PenFed
Since I have been with PENFED for about 36 years my comments may be considered a tad biased. However, the reason for the "freeze" I thought was to protect your information from UNAUTHORIZED invasions. If you are applying for an account (with PENFED or any other institution) I would think that would be not fit that definition. Since PENFED has a full range of services for members (loans, savings, checking, HELOC, mortgages, etc.,) I would think they need to clear members for the full range, not knowing what the member may want to avail themselves of, today or in the future. Releasing the "freeze" for the time necessary for the PENFED credit check to be accomplished seems reasonable to me (but obviously not to you). However, I am happy that PENFED does much to protect the current members by "playing to the letter of the rules".
OAG=Old Army Guy. Retired CW4 USA (US Army) in 1979 21 years of service @ 38.
OAG,
I'm with neverknow on this issue. Even the best of security still has human involvement, so there is risk of identity theft. Neveknow was prepared to lift the freeze. She wasn't prepared to divulge her PIN. If the PIN is comprised, then the credit freeze could be circumvented.
I don't use a credit freeze, so I admit I don't what the standard business practice is. However, if the process involves requesting the PIN, shouldn't this have been disclosed prior to the submission of any personal information?
By the way, I am a (satisfied) PENFED member as well, but that doesn't affect my opinion on a business practice that seems out-of-touch in the digital world.
I'm with neverknow on this issue. Even the best of security still has human involvement, so there is risk of identity theft. Neveknow was prepared to lift the freeze. She wasn't prepared to divulge her PIN. If the PIN is comprised, then the credit freeze could be circumvented.
I don't use a credit freeze, so I admit I don't what the standard business practice is. However, if the process involves requesting the PIN, shouldn't this have been disclosed prior to the submission of any personal information?
By the way, I am a (satisfied) PENFED member as well, but that doesn't affect my opinion on a business practice that seems out-of-touch in the digital world.
Paul
A phishing site would know to use the same phone number. Everything looks like an authentic site. That's why you see the graphic symbol when you sign into Vanguard. Its to confirm you are actually on their website and not a copycat that is set to record keystrokes.neverknow wrote:Actually, I did something stupid, I have been worrying about. I responded to the email. I just checked. I got an electronic response that they received my response email.paulob wrote:Did you confirm with PenFed that they sent the email. I assuming that you did. If so, that is very, very surprising.
If it was me, I would ask to speak with their security staff, not a customer service agent. Just to confirm it was their email. It doesn't sound like you divulged any personal info in your reply, so I doubt there is risk. But you can ease your worrying by making the call to confirm it was Penfed.
Paul
Finding the source of the email is more than looking at the internet address. The bad guys know how to fake addresses to look real. Complicated subject. Citing the Patriot Act is a red flag - that does not sound right. It's good that you didn't give out the PIN.neverknow wrote:Their original email matched up with the postal mail -- the phone number to call was the same. I didn't reveal anything in my response email, other then no thank you, and mentioning this was not a very secure way of doing business. The email acknowledging receipt on my email looks legit enough. It all looks legit.
Very surprising that an email would be asking for my PIN number to lift a security freeze. I should be the only one who ever has this PIN number.
Call the credit bureau and ask if anyone other than you should have the number. Explain what happened and see what they say. If they say to disclose the PIN to PenFed, OK. If they don't agree, then they'll tell you what to do, as this is a security problem. You need peace of mind to resolve what happened. They may want more details about the email.
I was not suggesting giving the "PIN" to anyone, email or otherwise; what I meant was OP could lift the "freeze" (Personally) to allow the credit check to be run by PENFED, assuming OP wanted to establish the account. Frankly, based on my dealings with PENFED both personally and long-distance, (setting up a full range of PENFED accounts) I have never been subjected to what OP is stating. In any event, with the exception of replying to the email, it appears there has been no potential damage to this point and I hope that remains the case for OP's benefit.paulob wrote:OAG,
I'm with neverknow on this issue. Even the best of security still has human involvement, so there is risk of identity theft. Neveknow was prepared to lift the freeze. She wasn't prepared to divulge her PIN. If the PIN is comprised, then the credit freeze could be circumvented.
I don't use a credit freeze, so I admit I don't what the standard business practice is. However, if the process involves requesting the PIN, shouldn't this have been disclosed prior to the submission of any personal information?
By the way, I am a (satisfied) PENFED member as well, but that doesn't affect my opinion on a business practice that seems out-of-touch in the digital world.
OAG=Old Army Guy. Retired CW4 USA (US Army) in 1979 21 years of service @ 38.
Yes, but it would be insane for them to accomplish that by obtaining a customer's PIN.OAG wrote:Since I have been with PENFED for about 36 years my comments may be considered a tad biased. However, the reason for the "freeze" I thought was to protect your information from UNAUTHORIZED invasions. If you are applying for an account (with PENFED or any other institution) I would think that would be not fit that definition. Since PENFED has a full range of services for members (loans, savings, checking, HELOC, mortgages, etc.,) I would think they need to clear members for the full range, not knowing what the member may want to avail themselves of, today or in the future. Releasing the "freeze" for the time necessary for the PENFED credit check to be accomplished seems reasonable to me (but obviously not to you). However, I am happy that PENFED does much to protect the current members by "playing to the letter of the rules".
Paul
-
- Posts: 252
- Joined: Sat Jul 07, 2007 9:06 am
- Location: The Internets
This sounds like phishing to me. I'm also a very satisfied PenFed customer - everytime I need to input my pin, I input it on my telephone keypad instead of telling it to the CSR. I get the impression that PenFed guards your pin very carefully so this sounds very phishy.tibbitts wrote:There is no possible way any legitimate financial institution would ask for a PIN number via email.
Paul
I understand. That was not my intention.OAG wrote: I was not suggesting giving the "PIN" to anyone, email or otherwise; what I meant was OP could lift the "freeze" (Personally) to allow the credit check to be run by PENFED, assuming OP wanted to establish the account.
But you might want to reread her OP. She was already PREPARED to lift the freeze. She knew that when she applied. But it was the request for her credit bureau PIN, not her PENFED Pin that was the issue in the post. I'm not sure how to make that any clearer?
By the way, she did not ask for this PIN, but rather indicated I would need to lift the security freeze - which is as it should be.
Paul
- RustyShackleford
- Posts: 1682
- Joined: Thu Sep 13, 2007 12:32 pm
- Location: NC
Re: PenFed
That right there should tell you that you're dealing with charlatans.neverknow wrote:... an email citing the Patriot Act ...
(I'm a very satisfied Penfed member)
I'm not sure why Penfed even needs to run any kind of check to just become a member. If and when you apply for a loan, then a credit check would be run at that point. Even if they do one now, when you join, they would have to do another if you then applied for any type of loan in, say, a year.
I've been with PFCU (as we old timers call it) since 1973. Never had a single problem in all that time. When I applied for a mortgage or a loan or a credit card, they ran a credit check. Why would any bank or credit union need to run a credit check to just open a share savings account?
BTW, I've never been asked for any personal info or account info from PFCU by e-mail. All requests have been by phone (with someone I had done business with) or by snail mail.
This really does sound like a scam.
I've been with PFCU (as we old timers call it) since 1973. Never had a single problem in all that time. When I applied for a mortgage or a loan or a credit card, they ran a credit check. Why would any bank or credit union need to run a credit check to just open a share savings account?
BTW, I've never been asked for any personal info or account info from PFCU by e-mail. All requests have been by phone (with someone I had done business with) or by snail mail.
This really does sound like a scam.
- zzcooper123
- Posts: 539
- Joined: Sat Oct 13, 2007 5:55 pm
What? Where did you come up with the idea that they charge an origination fee for all loans? Do you mean consumer loans? [I assume you meant that because you said ALL loans.]zzcooper123 wrote:Does PenFed still charge a 1% origination fee for all loans?
As a Federal Credit Union, such a 1% "origination fee", I believe, would not be allowed for consumer type loans (not mortgages, where different rules may apply).
I thought credit checks where standard practice now for opening accounts with banks and credit unions. Probably because many of them offer a line of credit in case you over draw your account.
PenFed should not have requested neverknow's PIN and neverknow should never give it out.
PenFed should have told neverknow what credit reporting agency they needed to be temporarily unfroze to open the account.
It's up to neverknow as to whether on not to proceed with opening the account.
PenFed should not have requested neverknow's PIN and neverknow should never give it out.
PenFed should have told neverknow what credit reporting agency they needed to be temporarily unfroze to open the account.
It's up to neverknow as to whether on not to proceed with opening the account.
but you have a credit freeze on, so I would say your are a "very savy geek".neverknow wrote: I have to wonder how many folks don't know to not send this kind of sensitive personal information by email - no matter who is asking? I know my first gut response was that PenFed is a legit organization - am I wrong to not think I should send this out? But I am a very old geek. I do know not to.
neverknow
Paul
[quote="northend"]I thought credit checks where standard practice now for opening accounts with banks and credit unions. Probably because many of them offer a line of credit in case you over draw your account.
quote]
No, a credit check (with a credit bureau) is not "standard" for opening a credit union account. It may be common, but not standard. Many credit unions run a CHEX Systems report to see if you tend to bounce checks, but this is different than a credit report.
Some of those credit unions that run a credit report on new members do so, in part, to see what other loans the person has and they can "cross sell" refinancing a loan elsewhere with the credit union. This may have nothing to do with credit worthiness.
quote]
No, a credit check (with a credit bureau) is not "standard" for opening a credit union account. It may be common, but not standard. Many credit unions run a CHEX Systems report to see if you tend to bounce checks, but this is different than a credit report.
Some of those credit unions that run a credit report on new members do so, in part, to see what other loans the person has and they can "cross sell" refinancing a loan elsewhere with the credit union. This may have nothing to do with credit worthiness.
Great outcome! I applaud you for letting the early emotions dissipate and handling this very well. As you suggest, you may have saved a few identify thefts!neverknow wrote:For whatever it is worth, when I called up this morning to close the account - I mentioned this request for personal sensitive information in an open email, and how email is not secure communication. I suggested they add to all their emails the caution to not send personal sensitive information in any email, as it is not secure. Perhaps this would help for people who do not know - not to do this. And I wished them all the best. I really do believe in them, and what they are doing. I can see in all other aspects I have encountered with PenFed, they are trying to do things right.
I tried to be an agent for good, without grinding any personal axe I might have.
neverknow
I almost opened an account with Everbank. Their application page was not secure and no encryption - it started with http: instead of https:. I emailed them why I wasn't opening an account with them - their application page where I had to input sensitive info was not encrypted - an ID thief could see all the info I was sending, and the next day their application was https: and encrypted. I said thanks but no thanks - if they can be that careless with security what are the other problems with them? It is a very basic expectation that encryption would be enabled on an application page. You have a right to be leery of these kinds of issues.
I am writing to confirm that PenFed indeed requests the credit bureau PIN via e-mail. I received the following in response to a loan-processing related inquiry, so this was not an unsolicited e-mail.
Quite frankly, I am shocked that they would ask for the Equifax PIN. Equifax specifically states in the letter confirming the freeze that the PIN "is for your personal use only and should not be provided to anyone else, including potential creditors".Unfortunately the Loan Officer has not been able to make a decision on your loan since your Equifax Credit bureau is frozen.
Please provide us with the Personal Identification Number (PIN) connected with the security freeze for your credit bureau report. Or contact Equifax directly to unblock your bureau and then notify us when this has been done.
To provide your Equifax PIN, please contact a Member Service Representative at 1-800-247-5626, (541) 225-6700 or 510-376-7328 from a Class A DSN phone line. Representatives are available 7 days a week during the following hours:
Monday - Friday: 7:00 am to 1:00 am ET
Saturday - Sunday: 8:00 am to 1:00 am ET
If you need further assistance, please contact us.
Without the PIN, how would a credit union (to which you had applied for a loan) pull a credit report? I doubt PenFed cares about the nuts and bolts, but for most loans, they would need to get a copy of the report. It would not be wise to depend on a report they received from the applicant.Max54 wrote:I am writing to confirm that PenFed indeed requests the credit bureau PIN via e-mail. I received the following in response to a loan-processing related inquiry, so this was not an unsolicited e-mail.
Quite frankly, I am shocked that they would ask for the Equifax PIN. Equifax specifically states in the letter confirming the freeze that the PIN "is for your personal use only and should not be provided to anyone else, including potential creditors".Unfortunately the Loan Officer has not been able to make a decision on your loan since your Equifax Credit bureau is frozen.
Please provide us with the Personal Identification Number (PIN) connected with the security freeze for your credit bureau report. Or contact Equifax directly to unblock your bureau and then notify us when this has been done.
To provide your Equifax PIN, please contact a Member Service Representative at 1-800-247-5626, (541) 225-6700 or 510-376-7328 from a Class A DSN phone line. Representatives are available 7 days a week during the following hours:
Monday - Friday: 7:00 am to 1:00 am ET
Saturday - Sunday: 8:00 am to 1:00 am ET
If you need further assistance, please contact us.
That's the point of the PIN -- they should not be able to without your explicit permission.dm200 wrote:
Without the PIN, how would a credit union (to which you had applied for a loan) pull a credit report?
if you apply for a loan, you temporarily lift the freeze after you give the creditor the permission to access your report. After they have checked, the freeze is reinstated.
For what it's worth, I joined PenFed with a security frozen credit report without a problem. I was never asked to unfreeze it.
PenFed should not be asking for the Equifax PIN, but still...Max54 wrote:I am writing to confirm that PenFed indeed requests the credit bureau PIN via e-mail. I received the following in response to a loan-processing related inquiry, so this was not an unsolicited e-mail.
Quite frankly, I am shocked that they would ask for the Equifax PIN. Equifax specifically states in the letter confirming the freeze that the PIN "is for your personal use only and should not be provided to anyone else, including potential creditors".Unfortunately the Loan Officer has not been able to make a decision on your loan since your Equifax Credit bureau is frozen.
Please provide us with the Personal Identification Number (PIN) connected with the security freeze for your credit bureau report. Or contact Equifax directly to unblock your bureau and then notify us when this has been done.
To provide your Equifax PIN, please contact a Member Service Representative at 1-800-247-5626, (541) 225-6700 or 510-376-7328 from a Class A DSN phone line. Representatives are available 7 days a week during the following hours:
Monday - Friday: 7:00 am to 1:00 am ET
Saturday - Sunday: 8:00 am to 1:00 am ET
If you need further assistance, please contact us.
1. The quoted message from PenFed says you should call the PIN in, not email it.
2. The credit bureaus still don't make it super easy to do a temporary thaw. It's not crazy to think that some of PenFed's customers would rather trust their CU and not deal with Equifax's hoops.
Darin
Neverknow--Don't get me wrong. I do agree with you to a large extent. Maybe not to the point of trying to dissuade people from using PenFed, but enough so that I'd be sure to caution anyone considering taking out a loan or line of credit from them. PenFed probably didn't do anything technically wrong, but its representatives should emphasize that you don't have to share you PIN with them, and that, in fact, you are advised not to by the credit bureaus. PenFed should state that it's a convenience with a theoretical downside. Or something.
It's not so much that PenFed did something specifically wrong as it is that a good credit union should act in its members best interests, and I'm not convinced PenFed is doing so with respect to the PINs.
Note: I am a PenFed customer (mortgage, HEL, and credit card) and have been satisfied with the service so far. But then, I might not even have noticed a suggestion to cough up my PINs because I would not have considered it for a second. It likely just flew right past me.
It's not so much that PenFed did something specifically wrong as it is that a good credit union should act in its members best interests, and I'm not convinced PenFed is doing so with respect to the PINs.
Note: I am a PenFed customer (mortgage, HEL, and credit card) and have been satisfied with the service so far. But then, I might not even have noticed a suggestion to cough up my PINs because I would not have considered it for a second. It likely just flew right past me.
Darin
I thought banks ran credit checks on new customers as a means of confirming their identity. Some give the option of opening an account by submitting a paper form with a copy of your driver's license as an alternative. One way or another they do have to confirm you are who you say you are to comply with federal laws.
A slight diversion: I've been interested in the idea of putting a freeze on my credit reports for awhile. Is there any downside to doing this, other than the fact that you might have to bother with "unfreezing" the thing once in awhile, such as applying for a credit card? Would appreciate being directed to a discussion of credit freeze if anyone is aware of one.
"Life can only be understood backward; but it must be lived forward." ~ Søren Kierkegaard |
|
"You can't connect the dots looking forward; but only by looking backwards." ~ Steve Jobs
From my perspective. the main downside is that the thawing process doesn't always go as smoothly as I'd like. When I've needed to thaw, I've always had to do so with all three credit bureaus. (Well, there was one recent exception, but that's it.) Each time, at least one of the three was a hassle to one degree or another. Either it was hard to reach them (before there was online access), or it was hard to find the web page and then the transaction didn't go through when I tried it. Nothing huge, but when you want to take out a loan, you don't want to feel like you're fighting with a company that doesn't want to help you. It adds to whatever stress you might already be feeling when you're, say, putting together a deal for a home, or whatever else.Lbill wrote:A slight diversion: I've been interested in the idea of putting a freeze on my credit reports for awhile. Is there any downside to doing this, other than the fact that you might have to bother with "unfreezing" the thing once in awhile, such as applying for a credit card? Would appreciate being directed to a discussion of credit freeze if anyone is aware of one.
This shouldn't necessarily dissuade you from freezing, and the process has gotten better over the years. Plus, if you've lived in the same home for a long time and aren't moving, you might not experience the rejections of online freezes, although I've never quite figured out if that was actually the problem.
Darin
There have been a couple of recent transactions I've conducted that lead me to believe that your credit is routinely checked. I wanted phone service and the telco required my SSN to install. I said no, and had the choice of driving to the cable telco office a long distance away where I got to take a number and line up behind all the cable TV customers in order to plunk down a $50 security deposit to get phone service. Here's the Catch-22: when I went through same process to terminate service and get back my $50, the guy asked me for the last 4 digits of my SSN so he could look up my account! How did they have my SSN? I never gave it to them, so I guess they can go out and get it anyway - just like all the other hackers and crooks who can easily do the same thing if they want to.
The second instance is when I signed up for satellite TV recently. Once again, the SSN was required for a credit check. No option this time. Since everybody seems to be running your credit, I worry that Life As I Know It will come to a screeching halt if I freeze my credit reports.
The second instance is when I signed up for satellite TV recently. Once again, the SSN was required for a credit check. No option this time. Since everybody seems to be running your credit, I worry that Life As I Know It will come to a screeching halt if I freeze my credit reports.
"Life can only be understood backward; but it must be lived forward." ~ Søren Kierkegaard |
|
"You can't connect the dots looking forward; but only by looking backwards." ~ Steve Jobs
I agree with not giving out any PIN information via email. But I also wonder how secure give a PIN via a land or cell based phone would be even if given to Equifax or others!
Just FTR PFCU uses Verisign Encryption for email. (verisign.com | Owner: Verisign, United States, 487 E Middlefield Rd, Mountain View, CA, 94043 | Server location: United States).
Just FTR PFCU uses Verisign Encryption for email. (verisign.com | Owner: Verisign, United States, 487 E Middlefield Rd, Mountain View, CA, 94043 | Server location: United States).
OAG=Old Army Guy. Retired CW4 USA (US Army) in 1979 21 years of service @ 38.
-
- Posts: 990
- Joined: Wed Oct 28, 2009 7:12 pm
Neverknow:neverknow wrote:"Old Army Guy" - I love it.OAG wrote:I agree with not giving out any PIN information via email. But I also wonder how secure give a PIN via a land or cell based phone would be even if given to Equifax or others!
Just FTR PFCU uses Verisign Encryption for email. (verisign.com | Owner: Verisign, United States, 487 E Middlefield Rd, Mountain View, CA, 94043 | Server location: United States).
You have asked the right question (I think). Even putting the security freeze on, I was required to send via certified postal mail, 2 forms of positive identification (such as a utility bill, with my name and address). This did not necessarily seem like a good idea to me - security wise. But then again, I really don't like these credit bureau folks. After a few months of hesitation, I followed instructions - because to get what I wanted, I had no choice but to take the risk.
There is no one "play book". There is no certain guaranteed - how do I protect myself and my interests, even a "in general" checklist in this rapidly evolving technological world. I wish there was, but there isn't.
I do not use a cell phone. I rarely use a phone at all, but when I do - it is land based phone.
So blow me off as "paranoid" but some of us spent considerable working years in the business of protecting "secrets" - even computerized "secrets". What do we know? We know for a fact, there is always a cleverer geek. And we also know that the loudest voice proclaiming this new world of technology is safe and sound, no worries -- is private business wanting to sell us more products.
I am not paranoid. But the benefit has got to outweigh the risk, for me personally, for me to engage.
"Old Army Guy" is asking the right question.
neverknow
What is it that motivates you to kvetch about everthing that seems to be a burden to you such as being required to provide identification necessary to open a new account? You seem to be someone who would be comfortable living in a cave.
The disclosure is required by Penfed policy and/or federal law (Patriot Act). If you do not want to comply with such rules then dont open the account.
I dont understand such difficulties because I do my banking at a very large Money center bank that provides me with checking, savings overdraft and other benefits without the difficulties that you have encountered. While I may pay more I dont have to deal with the problems you have described which is a benefit to me.