Four steps to protect your credit from data breaches

In the wake of Optus, Medibank and other big-business data breaches, Australians are rightly concerned about how their personal or financial information may be misused.

And that risk is only getting worse. An alarming 17% of Australians have experienced their personal information being misused in the past year, according to a survey by the Australian Institute of Criminology - and 78% of respondents who reported victimisation in the past year experienced a financial loss as a result.

Businesses access and use data for a range of reasons, and data can be critical to providing products and services that meet the needs of individuals.

Unfortunately, the increasingly frequent and sophisticated attacks on data security mean that both businesses and individuals are now having to do more to protect that data. For individuals, there are some simple steps you can take to protect your credit identity.

Look for unfamiliar activity on your credit report

Australians can access their credit report for free, every three months, from each of the three main credit reporting bodies in Australia - Equifax, illion and Experian. Your credit report is the first place to check for any fraudulent credit applications or credit accounts in your name.

Your credit report includes a five-year history of any credit applications you have made, as well as accounts held in your name. If you see a credit application or opened account that you don't recognise, it could be a 'red flag' to act upon immediately.

It is important to get your credit report from all three credit reporting bodies as different lenders may use one or all of the credit reporting bodies.

Seek to have any wrong information corrected

If any of the information in your credit report appears to be inaccurate, out of date, or misleading, you should contact your credit provider or the credit reporting body first and ask them to explain why the information is on your report.

If you are not satisfied with their explanation, tell them why and request it is corrected. You can speak to any credit provider or credit reporting body who holds your credit information (not just the organisation responsible for the incorrect information) to ask them to correct it for you.

Consider whether you have documents or other information to help explain that the information on your credit report is inaccurate.

The credit provider or credit reporting body must respond to you within 30 days - unless you agree to extend that period. Once the matter has been investigated, you must be provided with a written response indicating whether a correction will be made, and if not, why not.

If you're still unhappy, you can ask the credit provider or credit reporting body's External Dispute Resolution (EDR') service to look into it; these are independent bodies, such as the Australian Financial Complaints Authority (AFCA) or Telecommunications Industry Ombudsman (TIO), who look into complaints.

The particular EDR service that will investigate your complaint will depend on who you are complaining about. Don't worry - if you complain to the wrong service, they will guide you on the process. You can also contact the EDR service if you have not received an answer to your complaint within 30 days.

Consider implementing a short-term credit ban

If you've been impacted by a data breach or notice fraudulent activity on your credit report, consider requesting a short-term credit ban.

If a fraudster applies to a lender for a loan in your name, the lender will usually ask a credit reporting body for a copy of your credit report. If you've requested a ban on your credit report, the lender won't be able to access it, and therefore won't be able to assess the loan. This should stop the fraudster's loan application from proceeding.

You can apply for a ban from any of the three different credit reporting bodies. When requesting a ban with one credit reporting body, you can also ask the credit reporting body to arrange a ban with the other two credit reporting bodies.

If you are legitimately applying for credit while there is a ban on your credit report, you should remove the ban before applying for new credit or talk to the credit provider before submitting the application.

Monitor your credit report regularly

While now is a good time to check your credit report, it's not enough to check it then forget it. Particularly in the current environment of heightened data security risks, we all need to be vigilant about checking our credit report regularly.

Consider monitoring your credit report by subscribing to an alert service from each of the three credit reporting bodies. Alerts tell your whenever your file has been accessed - and you'll be able to check if the access looks suspicious, for example if your credit report has been accessed by a lender that you are not familiar with, it could mean someone else is applying for credit in your name.

All credit reporting bodies offer credit alert services: Equifax provides alerts directly, illion offers credit alerts through Credit Simple, and Experian provides alerts through Credit Savvy.

Taking control of your credit report has never been more crucial, and there is no shortage of advice online and in the media about how to protect yourself from fraud. However, it is important to remember that no one step will provide total protection. For comprehensive protection, follow each of these four simple steps with each of the credit reporting bodies, rather than just one.

Different credit providers may use different credit reporting bodies when assessing an application for credit, so setting up the right protection with each body helps reduce the risk that a fraudster could take out credit in your name. It's frightening to think of someone stealing our identity and racking up debt in our name, however there are protections in place to alert us to and protect us from this kind of activity - we just need to make sure that we use them.

Get stories like this in our newsletters.