-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<!-- 2009-02-02 -->Credit bureaus and credit card companies have direct control over the risk of identity theft. They control the systems for granting and rescinding credit, including fundamental mediums for communication and related security features. Oddly, that doesn't stop them from trying to profit when things go wrong. Credit companies strongly push their identity theft "protection" services, especially now that identity theft is on the rise. For example, Equifax offers "ID Patrol" and Discover offers "Identity Theft Protection." These services appear to be effectively glorified credit monitoring services offered at $10-20 a month.

<a href="http://philosecurity.org/wp-content/uploads/2009/02/twogangstas.jpg"><img class="left size-medium" title="The Perils of Superman - Gangsters running a protection racket" src="http://philosecurity.org/wp-content/uploads/2009/02/twogangstas-261x300.jpg" alt="The Perils of Superman - Gangsters running a protection racket" width="174" height="200" /></a>Sounds like a protection racket to me. "<a href="http://en.wikipedia.org/wiki/Protection_racket">A protection racket is an extortion scheme</a> whereby a powerful entity or individual coerces other less powerful entities or individuals to pay protection money which allegedly serves to purchase protection services against various external threats. Those who do not buy into the protection plan are often targeted by criminals..." <em>(Wikipedia)</em>
<br>
Equifax's scare tactics include: "<a href="http://www.equifax.com/newsletter_archive/jul2008/"><em>Don't become a statistic.</a> Every year, millions of people fall victim to identity theft.</em>"  Experian writes, "<a href="http://www.experian.com/whitepapers/precise_id_whitepaper.pdf"><em>Specialized criminal gangs</a> increasingly work outside of the United States to gain access to account information. They then perpetrate crimes online...</em>" Discover advertises "<a href="http://www.discovercard.com/protection-solutions/identity-theft.html"><em>Identity theft occurs every 79 seconds</a> and affected 8.4 million people last year.</em>"

Funny-- at the same time, the Big Three lobbyists have been trying to convince Washington that "<a href="http://www.usatoday.com/money/perfi/credit/2007-06-25-credit-freeze-usat_N.htm">identity theft isn't as big a threat as people think.</a>" Represented by the Consumer Data Industry Association (CDIA), these very same companies lobbied intensely against laws "empowering consumers to freeze access to their credit histories to prevent identity theft."  <em>(USA Today, 2007)</em> Credit companies also routinely sell consumers' financial and contact information, subjecting people to solicitations including bait-and-switch loan swindles or identity theft scams. 

Credit bureaus have fought against widespread use of fraud alerts and similar techniques which require that they proactively verify consumer identities before, say, new accounts are opened in consumers' names. Last year Experian sued identity theft protection firm, LifeLock, for activating fraud alerts on behalf of hundreds of thousands of clients. Experian "claimed that alerts should be entered only when people have already been victimized by identity theft or have legitimate reasons to believe that they are at <a href="http://www.networkworld.com/news/2008/022108-credit-reporting-firm-sues-lifelock.html?page=1">imminent risk.</a>" <em>(Network World, 2008.)</em>  I've heard that "<em>identity theft occurs every 79 seconds</em>." Does that count?

Having put himself through MIT on a credit card, <a href="http://www.infinitydayweekend.com/">Blake Brasher, author of "Infinity Day Weekend,"</a> knows more than anyone I've ever met about how to wrangle with the credit industry. The <a href="http://www.infinitydayweekend.com/about/">roboticist-turned-painter</a> writes, "I had an obnoxious encounter with Discover card a month ago.  I called to negotiate a special APR and they tried to get me to sign up for their identity theft protection service. The guy wouldn't take no for an answer, and very nearly tricked me into signing up.

"I finally said, 'Actually, I want to close this account. You've convinced me that using this card is not safe and to protect myself from identity theft I want to close the account.' So he transferred me to someone in the accounts department. 

"The woman who answered... explained to me that actually, my Discover card account has built in, free fraud protection, and that if someone tried to commit a fraud with my account I would not be liable at all. They scare you into thinking you need this extra service, but if they scare you too much and you threaten to close your account to keep it safe they go ahead and let you know that you don't actually need it."

There are obvious steps that credit companies could take which really would reduce the risk of identity theft-- such as taking further measures to verify identity, reducing sales of personal data, using PINs, etc. However, credit companies won't support measures which reduce their own profits.  "Identity theft could be made as obsolete a crime as cattle rustling or high-seas piracy," reported MONEY Magazine several years ago. "...[It's] now possible to request a freeze on your credit report, stopping anyone from granting new credit without your approval. <a href="http://money.cnn.com/2005/06/07/pf/security_stoptheft_0507/index.htm">Why isn't this brutally simple and effective solution more widespread?</a> Simply put, it disrupts the free flow of credit information on which consumer lenders and data sellers depend."
 
When credit companies play both sides of the game, there are reduced incentives for them to build secure systems. Rather, they have found a way to profit from crime. By fighting consumer protection measures and selling personal data, credit companies increase consumers' risk of identity theft. As long as credit companies can scare enough people into paying them for "protection," they can actually make money from the results of their own recklessness-- thus passing the costs of identity theft on to consumers or merchants, and reducing or even eliminating financial incentives for genuine, systematic improvements.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.2)

iEYEARECAAYFAkmG5Q0ACgkQSAUOoW73R4wD+gCfXxe8FDo+xJrGSkMNyiattgNu
dVMAn3mUzNnIbuP/UNFkzSmn5MR5VPSZ
=OmRt
-----END PGP SIGNATURE-----