Banks should have to know who they are loaning money to and if they make a mistake, that needs to be solely their problem. Then banks will figure out ways to confirm your identity better and people won't get into the hell that is trying to get the "bank slander" removed from their credit report.
The idea of an identity, especially a permanent one that travels with you throughout your life, is a relative recent one. 200 years ago, you could escape your past sins, so long as you didn't have an identifiable face and could speak the language at your destination. (If you couldn't you ran the very real risk of becoming a slave, which is caused by removing a person from their context; e.g. family, language and community).
There is a deeper question of "What is an identity?" and we also have to realize that the digital identities have never existed throughout history. Not in the way they do today. It's hard for us to imagine a world before passports, before real borders and before permanent numbers and documents that follow citizens throughout their lives.
And the principal reason we have digital identities today? Debt. It is solely to trace debt. It has nothing to do with proving you went to x university or worked at y job. There are other ways to track that, which are terribly inaccurate when you really start to look at them. The principal reason for your SSN, your digital identity, is to track credit and debt. I highly recommend the book _Debt: The First 5,000 Years_. It really goes into depth on this concept.
And you did have identity records. If you were rich enough to have checks, you’d appear in a city directory and banks would rate your creditworthiness. If you travelled, you’d have to have silver or gold in hand, as your Boston banknote was worthless in Virginia.
> No matter what degree of culpability should be assigned to Britain, the consequences of the famine to Ireland are indisputable: it broke the nation in half. At a million or more fatalities, it was one of the deadliest famines in history, in terms of percentage of population lost. A similar famine in the United States today would kill almost forty million people. Only the famine of 1918-22 in the Soviet Union may have been worse.
> Within a decade of the blight another two million fled Ireland. Many more followed in subsequent decades, inexorably driving its population down. The nation never regained its footing. As late as the 1960s its population was half what it had been in 1840.
> Today Ireland has the melancholy distinction of being the only nation in Europe, and perhaps the world, to have fewer people within the same boundaries than it did more than 150 years ago.
-- Transcribed from the book "1493" by Charles C. Mann.
That accounts to 20-25% of the population, including emigration 
I found out the Great Famine of Mount Lebanon under Ottoman rule during 1915-1918 was much worse : 50% of the population (of 400 000) died. 
When few noticed, Adolf Hitler seems to have taken it heart:
> "Our strength consists in our speed and in our brutality. Genghis Khan led millions of women and children to slaughter -- with premeditation and a happy heart. History sees in him solely the founder of a state. It's a matter of indifference to me what a weak western European civilization will say about me."
> "Who, after all, speaks today of the annihilation of the Armenians?"
I've been quite aware of the history but to read how he takes inspiration of cruelty makes it even more disgusting.
(Oh, and yes I'm fully aware a number of others like the French terror reign, Pol Pot, Rwanda, China, former Yugoslavia, Japan/China, India/minorities, a number of colonies of Western countries, natives of south and north America but for some reason the Armenians seems to go unnoticed. Thanks for reminding.)
If I don't get an answer, I'll try to find some demographics numbers and figure it out tomorrow.
I would say that post-war, consumer credit drove American economic success, and that the SSN became a key part of that system. Had it not existed, something else would have served that function.
Google BAPCPA for more because the bill Bush signed sucks.
EDIT: Nevermind, the wiki link in the post before yours is great.
Bank: Here is $100 from your account, Joe.
Joe: Hi bank, where's my $100?
Bank: Already gave it to you.
Joe: Wasn't me.
Bank: Well, Joe, you screwed up big time. You let someone steal your identity. Sucks to be (the real) you!
I would think that each new account or transcation should generate a notification to Joe and he should be able to reverse them within a certain amount of time.
Joe could make it so that his device ignores notifications about transactions made by his own device, and only hear about other ones.
That would be the same crime as someone using Joe's stolen credit card info - fraud.
Therefore the bank can't establish that it was you, who leaked the secret. (Because it's easy to leak SSN, it could have been any random company you did business with. Or the SocSecAdmin.)
And even if your shared secret was used to withdraw, there's still a chance of the bank leaking it.
So usually the shared secret's hash is stored.
This works pretty well.
Around here banks ask you to give your PIN for identification, or you have to present your ID, and they compare it with what they have on file. (So trust on first use is still important.) Sure, it's probably not hard to fake these plastic cards, but that's a rather serious crime, and then the bank can pull the security cam footage, etc...
Of course, requiring confirmation on an SMS even when you do in person banking might make sense.
I have one given to me at birth, which is a sequence of 13 numbers that gets calculated with a formula and has a control number at the end (kind of like credit card). This one is random enough for nobody be able to guess anyone else's (for example, how many babies were born before you on your birth day in that region is a relevant factor in the formula) and is used with government entities and government entities only (it is illegal for the businesses to require from you to provide that number to them to give you a service).
And I have the second one, which is the national ID number. This one was given to me when I was 18, and it serves as a proof of identity with the businesses.
And there you have it. Two distinct numbers. One for your government, and the second one for you dealing with businesses. Someone can't fake anything important (as in, government-related) with your ID, and businesses have a second number that is usually proven on the spot with the photo of you in your national ID.
Problem is solved.
Absolutely not. I mean, I don't know which jurisdiction we are talking about, but I don't know of any that bases identity on a number.
The numbers don't serve as proof. They are just a number to help refer to you in databases.
The proof of identity is provided by the plastic cards and other items/papers. (Such as a birth certificate. And usually if you lose that to get a new copy you need some ID, and if you lose your ID cards, then a written statement from the police that you lost your ID card.)
Not all countries have or want that.
Voter suppression in the United States has had a long, sordid history. Blacks were given the right to vote after the civil war, prompting southern states to implement literacy tests, poll taxes, basically any legitimate-seeming test to de-facto turn away black people at the polls. This got so bad that we literally wrote an Amendment (24th) to state "yeah you can't do this either".
What's fucked up is that this sort of thing STILL happens. This past Tuesday, a number of voters in Virginia received calls telling them to go to a different polling station from the one they were assigned. See https://theintercept.com/2017/11/07/virginia-voters-get-myst...
Stuff You Should Know did a really good episode on voter suppression in the US that I'd recommend.
Why do they want a NUMBER? Because names are too... human. They're messy, and they can change, and they don't fit standard forms. It's an impulse to purge the humanity from social identity that motivates establishment of national ID numbers.
Then we got income taxes and federally guaranteed pensions (Social Security) and medical assistance (Medicare/Medicaid) and a few other, smaller safety net programs. Furthermore, while there's plenty of fighting around the margins, the overwhelming majority of Americans are broadly in favor of keeping at least some of the Great Society programs, and that means we have to have a national registry of some sort.
It turns out that when the population is broadly distrustful of the idea of a national registry but broadly in support of a tax regime and social programs that require a national registry to function the stable equilibrium is a really really shitty national registry that everyone hates but nobody feels they can improve without getting shouted out of office. American politics is dumb.
The only thing everyone has is a person number, and the difference is that it is explicitly considered public information and you can get anyone's person number by just asking the Tax Agency. It's just a convenient way to keep track of people, not a way to actually identify yourself.
This is only an issue because of tracked non-anonymous accounts. The key for money laundering in high profit / service retail businesses is using dirty anonymous cash. Often the customers literally do not exist, imaginary entries are made at the register and cash is stuffed in.
The last suggestion is easily worked around, merely trade device IDs along with account IDs. In fact the easiest way to steal money would be simply to clone your device outright complete with saved passwords etc. Joe certainly doesn't control his own device, not the firmware, OS, or apps, not to mention MITM attacks.
Bank: Here is $100 from thin air, Joe.
Joe: Hi bank, why is there an IOU for $100?
Followed by "and we compounded our failure by falsely telling lots of other institutions that it was your fault."
There won't be any improvement until the legal system creates a stronger incentive for institutions to be more secure.
Popular interpretation: "Theft of an identity"
Better interpretation: "Theft, by forging an identity"
It's easy to understand why the victim of this type of fraud (the banks) would like to shift the damages onto an unrelated third party (the person whom the original perpetrator is purporting to be); it makes life much easier for them.
What's not clear is why anyone else would would go along with it. If someone breaks into my home and steals my microwave, I cannot then break into my neighbor's home, steal their microwave, and then claim that my neighbor was the true victim of the burglar. I am the victim of theft, and now that I've stolen my neighbor's microwave, he is also the victim of theft. It doesn't cancel out!
I think it's important to be clear about what's going on here, who the victims are, and who they are being victimized by.
Anyone else (i.e. us plebs) don't need to go along with it. The banking industry has enough $$$ to pass laws favorable to them with or without our blessing.
‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens.
I don't understand why the US has identity theft. Is it because there's no national ID? Here in Europe we don't have any "secret" number that someone can just use to open a bank account in your name.
I have lost the battle to clear my name. Different states in Germany for example have different police systems and argh..
But abuse is very low, as it requires that whoever does it identifies themselves first at another bank, and opens a merchant account (which has other verifications). And then reversing it is easy, too.
And you can't even shop with stolen IBANs at Amazon, because every major retailer will first send you a 1ct transaction with transaction info set to a OTP you use to verify that you own the account.
I'd add that SEPA being mandatory for all participating countries has simplified transfers a great deal. Now most banks remember creditors, just like a phone book but for money, so sending money from your phone is pretty neat.
Additionally, the SEPA effort created ISO 20022, which is gaining ground worldwide as a one-stop-shop format for financial transfers. See this article from the US Federal Reserve a couple of weeks ago: https://fedpaymentsimprovement.org/news/press-releases/feder...
SCT is entirely push, and requires signing the transaction with your card, or using at least 2FA for verification. This doesn’t happen by accident.
SDD is entirely pull, and is the only one that could theoretically be abused, but that’s as mentioned also not that easy.
SDD can be reversed without giving any reason for a whooping 8 weeks by the customer sometimes simply by clicking "reverse" and entering a TAN.
B2B is a different beast though.
For me with my German bank account, sending money this way always requires a one time use code. The code is not digital, the bank sends you a list of 100+ codes printed on a piece of paper. So, I'm not really worried at all because there is no possible way for a scammer to get my codes.
Germany might have such a system thought.
He published his bank account details (and how to find his address) and dared people to withdraw funds from it. Which people did.
A utility company Direct Debited money from me when they screwed up and billed me for someone else's supply. I called my bank, said I wanted the Direct Debit cancelled and the money returned, they did it and the money was back in my account the same day.
The utility company sent me all manner of outraged paperwork, including threatening to set lawyers on me, but they couldn't magically take my money, and sure enough once they understood their mistake I got an apology and they wrote off all my actual bills for the past 12 months.
But when I did have direct debit it always included the maximum pay amount which I usually set 2x the amount of average bill so if utility company makes a mistake payment will not go through.
The best part, I think, is Clarkson's response:
Clarkson now says of the case: "Contrary to what I said at the time, we must go after the idiots who lost the [personal information] and stick cocktail sticks in their eyes until they beg for mercy."
1. Opened with a fake identity
2. Stolen funds received
3. Stolen funds transferred to a bank with (intentionally) poor record keeping, potentially bouncing around a few more times.
Wire transfers seem to be a big hole at the moment.
This and variations are very common in Europe.
There used to be some public discussions on the alphabay forums, which was filled with small time bank fraudsters from both the US and the EU. The EU ones actually seemed much more prevalent.
I couldn't find many interesting scrapes quickly, but this one might be worth a look:
I'm sure there's an AB forum scrape floating around somewhere too... But not here https://www.gwern.net/DNM-archives
I believe the AlphaBay forums were integrated into the main site and so would be findable in the AB dump; most DNMs kept their forums on separate .onions so had to be crawled separately.
I'll grab the dump and check the contents anyway.
Forging or getting a fake ID is harder than counterfeiting money (maybe accessible to organized crime, but certainly not worth the cost/effort/risk just to steal a few thousand dollars); lost/stolen IDs have a registry that all the banks check; and you have to show up in person so if detected you don't get a second chance, you're leaving the building in handcuffs.
Seriously, the only problem with IDs I recall from banking was the use of IDs bought off of homeless people to register shell companies for money laundering, but those were real IDs and usually with the real owner "hired" for the initial account opening.
What is proof of residence? A copy of your apartment lease or something like that?
Proof of residence is a copy of your lease, or a bill by a power or phone company, basically a piece of formal correspondence with your address on it, so you can sort of prove you live where you say.
The bank photocopies all this, so if you forge an ID card to include your photo, they store the photo too, and if you get caught you're in deep trouble, as forgery is a serious crime. I think that's actually what prevents most identity theft here.
I had a choice between either using my eID for verification, or doing a video call and showing the ID into the camera (in a way that their systems can automatically verify the security measures).
It took 20 minutes to go from nothing to having an account, and being able to move money to ans from it.
But it's usually trivial to purchase a forgery.
Also, even if you could get one, it's going to cost thousands, so it's not worth it for mass scamming. Also, you'd have to show up in person and risk immediate arrest if the forgery gets detected.
What I'm hearing is our idiotic age limit on drinking makes ID forgery lucrative enough to outweigh the risks. Therefore: The drinking age in the USA is largely responsible for making identity theft easier.
I'm kidding, another major hole in this is a unique nexus of states having different ID/Driving License implementations and the fact that a vast portion of our citizens lack a passport.
Also, I'm not sure where the money is in the current system, but every time the USA tries to create a national ID all sorts of astroturfed nonsense comes out about Big Brother and COMMNUNISM!!
It's not, I've held several. For EU countries.
>unless you've got contacts with organized crime
Or an internet connection!
>Getting a fake ID gives limited benefits and means jailtime even if you don't attempt to use it
My personal experience has been very different. But I guess this'll vary from country to country.
>there's not much demand among "normal people" for it
How many undocumented migrants are there in Europe again? Are those people not "normal"?
>Also, even if you could get one, it's going to cost thousands
As in an actual national ID that can be used to open bank accounts and cross borders, or some other sort of non-official ID that might be good enough to get you into bars?
Edit: or given the thread context you mean forgeries of the same level as US driver licenses for under age drinking, which is quite possible, but such forgery is readily distinguishable by anyone who has actually seen real EU ID card.
>ID-2 format laminated cardstock
Not these, I've seen a plenty of US ones like this.
I am talking about forgeries specifically sold for the purpose of opening bank accounts.
And I'm also heavily doubting that an internet connection is enough to get a forged ID card. It does elude me how one would do that without some sort of special machines.
Even the reddit fakeid community seems to have some pretty good EU ids.
However, purchasing a thousand SSNs and automating signups sounds hell of a lot easier than purchasing a thousand passports and physically visiting the bank offices.
For example, banks will photocopy your passport and verify the signature on it to ensure that it's correct.
(Basically, there's an algorithm used to compute a 30 digit hash on the ID or passport, which is computed from the IDs content and a secret seed. Anyone can verify this hash easily with open algorithms and tools, but only the government can create them).
At least within the Netherlands, your residence is officially registered with the municipality. This is tied in with your Citizen Service Number (BSN). Without this, you cannot open a bank account.
There is a national ID number, equivalent to SSN, which is printed on the ID, and to which the credit history is linked. It is used for distinguishing identity, but not for authentication. For authentication you need the physical ID and sometimes the pin code. The ID card carries a digital certificate which makes them hard to forge (I’ve never heard of outright forgery), and allows for online identity (like filing taxes or opening a bank account online). Obtaining a new ID requires either presenting the old one, or visiting the police to have your identity verified in other ways.
Also in most European countries the administration knows your official address and companies can check that you live where you pretend to.
My first credit card application was rejected with no explanations.
Getting your bank accounts emptied sucks much more than having someone open a credit card in your name.
I think we most be from different parts of Europe. Where I live it is hard to avoid getting one or more credit cards
Everyone I know in Europe with a “real”credit card just has an Amex.
According to https://merchantmachine.co.uk/visa-mastercard-amex/ there are very few places in Europe where AmEx is #1 for credit cards (and, being from the UK, I'm actually surprised to see UK as one of those countries... I would have bet money on Visa/Mastercard having higher market share than AmEx here, even for credit cards alone).
From personal experience: what kind of cards (both debit vs credit, and what network they're on) varies massively in different EU countries.
In the US it collects points and cashback and you can magically go above the limit if you have money on your checking account. You have to do really really crazy stuff to get a transaction rejected. It gives you insurance for car rentals and concierge services for things I never considered.
In Europe I had a Visa and a MasterCard. No points, no cash back. Couldn’t go over the limit, forced to pay everything off every month. If you don’t, card is blocked.
In the US you can (often?) pay off as little as $25 on a massive CC debt and there’s a lot of interest on what you don’t pay off. I didn’t have any interest in Europe, it just stopped working if I didn’t pay it off next month.
From what I can tell, most Americans wouldn’t recognize my European Visa or MasterCard as a credit card. It behaves like a half step between debit and credit.
Are other cards in Europe closer to the American version?
That being said the debit card version is the one you get by default, and the credit card version is something you have to ask for separately.
- In the UK, Visa/Mastercard are the most common networks used for bank debit cards, using them pulls money from your bank account directly. Most banks give most adults (citation needed, but I think) a debit card by default with an account.
- In the UK, you can apply for credit cards from a number of companies, including banks (but it's a seperate to any bank account you might have with them), and credit card only companies. Different providers offer different types of cards, and the kind of deal you can get will depend on your credit history, salary, etc. They will (nearly always) have a credit limit, which could be a few hundred or could be very large. They will have a specific rule about minimum payments - some might want your balance paid in full each month, others will ask for a minimum payment (which could be a tiny percent of the amount owed) each month. If you pay in full, you don't get charged interest. If you take longer to pay, but within the agreed terms, you'll pay some sort of interest, which could be reasonable or extremely expensive depending on the card you have. Some cards offer benefits (points or cashback, maybe other perks like special deals, concierge services, etc.) while some are purely lines of credit with no other benefits.
- In France, I was given a Visa debit card when opening a standard bank account. No experience with French credit cards.
- In Belgium, if you want a card on the Visa/Mastercard networks, you need to get a credit card - most people use debit cards which use different networks (I think they use Maestro and another one..)
They basically don't exist here.
I have a small "CREDIT" label next to the chip of my new card and airlines (EasyJet, Ryanair...) now reject my card if I select the cheaper "Debit card" payment option.
But it has different laws so that they're not as exploitative. The card companies accepted these laws in order to get a chance at the relatively wealthy British customer base. In particular:
* Issuers have to tell you each month how much it's going to cost in total to pay off your debt gradually, which is usually a scarily enormous figure.
* Issuers own the risk of buying most things with the card. If you pay £200 for a hat from an online merchant with the card, and then the merchant goes out of business without delivering, the law says the Issuer bought that hat, you owe nothing.
* Issuers own the risk of card fraud. Unfortunately juries and judges both tend to believe the smartly dressed bank official in a trial, but in law all the responsibility for fraud lies with the Issuer unless they can prove it's your fault.
A lot of people like me have a credit card, and then have the issuing bank also automatically pay off the balance every month from their current account. So the effect is that their credit card is a rolling 30 day interest free loan.
So I am not sure what is the difference between these cards and "US-style" cards. Maybe that we only need to get an automated credit check based on past years tax reports to get them, instead of having to work hard to get a good credit score?
The differences between different parts of Europe can be larger than the difference between some parts of Europe and USA
Lived in Sweden for the past 12 years, and never seen anybody us an Amex card (seen lots of ads for Amex though). Mastercard seems to own basically the entire credit card market here.
In my country (Bosnia), there's pretty much no difference between them. Maybe half a euro more per month for one or the other. All the banks I know of let you pick between them. Citizens usually pick randomly. They're accepted the same, you still have to chase your own bank's ATMs to avoid unnecessary fees etc.
In the USA, wire transfers average $10-25 on the outbound. Inbound, domestic wire transfers are often free, but inbound International transfers can run you $15.
This fee structure is why you see Vimeo and Square Cash (and PayPal before those) become so popular.
Were these wires to a company that receives lots of similar wires? Do/did you have a history of sending wire transfers? Were any of these wire transfers a significant chunk of your account balance?
All of these things matter. In the US the average person is simply far more likely to be sent to the branch when wiring $10k than in EU.
In any case, most people I know always carry their ID card with them in their wallet. You don't need it all that often, but you might as well carry it around, and having government issued proof of your identity is actually quite handy in many situations (situations that are handled with SSID and/or credit card in the US).
Fair enough, but still, that's not a requirement here, and seems weird and oppressive (indeed my memory is that being required to register where you lived was a classic example of the non-free-ness of the Soviet Union).
> In any case, most people I know always carry their ID card with them in their wallet. You don't need it all that often, but you might as well carry it around, and having government issued proof of your identity is actually quite handy in many situations (situations that are handled with SSID and/or credit card in the US).
Sure, in practice I carry my driving license around most of the time in the UK. But the fact that I don't have to feels important.
Hypothetically, if you owned two houses, and spent exactly 182.5 days per year in each, an outside observer would not be able to tell which one you considered to be your true home. So that observer might presume it is not your home, and prevent you from voting there, or presume that it is, and levy location-based taxes as though it were your full-time residence. Worse, different observers could make those determinations separately, and you might end up paying double taxes while being denied the ability to vote in either place.
There are also concerns about the correct address the government should use to send its official communications to you. It isn't always about knowing exactly where to send the cops in ninja gear to rouse you out of bed at 2 AM.
Is the passport the weird part or always carrying something to identify yourself weird?
Because I'm always carrying a wallet, with identification in the US; which I must be able to show to certain agencies at any time.
Which agencies and for what reason? There is no general obligation of US citizens to carry identification or even to provide your name to authorities unless you are reasonably suspected of a crime.
I sat in the back of a police car for a hour while they researched everything about me.
Again, there was no No U-Turn sign. I was simply suspected of something, of which the police never informed me of.
That was the day I learned I always needed my license, for apparently any reason, in the US. Even if you're white.
If one person used it fraudulently then there's a much higher probability that any subsequent loan application with the same information is also fraudulent.
Instead, all that's going to happen is banks will simply require someone to show up in person and present sufficient identification.
It also already is almost all the bank's problem. After all, they are the ones that lose the money in the scenario you describe.
In many ways, credit scores are an early example of data related problems that will become more common. Some will become serious issues in the next few years.
Credit scores are basically an estimate of credit-worthiness. The system is designed to solve the banks' problems, not consumers'. For banks, some number of false positives (creditworthy person with a bad score) is acceptable. It may narrow the market slightly, but it improves the quality of the remaining majority of customers.
This is true of a lot of statistical/algorithmic decision making. Paypal flagged me as "high risk" when I moved countries, so I can't use paypal now. For paypal, losing 1 of me to avoid 2 malicious users is an acceptable trade-off. For me, it's annoying but not a big deal because paypal is rarely the only option.
If paypal's "danger" flag were shared across the financial system, this would become a serious problem for me. It could freeze me out of online transactions entirely, maybe other things. If landlords had access to paypal's "high risk" filter, would it be worth using to filter out bad tenants? Seems possible.
The false positive problem goes from an annoyance to a fundamental rights vioation quickly, if data is shared.
Insurance is acquiring similar issues, though with very different mechanisms. As statistical inference improves, insurance ceases to be insurance... Risk gets pooled across ever smaller groups. The whole purpose of insurance is to pool risk widely. IMO, this is the problem the US' health policy architects underestimated. Insurance companies know too much to be insurance companies.
More such issues are coming soon. China seems to want a credit score system, with alarmingly ambituous and and political breadth... The Social Credit System.
Adtech companies and conglomerates (especially FB) are really hitting their stride. I wouldn't be surprised if they can score credit worthiness, insurance risk and other things using their web browser and app datasets.
Should adtech be allowed to service banks, insurance companies, real estate agencies and employers? If not, we should probably decide this now.
I don't know what the answers are, but credit score may be the place to start. I think approaching the problemfrom and identity/data protection perspective is fundamentaly flawed.
Insurance companies typically want the best of both worlds, to -know enough- to pool narrowly (or often, exclude high risk), but glean the benefits from wide pooling.
We already know what happens when the banks run out of money. They get bailed out. That means they will NEVER be the victim.
That means we can make them pay for bailing out fraud victims and taking the hit on their behalf. It should be a service, a duty, and an honor.
But that will never happen, because this is America.
The FCRA put a lot of measures in place to RESPOND to consumer complaints, but they don't work well and only matter when the consumer decides to complain and is willing to put the time in to do so. That's not enough - if a CRA can't demonstrate success, they should either not be allowed to exist or they should be de-certified. CRA's that can't meet that standard could still exist as businesses, but the shouldn't get the government protected oligopolistic designation they get now.
ID Theft isn't just this. Illegal aliens use ID purchased on the black market to get jobs and pass ID verification. While they have those jobs, they have payroll taxes withheld, but don't file taxes leading to some Americans being hounded by the IRS.
Additionally, some American babies are assigned SSN's already associated with illegal aliens:
> Illegal aliens generally prefer SSNs that have not yet been legally issued or, failing that, the SSNs that belong to American children since these numbers can be used for years without anyone knowing it – except the IRS and the Social Security Administration.
> However, the Social Security Administration does not remove unassigned SSNs used by illegal immigrants from its database. That means the numbers are eventually assigned to newborn, American infants. Neither the Social Security Administration nor the IRS notifies American citizens when their or their children’s SSNs are used by others. In other words, the federal government has facilitated identity theft and protected the identity thieves.
It wasn't a problem, at least it wasn't up until the point that creditors reframed it as "identity theft." It's fraud, plain and simple, and if it were treated as such, the burden would be on entities that have the resources to handle it (and who are also responsible for enabling it) instead of ruining the lives of normal people just going about their business. Oh, you loaned money to someone claiming to be me? I don't see how that's my problem. Sucks to be you. Maybe rethink mailing out pre-approved credit cards in the future.
> Banks should have to know who they are loaning money to and if they make a mistake, that needs to be solely their problem.
perhaps they will need to partner with local banks and such. I don't care. by default they should not be able to issue credit where the liability is on the consumer until physical verification is complete
“Bank Presidents and Officers must exercise great care in protecting the privacy of information they gather on people, because there are legal liabilities if a bank intentionally defames a person or invades the privacy of an individual”
Edit: In my country we didn't have a unique id till a couple of years back. So everywhere you had to submit photocopies of your id proof and a nother of your address proof. Imagine giving copies of your id to the lowest ranking person of the business you are dealing with. You have extra challenges if you have moved recently.
That's exactly what they are. I don't understand who you're trying to fool here. It's a number, for social security, that is assigned to a person. It's poor as an identification method, so it's commonly used in fraud, but that's just hand waving to distract from the discussion about the purpose.
I tend to agree. Best practices are that we shouldn't use guids as authentication/security mechanisms in software systems because 1. they aren't necessarily random so it's difficult to prevent fraud as a result of guessing and 2. you can't rectify authentication issues (e.g. via rotation of authentication or adding additional entropy) without compromising the identification function see (https://tools.ietf.org/html/rfc4122#section-6).
We should never have used them as authentication methods IRL.
2. It's also now used as an authentication mechanism by many businesses (because it's relatively ubiquitous and banks, gov, etc. assumed that the SSN owner would and could keep it secret) :
a. accepting card payments on stripe (https://support.stripe.com/questions/why-do-you-need-my-date-of-birth-and-4-digits-of-my-social-security-number)
b. driving with lyft (https://www.lyft.com/drive-with-lyft under "What are Lyft’s requirements?")
c. also for bonus points take a look at what happens when you search google for "SSN for resetting" and marvel at all the banks that let you reset your password with your SSN.
> SSN are NOT an identity mechanism
You purposely misquoted them to make your point. That's pretty lame.
It's not a misquote if you parse the original statement as "NOT ((an identity mechanism) or (infrastructure to facilitate business))". It's perfectly fine to simplify "Not A or B" into "Not A" when your argument is "Yes A".
In the context of godzilla82's wording, I think the latter interpretation is more likely, making it not a misquote. Even if that's mistaken, I doubt it was an intentional misquote.
The printing was removed because nobody gave two shits about it.
What alternative would you propose now?
And if your excuse is "well, we're too big to know our customers!" maybe you shouldn't be in the business of loaning money.
If you're an immigrant?
If you're a protected class?
The whole point of the fair lending act is that lenders have to use consistent lending criteria across population groups. Going back to the pastoral days of personal relationships with bankers is the wrong answer.
PS "lending" not "loaning"
If you are using a different bank in this new town, then yes, you're kind of SOL. However, it's not too wild to think of a way for credit history and verified identity from one bank branch to be stored in some kind of software system, which could share data between branches. The initial work in establishing trust is annoying, but verifying identity once you have some system in place is easy enough. A short phone or video call with someone who _did_ know you and works within the same institution would be a pretty sufficient way to go about it. Hell, universities have an even more archaic way of doing this: if you need proof of enrollment or a transcript then the university will send sealed snail mail to whatever institution needs the information. You can even request and deliver these yourself personally, if you want to.
Perhaps "personal" is the wrong word for the kind of relationship you want to describe though. Your relationship with the bank as an institution is independent of any SSN, they just track any credit or debt to your identity using it. There's no reason why a single number needs to track that kind of information, when the banks could just be required to verify their own knowledge of you themselves. At some point we have to admit that someone at the bank must know you, or be able to vouch that who you are is who you say you are. Even just a second check of a photo of you compared to a face scan would be more than what's verified now.
Alice in Pittsburgh wants a $100K loan to go to college.
Bob in Hawaii wants to invest $50K at a 5% return rate.
Charlie in China wants to invest $50K.
Without banks - Alice & Bob fly across the country to meet, and Bob, who knows nothing about college, hopes the college is real & Alice will pay. Alice, who knows nothing about Bobs hopes he won't get really impatient after 10 years and rob her. They talk for 30 minutes and hope that short interview is enough to establish trustworthiness on both sides.
We then repeat the whole process with Alice & Charlie.
With banks - Bob invests $50K into the bank. Charlie invests another $50K. Alice gets a $100K loan from the bank. The bank already has channels to ensure Alice is trustworthy, to verify her admission/enrollment in college, to collect loan payments, to eat the loss and give Bob his 5% returns anyways if not repaid. Even though Alice pays back $12K every year, the bank has enough liquidity to give Bob $1K every month instead as he prefers.
By the way, banks don't lend deposited money, they create money.
Bob and Charlie get maybe 1% interest on their $100k, while the bank charges 10% on all $1000k of the leveraged loans. At year's end, the bank has paid B and C about $1k, and collected from A D E F G H I J K and L about $100k. If Bob, Charlie, or the bursar ever unexpectedly come around to make a withdrawal, the bank phones up the national central bank and says, "Yo. Boss says you need to come by and do that thing we talked about that one time. It's important." Then a truck shows up with very important pieces of fancy paper that the bank can give to people, so that they go away without getting mad. It's very important that no bank ever runs out of those, because then people wouldn't give them back to the banks to be reused, by giving them to other depositors!
It's all very complicated and important and not crooked at all. You can certainly trust those banks, because all their employees are clean and smell nice and speak clearly and wear good-looking suits.
But it is also important to realize that the bank does not need to know Bob or Charlie very well. It isn't really even strictly necessary that Bob or Charlie be real people. All that is necessary is that they have entrusted a symbol of their savings to the bank, to be used as the bank sees fit, without any direct oversight, in exchange for a pittance in interest. This is really only a good deal if you have so much money that your investments would otherwise overwhelm the capability of businesses to generate a good return on it. So banks have a few customers that deposit enormous quantities of cash with them, because the only other entities that can actually pay out a 3% return on that much dosh are national governments, state-partnered enterprises, and multinational mega-corporations. Bob and Charlie represent round-off errors. But there are a lot of Bobs and Charlies, and in aggregate they do help the bank make money, so they are tolerated, with a token amount of ass-kissing to keep them happy. And if one gets screwed over by accident once in a while, that's no big deal (to the bank).
The bank does need to know Alice and D E F G H I J K and L, but only just enough to figure out how much extra they need to charge to cover their default risk. The bank's major concern is that one of those people might actually be Maurice, who plans to default, but he is untouchable, because the bank does not know who he really is. But they know who he was pretending to be, so screw that guy; he shouldn't have let someone else pretend to be him without his knowledge, right?
So I'm not really certain that knowing all the insignificant peons would actually help. The fundamental problem with banking is that the (remaining) individual firms are too large for the median customer to matter to them at all. They have no intrinsic economic incentive to even acknowledge that a problem exists, much less admit responsibility for it, because their real business is aggregating investment opportunities that are too small to bother with individually into packages large enough to interest investors with colossal amounts of cash, and taking a percentage off the top.
They are an identification mechanism, what they are not is an authentication mechanism.
They are similar to IBAN in that way, they're suitable to e.g. give you money, they're not suitable to take money out.
And now do you have other mechanism s? If you do, you should be using them, if you don't, then scrapping the only one is not a solution. Asking businesses to do verification on their own is definitely not a solution.
How does schools do background checks? How does the police force do it for their officers? Why can't the same method be used for a bank?
Um, what? If you are doing business with someone based on an assumption about their identity (giving them a loan based on credit history, for example), it sure should be your responsibility to verify that that assumption is correct--that the person you're dealing with is indeed the one that all the data you have applies to. And if your assumption turns out to be wrong, the last thing you should do is blame it on the person who actually is the one all your data applies to.
> If there are flaws in the existing system that lends itself to be manipulated, then the solution should be that the government should fix it.
The government is largely the cause of the flaws in the existing system. The last thing we should do is expect the government to fix it. If private corporations are going to make use of information about you, it should be their responsibility to make sure that information is accurate.
“The software developers are largely the cause of the bugs in the existing software. The last thing we should do is expect the developers to fix it.”
I mean, I do believe private businesses should be held responsible, but one way to make them do that is by regulating them through an agency with higher authority, which probably means government.
Flawed analogy. Software developers introduce bugs inadvertently, and they have both an incentive and the knowledge to fix them. (In cases where that is not true, bugs indeed do not get fixed, and we should not expect the developers to fix them. That is why open source software is important--so I can fix bugs in software I use that the developer can't or won't fix.)
Government introduces bugs on purpose, to serve special interests, or out of ignorance, because government officials who make regulations are clueless about what they are regulating--but they don't get penalized for making clueless regulations and they don't get rewarded for fixing them. So government has neither an incentive nor the knowledge to fix bugs it introduces. (And the analogue to open source software in this case is libertarianism: if the government can't or won't fix bugs in regulations, it should not regulate in the first place.)
So maybe there does need to be a federal or state identification method, but because we lack a legitimate method it should also be the responsibility of the individual to do due diligence that the person they're giving credit to is the person they say they are.
How? ask them to carry a copy of their address proof and id proof? As an individual, do you feel ok to have copies of your id and address proofs in the hands of low level clerks?
I’d really prefer not to need to carry around utility bills and other nonsense every time I need to conduct business. I’d also bid those folks consider what happens when you are homeless or otherwise don’t have a fixed address with utility bills in your name.
So, ask the person who lost 3 billion accounts, the person who is stuck with the mess from losing 3 billion accounts, the person who lost 145 million SSNs, and the person who is stuck with the mess from losing 145 million SSNs how to protect against data breaches?
I appreciate the relevance of those individuals to data security, but they're clearly not subject matter experts. If I wanted to secure my home against burglars, burglary victims probably wouldn't be my first consultation.
That said, the mostly fixed nature of SSNs and their intrinsic potential for introspection is a huge liability and we should move away from them.
[edit: Karen Zacharia may well be a subject matter expert here, it's a little unfair to group her in with my rant.]
If there are 10 houses, a burglar tries to get into all 10 but only succeeds on 2, then you should talk to the 8 owners who successfully protected their houses. If there are 1000 houses, a burglar tries to get into 10 but doesn't tell you which 10, and succeeds on 2, you should talk to those 2 owners because they know for a fact what can fail. 990 owners will just say "do what I do" without having any evidence that their strategy is actually safe.
CEOs, at best, will be proxies for whatever security personnel they have on staff and we have no way of evaluating the credentials of those security staff. At worst, they'll be advocating for policies that reduce their exposure/costs at the expense of greater overall fraud costs.
The senate should use their own knowledgeable proxy in this case. NIST has already shown itself capable of creating security standards of a reasonable quality. Run another public competition for a national ID system capable of replacing SSN and let real security professionals propose (and then debate) a way out of the current mess. Senators can then codify the results of that process into law.
You want to talk to the burglars. They already know the locks and safes and likely know even better how to break them than the creators. In this case, you want to talk to hackers.
The reason Congressional panels do things like this, is to put on a good show. They like to be seen dealing with higher level matters/people as a demonstration of stature.
No - the problem here isn’t hacking, it’s allowing a fixed, easily learned number be a sole proof of ‘identity’. SSNs were used in identity theft long before hackers.
The parent post was sarcasm. Equifax did not follow security practices that are common and widespread in the industry. And by industry I don't mean credit reporting companies, but companies that have systems connected to the internet.
One guy was supposed to install the update, but forgot for some reason. Everything was his fault.
Did you expect anything else from a company so incompetent? With a paltry $3b/year, they can't be expected to pay for more than one person to install updates.
"Millions of Verizon customer records exposed in security lapse - Customer records for at least 14 million subscribers, including phone numbers and account PINs, were exposed." http://www.zdnet.com/article/millions-verizon-customer-recor...
"1.5M customers of Verizon anti-hacker unit hacked" https://www.usatoday.com/story/tech/news/2016/03/25/15-milli...
None of those executives went to jail. None of them faced any real fines. None of them faced any real consequences. Many of them walked away with millions. PNC bought National City Bank for $5 billion and got a $5b tax credit (National City wasn't allowed any TARP funding). Big banks knew 2008 would happen, and when it did, they used it to buy all their competition at the expense of millions of Americans who lost their homes, retirement savings, etc.
It doesn't matter if it was Bush or Obama or Hillary or Trump, because no matter which puppet is on stage, no one in the 1% who either allowed such terrible things to happen or made them intentionally happen or profited from things that happened to have fallen into their laps; none of them face any real consequences. The executives who sold off Equifax shares getting off without any wrongdoing is a perfect example. It's obvious they knew. They made money and they will never and can never be held accountable in today's world because they control, to various levels, all the world leaders and banks.
The archived webcast is available https://www.commerce.senate.gov/public/index.cfm/hearings?ID...
The prepared statements from the witnesses are available to view at the bottom of that link as well.
Second pro tip: replace your door hinge screws (on the jamb and door) with larger 3-4” screws.
Third tip: outside doors should be solid wood or metal, not hollow.
It's worse than that. These are the very people who profit on trading in data linked to identity information. It's like asking the fox how to secure the henhouse, after he ate all the hens.
Any new identity scheme has to be something that does not rely on security practices of any third parties. The public component of the identifier must be useless as an identifier without the private part held only by the individual.
(Or, maybe she was at Yahoo! during the breaches...)
They are breaking this expectation by using the MitM-rewriting of unencrypted HTTP to inject tracking identifier headers for third parties.
Comcast also MitM-rewrites requests and occasionally leaves extra fingerprinting entropy, but they don't intentionally kill your privacy like Verizon.
There could be numerous other companies that are messing things up in exactly the same way, they just have had the misfortune of being breached yet.
This is a solved problem in most countries, the U.S. can just pick any from a long list of countries to copy the model of wholesale.
I believe most Americans are opposed to a national ID, so SSNs have been used as a (utterly terrible) workaround. Some reasoning for this, to quote an ACLU article on the subject, 'Former Senator Alan Cranston has described the national I.D. card as "a primary tool of totalitarian governments to restrict the freedom of their citizens." '
The Brazil solution mentioned seems pretty reasonable though. I like the built in expiration and ease of reissue. Anyone have experience with or thoughts about this sort of system?
Ugh. National IDs are common in Europe as well as other places where identity theft is mostly an exotic concept featured in the news about America. It's hard to call Belgium a totalitarian regime.
Whereas in countries without national IDs, people are forced to provide personal details to scores of vendors big and small who use these details for their purposes and may lose them to online criminals. But hey, we are protected against a hypothetical tyranny.
This is America in a nutshell. Most of it's efforts are spend protecting against what it can't see and not on the problems in front of it.
You can't base your reasoning about something like this solely on what's happening in some countries right now. That's how SSN mess started in the first place. They weren't intended as a global identifier, there were concerns that they will be used as such, but those concerns were ignored.
Also, I'm not convinced that spinning up a new ID system is necessary to solve the issue at hand.
In Germany there is no such requirement, even though many Germans also think that you have to carry it with you. But the Ausweispflicht (Obligation of identification) only means that you have to own an ID, but you can leave it home most of the time (which I do).
So yes, you don't have to carry ID on you in Germany, but only in the most pedantic sense. You'll just get a free police escort back to where you keep your ID in case you need to identify yourself. That hardly qualifies as not needing to carry ID when going about your business in the sense that Americans would be familiar with.
Thus any interaction with them could result in you needing to put a stop to anything else you're doing as you're escorted back to your house to fetch your ID, unless you're carrying it in the first place.
But the example I provided wasn't such an example, since there was a fine involved. However just having compelled ID changes even that situation. If Germany didn't have that I'd probably been able to just pay the fine on the spot without need to establish my identity.
I don't believe there's anything equivalent to that in the US. Furthermore since there's no national ID system they don't even know if you have a driver's license, social security number or passport, so their options for compelling you to produce ID are limited.
The idea of being legally required to provide government-issued identification to a law enforcement official under any circumstances is simply verboten in the US.
As long as you're not within 100 miles of the border inside the "limited civil rights zone". 
Personal experience is that border patrol officers feel no need for "probable cause" before pulling you over and searching your vehicle.
I was with a friend in the same situation (he forgot his ticket and had no ID). I just had to witness that he was indeed the person he said he was and it was fine.
There are many situation where in the US the police will immediately arrest you while the German police will just write down your identification and let you go for now. I will rather take the German approach.
So even though, as an American, I'm not required to carry my driver's license around at all times, I almost always do, and many of the few times I've left it at home I ended up regretting doing so.
Based on my visits to Europe I'd imagine Germans would find this whole situation ridiculous.
More than 23 states require that someone be able to prove their identity (probably with a government-issued card) "if there is reasonable suspicion of a crime".
Given that a book called "Three Felonies a Day" which cites facts such as the number of crimes in the US Code, the fact that most people haven't even started reading it nor have it memorized, nor have the legal skills required to determine whether (if it's even deterministic without a judge/jury) they have committed a crime, I would argue that a clever police officer probably has the ability to use that law as a tool to create a crime where none existed before.
There might be a country somewhere in Europe that has that law, but it's certainly not normal.
This joyous setup is the result of the Schengen zone. When national borders were "abolished" (not really, they came back due to the migrant crisis) the way governments got police and immigration forces on board with it was to say that everyone had to have their ID on them at all times and an ID check could be done anywhere at all within the zone. I've never heard of anyone getting in trouble for not having ID on them though.
But if you actually have to carry around your ID all the time depends on the laws country you're in. Here in Germany you don't.
It is the obligation of everyone travelling within the area to be able to show a fully valid form of personal identification approved by other Schengen states.
Although travellers within the Schengen Area are no longer required to show documents at an internal border (although there have been some controversial instances when they have, and it is fairly common at major land border crossings with Switzerland), the laws of most countries still require them to carry identity documents
Your interpretation of this doesn't seem to be correct. The whole point of Schengen is that you don't have to show ID at internal borders, which were supposed to cease existence. Rather, you have to be able to show your ID at any time whilst travelling ... where "travelling" is such a general concept that it effectively means at all times unless you are e.g. at home.
Additionally, it could just have been chance.
In general, yes, you should have your ID/passport on you, but there is no real punishment for not having it other than being required to later show up at a police station and/or being escorted by the policeman to your apartment/hotel to show your ID.
A bigger problem is usually not having a drivers license on you, that gets some of the people in the police riled up (but again, no real punishment as long as you show up later at the police station)
Why? What about people that just don't have / need a drivers license?
Not in general.
In Germany you just have to own an ID be able to produce it when legally required. However only under a very narrow set of circumstances it is legal to ask for an ID.
The police may ask for an ID only during a "Identitätsfeststellungsverfahren", which is only legal to do if you're suspect of a crime or if you happen to be within an area of specific public vulnerability, i.e. crime hotspots designated for vetting operations. Other than that it is in fact illegal for the police to ask for your ID. But even under that circumstance it is absolutely lawful not to carry an ID with out; worst case scenario is, that the police has to escort you to whereever you have placed your ID and you be able to show to them there. Depending on circumstances this might create (major) inconveniences, but has no legal consequences.
In addition to that there are certain business transactions where an ID must be produces. For example when checking into accomodation, closing a contract with a telephone company (that's new since this year, and totally ridiculous) and opening a bank account.
That makes it ok for some identity purposes (age, name) but not sufficient for crossing a national border.
(I'm not sure this is relevant, but I'm explaining the situation here.)
If you do a post-ident or anything official, you need your proper ID.
So let's skip all the hypotheticals about having to recover one, unless you can point to an actual case from the EU, instead of Hollywood?
The reason SSNs are "failing" is because they have been adopted by the public and private sectors because they are a de facto "username".
SSNs serve the same purpose as driver's license numbers and passport numbers, only they have less authentication, but are still more common (because most young children don't have DLs or passports).
Your citizenship isn't tied to the ID, either.
Am I wrong to presume the Belgian National ID is not used for identification and verification by Belgian creditors?
I also wonder (just thinking out loud, not part of my question) what would prevent US creditors from shirking the responsibility and withholding the required resources to establish an identification and verification system which does not rely on a national ID (different from a Social Security number).
EDIT: remove extraneous word, add parenthetical to last sentence.
Only credit information is kept, nothing regarding defaults on rent, unpaid medical bills etc...
Getting a record of your own credit history is completely free, either online, by writing a letter, or just stopping by the bank.
Yes, national ID is used for that purpose. I've only very rarely heard of identity theft by strangers, there are many hoops to jump through, like photo ID and a physical letter sent to the corresponding address for verification.
What would prevent that? Privacy laws. Keeping and sharing blacklists is not forbidden but regulated in Europe. Creditors also are obligated to use the central credit agency.
I know that the monstrous institutions thriving on the FICO score are an exception. In most countries, it's the usual payslips, bank statements, stuff like that. No one needs weird stuff like secured credit cards or asking their relative to "piggyback" on their credit score.
I know that the US credit agencies tried to "educate" the local business communities in some countries on the importance of the credit score and are currently occupying a small obscure niche.
Proving the Senator Point.. I am sure you believe Europe is free, it is not. Europe is very very very very very Authoritarian and restrictive.
> It's hard to call Belgium a totalitarian regime.
Belgium is Totalitarian. Seemed pretty easy to me, I just typed things on my keyboard and they appeared like magic on my screen....
National ID is the first step to https://www.aclu.org/ordering-pizza
A national ID is by no means required for something like this. If businesses wanted to, they could already identify us uniquely enough to pool all their information and be able to do something like that.
There are 1 billion possible social security numbers. There are roughly 300 million people in the USA. So roughly 1/3 possible SSN’s is currently in use.
A: No. We do not reassign a Social Security number (SSN) after the number holder's death. Even though we have issued over 453 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.
The federal government was never intended to administer services or benefits directly to all US citizens. The US Constitution enumerates a very limited set of federal powers: defense, foreign policy and regulation of interstate commerce, none of which concerns the average citizen day to day. It was intended for state and local governments to directly serve the people in almost all circumstances.
The New Deal was a terrible imposition of big government on the country and we're dealing with the cascade of problems and constitutional issues to this day, SSNs being a very visible example.
OTOH, if we had more federalism, I think the West Coast states might have been implementing their own full-fledged public healthcare system right now, instead of trying to come up with some compromise that the other half of the country can maybe accept (like ACA).
All that said, I don't see a problem with national ID. It's just as useful to the states as it is to the feds, and it's clear that something like that can only be run by the feds.
That sounds pretty nice actually.
No I think "why the hell didn't they put a sunset provision in all those bills?"
As an aside, one could construct a pretty good argument that the new deal was the result of all the Europeans who got off the boat in the prior decades throwing away freedom they really hadn't come to appreciate in exchange for the government playing the role of a lord who has some responsibility to prevent his peasants from hitting rock bottom (lest they revolt) with the catch being that said lord also has a ton of control over their freedom.
Even if you did, it doesn't matter. https://en.wikipedia.org/wiki/Wickard_v._Filburn
It is the US Constitution that is bad, by making entrenching dysfunction and hindering reform.
The patchwork nomic-style lawmaking that leads to eventual entrenched dysfunction and resistance to reform was assured. The US will not likely last half as long as Rome. We're 1 economic collapse away from fractionating into new aggregations.
I'd argue our style of law making is no different than other western democracies. How do you feel law making should be different?
The US doesn't have mechanisms for removal through accountability. This would mediate any need for an optimal cycle (which doesn't exist due to factors like breadth of initiative). Legal controls on "good faith" grace periods would be an effective control, but we don't even get that due to corruption. The US legal system has festered for too long imo.
Easy solution: make the national ID optional, just like a passport.
Let financial institutions decide whether they want to risk extending credit to anybody, or just people with secure national IDs.
If you have any questions I can relay it to them directly.
It's from the government who brought you Novapay and it's a piece of shit. No one uses it to manage identities and you don't really need to because there are only 4 million people there anyway. Their problem set is much more manageable.
Please never use RealMe as a real world example of anything done right. Please also never use RealMe if you can avoid it.
NZTA don't even bother, and just require your drivers license number and version, which is useless security, I could change ownership of anybodies car, just to be a dick, or possibly even to steal a car.
RealMe is a RealMess. I find it's usually easier to just ring up the relevant department that requires me to login to RealMe.
The privacy commissioner (that's a thing) had this to say:
"the proposal to oblige drivers to carry the licence at all times while driving would mean, in effect, ... provide ideal conditions for government agencies, police officers, retailers and other businesses, to ask for the card as standard identification in a variety of dealings unrelated to road safety." https://privacy.org.nz/news-and-publications/reports-to-parl...
Ask anybody who immigrated to the US, it's a royal pain. (Especially since you have global brands - like e.g. Mastercard - incapable of referencing their data from outside the US).
You start with a secured credit card for $200. Next, you buy a clunker of a car for all-cash. At that point, you have enough history to get a CC with $500-$1,000 limit. Now you pay everything through that CC. And make damn sure you're always 100% on time - a single slip costs you a lot of time setting up that history. After a year or two of that, you usually get a CC covering one or two months of income. Keep building.
It's a really painful process.
This was ~6 years ago so YMMV
Basically, I can only conclude that we are encouraged to be 'good citizens" by borrowing money and paying interest on it while slowly paying back the principal. People who live on a cash-only basis, which was considered to be a respectable practice not that long ago (borrowing was shameful) have terrible credit scores.
So what, you may ask?
There are very real and increasing disincentives to having bad or no credit. Creditworthiness (in the form of a nice, easy to understand number) is being taken more and more by various entities as a sign of responsibility and even good character.
A credit score is now used by some entities, beyond the mainstay car dealers, to judge risk and character: apartment rentals and employers, to name two.
I'm not suggesting that all employers and apartment management companies do this, only that the trend (I have no citations but it should be searchable) is on the increase.
The bottom line is that in the USA today, credit scores depend on how - and how much - you borrow and repay.
Furthermore, the higher your credit score, the better you are treated, to a degree: better rates on loans, no problems getting a job (all other things being equal), and so on. The opposite is true for bad scores.
This is one of the many ways we are corraled into greasing the gears of the economy, and it is a wasteland for cash-only operators (unless, I suppose, they have a huge amount of cash).
Welcome to the new consumerism.... Being Thrifty, having savings, and generally being responsible with your income is bad. The Government does not like it and punishes you with low/no interest on savings and inflation that outpaces that savings, Banks hate it because they would rather you spend spend spend so you need their loans to live above your means so they can not only get interest but maybe you will also over draft on your checking and they can kill you in fees.
Retail shops hate it because they need to sell you increasing amounts of cheaply made poor quality product you must replace every 12-18 months
The economy lives and dies with debt. If everyone started saving and living with in their means tomorrow the national economy would come to a screeching halt and we would have a depression that would make 1929 looks like a boom year
The only exception is mortgage which is usually the only loan people take their entire life. And it’s possible to get it without having a credit score. You’ll need your complete history of employment and addresses and based on that bank can borrow you money. Perhaps car leasing is another loan people might take but that works similar way.
Borrowing money to buy everything seems to be an American fetish (but also present in U.K. which is most America like part of Europe and Asia, not continental Europe though). It always seemed insane to me to have to borrow money from bank to buy a latte or groceries.
The only place I use a credit card is online. So i can pay quickly and worldwide.
 Not actually true, because I find the convenience of the card is worth it - but I understand people taking the opposite position.
It was annoying as even though I setup automated direct debit I simply didn't have peace of mind. I don't trust HSBC systems to be bug free and a bug in their software which would not process by direct debit is something I'd keep worrying about. Much better not to have this additional subconscious stress.
But if you are in UK or Germany or country like that there is no need for credit card really. Debit cards are ubiquitous and work everywhere (UK banks will give you a proper Visa/MC debit card, not some Mickey Mouse debit card which only works in ATMs).
There's no need, indeed. But as I said, a month's grace on paying for everything and free plane tickets every so often.
The fallacy of needing to use debt for day to day living is ruining people.
For instance, you did not refer to yourself as "we".
I'm not the same person I was when I was 30 years younger, and I'm not the same person here that I am in person. Those differences are differences in Identity. It doesn't matter if you want to call the 'different facets', because the only thing that matters is that they are distinguishable, and thus not the same identities. Your understanding of Retra is as much an understanding of me as it is an understanding of 2-year-old me.
And “an ideal solution”. How long until we have semantic awareness in autocorrect?
The GOP would never let it happen because it would make it too difficult to suppress black and poor voters by making registration unnecessary.
The purpose of voter ID laws is to suppress voting by poor people, especially African Americans, who lack ID because they do not drive, or have a difficult time meeting the standard of proof for getting an ID, or have difficulty going to the one DMV that supports their geography an hit away without a car. It’s the most recent of techniques used to suppress voting since the poll taxing and literacy tests of the reconstruction era.
Unfortunately my comment wasn’t well-received, but that doesn’t take away from the reality. A federal ID, unencumbered by the bullshittery imposed in many states, would be opposed bitterly.
I would prefer a smart token/card with a PIN on it.
And the government should not do anything stupid like try to put a GPS on it "for security purposes", which even if it was technically a good feature for that and not just another backdoor through which intelligence agencies can spy on everyone, it would kill the whole idea immediately.
What do you think is inside the token?