Hacker News new | past | comments | ask | show | jobs | submit login
Equifax Breach Fallout: Your Salary History (krebsonsecurity.com)
340 points by ilamont on Oct 9, 2017 | hide | past | favorite | 126 comments

> The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

It sounds like companies can easily use this to collude against employee wages and benefits.

Yeah, that is pretty crazy. The ball is usually already firmly in the employer's court. This kind of information greatly diminishes the already most-diminished's bargaining power.

And how does this further complicate the gender inequality issues, in terms of salary negotiations?

A common tactic is, if a company knows what you're making, they'll try to hold your earnings as close as possible to something only slightly better than any potential raise you'd be entitled to at your current employer, and you'll get the same tactic from multiple potential employers.

If you're only entitled to a 3% raise, organizations with access to this information might only ever offer 5%, and refuse to go higher.

With this information in the picture, lower salaries mysteriously stay low, even for some lateral moves, depending on who you are and what they can dig up on you.

Past pay is not directly a significant issue. It's just a question of getting competing offers.

The real issue is some people suck at negotiation and past salaries will tell companies that.

If some people 'suck' at negotiating then that must mean there are others who are 'better' at negotiating

If I have a guardian who pays my rent so that i can take 6months to high ball offers to finally find a job that will pay me a high wage does that mean I'm 'better' at negotiating?

Try not to think in the very short term. Finding a job at ~70% of the going rate for your field is not that hard.

Now at 70% a 10% raise might not seem like a huge deal as your still under market, but it only takes 7 of those to double your salary. And a 15-20% pay raise to jump to the next job is hardly unreasonable. Do those every ~3 years and you will massive difference inside a decade.

Remember, the median salary is just that people really do get paid more than it.

What stops you from taking the first job you find, and then spending 6 months while working looking for better jobs?

It hardly is THAT hard to get some competing offers. And if you can't be bothered, I guess you don't really want it anyway?

> What stops [someone]..

Interviews scheduled during work hours, already working multiple jobs, burnout, lack of openings in your field

> It hardly is THAT hard to get some competing offers. And if you can't be bothered, I guess you don't really want it anyway?

This sentiment signals bias

Competing offers? For what? Serving coffee? Washing dishes? DBA? CTO?

If you offer anyone with a job more money my guess is 100% would take the extra cash, so just because they fail to find, or look, for more cash how does it imply they 'don't really want it anyway'?

> This sentiment signals bias

While your sentiments are presumably bias-free?

I think everyone has bias, but I do think issues can be discussed without letting your biases supplant reason

What I meant by signalling bias was I felt the gp was allowing bias about the issue cloud reasoning as to the nuance of the issue

If my comment seemed to imply that I deny nuance then I failed to communicate my point

Which was: sometimes pay is a result of other factors other than either a want or pure negotiation

> Which was: sometimes pay is a result of other factors other than either a want or pure negotiation

Thanks, I think that's a much better criticism of the original argument

Starting anything new is a drain on resources. Someone with time to focus on interviewing is bound to be better than someone with a new job they need to figure out. After all, it usually takes a few months to get anyone up to speed in a job, and this is assuming they're giving lots of effort.

For existing jobs? Inertia is probably a factor there, as well as fear of the unknown. When you've got something to loose it's different than having nothing to loose.

> Someone with time to focus on interviewing is bound to be better than someone with a new job they need to figure out

In my experience, that is not how it plays out.

Candidate A is living at home with his parents in some kind of GP paradise, able to give 100% of his time to interviewing.

Candidate B is working a stable but not fulfilling job, and interviewing on his lunch break / evening / morning to make it work.

Candidate B is going to be perceived as the higher value candidate, and all else being equal get more offers. Some of this is a value bias. You interview A and go "wow, he's not working now, I wonder what is wrong with him?"... you interview B and go "wow, he is a stable guy that can hold a job, he seems a slightly better fit".

Thinking that interviewing is some kind of magic trivia question that you need to devote full time study to is silly. Perhaps some jobs are like that, but I am not sure I would want to work there.

Idk why you are getting downvoted, because you are obviously right.

I think some people want to be outraged.

Any suggestions on how to bypass the question of past/expected comp then?

In some cases, it is explicitly stated by the prospective employer that any refusal of requested information (or providing false information) will be met with a rejection letter.

I have been on interviews where this is part of a boiler plate release/waiver for a background check, prior to receiving an offer letter, and on the same form, you are made to list prior employers, and fill in the salary box for each.

And if you don't like it, good luck taking legal action, right? Whether something is legal or illegal, most people lack the resources to even entertain the idea of challenging legality.

The only path that seems to effectively buffer this practice is working with recruiting agencies, which do a better job of negotiating, but do still collect this information. And although recruiters might only be capable of telling you whether you have real leverage for your salary demands, whether the recruiter is being paid by you or the employer is a clue as to who they're working for.

Hint: if you aren't paying them out of pocket, recruiters aren't actually working for you, even if they seem really pleasant.

I wouldn't paint so broad a brush with your "only path" argument; I've never listed my salaries, and have always negotiated my own (even when connected to jobs via a recruiter).

Then again, I'm fortunate to have highly sought skills and years of experience, but I wouldn't go so far as to say that's the only way to get fair pay.

Edit: I should point out that I'm not making anything to brag about by silicon valley standards, but I also live somewhere with much, much lower cost of living and salaries in general, and make the high end of what's common out here.

My offer letter says that I'm legally forbidden from disclosing the terms of my compensation. You should just fill in the salary boxes that you are under a legal obligation not to do so.

In California, you are legally allowed to share your salary. I would just not accept a job where they ask my salary, if I can create a big enough market where I can make that decision.

1. Say that your past contracts forbid it

2. Make up a figure -- you have a lot of leeway to do so truthfully by adding or not adding various benefits to the number you state.

Is this actually true though?

Lenders want to "verify employment" and I can imagine a service where big employers report who is working for them to an agency, allowing lenders to query the agency to check employment.

What I doubt is that employers report salary data to Equifax. I'm an employer and I've never heard of this. I'm good friends with (well...married to) someone who worked in this field and tells me it is highly illegal to divulge non-anonymized salary data to any entity other than the IRS.

I've been trained how to answer calls from lenders asking about our employees (I can answer "yes that person works for us", and provide no other information, period).

The idea that Equifax built a giant database of everyone's salary data is completely at odds with everything I've ever heard as a person running a business with employees.

Also...if they had this data why am I always asked to provide my salary on loan applications?

In California, background verification includes salary history and included in a subsequent disclosure packet that's mailed to prospects.

Maybe it's time to just make tax returns (and therefore salaries) part of the public record.

I think that transparency could make for a more fair process and also level negotiation since the compensation would then be about the role and how good someone is actually rated, rather than about how much they happened to have been paid in the past or how good they are about lying about it.

It'd be great to read the arguments against making them public. There's good reasons why we should make them public available here: http://www.nytimes.com/2010/02/14/business/yourtaxes/14discl...

Secrecy is good in many places, but I can't think of why it is good for tax returns, asides from perhaps allowing criminals to more easily target those with high incomes?

Public tax returns would make it much easier for people to put pressure on others working toward financial independence.

In some poor communities, there's a strong ethic of sharing good fortune. That's good in many ways, but also makes it hard to climb out of poverty. More generally, lots of people have unbounded spending habits, and some will put a lot of pressure on friends/family if they find out they have any savings.

For what it is worth, every time I hear the phrase "working toward financial independence", it sounds like Newspeak to me. Let's call it what it is: almost everyone wants to make money because satisfying our various needs is part of the human condition.

Or it could mean "having made and then saved enough to make one's own way in a capitalistic economy instead of being at the behest of employers."

I think the phrase "financial independence" has a lot to offer as a description of a mode of living that poor communities generally do not display. A lot of poor people spend a sort of weighted average of the earnings of their family group -- if your personal income happens to be down right now, you can borrow money from someone who's having an up period. This is what winston_smith is referring to when he says "in some poor communities, there's a strong ethic of sharing good fortune", and it's a different concept than "money is good".

I've worked in the public sector, where salaries and benefits are public record. It's all on the website of several different media organizations. I can think of no harm that has resulted.

The downside in the private sector is that employees will find out how much they are getting screwed around with. Double downside when those employees figure out why.

Personal privacy? An interested party could learn a lot about someone from deductions: marital status, children, charitable contributions, etc. Not to mention income, which people have a variety of reasons for not sharing. Considering how many databases my face is probably linked to now and how good facial recognition technology is becoming, I'm not keen on tax records becoming another set of labels some real-time smart camera can attach to me walking down the street.

How about start-ups? If employers have access to your salary history in terms of a taxable compensation number but no access to information on what your options were this seems to suggest that employers will discriminate against start-up workers who traded off compensation, since their automated HR look-up would be unwilling to give someone the big raise related to not having equity and working in big corp.

I've never had stock options to list; wouldn't those also be assets you need to declare on taxes?

Only when you exercise the options.

OTOH job-seekers would know what current employees at the company make and demand similar compensation.

Same reason why I have an opaque fence instead of a transparent one.

I prefer for every random passerby to know full details of everything I do.

I think you missed a negation

I just froze my family's credit reports with all three credit reporting agencies ... I wonder whether that blocks employers from this info as well, I imagine it's a completely separate service though.

There's a fourth as I've learned through this fiasco. Worth freezing: Innovis

Which, as I discovered today, is a massive PITA. A letter arrived in the mail saying the freeze won't be effective until I mail them a copy of my photo ID.

want to get rich fast... start a new credit reporting agency that just does a 'sed' on one of the big three reports and feeds it to you as their report... put a big warning on the home page that folks should freeze their report from your CRA for just $5.00. Watch the money roll in. Lather. Rinse. Repeat.

This is why you never agree to a background/credit check from an employer unless you have an offer – with a number – in hand.

As a business owner I have had to run background checks on prospective employees (because contracts with our clients required it). In no case were we given this kind of information.

So when can we file a class action lawsuit?

You’ll be better off taking them to small claims court.

I hope all the hacked data gets open-sourced. Maybe then we'll have some serious reform. This is ridiculous. What is it going to take to get Congress to actually do something? In the meantime, my strategy is to keep my credit score bad.

Congress does plenty...

..to allow these corporations to continue to make money at our expense.

Indeed. Though I guess the plans are at least delayed for now, if not abandoned.


Considering the $7.2 million contract the IRS just awarded Equifax in a no contest bid, I think we're definitely getting close!


If you have a better way to ensure knowledge based authentication continuity for all online IRS transactions until they switch providers, I'd love to hear it.

Here's one: don't do KBA, since that is an open door to fraud.

How about mandatory 2FA rfid token implants, then we can put this SSN business behind us.

You can't really mandate implants. Well, you could but that's how you get open revolution in the streets.

Luckily we already have 2fa implants. They're called retinas or fingerprints, to be used in conjunction with passwords.

What you have, what you know, what you are. Those are the three factors. Passwords and fingerprints are two of them.

No actually those don't work for the same reason that SSNs don't work.

You need the ability to change out your password or 2fa if it gets compromised. You can't change your fingerprints or retinas.

Then I don't think you understand the various "factors" of security. I'd advise you to re-read the last line of my post that you replied to where I explained them. "What you are" is a completely valid factor for 2fa, when combined with either "what you have" (a token) or "what you know" (a password).

People need to stop complaining about biometric security if they don't understand the basic concepts of security in the first place. Re-read my first post and this one, and if you're still confused, look into factors of security. Hopefully you can stop parroting this nonsense that fingerprints are not a valid factor in 2fa.

I'm not sure I'd generally refer to those as implants, but point taken.

The IRS could just do automatic tax filing and we'd only file if we'd want to have them take something in account that they haven't. They already have all of this data, but companies that file taxes actively bribe congress.

The first step would be open bidding to determine who is able to provide what.

That's not how business continuity works. You don't just pull the plug on your vendor when its a critical component of your business (or in this case, a public service).

What are you going to do if you have a dispute with your payment processor? Just stop processing payments while you switch providers? Its like no one here has run a legitimate business before.

I think a dispute with a payment processor is an issue on a little different scale than the leak of every American's credit history and PII.

Regardless of what the options are, it's a colossal PR misstep that deserved a much more thorough explanation from the IRS than "they're the only ones who can provide this service that we can't readily explain".

It's offensive that I have to go jump through hoops, set security questions and a secret pin just so I can secure my own salary information.

Is it too much to dream that Equifax should be legally obligated to provide, at the bare minimum, a way to easily secure this sensitive information?

If I were a hiring manager or in HR this would be a goldmine for verifying candidates' salaries and work histories, and gaining the advantage in any salary negotiation.

I understand that every time I've applied for credit, I gave permission for those organizations to share my information with third parties.

But why can Equifax just go ahead and store and share my information in perpetuity, with no explicit grant of permission from me, or EU-style GDPR to guarantee my right to evict my information from their database?

Why doesn't Equifax have to ask for my permission before _they_ can forward my information that was shared with them to additional third parties? The bank had to ask for permission, so why doesn't Equifax?

Is it because I am really the product and not the customer? I just can't accept that!

1. I've only ever given my SSN to a company in the same packet of information that contained my signed offer letter, so we'd be far past negotiations at that point. If you're worried about them going back and verifying what you said you made, well, you shouldn't be lying about that anyway.

2. I'd hope that people might hesitate a little bit before committing acts of identity fraud on an institutional scale.

1 - It depends on the company. I've had some companies ask for my SSN when visiting for an on-site interview, and others that don't ask for it until I've signed an offer.

2 - Will it save the company more money than the potential cost of lawsuits? Is it provably fraud? I'd argue that there is value in knowing for certain that an applicant made $x amount of total compensation in salary, benefits and equity. Having a precise dollar amount could let you implement all sorts of ways to optimize the compensation packages you offer for different employees.

For instance you could check an applicants past three jobs and get the average compensation % increase between each. You could use this to get a well-modeled idea of the minimum you need to offer them based on past trends in order to hire them.

Is this illegal? It should be, but the job market didn't anticipate the Equifax breach. There may not be laws that specifically prohibit this.

> If you're worried about them going back and verifying what you said you made, well, you shouldn't be lying about that anyway.

I get why it's important to tell the truth to e.g. a lender during a mortgage application.

Why should a prospective employer deserve this information?

Paychecks don't always correlate to other compensation considerations, such as stock options, extra vacation, higher 401k match, higher health insurance contribution, etc, that are often negotiated.

I didn't know this existed at all. I thought they just made phone calls to your previous employer and asked. Are we allowed to see what's in it? I mean normally, not just when there's a data breach (and it looks like they shut it all down right now).

Because when you get asked this on an interview, what's the "right" answer? There's base pay, bonuses, 401k match, all kinds of stuff. So the "right" answer is up in the cloud somewhere, I can't see it, but I'm being turned down for jobs when my answer doesn't match the mystery number?

This makes an already asymmetrical negotiation even tougher. There are two other credit bureaus that ostensibly do the same exact thing, so even though Equihax has shut this down for now, it doesn't mean that it isn't still occurring.

All we need now is a 23AndMe breach, and we'll be fast-tracked to the GATTACA timeline!

No need for a 23AndMe breach. They can just collect your fallen hair after your interview ;)

Yes, you are allowed to see what's in it. I remember checking my salary history a year ago. I was surprised at how detailed it was.

How did you do it?

Have you ever logged into Credit Karma? I wholehearty recommend it just to see how much information they are pulling, fully automatic up to seven days ago.

Its not only my salary month by month, but also all my bank accounts, all credit card account all with amount I owe, amounts and history I paid, everything! Full front-face info, straight from credit reporting bureaus! :|

Credit Karma only shows credit accounts (credit cards, phone and internet bills,etc.) It does not include bank accounts (savings or chequing) nor salary information. But I am in Canada, maybe things are different in the States.

They aren't, the post you're replying to is inaccurate.

Where does Credit Karma show your salary information?

Is it possible Credit Karma shows self-reported "monthly income" statements you have made when applying for credit?

Damn credit karma shows you all that? I don't think I've seen any place where it says how much I've paid for CCs or my bank accounts or my salary (not sure if that's just because it's self-employed/freelance income).

Its funny how people downvote without checking.

Yes I can see every month how much I owe and how much I paid back. Month after month history. I sure also see my checking and savings accounts, from every bank (currently 2), with up to date (well, 7 days ago) status on how much money I have there. I don't know what else I can say? Screenshoots - no thank you.

I have checked, and you're spreading misinformation.

If you have checking accounts on there it's because you specifically added / linked them into their system, having bank accounts on there isn't a default.

You have to go under "Track Spending" and manually add the accounts, including entering in the Username and Passwords for them.


You have paid membership account, yes?

What does your question mean? What paid membership?

So you added your own stuff? Then you're just talking about a system that is available in tons of services. Not a big deal. Nothing to do with credit bureaus.

> As part of our ongoing commitment to performance, reliability and security, Equifax Workforce Solutions will be servicing The Work Number starting Sunday, October 8, 2017. This will result in temporary service interruptions; if you have received this notice please call our service center at 866-222-5880 to complete your transaction. We apologize for any inconvenience this may cause.

Convenient that Equifax is doing "maintenance" on this page after Krebs posted his article...

If I can't find my employer, does it mean I'm not affected?

Thanks, but despite the page loading this doesn't seem to be working. I found my employer and even after clicking the radio button for the result, it then tells me that code is not found, which makes no sense, obviously, unless they have disabled it without putting up the maintenance page.

Still works for me. Whenever I search for a company name ti returns a list of employers in this format:

XXXXX Company Name

I guess the first five digits is the code.

I mean I'm as upset about the breech as anyone but would you rather they not fix it? You can't complain when something gets hacked and then turn around and complain when they fix it.

couple of thoughts:

1) If the value of the individual damages related to this breach are in excess of the market cap of the equifax company, all company stock should be seized and distributed equally among those affected by the breach.

2) In the future, if a company controls this amount of sensitive data, they should have mandatory breach insurance. This means that they are covered for a government mandated amount based on the legal liability if all their data was lost. This will mean that the insurers will do in-depth audits of the data security of the company, and they will be incentivized year-to-year to ensure their security practices are top notch. The present system incentivizes each CEO to have a head-in-the-sand approach to data security where a hack is considered a long-tail event unlikely to happen during the ceo's 3-5 year tenure and therefore is not really worth paying attention to. In addition, it would ensure that if the potential damage done if data is leaked far exceeds the value of the business storing the data, the insurance will be prohibitively expensive and the company will not be able to continue with this line of business - as it should be.

Is it legal for employers to provide salary data on particular employees without permission?

Under FCRA, your employer or potential employer must get permission from you before performing any credit report (which includes a salary report).

>You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.ftc.gov/credit.


Page 13-14 of the 20 page employment contract you skimmed.

And if you don't agree, you don't get hired.

I think they were asking the opposite. If there were protections preventing that data from being given to the reporting companies in the first place.

I went looking to create an account for employment verification at Equifax about a week ago. It was via different channel that this Krebs one, where you go to the product page and can sign up for a one time check for around $40 IIRC. And it does require you to affirm you have permission from the employee before getting their data. How they verify that is beyond me.

I would love to know if there is a way to see what data is held on me, and who has requested it.

> How they verify that is beyond me.

They don't. It's essentially an indemnification clause that they can point to as a copout if their service gets abused and a victim of that abuse comes looking.

"They said they had permission. We're just an innocent third party that they lied to. Go take it up with them." more or less

Why are these people still in business?

"Still in business"? Hell, not only that, their stock continues to go up after bouncing off what appears to be the bottom. Which makes me torn, because despite wanting very much to see Equifax and those of their ilk go out of business, I have a bunch of call options I bought when it looked like low 90s was about as low as they were going to go. I still hold those options (though they're set to expire in about two weeks).

You see, once EFX bounced off its low, I thought I'd catch a "dead cat bounce" with some call options I'd hold for a week and make a few bucks. It's a proven strategy for me, find a company with a scandal, wait a week for it to blow over, make a quick and small profit when it bounces back up. Then unload, because it won't last. Worked for me with United Airlines as one example. But EFX just keeps going up...and up, and I have no idea why. They were always a horrible, if profitable, company. But the Equifax problem isn't even remotely close to being resolved, and yet at the rate it's going it'll be back to pre-scandal prices before long. (Note that I don't believe it will get back to those prices any time soon, but it's trending that way.)

So to answer your question: I don't have a good answer. The almighty market seems to think things aren't all that bad, despite the masses of unpopular sentiment. My best guess is that there are a lot of fingers in that pie (this article being but one example) that don't want to see their source of data disappear. Still can't figure out why that's driving the stock price up, though.

I call those BP oil spill trades. Starts with a surprise events that is seemingly catastrophic. If real consequences require special government action -- the consequences will be underwhelming and easily mitigable. If you believe there's no ethical consumption under capitalism, there's no problem profiting off this effect!

See: BP oil spill, HSBC money laundering scandal, Wells Fargo fraudulent account scandal, Equifax data leak, United Airlines beating up a passenger... I know I'm forgetting some.

I'm pretty sure you could beat the yearly S&P's performance in a single trade for any of those events.

Apple having to delay a new iphone release would have a more significant long term effect on that company's stock price than workers at foxxconn facilities killing themselves

If you believe there's no ethical consumption under capitalism, there's no problem profiting off this effect!

Yeah, I don't know where I stand on it quite yet. I mean, I won't outright buy Exxon shares to hold long-term. Is it hypocritical to make a short-term trade using options? Yeah, probably. But it's not like that money goes straight into Equifax's pockets, it just adds a minuscule amount of liquidity to a market for abstractions of EFX. Meh, I've got bigger ethical fish to fry right now.

As aside, to add to your list: the private prison company whose stock went down last year when the Feds said they were going to curtail using private prisons. A few seconds of reading confirmed that it's states that make the most use of private prisons, not the Feds. Made bank on that one, can't say I feel good about it. But I also can't articulate exactly why I shouldn't feel good about it other than, "private prisons, yucky!"

I'm pretty sure you could beat the yearly S&P's performance in a single trade for any of those events.

Of the three that come to mind that I've personally traded recently, that is most certainly true (the in-the-money EFX calls I have are up about 300%). Problem is, such scandals need to happen more frequently in order to make a trading strategy out of it. About once or twice a year is as frequently as I see such opportunities come up. One could have made a year's SV salary on EFX calls with a $50K investment, but because it's options that $50K could very easily be worth $0 in just a month or two.

It's just a PR exercise to fix.

Nobody cares about Equifax. What's going to happen? You have a republican congress that won't regulate them away, the banks need them, and the actual thieves are criminals or nation states who'll get tagged with the actual crimes that get committed later.

They will wait until they get their fine, take the media hit, and then rename the company after Trump kicks a kitten or something and overtakes the news cycle.

We are not their customer, we should pressure government to do something about them both federal and local.

It looks like that's the only way, we can't just "vote with our wallet" in this situation.

I suspect a variation of 'too big to fail'

you are not the customer

Anyone have any idea if Experian and Transunion have something similar?

There are lots of companies in this space. If the big ones don't, there is a smaller, creepier one or a subsidiary that does.

As an example, One firm managed to figure out the correct expected birthdate of our child. The only record of this child are the medical and prescription records of the near fatal miscarriage that my wife was hospitalized for at 9 weeks.

If they can get that, one or more somebodies is paying off your company's payroll processor for your salary data.

No birth certificate? Those are, iirc, public records.

The child was never born. The only records are “anonymous” by HIPPA standards data that the hospital or insurance co likely sells or shares with 3rd parties who can match a hospital admission to our mailing address.

I’m sorry, I didn’t catch that the first time.

Yeah. Many levels of creepyness there.

There's a similar service called Inverify, and they have a page that looks like it might have similar issues: https://inverify.net/ManageIncomeKey.aspx

No idea if they used something smarter than birth date for "Login Code"

Ok, so I wasn't able to find any of my employers there, and after looking more at the site, isn't that service something similar to companies like ADP who take care of doing payroll that employer voluntarily signs up and provides the information?

Because mine initial impression was that this site uses credit information to disclose every person's salary.

In that case I guess the main issue here is just that the information is not well protected, especially after recent leak.

It seems in China people use their cellphone to pay everything these days, credit/debit card are becoming old-fashion and meaningless there. Hope one day we can do it here.

For mortgage and car loans you do not need credit card either.

So we can just give up credit card totally. We do need a new way to build people's credit scores somehow though.

I think you are a bit confused.

Credit cards only matter to Equifax and other credit scoring companies because of the "instant loan" that they give to a consumer. The banks that issue credit cards want to know if the consumer will pay back that loan.

As long as consumers can get instant loans through some kind of mechanism (credit card, phone, pinky swear, etc.) there will be a role for credit scores and the companies that generate them.

Aren't their cell phones just linked to credit cards?

No. Credit cards are fairly uncommon in China. Most people link an ATM card and load a balance into their WeChat account.

I'm not sure how this works in China, but credit reporting isn't exclusively about credit cards (but that is probably the most common component). It's about anything that would involve extending credit - mortgages, car loans, personal loans, paying for a cell phone monthly, etc...

So, just because credit cards aren't common in China, doesn't mean that there isn't some other equivalent tracking going on... (although, I don't know any specifics).

PP means that in China, and actually majority places, people don't purchase daily needs on credit.

Yes people still need credit, and typically a government branch keeps track this kind of information.

It would be great all up until the signal is lost from a natural disaster causing widespread power failures[1] and all your money is linked to a slowly draining phone.

[1] https://www.nytimes.com/2017/09/29/us/puerto-rico-shortages-...

Having a credit/debit card in that situation wouldn't help you either. If power is down, then so are the payment terminals and likely also the ATMs. Cash is the only option in that scenario and the prepared take cash out in advance, which you can do with either a card or mobile phone in many countries these days.

> Sadly, this isn’t anywhere near true because most employers who contribute data to The Work Number — including Fortune 100 firms, government agencies and universities — rely on horribly weak authentication for access to the information.

Sounds like the employers were doing it wrong.

In Norway, everyone's salary is published online by the government.

More and more grateful my nutty "Sovereign Citizen" parents never got me a social security number

I didn't consider this at all. Leave it to Krebs to elucidate :).

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact