Network News

X My Profile
View More Activity

TransUnion to Offer Credit Freeze In All U.S. States

TransUnion, one of the three major consumer credit reporting bureaus, said Tuesday that starting next month it will allow consumers to freeze and thaw their credit files as a means to prevent identity theft.

A credit freeze directs the credit bureaus to block access to a consumer's credit report and credit score. At present, at least 39 states and the District of Columbia allow consumers to freeze their credit files, but many of those laws do not take effect until 2008 or 2009. TransUnion would be the first bureau to voluntarily offer freezes to consumers in all 50 states (and D.C.).

TransUnion said that in states where there is an existing freeze law, the company will continue to meet or exceed the requirements of those laws. In states where a law has been enacted, but is not yet effective, or where no law has been enacted, TransUnion will provide freezes free to all identity theft victims. Non-victims would need to pay a $10 fee to add, lift, or remove a freeze.

To place a freeze with TransUnion, consumers will need to submit a request via certified mail, but they will be able to lift it via regular mail or by telephone.

Gail Hillebrand, a senior attorney for Consumers Union, called the announcement "a good first step," but said it won't mean much unless the other two major credit reporting bureaus -- Equifax and Experian -- make a similar offer.

"I think if the other two don't do this, Congress will have to make them do it," Hillebrand said. "This also makes it perfectly clear that freezes on a national scale are doable, despite what the industry has been saying for years now. All their arguments about how difficult it would be [to offer freezes to all U.S. residents] go right out the window with this announcement."

Experian spokesman Donald Girard said the company is considering it. "We're looking at all aspects of this now," he said.

A representative from Equifax said the company does not comment about plans for products or services that it may offer in the future.

A story I wrote back in May provides some background on Hillebrand's comments, as it tells the story of how Consumers Union and other consumer advocates fought an uphill battle against the credit bureaus and the financial industry to win passage of a freeze law in Delaware, arguably America's most corporate-friendly state.

For the millions of consumers who receive notice each year that their personal or financial data was lost or stolen, a preemptive security freeze can offer peace of mind. It blocks businesses and potential fraudsters from gaining access to a consumer's credit report and score, and from granting new lines of credit in the consumer's name. In many states, consumers who want to remove the freeze can use a special identification number to unlock access to their credit file.

Even if all three credit reporting bureaus were to extend the freeze to all U.S. citizens at the same price, it would still cost $30 to place a freeze and another $30 to lift one (since filing a freeze at just one of the bureaus does little good). That's probably beyond what a number of households on limited or fixed incomes can afford. In recognition of this fact, some states have won much lower rates for freezes: Indiana residents, for example, can get them for free, whether or not they can prove they've been victimized by identity theft. A freeze costs just $3 to place or lift in Montana, and the fee is just $5 in both New Jersey and New York.

Some states have gone even further. As detailed in the story I mentioned above, Delaware is among a handful of states that require the credit bureaus to thaw a consumer's credit file within 15 minutes of receiving the request. The other states with similar fast-thaw laws include Minnesota, Montana, New Jersey, Utah and West Virginia.

I am particularly enthused by this news because it means we may soon have credit freeze rights in Virginia, whose legislature gave scant consideration this year to at least two proposed freeze laws.

One thing to note about the announcement, which was oddly enough published without much fanfare via a press release: It looks a lot like the fine print you'd see at the bottom of a free vacation offer. I had to increase the font size in my browser just to read it.

To find out about freeze laws in your state, check out the information at this site.

By Brian Krebs  |  September 19, 2007; 5:30 PM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Firefox Update Fixes Apple QuickTime Flaw
Next: Your Money or Your E-mail


"To place a freeze with TransUnion, consumers will need to submit a request via certified mail, but they will be able to lift it via regular mail or by telephone"

Huh? Isn't that backwards? It should require more authentication (i.e. certified mail) to remove the freeze than to apply it.

If all it takes is a phone call to thaw someone's personal info, there is not much security in the process (think phone companies giving up personal records with just a phone call).

As an analogy, it should be simple/easy to lock a safe, but very difficult to unlock it. Likewise, it should be simple/easy to lock down your personal information (aka a credit freeze), but hard to unlock it (aka a credit thaw).

Posted by: SayWhat | September 19, 2007 6:06 PM | Report abuse

I live in Pennsylvania and just put a security freeze into effect with all three credit bureaus. It was $30 well spent (and considering what the credit bureaus charge for their credit monitoring services this is not a bad deal, even if you thaw your freeze once a year).

A few years back my credit card was compromised during the DSW Shoe Warehouse security breech -- although I had no problems I don't want to have any. I was very happy when Pennsylvania instituted this law and am actively encouraging senior citizens in this state to apply since the cost is nothing (except the initial certified mail).

In regards to the concern expressed about authenticating a thaw via mail or phone the process of removing a thaw is as follows:

1) After the credit bureaus receive your request via certified mail they will send you a confirmation letter with a personal ID number.
2) If you wish to thaw your freeze you can call (or go to a web site in some instances) and give the credit bureau your personal ID number and the thaw will occur, either for a specified organization or time frame (up to one month).
3) Should you lose or misplace your ID number then you would have to go through the process of proving your identity via certified mail as when you first applied for the freeze by providing a copy of a utility bill and driver's license.

Brian, you might also want to check with TransUnion to see how long the freeze will stay in effect (unless it is lifted). In Pennsylvania the limit is seven years at which time it has to be renewed.

Posted by: John | September 19, 2007 6:31 PM | Report abuse

This is disgusting. The credit bureaus make billions selling our personal information, treat it sloppily so we have to worry about identity theft, and then have the nerve to charge us for freezing and monitoring. All three bureaus should offer freezing FOR FREE to ALL consumers.

Oh well, once again big money controls the legislators... why should I expect any different.

Posted by: thermowax | September 19, 2007 7:49 PM | Report abuse

The credit bureau are shakedown artists. The question to ask is who owns your personal information: you or the credit bureau?

I can hardly wait for Va to enact a credit freeze law. This idea, in general, is just so right during this era of quick and easy credit with minimal documentation.

While any access control to one's credit information should not be trivial, locking the account should be easier than unlocking if one has to be more difficult than the other.

Posted by: Ivan Groznii | September 19, 2007 10:37 PM | Report abuse

Some time back, shortly after becoming a Realtor, it was necessary for me to upgrade my computer equipment. I checked all major stores [Best Buy, Comp USA, Staples, Office Depot & Circuit City] for the best deals and after doing this, I purchased two systems from Best Buy. I had somewhere between $700 to $900 in rebates but the receipts were so light that the printing was hardly visible after only 30 days.

Long story short, most of the rebates were denied, so I ceased paying for anything. It took several weeks to eventually learn that Best Buy's senior credit management and Office of General Counsel was in New Jersey and GUESS WHAT !!! The same folks were also the senior credit management and Office of General Counsel for the GE Card.

Well after extensive 'research' [sic] Best Buy found about $85 in rebates, but because I was a 'valued customer' I was offered about $125 in rebates.

At this point, I advised the Office of General Counsel for both companies [even the same secretary for the same General Counsel] that when they could find my records [again] I would pay both Best Buy & the GE Card, but not until. I was then told that rebate records were not saved at the store after 30 days past purchase. The account for Best Buy was contested and recently written off by Best Buy. My GE Card account was 'sold' for pennies on the dollar to an 'investor' collection company.

I have always receive no less than 4 credit card offers per month and on the few that I have 'tested,' I am always rejected. SO JUST WHAT KIND OF PRE-SCREENING IS BEING DONE ANYWAY -- WHAT A JOKE.


Of course, customers still can't readily find any management for Best Buy outside of the store used and all employees are kept intentionally ignorant of means to reach senior management, as of my last inquiries. REALLY A SHAME, BECAUSE OTHERWISE BEST BUY IS USUALLY A GOOD PLACE TO BUY PRODUCTS [SANS THE REBATES.]

Posted by: brucerealtor | September 20, 2007 1:01 AM | Report abuse

This is much welcome news. I own my information -not these companies. It should not cost me one penny to freeze or thaw my information. It takes them all about two seconds to push a "submit" freeze/thaw button in their databases to apply the changes. Certified mail??? What a joke -who are the idiots that let these type of BS rules/laws pass? They make money by selling my information and now they want to charge me for "securing" it. How come we don't see any of their profits? Do these new freeze/thaw laws prevent them from selling my information without my consent? Do they think we are stupid? Virginia needs to wake-up from its backward self and defend its residents.

Posted by: Brian from Alexandria | September 20, 2007 7:43 AM | Report abuse

If you take someone's picture, you can't use it in an ad without paying them.

If you make a movie about someone's life and there are people still living who are part of the story who are not public figures, lawyers make the producers procure rights wavers.

But if you collect information on my financial history, correct or incorrect, you can sell it without my permission.

Why the free pass. Shouldn't we get a cut whenever our lives are bought and sold?

Still waiting for the check.

Posted by: KDT | September 20, 2007 10:00 AM | Report abuse

One unfortunate way to abuse this sort of capability is for someone to freeze some else's credit records, which in turn explains why the need for certified mail. It is a common thing during acrimonius divorces and such. So, while a credit freeze/thaw capability is long overdue, and while I agree with all of those who think we should not have to pay for control over our own credit records, I think the laws need to consider the controls which need to be in place so this doesn't generate a new type of problem. Freezing someone else's credit at a crucial timne, like during a home purchase or other such thing, can really screw up someon's life.

Posted by: Gardog | September 20, 2007 10:44 AM | Report abuse

I'll not repeat the first 8 comments here: They are all of good, thoughtful merit (especially SayWhat).
I feel that what should happen, VERY SOON!, in all 50 states and DC the freeze/thaw process should be FREE.
Hmmm: See how FREEze relates? :)

Posted by: PeteBB | September 20, 2007 11:27 AM | Report abuse

Bear in mind:
(1) Only 50% of all identity theft is credit related. There are many ways in which you can become a victim of identity theft even with a credit freeze. There are 38 different documented types of identity fraud, and the list is growing.
(2) A fraud alert on your credit file or credit freeze does not prevent the takeover of existing credit.
(3) Lenders are not required by law to observe an alert or a freeze, and many lenders don't pull credit reports -- such as payday loan companies and internet loan resources so an alert or freeze is ineffective.
(4) Some lenders will issue a denial of credit if there is an alert or freeze and you are not known to the lender or the decision is borderline. They take the "better safe than sorry" approach, so it can work against you if need to get legitimate credit.
(5) The criminal can convince the lender they are you -- after all, that's what identity theft is all about.

Ladies and gentleman -- there is no cure for identity theft and we are a LONGGG way from being able to thwart the criminals. Be wary of offers that sound too good to be true -- especially if they say they can prevent identity theft, even if there is a big $$ guarantee. Don't believe it, its all marketing hype. There are many legitimate companies helping people recover from identity theft, and then there are those that want to cash in by telling people what they want to hear -- that the problem can be prevented.

To opt-out of pre-approved credit offers call (888) 5-OPTOUT or (888) 567-8688. Its free.

Posted by: IDT Alliance | September 20, 2007 2:38 PM | Report abuse

I agree with the first poster. The backwards authentication makes this action next to useless.

Posted by: Anonymous | September 20, 2007 2:56 PM | Report abuse

Not defending the practice, just adding some info that probably should have been in the blog post: Typically, when you place a freeze they give you a PIN that you need to provide when if you later call to lift the freeze.

Posted by: Bk | September 20, 2007 3:14 PM | Report abuse

@IDT Alliance

"...and many lenders don't pull credit reports..."

"there is no cure for identity theft"

Hmmm... Now aren't those some interesting comments. Yes, there is a cure for _fraud_ (ID theft is just a bad moniker which has been attached to plain and simple fraud).

The cure is for those giving credit to actually _verify_ who they are giving it to. If a credit company, bank, etc. decides to give their money to an unverified entity, then they should be held fully liable for this risk when it turns out that they have been defrauded.

Today, these companies are allowed to, and are getting away with, pushing their poor identity/risk practices, and the resulting fraud, onto hapless consumers/customers who they can "pin" their loss to.

I can't wait for "ID theft" victims to start suing these credit companies, banks, etc. for attempting to pass the company's fraud losses onto consumers, and in many cases, their own customers.

The term "identity theft" was created as a way to have "identity theft victims", because if financial institutions actually called it was it is - _fraud_, people would be less likely to allow these financial institutions to pass the financial institution's fraud losses directly onto them, like they are now doing with "identity theft" losses.

Posted by: NoSuchThingAsIDTheft | September 21, 2007 10:30 AM | Report abuse

I think someone said "I think therefor I am." I know who I do business with. I know corporations are not human and uncapable of knowing anything. Only a corporate mind could concieve of the idea of "identity theft". Seems a business model of "mind of no mind". When a real person uses fraud to wrongfully take something he knows who he is and who he is not. The Evil here is the mindless corporation and the willingness of us all to allow a legal fiction to drive the "real" world to resorce wars and distruction.

Posted by: Anonymous | September 21, 2007 2:35 PM | Report abuse

Tired of getting junk mail that allegedly offers PRE-APPROVED credit cards in the mail.

You Can OPT OUT of getting this kind of junk mail for 5 years where ANY OR ALL of the 3 major bureaus has sold your information to credit card lenders.

The number to call is

888 5optout or

888 567-8688.

The process takes about 5 minutes and works very well for voice recognition software

Posted by: | September 23, 2007 1:40 AM | Report abuse

Many years ago, credit card holders were responsible for losses incurred by the card issuer as a result of fraud (someone oither than the holder of the card). Then the Congress passed a law limiting the card holder's responsibility to $50 and even that only in certain curcumstances. It only took a blink of an eye for the banks and credit card companies to put together verification and other processes that greatly reduced the incidence of the card fraud. Bet things would happen that quickly or quicker if the laws were similarly amended and issuers of credit understood that they, the issuers of the credit, would be responsible for their losses if they failed to properly verify the identity of the person seeking the credit.

Posted by: rh at | September 24, 2007 9:58 PM | Report abuse

I would welcome the ability to control access. I was recently denied a refinance option because of " too many credit inquiries in credit report"

Posted by: Terwillegar | September 25, 2007 10:19 AM | Report abuse

How about a simple mailing address. E-mails are just scams to get info?

Posted by: O. West | November 5, 2007 12:44 PM | Report abuse

I just came across your blog about Free Credit Score Reports and wanted to drop you a note telling you how impressed I was with the information you have posted here. I also have a web site & blog about Free Credit Score Reports I know what I'm talking about when I say your site is top-notch! Keep up the great work, you are providing a great resource on the Internet here!" Visit my website as well

Posted by: Mike Clover | December 20, 2007 10:05 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company