I read it the same way, but that would have been pretty bad in and of itself. Why should an ID theft prevention service have data on me unless I have a business relationship with them?
And they can sell what they call the "header" of your credit report without regulation (such as the FCRA). This info includes your name, address, ssn and dob. Or at least it did when I bought it in the 90's to build a service to find dead-beat dads. I've heard they are more restrictive on the SSN, but I also would bet that's the #1 data element for the ID thefters.
I don't understand why the U.S. is so opposed to a nationwide ID, and yet obviously need one, and end up treating other documents less suited to the task as one.
Here in Uruguay (and almost everywhere else) we have a national ID number (Cédula de Identidad). It's not supposed to be secret (although it's not a great idea to divulge it freely).
An SSN is quite a good ID in that it should uniquely identify WHO is being discussed but it is a lousy authenticator to prove you ARE the person being discussed. Unfortunately in the US it seems to be regarded as a shared secret (between you, every credit reference agency, significant portions of the government, every bank you use, every employer you have and significant numbers of people working for all those groups) that they then use as authentication. What is needed is a separate authentication process.
Because a new ID number can have security measures.
The ID number in my country has photograph, fingerprints, signature, several security measures (difficult to fake). Not so easy to steal (of course there are forgeries, but identity theft becomes much harder)
Hold on, do you mean an ID number or an ID card? As far as I can tell, the Cédula de Identidad you mention is a card, not just a number. Numbers are pretty much always trivial to duplicate. Checking a physical document kind of requires a face-to-face transaction.
"In 2009, researchers developed an algorithm that could guess an individual’s SSN with up to ten percent accuracy"
"SSNs have become available through data resellers, security breaches at various companies and government agencies, unsuspecting customer service representatives, and even public records, if you know where to look. SSNs can be bought in bulk for $1 each on private online forums, and a specific person’s SSN can reportedly be had for as little as $3.80."
I've also read about duplicates ("More than 20 million Americans have more than one SSN associated with their name."), the numbers running out (in the 2050s apparently), etc.
Some other advantages (from an IT point of view): you can validate an ID number against a central database, and get a person's given names in a unique format. Our ID numbers have a check digit, so you can validate if the ID number has been correctly entered :)
Certainly SSN could be improved by making them harder to guess and adding check digits. Other than that, I don't see how any other number scheme is any better. Ultimately there is some number that is associated with you, and is therefore useful for identity theft. Since it has to be used by people and not just computers it'll have to be relatively short and thus easy to steal.
Multiple identifiers per person is a feature, not a bug. People get new SSNs when they want to change their identity (eg, witness protection programs), or because someone stole their old one. That need doesn't go away just because you have a new numbering system.
If you want to use credit, you have to let lenders collaborate to determine whether they're willing to lend to you, if that's their criteria for making decisions.
If you don't want to use credit, they get no special pass to store and use personal data about you.
I'm from Europe, where generally personal privacy gets more emphasis than it seems to in some places, notably the US. We have explicit laws about collecting and processing personal data, but certain organisations seem to get a free pass for no apparent reason. As this story demonstrates, the risks are still there.
That said, perhaps we shouldn't be too worried. The last time I paid a little real money to get hold of my personal credit report from one of these credit reporting organisations, it was so riddled with obvious errors, including more than a few wildly inaccurate data points, that I was on the phone to them for something like half an hour to get them to correct everything. At that point (I kid you not) the woman on the phone asked if I would be much longer because it was the end of the day and time for her to go home.
I'm convinced that those 'errors' on reports are actually phishing.
When I ordered my reports I paid with postal orders, so as not to leak any financial information back to the agencies. I'm glad I did so, as the details ( other than my mortgage ) were laughably incorrect.
I was on the verge of writing to correct them and then caught myself - that's exactly what they want, isn't it? So hopefully by now they've diverged even further from the truth.
Were they negative elements or just factually incorrect neutral/positive elements? Correct or not, if your credit report is pulled and there is wildly inaccurate (negative) information you can still be declined, and not many people know that you are entitled to a free report if you're declined based on what's in that report.
In my experience, most every place that declines you based on report data will send you a letter saying (in very general terms, but still) what criterion you failed, as well as the information about where to get your report.
Well, sure, that's a description of what they do, but it doesn't explain why they should have access to this information. In a marketplace, perhaps there doesn't really need to be a "why". But the same "why" should apply to Experian as it would to an ID Theft-Prevention service (the hypothetical thing that we were discussing in this comment thread, and the reason I asked this question in the first place).
That is, Experian's longevity and importance makes them more reputable. Their function as a business, certainly, is to collect, analyze, and repackage this data. But these things should not give them a free pass on the "why" question that greenyoda posed, if the question is going to be asked at all.
Experian is one of the big three credit reporting agencies; their databases are used to determine whether you qualify for a loan. They are your credit record...
