Lifelock CEO Todd Davis has plastered his social security number everywhere to demonstrate how well his company's identity theft services perform to keep client information secure.
Davis has had his identity stolen at least 13 times. So how's that working out for you, Todd?
It's working out so well for Lifelock's customers that the US Federal Trade Commission has fined Lifelock $12 million for deceptive advertising practices. But this isn't a rant about Lifelock, or aggressive marketing, or the FTC.
Why is identity theft such a problem that an entire industry has spun up to offer expensive, and mostly ineffective, protection from those seeking to impersonate you to obtain credit for fraudulent purposes? Because few in the consumer credit food chain care as long as it's you footing the bill to recover from identity theft.
Kevin Drum makes a pretty strong argument in his Mother Jones blog, comparing credit card fraud to actual credit fraud as a result of weak identity theft prevention measures:
Here's a data point to ponder. In 1968 Congress passed the Truth in Lending Act. Among other things, it capped consumer liability for lost credit cards at $50. Guess what happened? Since credit card companies were responsible for all the losses above that amount, they got very aggressive and very creative at figuring out ways to minimize fraud. They made it as convenient as possible to report a lost card. They provided merchants with loads of tools to identify lost cards. They developed computer algorithms to detect usage patterns so they could proactively shut down fraudulent use. They worked really, really hard on this stuff.
In a nutshell, we made banks responsible for the losses, and banks figured out ways to prevent losses. It was the wonder of free market capitalism at work.
It's a pretty basic risk model. Once the cost of the loss outpaces the cost of the controls, it makes good business sense to expend capital on countermeasures. Until then, it's simple math - the consumer pays the resultant credit fraud bill, while the entity erroneously granting credit to the fraudster acts as a disinterested spectator.
Drum's suggestion?
Now then, suppose credit issuers were responsible for the costs of identity theft? That is, if you're responsible for issuing a card or extending credit of any kind under false pretenses, you're responsible for the losses and you're responsible for cleaning up the mess. Period. No excuses, no safe harbors, no nothing. If you extend credit to someone named Kevin Drum with my Social Security number, and it turns out that it wasn't actually me you extended credit to, then it's your problem. You pay the charges, you cancel the cards, you clean up my credit report, you contact my bank, you do everything. The basic premise should be: it's your responsibility to make sure you're extending credit to the person you think you are. If you don't, it's your responsibility to fix the mess. And if you don't fix the mess, you'll be liable in court for substantial damages.
That sounds like quite the appealing consumer protection scenario. Why should I have any responsibility to ensure that credit I did not request or approve is granted, especially when there's no proof it was me to begin with?
It's become a lucrative business for the credit reporting agencies that they don't want to give it up. The buying and selling of my personal financial history for fun and profit essentially guarantees that people will end up with my information without having a legitimate reason to have it, and a percentage of that group will use it for nefarious purposes.
I don't have an issue with waiting a few days for a new car purchase, or to spin up a new charge card, if that gives prospective credit issuers amply opportunity to validate the key components that have been presented to obtain credit prior to actually issuing the credit. In fact, that's how it used to be, and that's how it should be again.
Until then, I'll continue to review my credit reports regularly and practice threatening those who seek to play loose with my identity. It might not be entirely effective, but at least it makes me feel good.
0 comments:
Post a Comment