This is already a big (and largely unaddressed) problem with the big 3 credit CRAs, if you know enough about a person you can very easily request their credit report and get the keys to the kingdom (so-to-speak) - everything you didn't already know.
I mean, I already request credit reports for my husband without issue, for example (with his permission! - he finds it much easier to just ask me to do those things for him rather than doing them himself).
In this case, since email address is part of the report they could only send the report to the email address on file for "security," which would be a big improvement over what the big three CRAs are doing with annualcreditreport.com.
A bank makes a lot of money, but in theory, it's doing an important job which benefits society. That job is independently assessing creditworthiness. Of course, it's hard to assess creditworthiness if you don't know if someone is making a lot of loans at different places. So, there needs to be a system for credit monitoring. But credit monitoring is not credit rating. Credit rating is the one job a bank is supposed to do. Letting someone else do it undermines the whole purposes of the independent financial system. We might as well just dissolve the banks and move to a centralized planned economy if that's what we're doing, so that at least the centralized rating agencies will be democratically controlled.
So, to begin with, CRAs shouldn't exist and undermine the basic purpose of the financial system. On top of that, they are incredibly incompetent and corrupt as seen by the Equifax breach. It was clear in the early 2000s that the old system in which people would present a few pieces of relatively obscure personal identity to open a line of credit was no longer workable because the data was now subject to trivial duplication. Instead of fixing this, the industry created the concept of "identity theft" in order to falsely shift blame onto an unrelated third party.
I "had my identity stolen" a few years ago. The event had nothing to do with me, so all of the language around this is wrong. What actually happened was first a criminal learned some information about me, then Verizon chose to give the criminal a line of credit on a cellphone, then the CRAs reported that I was profligate to anyone who asked. Saying "my identity" was stolen makes it seem like I was somehow a party to any of this. "My identity" is not a property of mine; it is a property of the reliability of the CRAs' data. What actually happened was the CRAs had their data polluted by the combination of a criminal and lax identity checking at Verizon, and then the various guilty parties forced me to do their data cleanup for them.
What should have happened in the mid-00s was that the credit monitoring agencies, created systems where you can prove your identity to a notary public and get some sort of signed certificate gizmo that you can use to get a cellphone or make a car loan. But because the whole US financial system is corrupt, it instead outsourced all of the liability onto consumers.
Agreed. The whole idea of "identity theft" stinks of PR lubrication. Your identity cannot be stolen, but "identity theft" is a clever, cynical sleight of hand that obscures what really happened: credit fraud, specifically fraud that is the responsibility of the party issuing credit and the criminal propagating it.
I agree with this idea in principle, but I am unsure of how it would work in practice.
Say you open a credit card, then try to say it wasn't you..... what would a bank need to do to prove it was you? The things they would provide are already the things they have... your signature, your information, etc. What EXTRA bit would they start collecting that would prevent fraud?
Currently, banks ARE on the hook for fraud.... if you dispute fraudulent credit opened on your behalf, they have to eat the cost.
I don't quite see what the difference would be in this alternative world... currently, someone applies for credit, the credit issuer decides it is legit, and issues the credit. That would still be the same. Say it was fraudulent; the fraudster doesn't pay it off, so the issuer tries to collect... at that point, you say "hey, I didn't open this credit!"
Well, the issuer is going to say "yes you did, here is the information I have saying it was you"... how would that be different in your alternative world? Maybe you would require more verification steps... but what? Picture of you holding a sign saying you signed up for the credit? Video? What could you possibly provide that couldn't be faked for fraud? What could the issuer require?
At this point, things are no different than now. The issuer says it was you, you say it wasn't, and then someone has to arbitrate and decide who was correct.
I guess I just don't see how we can do it better (although I would LOVE to do it better!)
It has been done better in other countries and could be done better in the US if there were political will to do it. There's a whole universe of cryptographically signed certificates that we in the US don't use. The hard part is not signing a cert; it's making sure the certs are given to the correct people and having a procedure for when a cert is lost. Estonia has done this well; Korea has done this poorly. But it's quite doable if you have political will for it.
Does that then make the cert a high value target? How do you get people to protect it and use it properly? If it is stolen, does it actually make it HARDER to prove you didn't open the credit line?
The issuer and arbitrator are, if not the same entity outright, are so far in bed together they should be common-law spouses. Let me explain one of 2 possible outcomes based on socioeconomic factors.
A) you have money to keep a lawyer on it; No problem.
B) you don't have money for a lawyer; Tough shit.
Nothing beyond real unilateral enforcement of the system already in place is required.
> What actually happened was first a criminal learned some information about me, then Verizon chose to give the criminal a line of credit on a cellphone, then the CRAs reported that I was profligate to anyone who asked. Saying "my identity" was stolen makes it seem like I was somehow a party to any of this. "My identity" is not a property of mine; it is a property of the reliability of the CRAs' data. What actually happened was the CRAs had their data polluted by the combination of a criminal and lax identity checking at Verizon, and then the various guilty parties forced me to do their data cleanup for them.
Right -- and really, that should be some class of negligent libel on behalf of the CRAs.
> We might as well just dissolve the banks and move to a centralized planned economy if that's what we're doing, so that at least the centralized rating agencies will be democratically controlled.
In the history of central planned economies, never have they been “democratically controlled.” Despite the name, places like the Democratic Peoples Republic of Where-ever are never democratic nor are they republics.
> because the whole US financial system is corrupt
The link doesn't. The experience you will have if you actually go try to start a bank will. I only provided the link to point you to the entrance of the rabbit hole.
It doesn't. What makes it corrupt is that banks are not in fact strictly regulated, it only appears that way. But there is no way I can prove that to you in an HN comment. I would have to write a book. I can point you to a lot of circumstantial evidence but there is nothing probative in the public record (see below). The only definitive evidence I have of the corruption in the system is my personal experience, some accounts of which I have published on my blog. But if you don't put credence in my conclusion, then you will likely not put credence in my evidence either, because I can't prove any of it. The only way I can prove it is to invite you to undertake the same journey I did. If you do that, I predict you will learn first-hand the same thing I did: the system is corrupt, and whether or not you succeed in penetrating it will ultimately depend entirely on whether you have the right connections and whether they decide that you can be trusted to toe the line on the unwritten rules, the first of which is that you never talk about the unwritten rules to anyone who is not a member of the club.
Note that I never joined the club, so my theory of the unwritten rules is pure speculation. No one ever sat me down and said, "Look, son, this is how it is..." But I did spend ten years of my life on this, and during that time I accumulated a lot of evidence that I have a very hard time explaining in any other way. It eventually led me to a serious existential crisis.
BTW, it's not just the financial system. Academia is corrupt in much the same way, and in that case I did join the club so I can speak to that with some authority. That experience is one of the things that allowed me to recognize what I was seeing in the financial industry. But both academia and finance are centuries-old industries. They have become very skilled at hiding their corruption from prying eyes, and a big part of the strategy is making it appear that anyone who accuses them of corruption is a crackpot. (Which is, of course, exactly what a crackpot would say, and that, too, is part of the strategy. It's a horrible catch-22.)
So you have to decide whether to believe me or not, whether you think I'm a crackpot or not. Before you jump to a conclusion I invite you to look up my record. My life is pretty well documented on the web.
Having joined academia at one point and seen "how the sausage is made," and subsequently left for ethical reasons that I have no way of using to hold anyone to account, I totally understand this comment.
It is so hard to put into words how these systems are corrupt, because these systems create an enculturation / religion around themselves. By the time you see how the entire system works, you are powerless to simplify the mechnications that make that system corrupt (if you even choose to recognize the corruption). You can't "just start an alternative," because the system exists at a local maxima and will crush your alternative or assimilate it into the existing system.
When people are taken advantage of by these secular religions, it is so normal and engrained in the societal fabric that we almost don't have the language to expose the fundamental dishonesty and fraud of these systems. Victims will say that there may be some bad actors at the edges, but on the whole, "this is the way it's supposed to be."
I define it the way the dictionary does: dishonest or fraudulent conduct by those in power in order to advance their own interests over those of others.
Order a Big Mac - does it look like the ad? Probably not. Drink a Cola, does it feel like your life has turned around, probably not. is advertising dishonest - of course, but we all know that and we learned to deal with it. Is advertising corrupt, I would not say that.
Thus for something to be truly corrupt it needs to go beyond a certain level of illegality.
There are plenty of small banks and credit unions out there thus the point that you cannot open a bank is not quite valid. Are some of the rules onerous, probably. Are some of the rules unfair and ridiculous, probably ... does it mean it is corrupt I don't think so.
> The problem is that the rules are not applied evenly and transparently.
Of course not. Never are, again you are not saying much here. Also with the billions of wasted dollars. Of course, but that is a natural consequence of dealing with immense scope - it is going to be very inefficient and stupid. Still a far cry from actual corruption.
I feel that people tossing around the word corruption don't really understand what it means and it is a hyperbole - only undercuts the message.
A bit like the Soup Nazi in Seinfeld - he is not really a nazi in any shape or form - don't even mention real nazis in the same context.
> I feel that people tossing around the word corruption don't really understand what it means
I see. So your position is: I "don't really understand what [corruption] means" -- but you do. And because you possess the true understanding and I don't, nothing in my personal experience can possibly be evidence of corruption because you alone possess the true understanding.
Have I got that right?
> > The problem is that the rules are not applied evenly and transparently.
> Of course not. Never are
This is normalization of deviance. It might be true that the rules are never applied evenly and transparently anywhere and never have been, but it is one thing to posit this as a fact, and quite another to dismiss it as being inevitable (and hence acceptable) by saying, "Of course it's that way." No, it's not "of course." It's corruption, not just because the rules are not applied evenly and transparently, but because this is done by a group of powerful people for their own benefit at the expense of everyone else. Its inevitability is a self-fulfilling prophecy. By accepting it, you have made yourself part of the problem.
You can claim that people tossing around corruption don't understand it... but you in the first place don't understand the scenario OP is even describing (as they're unable to provide details, you couldn't possibly be making an accurate judgment). So it is far fetched for you to confidently claim OP is misusing corruption etc. here.
> Letting someone else do it undermines the whole purposes of the independent financial system.
Even small regional banks have their own internal credit rating algorithms. Credit ratings from CRAs are generally consumed either in aggregates (a buyer on the secondary markets wants a traunch with an average credit rating of X) or by less sophisticated parties such as landlords.
I don't have a business relationship with any CRA. If they have my e-mail it isn't because I gave it to them intentionally. Nor is it guaranteed that they have a valid email that I still control.
I meant the Sift reports, not the big three CRAs. The Sift reports will contain your email address since it's reporting mostly on online services (that require an email address to use)
I wonder what the additional risk is though given that, iirc from the times I've requested credit reports, the amount of info needed to retrieve it is enough to have already stolen my identity. So in that case it seems the additional risk is low.
This problem is much bigger than just the CRAs. The fundamental problem is that the information that is used to authorize transactions (including financial transactions) is not bound to the transactions. It's re-usable. That makes phishing trivial and hence inevitable.
The situation has gotten slightly better recently because of the widespread deployment of chip cards, but these only protect POS transactions. They don't help with e-commerce or non-financial transactions like credit report requests.
I mean, I already request credit reports for my husband without issue, for example (with his permission! - he finds it much easier to just ask me to do those things for him rather than doing them himself).
In this case, since email address is part of the report they could only send the report to the email address on file for "security," which would be a big improvement over what the big three CRAs are doing with annualcreditreport.com.