Friday, October 5, 2018

Experian Security Flaw Exposed PINs Needed to Unfreeze Credit Profiles

Image result for experian pin

With identity theft and consumer fraud constantly on the rise, every potential security breach is important for consumers to know about. All consumers, even those without credit cards, should constantly be prepared, and on the lookout for signs that they may be the targets of fraudulent activity. Recently, it was discovered that one credit reporting agency, Experian, had an overlooked security flaw that allowed criminals to access a consumer's PIN. According to Liz Weston's article, this failure of security has since been addressed, but for several hours this week, pretty much every person's credit profile was at risk.

If someone is the target of a cybercriminal and discovers that fraudulent activity has happened on their account, the first step they tend to take is freezing their credit so that more fraud can't happen in the time it takes to investigate the original fraud. This isn't an ideal solution, as some people who live paycheck to paycheck rely on their credit to survive, but overall, it's the best option currently available, as many consumers can go a few weeks without borrowing money from a lender or charging expenses to a credit card. In order to undo the freeze, to make the user's account accessible once the fraud issues have been cleared up, a user usually has to input a PIN code online and answer a few security questions.

This type of system, while convenient to the consumer who needs to unfreeze their credit as quickly and easily as possible, has its downsides too. The main issue with this system was revealed this week. In order to get into someone's account without their PIN code, a criminal would need to know certain financial information like name, Social Security number, date of birth, and street address (all of which can be purchased illegally through the dark web from criminals who had previously hacked companies like Equifax). Additionally, the hacker would usually have to also answer security questions that only the real user would know the answer to (name of a favorite teacher, favorite foods, etc). However, this Thursday, it was discovered that if a hacker (or any user, really) answered "none of the above" to the security questions (even if the correct answer was available to choose), the system would allow the unapproved user access, which could enable them to unlock a frozen credit profile.

Some users tested out the security flaw themselves to see if they could trick the system into giving up their PIN, and found that they succeeded quite easily. After broad public backlash, Experian announced this week that they were confident of the security of everyone's credit information, but is still working on making things even more secure to improve customer satisfaction. Late in the afternoon, users began to find that the security flaw had stopped working, a positive sign for worried consumers. However, as these issues keep arising and credit companies don't fix the security issues until after the fact, many consumers believe that the credit agencies don't have their customers' best interests at heart. However, there isn't much a consumer can do right now except be vigilant and keep insisting that credit agencies continue improving security.

Find out more about us at Any Questions? Contact our Escrow Expert! Sepulveda Escrow Corporation (818) 838-1831. Follow our company on FacebookTwitterLinkedIn, and Google+.

No comments:

Post a Comment