll grant that rolling out desktop encryption doesn’t happen by magic and that it takes time money and resources to do it. However, the reputational risk of an event like this has to outweigh saving a few bucks on rolling out at encryption to your various mobile devices.
Yesterday, I received a credit card application for my 2 year old from Discover. As a 2 year old, we’ve had very little opportunity to order anything in her name which is one way a company might have put her on a mailing list. She’s obviously never applied for credit, so that’s not it. The only people that should have her full name are hospitals, friends and possibly acquaintances on Facebook. The latter shouldn’t have her address since I keep that stuff private. The final option could be, but is not necessarily, that someone applied for credit in her name but frankly that seems relatively unlikely given that the Discover application came to our address. Our mail box is locked and I shred everything so it seems a little farfetched that there would be any tampering with our mail.
Still, I’d rather be safe than sorry.
So, I called Discover and asked them for a couple things –
- Do not solicit – I requested they add my daughter to a list that tells them, “we don’t want your credit applications.”
- Who gave you the info – Having some background knowledge on mail campaigns, I know that usually lists are purchased from “somewhere.” Companies don’t just make up names to solicit so that info had to come from some place. The representative was not 100% sure but said that they often get lists from Equifax.
So my next step was to see what is on her Equifax report.
If you don’t know, you have a right to a free credit report from each of the major credit bureau companies every 12 months. There are 3 of them: Equifax, TransUnion, and Experian. You could set yourself up such that you have a free credit report every 4 months if you staggered your requests. For example if I pull a credit report from Experian every January, one from TransUnion every May and one from Equifax every September, I could stay fairly up-to-date on my credit. Granted each one may have slightly different information but it sure is better than not reviewing your information.
With this information I headed over to AnnualCreditreport.com to try to pull a report as the legal representative of my 2 year old daughter. I’ve used this site to pull my own free report in the past so I know it works and that it is legit. However, I filled in her data and received this error.
Due to security and privacy reasons, credit report requests of persons under 13 years of age must be requested by their parent or guardian and additional identification documentation must be provided which cannot be submitted through this website. Instructions for completing these requests can be accessed through this website by clicking mail request for a child under 13. If this date of birth was entered in error, please try again.
Sigh. Some things are just never easy.
I think I understand the necessity of making this a “mail only” process… but not really. Seems that they could pretty easily facilitate an automated process of verifying my identity. That’s a battle for another day. According to the linked page “The credit reporting agencies do not knowingly maintain credit files on minor children. If you suspect that your minor child’s information has been used fraudulently, you should contact the credit reporting agencies directly and report the illegal use of your child’s information to law enforcement.”
The page also provides specific instructions on what information to send to request a credit report for a minor child. I will be following these for each of my children who are under 18 (4 of them) and thus making sure no one is attempting to use their identities fraudulently.
For kicks, I also checked the sites of each of the bureaus to see if they provided any easier way to get to the information I need. The only one of the major 3 that seemed to have a plan for keeping my kids safe was Equifax. They have a product called – Equifax Complete™ Family plan that costs 29.95/month. I have not tried it so I cannot yet tell you how easy or difficult it is to use, but they seem to be the only ones offering this type of product.
Next Steps –
I’ll be requesting the information for my each of the bureaus and I’ll report back on how easy or difficult is the process. You might consider checking up on your own kids to make sure they are safe and of course be sure to monitor your own credit. It’s free and it could save you a lot of money and time. According to givemebackmycredit.com, a study by Javelin Strategy and Research indicated “the year 2011 saw a disturbing 13% increase in the number of cases of identity theft reported by participants in comparison to the number of cases reported in 2010.“ To avoid the headache of identity theft or other fraudulent use of your credit, take some steps to protect yourself by monitoring what these big credit companies are tracking related to your finances.
Here’s my to-do list
- Monitor my credit file(s) at annualcreditreport.com
- If I have any suspicion of my children’s personal data being inappropriately used, request their credit file via mail
- If I receive credit solicitations, call to have them removed
- Shred credit solicitations before throwing in the trash
What steps are you taking to protect your credit file and your identity?