Congress and Credit Freezes

CONGRESS AND CREDIT FREEZES….A reader emails to remind me of something that happened a couple of weeks but never made it into the blog: on March 16 the House Financial Services Committee approved the “Financial Data Protection Act of 2005” on a 48-16 vote.

Nothing wrong with that, is there? We’re all in favor of protecting data, after all.

I hardly even need to finish this story, do I? The FDPA is sponsored by Ohio Republican Steve LaTourette, and the theory behind it is that instead of 50 different state laws on data protection we should have one nationwide law ? something that would be a great idea if FDPA actually did a good job of protecting data. Unfortunately, what it mostly does is bring broad smiles to the faces of credit industry lobbyists by enacting an industry-friendly federal law that does less to protect data than most state laws. As the Senate Democratic Caucus of California puts it:

First, it only allows people to freeze their credit reports ? widely touted as the most effective identity theft prevention tool ? after they?ve become an identity theft victim. Second, it only requires businesses to notify their customers when a security breach happens if the breach is ?likely to result in substantial harm.?

I’ll let others deconstruct the notification issues, but credit freezes are one of my hobbyhorses because they’re the best known defense against identity theft. Basically, a credit freeze is a simple option that prevents lenders from reviewing your credit history without your permission. Since lenders won’t issue credit without first seeing a credit report, this prevents ID thieves from opening fraudulent accounts without your knowledge.

Why does the credit industry hate credit freezes? Because it puts an end to instant credit: when you apply for credit, it can’t be approved until the credit agency notifies you and you tell them that it’s a legitimate credit application. (That is, it’s a credit application that you filled out, not someone else.) Unfortunately, the idea that some people would choose to accept this minor inconvenience in return for protection from identity theft terrifies them, which is why they want to limit the option only to people who have already been hit by identify theft. As Debra Bowen, the author of California’s credit freeze law, says, this doesn’t make sense:

Preventing people from freezing access to their credit reports unless they?re an identity theft victim is a little like saying people can?t buy flood insurance until their house is six feet underwater. The whole purpose of the freeze is to let people take a pro-active, preventative step to ensure they don?t get ripped off. Why Congress wants to tell people, ?Hey, there?s this great thing that will help you from becoming an identity theft victim, but you can only use it if your identity has been stolen and the thief has racked up thousands of dollars worth of bills in your name? is beyond me.

Far from overruling state laws on credit freezes, Congress should be doing just the opposite: passing laws making credit freezes even easier and cheaper than they are now. The credit industry, despite their predictable howls of anguish, would undoubtedly adapt with procedures that allowed fast notification and near-instant credit, and of course consumers who didn’t want even this modest level of inconvenience would be free to keep their credit reports as free and unprotected as they are now.

But the credit industry doesn’t want to bother themselves about identity theft since it’s mostly consumers who pay the price anyway, and Congress is happy to oblige them. It’s yet more evidence of Republican subservience to business interests even when it harms their own constituents.

UPDATE: More here on the notification aspects of this bill.