Is a fraud alert or security freeze better after a data breach?

I have to admit this first: My 25-year-old son Sammy asked for my advice. He’s a T-Mobile customer. He wanted to know if he should sign up for the two-years-free monitoring service — fraud alert — presently being offered by Experian.

I described to him the service ineffectiveness in fighting identity theft, and I recommended he initiate a credit report security freeze instead. Why? Let me explain.

Another data breach

T-Mobile uses Experian, a credit reporting agency, as a vendor that processes their clients’ credit applications. Last week, T-Mobile informed their customers that on Sept. 15, a hacker accessed an Experian server that holds data of T-Mobile customers and other organizations.

The hacked server stores the records of approximately 15 million T-Mobile customers. This includes new applicants requiring a credit check for service or device financing from Sept. 1, 2013 through Sept. 16, 2015.

The data breach included Sammy’s name, date of birth, address, as well as encrypted fields of his Social Security, driver’s license numbers and other information used in T-Mobile’s own credit assessment.

What “fraud alert” (monitoring services) do

Not very much, however, for a monthly fee of $9.95 or more, the contracted credit reporting firm will be the first one to tell you that you have been hoodwinked.

What actually happens is an electronic alert is sent to a customer indicating that a credit inquiry has been initiated. A credit freeze would not have allowed for an inquiry to be generated in the first place. With the exception of existing creditors, no one without the consumer’s permission will have access to the credit file to open a new account — period.

What a “credit report security freeze” does

Let’s remind ourselves about the hundreds of millions of people — including federal employees’ personal data — stolen so far this year. However, this time is different. The supreme guardian data’s has been breached. My son is at a loss on who to trust with his personal information.

In my recent story regarding identity theft, I reached out to Peter P. Kaplan, Federal Trade Commission (FTC) Deputy Director Office of Public Affairs to explain the difference between monitoring services (fraud alert) or a credit freeze to limit one’s exposure to identity theft.

His response couldn’t be any clearer:

“A credit freeze will make it near impossible for a thief to open a new account because creditors will generally not extend credit unless they have access to a consumer’s credit report. Blocking access effectively blocks new accounts.

“Fraud alerts are also a useful tool but do not necessarily block new accounts. Fraud alerts require the potential creditor to take reasonable steps to verify the debtor’s identity, but do not necessarily block new accounts.”

Straight to the source: asking Experian

Since Sammy’s personal data is on the street, I reached out this time to Susan Hansen, vice president public relations at Experian, for more and clearer answers.

I asked if Sammy selects the free two-years monitoring, does it also cover the data at Equifax and TransUnion? Susan replied with a definite yes.

However, the second question I asked was if Sammy selects a free credit freeze instead of fraud alert, who pays the freeze fees to Equifax and TransUnion? I was told that a consumer can only get a free credit freeze if he or she is a victim of identity theft, not just part of a data breach. Interesting.

I also asked Hansen why a California resident must pay a $10 fee per agency for a credit report freeze, but it’s free in Colorado, Maine, New Jersey, New York, North Carolina and South Carolina. I was referred to state laws and policies regarding fees.

To date, I failed to learn the criteria behind price variance. It could be the lobbyists’ success. Not sure yet.

Other providers of monitoring services

The three credit reporting agencies (3 CRAs) are not the only players in the monitoring services circus. Take LifeLock, for example. The company continues to make deceptive claims in spite of $12 million dollars in fines by the Federal Trade Commission (FTC) and 35 states to settle charges that their ID theft protection and security claims were false.

Let’s do a little math. Today, LifeLock has more than 3 million mislead subscribers with an average monthly fee of over $20. That’s (3 million)( $20)(12 months) = $720 million annually. A one-time fine of $12 million is irrelevant.

A goldmine for CRAs

Your personal data — and mine — are the 3 CRAs inventories. Our historical data cannot be measured in monetary value. It’s truly priceless, regardless of our credit reputation.

Sammy’s non-public personal information (NPPI) might be dormant today.  However, it will be sold on the black market again and again — for life.

A credit freeze prohibits the 3 CRAs from sharing and selling our data.

With a credit freeze, a person will be given a PIN (personal identification number) number to open and close access to their credit file on line. Within 15 to 30 minutes, the credit file becomes accessible to a specific creditor of your choosing or could be opened for a specific period of time. Amazing.

This gives consumers direct control of their historical data at Experian, Equifax and TransUnion.

The question today: will consumers ever take control of their credit profile management as they do with banking? Sadly, the Consumer Financial Protection Bureau (CFPB) presently has more pressing priorities.

A number of lawsuits are now hitting T-Mobile and Experian, some seeking class-action status with one complaint that notes their data is already for sale online.

Sammy declined the free two-year-monitoring service and has placed a credit report security freeze with Experian instead — for free.  He’s now in the process of seeking the same from the other two CRAs, again for free.

I encourage you to educate, empower and prosper.

Nabil Captan is the founder and CEO of Captan and Company. You can follow him on Twitter @nabilcaptan or on LinkedIn.

Email Nabil Captan.