When a consumer applies for credit, a company that is authorized to obtain a copy of the consumer’s report will electronically submit a request for the report. The request must contain specific data about the consumer in order for the credit bureau to extract the correct report.
It is surprising to learn that one of the critical pieces of data, the consumer’s Social Security number, is not needed in order to obtain the report or extend credit. Wow! The credit bureaus only require minimal match requirements prior to providing a report to an authorized party.
The credit bureaus’ refusal to require an 8/9 or 9/9 match on SSN due to efficiency and profitability concerns leaves the door wide open for ID theft. One would assume that the credit bureaus would view ID theft as a risk to the integrity of their databases and an injury to the consumer that should be avoided. Not so much!
Once the credit bureaus realized that identity theft products and related services could be just one more way to make money, they had no incentive to do anything to truly secure consumers’ credit data.
All three credit bureaus offer some form of credit monitoring service that lure the consumer into thinking that while they are helpless against ID theft in general, at least they can be notified when someone attempts to steal their good credit.
For the credit bureaus, this a huge win as they can finally make money from those who have good credit. As you recall, the data of individuals with poor credit is of significantly more value than those with stellar credit histories.
Perversely enough, failing to take any precautions to hinder ID theft creates an additional source of income for the credit reporting agencies. The bureaus earn millions of dollars per year in credit monitoring services from consumers who are running scared from ID theft.
The consumers who do not opt for credit monitoring services will usually pay fees to review their credit reports more frequently. After all, most would think $15 is a small fee to pay to keep your credit and identity safe, right?