Equifax Data Breach Threatens Security and Credibility of US Consumers, The Credit Rating System, and The US Financial System
Hurricanes Harvey, Irma, and Jose have grabbed the attention of the Western world due to the massive destruction they have caused, yet the most devastating disaster unfolding could actually be “Hurricane Equifax.” Hackers may well have stolen the key credentials needed to prove a person’s identity and establish credentials for nearly half of the consumers in the world’s largest economy. Up to 143 million or more US consumers have likely had their most basic credentials stolen from the credit reporting bureau Equifax.
While Equifax emphasizes there was no unauthorized access to its Core Consumer or Commercial Reporting databases, hackers did acquire the main ingredients needed to commit mass identity theft. With social security numbers, birth dates, addresses, and driver’s license numbers exposed, assurances made by Equifax are irrelevant. If the Equifax breach turns out to be a worse-cause-scenario, Equifax is ruined. US Consumers have just lost their ability to easily prove their identities and dispute fraudulent spending done in their name. The US financial system faces an unprecedented threat to its security and credibility.
In the wake of the data breach, Equifax has decided to offer all US consumers their Identity Theft Protection or Consumes Credit Monitoring services at no charge for one whole year. Unfortunately for consumers affected this breach, their identities have been compromised for a lifetime. To boot, there is little meaningful recourse for consumers outside of disputing fraudulent activity. As nearly half of the US is affected the breach, the sheer volume will likely overwhelm the capacity to police and repair the damage done by fraudulent activity, which undermines the credibility of the entire US financial system.
Equifax is one of the three credit reporting agencies, along with Experian and TransUnion, that collect, track, and report on the credit worthiness of US consumers. Most Americans cannot even buy car insurance or get a job without reports from these three data houses. Equifax was created in 1899 at a time when little information was available about consumers and their spending habits. As a data collection company, which it now calls itself a global information solutions company, Equifax offered lenders and other businesses insights into the financial behavior and, thus, creditworthiness of consumers, which helped mitigate the risk of extending credit.
The advent of the Information Age, which made data the greatest source of wealth and power, should have secured the value of Equifax. Faced with a diverse array of competition from data-driven tech firms capable of collecting and, hopefully, securing massive amounts of data, along with its failure to secure data and offer consumers straightforward ways to correct errors in its faulted reporting, Equifax and its contemporaries have not adapted to their changing environment. The financial sector and other traditional business may continue to rely on the three credit reporting bureaus, but the uniqueness and credibility of their products have been compromised.
When Equifax could simply be a data gathering company, it was one of three kings. As the data it provided became more available, it had to offer advanced analytic services to stay relevant. Today, these kings of the past must be tech firms capable of collecting massive amounts of near-real time data, securing that data, analyzing that data, and using that data to credential the consumers it describes. The Equifax breach demonstrates they are not up to the task. For Equifax, Experian, and TransUnion, credibility is, ultimately, their only asset. The Equifax breach, because it was so massive, means the data provided by Equifax has lost most of its value.
The data gathered, stored, and sold by the three credit reporting bureaus can longer be used to verify a person’s identity or creditworthiness. The details of a person’s financial history may still be secure and telling of a responsible history, but the credentials used to access financial products based on that detail and history cannot be trusted. For US consumers and the US financial system, there is a far greater problem. The credit reporting emerged as powerful players in US economy, because they solved a fundamental problem. They offered the insights financial institutions needed to guide their lending practices and mitigate risk. Their failures and potential fall means there is a vacuum.
For the consumers, the ability to prove one’s identity and creditworthiness is an increasingly troublesome task. When it comes to establishing a Google or Paypal account, it can be difficult enough to prove one’s identity. A forgotten Google password or hacked account can be a catastrophe. When it comes to finances, the situation is even worse. In many respects, the credit reporting bureaus were the Google accounts of the financial system. Just as a Google accounts can be used by users to link and secure their other online accounts, Equifax, Experian, and TransUnion allowed financial institutions to universally verify the identities of consumers and consumers to access the products of financial institutions.
Instead of centralized credit bureaus, the financial sector must increasingly rely on each other and tech firms to secure their consumer data and the US financial system. Credit card companies and banks are now more credible and valuable sources of consumer data than outdated credit reporting bureaus. Not only do credit card companies record the transactions of all their customers and pay the price when they fail to secure the data of consumers, they also issue reliable credentials in the form of account and credit card numbers as well as usernames and passwords. Banks must, therefore, rely on their own interactions with consumers to determine creditworthiness, which may mean higher rates and/or greater difficulty accessing affordable credit.
Social security numbers were issued to help every US citizen access the Social Security system from their first job to their retirement. Although social security numbers are issued in secrecy, they offer no inherent security. Because the US has come to rely on social numbers to identify and prove the identity of consumers, there is a problem, especially now that US Social Security numbers can be linked to names and birth dates. There are no back up credentials to widely distinguish between actual people and fraudulent uses of real identities. As such government and the private sector need to find a solution to quickly, easily, accurately, and securely recredential US citizens as soon as possible.
Read old posts