Credit reports - do we have enough control to prevent fraud?

Experian, Equifax and Dun & Bradstreet (Illion ) were the first to steal my data and have been profiting from it ever since, it would seem.

1 Like

When I use PayPal to pay for on-line goods, I tick the PayPal box, which diverts me to my account in PayPal where I authorise the remittance to the vendor, and exit. The vendor knows nothing of my bank details. This is what we need when supplying data. Say a service requests a 100 point check to confirm your identity. The “PayPal” substitute agency (a government body that already has your Medicare number, tax file number, drivers licence number, passport number, etc) confirms your identity and then delivers a pass or fail to the service, which does not see, or have the ability to retain, your data. Such an agency would have to have bulletproof security, but as it’s just one site for all verifications, it’s better than vast numbers of organisations all holding confidential data.


A seemingly increasing number of merchants do not accept paypal per se, but they contract with paypal to process credit/debit card transactions. Ticking the paypal box might only take one to a screen where paypal acts as the ‘processor’ not to the ‘paypal payment system’.

Cards issuers skim their take from transactions but paypal takes its own cut when used as a payment system or processor; the amounts vary. The market is changing and businesses are trying to minimise the costs in their payment systems, hence it becomes a commercial decision for them which way to go and how. As consumers we mostly see (and use) ‘convenience’.


It’s the concept of PayPal I’m advocating. Don’t get hung up on my reference to PayPal per se. The debate shouldn’t be about the wisdom or otherwise of PayPal, it’s the notion of a central agency that has guarded access to your data and simply passes on a “pass” or “fail” status to whomever seeks access to your personal details


I understand what you are saying. And it would be very sensible.

Maybe some day the infrastructure will be established to provide support for the 100 point verification rules imposed on certain businesses, without them having to keep their own copies.

Totally up to Gov to do something.

The banking and airline industry managed to sort these issues out decades ago. Systems like Swift, Bpay, Eftpos, Sita and others that connect businesses to data.


The government already has…


And many businesses use the ID match system. The Government Digital Identity System could easily be mandated and rolled out across-the-board.


Well that’s all very nice of the Gov.

Nowhere can I find any reference to that ID being acceptable as a document to count towards to 100 point verification rule.

1 Like

It is used by many financial institutions as a method to prove identification, or to establish the 100 points. We used it about 12 months ago for such purposes and was a simple process


For what?

1 Like

For identity checking for financial 100 point check. It was setting up a new payment platform account with a new provider.

The financial organisation online portal offered selection of verification documents (passport, drivers licence etc) to be used. After selecting docs to be used to gain 100 points, a Government (digital) ID match portal appears. The verification process required loading an image/copy into a Government ID match portal and not the financial institution webpage (this is made clear through the process). The image is automatically (using AI?) compared to those in the government ID datasets. The financial institution indicated they only get validation codes when all documents have been presented through the Government ID match system and proof of identity is confirmed - it was close to instantaneous in our case. They don’t get information from/copies of the verification documents such as numbers, dates, photos etc.

The financial institution only got data I entered such as name, DoB, address, tax file number, other contact details etc. I suspect the validation code verifies the financial institution data is valid and full ID has been proven.

I was happy with this approach as the new provider was someone I was not familiar and not keen for them to have all my personal data. The financial organisation was the payment platform used by a booking platform we decided to trial.

What I found striking was the system must have shared records from Commonwealth Government, State Government and possibly some businesses where their documents are approved to validate a proof of identity. The government ID match website alludes this occurs.

The limitations for mandating such an approach is it would be suitable for new residents, younger generation etc which may not have standard Australian issued identity documents.

It was simpler than a previous ID check which involved taking original copies of ID documents to the Post Office, some which were copied and certified by Post Office staff.


Thanks. Good to know.

I look forward to this facility next year too.


It also appears from this

due to recent breaches, the government is considering mandating a centralised system… don’t know why it shouldn’t happen (except for unique cases some indicated above). It will cost business to integrate the government ID system into their identification processes, but it could be argued the potential benefits would outweigh the costs. It also significantly reduces business liabilities (and potential insurances).

There could be privacy issues with a centralised repository, but, I believe having personal information from breaches spread far and wide is a far greater risk.

Maybe it is something Choice should support and push for as it would answer the core issue in the original post. Dealing with credit reports as a solution is treating the symptoms and not the cause.

1 Like

I went with Barefoot’s advice and used CreditSavvy and it was straightforward and painless.
But, the real reason I’m posting this is to say that this forum topic has been the most mature and informative I’ve read in the Choice Community with no ‘big noters’ or ‘relevance seekers’ especially - so thank you to the contributors for your intelligent though diverse inputs.


The Choice Community can be a source of good information, and opinions based on experience.
I don’t recall anyone putting a post like yours but this site is my go to place for sensible trustable discussion.


Alan Koehler mentioned this.

These locks are available in the US. The credit companies have successfully blocked its introduction here. Now is the time to introduce it here.


Hmm. Which is better.
Laissez-faire and liberalism and capitalism.
Or socialism and particularly state socialism.

I do like Kohler, but in that article, he comes across as if he is writing a joke piece.

It starts off with this as the very first sentence:

“PM Anthony Albanese and his intrepid band of leftie ministers”

The rest is just obvious. Let’s hope the easy ones get addressed.

Over several years of dealing with Equifax, I do not want these organisations profiting in any way from our financial information - it’s a total let down and there holding of this information does not benefit me in my experience.

As to the suggestions:
Lock or Freeze Credit Reports: great but of course this also halts you from able to see credit during the period - so difficult if you’re buying a house, a car, changing banks and on it goes - it creates many an issue.

The fact these three organisations [Equifax, illion and Experian are making money from our own information, grates and I do not like it. particularly when all action to rectify any situation rests on us individuals.

I wish I could make money by just holding onto a list.


There are two relevant comments:

  1. A centralised system is a single point of failure both from the point of view of availability and from the point of view of data breach.
    So while I can totally see why people are thinking in that direction and in particular why government is thinking in that direction, it is not without its own problems. It would be more radical but someone should at least be looking at a decentralised solution.
  2. This has significant privacy issues as it injects government further into your life, with greater surveillance i.e. extension of the surveillance state.
    As a seemingly benign example: Right now to get access to a club of which you are not a member, absurdly you have to surrender all your drivers licence details. If that gets centralised, it might mean reporting to the government every time you enter a club of which you are not a member. Will that data be stored? For how long? Who will have access to it? Will it (inevitably) be used for law enforcement purposes? (Same problem as with COVID data.)

Didn’t we already solve that? :wink: It just needs banks and telcos not to store the details that were used for id purposes.


I think I saw/heard NSW Government is attempting something of this sort through an app. The ID is held there and all the service provider sees is a green tick that proves you are you. You would not need to hand over any information to the provider.

1 Like

I’ve been using CreditSavvy as well. Found it to be pretty straight forward & convenient. No cost & has monthly updates & credit activity alerts.

1 Like