US Consumer Protection Official Puts Equifax Probe on Ice

From a report on Reuters: Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax failed to protect the personal data of millions of consumers, according to people familiar with the matter. Equifax said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe. But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump's budget chief. The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money. The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these," he said.

Not surprising

[smooth+wombat]

The con artist administration doesn't want to upset private industry by holding them accountable for their actions (or inactions in this case). Wells Fargo is simply a feel-good tactic.

After all, if he won't take responsibility for all his failed businesses, because as he'll tell you none of those were his fault, why should other businesses have to be held liable?

Re:Not surprising

[bluefoxlucid]

My strategy for identity theft includes legislation requiring the CFPB to follow NIST guidelines on current security technology and implement regulations requiring consumer-ready, current technical countermeasures to prevent identity theft. Regulations are faster to change than legislation (hence the weak language), and the industry doesn't just undo all that overnight (so it has some staying power even with a rogue President).

The current tech for this is FIDO U2F with RSA and ECC. A device holding 1,000 identities costs $18. You walk in a bank, show your hard ID (e.g. passport, driver's ID), and the bank lets you plug in and associate the physical device with yourself with Equifax, TransUnion, and Experian. After that, opening any new credit account requires having that physical device; and if you lose it, you can call the bank to cancel the association but leave the requirement of verification enabled.

Banks need a strong physical presence verification process to open credit accounts. You can open a credit account without being at a bank by knowing what car someone drove 10 years ago; that's no good.

We can do more things to reduce attack surface in the case where the banks are bad actors by way of not doing appropriate verification, such as requiring the bank to be your bank--a branch you physically visited within the past few months, or designated from another branch. Largely, however, we need to remove all the attacks possible from many positions (many points of failure, non-redundant) and consolidate them to a physical bank branch, which we can better-control with stronger regulations on verifying identity (single point of failure, stronger).

Going after Equifax is important: they concealed this breach, took advantage of their knowledge, and otherwise acted with bad faith. In the broad scope, however, it's only important for procedural reasons: fines and threats of action when breaches happen won't stop identity theft; you have to bring pressure for not having the correct countermeasures in place before breaches happen.

Dereliction of duty?

[charliemerritt03]

Federal consumer protection against predatory PayDay loans was "relaxed" also. Gotta save Equifax? How much did they contribute?

Regulatory Capture

[sasparillascott]

This is when someone from the industry or similar industry being regulated gets someone who was their former employee to head the agency that is charged with regulation or in this case protecting consumers from these industries put in as head of the regulating agency to effectively prevent it from acting on behalf of the citizens of the U.S..

This condition is pretty new (at least on the widespread scale it is). In 1970, lobbyists who didn't work for companies and were policy or foreign policy specialists numbered around 100. By 1990 that number was more than 10,000 and nearly all worked directly for companies. Effectively the U.S. government has been taken over by corporate interests in that time (its far more blatant like here with Mr. Mulvaney with the Republicans who have no shame in it being public). Not sure how we get out of it either, seems self reinforcing.

Trump - Constant Liar, Treason, Obstruction of J.

I'll believe 3 unnamed sources in a credible news paper before I believe Donald Trump, who tells such obvious lies that he actually thought he could tells us there were more people in the configurations than we saw in photographs of the events.

But maybe you'd like to enroll in Trump University, where he lied to students in order to con them out of $25k, swiped onto their credit cards if necessary.

Rube.

Pathological liars

[sjbe]

You would not believe Trump if he told you the sky was blue.

I don't have to believe Trump about that. Fortunately a lot of what he lies about I don't have to believe because I can check to see if it is true. What's astonishing is how many lies he tells that are easily and transparently shown to be false. Even about things where there is no benefit to him lying beyond stroking his own ego. But worryingly he does it about things that matter too. So no, when someone is a pathological liar I tend to reflexively not believe them until I see evidence supporting what they say.

The problem with people who judge President Trump so harshly on such inane things...

Spare me. The man is in a position of immense power and what he says matters whether we like it or not. He tells little lies and big lies but the point is that he cannot be trusted.

At some point you stop convincing people that he is bad when they realize you are just petty.

If you haven't figured out by now that Trump is a horrible human being and a terrible president then you never were going to be convinced in the first place and will support him no matter how reprehensibly he behaves.

Re:Pathological liars

[Rob+Y.]

Not true. I'd be the first to agree with Trump if he said something obviously true (like "Donald J. Trump is a big fat liar"). I didn't believe him at first when he said "I could shoot someone in the middle of 5th avenue and get away with it", but I think maybe I do now...

Seriously, during the campaign, I agreed with some of his analysis of the state of blue collar manufacturing in this country. Of course, he was so sketchy in presenting solutions - if he presented them at all - that agreeing with him on those points was no reason to support him. He has no substance whatsoever and didn't even attempt to present substantial policy platforms - or didn't you notice when he finally realized "Health care is complicated" after running around the country calling Obamacare a disaster that he would quickly and easily replace with something much better... Pure con man. There is nothing more to him.

Re:Trump - Constant Liar, Treason, Obstruction of

[aquacrayfish]

The problem with people who judge President Trump so harshly on such inane things is that eventually people have had enough of you.

This in response to a comment on a settled cause of consumer fraud where vulnerable people had their pockets emptied because of Trump. You call *THAT* inane and then act like you're on a high horse. Go troll elsewhere please.

Easy answer

[fahrbot-bot]

... raising questions about how Mulvaney will police a data-warehousing industry ...

He won't. He was appointed to undermine the Consumer Financial Protection Bureau.

From Mick Mulvaney to Run Consumer Watchdog Agency He Hates and others:

As a congressman, Mulvaney called the CFPB a “sick, sad joke.”