Using Credit Bureaus for Identity Theft Prevention

When someone applies for a new credit card, loan, mortgage, cell phone account, or other credit accoount, the credit grantor typically verifies the applicant's creditworthiness with a credit bureau such as Equifax, TransUnion, or Experian. Consumers today have essentially two ways to help prevent identity theft that, in some way, involves their credit files: fraud alerts and security freezes.

A fraud alert is a flag placed on a credit file by a consumer that alerts the credit grantor reviewing the credit file to first contact the consumer whose credit file is being reviewed, in order to verify that the consumer is truly the person applying for the new account.

Security freezes allow consumers to "lock down" their credit files, preventing (almost) anyone from seeing it unless the consumer first "unfreezes" the credit file.

So fraud alerts work by requiring the credit grantor to obtain authorization from the consumer before a new account is opened in the consumer's name, and security freezes work by denying the credit grantor access to the consumer's credit file, thereby discouraging the credit grantor from opening the account. However, fraud alerts may be overlooked by credit grantors, and do not stricly require the credit grantors to call the consumer in all cases. Security freezes are cumbersome to use because they must be set at each of the three credit bureaus, and because they must be lifted each time a user wishes to actually apply for a new credit account, and then refrozen again. The "unfreezing" and "refreezing" processes could take several days, and have an associated cost each time it is done.

We propose an alternative that combines aspects of fraud alerts and security freezes, but that is focused on actions that credit bureaus can take to help prevent identity theft. In this approach, when a credit bureau receives a request for a credit file from a would-be credit grantor, the credit bureau takes steps to help ensure that the person whose credit file is being requested did, in fact, initiate the action resulting in the request for the credit file. In other words, we propose that the credit bureau take steps to ensure that a consumer's credit file is released to a credit grantor only when the credit bureau has assurance that the request for credit was legitimately made by the consumer, and not by an imposter.

From the consumer's point of view, this would offer a number of benefits:

A consumer's credit file would not be provided to a would-be credit grantor as a result of a fraudulent credit application. This is an advantage over the use of fraud alerts, which are only observed by the credit grantor after it has already obtained the credit file.

The ability of a consumer to control access to his/her credit file would be much more efficient and streamlined, as compared to today's security freezes.

Would such a proposal be attractive to the credit bureaus themselves? Today credit bureaus market various services directly to consumers, including credit scores and credit monitoring. A service that allows consumers to easily prevent their credit information from being distributed to credit grantors as a result of a fraudulent credit application would be another "tool" in the arsenal against identity theft and fraud.

We suggest two approaches that credit bureaus could use to implement this approach:

a "Call Me First" service by which the credit bureau would contact a consumer by phone prior to releasing the consumer's credit file. >more

the use of tokens to allow consumers to approve transmittal of their credit file or score from the credit bureau to a credit grantor. >more

Robert Pinheiro Consulting LLC

Using Credit Bureaus for Identity Theft Prevention