Adam May 10th, 2007
Filed under: Life and Everything Else
Tags: linked articles, news, opinions, politics
3As identity theft has grown to staggering proportions in the United States over the past 10 years or more I have been horrified at the willful corporate negligence that allows this to happen at all. Why does identity theft exist? One simple reason:
Lenders are willing to grant a line of credit based solely on one’s ability to recite (or print) a name, address, and matching public number.
Why they are willing to is a more complex issue, but comes down to the fact that creditors don’t pay the brunt of the costs of identity theft, ordinary people and retailers do. For a short while when I was getting myself situated as a post-college adult I tried to not give out my SSN to anyone for whom it wasn’t properly needed. The government needs it for tax purposes — its original intent — and the bank needs it for car loans, but Verizon sure as heck doesn’t need it to sell me a cell phone, or the cable company to sell me internet service, etc., etc. After fighting for a while I gave up, but with ever more worry about my chances of identity theft.
Most uses of a person’s SSN are actually perfectly good uses of the number. The SSN is [and only is] a unique identifying number that all citizens have. Using a unique identifier in university, employer, and customer databases is a very good way to prevent setting up multiple accounts for the same person. No one should have to worry about giving out their SSN to any and everyone who wants it. The big problem however is that lenders seem to stick their heads in the sand and pretend that the SSN is some kind of privately known password. It never was and was never intended to be a password.
So now in our current day anyone can sign up for a credit card in my name provided that they know my name, address, and public number [SSN]. That person can then run up the balance on this card and then I get stuck with years of fighting to clear my record of someone else’s abuses while being denied legitimate credit and/or forced to pay high premiums due to a tarnished credit rating. All of this because lenders refuse to more strongly check who someone is before opening a line of credit.
Until recently what could you do to prevent identity theft? Nothing substantial. You could shred credit card offers, try not to give your SSN to too many people, but there was no way to prevent it from happening. The three credit reporting agencies Equifax, Experian, and Trans Union are all happy to sell you a “credit monitoring” service for $6-$12 per month, but this doesn’t actually prevent anyone from opening an account in your name, it will only tell you after the fact that it happened.
As noted in this this Washington Post article, finally — and in the face of enormous lobbying from the credit reporting industry — 33 states and the District of Columbia have passed laws requiring that the credit reporting agencies allow people to “freeze” their credit reports, preventing lenders from opening lines of credit in that person’s name (1). In return, you are given a pin number (a weak, but real password) (2) that can allow you to temporarily “thaw” your credit report to allow access to certain businesses that you wish to open a line of credit with. The credit reporting industry has tried hard to fight these changes and have been most successful by trying to keep the fees for this “service” high and the delays in temporary thawing long. I don’t believe that there should be any fees for this as they are essentially blackmailing us with our credit score, but I digress.
What I see an ideal implementation of this idea is that a person places a freeze on their credit report and is returned a [more than 4-digit] password. When that person does want get a credit card, mortgage, or Verizon phone they fill out a web-form or call the credit reporting agency and supply their password and the name of the company that needs to access it. 15 minutes later that company only can pull your credit report and maybe can do so for the next week as needed. If you loose your password you would then need to contact the credit reporting agency and answer a heavily detailed questionnaire — with things like what month/year did you buy your first house, when did you open your first credit card, when did you close that account, who is your mortgage with, how long have you been with your current employer, etc — as well a provide several forms of identification, valid drivers license numbers, valid passport numbers, etc. The total of passing all of that would be a very good indicator of your identity and allow you to get a new “thawing” password.
In my home state of Vermont, while we were one of the first to pass a law requiring the ability to freeze credit reports, the credit reporting lobby was successful in forcing a $10 charge for the freeze (unknown cost to thaw) and requiring that all freeze-thaw requests go through certified mail, adding another $4 to each. This brings the initial freeze cost to $42 since each reporting company must be addressed separately. The reporting companies then must add the freeze within 5 days of receiving the request. This is still a large cost and hassle, but at least we can now at least do something to help prevent the theft of our identities. I will be contacting my state representatives to urge them to amend our legislation to reduce the costs and ease the thawing hassle with a system like that of Delaware and NJ.
By the way, if you didn’t read the Washington Post article, it is very in-depth and informative. Here are some other helpful links:
- Government agencies, companies who you currently have accounts with, and a few other special cases would be able to access your frozen report. Also, a limited amount of information — such as just your overall score — is available to allow lenders to know if they want to market their services to you, but not enough for them to open an account.
- This pin number is only specified in the laws of some states, NJ in particular. Laws in other states may vary.
Edit: I incorrectly quoted the certified mail charge as $10 per letter. It is as of this writing $2.63 + regular postage.