[DETRoadster]

Curious about people's thoughts on how best to protect their credit. After the big Experian data breach back in 2017, my wife and I paid to lock our credit down with each bureau. Cost us a little bit of money which sucks but whatever. We only ever apply for credit when getting a new car which is maybe every 5 to 7 years. Haven't needed any new credit since we locked ours down. So, long story short, it's been all good.

My wife got a letter in the mail today saying her application for a PayPal credit card had been denied because her credit is on lockdown. Of course, she never applied for a PayPal card. So someone is trying to open credit in her name and the freeze did its job. Great. But now what?

Question is, can we sit back and feel good that the attempt was thwarted? Or is there still risk? Should we be doing more like signing up for a monitoring service?

[2000cs]

Change your passwords. I’m thinking start with PayPal.

[RickFLM4]

I get those types of notices a few times a year since I froze my credit years back. Once your info is out there it will probably circulate forever. I also change passwords and try to avoid using the same password in multiple places, which is a PITA. I assume every place I have info is porous so I also try not to save info anywhere except Amazon and another place or two. Every time I report an attempt of fraud to a bank, etc. it is either ignored or they tell me to file a police report. I filed a police report once and there is nothing the police can or will do in the absence of an actual loss. So I just put things in a file. I do believe the problem originated with PayPal a long time ago.

I don't think these is a risk free solution except living off the grid. No credit, no bank, no ownership, etc. I can't do that. I'm also not sold on the value of paying the credit agencies or LifeLock for "protection" either. I had credit monitoring for a while but, not surprisingly, there were no new accounts since my credit is locked.

[DETRoadster]

Quote:

Originally Posted by 2000cs

Change your passwords. I’m thinking start with PayPal.

I dont think it's a password issue. If I had your PayPal account login and password, would I use that info to try to open a credit card account or would I use it to go on a shopping spree with the card you already have linked to your PayPal account?

[DETRoadster]

Quote:

Originally Posted by RickFLM4

I get those types of notices a few times a year since I froze my credit years back. Once your info is out there it will probably circulate forever. I also change passwords and try to avoid using the same password in multiple places, which is a PITA. I assume every place I have info is porous so I also try not to save info anywhere except Amazon and another place or two. Every time I report an attempt of fraud to a bank, etc. it is either ignored or they tell me to file a police report. I filed a police report once and there is nothing the police can or will do in the absence of an actual loss. So I just put things in a file. I do believe the problem originated with PayPal a long time ago.

I don't think these is a risk free solution except living off the grid. No credit, no bank, no ownership, etc. I can't do that. I'm also not sold on the value of paying the credit agencies or LifeLock for "protection" either. I had credit monitoring for a while but, not surprisingly, there were no new accounts since my credit is locked.

OK, thanks. It's the first such letter we've gotten and we were a little freaked out. Wanted to bounce this off some folks for feedback.

I'm approaching this in exactly the same way you are. I assume everyone at this point can access my name, DOB, address, social. So the only real solution I've found is to freeze our credit.

I feel like the credit monitoring services are just a reactive, feel-good, bit of nonsense. They are pushed hard by the credit bureaus and the credit card companies because they want you to choose that service that is a revenue stream for them and keeps you able to easily open new accounts and take on more credit without pausing to think about it.

[RickFLM4]

Also as an FYI, some credit cards can provide you a form of basic credit monitoring. My Chase VISA reports my credit score and any new accounts (for example when I unfroze my credit temporarily to get my car) that would help me flag anything unusual. I don’t think the credit agency reporting does much more than that. Discover also claims to be able to identify and tell you when they find your info on the Dark Web but I am skeptical of the completeness of any such information they find.

[2000cs]

Quote:

Originally Posted by DETRoadster

I dont think it's a password issue. If I had your PayPal account login and password, would I use that info to try to open a credit card account or would I use it to go on a shopping spree with the card you already have linked to your PayPal account?

Fair enough; that’s just my first response when I get any concern.

I have had credit monitoring for several years because it was provided free by the breached companies. I have not had any problems and I really don’t see a lot of advantage to those services (CreditKarma is fine to monitor credit scores, which can be impacted by a breach).

I have only one credit card I use online. If I have any indication it has been breached, I can cancel it and impact all online accounts/merchants immediately. All of my credit cards have instant notification of transactions via text set at $1.00. My wife thinks I’m watching every dime she spends, which is kind of true, but the purpose is to know when something starts, not much later. And since she is prone to leave her card at the merchant or just lose it...

I also maintain multiple bank accounts and do not link them (no overdraft protection). The account I use for all checks and is public facing has a bank-provided $10k cyber/identity protection. So I keep that balance below $10k except briefly before paying for something expensive (new car) or whatever. I can transfer money between accounts via app very quickly, so there is no need to link the accounts and give a perp access to all my banking funds.

I hate debit cards because they have so little protection. I have one linked to a separate checking account in which I keep less than $1,000 so there is money if I need a larger ATM withdrawal but my risk of a stolen/skimmed debit card is tolerable. I never use it for purchases or other transaction other than at my bank’s ATM. My wife uses hers (joint account), so again I watch it closely since she loses things.

Investment accounts are with a different institution and 100% electronic. No paper statements even (from any bank).

I have very few credit accounts because my credit cards are sufficient for all transactions. I almost never use checks (I use the bank’s bill pay service).

I have a work email account and I am pretty strict about that being work only. I have a personal email account that I use for communication with family and friends, and financial institutions, etc. And I have and create/kill other accounts for temporal things like buying or selling cars and other on-line individual transactions (CraigsList, FB Marketplace, etc) although I rarely use those services. All forums I am on use the low-security potentially temporary email accounts - and I use a different login/screen name on most forums.

Through all of these, which evolved over many years to this point, I have minimized the access points to my credit and identity. Another breach could still happen, but I think I have the risk contained within my tolerance.

[DETRoadster]

Quote:

Originally Posted by 2000cs

Fair enough; that’s just my first response when I get any concern.

Definitely good advice and that's usually a go-to for me as well at the first sign of trouble. Apologies if I came across snarky. Was not my intention.

Quote:

Originally Posted by 2000cs

Through all of these, which evolved over many years to this point, I have minimized the access points to my credit and identity. Another breach could still happen, but I think I have the risk contained within my tolerance.

That's the approach I took for years too. It finally got to the point after breaches at Target, TJ Maxx, Experian, etc., etc., that I finally just said "F it, they have my info so now what." I just assume all my shit is out there. Locking that credit down seems to be about the only sure-fire protection one can have. Until these scammers figure out how to impersonate me and lift my credit lock!

[Rmtt]

Quote:

Originally Posted by 2000cs

Fair enough; that’s just my first response when I get any concern.

I have had credit monitoring for several years because it was provided free by the breached companies. I have not had any problems and I really don’t see a lot of advantage to those services (CreditKarma is fine to monitor credit scores, which can be impacted by a breach).

I have only one credit card I use online. If I have any indication it has been breached, I can cancel it and impact all online accounts/merchants immediately. All of my credit cards have instant notification of transactions via text set at $1.00. My wife thinks I’m watching every dime she spends, which is kind of true, but the purpose is to know when something starts, not much later. And since she is prone to leave her card at the merchant or just lose it...

I also maintain multiple bank accounts and do not link them (no overdraft protection). The account I use for all checks and is public facing has a bank-provided $10k cyber/identity protection. So I keep that balance below $10k except briefly before paying for something expensive (new car) or whatever. I can transfer money between accounts via app very quickly, so there is no need to link the accounts and give a perp access to all my banking funds.

I hate debit cards because they have so little protection. I have one linked to a separate checking account in which I keep less than $1,000 so there is money if I need a larger ATM withdrawal but my risk of a stolen/skimmed debit card is tolerable. I never use it for purchases or other transaction other than at my bank’s ATM. My wife uses hers (joint account), so again I watch it closely since she loses things.

Investment accounts are with a different institution and 100% electronic. No paper statements even (from any bank).

I have very few credit accounts because my credit cards are sufficient for all transactions. I almost never use checks (I use the bank’s bill pay service).

I have a work email account and I am pretty strict about that being work only. I have a personal email account that I use for communication with family and friends, and financial institutions, etc. And I have and create/kill other accounts for temporal things like buying or selling cars and other on-line individual transactions (CraigsList, FB Marketplace, etc) although I rarely use those services. All forums I am on use the low-security potentially temporary email accounts - and I use a different login/screen name on most forums.

Through all of these, which evolved over many years to this point, I have minimized the access points to my credit and identity. Another breach could still happen, but I think I have the risk contained within my tolerance.

Reading this was almost scary as I do the same pretty much verbatim.