July 19, 2005

Identity Theft: It’s Time for National Credit Freeze Legislation

Filed under: Corporate Outrage,Privacy/ID Theft — Tom @ 1:23 pm

Though their profit and loss statements have probably never looked stronger, the three big players in the consumer credit information industry (Equifax, Trans Union, and Experian) are not happy these days. Apparently, those pesky consumers want too much information about themselves, and their legislative representatives want them to work too hard (poor dears) to protect that information:

Equifax CEO Criticizes ID Theft Response

SAN FRANCISCO – Fear of identity theft has led to big profits for credit-reporting agency Equifax Inc., but the company’s outgoing CEO said recently that he worries whether concerns over data security could eventually stifle consumer spending.

“It’s an epidemic that worries me to death,” said Thomas Chapman, chairman and CEO of Equifax, one of the nation’s top three credit-reporting companies, following a speech to about 50 people at the Commonwealth Club of California, a public affairs forum.

Chapman told the audience that identity thieves are rarely prosecuted, yet they cost the country $60 billion annually.

Then he whines about having to give out free credit reports (poor baby), and says they don’t solve the problem:

…. But Chapman acknowledges Equifax has “no silver bullet” when it comes to thwarting fraud. One popular belief is that checking a credit report once a year is a defense. That doesn’t protect consumers, Chapman said.

“It’s not going to help, and the public is starting to learn that,” Chapman said. He decried the government’s plan to force Equifax and the other top credit-reporting agencies, Experian and TransUnion, to provide annual credit reports free of charge.

“I’m all for good laws, laws that protect people. But this isn’t one of them,” said Chapman, who also opposes the law because it forces the companies to give away their product, which he called “un-American.”

There’s the crux of the issue. He thinks OUR information is HIS product.

So how does Mr. Chapman think we should deal with identity theft? In an April 26 Wall Street Journal column (not linked because it will be inaccessible in a few days), Mr. Chapman essentially says “everyone’s responsible” (in the real world that means no one is), and turns his suggestions into a sales pitch for credit-monitoring services:

…. we all must take an active role.

First, companies like Equifax that store and process this data must do everything they can to ensure their systems are secure.

…. Second, business customers that use personal data must be tenacious in verifying the identities of those seeking credit, insurance or employment from them.

…. Third, consumers must take a more active role in maintaining and monitoring their credit health. Checking one’s credit report, even several times a year, is akin to using your smoke detector only on weekends. It simply is not enough. As millions of consumers are discovering, credit monitoring services are a concept whose time has come.

…. Fourth, punishment for those who misuse this information must be severe.

I’m sorry, Mr. Chapman, essentially forcing consumers to pay $60 or so a year to make sure the information YOU are supposed to secure and protect is unacceptable.

A couple of letter writers to the Wall Street Journal on May 10 (link requires subscription) agree with BizzyBlog:

(from Hugh Siegel of New York)

…. No sir.

For too long now, consumers have been helpless to take control of their credit histories because of firms like Mr. Chapman’s Equifax. Anyone who has ever been denied credit for once having accidentally missed a payment knows how much arbitrary power these private companies wield over the lives of almost every American.

Now that identity theft is on the verge of becoming an epidemic, Mr. Chapman would like to foist the responsibility for protecting credit data onto the shoulders of the consumer. That’s unacceptable.

I keep my money in the bank, and if the bank gets robbed, the bank is responsible for the loss. Credit data is a valuable commodity. The banks that guard this data — often without the consent of the consumer — must accept full responsibility for damages caused by allowing it to fall into the hands of thieves.

(from Mark J. Barbeau of San Francisco)

Mr. Chapman seeks to convince us that recent calls for privacy legislation are somehow knee-jerk and unnecessary. They might be unnecessary if we could trust companies like Mr. Chapman’s employer, Equifax, to safeguard our personal information.

Unfortunately, companies like Equifax, Trans Union and Experian are preoccupied with the billions of dollars they earn providing individuals personal information, and they are slow to respond to the needs of those individuals whose information they’re selling. Any advances in protection of our personal information has not been spearheaded by these companies, but by legislation demanded by the public.

…. I would favor legislation that would prevent any such company from divulging any individual’s information to any company or private party without his or her express permission.

This would give people the long-overdue right to decide who can and cannot access their personal information and provide them with the security they need and deserve.

Though he doesn’t know it, what Mr. Barbeau is calling for is the right of every consumer to have a credit freeze placed on his or her credit files.

What is a credit freeze? It’s a blanket prohibition on access to your credit file by anyone besides you. How it works currently in California, one of the few states that have legislated the right to a freeze, is here.

BizzyBlog, who blogged on credit freezes a while ago, believes that national credit freeze legislation is an idea whose time has come.

Further, I believe the “freeze” position should be the default. In other words, if you want to be in the market for loans or know that someone else will need to access your credit file (e.g., a potential landlord, insurance company, etc.), you have to UNfreeze your file (which the bureaus could make a very easy process if they wished) so you can go out and do what you need to do. You could choose to allow your file to stay unfrozen indefinitely, proactively go in and freeze it again, or simply allow it to revert to the frozen state after some defined period of time (maybe 30 days).

And yes, all freezes and unfreezes should be free, Mr. Chapman. It’s our information.

Think of all the stories you have read and heard about identity theft. Most would never have occurred if credit freezes, and a system to detect attempts to use frozen files for credit, employment, or other services were in place (completing such a system would be a “relatively” easy task, given that the comprehensive infrastructure for doing this already exists).

Even if someone stole your wallet and took everything in it, you would ordinarily be bulletproof once you alerted all of your current lenders about what just happened and got replacement account numbers and cards. No new accounts could be opened unless the thief could figure out how to unfreeze your file–a relatively nice problem to deal with, compared to the pervasive identity theft exposure everyone has today.
___________________

UPDATE: USA Today notes that identity thieves and hackers are targeting consumers more, because corporations and businesses are getting better at protecting themselves from unauthorized access. All the more reason to make sure that consumers have the protection of a credit freeze if they want it.
___________________

UPDATE 2: Beep, beep–proudly stuck in the Outside The Beltway Traffic Jam.
___________________

UPDATE 3: Jeff and Credit/Debt Recovery weighs in (nice title-thanks), with a personal revelation to boot. Also, a persuasive comment:

Bottom line is, Chapman seriously thinks that it should be our responsibility to police the data his company regularly fails to secure, and we should pay him to allow us to protect ourselves. I can’t even get my head around that concept.

Scam Alert: Auto VIN Cloning

Filed under: Money Tip of the Day,Scams — Tom @ 1:10 pm

Vehicle Identification Number cloning is a growing problem. Here’s a piece from a Massachusetts TV station about it.

Here’s how it works:

Thieves know the vehicle identification number, VIN, is unique and different on every car. So first they copy VIN’s from the Internet, car dealerships, from cars in malls and junkyards. They make perfect duplicates of the VIN plates and paperwork. Finally they steal a similar car and replace its VIN with the copied one.

Presto: it’s cloned. The stolen car can no longer be identified as stolen; it has a new identity.

One man now working with police once cloned cars for a living. “All you need is a title and registration, and you can get the car back on the road in an hour,” stolen car expert Danny said.

Officers of the Massachusetts auto theft task force showed us envelopes that are essentially cloning kits, each full of fake VIN’s. Police said they seized the kits from a Fall River apartment where one suspect was staying.

“So each one of these is sort of an order for a stolen car?” Hank Phillippi Ryan asked. “Correct,” Trooper Wheaton said. “And these kits could mean the cloning is getting closer?” Ryan asked. “So people in Massachusetts could be victims?”

“They could potentially be buying, unknowingly buying, a stolen car,” Trooper Wheaton said.

When Shawna Martin’s mechanic found her car was actually a stolen automobile, she called the police. “I was making loan payments on a car I didn’t even have,” Lezniak said.

(The) problem is that the Massachusetts Registry of Motor Vehicles, like those in most states, isn’t equipped to share interstate info on duplicate VIN’s, and insurance experts showed us how easy it is to counterfeit a title.

“How many of these do you think are out there?” Ryan asked. “Oh I don’t know, hundreds? Tens of thousands,” Richard Murphy of the National Insurance Crime Bureau said.

To protect yourself at car buying time, police say make sure all the VIN’s on the car and the title are exact matches, and do a car history to check for anything suspicious.

Experts estimate 50,000 cloned cars are on the road right now, and they fear this new numbers game may make you the loser.

My immediate, unfortunate, risk-minimizing, and admittedly not-totally-informed reaction is that I won’t buy a used car from an individual, but will instead always go through a dealer, because my recourse against a dealer who unwittingly sells me a cloned vehicle should be greater. Of course, that’s scant consolation if the dealer goes under because he got duped too many times…..