After someone tried to hijack my credit card, I filed an initial fraud alert for extra protection. Then I tested it by applying for a new card from a different issuer.
To back up a minute — a fraud alert is a kind of red flag used by the big three credit bureaus. After you file one, lenders are supposed to make extra sure they’re dealing with you, not an impostor. They can still pull your credit report and process a loan application, but the alert on your credit report should give them pause.
You file the alert with one of the majors, and they share it with the other two, when you have reason to believe you are at risk.
I had reason. My all-purpose card had nearly been taken over. Someone, using the card number and my identifying details, had tried to change the mailing address. They were probably about to ask for a new card to be mailed out, but an alert from the card issuer reached me in time to stop the hijacking.
The episode provided a chance to test the anti-fraud system by applying for a new card. Now the results are in: For me, in the very limited sample of just one card application, the alert seemed to work.
A week after filing my online application, a letter arrived from my prospective new card company (whose identity I’m withholding out of paranoia). They said I had to call to confirm some details about the application.
This double-checking already demonstrated more rigorous security than the “30-second approval” touted on the card’s website. The phone number to call was answered by the card’s security department. They asked me to verify my birthdate and Social Security number — causing me some disappointment. Those bits of information are already known to fraudsters. That’s what they used to convince my other, compromised card issuer to change my mailing address.
Fortunately, however, that wasn’t the extent of the checking. The rep I spoke to could see that the number I was calling from matched the one I had provided on the fraud alert. An impostor might be able to get hold of the letter, but spoofing a call from the correct phone number would take a lot more cunning.
The next bad guy who tries to grab my account will also have to clear another hurdle — the voice password. Anyone calling customer service has to provide this password, plus the usual identity details, as an extra security measure.
The new card should be in my mailbox in another week. I wish I could test the alert with a few more credit applications, especially as it is only the first line of defense. A more serious move is a credit freeze, which blocks your credit report from being viewed until you decide to lift the freeze.
But I should hold off on loan applications for a while. Any more hard pulls of my credit report will trash my credit without help from fraudsters.