How to Automatically Freeze Your Credit At All Three Bureaus

Credit freeze can stop potential thief by preventing opening new lines of credit. Don't let the recent hacks affect your financial identity.

Since the recent Equifax security breach and Deloitte Hack, many people have tried to freeze their credit in an attempt to safeguard their potentially compromised identities. Credit Freezes are a great way to remedy the current downfalls of legacy security measures, as it essentially implements a 2-factor authentication flow to your identity. As a startup focused on ensuring the highest levels of financial security, our team wanted to help with managing this daunting and intimidating process. This seemed like the perfect event to try our hand at automating the call to all three bureaus in the easiest and most secure way possible, since the process can take upwards of 2 hours.

What follows is a tutorial walking through the automation of a TransUnion credit freeze over the phone. Please see the github repo mentioned at the bottom of the page for a complete program, using Express/EJS, with all three major companies you will need to freeze with.

What we will use:

• NodeJS
• Twilio

Step 1: Twilio Account

Signup for a Twilio account and follow the directions to verify your phone number. You will need to upgrade from a trial account in order to make outbound calls to numbers we will be using. Lastly, setup a Twilio phone number.

Make note of the following, you will need them shortly:

• Twilio phone number
• Twilio auth token
• Twilio account id

Step 2: Create a TwiML script

TwiML is Twilio’s way of controlling the call flow programmatically.

Let’s look at an overview of the TransUnion call found on reddit’s Equifax Security Breach mega thread:

enter zip code
press 3 to add freeze
enter social security number
enter date-of-birth as 8 digits MMDDYYYY
enter house number from street address then # key
choose a 6 digit security code
press 1 to confirm
credit card number for $10 charge
4 digit expiration date of credit card MMYY

Here we have all of the logic we need to create a script for the call that provides this information. Let’s look at the TwiML script for this call:

<?xml version="1.0" encoding="UTF-8"?>
<Response>
   <Pause length="25"/>
   <Play digits="{{ZipCode}}"></Play>
   <Pause length="33"/>
   <Play digits="w3"></Play>
   <Pause length="10"/>
   <Play digits="{{SSN}}"></Play>
   <Pause length="10"/>
   <Play digits="{{DOB}}"></Play>
   <Pause length="6"/>
   <Play digits="{{StreetNumber}}"></Play>
   <Pause length="11"/>
   <Play digits="{{SecurityPin}}"></Play>
   <Pause length="7"/>
   <Play digits="1"><Play/>
   <Pause length="28"/>
   <Play digits="{{CcNum}}"></Play>
   <Pause length="4"/>
   <Play digits="{{CcExp}}"></Play>
   <Pause length="20"/>
</Response>

Note:

• <Pause> is used to wait out the gaps in between entering new information
• <Play> allows us to enter touch tone digits
• {{}} are templates that allow dynamically filling in data at the time of the call

Step 3: Host the TwiML script

Go to the Twilio console and locate the TwiML Bins as pictured below:

TwiML Bins

Here you will:

1. Create a new bin
2. Paste the TwiML XML code from the last step
3. Copy the URL of the newly hosted bin (you will need this in the next step)

Step 4: Application Code Setup

Let’s look at the core logic of our application to make this call:

// Setup Client
const twilio_accountSid = "[YOUR_TWILIO_ACCOUNT_SID_HERE]";
const twilio_authToken = "[YOUR_TWILIO_AUTH_TOKEN_HERE]";
const client = new Twilio(twilio_accountSid, twilio_authToken);
// Example Data
const data = {
  ZipCode: "12345",
  SSN: "123456789",
  DOB: "01011970",
  StreetNumber: "10001",
  SecurityPin: "123456", // Unfreeze pin for TransUnion
  CcNum: "123412341212334",
  CcExp: "0103"
};
// Build query string + TwiML bin URL
const reqURL = `${[YOUR_TWIML_BIN_URL_HERE]}?ZipCode=${data.ZipCode}&SSN=${data.SSN}&DOB=${data.DOB}&StreetNumber=${data.StreetNumber}&SecurityPin=${data.SecurityPin}&CcNum=${data.CcNum}&CcExp=${data.CcExp}`;
// Make the call using the TwiML URL
client.api.calls.create({
  url: reqURL,
  to: "+18889098872", // TransUnion number
  from: "[YOUR_TWILIO_LIVE_NUMBER_HERE]",
  record: "true" // Allows you to review calls on Twilio dashboard
})
.then(call => {console.log("Call ID: ", call.sid);});

In the code above note:

• The request URL for the call consists of the URL to the TwiML bin and the query string for the data values in the {{}} template tags to be filled in.
• Write down and keep your 6-digit security pin to unfreeze credit later.

Step 5: View Recordings

Visit your Twilio dashboard and navigate to recordings.

Recordings saved for each call when record is set to true.

In the last step, one of the options passed into the call was record: “true”. This generates a recording for every call and allows you to play back calls anytime.

Where to go from here?

Visit our github project to see all three major credit bureaus implemented. This project uses an Express server and has a GUI to enter all the needed information. At this time, we see improvements that could be made and could use your help to move the program forward! We want to inspire others to contribute to this work or at minimum, use the security principles for another project.

If you want to see what else we are working on check out Pei.