Make the credit-issuers like PayPal liable for identity-theft fraud
By Seth Richardson
In what’s becoming an annual ritual for me, I have to once again point out that identity theft is a problem for the victims only because of the lax security policies of credit issuers, the uncaring arrogance of credit reporting agencies, and dilatory state and federal legislatures who refuse to place the burden of identity fraud where it belongs: on the merchants who extend credit without carefully checking the actual identity of the person they are giving it to.
In the news today is the story of how five members of the Aurora City Council had their identities stolen, evidently from records improperly kept by the city itself. More than $2000 in fraudulent on-line purchases have been made in the past few weeks by thieves using a PayPal billing service called “Bill me Later.”
This “service” allows anyone, with a minimum amount of information, including only the last 4 digits of one’s Social Security number, to buy products and bill them to the victim. Experts in information securty have said that one does not even need the social security number because most Social Security numbers were, until very recently, issued consecutively by state and region, according to the date and time of birth. This means that with information about where a person was born, along with their birth date, it’s possible to infer the Social Security number and hit on it fairly easily. This makes quite literally everyone born before last year vulnerable.
This sort of cavalier treatment of innocent victims by merchants like PayPal is unconscionable and outrageous and we need laws to put a stop to it.
Is it the fault of the victims that the merchant sold goods to a fraudster? No, it’s the fault of those who issue credit to individuals or companies without properly ensuring that the person or firm they are issuing credit to is who they are supposed to be. In other words, most financially-motivated identity theft is perpetrated by thieves, but it’s aided and abetted by companies that issue credit that are either incompetent or simply do not care if they wrongfully issue credit to a credit thief because current law prevents consumers from suing them for failing to exercise responsibility.
And this disregard for proper business practice and security is abetted and exacerbated by the credit reporting agencies, who enter derogatory information onto a person or firm’s credit rating without first confirming that the debt claimed by the merchant is valid and is not the product of identity theft caused by lax security on the part of the merchant.
This is no small issue, and the effects of identity theft and lax security can be devastating both financially and emotionally. So much so that victims of lax security on the part of credit-issuers ought to have a cause of action to sue the credit-issuer for damages. But today, the law favors the merchants, credit card companies and banks, to the detriment of the consumer.
This disregard for the rights of individuals to not be impugned or maligned regarding their credit rating, which is a valuable and important part of one’s reputation is unacceptable and must be eliminated.
So who should bear the economic burden for issuing credit to an identity thief? The creditor of course. If they extend credit, they should be certain to whom they’re extending it, or they should suffer any losses resulting from their negligence.
The solution is pretty simple. We must pass laws that shift the burden of identity theft from the innocent victim to the abettors, who are the merchants, credit-issuers and the credit reporting agencies.
This is done by first prohibiting anyone from using a Social Security number for the purposes of identification for any reason other than for receiving Social Security benefits. That’s what the federal law authorizing the assignment of the number says anyway, and it’s time to enforce it upon creditors and credit reporting agencies.
Second, the law must require that creditors must provide, on demand by the alleged debtor, documentary proof that the person or firm to which the credit was issued is in fact the actual person or firm that requested the extension of the credit, and that the extension of credit was properly and legally authorized, in the case of a company.
Likewise, a credit reporting company must provide the same proof on demand that the debt claimed by the creditor was actually and validly incurred by the person the debt is claimed against before entering any derogatory information on that persons credit file.
This would require that creditors make absolutely certain that they have verified identification of the person requesting the credit, just as banks and the post office are required to verify a customer’s identification.
Further, the law should require that some representative of the business actually meet the customer face-to-face and personally verify that person’s identity using certified government-issued photo identification. The law would require both parties to sign a form attesting to the personal meeting and verification of identity and detailing the request for credit, and it would require that the verified photo identification of both parties, creditor and customer, be scanned and made a permanent part of the record. This makes the creditor liable and the agent who extended the credit identifiable and responsible.
The credit issuer would be required to retain this form permanently, and no claim by a creditor would be valid or could be reported to any credit reporting agency unless a certified copy of that form is produced on demand. It would become a mandatory part of any credit contract, without which no debt can be claimed or collection attempted.
This would help ensure that no credit is issued to persons using fictitious or false identity information, and that no false debts or reports to credit agencies can easily occur, as is the case today.
In the event of a dispute, the victim of an identity theft would only have to demand a copy of the form and demonstrate that he or she is not the person identified on the form, at which point all claims against the victim would be legally null and void, and the creditor would be left holding the bag.
Such a law would eliminate the vast majority of identity theft overnight, and it would place the risk for failing to properly verifying the identity of a borrower in the proper place; with the company that issues the credit.
Would this slow down and make more complex the process of issuing enforceable lines of credit? Yes, but that’s a good thing. Credit fraud is directly related to the ease with which someone can obtain it.
Merchants would still be allowed to assume the risk of not properly identifying a customer in the interests of expediency, but if the customer denies the debt, and the merchant cannot produce the legally-required form with a photograph of the purported debtor, the merchant would be legally prohibited from trying to collect the debt.
In short, it’s the responsibility of those who issue credit to be absolutely certain of the true identity of anyone they issue credit to, and they should bear the entire risk of lax identification policies.
It’s time to but the burden for preventing identity theft where it belongs, and take it off the shoulders of the innocent victims.
© 2011 Altnews