Your Money: Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees for 30 Days

This post was originally published on this site

https://static01.nyt.com/images/2017/09/13/business/13money1/13money1-moth.jpg

Your Money

By RON LIEBER

You howled in protest, and Equifax had no choice but to respond.

On Monday, the company said on Twitter that it would waive all fees for the next 30 days for people who want to freeze their Equifax credit files.

Before that, many of those who tried to set up freezes after Equifax disclosed a breach of up to 143 million Social Security numbers, birth dates and other personal data discovered they had to pay for the privilege. And they weren’t happy about it.

It’s a logical reaction: You didn’t ask Equifax to vacuum up data about you, and then resell it to marketers and loan sellers. And it isn’t your fault that the company couldn’t keep that data safe. So why should you pay for a freeze, which keeps new creditors from seeing your credit file and thus can keep thieves from applying for credit in your name?

Somehow, that question did not occur to Equifax on Thursday, when it first announced the breach. It apparently thought a year of free credit monitoring would be enough to placate consumers. When I asked Equifax on Sunday why it wasn’t making freezes free, Wyatt Jefferies, a spokesman, did not respond to that particular question.

Here are all the other questions I’ve now asked Equifax. I’m still waiting for replies.

1. Will temporarily lifting a freeze also be free for the next 30 days, or just the placing of a freeze?

2. Why not make freezes and the lifting of those freezes free permanently for everyone?

3. Failing that, why not make freezes and thaws free permanently for everyone whose data was stolen in this instance or, for that matter, anytime in the future?

4. Why not pay Experian and TransUnion, the two other large consumer-credit reporting agencies, to freeze the credit files connected to every victim of the most recent Equifax breach? After all, that breach makes people vulnerable to thieves who apply for credit in victims’ names with lenders who only check applicants’ credit histories with Experian or TransUnion.

5. Will you automatically refund freeze fees that people have paid since Thursday? (No, those people should not have to ask for refunds; they should simply get them.) If not, do you object to people disputing those charges with their credit card companies, given that you have now reconsidered whether collecting these fees is appropriate?

I also asked Equifax for a second time what phone number people should call to request a new PIN for thawing their freezes. On Sunday, Mr. Jefferies told me the company would stop issuing PINs based on the date the freeze was initiated and would instead issue new PINs to anyone who wanted to replace the old ones. It is not clear, however, exactly how consumers can do this.

Several of you have asked via email (lieber@nytimes.com, please keep the questions coming) and Twitter (@ronlieber) about TransUnion’s free TrueIdentity product, which the company is pushing on consumers who are considering a freeze. The company sure seems to want people to sign up for that product instead of freezing their files.

It’s not clear whether the mechanism TransUnion says it uses to “lock” files with that product provides the same protection as a freeze, or whether it is a lesser form of protection meant to shield TransUnion from some regulatory or legal perspective. It is also unclear whether consumers’ use of the TrueIdentity product would make it easier for TransUnion to continue selling those consumers’ data, in the same way that Equifax and Experian do. I have repeatedly asked a TransUnion spokesman, David Blumberg, for clarification, but I have not received it yet.

I’m also waiting for answers about whether TransUnion and Experian will also make freezes free for a period of time as Equifax has done (or forever, for everyone, as all three agencies should do).

In a statement on Monday on a website that Equifax created to deal with the most recent breach, the company included this: “We are listening to issues consumers have experienced and their suggestions. These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process.”

Translation: They fell short, far short, even though they had weeks to prepare themselves for the reaction. They know it. And the correct response from all of us is a full-throated roar that is anything but patient.