Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why do we allow Equifax, Transunion, and Experian to exist?
53 points by nde on Oct 15, 2022 | hide | past | favorite | 28 comments
On numerous occasions these services have proven to be unreliable stewards of people’s most private data. How come we haven’t tried to disband them?



It's relatively inexpensive for these companies to stay out of regulatory purview, at the cost of a few hundred thousand dollars each election cycle.

https://www.fec.gov/data/receipts/?data_type=processed&contr...


The idea that these companies escape scrutiny because of a $1k donation is truly silly. Think harder about this.

The $1k is just an understanding that says "we provide a somewhat unsavory but necessary service to the country (with pretty shitty service to boot) -- it might not be hard for you to kill us (we're not popular and could easily be scapegoated for any number of crimes) but unless you replace us with something better in the process you will risk creating chaos and then voters will toss you out".


The actual money used by the corporate entity Equifax toward election campaigning is unknowable thanks to Citizens United - for example, Equifax could independently fund as many attack ads against as many political candidates as it would like, without reporting any of that spending to the FEC, as long as it does not coordinate with candidate committees.

Even if we assume there is no additional benefit to a candidate aside from the $1k contribution on paper, keep in mind most of this comes from Equifax employees with individual contribution limits - note that the CEO and every VP/high exec contribute the maximum $2700/$5000 limit each cycle.

https://www.fec.gov/data/receipts/?cycle=2018&data_type=proc...


Because in lending you need to rely on a data source to provide information about repayment behaviour, sanctions, fraud flags, outstanding loan volumes, historical loan volumes, etc in a neutral, reliable, verified, and consistent manner.

While in theory it's possible to calculate a credit score, the complexity of the reports these companies provide go much deeper.

Further, these companies operate across jurisdictions allowing for cross-border activities and economies of scale for MNC's.


Although you answered the question, and you answered it correctly by stating the obvious, it reminds me that this sort of answer is no longer appreciated by large segments of the population because it lacks "empathy".

What a strange world we live in. And it happened so quickly.


My answer doesn't lack empathy but is based on years of work experience. If you are lending money to people you don't want empathy or subjectivity you want to make sure that the person can repay the money. And that is not only to protect the lender but also to protect the borrower[1]

[1] https://asic.gov.au/about-asic/news-centre/find-a-media-rele...


I was agreeing with you, but I was probably being too sarcastic.


Pretty sure credit and loans existed before credit scores. In the 30s and 40s for example. The relationship was built on 1:1 trust, not all historical things you've done.

Imagine a dating network where you could see how every ex rated someone, nobody would sign on for that, yet this is exactly what a credit reporting agency is.


No it isn't. Lending is next to Prostitution one of the industries that exists for the longest time in some cases 5000 BC [1]

Trust relationships are mostly subjective and do not scale well to individuals that do not have established networks. You can compare that to modern Venture Capital businesses where it is incredibly hard to even get a pitch if you are not well connected.

You might have heard the story of Adam Neumann raising 300M for his new PropTech business. Why would he get this amount of money? Because (1) he has shown that he can build businesses that generate revenue in the Billions (2) he is connected to the right people worldwide allowing him to raise funds and attract talent with ease. That places him in the 0.0001% of entrepreneurs.

And that is what modern credit bureaus deliver as a SaaS product. An easy way to understand if people can repay a loan (execute), run a profitable business, and are trustworthy.

[1] https://en.wikipedia.org/wiki/Usury


CRAs maintain consumer credit scores which support consumer borrowing and lending - a large part of the US financial system. Experian could have (and perhaps should have) been disbanded after their data breach, but if you disband the category, who or what replaces it to track consumer creditworthiness?

Beyond credit scores, there's been a proliferation of "Know Your Customer" (KYC) requirements to reduce fraud and money laundering. The most common form of KYC is called "Knowledge Based Authentication" (KBA). This is when they ask you a series of multiple choice questions about previous addresses, schools, and employers. You usually have to get 4 out of 5 right to "pass". I paid cash for a new car from a Jeep dealership - before they'd complete the transaction, I had to pass KBA from Experian. I believe it was a state law that imposed the requirement.

I don't think it's practical to argue for the extinction of CRAs as a category. I do think it's practical to give consumers more control over their data - what is stored and where it goes. I've been tinkering on solutions for this, as have quite a few others in the data privacy community as well.


I think the existence of KBA is kind of an anti-pattern compared to Estonia-style identity. If we respected our privacy and never let data brokers collect all that information in the first place then KBA would never have been invented.


I did find it odd that the dealership couldn't accept my state-issued ID for ID validation. Maybe there's some regulatory capture at work there. Even if state-issued ID docs were accepted, that would solve for KYC but not for credit scoring.


I understand why they exist, but they should be opt-in in my opinion.

example #1 : a teenager starting his first job should not have his data shared by default (it is useless for him and increase(I think) the risk that his identity gets stolen)

example #2 : when you go to a lender, he could say, yeah, we check with equifax, maybe you want to opt-in with them.

The fact that they are unavoidable are the problem in my opinion. It creates a kind of monopoly. If it was opt-in, maybe we would see more alternatives companies offering the same kind of service with better security and customer service.

P.S : There is an error in my file and I never bother to fix it, I never lived there, it is clearly a fraud attempt and this is their error, not mine to fix.

P.P.S : not an expert on the topic and maybe I am missing out on important details


Technically they are opt in. If you pay for everything in cash you won't have much data for them to use against you.


incredible as it may seem to say, data security is a secondary concern vs the very concept of these businesses, which exercise enormous and often malign influence over the lives of citizens. Take together, the are in effect a privatised 'social credit' system which can stop you from getting a home, a car, a job, any kind of insurance, effectively cutting you off from healthcare and the rest. They are instruments of oppression, their private status providing US Gov moral cover and the permission to still claim 'land of the free'


First, Why they exist:

Banks share data with these services, so that all banks can mitigate risk.

Effectively, with all the banks providing information about their customers they can determine “future credit worthiness”.

It’s gone a bit further now and merchants can report you not paying and banks encourage every more data collection.

Banks that didn’t / don’t do this kinda of background check are actually breaking the law (KYC - “know your customer” - at least since 9/11, possibly before). As you could be providing funds to a terrorist (and that’s highly illegal).

To summarize, through regulation the government has strongly encouraged if not outright required these firms to exist.

To answer they question why haven’t disbanded them, well we don’t have the means to. Banks fund / elect politicians and if you step out of line (as kanye west did recently), they’ll debank and “cancel” you. Some politicians will push back on this; but it is rare and most have independent support (base, external large donor, ete)


These behemoths are a major vertebrae in the backbone of the US economy. Without Equifax, Transunion, Experian and Dun & Bradstreet a huge portion of economic activity would come to a grinding halt. The vast majority of sales of housing, cars, computers, phones, hot tubs, etc. are all reliant on on-demand credit scoring. We have made serious strides in regulating them, but disbanding them would be a financial disaster. Regulation has actually made the problem a bit worse since it has essentially turned the credit reporting industry into an oligopoly, further centralizing consumer data collection so attackers only have to hit a single target to get almost everything.


To get an overview of these (toxic IMHO) companies, I strongly recommend this episode of Last Week Tonight:

https://m.youtube.com/watch?v=wqn3gR1WTcA


It’s actually quite amazing that we got the Fair Credit Reporting Act. It has real teeth. The only similar thing in the last 15 years was Dodd Frank and the CFPB. Something like the FCRA for privacy would be amazing.


The idea of government doing this is laughable.

Not on principle, but on reality. They’d be slow to get started, and change would take forever (short of legislation).

These companies exist to serve legitimate needs in the various industries they serve (as yuck as that statement may be) and have hundreds of years of experience judging people.

Yeah it sucks, but what’s the solution? Rely on people’s “feelings” about other people?

You’d bring back community bank managers in a heartbeat if you did that!


I think something like the FICO system is probably necessary in an economy that runs on unsecured credit. If the government ran it they'd just outsource it to the same kind of contractors who built the original broken healhcare.gov and the result would be even worse than what we have now.

The rest of it like WorkNumber and TLO is really bad but it's exactly what you get in a neoliberal economy with very little privacy protection.


I prefer the alternative: let's put an end to misusing these "most private data". Stop using them as secret keys that you should never share with anyone (except that you are also routinely asked to share your SSN on paper, over fax, through random company portals, and if it ever gets leaked it's your problem.

Let's stop using identification keys as authorization keys.


What do you replace them with? Lots of businesses depend on them.

How much does anyone care? Most people freely give much more intimate information to other companies.

How much will those billion dollar companies spend to survive?


The same credit reporting agencies exist for corporations, too: S&P Global ratings and Moody’s


There's also Fitch and at least one other that escapes me. Barra, maybe? More if you go international.

They also rate governments for municipals to countries.

I used to deal with issuer ratings quite extensively several jobs ago. Been away from it for about a decade, though.


That and many important domains are prone to revolving door between them and the public sector.

Or just money


while not ideal, at least they operate credit score databases instead of debtors prisons.


It's not your data. It's the Banks data about you.

Do you have private notes about people you've met? Same thing happens with banks. Banks keep notes on how much you repay loans, how many loans you have, etc. Etc.

And the fact is, this data is very reliable. Prime Mortgages are paid back reliably. Subprime mortgages are not.

--------

If you are on the other side of the trade: deciding on which MBS to buy to secure your retirement income off of, you will be relying upon these statistics to keep your money safe.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: