Jump to content
Member? but forgot everything, can't log in... Frozen out??? ×

THIS IS A POLITICS-FREE ZONE.

What consumer actions actually get CRA's attention?

DiamondEye

By DiamondEye,
in Credit Forum

 Share

Recommended Posts


hdporter

hdporter

Posted
Posted

I maintain that the best initial course of action re inaccurate reporting is to bypass the CRA's entirely and go to the source:  the creditor.

If you're trying to effect a reporting change that the creditor doesn't support, you're in for an uphill battle.  Generally speaking, you're more likely to convince a creditor to revise reporting, than a CRA.

 

There is a widespread misconception re CRA's:  namely that they're a neutral party.  And, when there's a dispute with what's been reported by a creditor to the CRA, most make use of the readily accessed dispute facility to request a correction from the CRA.  Be sure you understand that the key revenue source of each CRA is from reporting fees paid by creditors.  Consumer report fees are a relatively weak supplement to that.

 

The CRA has just one initial obligation when confronted with a dispute ... return to the creditor and ask them to verify the current reporting (relaying a modest snippet, if that, of your dispute).  Guess what the outcome is 99% of the time?

 

Now comes the uphill battle -- when you assert that the creditor is incorrect in what they continue to assert is accurate.  When presented with hard evidence of the inaccuracy (say, statements, check copies, etc.), the CRA is expected to investigate the dispute more closely and make a finding.  Sometimes you hear where consumers prevail with such extended disputes; most often you hear of their continued frustrations.  On an exceptional basis, you hear where a consumer persists to the point of a court case ... sometimes winning with the CRA slapped down hard.  (But such stories only arise every 5+ years or so.)

 

---------------

 

As a consumer you have the leverage of the FCRA, which can be strong when exercised effectively.  Unfortunately, I see some attempts to "righteously" assert FCRA rights in a manner that makes me cringe.  But, not having been in such shoes, that's merely reflective of opinion.  And, to that end, I am limited in my practical advice in response to your query (although I believe this input is valuable).

 

I suggest that if circumstances warrant more than carefully worded inquiries and, instead waging a limited "battle", that you don't do so "half-cocked".  If there's something of substance at stake, don't be hesitant to pay up for some informed legal advice.

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted

hegemony, my post was sufficiently clear, plus I stated my specific use case in a follow up post.  I don't know why you have to respond to posts with this kind of silly dismissive commentary all the time.  Seems like you could find something to snark about with every single thing anyone posts unless they're one of your buddies. Just stop.

Link to comment
Share on other sites
Wander907

Wander907

Posted
Posted (edited)

It is kind of sad they dont offer 2 factor authentication (Experian).  Would be nice to use either google, or microsoft or authy to have a second time expiring code to enter.  This is one of those things that always surprises me when I notice some large company not using it by now.   I seem to have to change passwords around yearly (every single time due to a data breach) but each site has a subtle code only I would figure out at the end of a common 10 digit random number (I end up generating a new one then imagining its a phone number and memorizing the 10 digits then add a special character then add in an additional 5+ digit code that is made from the site im at itself that way I cant forget it.  Even if a data breach gets one pass I still then remember all the others and none of the others are compromised.  Still prefer 2 factor though when possible.

Edited by Wander907
Link to comment
Share on other sites
hdporter

hdporter

Posted
Posted
On 8/28/2021 at 8:53 AM, DiamondEye said:

I have kind of a different issue.  My Experian login has been hacked, twice.  I got the email 8:48pm Eastern last night (Friday) of the email address change, and I'm apparently SOL until Monday.

 

Apologies for running with an assumption (tradeline disputes are the most common target of such a complaint).

 

A google search suggests you aren't alone in struggling with a login hack (and there's little discussion of success in dealing with this with Experian).  Since, inherently, a breach of your Experian account security is a form of identity theft, I suggest reaching out Experian's Fraud Division: 888-397-3742

 

Please report on your experience.

 

 

 

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted
4 hours ago, hdporter said:

 

Apologies for running with an assumption (tradeline disputes are the most common target of such a complaint).

 

A google search suggests you aren't alone in struggling with a login hack (and there's little discussion of success in dealing with this with Experian).  Since, inherently, a breach of your Experian account security is a form of identity theft, I suggest reaching out Experian's Fraud Division: 888-397-3742

 

Please report on your experience.

 

 

 

 

Thanks, What mystifies me is given that my email is 2FA and that is required for any password reset to get the reset link (none received), the only way they could get in is if Experian itself were insecure and they could get the password through other means.  I'll give that number a try to see if I can get anyone.  It seems that they roll up the carpets on the weekend (excepting of course the business sales department whose live person who refused to transfer me got an earful).  Will report back.

 

PS- They may have got in but the joke's on them because with 632 and 92% UT, hats off to them if they can successfully get someone to lend them a pen to fill out the application! ;) 

Link to comment
Share on other sites
hdporter

hdporter

Posted
Posted
4 hours ago, DiamondEye said:

PS- They may have got in but the joke's on them because with 632 and 92% UT, hats off to them if they can successfully get someone to lend them a pen to fill out the application! ;) 

 

Your concern may not be so much that they would open a fraudulent account, but instead manage to mess with an existing account such that it creates a headache for you.

 

Keeping my fingers crossed that the posted number brings a resolution to you.

 

 

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted
4 hours ago, hdporter said:

 

Your concern may not be so much that they would open a fraudulent account, but instead manage to mess with an existing account such that it creates a headache for you.

 

 

Yes they have already succeeded in doing that.   I tried the phone number, it showed up on my recently called list, tried it again, dead-end robomenu all directions.  Nothing to do but wait until tomorrow.  Just burns me that they have free reign over the account all weekend, but, it is what it is.  Thanks for your concern, will definitely report back tomorrow. 

Link to comment
Share on other sites
Wander907

Wander907

Posted
Posted

Another idea would be freeze all three bureaus if no resolution by tomorrow AM.  Thats easily achieved without a pass.  

https://www.experian.com/freeze/center.html

 

 https://www.transunion.com/credit-freeze

 

https://www.equifax.com/personal/credit-report-services/credit-freeze/

 

It may be silly of me but I actually do this every year from Halloween to 2 weeks past new years.  I consider it cheap insurance.

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted

Hi all,

 

So I did end up getting everything back, but it was a big hassle (a given) and I had to call the new business customer sales line (the only one where they actually want to speak to people) and get transferred to membership support.  From a little bit deeper digging, I don't think an Experian membership account can actually be secured, a cautionary note to all board members who also have an account.  Basically, all that's needed to get the username is to put the birthdate/social into the "obtain username" form.  This is laughably easy, this information is all over the dark web for basically everyone at this point.  Second, while they do offer Gmail login, thus allowing 2FA, it still maintains the Experian login, there's no way to turn it off and fully switch to only the Google login; so nothing is really improved.  I can say I don't know exactly the method, but the bottom line is they don't hack the password, they use known information to reset the password, and then they're in.  

 

The hacker really did a number on my account: they changed the username/pass/email/phone/address on the account.  They changed my address back to my old address because they are trying to line everything up on that address and probably access the physical mailbox.  Wile correcting everything, I actually was given the hacker's email address (which was my name and a couple numbers at gmail) because it was used as the username.  I actually emailed that email address, forwarding the password reset notification email and saying "Hey a**hole, I'm contacting the police."  I know they will see it (even though yes it's a bluff because the police don't care).  I also reported the fraudulent email address to Google.  Ironically, on one of the addresses one of the fraudsters put on my CHEX report was some address in Miramar, Florida.  I'm kind of wondering since I actually have a physical street address to go on (rare in ID theft cases) if there might actually be a point in opening a police report.  In my case it's a really high degree of bespoke targeting, not the usual bulk/low-effort stuff.  Very strange (and unsettling).

 

Anyway, my EX/EQ were frozen already, TU freeze had lapsed and they managed to pop off one app to Discover student loans, got the call this morning, called them back and reported fraud now gotta get the inquiry off.  Things had quieted down in July and I let the freeze lapse, reactivated it obviously. 

 

Good lord this whole system is broken...

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted
4 hours ago, centex said:

Late to the party here, but was it actually a true email FROM the Experian service?  I have seen more than one phishing email for a service that I actually used but where the email was NOT legitimate. 

 

 

 

Good question.  So, when I first got the email the first thing I did was go to the login page (by typing it in) and tried to log in.  My credentials no longer worked.  So, yes, the credentials including email had indeed been changed and the email alerted as such.  Also, the email didn't have any links, it just said that if this was not a requested change, email membership services, (with the written out email).  So I forwarded the email, and wrote out the email address, which is a valid email address, and all I put was my account was hacked I did not request this change.  

 

Link to comment
Share on other sites
hdporter

hdporter

Posted
Posted
6 hours ago, DiamondEye said:

From a little bit deeper digging, I don't think an Experian membership account can actually be secured, a cautionary note to all board members who also have an account.  Basically, all that's needed to get the username is to put the birthdate/social into the "obtain username" form. 

 

I hope you don't mind if I ask a couple of questions to clear my confusion on one point ...

 

I accept that you can retrieve a username in a relatively unsecure manner.  For that matter, where I use my email and that's publicly disclosed in numerous places, someone who wanted to hack my account need only try my email.  (Of course, sourcing a member username/email through the "forgot username" has the benefit of confirming that an account exists.)

 

But, in either case, it still takes a password to gain access to an account and make changes.  Now, that is protected by Experian either through 2FA or previously set responses to identity questions PLUS a PIN.  

 

It's not clear to me how they breached your account via Experian's password security.  I'm inclined to ask "if" (not assert anything) you use a fixed password with several sites.

 

Password breaches are common.  Prior to using a password manager and setting each login with a unqiue password, I've been notified of several databases that contain the 6 letter "universal" password I once used (something like 9+ years ago).  Where my login (again, a "universal" one) hasn't changed since that time, I occasionally am notified of failed login attempts on accounts.

 

Again, this password security risk may not pertain to you at all.  However, short of that, I'm don't quite grasp how your password was breached.  FWIW.

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted

Yes, I agree with your assessment and I am somewhat mystified as to how they got all the pieces needed to ultimately compromise the account.  When it was compromised previously it may have been using a reused password, but when I updated it, it was totally unique, randomized by LastPass.  Also, I had the maternal grandmother's maiden name, and an account PIN, which cannot be exposed, only reset, and they weren't.  This means, by my review, given they don't have access to my email, PIN or family maiden name info, they don't have enough information to access or request a reset.  The only thing I can surmise is that they somehow had a way of changing the account's contact email, and thus unraveled it from there.

 

Also, to wit, they went to town on TransUnion, 5 fraudulent inquiries over the last month.  TU advised that the account is being access by Credit Sesame (which I didn't open an account for), they're saying that I removed the freeze and that they won't remove the inquiries without a police report and perhaps not even then.  I live alone and have the usual antimalware/antivirus/defender running.  Only thing I can think is a root kit?

Link to comment
Share on other sites
TheVig

TheVig

Posted
Posted

What a nightmare. 
 

Yeah, might be time to wipe your computer. 
 

Also, I want to throw out something that is a possibility, rarely mentioned anywhere. I’m assuming you are using a WiFi router in your home?  About five years we had an employee that was going thru some shenanigans similar to yours. Wiping the pc didn’t work. Someone in our IT security mentioned maybe the malware, virus, etc is actually sitting in the router itself. He brings the router in and they went to town on it. Sure enough the router itself was hacked. Don’t recall the brand, but it was some low end model. Upon research, there was updates available for the router that addressed security issues that the owner of said router was unaware of or didn’t bother to update. 
 

Damndest thing. No one ever thinks it could be a router. 

Link to comment
Share on other sites
DiamondEye

DiamondEye

Posted
  • Author
Posted

As it turns out, that was Experian themselves at 5:40pm.  So strange because the new email they assigned to it was a gmail account.  I got it back yet again and then they said they were locking "me" out of it.  I have no doubt that I could go right back in and reset the account if I needed to but it's just not worth it.  It's a shame I think between the three they actually have the nicest website and I'm trying to improve my credit so it was helping me.  But I scanned for root kits, deep scan, below OS level, and nothing found so I think if EX says they locked it this time, then it was them.

Link to comment
Share on other sites
hegemony

hegemony

Posted
Posted (edited)
On 8/28/2021 at 2:13 PM, DiamondEye said:

hegemony, my post was sufficiently clear, plus I stated my specific use case in a follow up post.  I don't know why you have to respond to posts with this kind of silly dismissive commentary all the time.  Seems like you could find something to snark about with every single thing anyone posts unless they're one of your buddies. Just stop.

 

I'm sorry you don't think historical events by members trying to gain the favourable attention of the four major CRAs is worth remembering. If my post offends you, please use the report button.

 

CRAs are huge organizations. Interaction with one part may not "get attention" the same way as interaction with another part. Get it?

 

Your issue seems to be with EX's online consumer system. Are you able to see your EX report via the ACR site? FWIW, there is little reason to interact with the four major CRAs via their online consumer sites.

Edited by hegemony
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing



  • Member Statistics

    • Total Members
      186542
    • Most Online
      2046
    Sisterlock
    Newest Member
    Sisterlock
    Joined

About Us

Since 2003, creditboards.com has helped thousands of people repair their credit, force abusive collection agents to follow the law, ensure proper reporting by credit reporting agencies, and provided financial education to help avoid the pitfalls that can lead to negative tradelines.

Pages

×
×
  • Create New...

Important Information

Guidelines

  I accept