Experian - easy access to my credit file and non exisitent person created

[Dipply75]

I have just had a blazing row with Experian about their credit expert 'service'. I opened an account with them few weeks ago to start sorting out all the mess - all going fine. My partner goes online the other night to do the same thing - fills in HIS details (obviously), DOB etc. Message appeared saying further checks being done and they will e-mail him a PIN.

 

OK - PIN arrives in a letter addressed to Me but a MR Me (I am female and always have been). V strange. OH logs in with HIS username, password and this new pin and OMG....up comes MY credit file, listed as Mr Me, with my OH's DOB as a new account!

 

Phones Experian and am dismissed, told it is not a problem, it was just my OH putting the wrong NAME in the application. I argue that he DIDN'T, and anyway, his DOB different etc - security checks at all? He wouldn't discuss it with me, had to be OH, even though his name is different (?)

 

Phones again today - 1st monkey - it's not our fault, this wouldn't have happened if the right name had been put in (actual quote). Hello, security checks?

 

2nd guy (not a monkey, was v nice actually) explained that because the name did not match up with the DOB the security check was sending out the pin no......what???

 

So, basically - they are saying my OH entered my name in error (DIDN'T) but filled in all his other details ok, to which they sent a pin no, which, using the username and password he created, gave full and instant access to MY credit file. Apparently, because the name and address matched, the system allowed it.

 

So there is now a credit file for a ficticious person, with my credit file on it, and all you need to create that is..to know my name, my address and be able to access my mail. Thats IT.

 

Oh, and they do not save the applications to prove/disprove mistakes....or even attempted fraud then?

 

So, another person exists in tinterweb world with their own credit file - can you create a new ID from that, seriously??

 

I am so concerned about this....and just RAGING mad

 

Oh, ICO says complain in writing and give them 28 days to reply. Ho hum

[JonCris]

If they don't retain the 'evidence' that's their fault not yours

 

"Sending out the pin is a security check" Yeah right....... you've got to get them to put THAT in writing

[Dipply75]

I know lol, sending a pin out to the same address that applied is a security check! whats got me thinking now is, if I were to send a full SAR, would I get the info relating to the MR me (with other DOB), as this person does not exist! As the info setting up that account is the proof they made a mistake.

 

Have to sit and think how to word the complaint properly......

[JonCris]

Try I think of a way to get them to confirm their 'security' checks involve sending out pins

[Dipply75]

Yes, I think I will ask for an explanation of the security checks in place to protect my info and the security process this application went through, ie how they could send a pin to a make believe person, why was my file published on another account when I already had one with them etc.

 

According to them it is a security check as if the fraudster lived say 100 miles away, he couldn't access my mail. tutut.

 

So, if I had a lodger, exchange student or anyone staying for a while, if I had a dodgy neighbour, postie, or how hard is it to re-direct mail for a few days?

 

Mmmm, will have to look into that thought. They are using standard Royal Mail as a security check? This is an ideal opportunity to highlight some serious security concerns publicly

[Dipply75]

Quick update, and a laugh. Post just came with a letter addressed to Mr & MRS Dipply from Experian............Mr Dipply has informed us he has a financial association with you Mrs Dipply and we will record this on your file......

 

I have went from being Miss Dipply, with partner to Mrs Dipply - married to myself (male and 3 years younger).

 

Fantastic. There is now a non existent person telling experian I am financially linked to them - and they will record this on my file. And no-one still notices that the credit files on BOTH accounts are almost identical.....

 

POP QUIZ - are their systems completely automated with just no security?

 

Warning - this is the CRA that can give full access to your info with a typo, that can create a non existent person without even realising it, who can then change your report,that, after 5 phone calls, still hasn't done anything about it, couldn't care less my file was shared with someone else and has still not even apologised, that asked ME what was to be done with the fake account, that were still going to charge my credit card for the account!!!

 

GGGGGGGGGGGGGGRRRRRRRRRRRRRRRRR - biting down on the bad bad words:mad:

 

Sorry to rant:o, but for gods sake, I have enough to deal with without complete bloody nonsense like this happening

[JonCris]

How you have 'THAT' letter as proof of their idiocy report them to the ICO

[Dipply75]

I remember reading on one of the posts that if you disputed info on your credit file the CRA had 30 days to verify it - if they couldn't verify it within the 30 days they had to remove it?

 

Can anyone confirm or deny this?

[Dipply75]

Previously posted by an rep from Experian - On the consent issue: lenders' credit application forms include what we call 'fair obtaining clauses' which should appear next to where you sign and which obtain your consent to process data in the ways cited (the clauses will vary from lender to lender). This will include obtaining your permission for them to check the data on your credit report at one or more CRAs.

 

You'll find details of the guidance we give to lenders about this on our website, here:

 

Fair Obtaining Clauses | Experian UK

 

Before we allow lenders access to our database we will check that their clauses are satisfactory to make sure all the necessary consents are being obtained.

 

James

 

This along with Experians statements that if you dispute an entry, they will contact the lender to examine their data. They claim to provide an ACCURATE picture of a consumers financial standing - yet make no accuracy checks on the info provided? To me that is False Advertising.

 

Now, we have all been through the ridiculous game where you dispute the data - Experian contact the lender and the lender says....It was right. Thats it.

 

I challenge Experian to prove they actually checked these clauses,(over thousands of lenders and again when these clauses were updated/renewed), checked that agreements containing the said permissions above actually existed and were actually signed by the consumer (especially for a DCA or tracing companies access), and last but certainly not least, anytime they have actually checked PAPERWORK relating to a dispute as they state - and not just accepting the 'heresay' of the lender. :grin:

I have solid proof that this was not done on numerous occasions on mine, even though I was told they did. Does anyone have an example of actual checks being done?

 

I don't think so - these lenders, DCA's, tracing agents etc etc access our files WITHOUT having to prove consent or the info they leave, then mark them - yet WE have to do all the proving/disproving. Just as Tinkerbelle said:

 

Originally Posted by Tinkerbelle

How about the CRA's operating a policy of innocent until proven guilty, as opposed to guilty until proven inocent ?

 

Anyway - Experian/JamesJ - challenge is above - can you?

(BTW - I don't just mean the mainstream lenders - I mean all the different types of company you allow unlimited full access)

[Dipply75]

Just jumped out at from JamesJ's statement - they claim to check lenders credit APPLICATION forms - their templates then. Not AGREEMENTS, proving there is an account/debt and that YOU have given consent.

 

So he has claimed that they obtain your explicit consent from lenders by agreeing the wording is on their application templates is sufficient??

 

That is a clever trick - is that psychic paper then - it knows who will be signing it in the future? And what consents could DCA's or tracing agents provide?

 

You are digging yourselves a hole Experian.....and I see you are using your own shovels:D

[Dipply75]

Oh, and get this - I checked on that bogus credit file to see if they have closed it? *sigh*. My info is removed but they have left an open file in the name of Mr dipply (with his very own DOB), listed on the electoral register, with a completely clean credit file!!!

 

E-mailed my disbelief to them