How Congress can pro­tect you from credit bureaus

USA TODAY International Edition - - OPINION -

Banks and re­tail­ers have real money at stake when a data breach al­lows crim­i­nals to get at cus­tomers’ credit card data. Un­der fed­eral law and credit card poli­cies, cus­tomers have zero li­a­bil­ity for fraud­u­lent charges. In­stead, banks and re­tail­ers are on the hook for losses.

But credit bureaus, such as Equifax, aren’t re­quired to re­pay con­sumers for losses when pre­cious per­sonal data — such as So­cial Se­cu­rity num­bers and birth dates — are ex­posed. Per­haps that’s why se­cu­rity was so lax at Equifax, where a mas­sive breach dis­cov­ered this sum­mer gave hack­ers ac­cess to the data of nearly 60% of Amer­i­can adults.

Bad enough when bureaus are cav­a­lier about pro­tect­ing data, the in­dus­try has also op­posed the best tool to pro­tect against fraud af­ter data are ex­posed: a credit freeze, which pre­vents the open­ing of ac­counts or loans in your name with­out your per­mis­sion.

In the mid-2000s, as state leg­is­la­tors pushed to cre­ate this tool, an in­dus­try lob­by­ist trav­eled the coun­try fight­ing these mea­sures. The Con­sumer Data In­dus­try As­so­ci­a­tion lost the war, and freezes are now avail­able in ev­ery state. But the lobby won an im­por­tant bat­tle: Con­sumers must pay for freezes in all but seven states.

It’s easy to see why credit bureaus dis­like freezes: They lose money when they are pre­vented from sell­ing your in­for­ma­tion. Freez­ing and un­freez­ing should be free. And in the wake of the Equifax breach, sev­eral Se­nate and House Democrats have in­tro­duced a mea­sure to do just that.

Even more ur­gent is fed­eral ac­tion to pre­vent breaches in the first place. In con­gres­sional hear­ings last week, for­mer Equifax CEO Richard Smith ac­knowl­edged that the per­sonal data that were breached weren’t even en­crypted. Rep. Greg Walden, ROre., said, “I don’t think we can pass a law that … fixes stupid.”

But Congress can do plenty to make it dam­ag­ing and ex­pen­sive for credit bureaus to act so stupidly. Among the best ways:

uStrengthen fed­eral stan­dards to pro­tect data and give the out­gunned Fed­eral Trade Com­mis­sion the au­thor­ity and man­power to en­force them. Bet­ter yet, get tech-savvy com­pa­nies that deal with credit bureaus in­volved in creat­ing min­i­mum stan­dards to se­cure data.

uSet uni­form dis­clo­sure rules, man­dat­ing short dead­lines to dis­close breaches, writ­ten no­ti­fi­ca­tion to con­sumers and a process in which state and fed­eral agen­cies are no­ti­fied. Rules now vary among states and are of­ten loose.

uIm­pose large fines for breaches. Be­cause com­pa­nies have no money at stake for re­im­burs­ing con­sumers, there’s lit­tle in­cen­tive to spend to se­cure data.

It’s un­con­scionable that the fed­eral govern­ment has failed to get more in­volved in pro­tect­ing pri­vate in­for­ma­tion. The ex­ec­u­tive branch’s own data have been breached all too fre­quently. It’s time for Wash­ing­ton to step up and pro­vide ex­per­tise, in­cen­tives and laws to pre­vent these crimes.

None of the ma­jor credit bureaus — not Equifax, Ex­pe­rian or Tran­sUnion — would have a busi­ness if it weren’t for the data they vac­uum up with­out per­mis­sion from con­sumers or pay­ment to them. If credit bureaus are go­ing to use these data as a profit cen­ter, the least the bureaus can do is en­sure that con­sumers aren’t left vul­ner­a­ble to thieves.


Ex-CEO Richard Smith tes­ti­fies last Wed­nes­day.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.