Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Things I Learned about Credit Bureaus This Week
114 points by pakile on June 4, 2015 | hide | past | favorite | 31 comments
Last week, 1 or more parties hacked my Equifax account, set up an account at TransUnion, and ran up charges on a cloned credit card in Brazil. To resolve this, I’ve interacted with the FTC, police, card issuer, and credit bureaus. Here’s what I learned about the credit bureaus:

1. Equifax has no escalation path for security breaches on weekends. Even if a breach potentially affects millions of accounts, there is no way to report it until Monday.

2. TransUnion has no ability to investigate hacks or security breaches. They can only generate a reference number for the customer to file a police report with. (Note that their top product category is Credit Management & Protection.)

3. TransUnion and Equifax do not cooperate on investigations. Despite evidence that suggests the same hacker was at work, neither credit union indicated any interest in even talking with the other.

4. If your TransUnion account is hacked, you will lose online access for life. You will never be able to download your credit report from TransUnion again, and can only get it via mail. For life.

5. Experian displays your mother’s maiden name on your profile page. There is no way to hide this, obscure your mother’s maiden name, or select a different security question.

6. Experian agents cannot view support ticket numbers or track tickets. Only a supervisor can access ticket numbers. Of course, that means you need to talk to a supervisor…

7. Equifax and Experian are extremely reluctant to generate a ticket or escalate to a supervisor. At Equifax, I requested to speak to a supervisor 7 times. At Experian, the agent awkwardly tried to resolve a CloudFlare server error by asking if I was using Internet Explorer. It felt endemic. I did not sense this at TransUnion.

This experience has eroded my naive confidence in the consumer credit system. The burden for prevention, monitoring, and remediation is borne almost entirely by the customer. This doesn’t seem right.

I have no business dealing with "credit bureaus". I did not give them my information or consenting for them to store my information on their system.

So, I have been told constantly to "correct" my information with them - FUCK THEM! They bought/stole my personal information - I have no business with them.

Call me naive, but I wish more people would not give a damn about them either.

When I needed a loan to buy my house, I spoke directly to the loan officer face to face and told showed them all documents they needed and told them that if they need to consider my approval based on "Credit Score", I did not care.. I showed them the mistakes and mis-information they have in my credit report and -when he asked me to call them to fix it - I told him that I would not do that because I do not consent them holding my information. Two days later, the load officer called me to tell me my application was approved.

People need to do this more often.

Thanks for your comment, my sentiment exactly.

Opting out of the entire thing is the best way to eliminate this scam. It is absolutely stupid that in the US your financial life is dictated by an opaque algorithm and an entrenched bureaucracy.

If you live carefully you don't need credit at all, ever, except for possibly buying a house as you said. All other purchases... car, food, etc are easy enough to save up for... and if not, just do without until you can. Such a lifestyle sucks if you are used to instant gratification and living beyond your means (been there) but you can sleep better at night.

If more people followed your advice we would surely be better off... even in the circumstance of buying a house as you said, they will find a way... they are after all paid on commission :)

"It is absolutely stupid that in the US your financial life is dictated by an opaque algorithm"

It's not 'an opaque algorithm'. I'm assuming the US is similar to the UK, in that banks/lenders use credit bureaus for access to data. That data is then fed to the lenders' own systems for processing (to create a score, check against certain criteria etc.).

If banks did not have such reliable access to your credit status and history, they'd be less likely to give you a loan, and offer credit on worse (for the borrower) terms.

In the US, the main number that everyone is concerned with is the FICO score, and the algorithm is a secret. Most lenders do not generate their own measures of creditworthiness but rather just use FICO

Also even if you don't want to borrow money here is a list of things in the US that are increasingly based off of FICO:

1) car insurance 2) employment 3) wireless phone contracts 4) copper phone lines

I'm sure there are more... but you get the point I hope

Precisely. And if you are denied something based on the credit bureaus' negligently constructed profiles, sue them for libel.

Their whole system is based on an antiquated idea of singular "identity" that only worked when it was one small part; it simply doesn't scale. Some arbitrary facts about a person do not form a legitimate authorization mechanism!

The only way things are going to change is for people to realize they have absolutely no responsibility for a third party being defrauded.

You're not the customer. You're the product.


The credit bureaus simply don't care.

I had my identity stolen and then bad information was mixed into my account information. It took years to get things straightened out.

Even to this day, years later I can't do any online credit verification because it has data mixed with it from the credit bureaus, and I routinely get answers wrong because of this. But there is no one I can complain to, especially for these online data tests.

The best way to get something done is to do a proposition in states that support it, like California, and get a law voted in that forces better behavior from the credit bureaus. Then, because California requires it, chances are change will occur throughout the country.

This is what the Consumer Financial Protection Bureau is for. They probably can't do anything to help in the short term, because their powers are circumscribed by Congress, but you could try asking them how best to document your experience in a way that would influence future rulemaking.

The credit system is one of the most broken things in the US economy IMHO. It's a legal requirement / protected entity. One cannot legally get basic forms of financial instruments without existing in the system -- and if you have these financial instruments, you have no rights to limit your information sharing with these firms. This makes it nearly impossible to opt out of, and certainly impossible to choose which one you want to work with. As you've indicated, all of them are terrible and you have surprisingly little recourse to deal with issues or corrections. Until recent laws were passed, you were not even guaranteed to be able to request what information they kept on you.

This is one of few things that I would love to help correct as a business opportunity and a social good, but at the moment, the way the laws are structured makes an EXTREMELY high bar to get in, and these terribly flawed companies are highly protected.

Anybody want to tackle this (seemingly large) problem that we have with credit bureaus? I'd be more than happy to try and dethrone the credit bureau beasts with a new, helpful, transparent service that folks actually enjoy.

The best way to do this is to create a more accurate credit prediction system. Underwriters rely on credit scores because they’re cheap, quick, and easy way to triage risk. Credit scores are riddled with inaccuracies, but because risk is difficult to model precisely to begin with, these companies are still in business because they work decently well even despite the many errors.

If you could create a system using publicly available data that is a statistically and meaningfully superior way of predicting risk, it would be immensely valuable to the asset owners that are buying mortgages, insurance products etc. that rely on credit scores. You’d have to get them to demand it enough to change their underwriting guidelines (a morass of bureaucracy), but once they do, you’d also gain some steady demand and a moat of competitive advantage.

Some payday lenders already have their own prediction systems in place using scraped public data. The problem that arises is that due to regulation, credit decisions cannot be made based on certain information. I'm sure this varies across sectors of finance though.

> If you could create a system using publicly available data

The problem is, making people's financial transaction data public is essentially illegal and represents a competitive advantage.

You'd have to start with convincing major banks / credit issuers to report people to you. With that data, you could build what you suggest. The real hurdle is convincing people to do that and complying with the regulations.

"Credit scores are riddled with inaccuracies"

Are you mixing up credit scores and credit histories?

"If you could create a system using publicly available data that is a statistically and meaningfully superior way of predicting risk"

That's what underwriters at banks and other lenders try to do, albeit with not just publicly available data.

I heard of a company that was just starting up that plans to offer credit scores based solely on your Facebook, linkedin, twitter, etc. profiles. Be interesting to see if they get traction.

Request a credit freeze or a security freeze from the credit bureaus. This prevents entities from accessing your credit report without you lifting the freeze.

This stops a lot of the low hanging identity theft cases.


In case it matters, a credit freeze will also prevent services like Credit Karma from being able to access your information.


> 5. Experian displays your mother’s maiden name on your profile page. There is no way to hide this, obscure your mother’s maiden name, or select a different security question.

Not to detract from their incompetence, but still: never answer a security question with a true answer. That's what password managers are for.

I'm always sorry to hear these stories. I hope you'll write it up and blog about it, if only to help other victims. Navigating the byzantine world of credit bureau fraud is something many US citizens find bewildering.

Was it a CHASE card? I've seen reports of Compromised Chase credit cards on Flyertalk [1] and a couple of them mentioned use of a cloned card in Brazil.

Edit: [1] http://www.flyertalk.com/forum/chase-ultimate-rewards/168257...

It's a popular bank: https://www.chase.com/

Condolences and goodluck, I too would like to see a series of articles on what you've learned, the conciseness of your writing is preferred to what I find in publications.

As an aside: Guess it's time to put a credit freeze / lock on my record so the scammers can't hijack things. Lame that the agencies can charge us for this self - protective measure.

I would welcome seeing this extended into a larger and more detailed article, or even a series of articles. Usually I'm a little skeptical of complaint stories because they often strain credulity but you seem to have approached this in a patient and methodical manner.

That's part of why the credit bureaus and banks in the US have such incredible power. People tend to believe the calm and faceless large organization over an angry individual ranting on the Internet. Surely, the law wouldn't allow someone to be treated so poorly by corporations? And, yet...abuses are so pervasive that I am gradually beginning to think even the most ridiculous sounding horror stories about credit are believable.

Describe your experience in details and post it in public and visible blog. Also twit about - in other words - let the whole world know about this.

With all the recent privacy buzz - this may attract necessary attention to shake out this swamp.

This a great advice but it's a fucking shame that this is the ONLY resource many people have against credit bureaus and large corps in general. The number of times I tried traditional support to no avail and got a response to an angry tweet minutes/hours after posting makes me sick.

Get a lawyer. You can sue them under the Fair Credit Reporting Act (FCRA). That is the primary recourse you have, not customer service.

To Europeans wondering what this is, these are companies that track every financial transaction of Americans in ways that would violate dozens of privacy laws outside the u.s., and have become the de facto source for determining credit risk, rather than a simple search of court records for open or pending debt issues.

Err, Europe has credit bureaus too:


Jump to page 31 to see what is stored by the bureaus in each country.

I guess we're spoiled in Switzerland.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact