Epinions.com 
Join Epinions | Help | Sign In   

HomeMember CenterWriter's Corner: General Non-Fiction

Read Advice   Write an essay on this topic. 

Proposal to Reduce Identity Theft with Personal Identification Numbers

Aug 08 '03 (Updated Aug 12 '03)

The Bottom Line The three credit bureaus should allow individuals to protect against fraudulent credit applications through the use of PINs

Proposal to Reduce Identity Theft with Personal Identification Numbers
By Mark Peters
August 8, 2003

Abstract
This paper proposes a simple solution for stopping identity theft by allowing consumers to request and provide a single-use personal identification number (PIN) every time they authorize credit to be extended in their name. Creditors who did not provide the assigned single-use PIN at the time credit was extended will be barred from reporting any credit events on the consumer’s credit report. This should greatly minimize damage done when a Social Security number (SSN) is compromised and misused, because the credit report will remain untarnished and legitimate credit applications will be continue to be permitted.

The Problem
The main problem is that creditors extend credit with only a cursory validation that the person requesting credit is truly who he or she purports to be.

The Federal Trade Commission reports that there were 162,000 actual identity theft cases reported to them in 2002, and this is thought by many market research firms to be a fraction of the actual number of cases. Testimony for HR 4311 indicates that there were over 500,000 actual cases per year in 1999 and that each case cost the consumer an average of $17,000 to resolve.

SSNs were not originally intended to be used for the breadth or purposes seen today. SSNs are used for medical insurance, blood donations, driver’s license applications, loan and credit applications, a variety of required college entrance forms, tax filings, and numerous other uses.

The SSN is treated by creditors as some secret that, once provided, provides the identity thief access to the remaining viable credit of the victim. However, there are hundreds of people who have seen the SSN of an individual during his or her lifetime. Additionally, there are people who have access to systems which will look up someone’s SSN in government and in credit departments of private corporations. Given all of this, it is clear that an SSN can hardly be considered a secret..


A Simple Solution
I propose that consumers should be allowed to request a secret personal identification number (a master PIN). When that consumer applies for credit, he or she uses the master PIN to call an automated system to get a single-use PIN for a particular credit application. The creditor may only use the single-use PIN for the purpose of requesting a credit report and reporting credit events directly related to the subject credit application. Subsequent credit applications would require a new single-use PIN. The only time the consumer uses the single-use PIN is during the initial credit application.

The consumer may optionally choose to restrict the use of the single-use PIN. For example, the consumer might specify that the single-use PIN is to be used for a general credit card, store credit card, car loan, or mortgage as well as provide the maximum credit limit or loan amount. The consumer may also specify an expiration date by which time the credit report must be requested for said purpose. Additionally, the consumer might provide the phone number of the creditor to keep the single-use PIN from being used by an unauthorized creditor.

The master PIN & single-use PIN scheme is not new. It is currently being used by companies for employment verification when applying for mortgages, etc.

Implementation
The solution may be simple, but the challenge is going to be in making the scheme work and motivating the right parties.

The Players

• Consumers are the ones getting shafted. They are clearly fed up with the broken system which provides a fertile breeding ground for identity theft. Those who want more protection can opt-in to this scheme. Those who don’t will opt-out by default.

• Credit Bureaus currently collaborate to centralize the consumer opt-out requests. In the U.S., there are three main credit bureaus. This scheme would be centralized in the same manner as it would be too burdensome for consumers to manage multiple master PINs. These bureaus want to minimize operating expenses, so motivation will likely take the form of FTC or legislative mandates or by consumers paying for this service. A de-motivator for bureaus to implement this proposal is that they make money by selling credit reports and credit change notification services and this proposal might decrease the need for those services.

• Creditors use credit reports to determine whether or not to grant credit. They wield the power of ruining a consumer’s credit report, even in cases where the consumer did not authorize the credit. Creditors will be motivated by losing the right to post credit reports if the consumer’s credit record required single-use PINs at the time the credit application was filed.

Logistics
To apply this technique to identity theft prevention, every time new credit is being established where a consumer requires a single-use PIN, the applicant must request and provide an appropriate single-use PIN. To request a single-use PIN, the applicant calls the central authority and provides the master PIN. The applicant provides the single-use PIN in the credit application. The creditor provides the single-use PIN to its credit bureau when requesting the credit record and when reporting credit events. The credit bureau verifies each single-use PIN with the central authority.

To request the master PIN, the applicant could follow a process similar to the permanent opt-out process used today. The applicant calls the central authority run jointly by the credit bureaus and provides detailed identifying information. The central authority mails a numbered, but otherwise blank form with no identifying information to the applicant. The applicant again provides identifying information on the form as well as the first two digits of the master PIN. A response is mailed to the applicant with the the remaining digits in the master PIN. One week later, a letter is mailed to the recent addresses on file indicating that the process is complete (but not providing any sensitive information). There are a number of variations to this process which would minimize risk. For example, the central authority could establish kiosks in metropolitan areas which require a photograph or thumbprint to secure the request. The master PIN could be issued immediately in these cases to prevent interception during mailing. Additionally, there could be a delay in activating the master PIN until adequate time has elapsed for someone to repudiate the issuance of the master PIN once they receive the confirmation letter.

If the master PIN is reported lost or compromised by someone who can withstand an identification challenge, the credit record is frozen for new credit and the master PIN assignment process is repeated, preferably in a manner dictated by the consumer during the original request. Options include:
• Participation of notary public with the form mailed to the central authority.
• Calling into the central authority and providing additional authentication factors, such as:
••• Providing recent mortgage and loan payments
••• Originating the call from a known home or work number (using caller ID)
••• Providing other secret pre-arranged information

In addition, all recent creditors are notified of the potential breach.

Laws should be enacted imposing liability for creditors who fail to obtain a required single-use PIN when issuing a new credit line and for threatening a negative credit report when a single-use PIN was required. One form of liability is to disallow any claims against debtors by creditors if a PIN was not obtained for credit lines or loans where a credit check was performed. Furthermore, fines in this situation could be used for restitution of time and other expenses incurred by identity theft victims.

Funding
Since the current process is clearly broken, I believe that the operation of this scheme should be funded by the bureaus through existing fees charged to creditors when requesting credit.

However, an alternative to this could be accomplished via user fees. These fees should be capped by law. A consumer might pay $10 or $20 for 10 years of master PIN service. Resetting of a lost or compromised master PIN could carry a fee of $20. The central authority would be responsible for mailing renewal notices in a timely manner to known recent addresses to prevent lapse of this protection.


The Bottom Line
Until some more comprehensive technological solution is in place, this simple solution should vastly improve the pitiful lack of protection for hundreds of millions of Americans who are at risk for identity theft.


Links to other resources can be found at http://www.thepeters.org/IdTheftPrevention.htm

Comments on this Review
 Read all comments (9)
 Write your own comment
Epinions.com ID:
chposter
Location: Chapel Hill, NC, USA
Reviews written: 23
Trusted by: 3 members
About Me:
Discriminating hypershopper. I buy the best products and return the ones I don't love.


Help | Member Center | Message Boards | Site Rules | User Agreement | Privacy Policy | Site Index | Topic Index  
About Epinions | Careers | Contact Epinions | Advertising  

Epinions | Shopping.com | Rent.com | Free Classifieds | Price Comparison UK

Shopping.com Network © 1999-2009 Shopping.com, Inc. Trademark Notice

Epinions.com periodically updates pricing and product information from third-party sources,
so some information may be slightly out-of-date. You should confirm all information before relying on it.