|
|
|
|
| The Basics | 7 ways Congress can battle identity theft
|
It's time to turn up the heat on U.S. lawmakers to take action against identity theft. Why? Because millions, including you and me, are at risk.
By Liz Pulliam Weston
How many more times do we have to hear about the theft or "loss" of crucial financial data -- like the recent disappearance of 3.9 million consumers' financial records from Citigroup -- before lawmakers take action?
So far, Congress hasn't had the will to enact laws that make identity theft more difficult and less profitable, but the recent rash of disclosures is putting more pressure on lawmakers to create real solutions to the epidemic.
Let's turn up the heat a little more, I say. Here's what I think Congress should do to bring the identity theft problem under control:
Allow consumers to freeze their credit. There's one nearly foolproof way to prevent a thief from opening credit accounts in your name, and that's by "freezing," or locking up, your credit report.
Unlike a "fraud alert," which is simply a flag to potential lenders that you've been an identity-theft victim, a freeze actually prevents credit bureaus from releasing your credit report without your express authorization. To get a loan, you'd need to "unlock" the freeze with a personal identification number.
This option is so far available in just a few states -- California, Texas and Louisiana -- but more than a dozen other states are considering it, said Bob Sullivan, MSNBC technology reporter and author of "Evil Twin: Behind the Identity Theft Epidemic." Making the option available nationwide could help bring peace of mind to the 10 million people victimized by identity theft each year, not to mention the millions more who live in fear of their good names being ruined.
A side benefit: You could cut waaaaay down on the credit-card solicitations you'd receive if lenders couldn't prescreen your credit.
Require public disclosure of all incidents that compromise consumer data. You know all those security breaches you've been hearing about lately at ChoicePoint, LexisNexis, Bank of America, Citigroup and other companies? Chances are pretty good those incidents would never have been made public had it not been for an innovative California law that forces companies to disclose to consumers when their personal information has been lost or stolen.
California's law technically applies only to breaches that affect state residents, but its impact clearly has been national. (ChoicePoint, which initially notified only Golden State consumers, quickly learned that was really, really bad public relations and ended up informing the rest of the 145,000 people whose data was stolen.)
Make "opt in" the rule. States that adopted "opt in" rules have shown that we can give consumers control of their own data without killing commerce. If companies aren't allowed to share or sell data without consumer consent, then a lot less of our personal information will be floating around in databases. The fewer the databases that have it, the fewer the opportunities for thieves to get at it.
Related ID-theft articles on MSN Money
Require that sensitive financial data be encrypted. This wouldn't have prevented the ChoicePoint incursions, where thieves pretended to be legitimate businesses to gain access to consumer's data. But it would have made Citigroup's missing data tapes, which were lost en route to a credit bureau, a lot less useful to whomever got them. It also might reduce the number of low-level employees able to steal information from their companies. (Workers at Wachovia and Bank of America were allegedly recruited to tap the banks' databases for a collections agency.)
Take the profit out of credit monitoring. Getting free access to your credit reports once a year isn't nearly enough. Given the current rate of identity theft, consumers need to monitor their credit much more closely than that. Viewing your reports frequently won't help you prevent identity theft, but vigilance can help you spot it in time to contain the damage.
Consumers typically have to pay more than $100 a year for credit monitoring services. Rather than let bureaus profit from the problem they helped create, let's have Congress force them to allow consumers unlimited access to their own data.
Compensate consumers for identity theft. I've been on my soapbox before about how lenders are aiding and abetting identity theft with their sloppy lending practices (read "Blame lenders, not thieves, for identity theft"). Credit issuers have been known to open accounts when the thief listed a phony address, misspelled the victim's name and even got a digit or two wrong in the Social Security number.
Consumers, though, usually have a tough time suing lenders over identity theft because the victims often can't show substantial financial harm, said Beth Givens, head of the Privacy Rights Clearinghouse. Most identity-theft victims pay little out of pocket, since lenders typically absorb the losses (and get a tax write-off for their trouble) as part of doing business. The lenders' rationale is that they profit far more from legitimate accounts than they'll suffer financially from the few fraudulent ones.
The real cost to the consumer is in the hours and hours it takes to clear up a credit report after an identity theft -- and then to clear it up again, and maybe again, when the bad information gets re-reported. In order to compensate ID theft victims for their time and shift the cost of sloppy lending practices back to lenders, Congress should mandate payments to victims -- say, $1,000 a pop. That might be what it takes to force lenders to take a minute or two extra to verify an identity.
Make reporting false information to credit bureaus a real crime. OK, this idea is in the when-pigs-fly category, but technology author Simson Garfinkel promises it would bring a crashing halt to the identity theft problem in the U.S.
Allow actual criminal prosecutions of lenders that showed a pattern of granting credit to imposters and then reporting the subsequent delinquencies and charge-offs to the credit bureaus. Congress would have to establish what constitutes "criminal negligence" by a lender, but obvious red flags would include:- Granting credit when there's a fraud alert on a consumer's credit report without first contacting the consumer to verify the application is legitimate.
- Granting credit when the application shows a different address than what's listed at the credit bureaus, unless an applicant presents positive identification (like a driver's license).
By making it a crime, Congress could turn loose any number of hot-shot assistant district attorneys or state attorneys general who wanted to make a name for themselves. Think of it: Dozens and dozens of Eliot Spitzer wannabes taking on the lending industry!
"It'll never happen," said Garfinkel, author of "Database Nation: The Death of Privacy in the 21st Century." "But wouldn't it be great?"
Liz Pulliam Weston's column appears every Monday and Thursday, exclusively on MSN Money. She also answers reader questions in the Your Money message board.
|
|
|
|
