Thursday, July 17, 2008

Thy Brother's Keeper (And Thy Bank's, Too)

originally published in the Hartford Advocate September 27, 2007

Thy Brother's Keeper (And Thy Bank's, Too)

Protecting the assets of wealthy lending institutions is your personal responsibility. Seriously.

By Jennifer Abel

Here's how the five stages of grief play out when you learn that your lucky self is at risk of identity theft because you're one of the 106,000 taxpayers whose names and social security numbers were on the laptop stolen from the Department of Revenue Services last month:

Denial: I don't believe this!
Anger: Dang government, always making innocent people miserable.
Bargaining: I'd give anything for competent leadership.
Depression: Yeah, right, that'll happen (sniffle).
Acceptance: I can't afford to move to Amsterdam.

Once you complete the final phase you can start taking steps to regain control of your destiny, by contacting either Equifax, TransUnion or Experian, the three credit-reporting agencies listed on the DRS letter, and telling it to put a credit alert on your accounts. Whichever agency you call is legally obligated to contact the other two on your behalf.

What's the benefit of a credit alert? According to a Sept. 14 press release from Attorney General Richard Blumenthal (who did not return our calls for this story), "Credit alerts require companies to make a good faith effort to verify the identity of anyone seeking credit or a loan. Alerts must be renewed every 90 days."

Envy me, reader, for the security that's temporarily mine: over the next three months minus the time it takes for this to get to print and thence to you, if anyone contacts the Gigantobank Corporation to say "Hi, I'm Jennifer and I'd like to take out several thousand dollars in high-interest, unsecured credit-card debt," Gigantobank has to make a good-faith effort to ensure it's actually me before burdening my credit record with a legal responsibility to pay them back this money.

This is a special privilege, not a default setting. After I activated it for myself by calling the first company listed on my DRS form letter, I made a few more phone calls in hopes of learning why anyone need bother with credit alerts anyway.


"Protect yourself from identity theft." That phrase, in quotation marks, yielded 141,000 hits in an online search. Take the quotes away and it's nearly two million. Who in America hasn't heard it at least that many times? It's a bona fide part of the zeitgeist. Yet the assumption behind it is false.

The classic identity theft scam works something like this: the thief manages to convince Gigantobank he's actually you, and borrows money in your name. It will be a very annoying and time-consuming process for you to straighten out the mess, but at least you're not liable for the money Gigantobank lost.

Read that last sentence again: it's not your money you're protecting. So how did it become your responsibility (or mine) to protect the assets of wealthy corporations which, in most cases, we've never even done a lick of business with?

The folks I spoke to said that expecting financial companies to make sure it's really you they're lending money to would bring the credit card industry to its knees, which would be an undesirable outcome.

Let's say you've just been informed of the presence of one or more previously unknown credit cards in your name. It's up to you to prove that it's not yours. No "innocent until proven guilty" assumptions apply. Why can't you just tell the company "I never borrowed this money, and if you think I did then prove it?" Why is the onus on you to prove your innocence?

"That's simple," said Jay Foley, executive director of the Identity Theft Resource Center. "The fact that your personal information was used to open the account."

But calling it my "personal" information sounds like a bit of a stretch these days, doesn't it? Given how commonplace identity theft cases and database security breaches are, it seems folly for credit-card companies and the like to continue pretending that on all God's earth, the only person who could possibly know my social security number and date of birth is me. My credit alert requires companies to make a good faith effort to ensure I'm responsible before loaning money in my name. Why isn't that standard practice?

Foley spoke for several paragraphs that boil down to: this would kill the credit industry as we know it. "If it fell to credit card companies to prove the individual opened the account ... if I walked into a Kmart, or a Wal-Mart, or a Sears," he'd no longer be able to apply for and receive on-the-spot credit.

Nessa Feddis, from the American Bankers Association, put it more succinctly. "If consumers were simply allowed to make the statement 'I owe you nothing' and avoid payment, all consumers could simply make the declaration and avoid paying legitimate debts."

Well, all consumers could certainly try that. But the assumption of innocence until guilt is proven hasn't prevented society from imprisoning criminals, most of whom vehemently deny having committed the crime for which they were convicted. It's up to the prosecution to prove guilt. Why isn't that the case with debts incurred via identity theft?

"Criminal transactions are far less frequent and presumably more serious than loan transactions," Feddis said. "Resolving every loan dispute would clog the courts and make loans far more expensive ... the burden of proof in a criminal case is stronger than in a civil case."

Speaking of civil cases, consider this: if a thief steals your identity, you are (at least) not required to pay the actual bills your identity thief rang up. But neither are you entitled to compensation for the dozens of hours you'll spend clearing up the mess. And if you're unfortunate enough to suffer additional financial consequences, like being denied a mortgage or even turned down for a job because of your unjustly low credit score, you can't sue for damages in a civil court. Why not?

"State laws often allow victims to get compensation from criminals," Feddis observed. "Whether the victim is entitled to compensation from others ... is a matter of state law and tort law. It is no different from any other case where someone incurs damages due to someone else's actions."

Oh, but it's very different from such cases. If I, as a private citizen, make an honest mistake that causes you to be rejected for a loan or denied a job, you can sue me for damages in civil court. But if you suffer this same consequence due to the honest mistake of a credit-card company or credit reporting agency, you have no legal recourse at all.

"Unfortunately, that's right," said Jay Foley. "As much as I hate to say that, that's true."