Experian Sold Social Security Numbers To ID Theft Service

realized writes "Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info who then offered all of the information online for a price. The website would advertise having '99% to 100% of all USA' in their database on websites frequented by carders. Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud."

Probably a downmod coming but..

WHAT THE FUCK!!!?!!!?

Since you mentioned Experian

These are the same people who offer to counsel you for $15, with a made-up number (even more made up than FICO) with fine print like this: "your Experian Credit Score indicates your relative credit risk level for educational purposes and is not the score used by lenders". Yep, super class act all the way. Even among credit rating scams, er "agencies", they are the worst.

Re:Since you mentioned Experian

[afidel]

They can't use FICO because it's owned by a third party (Fair Isaac), what they CAN do is use a similar algorithm on the data they hold (FICO includes inputs from all 3 major credit bureaus).

Re:Since you mentioned Experian

You have no idea what you're talking about. Indeed, the FICO score is strictly a model from the Fair Isaac Corporation. However, that model is licensed out to the major credit bureaus, and they will indeed provide you a FICO score. However, any FICO score is only as good as the information it's based on. Since all three credit bureaus can happen to have different info on you, you can have a different FICO score with each of them. That's why all the ads you see talk about checking your three FICO scores - the algorithm is the same in all cases, it's just coming up with different results due to different inputs.

Now as to what the GP was saying, Experian has it's own, non-FICO score too, that they'll sell you (in addition to selling you a FICO score, should you pay for that), for a price. That's the "even more made up" number the GP is referring to, which has the name VantageScore. It's not your FICO score, and due to the less licensing and federal regulation surrounding it, costs less. However, the GP is wrong in sticking this with Experian - all three major bureaus jointly use VantageScore.

And lastly, folks pulling credit history that aren't making a direct loan (ex: insurers), usually don't pull a FICO score, since it's expensive, relatively speaking, but will pull yet another number made up by the three bureaus (what it is depends on what you're looking to insure - they have separate scores for auto and homeowner's insurance). All of this has made the FICO score itself much less important than it used to be. It's still the gold standard for big, big ticket items, where a mortgage company has no problem spending the $ to get the FICO score from all three bureaus to insure their hundreds of thousands of lending to you.

Re:Since you mentioned Experian

[ShanghaiBill]

They can't use FICO because it's owned by a third party (Fair Isaac)

Wrong. They can and do give out FICO numbers. They just don't give it out to you, as an individual, when you pay $7 for your "credit score", because they don't want to pay a fee to Fair Isaac. Instead they give you a number that is just meaningless garbage. 99% of the people paying the $7 think they are are going to get their actual FICO score. I fell for this scam myself.

Re:Since you mentioned Experian

That's why Dave Ramsey calls the FICO (or other similar score) the "I Love Debt Score". It has nothing to do with your financial stability, but who banks and credit card organizations should offer continued opportunities to get into debt. My wife recently got her credit score from one of the big three, and one of the reasons her wasn't higher was she DIDN'T HAVE ENOUGH END CREDIT CARDS! Were she/we a slave to that number, it would have encouraged her to get additional credit (or worse, debt) that we don't need that only would have benefited a bank and not us.

Re:Since you mentioned Experian

[atom1c]

Anonymous Coward, nobody cares what Dave Ramsey says. You are both a creditor and a debtor whenever you work or lend or borrow something from anyone. Why work? Because, unless you get paid upfront, you're actually hoping that your employer makes good on your next paycheck. Ever borrow something from a neighbor, classmate, or colleague? Well, that makes you a debtor until you make good by returning the favor.

If you think an arbitrary credit score matters, then how do you react to medical health assessment scores? Or even your annual physical? They are just numbers with limited real-world significance (unless you're living in the wrong world).

Re:Since you mentioned Experian

That's why all the ads you see talk about checking your three FICO scores - the algorithm is the same in all cases, it's just coming up with different results due to different inputs.

The algorithms are not the same. Each CRA uses a slightly different model and not just in name, despite what wikipedia says. Aside from that, they do point out correctly that other scoring enhanced models can be used by lenders, auto-enhanced, credit card enhanced, etc. but many lenders tend to use only the same general FICO scores available for purchase. The bottom line, if you want to see what the lender will see before you apply, find out what they recently did in the same geographic location for someone else seeking the same type of credit, from one of the many credit forum sites like myfico.com, owned by Faire-Isaac. Doing that will give you the best chance to guess correctly, but even then it's still a guess.

Re:Since you mentioned Experian

[Cederic]

I have no idea whether the US is different but in the UK there is no 'credit score'. There is a credit history that a number of organisations (including Experian) will track, and that can be accessed by lending organisations.

The algorithm for factoring that credit history into a risk assessment is indeed different between each organisation that extends credit, for two very good reasons:
1 - it's a competitive differentiator. If company A is better at judging risk than company B they'll do more business with lower defaults
2 - competiition law actively prevents people using the same algorithm

Maybe in the US there's a "FICO score" that's also factored in but I'd be fucking amazed if any serious financial institution used purely that one score.

Disclaimer: I've worked for more than one organisation that provides credit

And when will Experian be charged?

The US Credit system is a racket designed to screw people. I have been fighting a bogus charge on my credit report for years and I would love to see the power that these behemoths lowered.

Granted, I do not know of a superior way to track people, but the amount of destruction caused by identity theft or improper billing is insane.

Re:And when will Experian be charged?

[Solarhands]

Move to California. In California the burden of proof is on them if you dispute something.

Re:And when will Experian be charged?

You have the right to add a comment (limited number of words or something like that) to your credit reports. You should consider doing this.

The Credit Reporting Agencies pay retailers, landlords, etc. to add information to the credit report. This creates a credit that can be used when the reporter requests a credit check. That is, the deck is stacked against the consumer/customer.

Re:And when will Experian be charged?

[bradley13]

"Granted, I do not know of a superior way to track people"

How about this for an idea: don't track them.

Let's be real: These credit reporting agencies bring zero added value to the system. If you want a loan, go to the bank, show them certified copies of your pay statements, sign a legal document listing your other debts (or whatever other information the bank needs for a decision), and that ought to be it. There is zero need for anyone to know that you were three days late on a credit card payment in March of 2007.

These agencies are a blight. They are in the same category as Facebook: you are not the customer, your personal data is a product that they sell to anyone that will pay for it.

Re:And when will Experian be charged?

The first good reason I've heard to move to California. It's like saying "move to North Korea, Experian doesn't operate in North Korea."

Re:And when will Experian be charged?

What are you talking about it is all about the NCR, Screw the Legion, Down with Casar!

Re:And when will Experian be charged?

That just shows that you CAN pay (assuming you didn't lie about other debts).

It doesn't show that you WILL pay. Deadbeats - who can pay, but don't - do exist. Chasing them in court is a lot more expensive than not lending to them in the first place.

Re:And when will Experian be charged?

I have no problem with the service they provide, I only have a problem with the mechanism they use to provide it. We need a law that radically limits the usage of people's SSN. It is a government identification number and, as such, needs to be restricted to purposes that involve the government. If a company needs to deal with the IRS, Medicare, or any other government entity, they can and should use SSN for that purpose only. A private credit transaction does not involve the government, so using an SSN as an identifier in that transaction should be illegal. If Experian, TransUnion and Equifax want a unique identifier, they can create one themselves. If banks want to trust these services to determine credit eligibility, they can require that ID number rather than a SSN. It should be up to those businesses to de-dupe identities (without using SSN) when people apply for a new identification number.

And that's the kicker...de-duping identification is a hard problem, but one that's necessary for the business model of the reporting agencies. So, rather than solve the hard problem, they've pushed the responsibility onto the government since it does it anyways. The government needs to tell these companies that it's not okay for them to do this and that they need to solve the hard problem themselves.

Once you limit the use of SSN, it becomes significantly less valuable. Sure, it can be used in schemes to defraud the government or seek employment illegally, so there will be some use for criminals, but it's utility for identity theft will be drastically reduced.

Re:And when will Experian be charged?

The first good reason, lol. Enjoy your lack of produce when you secede.

Re:And when will Experian be charged?

March 2007 wouldn't be on a report. Late payments only go back 3 years.
And the problem with what you're suggesting is that without verification of these debts, people will lie. And then they'll own a house, fail to make the payments, and if nothing else, the bank will lose out on 6 months to a year of payments while the foreclosure process and another couple thousand trying to resell the property.
Do you really trust people enough to loan them $200,000 with only their word for it?

And what exactly is a certified copy of their pay statement? Certifying something usually means getting a notary to stamp it, and that'd be a huge pain for an employer to do. After all, once the document is with the employee, how does the notary know it's genuine?

Re:And when will Experian be charged?

" sign a legal document listing your other debts (or whatever other information the bank needs for a decision)"

If we could trust people to be honest we wouldn't need credit scores.

Re:And when will Experian be charged?

[asmkm22]

The industry is broken, that's for sure. But your proposed solution would only lead to the same problem. If a bank loaned money out like that, you know they'd keep track of who pays on time and who doesn't (or at all). You'd still end up in a database with a record showing how trustworthy you are when it comes to paying back loans. At first, that might allow you to just go to different banks since the databases wouldn't be shared, and get loans despite having a poor repayment record, but eventually (as in, within a few months) banks would begin to share this data with each other in order to minimize their risks.

And of course, a third party would have to step in and offer to manage the whole process as a neutral party, basically resulting in new credit rating agencies.

The problem isn't that lenders shouldn't be able to use past information when deciding who to lend to. The problem is that debt collection agencies have no incentive to finding out if you are actually the right person or not, and if the debt was even valid in the first place. They just buy up a bunch of debt and anything that doesn't get collected (for whatever reason) is lost income for them. Dealing with those people can be a real nightmare because between them and the credit agencies, it's very much a 'guilty until proven innocent' kind of system. That's what needs to change.

Re:And when will Experian be charged?

[pixelpusher220]

And then you pay cash for everything. Good luck with that on big ticket items like cars or houses.

If you're a bank you want to know whether the person in front of you, a. is the person they say and b. will likely pay back the loan.

What would you do about someone who repeatedly defaults on loans? Or better yet how would you know they did if you weren't tracking them?

Re:And when will Experian be charged?

You are not their customer. The banks and credit card agencies are their customers. You are the product.

Re:And when will Experian be charged?

[Cro+Magnon]

That's actually a decent reason to move to NK.

Re:And when will Experian be charged?

BZZZT. Wrong. I don't think you know what you're talking about. If the person/business keeps reporting you late, the stuff stays on there forever. I've had to explain things decades old.

Re:And when will Experian be charged?

if you think North Korea is equivalent to California, stay wherever the fuck you live and keep watching fox.

Re:And when will Experian be charged?

[Anne+Thwacks]

In today's news: you sure as hell cant trust the credit score people.

Most people knew that a long time ago. However, bringing the scum to court is very difficult.

Re:And when will Experian be charged?

The problem is, not everyone is honest. If your debts are going to make the bank say no to a loan, and the bank has no way of finding out about your debts, why be honest about those debts? Also, the best predictor of future behavior is past behavior; if you were consistently late with payments or just never paid in the past, odds are good you will be in the future; if you paid your bills in the past, odds are you will continue to do so. So the bank wants to know that.

Although another problem is that the whole system is screwed up; it is pretty much impossible to start an adult life without debts; and the punishment for being a day late on your credit card payments because you forgot are equal to the punishment for signing up for credit cards and skipping town just before the bill comes; debts can grow without you being aware they are even there. IMO at this point the whole thing is unsalvageable, so we'll just have to watch as it crashes and burns and hope whatever comes to take its place works better.

Re:And when will Experian be charged?

Apparently, the alternative involves dueling (as in pistols). These agencies give a way to assess credit-worth. Prior to this it was based on how much 'honor' a person had, if there was a threat to a person's honor, they had to duel to preserve it.

I can't find the paper anymore, but there apparently was a study done that showed that nations that got credit agencies consistently had fewer dueling deaths shortly after.

Re:And when will Experian be charged?

The problem isn't that lenders shouldn't be able to use past information when deciding who to lend to.

That's arguable. Risk is intrinsic to seeking the anticipated profit from making the loan. Though you may see personal history as a core indicator (indeed, it is being taken as an unquestionable determinant--no "second chances" allowed), how far would you be willing to extend this intrusion into privacy for the purpose of reducing banks' risk? If we determine that there are genetic risk factors that dispose people to a greater degree to financial risk-taking such as gambling, is one's medical history and genetics then "fair game" for the credit rating?

Further, let's be clear, the system is structured such that banks take no real risk. The will be the paid amount up until the point of foreclosure/repossession, and the the full value of item repossessed. But even that is minor compared to the fractional-reserve rules, which means each loan made is made with money that's entirely "made-up" at a multiplier of the bank's assets, from which they then extract real value from manufactured money.

How far do you really think it is necessary to further tip the scales in their favor? Certainly, loans were still quite profitable 150 years ago without these "rules".

Re:And when will Experian be charged?

Or gather your papers and go the bank. Ask for a "consumer" loan.

The answer should always be NO. You have to save the money before you spend it.

If you really need a consumer loan ask your friends and relatives.
They will really poke into your business before deciding...

There's no reason for consumer type loans to exist...

Re:And when will Experian be charged?

>The will be the paid amount up until the point of foreclosure/repossession, and the the full value of item repossessed.

But there's the problem for the bank; they give loans for items that go down in value over time. And unless the item can be resold, they're not even going to get that much. The profit lies in charging interest over what the item was worth when first acquired.

Re:And when will Experian be charged?

And then you pay cash for everything. Good luck with that on big ticket items like cars or houses.

Houses, maybe not, but I've paid cash for a car, and any other big ticket item out there besides those two is probably a luxury that you ought to be able to pay cash for if you want to pretend you can afford it.

Re:And when will Experian be charged?

[NoKaOi]

Granted, I do not know of a superior way to track people, but the amount of destruction caused by identity theft or improper billing is insane.

A superior way would at least be an organization that doesn't sell lists of everyone's info to whoever is willing to pay for it. Why is it that I had to sign a permission form for my bank to lookup my credit when I applied for a mortgage, but then I suddenly start getting all kinds of related junk mail from companies Experian sold that info to without my permission?

Re:And when will Experian be charged?

[uvajed_ekil]

They have weather, weed and women that people from all around the world flock to California for as well, or so I was told by a doctor I trust. He goes by Dr. Dre. And I'm sure North Korean women are wonderful, but the weather stink,s and I bet there are no medical cannabis dispensaries. And there are no good burrito joints, so I'll consider CA first.

Re:And when will Experian be charged?

Californian here. Can we just secede already?

Re:And when will Experian be charged?

Uh, no. The Fair Credit Reporting Act applies equally in all 50 states.

All creditors are required to prove you owe the debt if you dispute it, and the
3 reporting agencies are REQUIRED to remove any unproven debt within
so many days of the date of the dispute (all of this must be done in writing).
It's really not that complicated.

What you have to ask yourself is if a law like that could pass today's political climate...

Re:And when will Experian be charged?

[CauseBy]

"I have no problem with the service they provide"

I do. This is a democracy, so let's have a vote on it. Who wants a bunch of asshole secretive sociopaths to hawk your personal information, gathered surreptitiously, for their own personal profit while you and society suffers? Raise your hands, if you're more than 50% then I'll stop complaining.

Re:And when will Experian be charged?

And then you pay cash for everything. Good luck with that on big ticket items like cars or houses.

Hey, I resent that -- I lived at my parent's (not in the basement...) long enough, and saved enough, so that I could pay cash for cars and for my house. Closing on the house was easy, my lawyer said I didn't need to attend, so I stayed at work!

Re:And when will Experian be charged?

[wiredlogic]

Submit a dispute using the FCRA procedure. When nothing is done to rectify the problem within 30 or 45 days you have grounds to sue the reporting agencies as well as the original source of the bad data.

Re:And when will Experian be charged?

[arashi+no+garou]

And then you pay cash for everything. Good luck with that on big ticket items like cars or houses.

It's not as difficult as you would think. My wife and I are on a five year budget plan to wipe out all of our existing debt. We have three vehicles; an old "work truck" that I paid cash for, her daily driver that she bought new before we started dating and still owes a few thousand on, and my daily driver that we paid cash for. Essentially, my debts will be satisfied within two years, her car and student loan (her only debts) within 18 months. We'll be snowballing all of the money we save from not making payments to finish paying off this house. A few years down the line we'll have enough saved up to pay at least half the note on a new house, maybe more if the market is right and we make back a lot on this one. Given that all three vehicles are in excellent mechanical condition and I'm meticulous about maintenance, barring an accident it will be at least ten years before we need to buy a new car and we plan to pay cash for it.

And we're not wealthy or upper middle class snobs; I work as an IT manager for a very small company and she works for local government. Our combined income is less than a lawyer just out of college. We've just learned how to manage money responsibly and not live beyond our means. We don't drive BMWs on a McDonald's salary like many people around here, and we don't have a six bedroom house with a 100 sq ft yard in an HOA neighborhood. We have a modest two bedroom cottage on half an acre of cheap land, a Chevy, a Toyota and a Nissan, and a whole heap of common sense.

Re:And when will Experian be charged?

[Archangel+Michael]

Actually, handing credit to people who cannot prove who they are is a big big problem, and quite frankly, is the total lack of due diligence I think Credit Companies ought to be doing, but don't. The fact that they end up charging the rest of us for their incompetence and arrogance is criminal IMHO.

Re:And when will Experian be charged?

[Cederic]

gathered surreptitiously

Check the T&Cs of all your lines of credit. I bet they all indicate that information on you will be provided to credit bureaux.

Re:And when will Experian be charged?

[Cederic]

I've cleared my mortgage and I bought my car with cash. However if I had to buy my current house with cash now, without selling it first, it would take me 20 years to save up for it.

That's now, with an income over twice the one I had when I bought it and fewer other outgoings.

Avoiding debt is often a good thing. Investing wisely is also often a good thing. Knowing how to balance the two is difficult but can really make a difference in your life.

Re:And when will Experian be charged?

[BitZtream]

There weather isn't better than Florida. Their women as fake whores with attitudes far out weighing their looks, and the weed isn't legal for recreational use. Its just as dangerous to smoke a bowl in CA as it is in Florida.

On the other hand, CA is full of nut job liberals who think they can lower taxes on themselves, while increasing government programs and free rides, and then can't understand why their government is bankrupt. Instead of expecting people to take care of themselves, they invent social programs to take care of people who could take care of themselves, and then make any woman who doesn't breast feed her child until the age of 12 feel like she's a horrible mom.

All in all, there are about 40 states I'd rather live in other than California. I guess it does beat out the Dakotas and Iowa, but that doesn't say very much, does it?

California is really a pretty shitty place to live if you actually pull your head out of your ass long enough to think about it.

Who watches the watchers?

[gstoddart]

So if the credit bureau is selling all of the information to the identify thieves you're pretty much fucked.

Sounds like this company is playing both ends against the middle and needs to be shutdown.

Pathetic.

Re:Who watches the watchers?

There must be a better system to protect private information, and better private information that cannot be copied, and distributed.

Re:Who watches the watchers?

[Bob+the+Super+Hamste]

Wasn't there some law that stated that when data breaches like this happen the company has to pay for credit monitoring for those affected. Given that it sounds like they may have distributed all US citizens' info it might be enough to sink their company. Then again I may only be remembering some proposed law that died a quiet death in some committee.

Re:Who watches the watchers?

It's called maximizing profits. Every company is obliged to do this. Companies exists only to do this. It's their only purpose in life.

Re:Who watches the watchers?

[Ronin+Developer]

How about we make Experian liable for clearing ANY AND ALL debt incurred whose credit info was divulged by them?

Once upon a time, the SSN was to be used for Social Security Purposes only - not for ID. Then, they started asked asking for it in college (as my ID) ... now, they ask for it at the local grocery store. Seems the law was changed. Why?

At one point, when someone wrote a letter (remember those?) in the 1980's to a service member, they gave the name, rank, SSN and Fleet or APO post office number. In retrospect...WTF where they thinking? Prior to that, a service number was issued and it was NOT your SSN.

Re:Who watches the watchers?

[lgw]

I'm pretty sure that is a law. But Experian could easily offer "credit monitoring" to everyone, not quite for free on their part but as a straightforward software project.

I think we should require that of them regardless!

Re:Who watches the watchers?

[gsgriffin]

Would be interesting to know if they have an investment in LifeLock or something similar? They could continue to win big on this.

Re:Who watches the watchers?

My bank sent me a letter once explaining that they had a breach and my info may have been stolen, and they offered to pay for my credit monitoring costs with a third party. So basically they suggested I share my personal info with yet another company who may also get hacked by yet another group of criminals... Yeah right.

Re:Who watches the watchers?

They're already monitoring your credit, maybe they could just fill you in more often.

Re:Who watches the watchers?

Because SSN isn't secret, never was, and never will be. They have always been trivial to figure out, so I don't understand the faux-horror people react with whenever a data leak of numbers gets reported. Who cares, it's already out there.

What law states a company can't use a SSN as an identifier? They can, and always have been able to. You can of course refuse to give them it, but they are not required to do business with you if you don't abide by their policies.

I do agree that companies slowly have gone from being very careful and respectful with the data to not giving a shit. That coupled with the defacto requirement of providing a SSN to operate in modern society means you simply have to operate under the assumption that everyone knows your SSN if they want to get it, and keeping it hidden is simply not an option.

This is slashdot. Security through obscurity never works.

Re:Who watches the watchers?

[L4t3r4lu5]

pay for credit monitoring for those affected

Yo dawg. I heard you like credit monitoring, so we hired a credit monitoring company to monitor our monitoring of your credit while you monitor the credit monitoring company monitoring our credit monitoring of your credit.

FREE AS IN BEER MARKET !!

1. Information wants to be FREE !!

2. FREE the identies of millions !!

3. PROFIT !!

Re:FREE AS IN BEER MARKET !!

4. Get one rifle shot shot at long range from a citizen who got screwed in the bargain. Make it a .50 caliber.

I've been saying since Enron we should add more FEAR to the "greed and fear run Wall St." aphorism...

captcha: brooms (which sweep clean)

Re:FREE AS IN BEER MARKET !!

captcha: brooms (which sweep clean)

I wonder if that's Slashdot's algorithm's way of subtly advocating that it's time to send in the cleaners...mafia style?

Re:FREE AS IN BEER MARKET !!

[lgw]

4. Get one rifle shot shot at long range from a citizen who got screwed in the bargain. Make it a .50 caliber.

I've been saying since Enron we should add more FEAR to the "greed and fear run Wall St." aphorism...

IIRC, one of the Enron higher ups "committed suicide" in fishy circumstances early in the trial process. This being Texas, I've always assumed that this unlikely "suicide" was the police simply agreeing with the "he needed killin'" defense, and choosing not to investigate.

Re: FREE AS IN BEER MARKET !!

Except it was probably killed to keep him from talking.

Re:FREE AS IN BEER MARKET !!

[radarskiy]

I've always assumed that he relocated to a nice island somewhere, and the police were simply agreeing with the "fuck the damn commie libruls" defense.

And no one at experian will ever be charged.

Even though Experian was selling the info, only the people who bought it will get punished.

Re:And no one at experian will ever be charged.

[mark-t]

I think, presumably, that an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to, and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

Re:And no one at experian will ever be charged.

[mcgrew]

and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

And what, pray tell, would that argument be? I can see nothing whatever society gains by letting Experian sell what they do not own.

Re:And no one at experian will ever be charged.

[Jason+Levine]

Sadly, the people whose identity was stolen will also be punished by having to spend time, energy, and money restoring their credit files and getting the bogus accounts removed. In some cases they will have to prove that they really didn't open the lines of credit to Experian - the very company who is responsible for the mess they are in. They will also need to watch their credit closely for the rest of their lives wondering when the next line of credit will open up or deal with the hassle of freezing their credit and not being able to open new lines of credit when they want. (Though, as an ID theft victim who did the latter, it's really not that much of a pain. Just stinks that it is necessary.)

Experian, on the other hand, will face a vicious finger wagging by Congress. At the very worst. Maybe a token fine that they can make back in 2.3 seconds of doing their normal business.

Re:And no one at experian will ever be charged.

[sjames]

And since they cannot possibly not know about 'identity theft' (that is, bank fraud where the cost is pushed off onto a third party to the fraudulent transaction), they will require proof that the adverse information reported is actually about you before it affects anything.

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA I crack me up. That's a knee slapper!

Their 'credit reporting' will continue to be based on gossip and innuendo such that the National Enquirer looks like the New York Times in comparison.

Re:And no one at experian will ever be charged.

Read the article - it wasn't Experian selling the info.

As stated also in the summary, it was a company called Court Ventures, although what the summary doesn't say is that although Court Ventures is currently a subsidiary of Experian, it was already illegally selling this information before it was aquired by Experian, and also that the Secret Service contacted Experian about it after the aquisition.

It also should be noted that the information itself did not originate from Experian, but from US Info Search, and that the information is apparently aggregated from public sources (i.e. court records, driver records etc)

They were allowed to sell the information to US companies for ID checking and theft prevention, just not to foreign companies, and not to companies using it for other purposes.

I don't entirely like what Experian do, but I don't really think they're the bad guys here.

Re:And no one at experian will ever be charged.

[PraiseBob]

an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to

Excuse me? You are saying there is a valid argument that they have no way of knowing whom they are doing business with?

They have permanently compromised a system that hundreds of millions of people use every single day. They have made every single citizen subject to fraud, and have no ability to fix it, except conveniently through their business model. This breach will STILL be an issue ruining people's lives 20 years from now, and we will have to beg Experian to correct the problems they caused, and even pay them for the privilege. The economic damage could reach well into the trillions of dollars, there is virtually no cap, since it undermines the entire credit system of every citizen currently alive, for their entire lifetime. Every executive at the company should be put to a firing squad.

Re:And no one at experian will ever be charged.

[mark-t]

I can only make guesses, since I don't know for sure. This is why I was using the word "presumably".

But it seems to me that if Experian were not ever supposed to have the right to sell that information at all, ever, to anyone... then they would not be able to get away with having done so.

I can only speculate that there might exist certain organizations which have legal authorization to access such data which may have the legitimate right to purchase this kind of info from companies like Experian, and that the particular purchaser described by this story may have misrepresented themselves to Experian as such, which may arguably show some negligence on Experian's part for not realizing who was purchasing the information, but in the end it was still the purchaser who was actually doing so with fraudulent intent. If this idea correct, Experian may get a slap on the wrist for this, and a warning to not let it happen again, but not actually have any charges filed against them because no intent to commit fraud was intended.

Of course, all of this is guesswork... if Experian did something wrong then obviously they should be charged... I am making an assumption here that since they are not being charged, that at least based on the information that they had at the time, they did not do anything that they were unilaterally forbidden to do.

Re:And no one at experian will ever be charged.

[mark-t]

I am only suggesting it because, presumably, if Experian should have had sufficient cause to have realized that they were selling the info to an agency that had fraudulent intent, then Experian would be charged similarly with conspiracy to commit fraud. Because they are not, I am assuming that there exists some legal loophole through which Experian's activities in this matter remain innocent... at most, perhaps deserving of no more than a slap on the wrist or maybe a warning to not do it again.

Re:And no one at experian will ever be charged.

[Sarten-X]

Ah, but they do own it. See, when you signed that loan agreement, or contracted for utilities, or had that background check for that job, you signed an agreement that your Social Security Number could be given to a "third party" for the fulfillment of the credit or background check, and that the third party could then use it according to its own policies. Those policies you never saw but agreed to anyway likely remove all restriction on what can be done with your SSN.

Re:And no one at experian will ever be charged.

[mark-t]

I'm saying that it only seems reasonable to conclude that such an argument exists, since otherwise there is no reasonable explanation for why Experian was not charged with conspiring to commit fraud in the transaction.

Re:And no one at experian will ever be charged.

[sjames]

They have been libeling people for decades now without a single repercussion. I suspect it's the oldest loophole in the books, too rich to jail.

Re:And no one at experian will ever be charged.

[sociocapitalist]

Even though Experian was selling the info, only the people who bought it will get punished.

It's up to you people, the fuckees, to file a class action lawsuit against Experian, the fuckers, for selling your private information without your express permission.

Want it to stop? Make it stop.

Re:And no one at experian will ever be charged.

[nitehawk214]

I think, presumably, that an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to, and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

Then maybe they shouldn't be allowed to have the info in the first place.

Re:And no one at experian will ever be charged.

[nitehawk214]

The banks like having an excuse to deny people loans. Creditors like holding it as a threat against people that dispute fraudulent claims. "You better pay this or we will ruin your credit score and make sure you never own a car or house again."

Oh, do you mean how Experian benefits the actual people? They don't, not in any way whatsoever.

Re:And no one at experian will ever be charged.

If you believe that your Social Security number wasn't being sold on the black market before this, then I have a bridge in Brooklyn to sell you.

The only thing protecting you from identity theft is the fact that in all likelihood your information in hidden amongst millions, or tens of millions, of other people in various black market databases. And, fortunately, there are only so many ways for the relatively small number of hard core criminals to use that information, and it takes time.

Keep an eye on your credit, and protect all your other information. For example, I never tell anybody "my mother's maiden name". For every account I sign up for I use a different name for my mother. I know my SS# is out there, so I try to make it harder to gather other kinds of identifying information. Of course, if I were subject to a targeted attack, that information would be trivial to get. But the threat is from semi-automated identify thefts, and my job is simply to make stealing my identity harder than stealing the next person's identity.

Re:And no one at experian will ever be charged.

[dissy]

Ah, but they do own it. See, when you signed that loan agreement, or contracted for utilities, or had that background check for that job, you signed an agreement that your Social Security Number could be given to a "third party" for the fulfillment of the credit or background check, and that the third party could then use it according to its own policies. Those policies you never saw but agreed to anyway likely remove all restriction on what can be done with your SSN.

Yes, but that same agreement stated I sign away rights to your daughter as well ;}
In both cases, I can't sign away rights to things I personally do not own. That covers both my SSN as well as your daughter.

SSN's belong solely to the social security administration, and do not belong to the person the number is issued for. It says as much on the back of my SSN card.

If I do somehow have the right to sign away things I don't own, then under the same argument, why is it not legal to sign away your daughter to my friend?

Re:And no one at experian will ever be charged.

[mcgrew]

From what I've read after posting, Experian bought a company that was selling SSNs to thieves and didn't do due diligence when buying it. So maybe a fine, but nobody from Experian will go to prison.

Start the bombing now!

[Theophile]

I'm an American, so I'll admit that I couldn't find Experia on a map if I tried, but this is an outrage and I say we start bombing the Experians back to the stone age right now!

Re:Start the bombing now!

[WillgasM]

why do i never have mod points when i need them?

Re:Start the bombing now!

[UnknowingFool]

What's sad that this is true most of the time. My friend was interviewing someone (college graduate education) for her company. My friend mentioned that she was in New Zealand earlier this year. The interviewee asked where in Europe New Zealand was located.

Re:Start the bombing now!

[freeze128]

Well....? Don't keep us all on the edge of our seats! Where in Europe is it?

Re:Start the bombing now!

[I'm+New+Around+Here]

Obviously it is one of the sections of Great Britain. Doesn't "the Shire" give that away? I mean, who doesn't know that Peter Jackson filmed LOTR in New Zealand?

Re:Start the bombing now!

[NeverVotedBush]

It's just east of the country of New Mexico...

Re:Start the bombing now!

[UnknowingFool]

South of New Zedland (blame Canada!)

Re:Start the bombing now!

[sociocapitalist]

I'm an American, so I'll admit that I couldn't find Experia on a map if I tried, but this is an outrage and I say we start bombing the Experians back to the stone age right now!

Did you look on Expedia?

Re:Start the bombing now!

[atom1c]

South of New Zedland (blame Canada!)

Uhhhhh...... not funny?

Re:Start the bombing now!

Canadia. Damn it. Right next to the United States of Better Amercia.

Re:Start the bombing now!

Our bomber pilots want to know.

Re:Start the bombing now!

[uvajed_ekil]

They have admitted "cells" in California, Texas, and perhaps elsewhere in the USA - they are rather secretive though. Their top leaders are believed to be operating out of Dublin, Ireland, so that's where we should send the stealth bombers and cruise missiles, I guess. Let's save the SEALs to go after individuals and bring them to justice once we have obliterated their main bases and means of conducting their ongoing acts of terror against the American people. Pity the poor folks of Dublin who will be caught in the middle of the war, but we never think much about that sort of thing anyway, do we?

Oh Yea?

Here's the important take away...

They'll do it again and there is fuck all you can do about it!

What now, bitches?

Re:Oh Yea?

>What now, bitches?

What now? Legalize marijuana, then all we'll need is more Doritos.

15 counts of wire fraud explained.

[nimbius]

If convicted in an american court those 15 counts amount to:
10 years in prison, appealed to 7
parole after 4

and experian leaving the room without ever having admitted any wrongdoing. Visa and Mastercard dont care, because the amount of credit as a balance reflected on a card is imaginary anyhow and doesnt correlate to any real value. They simply issue chargebacks against the vendors affected by fraudulent purchases.
the vendors in turn get a strike against them for accepting fraudulent transactions. cardholders get a new card, and the game resets. Consumer capitalism cannot be permitted to short-circuit at the expense of the consumer.

The cards are commonly used to purchase web hosting or secure free trials to distribute malware as a means of garnering more legitimate cards and absolving their dependence on lucky ducks like the Experian guy. The wheel is still turning.

Re:15 counts of wire fraud explained.

[Nemesisghost]

You realize this only works for cards consumers know about. Given that the average person only gets a new loan every few years, and hence only worries about their credit report at that frequency, they might not even know that someone has stolen their identity & now have fraudulent credit cards open in their name for years. And my understanding is that once the card is opened, it's now on the consumer to dispute everything about the card, which is no easy task. It's not like charges from 1/2 across the world suddenly appearing on a card only used at your local supermarket. The entire history of the card is fraudulent, which is immensely harder to prove. Now throw in the fact that the card has since gone into default, and you are screwed.

Re:15 counts of wire fraud explained.

[I'm+New+Around+Here]

And my understanding is that once the card is opened, it's now on the consumer to dispute everything about the card,

I never understood that line of thought. If someone, e.g. a bank, says I owe them money because I agreed to repay them money they loaned to someone who claimed to be me, my first question would be "Where is the paper I signed?". If the contract was made at a branch of the bank, such as for a loan, my next question would be "Where is the video footage of me at that bank?".

Because if they don't have those two items, and they indisputably prove it is me, they have absolutely no case to try to extort money from me. They can go after the actual person they gave money or credit to. Why should it not be that way for all cases of so-called "identity theft"? It used to be called "bank fraud", which firmly shows the bank is the victim of fraud, and should have been more diligent in its actions. Instead they now imply the party who should have been more pro-active is the person whose name was used without their knowledge.

Stop calling it ID theft, call it bank fraud, and tell the banks they can get their money from whomever they decided to give it to.

Re:15 counts of wire fraud explained.

[Bob+the+Super+Hamste]

That actually happened to my wife. She got a call from American Express stating that we were in default on a card she had taken out and bills were being sent to an address in Las Vegas. They demanded that we pay in the most aggressive legal way they could. I told them that it isn't my fault that they didn't do their due diligence in giving out credit and that since it was a credit card we were only liable for up to $50 of it and I wasn't going to even pay that since neither of us had ever been in Nevada let alone Las Vegas. I then mentioned that if I ever heard from them again I would be filing charges against them for attempting to defraud me and would also be filing a complaint with my state's attorney general. Never heard back from them. I do the same thing with the idiots who keep buying someone's bad college loan debt that was accrued 14 years before I was born who happens to share my name. Some new company seems to buy it every 2-3 years and then they start calling or sending mail so I don't know if it is a scam or not but I treat it as if it were one.

Re:15 counts of wire fraud explained.

[I'm+New+Around+Here]

It's good to hear that actually does work. When I've mentioned my views to other people, they usually say that it wouldn't matter, banks don't care about that, blahblahblah.

I also wonder about not just charging them with attempted fraud, but also suing for libel/slander if they claim you are responsible for the debt, and report that to the credit agencies.

Ironically, just last month we got a letter from the state, saying that our name was found on a list at the house of a guy arrested for ID theft. So we are advised to go through all the hoopla to 'ensure' our good credit. Screw it. If the guy used my name, or if twenty other wastes of oxygen do so, it isn't my problem if I don't let it be my problem.

Re:15 counts of wire fraud explained.

[Bob+the+Super+Hamste]

So we are advised to go through all the hoopla to 'ensure' our good credit. Screw it. If the guy used my name, or if twenty other wastes of oxygen do so, it isn't my problem if I don't let it be my problem.

That is the approach I have taken. I put the onus on them to show that I am the person who owes them money, unless they are my mortgage or credit card company I don't and they don't call or write me letters since I make my payments. At this point I don't need any additional credit so fuck'em. My dad has taken a similar approach a number of times as well (where do you think I learned it from) and hasn't had any issues.

Re:15 counts of wire fraud explained.

Because one does not have to go into the bank to sign papers and be on video in order to get a credit card anymore.

Re:15 counts of wire fraud explained.

[pavon]

It works for the purposes of avoiding paying that bill, but it doesn't avoid having your credit score being completely ruined.

Ironically, just last month we got a letter from the state, saying that our name was found on a list at the house of a guy arrested for ID theft. So we are advised to go through all the hoopla to 'ensure' our good credit. Screw it. If the guy used my name, or if twenty other wastes of oxygen do so, it isn't my problem if I don't let it be my problem.

Like it or not, this is your problem, if you ever want to take out a loan ever again, and the sooner you deal with it the sooner you can start rebuilding your credit.

Re:15 counts of wire fraud explained.

[I'm+New+Around+Here]

They have to sign a paper of some sort. Even if it's a letter or application that arrived in the mail.

Re:15 counts of wire fraud explained.

Yes, but the bank does not cross-reference it against anything. You'd have to get a handwriting expert to come in and prove you didn't sign the paper. That certainly isn't how things SHOULD be, but it's the way they are.

Re:15 counts of wire fraud explained.

[Gr8Apes]

I'd give them 1 letter to fix the problem - after that - they can see me in court. I didn't enter into any agreement with them, and they are slandering/libeling me by stating I have bad credit and propagating that out. There are slander / libel laws out there, use them.

Re:15 counts of wire fraud explained.

It's a kind of a scam, but kind of not. The statute of limitations has long since expired in most--probably all states--by 10+ years. OTOH, in most cases it is a legitimate debt, just not one that someone has any legally enforceable obligation to pay back.

For years I kept getting collection demands about a utility bill that went unpaid--it was the last month of phone service where Bell Atlantic (yes, it was awhile ago) fscked up my cancellation order after I had already moved out of state. Actually, I had no idea about it until the statute of limitation had almost expired; that's when they sold the debt to a collection agency. The first year or two I got the notice the debt was still enforceable. But later I knew that any notice after the SoL was simply an idle threat. I probably would have paid if it hadn't been Bell Atlantic's fault, so screw 'em.

Re:15 counts of wire fraud explained.

[onyxruby]

Okay, your not helping yourself or anyone else like you think you are. I'm not writing this response for you personally, I'm writing it before other people follow your advice and get themselves in legal trouble.

You have rights if your a fraud victim and you should exercise them, which you haven't done. In order to protect yourself and your credit rating you have to file a fraud complaint and send it to the and credit agency and company.

If you don't do that the company can continue to report against your credit report and you can be sued by the company in the jurisdiction that they have on file and get a judgment against you. Without a fraud dispute the company has no way of knowing your right address and the fraudulent address will be used for the jurisdiction you are sued under. Once a judgment is issued against someone you can have your wages garnished, credit ruined, tax refunds seized and property sold at auction.

You'll have hell to get an judgment overturned that was issued in another jurisdiction and than your in a position of explaining why you couldn't be bothered to write a simple affidavit and mail it in. Someone following your advice could well get a judgment against them that they couldn't get rid of - even after proving they didn't take it out. With a lot of jurisdictions allowing people to be arrested in order to enforce payment of judgments your advice could well put someone in jail.

* Before I worked in IT I made a living performing large balance credit card fraud investigations ($5000+). I was the one of two people in a well known company that would track down situations like yours. Please stop giving legal advice when you haven't got the slightest clue what your talking about.

Re:15 counts of wire fraud explained.

[I'm+New+Around+Here]

Onyxruby, thank you for you knowledge in this matter. I am not questioning any point you make. But I will disagree with the recommendation you give.

If you don't do that the company can continue to report against your credit report and you can be sued by the company in the jurisdiction that they have on file and get a judgment [nolo.com] against you. Without a fraud dispute the company has no way of knowing your right address and the fraudulent address will be used for the jurisdiction you are sued under. Once a judgment [credit.com] is issued against someone you can have your wages garnished, credit ruined, tax refunds seized and property sold at auction.

You'll have hell to get an judgment overturned [foxbusiness.com] that was issued in another jurisdiction and than your in a position of explaining why you couldn't be bothered to write a simple affidavit and mail it in. Someone following your advice could well get a judgment against them that they couldn't get rid of - even after proving they didn't take it out. With a lot of jurisdictions allowing people to be arrested in order to enforce payment of judgments your advice could well put someone in jail [dailyfinance.com].

If we were back in the 1980's, and the crime was still called bank fraud, I would work with the system to keep my name clean. However, today they want to put the entire blame of their own mistakes on me, and I won't play their game. In the age of 'millions of identities stolen' every year, it is completely counter-productive for American citizens to actively encourage the situations you describe, by doing what the banks and governments should be doing themselves.

If the state government can send me a letter saying my name (and thousands of others) was found in the home of a guy that was busted for ID theft, they can send that same letter to the three credit agencies, as well as maintain a site that all banks can check before giving credit or a loan to someone using my name. In addition, the state certainly tracked me down to the correct address, even though the arrest happened at the other end of the state. It is time that banks and credit agencies use some of the money to improve their validation process, rather than spending it after being defrauded and trying to ruin the lives of innocent people.

If everyone felt like I do, and refused to play the game the banks have rigged in their favor, the banks would never be able to maintain their position that they are the innocent party. (I'm pro-business generally, but am more pro-citizen in these sorts of situations) Very soon, it would be evident that the banks are being very foolish with their money, and none of their actions should be excused and encouraged by blaming the truly innocent persons, and even holding them legally liable for debt they did not agree to.

But with the masses jumping through all the hoops the banks and governments set in front of them, just to keep the banks from being victimized, why should the banks spend their profits to keep themselves safe? They make more money with loose lending standards, and can just extort money from people later if needed.

Re:15 counts of wire fraud explained.

[Bob+the+Super+Hamste]

You do know that you can dispute anything on your credit history at which point it becomes the problem of those who put it there to demonstrate that it was actually you. Since the stuff in question was placed there was all done fraudulently they are going to have a very hard time proving that it was you so no you won't get dinged.

Re:15 counts of wire fraud explained.

[pavon]

Sure, my main point was that you need to take time to dispute this with credit agencies, which will be much easier to do as soon as you learn about the fraudulent charges than later on. Taking the GP's attitude of "it's the banks problem not mine, they can deal with it" will just make your problems worse.

That said, I've known a handfull people who have disputed fraudulent reports in their credit history. All of them were successfull in getting the fraudulent reports either removed or marked as such. However, the ones that had good credit scores before this happened ended up with scores that were lower than before, even after "successfully" disputing the fraudulent reports. One of them ended up with a score so low, he couldn't get a car loan from anywhere; not those "we finance everyone" dealerships, not the credit union he previously had gotten a loan through and never missed a payment, no one. He ended up having to get his parents to co-sign a loan, and is still rebuilding his credit.

These people didn't look into suing the credit agencies, however I imagine it's harder to win a libel/defamation dispute over an opaque rating number than incorrect factual statements, which the credit agencies did correct.

Re:15 counts of wire fraud explained.

This is my approach exactly. Most people don't have the guts to stand up to them and that's what they're counting on.

Re:15 counts of wire fraud explained.

[BitZtream]

You do know that you can dispute anything on your credit history at which point it becomes the problem of those who put it there to demonstrate that it was actually you.

You do know that isn't actually the way it works, right?

You dispute. They say 'no, its valid' and thats the end. You have no recourse to force them to fix it. This is a well known issue to the point there 60 minutes and every other major investigative news organization has run stories showing just how they respond and do nothing even if you have proof.

You life in some fantasy world other than Earth.

Re:And, who has the Obamacare ID validation contra

Oh god, is Slashdot now The Blaze, where everyone has Obama Derangement Syndrome and every single comment has to tie to Obama, no matter how loosely related they are?

Why is SSN secret?

[bigwheel]

I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

It is just a has code -- not a password.

Re:Why is SSN secret?

[ComfortablyAmbiguous]

Besides that, it's a horrible, horrible secret. Until just a few years ago the first five digits could be easily determined from your birthday and location of birth, leaving only 4 digits of somewhat randomness, and even that went in sequential order, giving you a pretty good guess at a much small range. To add insult to injury, whenever a company thinks they are helping you keep it secret they will ask you for the last four digits of the number, the only four digits that actually matter.

Re:Why is SSN secret?

[thaylin]

because with your SSN now you have access to EVERY other piece of information. Forget your password with any company that has your SSN and they will use your SSN as the ultimate password.

Re:Why is SSN secret?

And how do you keep your mothers maiden name a secret?
Do you kill her and her parents and wipe out all traces of them?
Why do they use stupid shit like this to identify someone.

Re:Why is SSN secret?

[jeffmeden]

I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

It is just a has code -- not a password.

Until the grand abstractor that is the Internet came along, exploiting the system usually meant being in a position of some power at one of those institutions, or digging through lots of garbage to find discarded records. In the realm of things that make you unique and are both quantifiable and indelible, SSN is at the top of the list. It became the de facto "identity password" since about 50 years ago when national, impersonal, remote services like credit cards took off and the creditors (banks), instead of coming up with a better system, left well enough alone.

Think about it, how would you _indelibly_ tell two people apart on paper, both named John Charles Doe and both born on 6/7/89? Record who their parents were? Record where or maybe exactly when they were born? Record some assigned nonce that was issued at birth by some all-knowing entity? Oops, that's what a SSN is!

A world without secret SSNs requires much more diligence on the part of the _customer_ because they are burdened with extra identification elements (public ones and private ones, a username and password of sorts) for each service unless a national or international effort to standardize comes about.

Re:Why is SSN secret?

Because authentication systems don't need to be bulletproof. They only need to reduce the cost of fraud below the benefit gained from simpler and more convenient customer service.

And as long as the banks bare the majority of the cost, then they'll act more-or-less rationally. But they also tirelessly lobby their Congress Critters, especially GOP Critters, to shift the burdens. Once that happens... it's game over.

Re:Why is SSN secret?

[Jason+Levine]

Not that mother's maiden name is any protection. When someone opened a credit card in my name, they had my name, address, social security number, and date of birth. They got the mother's maiden name wrong, though. It wasn't even close. Didn't stop Capital One from approving the card application, though, and almost giving the people a line of credit in my name. (The only thing that stopped them was a fluke where they paid for rush delivery of the card and immediately changed the address from mine to theirs. The two processes crossed paths and the card arrived on my doorstep. Had it worked as intended, they would have gotten the card and run up a huge bill under my name.)

Re:Why is SSN secret?

It's likely because some companies decided it was a good way to track individuals. "You say you are Phineas Gage? What is your SSN so I can verify that you are Phineas P. Gage and not Phineas G. Gage." Do a search of public records and there are still hundreds of documents with SSNs all over the place (check your property documents). And then some bright folks decided that the last four digits were a good password to use for all manner of things.

What's funny is that with the SSN (available for a good number of people) and their name, address, and some information on their social network pages, it's easy enough to to figure out. (Your uncle on Facebook may have your mother's maiden name, your work street address and cell phone number is publicly available, how much you paid for your house is public).

So say that I wanted to steal someone's identity.. I may simply make a note of all the cars in his driveway (so I can answer that question about which cars have I owned), search the public databases for SSN, approximate salary, etc.. I may start by setting up a new phone number, paying the bill normally for a few months, then using that as the verification number.

But we all know this...and still continue to provide it because it's ridiculous that anyone would think it was secure..

Re:Why is SSN secret?

[mcgrew]

I got mine in 1968, and it said in large caps FOR TAX PURPOSES ONLY. It would be damned hard to write a book without a credit card now -- copyright, ISBN, web site, printer... pretty hard to do any commerce online without a card.

I've spent over $300 on Nobots, all of it on the card. (OT but it might be available as early as next week, I'll let you guys know).

Re:Why is SSN secret?

To add insult to injury, whenever a company thinks they are helping you keep it secret they will ask you for the last four digits of the number, the only four digits that actually matter.

Well it would certainly be stupid of them to ask for the first four now would it?

(blah blah blah SSN is a username and not a password, I know that)

Re:Why is SSN secret?

[unrtst]

It's very similar with credit card numbers, especially bank account ones. The first 6 digits idenfity the issuer. The last digit is just a check digit (usually via Luhn algorithm). That leaves 9 digits for the user account for most cards. However, many banks use a heirarchal system that identifies the branch where you got the card in the first 4 digits of that. The last 4 digits (3 account digits + checksum) and the expiration are usually printed on reciepts and such, as is the type of card (visa/mastercard/etc). If you know a little about the person, you can guess their branch, which leaves only 2 digits unknown. Along with the checksum, you can deduce those, or at least narrow it down to a couple possibiities.

Guessing the branch might seem difficult. However, the college I went to, and I assume many others, has a bank offer to sign up all freshmen for free checking accounts with a debit card. All those signing up with get the same first 10 digits (possibly 11 or 12). It leaves very little to guesswork.

FWIW, I'm not sure if the aforementioned practices are current. Maybe they do things differently now. Regardless, the last 4 digits are the most significant and specific digits, just as with the SSN. Hiding the leading digits provides a false sense of security to the end users (there is still some security added, but nowhere near what the average person would assume), and it retains the most unique parts so the company using it still benefits almost as much as having the full thing printed/supplied.

Re:Why is SSN secret?

[Lithdren]

Way to completly ignore the question.

The question is why is an SSN secret? If the purpuse is to tell person A apart from person B who have the same/similar demograpic information (name, DOB, etc) then ok I get that. But why is the SSN treated as the end-all-be-all identification of that person?

The answer of course, is beacuse its easy on the credit companies and banks. Its something they dont assign, are not responsible for, and dont need to worry about. If someone takes it, well, look he had the right number...its a cop out. Plain and simple.

It would require more diligence of the bank, not the customer. The customer already needs to present things like birth certificates, drivers licenses, proof of residence, etc, etc. But none of that isn't easily spoofable, so they've tried long and hard to make people feel like a SSN is somehow safe, and unfakeable. An individual person can vanish without a trace, but a SSN wont. Or more specifically, whoever actually owns the SSN wont. They're now on the hook, and the leeches (banks, credit agencies, etc) get their money back.

I had a friend who's 5 year old had taken out a car loan half-way across the country. Sure, the DOB clearly didn't match, or the address, but geez they had a name and a valid SSN. So good to go...right? Every last one of these jerks should be in jail.

Re:Why is SSN secret?

Here's a dirty little secret about SSN's. They were never intended to be used as unique identifiers. In fact, it says on the card For social security only, not to be used for identification. Even more, they are not secure in the least, up until recently you could get the first 3-5 numbers just by knowing a little bit about the person, see ID by state of issue, and it's pretty simple to identify the group number as well. Last 4? those were sequential. Basically, they were never designed to be secure, and now we have to treat them as such. Better keep your birthplace/birthday secret too.

Re:Why is SSN secret?

> both named John Charles Doe and both born on 6/7/89

Then you do what the Washington State Police do. You assume they're the same person and punish all of the people with the name/DOB instead of just the one. Of course, they go even farther than that. They claim they don't have the technology to remember the middle name, only the middle initial. There are two other people with my DOB, first name, middle initial, and last name here in WA. I can't start a business, buy a gun, or be a jury because of their policy, but as a lot of people correctly recognize, it's better than the stupid SSN system that uniquely identifies people.

Re:Why is SSN secret?

This causes a huge problem when you're trying to avoid someone that is SUPPOSE to know those things, such as a parent or spouse. I escaped an abusive mother 10 years ago, and she is consistently able to track me down because obviously, she knows my SSN and her maiden name. I'm lucky that I was able to move enough states away that she won't physically come to me, but I can't imagine how someone with limited resources trying to get away from an abusive spouse would manage. I've even legally changed my name, and my Social Security card has my new name on it... but every time I try to do something that requires SSN verification I'm told the SSN doesn't match the name, and I have to use my original name!

Re:Why is SSN secret?

[dissy]

My SSN card is from 1978 and pretty much says the same thing.
(BTW Mcgrew, I thought you were old! Now I feel aged)

"For tax purposes only. Improper use of this card and/or number by the number holder or any other person is punishable by fine, imprisonment, or both. This card is the property of the Social Security Administration"

I've never once had others do anything but laugh that message away and try to justify how it doesn't apply to their case.

There is another person in my city with the same name but a good 30 years older than me, who apparently got and used my SSN at some point in the past. Apparently I owe $30k in past debts I made when I was 5 years old.

I don't have a bank account to this day due to this, and have had to pay cash for every car I've ever owned. I'm renting a house and don't see how I will ever get around a home owners loan.

I attempted to get things cleared up through the courts, but that lasted all of 2-3 months before the debts got sold off to other collection agencies and apparently count again.

It was even suggested that I file for bankruptcy and pay the debts off just so it gets removed from my records... Which is pretty bullshit to begin with. But at the same time, why should I believe that would fix the problem? The credit agencies have already proven they are happy to list anything, no matter how obviously fake, or no matter how court ordered not to. I have no doubt if I procured $30k out of my ass to pay them, they would still somehow get listed again.

Experian and all the others can go fuck themselves in a fire for all I care.

Re:Why is SSN secret?

[martinQblank]

Don't we need SS#v6 by now anyway?

Re:Why is SSN secret?

[kermidge]

Mine's from '58, nothing about tax on it. It's just a plain, ordinary SS card.

Re:Why is SSN secret?

[cant_get_a_good_nick]

Guessing the branch might seem difficult. However, the college I went to, and I assume many others, has a bank offer to sign up all freshmen for free checking accounts with a debit card. All those signing up with get the same first 10 digits (possibly 11 or 12). It leaves very little to guesswork.

I used to work in the bookstore at my university. Some first 4 digit combos are permanently stuck in my brain, such as 4128 (Citibank Visa), 4673 (Citibank gold visa, iirc), 5424 (citibank mastercard.. lot of citicards at my uni). Remember that most cards are run through some bank in North Dakota since ND has lax interest laws. Number of branches is much smaller than you think.

Re:Why is SSN secret?

[L4t3r4lu5]

That has "Nope." written all over it.

I would go mental if any company in the UK, regardless of sector, used what amounts to a unique key as a password. It's an identifier which requires authentication, not authentication in and of itself.

Re:Why is SSN secret?

[mcgrew]

I wonder when they started that, then?

Re:Why is SSN secret?

[mcgrew]

I went through bankruptcy shortly after my divorce, and it looks to me like you have nothing to lose by it, talk to a good lawyer. As soon as your lawyer files the papers you are prohibited by law from paying bills until the court proceedings are finished, which takes a while. You don't pay rent, utilities, any debts at all and they can't shut off your utilities and your landlord can't evict you. Trying to collect from you is a felony.

After the proceedings are finished, trying to collect any debt from before the bankruptcy from you is also a felony.

Once your bankruptcy is done you will be inundated with credit card offers, because they know you can't file again for 7 years.

See a lawyer, talking to one is free.

Re:Why is SSN secret?

[kermidge]

No idea, good sir; never seen one that had tax message - but then, I've never asked to see anyone else's card. To me it's a passing curiosity, an oddity but one that atm I've insufficient whathaveyou to go looking.

Can I form a subsidiary too?

[digitalhermit]

Oh, wow. TFA looks more than just noise, but we don't know how true it is yet. That said, I've seen so many articles about companies disclaiming liability because the crimes were committed by a partner or subsidiary. I want to do that too. After all, if companies get the benefits of personhood, I think people should get the benefits that corporations do too. I'll spin off a subsidiary person. He'll do all the crimes (cutting off mattress tags, walking on the "Don't Walk", eating oatmeal without a spoon) and I can benefit. When someone bothers to check, I can raise up the mini-me and have them throw him in jail. I'll keep the profits.

Re:Can I form a subsidiary too?

Always go check for an apposite Will Rogers quotation:

"A holding company is a thing where you hand an accomplice the goods while the policeman searches you." - Will Rogers

Re:Can I form a subsidiary too?

[atom1c]

Oh, wow. TFA looks more than just noise, but we don't know how true it is yet.

Brian Krebs is renown for doing his research... and based on the entire cybercrime world's antics in protest to how much diligence he conducts and communicates, he's not one to make shit up.

Why do SSNs persist?

[necro81]

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.

Is it just that this is the system that we in the US are stuck with, and that's that? How do other countries handle this? What are the potential alternatives? What are the true requirements for a "master identifier key", and how can they be realized in a way accessible to all people? How can we convince the business and banking community to stop using the SSN - not because they're forced to, but because it's such an awful liability?

Which politicians' identities need to be stolen in order to put such a system in place?

Re:Why do SSNs persist?

[CodeReign]

should use a sha1 hash of you birth details for a ssn

Re:Why do SSNs persist?

[twotacocombo]

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States.

Because it's the only common identifier assigned to all US citizens. Not everybody has a drivers license, passport, address or phone number.. but almost everybody born within the confines of society has a SSN. There really isn't any better or more consistent means of identifying an individual on a national scale. We're well beyond the days of opening a line of credit at the general store based on personal relationships and a handshake.

Re:Why do SSNs persist?

According to the article, they didn't just sell SS info, but rather bank account info and credit card info as well. The SS numbers are just a part of it all.

To sum up the article:
Some company evidently sold this information to other companies in order for those companies to use it to combat ID theft. Then one of those other companies then sold it to the black market.

What I want to know is, why didn't the NSA catch this? Why haven't I heard from my bank about this? Should we all change our accounts? WTF?

Re:Why do SSNs persist?

SSN is the only federal ID tag that every American is guaranteed to have. Only other national one is a passport and not everyone has that.

Everything else is handled by the states and each has their own policies.

There are attempts to force a standard but they get resistance on privacy aspects. I'd expect in another generation those concerns will be gone and something like a national ID (see Real ID) could be rolled out.

Question though, how would you make a database of ID that is not as easily fooled/stolen/corrupted? Do we require some biometric or password to verity yourself?

Re:Why do SSNs persist?

Blame the idiots in the 1930s for this. Why they didn't use strong cryptographic techniques is beyond me.

Why don't they switch over today to something better, as they did in Europe? Blame the tinfoil hat crowd who prefer a less secure system with plausible deniability built into it, and the ability for your average Joe to fall under the radar with a fake SS# if he desired. I kinda-sorta fall into this camp, myself--not actually using a fake #, but it's kind of comforting in a weird way that I could if I wanted to.

Re:Why do SSNs persist?

Well, in the UK we have a 'National Insurance Number', which is similar in original intended purpose, but in use is only used for things directly associated with taxation and benefits/welfare payments. (i.e. Generally your employer and the government have it/use it, and no one else uses it or cares).

Re:Why do SSNs persist?

[necro81]

Oh, I can understand how it came about. But, really, there are any number of intelligent people - security analysts, IT professionals, bankers, human factors specialists, and armchair thinkers - that could probably craft the outlines of a better, more secure system with an afternoon's effort. Why hasn't such a system come around yet?

They say, "if it ain't broke, don't fix it." But the way we use SSNs as a catch-all identifier has been broken at least since the introduction of online commerce - why hasn't anyone even proposed fixing it yet?

Re:Why do SSNs persist?

[jeffmeden]

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.
 

The answer to your question is easy: consumers demand easier interactions with banks and other orgs, and the orgs know that the harder they are to deal with the less likely the are to attract customers.

Instead of enrolling a new user by gathering all of their NPPI and then insisting on some extra public key verification (home mailing, notarized document, etc) before creating a private key (a password) they simply take you at your word that if you know all this NPPI, you must be _that_ John C Doe and not a different one, or not some identity thief. Add to that the use case of "i lost my keys", wherein the org needs to be able to quickly assess the identity of someone who has forgotten/lost/destroyed their "password", and doing it the "right way" starts to carry more of a burden than just doing it the same ol' way, and maintaining a staff of fraud investigators. The system hasn't changed because customers could care less as long as it doesn't hurt them, and fraud detection/remediation is effective "enough" to keep almost everyone happy. Those that have trouble are in a world of shit, though.

Re:Why do SSNs persist?

[TheCarp]

Easy, mostly it crept in with a lot of "Monkey See, monkey do".

It used to be there were no real central DBs of people's info. You don't have to go back far before the best records of who lived in a community were church baptismal records, and then Birth certificates. SS was really one of the first things where you could say just about every person here is enrolled and has a unique number.

Back then, SSN was pretty useless. Sure you could always try to commit SS fraud, but, since most people apply, and the money comes as checks, its not something you should expect to get away with for long and without consequence.... not to mention its not like you can just go in and drain someones SS, as its a time based benefit (unless they are already dead of course).

So as different orgs, states with drivers licenses (when i applied for my license in the mid 90s you still had the option of using your SSN, and some people CHOSE to!) decided to use it as an identifier, it made perfect sense, at the time.

The problem isn't so much that people use SSN. Its really almost more of a tragedy of the commons: Because what is a small concern when one group uses it, becomes a huge concern when every group uses it.

Not only that, but add a little circular logic.... SSN is good because your SSN is secret, nobody else knows it. Therefore if we use it as your ID we know its unique and we know its you. Makes perfect sense....until everyone else does it and the idea that your SSN is secret totally breaks down as everybody expects you to just give it to them to identify yourself.

Re:Why do SSNs persist?

It's the master identifier exactly because it was promised that it would never be used as such. The Social Security Act would never have been passed if a crystal ball had existed. And because the notion of a national ID number would be DOA, even if it would be used to replace SSN. (And, since it is near universal in the US, why would you want to replace it?)

Re:Why do SSNs persist?

[Culture20]

That's essentially what a SSN is, just using a weaker algorithm. Using sha1 won't make it any more secure since most people's birth details are public record. Then once the hash is created, it suffers from the same problem that SSNs have: being passed around in plain text as the same password for every company.

Re:Why do SSNs persist?

[necro81]

Blame the idiots in the 1930s for this. Why they didn't use strong cryptographic techniques is beyond me.

I don't blame the creators of the Social Security Administration for this; they provided a simple solution for what was a simple task. Strong cryptographic techniques - as we might understand them today - were either pretty obscure or hadn't been invented yet.

No, I blame every idiot that came afterwards and grafted new uses and requirements to the SSN - without updating or replacing the SSN to keep pace.

Re:Why do SSNs persist?

[sgt_doom]

Ah, why does a global banking cartel exist? Next question. . . . . .

Re:Why do SSNs persist?

[jeffmeden]

Oh, I can understand how it came about. But, really, there are any number of intelligent people - security analysts, IT professionals, bankers, human factors specialists, and armchair thinkers - that could probably craft the outlines of a better, more secure system with an afternoon's effort. Why hasn't such a system come around yet?

They say, "if it ain't broke, don't fix it." But the way we use SSNs as a catch-all identifier has been broken at least since the introduction of online commerce - why hasn't anyone even proposed fixing it yet?

Ah to live in an engineer's world: "there is a problem? Why, I already have a solution in my head for that! Now it is solved."

You can't think of a system that is at once nationally effective, customer-friendly, and cheap(er) to operate. If you could, the banks would scrap the SSN and start using it so they can fire their legions of fraud monitors/investigators. It is simply more profitable for them to maintain the system and band-aid it occasionally. Yes, exploits are obvious and plentiful, but an exploit-free system doesn't exist, so replacing all the NPPI practices with "better" ones would be incremental at best.

Re:Why do SSNs persist?

Because it would be a national ID number, and for a variety of good and bad reasons, this would not be politically viable in the US at the moment.

At the same time, the SSN scheme really isn't broken. True ID theft is actually pretty rare, so most people don't see a big need to fix anything.

Re:Why do SSNs persist?

Basically the SSN is your Tax ID in the US, and anyone who handles your money (banks, schools, work, etc), all need the SSN so they can report you to the IRS. Also, since you have to pay taxes you have to have an SSN, so you always will have it. You don't have to have a drivers license or passort, or any other type of ID so the IRS can't use it to track you. And it's so predictiable because when SSNs were created they didn't have computers, so they needed an algorithm that could keep up with signing up 100% of the population, across the country, without conflicts, and using paper, the easiest way is for districts to get their own allocation blocks, and then allocate those sequentially, much the same way IPs are done (ISPs get a large block, and then they give out the individual IPs).

As for how other countries do it, Looks like they just give everyone a simple ID too, though the UK's might be a bit less predictable. As for a better alternative, they could start issuing smart card national IDs, then your IDs become crypto keys, and through the magic of crypto it can be made so it can't be publically viewable and wouldn't be copyable (use challenge-response authentication with the IRS directly, and then giving the banks the transaction number and whatnot). But people don't like the idea of the IRS giving everyone out crypto IDs like that, and it would break paper forms.

Re:Why do SSNs persist?

[Solandri]

SSNs aren't the problem. If SSNs didn't exist, the companies would just figure out a different way to tag you with a unique and permanent ID. That's what happens in web browsers - your SSN is not available, so they've come up with all sorts of cookie and cross-referencing schemes to uniquely identify each individual (or at least the computer they use).

What's needed is some kind of new three-party encryption system (vs public key cryptography which is two-party). One party (the government or credit bureaus) act as a repository for the information, acting as a neutral third party which maintains and validates the consistency of the data. They can also strike certain records if authorized (presumably with the agreement of the two other parties). Another party (lenders) should have keys granting write-access to the repository, so they can report good/bad creditworthiness. And finally only you should have the key to grant read-access to your personal record in the repository.

This would serve the needs currently filled by credit reports, while also allowing the individual to control read privileges thus preventing the current situation of credit agencies selling your info to anyone they please. The lenders can just assign you the worst possible credit risk status if you ask them for a loan and refuse to give them read-access to your credit record.

There might be a way to make this work with public key cryptography. But upon cursory examination the part which seems to not work is that with public key encryption if you control read-access (by giving out your public key), then you must control write-access (with your private key). So if a lender wanted to post a negative item to your report, you'd be able to veto it by refusing to encode it with your private key. Come up with a three-party encryption system and it should work. Only party A can grant write-access. Only party B has write-access. Only party C can grant read-access. And for good measure party C's read-access should be on a one-time-use rolling key, so if you give the bank permission to read your credit report once to open up an account, they cannot read it again any time they want in the future without your permission.

Re:Why do SSNs persist?

[necro81]

I choose my words carefully, so please don't mistake my meaning. I said "craft the outlines of a better, more secure system". I didn't say a foolproof, catch-all system that would solve everyone's problems with a sprinkling of magical unicorn farts. I said outlines, not a fully implemented solution. I also said a better, not the perfect be-all-end-all because, as you and I both recognize, there is no perfect system.

And, if it were not blazingly obvious from how I'd written it (I thought including "armchair thinkers" in my post would have been a giveaway), I was speaking of thought experiments and white papers. However, get enough intelligent people together with their ideas, and yes, absolutely, you could come up with a good replacement.

The reason "the banks" haven't done it themselves ought to be obvious - banking is just one of a dozen instances where SSNs are used. No single industry is going to tackle the problem on their own - why should they? Unless you change it all, you may as well change none, because SSNs would still be cross-referenced to the new system.

Re:Why do SSNs persist?

SSN is the only federal ID tag that every American is guaranteed to have.

Not true, you are not REQUIRED to have a SSN, though it helps in many situations and people often question why you don't have one. There are several guides out there on how to remove yours.

http://www.ehow.com/how_5764619_remove-security-number-government-system.html

Re:Why do SSNs persist?

[houghi]

In Belgium there is a 'General Identifier' It is your birthday + some extra numbers as there will be more then 1 person born on the same day.
This is then linked to an (obliged) ID card.
The ID cards have a chip that can be read by a generic cardreader. Applications are available online, as well as the open source software. http://eid.belgium.be/en/ for more information.
So you have your ID. This will then be linked to the Central Balance Sheet Office http://www.nbb.be/ where all credits are available for certain institutions (e.g. banks and credit card companies) to see if you are allowed to have a new credit.

e.g. when you already have some credit cards with a too high credit risc, they are NOT allowed to give you more credit. If the address at NBB is not identical to what is on your ID card, your credit will be declined.

Then there is the social security number that will be linked to the master ID as well. However again a separated part, http://nl.wikipedia.org/wiki/SIS-kaart which will be replaced by the National ID of the eID.

When you get a new job, what they will ask you is the social security number and your ID-card. Soon this will only be the eID card.

If your eID gets stolen, or it gets lost, you go to the police, who then block the card for further processing.

The system is not water or idiot proof. It is close enough, I would think. Verification of a card is valid or not is easy : https://www.checkdoc.be/CheckDoc/. So if you have any reason to verify an ID card (e.g. rental company, sales entities, ....) they can easily do so. In stores easily with a card reader linked to the above.

Now imagine I am Mr. ID Theft and I steal your ID numbers. I must be very fast in doing everything and hope you did not already call in the ID as stolen. Then I must also pass other standard tests at a company.

Next to this for several things (like opening a credit) you need to get an official signature. Faxing will not work. That means you must either send a letter or go to an office and present yourself.

So all in all, I think it has several advantages (even though not 100% foolproof)
1) Open
2) Transparent
3) Easy to verify and use

e.g. while I typed this message, I regiterd on checkdoc.be and verified my card. It is valid.

Re:Why do SSNs persist?

Here in the Netherlands we have a 'citizen service number' it is unique for every person born, number are never reused. It is probably a simple counter of some sorts.

Only the government is allowed to use this number of uniquely identifying a person. Other companies are specifically not allowed to use this number for identification. In fact I share the name and birthday with someone else who has a bad credit record, they told me they could not add this number to the database because that was not allowed, they could only add a note in the database that I was not the same person as the other person.

The number is unique in Europe by prefixing it with the letters 'NL'. If you start a company, your company starts with your service number followed by B01, and counting up for each company you start.

This service number is known to be public record and can therefor not be used for authentication.

Re:Why do SSNs persist?

[jeffmeden]

I choose my words carefully, so please don't mistake my meaning. I said "craft the outlines of a better, more secure system". I didn't say a foolproof, catch-all system that would solve everyone's problems with a sprinkling of magical unicorn farts. I said outlines, not a fully implemented solution. I also said a better, not the perfect be-all-end-all because, as you and I both recognize, there is no perfect system.

And, if it were not blazingly obvious from how I'd written it (I thought including "armchair thinkers" in my post would have been a giveaway), I was speaking of thought experiments and white papers. However, get enough intelligent people together with their ideas, and yes, absolutely, you could come up with a good replacement.

The reason "the banks" haven't done it themselves ought to be obvious - banking is just one of a dozen instances where SSNs are used. No single industry is going to tackle the problem on their own - why should they? Unless you change it all, you may as well change none, because SSNs would still be cross-referenced to the new system.

If a bank (or banks) had a better way of doing it they are more than welcome to; like I said, the cost of the current system is basically the huge fraud departments each must fund in order to keep the status quo. If there was an even marginally better system that wasnt both god-awful expensive (requiring lots of special infrastructure) and infuriatingly difficult ("yes i lost the keyfob, no i don't have time to mail you some of my DNA, i need my credit line unfrozen and the fraudulent charges reversed today!") then yes it would have been pursued. There are many great ideas out there but they all fail the practicality test when applied to 300M americans who, lets face it, ALL need numerous credit/banking/investing accounts.

Re:Why do SSNs persist?

[Cro+Magnon]

The problem, IMHO, isn't SSN as an identifier. It's that SSN is used as a password! I wouldn't care if everyone knew that xxx-xx-xxxx belonged to Cro Magnon, but when someone can buy a car in my name with just that number, that's a serious problem.

Re:Why do SSNs persist?

Technically, it's a foreign key to transactions. It's a person's primary key, and one that is reissued.

Damn foreigners.

Sorry, couldn't resist.

Wow: Catchpa: peering. WTH?

Re:Why do SSNs persist?

[Bob+the+Super+Hamste]

I have a simple solution. I have even written my legislators about it but they don't seem interested.

Solution:
Make it a crime for any business or institution to use your social security number for any purpose other than for taxation or receipt of social security benefits. Punishable by a fine of $1,000,000 per incident. Even better is to make it so that 50% of the fines go to the individuals who's social security numbers are being misused.

Do that and suddenly no one will care what your social security number is since it will only be used for it's intended purposes and if it gets out won't be something that gives an attacker the keys to the kingdom for your identity.

Re:Why do SSNs persist?

[Fitch]

In recent years there have been several failed attempts at creating a more secure identifier based on smartcards, etc. but they always seem to get shot down by two main factions. Those who liken more secure identifiers to having a barcode tattoo applied at birth and be done with it, and those who benefit from the pathetically trivial level of security the present system provides.

I'm of the mind that any new system can only be as effective / secure as the government that institutes it, and the voter polls have been giving those branches of government resounding F grades for a good while now.

It boils down to which social asset you value most. Privacy, security, or freedom. Choose one and move on to the cashier (IRS).

Re:Why do SSNs persist?

[Anne+Thwacks]

Lots of people use other people's NINOs - mostly for criminal purposes. When dealing with tax or benefits, it is the equivalent of the long credit card number.

Re:Why do SSNs persist?

[Gr8Apes]

The creators of the SSN had 2 specific declarations: the SSN was never to be used as an ID, and the SSN was never to be used for any other purpose than SS. When banks, financial institutions, and the gov, started using them for other purposes (Tax IDs anyone?) the entire original use got subsumed and stuff hit the crapper.

Re:Why do SSNs persist?

However, if you are able to use alternative methods of identification, such as a birth certificate, driver's license or passport, to enjoy the same privileges as fellow American citizens, the government will no longer be able to track activities using the Social Security number, making it useless as a data collection tool. Read more: http://www.ehow.com/how_5764619_remove-security-number-government-system.html#ixzz2iOUP2jNh

Therein lies the problem. You CAN'T enjoy all the same privileges, nor even the same RIGHTS. Just off the top of my head, you can't claim your children as a dependents nor put them on your healthcare plan unless they have a SSN - and if my kids have an SSN, that's just as easily used to track me as my own.

And even that article says that you can not remove it, just avoid using it. Which may work for a single person willing to live life with a tinfoil hat on, but it won't work for anyone with any sort of family.

Re:Why do SSNs persist?

[DMUTPeregrine]

There are a few problems with a national ID card for the US.
First, it has to be free.
Second, it has to be possible for every US citizen to get one. Many people in the US can't easily get to any federal buildings to authenticate themselves.

For example, the Unorganized Borough of Alaska had a population of over 81,000 people in 2000, about 13% of the state population. This area has no local government other than schools, and much of the population lives very far from even those services. There is simply no feasible way to distribute ID cards to every citizen in the US without either extreme expense to the government or to the citizens.

slightly off topic

[Presto+Vivace]

How to stop cyber crime

Re:slightly off topic

[Bite+The+Pillow]

Your blog sucks.

Watch!

We'll pass some laws that never get enforced.

This why all personal info should belong to us

They should have to receive explicit permission to divulge the info to 3rd parties. If anyone should profit from my info, it should be me.

This is also a problem for Brazil

Experian Serasa has 100% of the credit tracking information in Brazil, and full details on just about everyone who has a bank account and even of those who applied for store credit...

Why the hell did our government allow this, I have no idea. Who the hell needs to fear the NSA when things are this screwed up...

Re:Probably a downmod coming but..

A very articulate and insightful comment. No sarcasm intended

Anything for a Buck

[Rob+Riggs]

Who here thinks Experian will be held accountable? Anyone?

Re:Anything for a Buck

As long as Experian continues to give total and complete access to the NSA, for every shred of information they possess, then they will have a get-out-of-jail card.

Re:Anything for a Buck

[Ambassador+Kosh]

They will be held accountable to shareholders where they will be given a huge bonus for doing this. :(

As for being accountable to us or to the laws they broke? Not a chance. I give better odds on Santa Claus existing than these guys being actually held accountable to a court.

Re:Anything for a Buck

[Jason+Levine]

They will get a vicious finger wagging by the federal government perhaps with a "big fine" (that they pay with the money they make during 2.3 seconds of normal business operations). They will hang their heads in shame until the news cycle about this is over (a day or two), promising to completely revamp how they operate.... and then they'll go back to normal business operations until they are caught doing this again. (At which point, start reading from the beginning of my comment again.)

Re:And, who has the Obamacare ID validation contra

[cyberjock1980]

No, but he does make an interesting comparison. It is worth at least mentioning. Is it not? Last I read the contract was a no-bid(aka no competition) contract. Usually those are given to companies that are getting "special privledges" from those high in the political ranks.

What about Experian?

[gr8_phk]

Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud.

Why does someone at one level of the crime get charged but not the one at the top. Remember:

Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info

Why are they not being charged? Using SSNs for certain things is illegal, and selling them probably is too - otherwise what did the other guy do wrong?

Re:What about Experian?

Bribes, kickbacks, no bid contracts, worry about embarrassment of government officials who got campaign money from Experian. The CEOs most likely will still get their bonuses. As general corruption builds up, tolerance of new forms will grow until it hits an unacceptable point.

Re:What about Experian?

Because criminal culpability usually requires intent. This would require the prosecutor to show that Experian executives either knew about it or suspected it, or should have known about it but were too wreckless in their supervisory duties. Obviously the latter is more likely, but that can be tough to prove. Experian would bring in an army of experts to explain to the jury why the executives lived up to every reasonable standard, and that these mistakes happen every once in awhile, etc.

In many other countries criminal culpability doesn't require such a high standard of intent, and in some cases none at all. These also tend to be poor and underdeveloped countries, where moral outrage tends to drown out reasonable business expectations. These are countries where philosophy students write the laws.

There's a reason why America is the richest country in the world. We have one of the best environments for business in the world. We just have a really fscked-up wealth distribution problem, and also a drastically underfunded investigative apparatus to enforce our existing white collar crime laws.

Re:What about Experian?

[Obfuscant]

Using SSNs for certain things is illegal, and selling them probably is too - otherwise what did the other guy do wrong?

Using anything for certain things is illegal. Is it thus illegal to sell anything?

Using pseudoephedrine to make meth is illegal. Should it be illegal to sell pseudoephedrine? (Correct answer: no. Shortcut governmental answer to try to prevent meth labs: of course.). Oblig. auto analogy: cars can be used to run people down (illegal). Should selling cars be a crime?

Re:What about Experian?

[ImprovOmega]

Using pseudoephedrine to make meth is illegal. Should it be illegal to sell pseudoephedrine? (Correct answer: no. Shortcut governmental answer to try to prevent meth labs: of course.).

If they actually had a replacement for it that worked as good as a nasal decongestant I would be all over banninating it. Unfortunately it is simply one of the best decongestants out there and none of the alternatives work for crap for me.

Re:What about Experian?

You would be surprised at the number of companies that buy and sell your SS number.
As one example out of many possible, look at the terms of service at E-Trade.

Re:What about Experian?

[s0nicfreak]

It's already illegal for ME to sell pseudoephedrine. It's also illegal, in my state, for me to buy enough pseudoephedrine for both my husband and I to take the normal amount per day.

The pharmacy gets a special and regulated (by laws) pass to buy and sell pseudoephedrine. If they decided to just not pay attention, leave pseudoephedrine out on the shelf, not have a system where it asks for ID when pseudoephedrine is scanned, not educate the cashiers that it is suppose to be regulated; and someone bought a bunch and made meth, the pharmacy would be in trouble too.

Re:What about Experian?

It's almost funny how your second and third paragraph describe each other. You explain WHY America is the richest country in the world, attribute blame, and also provide a solution to avoid the mentioned problem of wealth distribution. It is obvious that America would collapse completely if we ever actually prosecuted corporate crimes in an effort to stop them (and thus relieve American citizens from being used as collateral fodder in money games for the extremely wealthy).

Re:What about Experian?

[unitron]

Here I go undoing a bunch of mods to point out that Propadrene (phenylpropanolamine) works much better than psuedoephedrine, but it was an even earlier victim of the DEA so that you can't get it at all now (although apparently you can buy the version for pets online), not even if you jump through all the hoops you have to just to get psuedoephedrine these days.

Saw some drug cop being interviewed on C-SPAN back when they took it off the market and he dismissed those of us who had relied on it as "having the sniffles".

It's the first time I ever wanted to hold someone down and pack their sinuses with Quik-Crete.

Re:And, who has the Obamacare ID validation contra

You realize the government already has all of our social security numbers, right?

Re:And, who has the Obamacare ID validation contra

Kinda makes one wonder if the "BOOOOSH IS TEH EVUL!!!!!" fools were just projecting, doesn't it?

Re:And, who has the Obamacare ID validation contra

Thanks Obama.

Re:And, who has the Obamacare ID validation contra

[Presto+Vivace]

Feds to use "consumer reporting agencies" to determine eligibility despite penalty for perjury.

Re:Probably a downmod coming but..

Insightful.

What about the other two

[imatter]

I have to imagine that Experian is not alone here. They just got caught.

obDilbert

http://dilbert.com/strips/comic/2010-10-14/

Re:Probably a downmod coming but..

[binarylarry]

Agreed. I'd vote for hanging some of the Experian exec responsible for this.

Re:Probably a downmod coming but..

[lymond01]

WHAT THE FUCK!!!?!!!?

According to TFA, basically the company that Experian purchased had already been selling information to the notorious 24-year old cyber criminal. Once the company was purchased, Experian didn't review its own transactions closely enough and inadvertently sold our SSNs to the guy too. Monthly. The Secret Service found out, captured the 24-year old, and it's unknown if Experian, credit watchdog, will suffer for sleeping on the job.

I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability. I suppose we'll need to off Experian's Uncle Ben to get our point across...

US credit reporting violates privacy of millions

[bradley13]

Credit reporting ought to have everyone up in arms anyway. Every company an American does business with sends personal, financial details to these agencies. No permission required. The agencies themselves have a shared monopoly, but the size of their market is static. So they are always looking for quasi-legal ways to make even more money by selling your personal data. Sometimes quasi-illegal.

The whole system stinks. Americans need to get themselves some privacy rights...

Experian one of the worst

[Lysol]

My family and I were looking to move recently. Of course, we have to print out our credit reports. It used to be nice years ago when Yahoo had a service where you could easily get all 3 in just a few mins. But I'm sure since that was actually useful in real life, someone had to end it. So now, you have to log into the big 3 separately and request your 'free' report.

Of course, it's not 'free' since there's quite a bit of time involved in just getting it. You have a right by law to get this information once a year, but in order to do so, you have to put in your credit card. Red flag right there. This 'entitles' you to a free month of credit 'protection'.

After your done with your 'free' month, you have to call and cancel or else they'll charge you. Yup, you're right, no easy way to do that, no cancel account link or button to click - you gotta get on a phone and do an old school call. To keep the good times rolling, once you're actually off hold and connected to someone, it's some call center in another country. Mine happened to be India. What ensued next was back and forth on just getting the fucking thing canceled. There were many "just a moment" pauses and even a few upsells. I had to tell the guy 3 times I want to cancel. Just click the cancel button in your crappy web app.

30 mins later, I was off the phone. This company and the people that work for it are trash, plain and simple. They are a scourge on society and a drain on humanity. And along with banking (and warring I guess), credit 'scoring' and manipulation has to be one of the worst human endeavors ever. I don't understand how these people sleep at night and I'm not surprised they're selling people's info to whomever will pay.

Re:Experian one of the worst

[sconeu]

I've *NEVER* had to enter a credit card to get my free credit report. Where the hell are you going to get it?

Re:Experian one of the worst

[sandytaru]

I use Quizzle instead. I've never been upsold that way.

Re:Experian one of the worst

Stop spreading FUD. No credit card info is required to get your free annual credit report.
You don't have to agree to upsell features like FAKO credit score and credit monitoring.

Re:Experian one of the worst

[HeavyD14]

Next time, go to http://annualcreditreport.com/ for your free report. No credit card or trial required. Takes care of all three agencies at once.

Re:Experian one of the worst

you gotta get on a phone and do an old school call

Good god - I haven't made one of those in about 5 minutes

Re:Experian one of the worst

[bob_super]

But you don't understand, it's charity.

If these kinds of inefficiencies didn't exist, the rest of the world would have a really hard time catching up to the US.
Charity is why went inventing boundless outsourcing, tax loopholes, credit scores, SUVs, TSA...

Re:Experian one of the worst

[Solandri]

That's the official (and only) government site for getting your free credit reports. All the sites asking for your credit card are scam sites (usually run by the credit bureaus themselves) which automatically sign you up for a credit monitoring service and charge your card if you forget to cancel.

All of this confusion and scamming could be eliminated if the government would just move the real site to the .gov domain. Then it'd be easy. .gov = real, .com = fake.

Re:Experian one of the worst

Experian's own endeavor: freecreditreport.com. I was also a victim of this racketeering.

Re:Experian one of the worst

[afidel]

Next time do the credit report through annualcreditreport.com, no need to input a CC number.

Re:Experian one of the worst

There is an official website that does that now. See the FTC page on it.

However, this does not detract from the fact that it is all a scam.

Re:Experian one of the worst

[Qzukk]

I just spend a few bucks and get all the information from this site I found, superget.info. Yeah, you can get it for free elsewhere but they don't try to stick you with signing up with all sorts of bullcrap. Funny, though, I can't seem to log into the site right now, maybe you're right about useful things getting shut down.

Google tells me I can get a free report from https://www.annualcreditreport.com/ but the site looks like one of those crappy scam sites crapped out of a template with some generic stock photos, so I'm not sure I'd trust it.

Re:Experian one of the worst

Central Source LLC runs AnnualCreditReport.com. In the footer of the pages and in various privacy and security pages, the bottom of the page is copyright Central Source LLC. AnnualCreditReport.com is not a government run website. It’s run by Central Source LLC, a company incorporated in Atlanta, GA and is a joint venture between the three credit bureaus – Equifax Information Services, Experian Information Solutions, and TransUnion.

Re:Experian one of the worst

[SeaFox]

All of this confusion and scamming could be eliminated if the government would just move the real site to the .gov domain. Then it'd be easy. .gov = real, .com = fake.

They had one. I remember going to freecreditreport.gov last time I got my credit report, then that commercial outfit got freecreditreport.com and started running all their stupid singing TV ads. I even remember a campaign to educate people that they needed to go to the .gov site for the official report. But it looks the government had to change because for the sheeple the idea a website can end in something other than .com is too difficult.

Try freecreditreport.gov now and you get a redirect to the FTC and told to visit the new site.

Re:Experian one of the worst

[atom1c]

Yahoo! never provided you with credit reports or scores. They merely had advertisements for such crap.

American citizens are granted 1 free annual credit report (NOT score, but the REPORT of the components to any scoring algorithm) per year PER CREDIT BUREAU. (See annualcreditreport.com) It is actually recommended to use the service every 4 months but selecting a different bureau each time -- thus checking your credit report 3 times a year, once for every bureau.

There is no payment. There is no telephone service. Stop spreading bull.

Re:Experian one of the worst

My credit union gathers all three for me at my request for free (once a year).

Re:Experian one of the worst

I've been bit by this.

In a nutshell:
(DO NOT USE) freecreditreport.com is the one with the singing commercials. This is the scam run by experian.

annualcreditreport.com is where you can actually get the free credit report you are entitled too.

Re:Experian one of the worst

[sconeu]

The FTC recommends annualcreditreport.com

Re:Probably a downmod coming but..

[Bob+the+Super+Hamste]

That seems far to kind of a punishment for them. Having them drawn and quartered would be closer but still falls woefully short.

Re:And, who has the Obamacare ID validation contra

[MacColossus]

Which makes you wonder why they are using Experian for validation.

I'll never cease to be amazed...

That more protection is afforded run of themill forum accounts than bank accounts.

Sure, financial institutions spend a boatload more on enforcement, but the premise of simplistic account numbers that must be shared in order to make purchases is insane. Where's the public/private key cryptography allowing me to keep things meaningfully private and secured against theft in the first place?

Re:And, who has the Obamacare ID validation contra

[mcgrew]

For fuck's sake, it has nothing to do with obamacare. Stay on topic and stop trolling.

OK, so they put the ID theft guy in prison, how about having Experian's CEO in an adjoining cell? Why is it legal for Experian to sell my SS#??? I never gave them permission for that.

I'm Dead

[Princeofcups]

These are the same fuckers who insisted that I was dead because someone had mistyped a social security number. Therefore they rejected all credit requests (I was trying to get financing on a car) until I could prove that I was still alive. That's right. If they make a mistake, the victim, errr, customer, has to correct it.

Re:I'm Dead

[The+Living+Fractal]

You type pretty well for a dead guy.

Re:I'm Dead

These are the same fuckers who insisted that I was dead because someone had mistyped a social security number. Therefore they rejected all credit requests (I was trying to get financing on a car) until I could prove that I was still alive. That's right. If they make a mistake, the victim, errr, customer, has to correct it.

You can't let fucking zombies drive man, be serious.

Re:I'm Dead

[HarrySmoot]

He's not dead, He's pining for the fjords.

Re:I'm Dead

[zm]

You can't let fucking zombies drive man, be serious.

He still has his driver's license... but you can't let him get a car loan.

Re:I'm Dead

You are not the customer. The bank is the customer. The bank uses the credit agency to figure out if they should loan you money, or how much interest to charge.

Re:I'm Dead

I was once dead for two years and didn't even realize it.

Re:I'm Dead

[Bob+the+Super+Hamste]

He got better.

Re:I'm Dead

He types pretty well for a newt, too. ;^)

Re:I'm Dead

[mishehu]

If he's in Chicago, I bet he votes quite well too - early and often. :-)

We Need to move away from paper-based identity

[madhatter256]

WE need to switch to DNA-based identification, where computers can lift your DNA sample on the fly to confirm your identity rather than rely on a number and piece of paper that can be easily duplicated.

Re:We Need to move away from paper-based identity

Can't they just receive your DNA code and then sell it to Vietnamese hackers who will use your DNA to access all your accounts? You can't easily change your DNA if it is compromised.

Re:We Need to move away from paper-based identity

Because there are obviously no flaws in that. Such as identical twins, our inability to instantly and thoroughly sequence DNA, mosaicism (if the same isn't always from the same spot)...

And of course the immense privacy concerns of everyone having your DNA.

Re:We Need to move away from paper-based identity

Anyway will be a database wich associates your data with your DNA.

Re:We Need to move away from paper-based identity

[Jawnn]

WE need to switch to DNA-based identification, where computers can lift your DNA sample on the fly to confirm your identity rather than rely on a number and piece of paper that can be easily duplicated.

Yeah, that's a swell idea. We can adjust your health and life insurance premiums at the same time, and even check to see if your DNA is related to any unsolved crimes.

Re:We Need to move away from paper-based identity

[sgt_doom]

No, we need to educate all the idiots out there who cannot even begin to grasp the situation in its entirety.

Re:We Need to move away from paper-based identity

Identical Twins would be fubared....

Re:We Need to move away from paper-based identity

[CitizenCain]

Because there's no way an identity thief could get a sample of your DNA?

Yes, the existing system is an abomination, but that doesn't mean that biometrics are a silver bullet that will fix it. If anything, I think a DNA-based system could be more insecure. I don't think it would be all that difficult for anyone who wanted it to get a hair or a discarded cup or whatever else I discard that has my DNA on it.

It's the old problem of convenience versus security. What is convenient is insecure, and what is secure is "too inconvenient" for the masses to support.

Re:We Need to move away from paper-based identity

DNA-based identity? No way! My twin brother is a total deadbeat.

Re:And, who has the Obamacare ID validation contra

No. It does not. It only feeds the paranoid fuckoffs that post it

Re:And, who has the Obamacare ID validation contra

Because years and years ago people said the government can't possibly do anything right so now everything is done on a cost-plus basis (read: whatever it would cost the government to do it themselves, plus a hefty bonus for the CEO with the expectation that it would be paid back to the election coffers of whoever swung the contract).

Because the Private Sector is The Awesomes and the very pinnacle of competency and effeciency.

please sign this petition

This petition is to get the U.S. Consumer Financial Protection Bureau to bring criminal charges against Experian.

https://www.change.org/petitions/the-consumer-financial-protection-bureau-cfpb-bring-criminal-charges-against-experian

Re:please sign this petition

[kaizendojo]

I should give my name and address to yet another organization? How about you start by logging in with a username instead of anonymously?

Re:please sign this petition

[5KVGhost]

I'm sure they'll get right on that. Right after they deal with healthcare.gov.

Re:And, who has the Obamacare ID validation contra

[EMG+at+MU]

Brining Obama into it frames the discussion on partisan politics. The discussion becomes "Obama and the democrats are corrupt, look at this no bid contract" instead of "The entire goverment, regardless of political party, is corrupt; no bid contracts have been part of the goverment bidding process for years and we need to reform it now".

We get nowhere when we fight about one party over another. But thats how all the debates are framed, and partisan drones are programmed to jump all over the opportunity to blame opposing party while ignoring the same transgressions when it is their party being bad.

Re:Probably a downmod coming but..

[NeverVotedBush]

Makes one wonder what would happen to crime rates and bad executive behavior is drawing and quartering was to be returned as a valid form of punishment for the most heinous crimes.

Bet it would go down...

Correct Website

The correct website set up by law is annualcreditreport.com

I think most people mix up freecreditreport.com (and its crummy commercials back in the day) for the real thing. It's not free.

There is no charge, you get a free report from each agency once a year. It will bounce you to the three websites to identify you but never asks for credit card. Just name and SSN and some questions to verify you.

Re:And, who has the Obamacare ID validation contra

Equifax Workforce Solutions, in St. Louis.

http://nytimes.com/2013/07/17/us/politics/credit-reporting-agency-hired-to-verify-incomes-for-insurance-subsidies.html

Ban the reporting agencies

[Anon-Admin]

This is just another reason to ban the reporting agencies. There would be little to no Identity theft once they are gone. Your credit would depend on you and your relationship with the lender. no anonymous mailings of Credit cards, no SS=good credit.

You would have to have a relationship with a bank or credit company, get to know them. Work up your credit with them, etc. Back to the way it used to work!

Did you know that Credit reporting agencies have caused some laws and restrictions because of there actions. They used to report everything about you. Age, marital status, sexual preference, etc, etc. They used to have no time limits so things on the report would be listed for ever, they used to even ban you from seeing the report. They are all scum bags and the whole lot of them shuld be banned

Re:Ban the reporting agencies

Then you get the problem of lock-in.

I agree that the current credit reporting system (even here in Canada) is totally shit.. but I wouldn't want to be stuck to one bank for all eternity.

Personally I propose a middle ground. Strip out all information that isn't absolutely unquestionably relevant (leaving income, past credit payment history), create a clear and transparent mechanism to evaluate it, and add a tonne of proper oversight / mandate by law. I know this is venturing into nanny-state territory, but free market isn't exactly working out too well in this area either.

What's even more interesting.....

[sgt_doom]

. . . .not only is this the case among those criminal organizations called credit bureaus (as opposed to the other category, rating bureaus [S&P, Moody's, etc.], but these credit bureaus will be potentially involved in the mechanics of Obamacare, or the ACA--national health care program. Just imagine the possibilities. . . .

Re:Probably a downmod coming but..

[Scutter]

At the very least, Experian's board should be held accountable by its shareholders for gross negligence in failing to do its due diligence during the purchase.

Sounds like a win-win for Experian

[bigsexyjoe]

The ID thieves ruin your credit, so instead of applying for one credit card you apply to five since you keep getting rejected. Finally you wonder what's going on and you pay Experian for your credit report.

Re:Sounds like a win-win for Experian

[cusco]

And now you can enroll for their per-month 'credit protection' scam!

Do you have anything without fraud in it?

[genghisjahn]

Well, there's substantive fraudulent frolicking fraud sorbet. That hasn't got much fraud in it.

Re:US credit reporting violates privacy of million

please sign this petition

http://www.consumerfinance.gov/newsroom/consumer-financial-protection-bureau-to-superivse-credit-reporting/

Re:US credit reporting violates privacy of million

[sgt_doom]

Exactly, ever hear of Intellius? Begun by a former Indian H-1B from Microsoft, sued numerous times for financial fraud, and the former CEO of Intellius was convicted and jail for the crime of baby raping (while CEO).

Re:And, who has the Obamacare ID validation contra

Because markets are always right.

Re:And, who has the Obamacare ID validation contra

[cayenne8]

Brining Obama into it frames the discussion on partisan politics. The discussion becomes "Obama and the democrats are corrupt, look at this no bid contract" instead of "The entire goverment, regardless of political party, is corrupt; no bid contracts have been part of the goverment bidding process for years and we need to reform it now".

We get nowhere when we fight about one party over another. But thats how all the debates are framed, and partisan drones are programmed to jump all over the opportunity to blame opposing party while ignoring the same transgressions when it is their party being bad.

I think it frames it in terms of arguments of a federal website and program that is going to be gathering unprecedented personal and medical information on US citizens, and that is showing incredible ineptness of design and implementation through its first website portal is a fair argument to be brought up by anyone remotely concerned about their information, the safety of the information...and well frankly, what the govt does with that info.

It is now called Obamacare...because he owned the name itself awhile back....so, the ACA is synonymous with Obamacare.

No matter what you call it....there is justifiable cause for concern. Remember the other day about the code viewable in the source of the ACA website about "no expectation of privacy"?

Bad Credit

I've said it before and I'll say it again. I have shitty credit ON PURPOSE. I don't want credit. But more importantly, I don't want anybody else opening up debt in my name.

My credit score is terrible. I mean like just about as low as it gets. You wanna steal my ID, go right ahead. Good luck opening up that new line of credit.

Re:Probably a downmod coming but..

Agreed. I'd vote for hanging some of the Experian exec responsible for this.

Presumably hanged by their delicate bits.

Now why on Earth is a Social Security number such an opportunity to rip someone off or commit identity fraud in the US?

Re:Probably a downmod coming but..

My solution, which never gets any takers, is to give them a fishhook enema and then use them as shark bait. With all the reality shows on TV, including one or two about fishing boats, I don't know why this isn't more popular.

Solution: Make SSNs Public Record

The solution to this issue is for the Social Security Administration to publish EVERY SSN along with name in a big set of phone type books, and online. The SSN was never intended to be a secret number.

Banks and credit organisations who use the SSN as some sort of secret code can find some other real authentication method. Publishing them all at once would 'shock' the system into the fix that is needed.

Re:Solution: Make SSNs Public Record

[RenderSeven]

Is it me or is that utterly brilliant? Or dangerously foolish, or both? The anarchists aren't always wrong.

Re:Solution: Make SSNs Public Record

It's retardedly pointless. Banks and credit organizations will not give a shit and will continue to use SSNs for this purpose. It would cost them money to change the system, and would require government assistance (not the monetary kind), so they have no incentive to do anything. The thing is, they don't care when your identity is stolen. You are still liable to a certain point and they still make money.

Re:Solution: Make SSNs Public Record

[careysb]

+1 I've had to argue with more than one health insurance company to get them to not use my SSN as an ID number. Tell you what, along with publishing numbers lets also guarantee duplicate SSNs. That'll fix 'em.

Re:Solution: Make SSNs Public Record

I don't know, I didn't read TFA , but the summary sounded like the authentication method is SSN binded to what websites you visit.

Re:Solution: Make SSNs Public Record

The problem is we use the social as an identifier and a password... we need a changeable password to our financial identities.

Re:Solution: Make SSNs Public Record

[davester666]

They would continue to use it, as there would still be no penalty for them continuing to use it nor would there any benefit for them to pay for changing to something else.

Re:Solution: Make SSNs Public Record

[Woundweavr]

Then how do you make Social Security claims (or Medicare/Medicaid)? My health insurance ID number isn't as private as my SSN but its still how I receive health insurance. It seems even if we made SSN#s public, a new equivalent system would need to be built which would have the same problems.

Re:Solution: Make SSNs Public Record

[Woundweavr]

If you ever have to again, point out that they are covered under HIPAA regulations and those call for guarantor information to not be SSN#s explicitly. Paying premiums counts (as I understand it, IANAL, but I have experience writing software in this arena)

Re:Solution: Make SSNs Public Record

[Pranadevil2k]

Please god no duplicates. I work with these things, it's already enough of a pain in the ass with -illegal- duplicates.

Re:Solution: Make SSNs Public Record

[muridae]

There was never an intent for SSN to not be duplicated. The only guarantee was that it would not be duplicated to someone with the same name! And when the living+dead since 19xx (i forget which year SSNs were issued) crosses the billion mark, you can be guaranteed of some duplicates.

Re:Solution: Make SSNs Public Record

Duplicate SSNs have existed since the 40s, at least, and the new SSN generation rules imply duplicates will happen much more frequently going forward.

Re:Solution: Make SSNs Public Record

The SSN was never intended to be a secret number.

Quite right. There was a time, just a few decades ago, when the police recommended you engrave your social security number onto your possessions, e.g, your bicycle, to make them easier to recover in case of theft.

Re:US credit reporting violates privacy of million

The invisible hand of the markets must not be tampered with..

Re:And, who has the Obamacare ID validation contra

[GodfatherofSoul]

Uh, you have "assumed partisan rant because someone questions a policy" syndrome. Look at my posting history. I'm pretty Liberal. My point is the government is piping potentially 10s of millions of "potential health care customers" to a private company we know sells this information. What's to stop Experian from turning around and using validation information to build profiles for healthcare product advertising?

You don't have to enter CC info.

I do it every damn year without using a credit card.

Re:And, who has the Obamacare ID validation contra

[EMG+at+MU]

I think it frames it in terms of arguments of a federal website and program that is going to be gathering unprecedented personal and medical information on US citizens, and that is showing incredible ineptness of design and implementation through its first website portal is a fair argument to be brought up by anyone remotely concerned about their information, the safety of the information...and well frankly, what the govt does with that info.

Nothing is unprecedented. The government has been collecting all of your data for years, regardless of if the President has a (R) or a (D) next to his name. Bringing Obama into the discussion distracts from the fact that it doesn't matter who the president is, the government will continue being the government and continue doing whatever it wants.

No matter what you call it....there is justifiable cause for concern. Remember the other day about the code viewable in the source of the ACA website about "no expectation of privacy"?

Yes I do, and in that discussion everyone whined about Obama and missed the opportunity to discuss the fact that the government and corporations have always acted as if you "have no expectation of privacy". Hence the fucking story we should be talking about here.

Re:And, who has the Obamacare ID validation contra

[GodfatherofSoul]

healthcare.gov uses Experian to validate registrants. Experian sells account information to whoever will pay for it. You're saying there's no relationship???

Re:And, who has the Obamacare ID validation contra

[rubycodez]

Big corporations have government in their pockets, so they get to tell government they can't do anything right and contracts must be made. The three branches of U.S. government are under the Corporate Branch. It's called corporate fascism.

Re:And, who has the Obamacare ID validation contra

[NatasRevol]

You're welcome!

NOT ENUF!

[TiggertheMad]

Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!

Re:NOT ENUF!

Extra points to whoever can ID this quote!

-HF

Re:NOT ENUF!

[domatic]

But at least we'll bury him in secret so his grave don't get violated.

Re:NOT ENUF!

[soundguy]

Seriously? You genuinely think there are people who don't have a one-way ticket to midnight?

Re:NOT ENUF!

[NoKaOi]

Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!

You're talking about the executives of Experian and Court Ventures, right?

Afterall, the 24-year old is a dumbass little brat who didn't know any better but should certainly be punished for his bad behavior. The executives at Experian do know better, in fact, they're supposed to know so much better that they are allowed to make decisions that affect everyone in the US...who can buy a house, a car, etc. They should get double the punishment of the dumbass kid.

Re:NOT ENUF!

Wasn't sure, it's been its been over 25 years, and much of that time the movie was in legal limbo due to licensing issues. They never actually got permission for much of the music. I have coworkers who are too young to have heard of the famous Unknown Comic. It saddens this old neckbeard.
My nerd-faith is restored.

Re:NOT ENUF!

You Pinstripe barbarians, I'll sue the board for every penny it's got! I'll have you hung and drawn and quartereda - and whipped and boiled and then I'll chop you up to little bits! Until until... until you've had enough!

Re: And, who has the Obamacare ID validation contr

[fscking_coward_2001]

Yes! Thanks for playing.

Re:Probably a downmod coming but..

[cusco]

Now watch for the new Experian advertising campaign.

We know for a fact that criminals have your Social Security number, because we sold it to them! Now wouldn't it be a shame if they were to use that information to ruin your credit (hint, hint, nudge, nudge)? For only $9.99 a month we will make sure that those fraudulent charges don't apply to your credit score, so you can argue with the credit card companies without that worry!

Re:And, who has the Obamacare ID validation contra

[FishOuttaWater]

Who said anything about parties?

You're going to the wrong website!!!

[jsrjsr]

Try annualcreditreport.com instead.

Re:And, who has the Obamacare ID validation contra

[Bite+The+Pillow]

What did you read?

"The work on Healthcare.gov grew out of a contract for open-ended technology services first issued in 2007 with a place-holder value of $1,000. There were 31 bidders. An extension, awarded in September 2011 specifically to build Healthcare.gov, drew four bidders, the documents show, including CGI Federal."

Search for part or all for source. Now, last you read it was a bid contract, invalidating your point.

Re:Probably a downmod coming but..

[Solandri]

I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability.

Nobody "appointed" Experian watchdog over this information. Many companies (banks, lenders, credit card companies, etc) needed reliable information on a customer's past creditworthiness. Experian (and TransUnion and Equifax) collected and provide this information in sufficient quality for these companies' needs, and so they've become the watchdogs.

The problem is a subtle one I've noticed in several fields (mainly HR and hiring). The credit agencies protect against a false positive - one where an individual who is a high credit risk is incorrectly determined to be a low credit risk, and thus the bank gives them a loan. This protects the companies who seek this information before lending out money or equipment.

They do very little to protect against false negatives - one where an individual with low credit risk is incorrectly flagged as a high credit risk. The companies who use the credit bureaus don't really care about this case because it's a "safe" error for them. If they refuse a loan to someone who would've paid it back, they just lose out on the interest. So there's less incentive to verify the accuracy of negatives on someone's credit report. (Incidentally, low interest rates exacerbate this situation. If interest rates are higher, the interest on a loan can exceed the principal, and thus a false negative could become a greater financial loss than a false positive.)

(In the HR case, a HR department which carelessly culls out job applicants based on keywords and unrealistic years of experience is lowering their risk of false positives. But they're also increasing their risk of false negatives and weeding out a lot of qualified people. From management's standpoint, they can see the direct negative consequences of a bad hire. The negative consequences of failing to hire someone who was a good fit for the job are not so obvious. To correct for this, companies should regularly test their HR departments by submitting applicants who are "perfect" for a job and seeing how many of them get asked for interviews.)

Re:And, who has the Obamacare ID validation contra

[HiThere]

In particular the Supreme Court has, IIUC, decided that if you share any information with anyone except your lawyer, then you have "no expectation of privacy". And currently most of the Court has strong Republican leanings.

Neither party is worth ANY degree of trust. A very few individuals within each party appear to currently be trustworthy. (And being trustworthy doesn't mean that they will support your position, it means that they will support their own stated position.)

This is what you get when you have a "plurality wins" electoral system. It took it over a century to get quite *this* corrupt, but I don't think it's achieved maximum corruption quite yet.

Re:Probably a downmod coming but..

[nightsky30]

What The Fuck!!!?!!!?

My sentiments exactly.

Just too big?

[garyoa1]

Another case of too big to fail? Those companies officers never end up in jail. (actually they usually get bonuses) I always assumed that was only banking and stock markets. Guess I was wrong again. :/

Re:Probably a downmod coming but..

[HiThere]

Not much. Harsh punishments are less effective at deterring crime than are moderate punishments that are more likely to happen...unless, of course, you are likely to be punished even if innocent. To be effective the punishment only needs to be sufficient that the net benefit of an act is negative...but they need to be expected to happen if you are guilty. And sooner is much more effective than later.

Yeah, I know these requirements are in conflict. If it were simple, someone would have had a decent government by now.

Just perfect; Annual Credit report

[Trax3001BBS]

For years I've use and have sent many (lots of) people to https://www.annualcreditreport.com/cra/index.jsp
for an anual credit report. In the US your allowed 1 free credit report a year. Three companies are sent
request, so one is able to get 3 reports a year or one more extensive one.

Experian is one of the three companies your request (and information) is sent to. I would imagine
any info I've sent them is now public domain.

Of course I've read the ToS of annualcreditreport https://www.annualcreditreport.com/cra/helpprivacy
it was all good, and still reads that way, till the very end: Last Updated November 15, 2006
I would think there would of been some changes by now.

Not sure if due to "Experian Sold Consumer Data to ID Theft Service", but there's a banner now that says:
Note: The AnnualCreditReport.com website will be temporarily unavailable due to planned maintenance from
approximately 8:30pm ET on October 22, 2013 to 8:00am ET on October 23, 2013.

Won't work

If you want a loan, go to the bank, show them certified copies of your pay statements, sign a legal document listing your other debts (or whatever other information the bank needs for a decision), and that ought to be it.

That only works if the bank wants to limit itself to only lending to credible borrowers. The problem is that there is much more money to be made lending money to non-credible borrowers at usurious rates. The last thing they want is a pile of signed legal documents proving that they knew they were gambling with their deposits on likely deadbeats. If that were the case, they might be held responsible for their calculated risks rather than bailed out when the inevitable occurs. Credit scores act as a buffer (fig leaf).

Re:Won't work

[mdielmann]

If you want a loan, go to the bank, show them certified copies of your pay statements, sign a legal document listing your other debts (or whatever other information the bank needs for a decision), and that ought to be it.

That only works if the bank wants to limit itself to only lending to credible borrowers. The problem is that there is much more money to be made lending money to non-credible borrowers at usurious rates. The last thing they want is a pile of signed legal documents proving that they knew they were gambling with their deposits on likely deadbeats. If that were the case, they might be held responsible for their calculated risks rather than bailed out when the inevitable occurs. Credit scores act as a buffer (fig leaf).

That's one way to look at it. Another is, the interest rate is partially based on the risk of your defaulting. This is basic statistical analysis: If you increase the rate on high-risk people, you can actually lend to them and still make a profit. The other option is to not lend to high-risk people, which doesn't make their lives easier. Remember, these high-risk borrowers came to the lender, and knew they were high-risk in the first place. After all, there are two real options: Either they mitigate the risk of lending to high-risk borrowers; or, don't lend to high-risk borrowers.

The other part that a third-party credit bureau brings to the situation is that it gives a more-reliable means of verifying someone's risk to default on the payment. There are people out there who are happy to defraud the lenders, and the lenders having no easy way to corroborate the borrower's statements of their risk level to default.

Hieu Minh Ngo does not sound Nigerian

[Squidlips]

I am confused.

Re:And, who has the Obamacare ID validation contra

[lgw]

Usually I laugh at claims that the CEO should be in jail when a company does something bad, but in this case there are laws with teeth about credit report info. Unless this was some case where he could not reasonably have known that this was going on, there must be some crime here, times 300 million counts.

The problem with being surprised about this -

[choke]

is that it betrays a dangerous naivete about human nature.

Remember that if something can be exploited for gain, in any way, without some kind of solid governance it will be exploited for gain. This is human nature.

This situation should have appeared inevitable.

Former Experian employee

I'm posting as AC for fear of reprisals but...

As a former Experian employee and Systems Administrator to boot - I have only this to say, "Buwahhhhhhhhhaaahhhahhhhahhhahhhaaaa! Oh god, stop it! You're making my sides hurt!"

Ah - the good old days of Experian! For the record, this was my original CIO's personal nightmare that he shared in nearly every "All Hands" meeting while I was there. He got cut loose and within 3 years so did I and most of the technical experts in the US. RIF'd because we're expensive help. Remember, Experian is NOT an american company. It is listed in the London stock exchange since it was originally bought by "GUS Plc" back when it was TRW. So, now that the Experian CIO position has shifted back to the Brits (it was an American when I first started), they're GUTTING the IT infrastructure staff in all of the "expensive" locations (i.e. - the US) and outsourcing to places like Costa Rica. No offense to anyone in Costa Rica - but they are very late players in this corporate reshuffle and have NO voice in any IT decisions. We (the US IT infrastructure staff) have been warning senior management for nearly a decade (I was employed for 8 years) that they were SERIOUSLY screwing up each and every corporate acquisition company integration. Since there was NO oversight of the IT integration (at any level) is it any kind of shock that there was little to no oversight of the account management of customers in these subsidiary's?

It's a shame that the good people I know in that company will now pay the price for senior management greed and stupidity. And yes - I agree with everyone who posted about the predatory website and practices by Experian with the so called "free credit report". What a freaking racket. If it's any consolation - I argued against it (and so did all of the web developers and IT staff) but senior management was looking to hook all customers any way they could. Sorry if this sounds disgruntled - truly I'm more disillusioned and saddened because I know how much effort the good guys are expending trying to make it right from within. Poor bastards.

They sold your ss# ?

[jwestveer]

Where did they get your # ? You gave it to them ? And the sale of your # surprises you?

Re:They sold your ss# ?

[konohitowa]

I have never given my SSN to any of the credit reporting agencies. And yet they have them.

STERRRRRRNNNNNN!!!!!

and I vote for putting the perpetrator's head on a pike as a warning to future generations to take data security seriously.

Re:Probably a downmod coming but..

[synapse7]

So are all SSNs compromised?

If true...

[PortHaven]

I am pretty much for a $100 billion dollar fine. Those stupid credit reporting agencies are bane to American's. So if they're going to cause actual illegal harm. They might as well be nailed to the wall. They sure nail us....

depends what side you're on

[tacokill]

I am a very happy customer of the credit reporting agencies. The information I receive from them is well worth the price I pay and helps me make better credit decisions.

I don't really care if you don't think a late payment from March 2007 is relevant to my credit decision. What really matters is whether I (the lender) do and by my actions and words - I do care. You are coming to me wanting to borrow money, not the other way around. I want to know as much about your payback and credit history as possible. Sorry, that's how it is.

(P.S. This is +5 insightful now?.....)

Re:Probably a downmod coming but..

There's 2 problems I see here:

1, that Experian has shareholders, and is a profit-driven (assumption) entity(yes, 1 of 3) in charge of US citizens credit ratings.

2, that gross negligence or failed due diligence, at State or Federal level, even needs to be considered as prosecutorial.

Heads on fucking pikes! Our country has enough problems. You want to start fully questioning every single persons credit rating in the US? We might as well start over from scratch!

Re:US credit reporting violates privacy of million

"Every company an American does business with sends personal, financial details to these agencies."

Only if they want credit. There are plenty of people who live cash based lives and have no credit score to speak of. It seems like you're asking for all the benefits (easily attainable lines of credit on varying terms, where overhead is minimized by reducing fraud, that can be used in place of currency to complete transactions, etc etc) without the structure that makes it possible.

Re:Probably a downmod coming but..

[steelfood]

Sorry, you don't know how credit bureaus work. First, they gather as much data as possible on everyone and everything. Then, they tell everyone they have data on everyone, and that they're a one-stop-shop for information of anything and everything. Then they blackmail you by threatening to put negative information on you into their profile (downgrade, lower credit score, etc.).

Those are credit rating bureaus. That's how the system works. Why it came about is an entirely different story, but is closely tied to the fact that banks can hold entire countries ransom. The system that gives banks this power also gives the other the same power, but over individual entities.

Re:And, who has the Obamacare ID validation contra

[jedidiah]

Except the Obamacare website is already a topic of discussion here because it is tech and it's a big fat disaster. The fact that the feds decided to make this company their gatekeeper did not go unnoticed by some of us. The fact that they are embedded in such a high profile government website is not something to be casually swept under the rug with weak attempts at politically motivated insults.

Thats why.

That's why I never give out my entire SSN. If they insist, I tell them it's between me and the Social Security Administration. Now, I will make a number up (I have a code that I use so it's always the same, and will not overlap with somebody else's).

Insult to injury

Adobe sent a letter offering free credit monitoring provided my.... you guessed it Experian...

Experian = healtcare.gov phone support

Experian handles the phone support for the healthcare.gov site.

Where are the criminal charges against Experian?

Accessory to a Felony is serious business... oh wait, they're a giant campaign-contributing corporation. They don't have to follow the Law.

Re:Probably a downmod coming but.. -- answer

To answer your question about 'who appointed Experian' - the answer is that prior to the 1980's there were thousands of credit bureaus selling credit reports to banks around the country. Then Fannie Mae, the Federal group that guarantees home loans, switched to only requiring 3 deduped sources of Credit for guaranteed loans. Within the next few years all but 3/4 biggest credit bureaus went out of business and local/regional credit bureaus went out of business or switched to collections.

Re:Probably a downmod coming but..

[gsgriffin]

They're up 24 points, 2% right now. Don't think investor care so long as they make money. $1,224/share is pretty staggering.

Here's a thought

[g0bshiTe]

How about penalizing Experian for selling the information in the first place.

Re:Probably a downmod coming but..

I genuinely believe this is the only cogniscent response possible to this.

How the FUCK DOES THIS HAPPEN?!?!

Easy answer

Most other country, like germany, france, you get a national ID. So you can do your financial tx on that national ID, and since it is an official paper you are asked to show, with photo, and other information, that is more difficult to fake than jsut a SSN#. Our SSN# on the other hand is only used in medical situation.

In the US OTOH people are quaking in fear about a national ID, when in reality htey have an already existing national number , but a crappy unsecured one : the SSN#. So instead of a good system (national ID) bank and others rely on a single very very crapy SSN#. Will that change ? Not anytime soon. Too many people fearing "a national ID" (and the "paper please"), not understanding that they are *anyway* already listed. *shrug*.

Re:Easy answer

For your Europeans Social Security numbers in the US are not used for on-the-spot identification checks. A social security card contains the holder's name and a 9-digit number. It was originally intended as a social program to ensure that people would have some money to live on after retirement and everyone who works had to be issued one. Our state issued driver's licenses serve the same purpose as your national ID cards and are issued with that in mind and therefore contain more or less the same information. The problem is that everything is linked through your social security number including that driver's license, your bank account, taxes, cellphone contract, utility bills, insurance etc. It also wasn't always this way. I am 44 and I remember this just stating after the mid to late 80s once computers and databases started becoming highly affordable and ubiquitous.

Re:Easy answer

I forgot to mention that since our state government issued driver's licenses are linked to our federal government issued Social Security Numbers, that we effectively do have "national IDs" even though we don't call them that.

Re:Probably a downmod coming but..

I hope Experians credit is trashed.

Re:And, who has the Obamacare ID validation contra

[P-niiice]

When congress is a revolving door into a cushy job with your supporters, and business can give unlimited money to candidates anonymously, I think we've reached the end, unless bribery becomes 'speech'.

Re:And, who has the Obamacare ID validation contra

[outlander]

This. I mean, private third-party validation is useful, but it shouldn't be the auditor of last resort.....

Re:And, who has the Obamacare ID validation contra

[outlander]

Actually, it was the GOP who initially dubbed PPACA "Obamacare."

While the term "Obamacare" reads as disparaging the paln to certain parts of the GOP base, the use of the term may prove detrimental to the GOP in future, if it works. Given that MA enacted the same general plan as "Romneycare" based on Heritage Foundation ideas, and that it's generally worked OK in MA, the association of (the potential success of) individual-mandate private healthcare with the Democrats means the GOP threw away a mimetic advantage. If they'd called it "Romneycare Redux" or something like that - which is to say, associated it with its initial instantiation - they'd have kept a connection to the GOP.

I'm not too concerned about it. While it's not perfect, it's not godawful, either, and I'm curious to see how it'll play out. I'm hoping it does, not out of ideology, but because I know too many people who have been wiped out by medical costs when insurance dropped 'em -

Re:Probably a downmod coming but..

[dewrox]

In the words of Brick Top... Feed 'em to the pigs.

Re:Probably a downmod coming but..

[Kythe]

Was kinda curious about that, too. Seems like that might be important information.

corporate attitude

don't care, got paid

worst case scenario some low level exec who doesn't come from a rich family will be thrown under the bus and fired

Re:Probably a downmod coming but..

Remember that a corporation is "a person" until it means some of the people in the corporation are guilty of a crime and then it's not "a person" and they aren't innocent of any wrong doing except maybe a civil lawsuit. Any lawyers out there listening? This could be a HUGE money grab for you, and maybe you could do enough damage that Experian would have to fold, could be the biggest class action lawsuit ever if there really are that many social security numbers out there floating around now.

Re:And, who has the Obamacare ID validation contra

[cayenne8]

Nothing is unprecedented. The government has been collecting all of your data for years,

I would posit that the past collections, by different departments (that often consist off stove pipe systems that can't easily exchange info) was quite different than the large gathering now, along with wide spread aggregation of other govt (and some private systems I'm sure, remember them getting info from Acxiom ?)....tying it all together along with your health records and the short step to social accounts, etc?

No, I'd say this is one large step that is unprecedented. I'd imagine much of this info would be used to help "clean" up NSA gathered data for them.

On that note...an interesting article how Acxiom helps clean up data for others: LINK to article where Acxiom helps clean up your data for Facebook..

Re:And, who has the Obamacare ID validation contra

[cayenne8]

Oops...missed the previous LINK above to the Acxiom and Facebook program to help make sure they know who you are, no matter what names you use.

Re:Probably a downmod coming but..

[Samantha+Wright]

The bill would die immediately after being introduced, if not because of its blatant immorality then because of corporate lobbyists. I find it strange that people fantasize so much about a legislature comprised almost entirely of corporate lapdogs turning on its masters.

Re:Probably a downmod coming but..

[nitehawk214]

At the very least, Experian's board should be held accountable by its shareholders for gross negligence in failing to do its due diligence during the purchase.

Did they make money on the deal? Yes? Then my guess is the shareholders give the board a pass.

Re:Probably a downmod coming but..

Shareholders will not care if Experian doesn't get a sizeable fine.

Re:Probably a downmod coming but..

[nitehawk214]

So are all SSNs compromised?

Yes, but they already were anyhow. Any organization that uses SSN as an identifier, or worse, as authentication, should be penalized. (I am looking at you, Banks and Government)

Re:Probably a downmod coming but..

[St.Creed]

In The Netherlands it's illegal to use an SSN unless mandated by law. It's specifically banned for authentication purposes, and even if the person gives permission it's still illegal.

I'm pretty happy with the current privacy laws. Unfortunately the local secret service walks all over them.

Re:Probably a downmod coming but..

[theshowmecanuck]

I find it strange that people fantasize so much about a legislature comprised almost entirely of corporate lapdogs turning on its masters.

Way to put a bullet in people's dreams.

Let's be real?

Ok, let's. Failing to track people is not an option. That is not even on the table, and it never will be.

Tracking you adds no value to you. However, it adds value to the lender. You don't think they need to know some of the information, but they want to be the deciders of that.

So, there is a lot of money in tracking you, and in deciding the right interest rates to charge you. The numbers are not trivial, and they benefit those who are already extremely wealthy and powerful. Because of this, there will *always* be tracking.

Your efforts at stopping it are misguided and futile. The only thing you could hope to accomplish is the establishment of a more secure way to do the tracking. Your efforts would be far better spent there.

That's reality. Adapt to it.

We should first make it illegal to do this

[dutchwhizzman]

We should first make it illegal to do this. In fact, we should making gathering or selling credit info and social security numbers illegal for anyone but the government themselves. The only use is for companies to charge you, the USA people, more money for their services. They do it under the pretence that if you check out, you get a discount, but you never do. If you don't check out, you don't get a service at all, except with companies that charge way more because they want to counter the risk somehow. A law that contra-beneficial to over 90% of the people is not in anybodies interest, so it should be made illegal that this is possible at all.

Experian and the ACA

Isn't Experian the outfit HealthCare.gov hired to "validate" the identity and income of persons applying for health insurance on ACA (Obamacare) exchanges? Looks like one more flaw in the implementation of the Affordable Care Act.

Re:US credit reporting violates privacy of million

I don't use credit in any form; it's a habit I was forced into after college, when student loans bogged down my credit score. After paying them off I saw no reason to go back to a life of owing others money. I would love it if I could just work and get my pay handed to me in cash. There's no reason for this to need extra structure to be possible. But few companies agree to it, because it's easier for THEM to not deal with cash, because they've got some deal with the bank, and for whatever other reasons. Therefore I am forced into using the system, so that I can get paid.

Re:Probably a downmod coming but..

[randy6240]

The US Supreme Court has "interpreted" that the 14th Amendment grants Corporations person-hood. Since most states have a death penalty, how about a law that, in capital punishment cases, could exterminate a corporation - as in Chapter 11?

real FICO scores

www.myfico.com

Re:Probably a downmod coming but..

A bit ambigious though. The line between "criminal" and "respected company" seems rather thin on this one, mostly a matter of already being established and one of size. Gather data (possibly by buying up data in bulk) and selling it. How do these business models differ so much the non-American[tm] guy gets prosecuted and the American[tm] company doesn't?

Re:Probably a downmod coming but..

shouldn't Visa, MasterCard, etc be up in arms over this? They are "Credit" card vendors who will likely pay the price for this information getting out an allowing credit crimes to occur.

Re:Probably a downmod coming but..

[Neuroelectronic]

I'm fucking furious and I'm wondering who's going to step up to fix this clearly hugely impactful news that seems mostly absent from above the fold..

Obamacare

[uvajed_ekil]

Recently I signed up for an account at healthcare.gov, and upon trying to login for the first time, I was given an error message. The message directed me to call the Experian help desk at 888-xxx-xxxx! So Experian is too busy selling my info to identity thieves to bother verifying it for the Federal government so I can buy health insurance? I'm not sure which is more troubling, that the government has put me at Experian's mercy or that the system is so broken. Personally, I'd prefer never to deal with Experian ever again, after how much trouble they gave me when I pointed out that they had all sorts of incorrect information about me on file. First they screw up my credit, then they sell my info to thieves (again?), and now they are preventing me from knowing whether I will be able to see a doctor or not in a few months. Great job Experian, and great job using them, Dept. of HHS.

Re:Probably a downmod coming but..

[Jeremy+Erwin]

Experian needs to close its business. Pay fines, restitution, etc, and distribute whatever remains to it's shareholders.

Re:And, who has the Obamacare ID validation contra

Brining Obama into it frames the discussion on partisan politics. The discussion becomes "Obama and the democrats are corrupt, look at this no bid contract" instead of "The entire goverment, regardless of political party, is corrupt; no bid contracts have been part of the goverment bidding process for years and we need to reform it now".

Funny how the Democrats are suddenly all about sharing the blame when the finger is pointed at them.

need DMCA for private info

[Mike_K]

"with big data comes big responsibility"

Simple: any company that leaks private information of US citizens (or allows it to move off-shore) should be subject of $10,000 fine per person (throw in some jail time for executives and board of directors). Plus, the law should explicitly allow class action suits and forbid contracts that take away that right. And proof of damages should not be required.

This leak supposedly disclosed data for 500,000 people, so that would be $5,000,000,000 (Experian goes bankrupt) and Experian executives will rot in prison. Wanna bet there would be class action attorneys at the ready to represent the plaintiffs?

Suddenly privacy protection would become #1 on everybody's mind...

m

Checking your credit score is a bad idea

So, identity theft is caused by actually checking your credit score. :)

Re:And, who has the Obamacare ID validation contra

It doesn't. As someone who setup connections to Experian personally and fed millions upon millions of customer's information to them... It's been happening for a long time.

And if you think this is the end of it, buck up. The only reason this is news, is because someone got too greedy.

Your information is and has been available for a price, for a very long time.

Carders/Credit Fraudsters pay a fixed rate (call it the market bottom.) For bulk identities, and not so surprisingly, so do companies that issue credit.

This rate is almost at parity above and below the table.

To be fair, the accuracy of the carder's data might even be higher... but that's neither here nor there.

You have data on Experian, Transunion and Equifax. And there's fuck all you can do about it.

Re:Probably a downmod coming but..

One of the few times being comforted with terrible credit and almost assured no one will want to steal identity as a result of this fuckup. Not proud.

Re:Probably a downmod coming but..

Makes one wonder what would happen to crime rates and bad executive behavior is drawing and quartering was to be returned as a valid form of punishment for the most heinous crimes.
  Bet it would go down...

It might, but what I believe would frighten those who commit these sort of financial crimes more is a severe financial penalty, up to and including being forced to live on minimum wage for a specified period of years, depending on the severity of the crime.

Experian is 'too big to fail'

They had the data, they sold the data, they breached their own privacy notice. But we can't prosecute Experian or they would lower the US credit rating, so we go after the little fish instead. This allows Experian to sell the data to numerous other people in the future.

Re:Probably a downmod coming but..

[davester666]

Yes. And not solely because of this event.

Re:Probably a downmod coming but..

[The+Rizz]

I find it strange that people fantasize so much about a legislature comprised almost entirely of corporate lapdogs turning on its masters.

Way to put a bullet in people's dreams.

Add a gun to those dreams, too, and now we have a possible solution.

Re:Probably a downmod coming but..

[The+Rizz]

Experian needs to close its business. Pay fines, restitution, etc, and distribute whatever remains to it's shareholders.

No. The company should be shut down, and the shareholders get nothing. Until the government has the balls to destroy companies that do something this egregious, and not give the shareholders a walk, companies will keep doing this sort of shit. If a company could be erased entirely, and all stocks devalued to worthlessness, if they do something so massively illegal on this scale then maybe shareholders would hold the companies they own up to some sort of ethical standard, rather than always rewarding them for a company's lack of ethics.

Re:And, who has the Obamacare ID validation contra

[Woundweavr]

Everyone uses Experian. You can't get a credit card, student loan, mortgage, lease, rental agreement, rent a car, buy a car, lease a car, or in most situations get a job without Experian and the two other credit agencies being used. This has as much relevance to the ACA as it does a Toyota Corolla or Home Owners Associations.

Re:Probably a downmod coming but..

....but then again, what punishment is necessary to turn the act into a net negative if you can potentially obtain millions of dollars? Consider that $100.000 is a decent yearly wage, it would make sense to risk spending years in prison for that kind of money. Obviously, as the chance of getting caught goes down the equation favors crime even more.

I get your point about more effectively catching criminals as being better at "balancing" the equation than harsher punishments, but you can't ever expect to get 100% of them. So, let's consider the master villains at Wall Street that can gain hundreds of millions of dollars from criminal acts. That's easily several lifetimes of income, and I bet that the risk of getting caught is never going to be better than 50%. That means the average gain from committing those crimes is still several lifetimes' worth of income.

The logical conclusion is that you must either raise the efficiency of catching those criminals to something like 90-95% or life in prison is a far too lenient sentence.

Yes, I guess that's a logical argument supporting the reintroduction of being drawn and quartered....

Re:Probably a downmod coming but..

[slashmydots]

That is classic Experian to expand without proper research or any caution at all. They'll acquire anyone who they think will make their credit report info look more accurate or will make them more money. If you've ever tried to get your credit report through a 3rd party, you may have noticed that they're all borderline criminals out to scam you and sell you things you don't need. Go look at MyScore.com if you don't believe me.

Re:US credit reporting violates privacy of million

Free markets include the ability to sue someone for the damages which result from libel. They also allow you to opt out of debt-based finance altogether.

Why do you CONservatives try to steal credit?

It is ObamaCare. The President called it that even before it was passed. Why try to steal credit by calling it by some made-up name? You thieves are all alike. That's why you're all CONservatives. You steal from the people.

BTW....

Experian provides the ID Proofing service for the Federal Hub portion of Obamacare.

Re:Probably a downmod coming but..

[Cederic]

It would be, but really it's only £12.24

Of course, the value of an individual share is utterly fucking irrelevant anyway, market capitalisation is the key statistic here.

Re:Probably a downmod coming but..

[Nov8tr]

Is anyone actually surprised by this? Haven't we known all along what snakes these people were? All we had to do was figure what the NEXT snake move was. Yes jail would be a good start. Corporate punishment would be nice but not likely to convince our wonderful representatives in Washington to do that. Is there even anyone you can trust anymore? sigh...............

Re:Probably a downmod coming but..

Nobody "appointed" Experian watchdog over this information. Many companies (banks, lenders, credit card companies, etc) needed reliable information on a customer's past creditworthiness. Experian (and TransUnion and Equifax) collected and provide this information in sufficient quality for these companies' needs, and so they've become the watchdogs.

The problem is the Fair Credit Reporting Act. It gives these companies freedom from liability if they follow a set of rules. They've failed to follow those rules time and time again, yet their immunity has never been revoked. If we want to fix credit reporting, allow them to be sued for the damages they do when they make mistakes. Just like almost every other business in America that doesn't have a sweetheart deal with the government. The time for this deal is over.

Re:Probably a downmod coming but..

[HiThere]

No. If people don't believe they'll get caught, then harsher penalties are discounted, especially as it makes it less likely that they'll be quickly imposed.

The most important is certainty of punishment.
Second in importance is the speed with which punishment is delivered.
PerhapsSeverity of punishment is third. I doubt it's even that important, though I can't think of a proper in-betweener.

Re:Probably a downmod coming but..

[gsgriffin]

Wow. Interesting. Value of a share is irrelevant. You sound like a politician with that stock wisdom and insight.

Re:Probably a downmod coming but..

[Cederic]

Ok. Stop mocking and tell me: Why is share price relevant, except as a relative measure?

As an absolute measure it's totally pointless. £12 for a share. So fucking what. HOW MANY SHARES ARE THERE?

If there's one share, the company is worth £12. Suddenly a share price of £14bn sounds reasonable. If there are 400 billion shares than £12 feels a tad excessive.

It's a meaningless measure. Or do I sound like a politician using common sense, logic, financial nous and a background in writing portfolio management software. You decide.

Give us a name

Which Experian executive do we get to justified murder for this? Ok, give them a show trial first.

Sounds harsh? Guarantee it will never happen again if we do it once :)

Re:And, who has the Obamacare ID validation contra

[5KVGhost]

"We get nowhere when we fight about one party over another. But thats how all the debates are framed, and partisan drones are programmed to jump all over the opportunity to blame opposing party while ignoring the same transgressions when it is their party being bad."

No, that's exactly how it should work. When the Republicans do something horrifically stupid it's ridiculous to expect the Republicans to denounce themselves for their own stupidity. They're too invested in denying their own failure. When the Democrats do something horrifically stupid it's ridiculous to expect the Democrats to denounce themselves for their own stupidity. They're too invested in denying their own failure.

Which is why it's absolutely vital to a functional government that the people to whom we grant power are locked in dynamic opposition with one another, at every level, all the time. The "pox on both their houses!" approach is utterly counterproductive. It does nothing but encourage natural opponents to work in common cause against outsiders - and that's you and me.

Re:And, who has the Obamacare ID validation contra

[5KVGhost]

"Bringing Obama into the discussion distracts from the fact that it doesn't matter who the president is, the government will continue being the government and continue doing whatever it wants."

That makes no sense. When President Bush was overreaching with the Patriot Act and foolish military ventures, it was correct and proper to blame President Bush. When President Obama overreaches with the Affordable Care Act, it's correct and proper to blame President Obama. Because Obama is the one responsible for this particular clusterfuck, that we're talking about and experiencing right now.

Complaining about "the government" does nothing to discourage the next idiot in charge from repeating this mistake. And it give the other would-be tyrants no reason to worry about the consequences to themselves: If you get caught, just read a prepared statement about how gosh darn angry you are on TV, throw out a few passive-voice "mistakes were made" non-explanations, and the buck is passed. And then relax as easily manipulated people eagerly rush to reassign blame in a foolish attempt to appear Wise and Above The Fray.

Re: And, who has the Obamacare ID validation contr

Bush did it. Should be called bush cheney act to defraud the poo Dr. Women and children hardest hit.

Seriously though, why a no bid to a fsiled offshore company who in turn offshored to India? Makes no sense. Combined with apparently being constructed of many downloaded java applets to collect / preprocess data would appear a tremendous security breech. I'm just saying.

Re:Probably a downmod coming but..

[messymerry]

I'd vote for hanging all of them...and their brother and sister too. Let God sort them out...

Re:Probably a downmod coming but..

[jjhues7676]

Accountability> NOT IN AMERICA!