In September 2017, Equifax announced that the information of 143 million of Americans had been hacked. This was just one of the latest companies to be compromised, joining Yahoo’s 1 billion accounts, JPMorgan’s 83 million accounts, and Target’s 40 million accounts hacked, among others.
What made this hack very concerning was the fact that Equifax is one of the largest consumer reporting agencies that collects our very personal and actionable information, including our names, birthdates, social security numbers, addresses, personal finances, credit card numbers, student loans, insurance of choice, rent payments, and others, without us knowing or giving consent, into a centralized database. 143 million accounts (60% of all adults in US) have been compromised. Our data, which we never offered or given permission to be collected and used, has been made available to malicious strangers. This is a very important topic.
The Fair Credit Reporting Act (FCRA), a law that was last updated in 1970 currently governs Equifax and the other credit reporting agencies. Since then, there hasn’t been any changes or updates, except in 2010, when Congress created the Consumer Financial Protection Bureau (CFPB) as the first federal agency with authority to examine and regulate consumer reporting agencies. While this was a much-needed addition, it does not provide the necessary requirements to keep our data safe.
Credit bureaus are treated much more loosely than banks, as they do not have the same regulatory oversight and do not have regular security audits. In the event of data breaches, such as Equifax’s, there is no specific federal entity designated to investigate the breach.
In response this tragedy, Rep. Maxine Waters has introduced the Comprehensive Consumer Credit Reporting Reform Act of 2017, which intends to be a complete overhaul the country’s credit reporting system. Among others, it plans to change the dispute process, switching the responsibility of proving accuracy of information from consumers to credit bureaus, restore the affected credit of victims of predatory activities and unfair practices, restrict the use of credit information for employment, rehabilitate the credit standing of struggling private education loan borrowers and limit the amount of time negative information can stay on a credit report.
The proposed changes of this act could positively impact consumers, but they do not specifically address the cybersecurity problem. This act does not provide a specific solution to preventing data breaches and protecting consumers’ information from hackers.
This is a new world defined by ubiquitous, overpowering cyberattacks that render all current cybersecurity systems inadequate and lacking. For the time being, unfortunately, it seems that there isn’t a hack proof solution of storing our data. So, if we cannot control who sees our data, we must at least be able to control, and limit the use of our data.
The best bet is to provide each individual person with their own ability to monitor and control access to their credit information. Regulators must require credit reporting agencies to provide free credit freezes to all people.
A credit freeze is a process that allows you to automatically block anyone from checking your credit, making it impossible for impersonators to open any line of credit under your name. If your credit has a freeze on it, you’ll be notified if someone even attempts to open a line of credit using your information. In the same way you have a 2-factor verification system for your email or cryptocurrency accounts, credit freezes can provide added security layers that consumers can monitor and control individually.
This way, you can keep your credit info in “dark mode”, and only open access to your credit in the exact instant you are applying for a loan, or do any other activity requiring access to your credit score. As soon as you were approved/denied, you can freeze your credit again.
Currently, credit freezes cost $20 each time you initiate it. And because you most likely must initiate a credit freeze for each of the big three credit reporting agencies (Equifax, Experian, and TransUnion), this cost adds up to $60 per credit freeze. Even more, there are hundreds other smaller credit reporting agencies, so this process can get rather complicated and tedious. New legislation needs to require this credit freeze process to be available, and preferably free (or much lower cost) for the consumer across all agencies.
This is a tremendous opportunity for the private sector to provide a much-needed solution: create a platform or application which connects with all credit agencies and offers consumers instant and painless options to take control over their data. Instead of logging on to multiple credit agencies websites each time they wish to freeze/unfreeze their credit profile, there should be a simple application that communicates with all credit agencies (or separate ones – depending on the consumers’ preference) and is able to freeze/unfreeze credit profiles with the simple push of a button.
This collaboration between the government and private sector must have the chief purpose of allowing individual consumers to control their own use of their credit profile, in the hopes of enhancing security. By definition, it is much more complicated, discouraging and fruitless for hackers to try to break into 143 million individual accounts, than it is breaking into one database holding 143 million accounts. As our banking and financial system is changing to provide consumers with more freedom over their money, perhaps it is time for the credit reporting agencies to do so as well.
Since the credit bureaus and regulatory organizations cannot protect our credit data, it is time to let the private market and individual consumers provide a smarter solution.