Recent Retail Data Breaches Could Threaten Home Buyers’ Credit

Posted on February 5th, 2014 by Dan Rampe

Home Sale

Could your dream home turn into nightmare because you bought underwear which turned out to be the wrong size and had to be returned? That’s what some experts are saying. No, not because the underwear didn’t fit and you could stand to lose some weight. It was because you bought it with a credit card.

Mortgage credit experts warn that the breaches that occurred at Target, Neiman Marcus et al. could wreak havoc with some people’s credit, lowering credit scores and threatening loan applications. And anyone who’s bought property that’s drawn a lot of interested buyers knows that the seller is not going to wait while a buyer’s credit history is sorted out.

Writing in the Washington Post, Kenneth R. Harney details the trials and tribulations likely to arise in real estate and housing as a result of hacks on major retailers.

The Target breach alone could touch as many as 70 million credit and debit card customers, according to the company. Neiman Marcus says that data on 1.1 million of its customers may be vulnerable to fraud. Data security researchers report that at least six other merchants have experienced data breaches from point-of-sale malware similar to what was used in the Target thefts.

Both Target and Neiman Marcus have sought to reach out to customers and have offered free credit-monitoring services. But credit experts say it’s likely that given the sheer size of the data thefts, large numbers of people either have not taken advantage of these offers or have, for varying reasons, not been aware that their data may have been compromised.

So what are the potential blowbacks on home sales and mortgage applications?

Start with the basics: Identity theft, if not corrected quickly, can make a mess of anyone’s credit bureau files. Though victims may not be liable for the unauthorized debts racked up, their credit reports — and, in turn, their credit scores — can be damaged for weeks or months.

Listen to Terry Clemans, executive director of the National Consumer Reporting Association, the primary trade group that represents independent credit-reporting companies serving the mortgage industry.

Clemans says that mass identity heists such as those at Target and Neiman Marcus have the potential to create “havoc on credit files for as long as it takes for the consumer to document [that] the accounts are due to identity theft and get them removed from the file. The impact on credit scores, although short-term, is devastating because they are current defaults and [trigger] a big hit to the score. With the sizes of the breaches, this could be painful for a long time.”

Sarah Davies, senior vice president for VantageScore Solutions, one of the two major providers of consumer score models used by banks and other creditors, confirmed that unauthorized debts on credit reports “can have quite a big impact” and could interfere with certain transactions you want to undertake, such as buying a home or applying for a mortgage.

Among the scenarios that could begin surfacing as the stolen information from retailers is sold and used in the coming months:

  • Home sales could be knocked off track by the sudden appearance of new debts on buyers’ credit reports. Many lenders monitor national credit bureau files electronically from the date of loan approval to moments before closing. Even if you explain that you were a victim of identity theft, your financing could be put on ice until you and the bureaus clean up your reports. That could cause you to miss contractual deadlines with the home seller and, worst case, cause you to lose the house.
  • Undetected run-ups of balances on credit cards could seriously affect “utilization ratios” — how much of the available credit maximum a consumer has drawn down — and cause declines in scores. High rates of utilization, or “maxing out,” are penalized by the major scoring models. Lower credit scores, in turn, may disqualify you for a mortgage, at least until you are able to document to the credit bureaus’ satisfaction that the new debts were the result of identity theft.
  • Undetected use of your information to create one or more new credit cards could be especially damaging and time-consuming to fix.

Clemans notes that although merchants and the bureaus may be eager to help resolve identity theft situations, they are also on guard against attempts by consumers to blame everything negative in their files on identity theft. They’ll want proof and documentation before expunging the bad information.

In the mortgage context, there’s another complication: Although independent credit reporting agencies, which resell and reformat the national credit bureaus’ data for lenders, can often help advise loan officers on ways to improve their applicants’ scores — a service known as “rapid rescoring” — they can’t help in identity theft repairs. That needs to be done by the consumers themselves, by contacting the bureaus, placing fraud alerts or freezes on their accounts, then working to clean out the bad stuff, line by line.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 160 million active user accounts, 2,500 customers and 10,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.