How to alleviate the problem of identity and credit hacks?

Here is one proposal:

What if I told you that the credit rating companies already had a system to verify identities before opening new accounts — but, because this would be a minor inconvenience, and a drag on their profits, they only allow this status to last for 90 days for any given account unless a police report can be filed, and furthermore, while they may claim that they’ll do this, it’s not actually a legal requirement? From a Krebs on Security piece from 2015 (as ever, Krebs is two years ahead of the zeitgeist):

“With a fraud alert on your credit file, lenders or service providers should not grant credit in your name without first contacting you to obtain your approval — by phone or whatever other method you specify when you apply for the fraud alert … Fraud alerts only last for 90 days, although you can renew them as often as you like. More importantly, while lenders and service providers are supposed to seek and obtain your approval before granting credit in your name if you have a fraud alert on your file, they’re not legally required to do this.”

That’s right: a solution to the ongoing insane catastrophe which is the American credit system already exists. The infrastructure and process for it is already in place. But thanks to regulatory capture, an inability to understand the scale of data hacks that modern technology enables, or sheer incompetence, it only exists on a case-by-case, opt-in, short-term solution.

Obviously everybody should have this verification — “two-factor authentication,” if you will — turned on and kept on. This would not be a panacea, of course. Security hipsters will loudly protest that phones and email are terrible second authentication factors that no one should even consider using. Phone and email are not ideal, but the point is, universalizing this existing solution would hugely improve matters for a relatively trivial cost.

That is from Jon Evans.  I still would like to know what is the social cost of identity theft.  Furthermore, what is the cost of identity theft as a ratio of the cost of some people simply not paying borrowed money back?

Everyone is all a-flutter on this issue, and attacking Equifax, but I am looking for more reliable information before voicing an opinion.


Comments for this post are closed