- Joined
- Aug 20, 2006
- Messages
- 13,000
Krebs on Security warns that Experian has made it easy for anyone to request the PIN needed to unlock a previously frozen credit file: some of the “hurdles” merely involve knowing the person’s name, address, date of birth, and social security number, all of which have been jeopardized in countless breaches. There is additional authorization in the form of challenge questions, but the answers to these are now indexed or exposed by search engines, social networks, and third-party services online — both criminal and commercial.
Crooks and identity thieves broadly have access to the data needed to reliably answer KBA questions on most consumers. That is why this offering from Experian completely undermines the entire point of placing a freeze. After discovering this portal at Experian, I tried to get my PIN, but the system failed and told me to submit the request via mail. That’s fine and as far as I’m concerned the way it should be. However, I also asked my followers on Twitter who have freezes in place at Experian to test it themselves. More than a dozen readers responded in just a few minutes, and most of them reported success at retrieving their PINs on the site and via email after answering the KBA questions.
Crooks and identity thieves broadly have access to the data needed to reliably answer KBA questions on most consumers. That is why this offering from Experian completely undermines the entire point of placing a freeze. After discovering this portal at Experian, I tried to get my PIN, but the system failed and told me to submit the request via mail. That’s fine and as far as I’m concerned the way it should be. However, I also asked my followers on Twitter who have freezes in place at Experian to test it themselves. More than a dozen readers responded in just a few minutes, and most of them reported success at retrieving their PINs on the site and via email after answering the KBA questions.