You need to put the blame where it lies. CRAs simply aggregate data. They aren't the ones that grant credit. If someone opens a CC in your name, it wasn't the CRA that did it. So blame the bank or CC company for not sufficiently verifying identity.
Think about how the process works. A criminal goes online and applies for a CC, using your personal information. The CC company goes to a CRA to check credit worthiness. The CRA says "Sure, mikeash is a responsible person who pays his debts on time". The CC company says "Great!" and hands the criminal an account in your name. It's the CC company that didn't do the due diligence to verify that it was really you.
However, since the Equifax hack and the resulting backlash, the CRAs have started offering much greater consumer control to consumers. Equifax has a free service that allows you to keep your information locked and actually notify you in real time when a request is made, that you can block or allow as you wish. Basically 2FA for credit. If the other CRAs don't have that service, they soon will.
CRAs could insist on positive verification of identity before they tell anyone about my credit history. If they did, they’d fix the problem. Because they don’t, they assis in abuses. Why would I not consider them to share the blame?
I don't say they shouldn't share the blame. But simply telling a bank that you pay your bills on time isn't related to establishing identity. "Does mikeash pay his bills on time?" "Yes, mikeash pays his bills on time" "Good! Let me open this account for John Smith".
You literally said that I need to put the blame where it lies and that it lies with the banks.
A third party I’ve never interacted with gives out my private information without first asking for my permission. This is a crucial step in a common pattern of fraud. If they asked me for permission before they gave out my private info, it would shut down this entire type of fraud. They are fully aware of all of this, and continue with business as usual anyway. How is any of this ok?
> A third party I’ve never interacted with gives out my private information without first asking for my permission.
But they don't give out private information. They don't get anything but some aggregate data about how well you pay your bills. I.E. how many accounts are open, how many have been paid late in the last 30 days, etc.
> If they asked me for permission before they gave out my private info, it would shut down this entire type of fraud.
Everyone is still opted-in by default! The human tragedies will continue at nearly the same pace.
These locks just provide a way to shut up the outlier loudest complainers and a rationale for victim-blaming everyone else. ("You could have locked your credit, you know...") By what right do the CRAs demand individuals consumers' time and protection money?
It is incredibly frustrating to see these feckless, disingenuous half-measures cited as progress. It only confirms to me the futility of collaborating on market-based solutions with market players whose interests would be harmed by meaningful solutions.
I wish it didn't come down to imposing regulations, because regulations truly harm market efficiency. But what choice are we left with?
> I wish it didn't come down to imposing regulations, because regulations truly harm market efficiency. But what choice are we left with?
But that's what we need. But what do our "leaders" think when people rant and rave without showing they even understand the problem?
Citizen: I need you to do something about identity theft!
Lawmaker: Yes, it's clear we need to get some regulation in this space.
C: I'm tired of getting turned down for loans, or having credit cards opened in my name! We need to shut down the CRAs!
L: ... Uh, you know that CRAs don't actually do that? It's your bank or credit card company that opens the account, they're the ones that need to verify identity to make sure that people are who they claim to be...
C: Don't try to defend them! They kept me from buying a car!
L: ... Thank you, citizen. I'll get right on it. Vote Quimby!
In this system, you'd never get credit. You'd apply for a loan or CC, they'd ask you for permission to check with a CRA and share your info, you'd say no, and they'd show you the door.
> Second, they're always wrong and hard to correct. Been there, done that.
No, they're not. Sometimes they're wrong, either because bad info was reported, or there's a problem at the CRA. Sometimes the errors are hard to correct. I've never had any bad information on my reports. That doesn't mean it doesn't happen, any more than you seeing something wrong on your report means they're "always wrong". It just means that no system is perfect.
Think about how the process works. A criminal goes online and applies for a CC, using your personal information. The CC company goes to a CRA to check credit worthiness. The CRA says "Sure, mikeash is a responsible person who pays his debts on time". The CC company says "Great!" and hands the criminal an account in your name. It's the CC company that didn't do the due diligence to verify that it was really you.
However, since the Equifax hack and the resulting backlash, the CRAs have started offering much greater consumer control to consumers. Equifax has a free service that allows you to keep your information locked and actually notify you in real time when a request is made, that you can block or allow as you wish. Basically 2FA for credit. If the other CRAs don't have that service, they soon will.