Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Privacy fact sheet 37: Fraud and your credit report

pdfPrintable version209.47 KB

May 2014

Credit reporting ‘know your rights’ series no. 12

This fact sheet is the twelfth in a series that outlines what you need to know about how your personal information can be handled in the Australian consumer credit reporting system. It contains information about the steps you can take if you are concerned that you have been, or are likely to be, the victim of fraud. There are lots of technical terms used in the credit reporting system and we refer to some of those terms in this series. You can find more information about these terms in no. 2 (Privacy fact sheet 27) of this series.

What is fraud?

A person commits fraud if they use deception or dishonesty to:

  • obtain property belonging to another person,
  • obtain a financial advantage, or
  • cause a financial disadvantage to another person.

Identity fraud is a particular concern in the credit context. Broadly speaking, a person commits identity fraud if they use another person’s personal information to obtain a benefit or avoid an obligation (for example, where a person uses another person’s personal information to apply for a credit card).

For more information about identity security, see the Attorney General’s Department Identity Security webpage.

How do the credit reporting laws deal with fraud?

The credit reporting laws contain a new procedure to assist you if you believe that you have been, or are likely to be, the victim of fraud. This process involves 3 steps:

Step 1: An initial ‘freeze’ on your consumer credit report while the fraud is investigated.

Step 2: An extension of the freeze if further investigation is necessary.

Step 3: The destruction of any information contained in your consumer credit report that has been ‘tainted’ by fraud.

What steps can you take if you are concerned that you have been (or are likely to be) the victim of fraud?

If you are concerned that you have been, or are likely to be, the victim of fraud (including identity fraud) you can make a request to a credit reporting body (CRB) not to use or disclose the personal information in your consumer credit report. Because you may have a credit report with more than one CRB, it is a good idea to make this request to each of the three main CRBs.

In response to your request, each CRB will implement a ban period in relation to your consumer credit report.

What is the effect of a ban period?

During the ban period, a CRB will not use or disclose your consumer credit report (or the personal information contained in that report). This means that, while the ban period is in place, a credit provider will not be permitted to give a CRB any additional information for inclusion in your consumer credit report.

In addition, if a credit provider asks the CRB for a copy of your consumer credit report during the ban period, the CRB will tell them about the ban. This will alert the credit provider to the potential fraud.

While a ban period is in place it may more difficult for you to apply for credit. For example, the credit provider may need to collect more personal information directly from you.

How long does the ban period last?

The ban period will last for 21 days after you first make the request unless it is extended to allow for further investigation.

How can you have the ban period extended?

If towards the end of the initial 21 day period you are still concerned about fraud, you can request that the ban period be extended.

A CRB must extend the ban period where it believes that you have been, or are likely to be, the victim of fraud. If the CRB extends the ban period, it will give you written notice about that extension. This will include information about the length of the extension.

There is no limit on the number of times that the ban period can be extended.

Will you have to provide any evidence?

When making your initial request to a CRB you are likely to be asked for information about why you think you have been, or are likely to be, the victim of fraud.

However, you will not be required to prove that you have, in-fact, been the victim of fraud when making this initial ban request.

How will you know what information you need to provide?

At least 5 days before the end of the initial ban period (the initial 21 day period) the CRB will provide you with a notice explaining what information you need to provide to support your allegation of fraud.

If you do not provide this information, the CRB will remove the ban period from your consumer credit report at the end of the initial 21 day period.

Can you be charged for a ban period?

Requesting a ban period, or an extension of a ban period, is free.

How can you ensure that information tainted by fraud will not continue to affect your ability to access credit?

Destruction of personal information tainted by fraud

If a CRB is satisfied that:

  • you have been the victim of fraud, and
  • that it holds information about consumer credit which was provided as a result of that fraud (the fraudulent credit),

the CRB must destroy any personal information in your consumer credit report about the fraudulent credit.

The CRB must notify you in writing after it has destroyed the information about the fraudulent credit. The CRB must also notify the credit provider that provided the fraudulent credit that the information has been destroyed.

No further dissemination of information tainted by fraud

If the CRB had previously given another person or organisation a copy of your consumer credit report containing information about the fraudulent credit, the CRB must notify that person or organisation about the destruction of that information.

This requirement tries to ensure that the information about the fraudulent credit is not used or disclosed by another credit provider.

For further information

telephone: 1300 363 992
email: enquiries@oaic.gov.au
write: GPO Box 5218, Sydney NSW 2001
Or visit our website at www.oaic.gov.au