Experian Identity Theft Protection = FAIL

Several weeks ago my years of free credit monitoring (courtesy of a number of high profile data breaches wherein my personal information may have been exposed) finally expired. So I decided it was time to shop for Identity Theft Protection services. My search led me to ProtectMyId.com – A part of Experian who seemed to have a pretty decent service at a reasonable price. Unfortunately therein lies the following cautionary tale.

So I fill out the easy 3 – step web application and viola! I’m protected by Experian. All I have to do is wait for the confirmation email and sign in to the web page and I’m golden. But then it starts to get ugly…

Instead of a confirmation email, I get a notice that “my social security number doesn’t match“. So I’m thinking “no big deal, I must have fat fingered something,” but there’s a phone number that I can call to finish the process. So I call that number and after explaining the situation to the nice lady, she decides that we should just ignore that earlier application and let it die on the vine and do a whole new telephone application. So far so good. Or so I imagine. Then at the end of this lengthy app interview, to verify my identity (i.e. authenticate me) she reads these questions that her system generates from scanning my credit information and enters the answers I give her. Once again my app is denied because of a wrong answer. The nice lady, of course, has no way of knowing which question was answered wrong or what the correct answer was, so she tells me to call back in 2 hours and try again.

By this time I’m fed up with Experian’s authentication processes and decide that it just isn’t worth the effort. So I call Experian back to cancel the application(s). Another very nice lady handles the call and is able to cancel the phone-based application and gives me a cancellation number, but can find no way to cancel the web-based application.  She tells me that it may take “5 to 7 business days” for the cancellation to take effect. Now at this point I’m hearing some bells go off in my head – 5 to 7 business days for the cancellation to take effect? I never successfully completed any applications, and therefore never received any service so what exactly is there to “take effect” with the cancellation? So I check my bank and sure enough, there is not 1 but 2 pending charges to my account from Experian for 2 annual fees for ProtectMyId.com. A fair chunk of change.

So now I’m thinking, that’s a little concerning, but it’s not too uncommon for pending changes to never actually go through. But the next day both charges actually go through. So once again I call Experian [this is the third time if you are keeping count] and get to talk to another very nice and patient (given my snarkiness) lady who can’t figure out how to cancel anything but assures me that the cancellation will take effect in 5 to 7 business days. She apologizes profusely and pins her lack of ability to make fixes on the “IT department”. Now having been involved with “IT” for my entire career I get that one of the primary missions of any IT department is “scapegoat”. But seriously 5 to 7 business days? While Experian’s IT department may very well have issues,  this is not one of them. This is a business policy issue.

So finally 5 business days later I get a refund from Experian. And a nice glossy letter welcoming me to the ProtectMyId.com program. Not being one to just live and learn without making a fuss, there are several things about this experience with Experian that really bother me. So I would invite any representative of Experian to explain some things and answer the following questions.

  1. When I buy anything from Amazon or NewEgg they never bill me until the product actually ships. Even when this makes them split an order because some items are not available when others are. Why does your billing system charge before services are delivered and before the order is even approved?
  2. You might claim Caveat emptor (Buyer beware) since I was the one who authorized the charges. Only I wasn’t. Since I was rejected due to failure to authenticate, then how exactly could I authorize anything? [That’s rhetorical – you don’t need to answer that]. So my question is: How do you justify taking money from a source that you have good reason to believe is fraudulent?
  3. Since it takes 5 to 7 days to do perform an IT process as trivial as a refund, how exactly is anyone supposed to trust Experian to flag identity theft in a timely fashion? I mean isn’t timely detection what the service is based on? This is the 21st century – 5 to 7 days to detect identity theft does not even pass the laugh test.

So how about it Experian? Send me a reply. I’m dying to see how you can spin this because the obvious answers are pretty ugly.