Identity Theft and The Safety Of Your Personal Data

The 2021 Credit Score Guide – Chapter Six

A vital part of improving your credit score is keeping an eye out for any identity theft you could have been a victim of. The easiest way to spot identity theft is to check your credit report regularly and look out for any suspicious or unknown entries. This article will help you understand more about identity theft, how to prevent it and what to do if you’re a victim.

A woman checking her personal credit information after receiving notice of fraud scoring

Article Highlights:

In this article, we look at the role credit reference agencies play in preventing fraudulent credit applications. Have you ever heard of the National Hunter organisation? We explain what it is, what it does and how to access its records about you. We also tell you what you should do if your identity has been compromised or you might be vulnerable to identity theft and how credit reference agencies and Cifas can help.

Unfortunately, there’s another side to this issue. The very fact that credit reference agencies compile a great deal of personal data about us makes them an obvious target for hackers. In light of recent data security breaches at two of the UK’s main credit reference agencies, we explain what they’ve done to address this issue and how the GDPR (General Data Protection Regulation) changes how they deal with security breaches.

Combatting identity theft

According to Cifas (the UK fraud prevention service), identity theft is now reaching epidemic proportions with an estimated 500 cases reported every day. Credit reference agencies are at the forefront of the fight against identity theft. With an estimated 88% of fraudulent credit applications made online, the role of credit reference agencies is more important than ever before. Are you concerned about your personal data when applying for credit? Read our essential safety checklist when applying for loans online.

When a credit application is made, it’s of course standard practice to check someone’s credit rating. However, what is less well-known is that lenders also look for inconsistencies in the credit application. How do they do this? By using the services of National Hunter. Unlike credit reference agencies, this organisation isn’t a household name. Let’s see what it is and what it does.

Identity theft is now reaching an estimated 500 cases reported daily

National Hunter – What is fraud scoring?

Set up in 1993, National Hunter is an anti-fraud data-sharing organisation. Although it’s owned jointly by banks and building societies, it’s run by Experian and deals with 100,000 credit applications a day.

The role of National Hunter is to look for any “clear discrepancy between information provided by the consumer and information found, or not able to be found or verified elsewhere.”

This is quite a vague aim and means that it’s prone to more errors than credit reference agencies. All the information contained in their database has been provided by consumers themselves in previous credit applications. The organisation contains no credit scores, credit histories nor data from third parties.

How does National Hunter operate?

Inconsistencies could be as simple as giving a different job title or a sharp fall or increase in your salary. When the system spots such discrepancies, it triggers a red flag warning. It’s been estimated that 1 in 10 credit applications are tagged in this way.

Once this happens, the application is checked manually. Lenders can then ignore the warning or carry out further checks on the applicant’s identity. It isn’t a reason for turning down a credit application out-of-hand. Since 2009, lenders must inform you if fraud scoring has been a contributory factor in their decision to refuse credit.

For £10, you can make a data protection request and see a copy of your National Hunter file. Any errors on your file can’t be altered by the organisation itself. Instead, you must ask the credit provider or lender to change any inaccurate information about you.

What to do if you become a victim of identity theft

It has been estimated that if you don’t check bank or credit card statements for unfamiliar transactions and check your credit report regularly, it can take a victim of identity theft up to 292 days to realise that they’ve fallen victim to fraudsters. Apart from the emotional toll, it can take up to 300 hours to set the record straight and correct your credit report and liaise with financial institutions.

So what should you do if you find yourself a victim of identity theft? You should first report the matter to the police and contact all lenders or credit providers. Credit reference agencies co-ordinate in cases of identity theft so you would only need to contact one of them as your details will be shared.

A man who is taking measures to protect his personal identity online

Preventative measures to avoid identity theft

You could take measures to avoid becoming a victim of fraud. The Cifas Protective Registration Notice can be added to your credit file. This costs £20 for 2 years and has to be renewed when it elapses. When prospective lenders see the notice, it acts as an alert that greater security measures need to be taken with subsequent credit applications. This means you’d be asked to provide further proof of identity, for example.

All credit reference agencies also run their own individual schemes to protect consumers. These schemes monitor your credit report and alert you by text message or by email when credit applications are made in your name.

Data breaches at credit reference agencies

The UK’s two largest credit reference agencies have both been hacked over the past few years. Experian had a data breach in 2015 although most of the details hacked concerned around 15 million Americans.

Equifax recorded a relatively small data breach in April 2013-January 2014. However, the one that made newspaper headlines was the revelation in September 2017 that nearly 700,000 UK customers had data such as names, dates-of-birth, email addresses, phone numbers accessed earlier in the year (May-July 2017).

The UK’s two largest CRAs have both  been hacked over the past few years

In all cases, credit reference agencies have offered their customers free access to credit monitoring services for as long as 2 years – whether their data was hacked or not. Many people complain that this is a public relations gimmick. Their main concern is that like many other data breaches, they delay far too long in letting customers know that their personal details have been compromised.

The implementation of the GDPR since May 2018 has put an end to companies dragging their feet about letting their customers know of data breaches. Not only do they have to have a contingency plan for damage limitation in place but they also have to make the breach public knowledge within 72 hours of its discovery. Fines for non-compliance are much heavier than the IOC has ever been able to impose.

Conclusions about identity theft and your personal data

There’s much that we can do as individuals to reduce the risks of becoming victims of identity fraud. However, much of the responsibility lies in the hands of those who hold data about us. Organisations like National Hunter, Cifas and the 3 main UK credit reference agencies themselves can do a lot to prevent identity theft.

Identity theft FAQs:

How can you check if your identity has been stolen?

To check whether your identity has been stolen, you should start by requesting a copy of your credit report from all credit reference agencies so that you may check for any suspicious credit applications. If you find any irregular activity on your credit file, you should proceed to report the theft of your documents and illicit credit applications to the police, and hold on to the provided crime reference number. You should then proceed to contact CIFAS, which is a fraud prevention service in the UK, in order to apply for protective registration.

How can you protect yourself against identity theft?

To best protect yourself against identity theft, you should avoid opening or responding to phishing or spam emails. You should shred your personal documents before discarding them. Crucially, you should avoid sharing many personal details on social media, as identifiable personal information can lead to online identity theft. You should review your financial statements often for any suspicious activity. You must also create strong passwords for your online accounts, change them often, and make sure that you never write them down, as they may then be physically stolen.

Can a bank give out your personal information?

According to bank regulations regarding the protection of your personal and a href=”/consumer-spending/fraud-protection/fraud-protection-how-to-stay-safe/”>financial related data from fraud, they must protect these. However, there are certain exemptions to this rule, in case of a criminal investigation into financial information. Banks are legally obliged to secure customers’ personal information, confidentially, whether this regards current or former clients.

Enjoyed this article? Continue to Chapter 7

Jump To A Category

Quick Read: Money Magazine