Credit Reporting: Where Privacy Really Starts

There is no limit, it seems, to what the research anddevelopment banks and other financial institutions arewilling to spend to ensure that their customers’ moneyis safe. The latest twist? Biometric safeguards, suchas voice imprints or iris scans. To be sure, thistechnology already exists and is used in all sorts ofhigh-end applications. It is likely just amatter of time before it filters down to retail use.

Speaking as someone who couldn’t imagine life withoutonline banking, I applaud these efforts. I would liketo think that I could not fall for a phishing ruse orother such scam, but one never knows.

Indeed, banks gothrough a great deal of trouble to save customers fromthemselves, security-wise: A great deal of onlinethievery usually occurs precisely because of customerscrew-ups. Either they fall victim to phishingscams — and some of those cleverly disguised e-mails can look veryauthentic — or their computers are not secure.

Paying When They Don’t Have To

Even when a customer is at fault, banks knowtheir reputation is on the line — not to mention thesuccess or failure of online banking — if a victim of cyber theft isnot compensated for the loss. If enough people losefaith in this channel, banks won’t realize theirexpected return on investment for their online services.

Unlike other products that a bank may roll out — say, low three-month savings account rates to entice customers to check out other products — banks really do want customers to actually use online banking.

To forestall a loss of confidence, banks and otherfinancial institutions — online brokerages forinstance — tend to replace stolen funds even insituations when they are not required to do so by statute.(Recently there have been reported cases of onlinebrokerages replacing tens of thousands of dollarsmissing from accounts due to fraud. The brokeragesinsist their security measures were not to blame.)

Considering that the financial services industry tends to resist laws or newregulations — whether a requirement toadvertise loans using a standard APR or a mandate to invest inlow-income neighborhoods — voluntary compliance with anemerging practice says a lot about its current mindset.

A Huge Security Gap

That is why it is ironic that few banks put effortinto filing the one security hole that is stillflapping wide open: credit reporting agencies’processes.

The worst sort of identity theft that could happen toan individual — financially speaking, at least — is thewholesale co-opting of a credit profile. Anidentity thief, armed with some basic knowledge abouta person — such as a social security number, previousaddresses and mother’s maiden name — could set upaccounts with credit card companies or specialty lenders.

There have been reports of people getting cosmeticsurgery on someone else’s dime, as well as auto loans and so forth.

Some innocent people have been arrested for identitythieves’ crimes — and even after numerous attempts, are unable to cleartheir records.

There have also been cases of near-tragedies, with patients being treated for conditions doctors erroneously thought they had — or not treated for those they did have — because of anidentity thief. This is perhaps the biggest sleeperidentity theft issue, because few people think about what isin their medical records.

Back to financial theft, though: The mother lode is anall-clear from one of the big three credit ratingclearing houses.

Unfortunately, while they haveimproved security somewhat, there are still very largegaps — so large, in fact, that they offer insurance toconsumers against mistakes that they might make.

Equifax, for instance, will provide customers who signup with an alert service with a notice in the event someone signs upfor an account in their name.

But Freeze Credit? No Way!

Even though financial institutions and retailers maybe on the hook for any fraudulent accounts, they dolittle to tighten the credit rating agencies’ securityprocesses.

Why? For the same reason that this groupdoes not want to see any more states enact laws toallow people to freeze their credit. Too-stringentsecurity policies will keep some consumers from — gasp –using their credit to run up even more bills.

Worst of all, there have been hints of federal legislationthat could significantly water down tough provisionsin some states, to the delight of retailers andfinancial institutions. This legislation has nevergotten far — and perhaps with a new Congress, it willremain forever dormant.

The case this group makes for its position isshameful: Consumers, they say, do not understand howdifficult it can be to unfreeze credit. There would betragic cases of people not being able to get new cell phoneservice or a 10 percent discount on a purchase — all because their credit was frozen.

The rebuttal is obvious: Those consumers who gothrough the trouble of having their credit frozenrealize all that. Also, by all accounts, it is fairlyeasy to unfreeze credit — it just requires thinkingahead a few days.

Identity theft has become a serious problem affectingmore than just our present finances. Consumers need muchmore protection than the laws currently allow.

Whatwe don’t need are institutions with big pocketslobbying Congress for legislation that strips away thefew protections we now have. And worse, insisting it is forour own good.