Tuesday, September 25, 2007

Thy Brother's Keeper (And Thy Bank's, Too)

An ordinary person might find herself a bit annoyed to receive a form letter telling her she numbers among the 106,000 taxpayers whose personal information was on a laptop computer stolen from the state tax people. I, on the other hand, was ecstatic (sort of), since it gave me an excuse to write this story, which in turn was a bit of a rehash of a post I wrote last October explaining why identity-theft laws are bullshit.

Thy Brother's Keeper (And Thy Bank's, Too)
Protecting the assets of wealthy lending institutions is your personal responsibility. Seriously.
By Jennifer Abel

Thursday, September 27, 2007

Here's how the five stages of grief play out when you learn that your lucky self is at risk of identity theft because you're one of the 106,000 taxpayers whose names and social security numbers were on the laptop stolen from the Department of Revenue Services last month:

Denial: I don't believe this!
Anger: Dang government, always making innocent people miserable.
Bargaining: I'd give anything for competent leadership.
Depression: Yeah, right, that'll happen (sniffle).
Acceptance: I can't afford to move to Amsterdam.

Once you complete the final phase you can start taking steps to regain control of your destiny, by contacting either Equifax, TransUnion or Experian, the three credit-reporting agencies listed on the DRS letter, and telling it to put a credit alert on your accounts. Whichever agency you call is legally obligated to contact the other two on your behalf.

What's the benefit of a credit alert? According to a Sept. 14 press release from Attorney General Richard Blumenthal (who did not return our calls for this story), "Credit alerts require companies to make a good faith effort to verify the identity of anyone seeking credit or a loan. Alerts must be renewed every 90 days."

Envy me, reader, for the security that's temporarily mine: over the next three months minus the time it takes for this to get to print and thence to you, if anyone contacts the Gigantobank Corporation to say "Hi, I'm Jennifer and I'd like to take out several thousand dollars in high-interest, unsecured credit-card debt," Gigantobank has to make a good-faith effort to ensure it's actually me before burdening my credit record with a legal responsibility to pay them back this money.

This is a special privilege, not a default setting. After I activated it for myself by calling the first company listed on my DRS form letter, I made a few more phone calls in hopes of learning why anyone need bother with credit alerts anyway.

"Protect yourself from identity theft." That phrase, in quotation marks, yielded 141,000 hits in an online search. Take the quotes away and it's nearly two million. Who in America hasn't heard it at least that many times? It's a bona fide part of the zeitgeist. Yet the assumption behind it is false.

The classic identity theft scam works something like this: the thief manages to convince Gigantobank he's actually you, and borrows money in your name. It will be a very annoying and time-consuming process for you to straighten out the mess, but at least you're not liable for the money Gigantobank lost.

Read that last sentence again: it's not your money you're protecting. So how did it become your responsibility (or mine) to protect the assets of wealthy corporations which, in most cases, we've never even done a lick of business with?

The folks I spoke to said that expecting financial companies to make sure it's really you they're lending money to would bring the credit card industry to its knees, which would be an undesirable outcome.

Let's say you've just been informed of the presence of one or more previously unknown credit cards in your name. It's up to you to prove that it's not yours. No "innocent until proven guilty" assumptions apply. Why can't you just tell the company "I never borrowed this money, and if you think I did then prove it?" Why is the onus on you to prove your innocence?

"That's simple," said Jay Foley, executive director of the Identity Theft Resource Center. "The fact that your personal information was used to open the account."

But calling it my "personal" information sounds like a bit of a stretch these days, doesn't it? Given how commonplace identity theft cases and database security breaches are, it seems folly for credit-card companies and the like to continue pretending that on all God's earth, the only person who could possibly know my social security number and date of birth is me. My credit alert requires companies to make a good faith effort to ensure I'm responsible before loaning money in my name. Why isn't that standard practice?

Foley spoke for several paragraphs that boil down to: this would kill the credit industry as we know it. "If it fell to credit card companies to prove the individual opened the account ... if I walked into a Kmart, or a Wal-Mart, or a Sears," he'd no longer be able to apply for and receive on-the-spot credit.

Nessa Feddis, from the American Bankers Association, put it more succinctly. "If consumers were simply allowed to make the statement 'I owe you nothing' and avoid payment, all consumers could simply make the declaration and avoid paying legitimate debts."

Well, all consumers could certainly try that. But the assumption of innocence until guilt is proven hasn't prevented society from imprisoning criminals, most of whom vehemently deny having committed the crime for which they were convicted. It's up to the prosecution to prove guilt. Why isn't that the case with debts incurred via identity theft?

"Criminal transactions are far less frequent and presumably more serious than loan transactions," Feddis said. "Resolving every loan dispute would clog the courts and make loans far more expensive ... the burden of proof in a criminal case is stronger than in a civil case."

Speaking of civil cases, consider this: if a thief steals your identity, you are (at least) not required to pay the actual bills your identity thief rang up. But neither are you entitled to compensation for the dozens of hours you'll spend clearing up the mess. And if you're unfortunate enough to suffer additional financial consequences, like being denied a mortgage or even turned down for a job because of your unjustly low credit score, you can't sue for damages in a civil court. Why not?

"State laws often allow victims to get compensation from criminals," Feddis observed. "Whether the victim is entitled to compensation from others ... is a matter of state law and tort law. It is no different from any other case where someone incurs damages due to someone else's actions."

Oh, but it's very different from such cases. If I, as a private citizen, make an honest mistake that causes you to be rejected for a loan or denied a job, you can sue me for damages in civil court. But if you suffer this same consequence due to the honest mistake of a credit-card company or credit reporting agency, you have no legal recourse at all.

"Unfortunately, that's right," said Jay Foley. "As much as I hate to say that, that's true."


Anonymous A Moose said...

Hey, it's not up on the Advocate yet?

1:30 AM  
Blogger rhhardin said...

Tax 1040's used to come with your SS number right on the address label. Why? Because it didn't matter.

Banks used the ``know your customer'' rule. Otherwise they'd have gone broke.

Then credit rating agencies started ; and they couldn't know people. But people had unique, one-of-a-kind social security numbers. What a convenience for them! All they had to do to make money was use it in a database and sell it to banks. A new business model.

So that's what you're paying for, the viability of their business model.

Unfortunately, if anybody stops doing it, they lose business, unless everybody stops doing it. Because it is a really cheap way to do credit rating.

I'd go with DNA, myself. Spit on your application and send it in.

2:57 AM  
Anonymous smartass sob said...

I'd go with DNA, myself. Spit on your application and send it in.

Yeah, DNA sounds good, but I wouldn't use spit - I'd use something that rhymes with it.

3:54 AM  
Blogger Grant said...

For many years, my wife couldn't get a copy of her credit report "for security reasons." Her bank could get it -- but couldn't share it with her "for security reasons." I wrote to the state AG's office: No, they won't interfere with "security reasons." We finally got a sympathetic mortgage broker to (illegally) show it to us. No surprise: There wasn't a damned thing on it. That was one very, very secure blank piece of paper.

The whole notion that this is a transparent system where the consumer can control things is just that: Transparent. Transparent fiction.

4:22 AM  
Blogger Jennifer said...

It's up, Moose, but not on the main site; they've been starting to put new articles up on Tuesday nights, but don't really have to do it until Thursday morning.

4:45 AM  
Anonymous A Moose said...

It's up, Moose, but not on the main site

I know, I broke the new comment thread in. However, it's not up on the main page. Therefore, you might want to tell your editor that your loyal readers have noticed he has problems getting it up.

6:40 AM  
Anonymous NoStar said...


I sure am glad I wasn't drinking my coffee when I read about that editor's problem with ED.

9:07 AM  
Blogger Jennifer said...

Serendipity! I was just thinking "What can I do to make my bosses think I'm even crazier than they already suspect?"

9:53 AM  
Blogger Jennifer said...

By the way, the story's up on the main page of the Advocate, in case any of you wanted to put your comments on a site with more readers, several of whom happen to be my boss[es].

9:53 AM  
Anonymous A Moose said...

By the way, the story's up on the main page of the Advocate

In a fit of editorial competency that would make Bob Dole stand proud? Makes one wonder if the bosses read the blog site.

11:09 AM  
Blogger Jennifer said...

No no no, Moose. Glitches happen.

And I don't know if they do or not. I know at least one of them is aware of its existence and a link to it.

1:34 PM  
Blogger Jennifer said...

Grant, if you're still here, I forgot to ask: what the devil were the "security reasons" that kept your wife from seeing her own credit report? Was she in charge of buying secret poison capsule stashes for the CIA? I'm thinking "no," because that doesn't seem your type, but of course one can never assume anything.

2:30 PM  
Blogger Anne O'Neimaus said...

To End

what the devil were the "security reasons" that kept your wife from seeing her own credit report?

Grant may, of course, answer (far more accurately) for himself. However, note that being able/allowed to view your own credit report is a rather recent development. The Fair Credit Reporting Act of 2003 gave ordinary citizens the absolute right to obtain a copy of their current Credit Report from any of the "big three": Equifax, Experian, and TransUnion.

Prior to that, things were different. Since I have been actively aware of my Credit Rating (only a couple of decades), the rule (probably law, but I can't cite it) was that you were guaranteed a copy of your Credit Report on request, within one month of being denied credit. That was really the only way you could see it, as the Report was considered, and treated as, "trade secret" information by each of the Credit Reporting Bureaus.

While it may not have been actually "illegal" for someone to give you access to the information under other circumstances, it was most certainly in violation of the contractual terms by which they were granted access. Contracts with very powerful, deep-pocket, litigious corporations.

Again, I cannot cite any relevant regulations, but I think that the right to a copy of your Credit Report upon being denied credit is pretty recent, too - within my adult lifetime, anyway. Most probably sometime in the late '70s or early '80s, when the computerization and consolidation of records from the thousands of extant Credit Agencies started to occur.

Before that, since their inception in the early 1800s, Credit Agencies were essentially products of the "free market", and jealously protected their information from anyone not a paying customer with a contract and non-disclosure agreement.

To Top

1:26 PM  

Post a Comment

Links to this post:

Create a Link

<< Home

FREE hit counter and Internet traffic statistics from freestats.com