I’m having rebellious thoughts about credit rating agencies. Always one to play earnestly by the rules, I have always checked my credit report once in a while to see if any bad data had crept in. Perhaps someone was claiming to be me and running up debt someplace, right? Gotta keep on that.
But over the past few years I’ve watched Identity Theft blossom from a one-off done by drug-addicted grandkids to something that is as common as finding a picture of yourself on Facebook in someone else’s crowd shot. Other people can see you. You’re simply not invisible. So whose job is it to make sure that your identity isn’t being stolen? My suggestion: it’s not yours.
Credit agencies EXIST as a business model because lenders want a quick way to determine who is a good risk to loan to. If a stranger walks into a car show-room and wants to leave with a car, the car dealer wants to know how likely they are to pay for it. They check a few things: do they get mail at that address? Do they regularly open their mail? Do they pay the bills they find there? How long have they been doing this? Have they run up a bunch of debt quite recently? That’s all they can find out from a credit report. The credit agency doesn’t know how much money you make, or what your job is. You could be a drug dealer or a school teacher: they could look the same on a credit report. But lenders are happy to get what little data they can get to smooth out the trust issues.
Sadly, the database for the credit agencies is filling up with crappy data. If someone opens up a Victoria’s Secret card at a mall using your name and social security number, the data showing “you” don’t pay back your cards is faulty. It could be annoying for you if you’re trying to get 10% off at Target and want to open a card and you’re denied. But it’s ALSO annoying for Target, who turned away a perfectly good customer because they got faulty information. And the worse the database gets, the less useful it is as a business model. And that’s where we stand today: the credit agencies have you working FOR them, checking your reports, advising them when something needs cleaning. They even get you to pay $12/month for some sort of “credit lock”. Somehow they’ve turned maintaining the integrity of their database into something you’ll pay them to do.
But you can’t hold back this flood. You can’t save them.
Equifax exposed the data of 145.5 million Americans last year, roughly half the adults in the country. Google+ just revealed that personal information deemed “not public” for 500,000 was exposed and it’s too small a blip to care. I’m pretty sure (but can’t prove) that the Medicare office has been hacked, but maybe it’s just that every hospital has been, so all the medicare/social security numbers for elders are out there. Years ago the Dept. of Revenue for South Carolina was hacked, claiming the social security number of everyone who ever filed in (or was claimed as) a dependent in South Carolina. That’s everybody in the state, folks. The US Office of Personnel Management, the agency responsible for Human Resources for the U.S. Government (including security clearance information and fingerprints) was hacked two years ago, revealing incredibly secret data for up to 4.2 million Federal employees. Anthem Health Insurance’s hack got information on 80 million Americans.
Your information is OUT THERE. That barn door isn’t going to close.
How much do you care? Well, it depends how often you plan on borrowing from strangers. If you appreciate the ability to open up department store credit cards, you can stay on this task. If you find yourself financing cars at car dealerships, they probably will want credit scores for a while. But not if you finance cars through your credit union (especially if your paycheck is deposited there.) I hear people say that you can get lower rates for good credit scores on mortgages, but every time I’ve gone to get a mortgage (with stellar credit ratings) I’ve gotten the rate they published on the sheet. If there’s a better rate on offer, I’ve never figured out how to get it! (Please note that I’m a CPA: I think/hope I’d know how to get a better rate from a bank if it were possible.) My current thinking is that you can ignore the credit reports until and unless it’s a problem for you, THEN you can go tell them the data needs cleaning up. If you’re never going to get another car loan or mortgage again? You honestly don’t need to care if someone is trying to run up charges pretending to be you. That’s the lender’s fault for letting themselves be tricked.
Once in a while I hear stories about someone being sued for a bill they don’t owe. I totally agree that’s awful, and perhaps a credit lock would have helped, but the case I’m thinking about most recently wouldn’t have, as it was a utility company someone put in my friend’s name. My friend had to file a police report and basically try to file charges, but that was mainly because the utility company doesn’t want people to get out of bills. (This is an old scam, far pre-dating computer-based identity theft. It works like this: you give your adult child your name and social security information. The kid opens up a utility company account claiming to be you. You get the bill and claim it wasn’t you and decline to pay it. Having to file a police report prevents this because the police quickly realize it’s your kid.)
So let’s say someone is going around claiming to be Wendy Marsden. (There are, actually: have you ever googled your name? There are several people with mine.) What harm happens? Some vendors will loan her money thinking she’s me, they’ll come after me, I’ll explain that they ought to do a better job of knowing who they’re loaning money to. I’m not liable. I’m annoyed, but fine.
What happens if she stops in at my bank and claims to be Wendy Marsden and wants my money? (After all, she could deposit a check into her bank since her name is the same, right?) She’d have to forge my signature at a minimum, or know my PIN, or have my computer passwords and/or my phone. No custodian of assets will let someone get at the money without at least two levels of authentication. We all need to be VERY vigilent about protecting our passwords – unlike Kanye West who got shoulder-surfed yesterday by an entire nation (his iPhone passcode is 000000 in case you’re wondering.)
It’s October and I usually send around a reminder to people to check their credit reports, but this time I’m changing my tune. Check your two-factor authentication. Make sure no one can steal your MONEY. That’s attainable. You simply cannot keep people from pretending to be you if they want to try.