Consumers will soon be able to freeze their credit files without charge. So if you have not yet frozen your files — a recommended step to foil identity theft — now is a good time to take action, consumer advocates say.
Security freezes, often called credit freezes, are “absolutely” the best way to prevent criminals from using your personal information to open new accounts in your name, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearinghouse, a consumer advocacy nonprofit group.
Free freezes, which will be available next Friday, were required as part of broader financial legislation signed in May by President Trump.
Free security freezes were already available in some states and in certain situations, but the federal law requires that they be made available nationally. Two of the three major credit reporting bureaus, Equifax and TransUnion, have already abandoned the fees. The third, Experian, said it would begin offering free credit freezes next Friday. To be effective, freezes must be placed at all three bureaus.
The Federal Trade Commission says that when the law takes effect, its identity theft website will provide links to each bureau’s freeze website.
A security freeze makes it harder for criminals to use stolen information to open fraudulent new accounts, or borrow money, in your name. Credit bureaus house records of your accounts and payment history, which card companies and lenders use to decide whether you are likely to pay your bills. If you freeze your file, the bureaus will not provide information to lenders unless you “thaw” the freeze first, using a special personal identification number.
Free security freezes are becoming available more than a year after a huge data breach was discovered at Equifax. The breach compromised the personal information, including Social Security numbers, birth dates and other sensitive details, of more than 145 million people — nearly half the population of the United States.
Despite the scale of that breach, and a steady stream of other incidents, security freezes have not really caught on. An AARP survey of about 2,000 adults found that just 14 percent had frozen their credit files. (The survey, conducted in July by GfK Group using a probability-based online panel, has a margin of sampling error of plus or minus two percentage points.)
In-depth interviews with 24 consumers by researchers at the University of Michigan School of Information found that many people knew about the Equifax breach, but few had taken the step of freezing their credit files as a result.
Consumers suffer from “optimism bias,” the researchers found. They realized that the breach created risk, but did not think anything would happen to them personally. “People tend to underestimate their own risk,” said Florian Schaub, an assistant professor at the school and one of the study’s authors.
Others incorrectly assumed that because they had poor credit or little wealth, they would be unattractive targets for identity thieves. “They think: ‘I don’t have much money. I have nothing to lose,’” Mr. Schaub said. “But that’s not how identity thieves operate.”
People interviewed also cited the cost of freezes as a barrier. It can cost as much as $10 per bureau to place a freeze, and a similar fee is charged to thaw it temporarily when you want to apply for credit.
Consumer advocates hope that making freezes free will spur more consumers to use them. (The new law requires that a thaw must also be free.)
But the freeze process is not as easy as it could be, said Mike Litt, consumer campaign director for U.S. PIRG, the consumer advocacy group. He would prefer credit files to be “frozen” by default, and thawed on request. As it stands, consumers must place freezes separately at all three bureaus, and keep track of three PINs.
And because it’s not always possible to know in advance what credit bureau a lender will use, consumers typically must lift the freezes at all three bureaus when they want to apply for new credit.
Brett Merfish, a lawyer in Austin, Tex., said she froze her credit at all three bureaus several years ago, after her personal information was used to open “a steady flow” of fraudulent credit card accounts. The freeze process was “tedious,” she recalled, but ultimately effective because she no longer has problems with fake accounts. “It’s worth it to do it,” she said.
One credit bureau, TransUnion, introduced a smartphone app, myTransUnion, this month that consumers can use to more easily freeze and thaw their credit. The app is available for both Apple and Android phones. Mr. Stephens, of the Privacy Rights Clearinghouse, said he had not seen the app, but cautioned consumers to tread carefully, in case it is used to market other, fee-based products and services.
The credit bureaus also offer something called a credit “lock,” which they promote as a more convenient way to protect your information. But some offerings carry fees, and consumer advocates prefer freezes because the rules are set by law, rather than by the credit bureaus.
One other less-protective option is a fraud alert, which requires credit bureaus to contact you to verify your identity when a company requests your credit file. Under the new law, initial fraud alerts must last for one year once established. Fraud alerts are free, and, unlike the freezes, an alert placed at one bureau is automatically placed at all three.
U.S. PIRG also recommends freezing your file at a lesser-known reporting agency known as the National Consumer Telecom and Utilities Exchange. The exchange provides credit information to some cellphone, pay television and utility companies. (Some consumers have reported having cellular accounts opened in their names, even though they had placed freezes on their credit reports at the main bureaus.)
The website for the utilities exchange says its database is “housed and managed” by Equifax. But the exchange is a “distinct” entity that requires its own freeze, said Craig Caesar, outside counsel to the exchange. “A separate request to N.C.T.U.E. is required because it is a separate database,” Mr. Caesar said in an email. There is no cost for a freeze, he said.
The new law also requires credit bureaus to allow parents to create and freeze credit files for their children under 16, to prevent their identities from being misused. The Federal Trade Commission offers information on what to do.
Freezes will not protect you from other types of fraud, like someone using the number of a credit card you already have, or impersonating you online to claim your Social Security benefits. To help prevent those types of theft, Mr. Litt recommends checking your credit card statements regularly for suspicious charges, and setting up and monitoring an online Social Security account, to prevent criminals from opening one first and diverting your benefit checks. A PIRG report suggests other helpful steps as well.
Checking your credit report periodically is also wise. You are entitled to one free copy each year from the big three bureaus at annualcreditreport.com. (A security freeze will not prevent you from getting your free annual report, the F.T.C. says.)
Here are the websites to visit to set up security freezes:
National Consumer Telecom and Utilities Exchange: www.nctue.com/Consumers