Sunday, August 14, 2005

Credit bureau in Australia blames privacy laws for rise of identity fraud

Dun and Bradstreet, a consumer reporting agency serving clients in Australia, is suggesting that privacy laws are feeding the growth of identity theft. As an example, D&B is saying that more fraudsters are impersonating dead people because the credit agencies are not able to get the information necessary to determine whether a named applicant is actually alive: Privacy laws blamed for identity fraud rise.

UPDATE: I forwarded this article to Dennis Bailey at Open Society Paradox, because I was sure he would have something interesting to say. I was not disappointed: The Open Society Paradox: Privacy to Blame for Identity Theft?.

This particular article really highlights the tensions between privacy and identity. On one hand, I'm sure that most people who are concerned about privacy would not want credit agencies to be directly plugged into the massive government vital statistics databases. At the same time, reasonable people would say that there should be a way for credit grantors to check to make sure that the person asking for credit is who they say they are and that they are in fact not quite dead.

Dennis has always been a proponent of robust identity for a number of reasons, one of which is the issue at hand. If credit agencies take steps to verify the physical person applying is the same person named on the form, using reliable ID, much of the risk of fraud is eliminated. But this will slow down the "instant credit" that consumers are now used to.

In Canada, the only credit facility that really requires ID is getting a mortgage because lawyers are supposed to check ID before registering the mortgage at the registry. Every bit of credit I've ever gotten have relied upon other means of "identification". (To give my bank some credit, I've personally known my banker for years.) If you look at your average credit card application, you'll see the current system relies on the information provided by the applicant to determine identity, which is as unreliable as the data to which it is compared. If the name, address and date of birth on the application match the data at the credit bureau, we have a match! If that database doesn't say person X is dead, then someone with person X's information can pretend to be him and get credit in that name.

It's an important problem that needs to be solved by informed discussion between those in Dennis Bailey's camp and those in the pro-privacy camp. I hope it is solved, sooner rather than later.

No comments: