Credit Report Freezes
Summary Only (detailed comment attached) Comments of U.S. PIRG: Credit Report Freezes - Comment, Project No. P075420 Edmund Mierzwinski, U.S. PIRG Consumer Program Director 25 February 2008 Summary: U.S. PIRG believes that security freezes (or, to use the industry’s preferred term “credit freezes”) are the only effective means to prevent identity theft. Fraud alerts do not prevent the granting of credit, the industry’s preferred and extremely profitable product, credit monitoring, of course, does not stop issuance of credit either. In fact, credit monitoring is only an after the fact warning. Ideally, security freezes should be free to all consumers (not only past identity theft victims) and easy-to-use. If freezes were free, more consumers would use them. The reason that freezes are needed in the first place is that consumer reporting agencies and creditors do a poor job of protecting customer information, arguably in violation of both the Gramm-Leach-Bliley Act’s Safeguards Rule and the Fair Credit Reporting Act’s standards for data security. In any case, if freezes are not free, ideally a freeze should have only a one-time fee, then no fee to temporarily lift. You buy a lock for your house, you don’t pay every time you unlock the door. If freezes were easy-to-use, businesses and consumers would be happier with them. In states where businesses that issue credit have taken the time to think about the freeze, they’ve realized it should be simple, convenient and fast for a consumer to place or lift a freeze temporarily, and some state laws with 15-minute lifts reflect this. Simple and easy for consumers is simple and easy for business as well. California passed its security freeze law in 2001. Starting in 2004, after we were successful in convincing Congress not to preempt state authority over identity theft protections, U.S. PIRG and Consumers Union (later joined by AARP) launched a highly successful campaign to promote state identity theft protections, including the security freeze. To date, 38 more states and Washington, DC have enacted freezes. So many states acted so quickly because the threat of identity theft is real. Now, even the credit bureaus have embraced the freeze. Of course, their version of the freeze is clunky, slow, burdensome and expensive. If all freezes were low-cost and easy-to-use and also were better promoted by the bureaus, we’d have more consumers using them. If the FTC recommends a national security freeze law, it should recognize that in the 2003 FACT Act, one of the things that Congress got right was not to preempt further state action on identity theft. Any federal security freeze law or FTC rule should serve as a federal floor, not as a ceiling. Finally, we believe that the costs of identity theft to the economy are staggering and that the benefits to society of improving consumer confidence in the safety of their financial information through the implementation of strong, free security freeze laws outweigh any costs to industry.