The UK Credit Score Guide 2018
Security of our personal data is a worry in the era of the Internet. In this article, we look at the issue in depth with information about:
- Combatting identity theft
- National Hunter and what fraud scoring is
- How National Hunter operates
- What to do if you become a victim of identity theft
- Preventative measures to avoid identity theft
- Data breaches at credit reference agencies
In this article, we look at the role credit reference agencies play in preventing fraudulent credit applications. Have you ever heard of the National Hunter organisation? We explain what it is, what it does and how to access its records about you. We also tell you what you should do if your identity has been compromised or you might be vulnerable to identity theft and how credit reference agencies and Cifas can help.
Unfortunately, there’s another side to this issue. The very fact that credit reference agencies compile a great deal of personal data about us makes them an obvious target for hackers. In light of recent data security breaches at two of the UK’s main credit reference agencies, we explain what they’ve done to address this issue and how the GDPR (General Data Protection Regulation) will change how they deal with security breaches.
Combating identity theft
According to Cifas (the UK fraud prevention service), identity theft is now reaching epidemic proportions with an estimated 500 cases reported every day. Credit reference agencies are at the forefront of the fight against identity theft. With an estimated 88% of fraudulent credit applications made online, the role of credit reference agencies is more important than ever before.
When a credit application is made, it’s of course standard practice to check someone’s credit rating. However, what is less well-known is that lenders also look for inconsistencies in the credit application. How do they do this? By using the services of National Hunter. Unlike credit reference agencies, this organisation isn’t a household name. Let’s see what it is and what it does.
National Hunter – What is fraud scoring?
Set up in 1993, National Hunter is an anti-fraud data-sharing organisation. Although it’s owned jointly by banks and building societies, it’s run by Experian and deals with 100,000 credit applications a day.
Set up in 1993, National Hunter is an anti-fraud data-sharing organisation that is owned jointly by banks and building societies.
The role of National Hunter is to look for any “clear discrepancy between information provided by the consumer and information found, or not able to be found or verified elsewhere.”
This is quite a vague aim and means that it’s prone to more errors than credit reference agencies. All the information contained in their database has been provided by consumers themselves in previous credit applications. The organisation contains no credit scores, credit histories nor data from third parties.
How does National Hunter operate?
Inconsistencies could be as simple as giving a different job title or a sharp fall or increase in your salary. When the system spots such discrepancies, it triggers a red flag warning. It’s been estimated that 1 in 10 credit applications are tagged in this way.
Once this happens, the application is checked manually. Lenders can then ignore the warning or carry out further checks on the applicant’s identity. It isn’t a reason for turning down a credit application out-of-hand. Since 2009, lenders must inform you if fraud scoring has been a contributory factor in their decision to refuse credit.
For £10, you can make a data protection request and see a copy of your National Hunter file. Any errors on your file can’t be altered by the organisation itself. Instead, you must ask the credit provider or lender to change any inaccurate information about you.
What to do if you become a victim of identity theft
It has been estimated that if you don’t check bank or credit card statements for unfamiliar transactions and check your credit report regularly, it can take a victim of identity theft up to 292 days to realise that they’ve fallen victim to fraudsters. Apart from the emotional toll, it can take up to 300 hours to set the record straight and correct your credit report and liaise with financial institutions.
So what should you do if you find yourself a victim of identity theft? You should first report the matter to the police and contact all lenders or credit providers. Credit reference agencies co-ordinate in cases of identity theft so you would only need to contact one of them as your details will be shared.
Preventative measures to avoid identity theft
You could take measures to avoid becoming a victim of fraud. The Cifas Protective Registration Notice can be added to your credit file. This costs £20 for 2 years and has to be renewed when it elapses. When prospective lenders see the notice, it acts as an alert that greater security measures need to be taken with subsequent credit applications. This means you’d be asked to provide further proof of identity, for example.
All credit reference agencies also run their own individual schemes to protect consumers. These schemes monitor your credit report and alert you by text message or by email when credit applications are made in your name.
Data breaches at credit reference agencies
The UK’s two largest credit reference agencies have both been hacked over the past few years. Experian had a data breach in 2015 although most of the details hacked concerned around 15 million Americans.
Equifax recorded a relatively small data breach in April 2013-January 2014. However, the one that made newspaper headlines was the revelation in September 2017 that nearly 700,000 UK customers had data such as names, dates-of-birth, email addresses, phone numbers accessed earlier in the year (May-July 2017).
In all cases, credit reference agencies have offered their customers free access to credit monitoring services for as long as 2 years – whether their data was hacked or not. Many people complain that this is a public relations gimmick. Their main concern is that like many other data breaches, they delay far too long in letting customers know that their personal details have been compromised.
The implementation of the GDPR later in the year (from May 2018) will put an end to companies dragging their feet about letting their customers know of data breaches. Not only will they have to have a contingency plan for damage limitation in place but they’ll also have to make the breach public knowledge within 72 hours of its discovery. Fines for non-compliance are much heavier than the IOC has ever been able to impose.
Conclusions about identity theft and your personal data
There’s much that we can do as individuals to reduce the risks of becoming victims of identity fraud. However, much of the responsibility lies in the hands of those who hold data about us. Organisations like National Hunter, Cifas and the credit reference agencies themselves can do a lot to prevent identity theft. Let’s wait to see if there’s any difference in data protection when the GDPR comes into effect on May 25th 2018.