By TOM ZELLER Jr.
Consumer advocates have long complained that the fraud alert system
mandated by Congress in 2003 as a consumer's first line of defense
against identity theft does not always work properly.
So a company seeking to enter the market for identity theft prevention
services recently recruited 54 data security and privacy experts to
test the system. They claim to have found some kinks, although the
credit reporting agencies beg to differ.
Julie Fergerson, vice president for emerging technologies at Debix,
the company that produced the study, said that in 40 percent of the
cases she examined, it appeared that fraud alerts had failed to put
all the reporting agencies on notice to prevent new credit accounts,
loans and other debts from being opened in a consumer's name without a
verifying phone call from the creditor.
The implication, Ms. Fergerson said, is that you've got millions of
people who think that they have fraud protection in place when
actually they don't.
But Norm Magnuson, a spokesman for the Consumer Data Industry
Association, which represents the major consumer reporting agencies,
including Equifax, Experian and TransUnion, suggested that those
findings were absurd.
The fraud alert response system is working as it should, contrary to
what the Debix report indicates, he said. Starting with the 54
consumers they surveyed, I'd question whether that's an adequate
number to base their conclusions on.
In updating the Fair Credit and Reporting Act in 2003, Congress
included rules intended to make it simpler for consumers to place
fraud warnings on their credit files, including a basic, 90-day alert
designed for identity theft victims, but available to anyone who wants
Under the law, this alert can be established with a phone call to one
of the major consumer reporting companies, which must then refer the
information regarding the fraud alert to the others.
The Federal Trade Commission is charged with ensuring compliance.
The Debix study included privacy and consumer rights advocates, as
well as data security executives from Citigroup, Charles Schwab,
Expedia, Discover Financial and other companies.
Participants were registered for fraud alerts at one credit reporting
agency most at TransUnion, Ms. Fergerson said.
Of the 54 volunteers, 32 received confirmation letters within a week
or so the sign that things worked as they should. But in 22 cases,
something went awry.
In 18 cases, the fraud alert was set at only two agencies. In four
cases, it took hold at only one.
Ms. Fergerson surmised that in instances where formatting of data
name, date of birth or other essential information differed between
agencies, it was more likely that the fraud alert would not propagate
properly. Without access to the internal systems of the agencies, it
is impossible to know, however.
There's not a 40 percent failure rate, Mr. Magnuson asserted, although
he said there were no readily available statistics on any breakdowns
in the fraud alert system.
Mr. Magnuson also pointed out, in an e-mail message prepared in tandem
with representatives of the three credit reporting agencies, that
Debix has a business model that makes money by alleging that the fraud
alert process doesn't work.
Indeed, Debix is one of a growing list of companies promising, for a
fee, to alleviate the headache of keeping your credit file protected.
Ms. Fergerson said her company had shared the results of the study
with the trade commission. Betsy Broder, the assistant director of the
commission's division of privacy and identity protection, would not
comment on the agency's response, but noted that the fraud alert
system was still new.
Copyright 2006 The New York Times Company
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
For more news and headlines from NY Times, Christian Science Monitor
and National Public Radio, please go to: