CRM News: News: Credit Reporting: Where Privacy Really Starts

Financial institutions and retailers do little to tighten the credit rating agencies' security processes. Why? For the same reason that this group does not want to see any more states enact laws to allow people to freeze their credit. Too-stringent security policies will keep some consumers from -- gasp -- using their credit to run up even more bills.

There is no limit, it seems, to what the research and development banks and other financial institutions are willing to spend to ensure that their customers' money is safe. The latest twist? Biometric safeguards, such as voice imprints or iris scans. To be sure, this technology already exists and is used in all sorts of high-end applications. It is likely just a matter of time before it filters down to retail use.

Speaking as someone who couldn't imagine life without online banking, I applaud these efforts. I would like to think that I could not fall for a phishing ruse or other such scam, but one never knows.

Indeed, banks go through a great deal of trouble to save customers from themselves, security-wise: A great deal of online thievery usually occurs precisely because of customer screw-ups. Either they fall victim to phishing scams -- and some of those cleverly disguised e-mails can look very authentic -- or their computers are not secure.

Paying When They Don't Have To

Even when a customer is at fault, banks know their reputation is on the line -- not to mention the success or failure of online banking -- if a victim of cyber theft is not compensated for the loss. If enough people lose faith in this channel, banks won't realize their expected return on investment for their online services.

Unlike other products that a bank may roll out -- say, low three-month savings account rates to entice customers to check out other products -- banks really do want customers to actually use online banking.

To forestall a loss of confidence, banks and other financial institutions -- online brokerages for instance -- tend to replace stolen funds even in situations when they are not required to do so by statute. (Recently there have been reported cases of online brokerages replacing tens of thousands of dollars missing from accounts due to fraud. The brokerages insist their security measures were not to blame.)

Considering that the financial services industry tends to resist laws or new regulations -- whether a requirement to advertise loans using a standard APR or a mandate to invest in low-income neighborhoods -- voluntary compliance with an emerging practice says a lot about its current mindset.

A Huge Security Gap

That is why it is ironic that few banks put effort into filing the one security hole that is still flapping wide open: credit reporting agencies' processes.

The worst sort of identity theft that could happen to an individual -- financially speaking, at least -- is the wholesale co-opting of a credit profile. An identity thief, armed with some basic knowledge about a person -- such as a social security number, previous addresses and mother's maiden name -- could set up accounts with credit card companies or specialty lenders.

There have been reports of people getting cosmetic surgery on someone else's dime, as well as auto loans and so forth.

Some innocent people have been arrested for identity thieves' crimes -- and even after numerous attempts, are unable to clear their records.

There have also been cases of near-tragedies, with patients being treated for conditions doctors erroneously thought they had -- or not treated for those they did have -- because of an identity thief. This is perhaps the biggest sleeper identity theft issue, because few people think about what is in their medical records.

Back to financial theft, though: The mother lode is an all-clear from one of the big three credit rating clearing houses.

Unfortunately, while they have improved security somewhat, there are still very large gaps -- so large, in fact, that they offer insurance to consumers against mistakes that they might make.

Equifax, for instance, will provide customers who sign up with an alert service with a notice in the event someone signs up for an account in their name.

But Freeze Credit? No Way!

Even though financial institutions and retailers may be on the hook for any fraudulent accounts, they do little to tighten the credit rating agencies' security processes.

Why? For the same reason that this group does not want to see any more states enact laws to allow people to freeze their credit. Too-stringent security policies will keep some consumers from -- gasp -- using their credit to run up even more bills.

Worst of all, there have been hints of federal legislation that could significantly water down tough provisions in some states, to the delight of retailers and financial institutions. This legislation has never gotten far -- and perhaps with a new Congress, it will remain forever dormant.

The case this group makes for its position is shameful: Consumers, they say, do not understand how difficult it can be to unfreeze credit. There would be tragic cases of people not being able to get new cell phone service or a 10 percent discount on a purchase -- all because their credit was frozen.

The rebuttal is obvious: Those consumers who go through the trouble of having their credit frozen realize all that. Also, by all accounts, it is fairly easy to unfreeze credit -- it just requires thinking ahead a few days.

Identity theft has become a serious problem affecting more than just our present finances. Consumers need much more protection than the laws currently allow.

What we don't need are institutions with big pockets lobbying Congress for legislation that strips away the few protections we now have. And worse, insisting it is for our own good.