Last weekend, I (Liz) woke up to an email from credit reporting agency Experian letting me know my password had been changed. I have been known to go down internet rabbit holes when I can’t sleep, but I don’t usually have a particular affinity for personal finances at 2:37 am. When I tried to log in to my account, I discovered that my email address and phone number had also been changed. While this was annoying, I wasn’t super surprised: Over the past nine months, a series of fraudulent credit card applications have been filed in my name (only one of them successful, thank you Kohl’s). I placed a freeze on my credit report a few weeks ago to try to stop it, which I guess angered my hacker friend, so they decided to log in to my Experian account to undo the freeze. Experian, in all their wisdom, assumed this was Definitely Me. Thanks to the fact that Experian doesn’t have seven-day-a-week customer service, this person proceeded to open a checking account, two high-yield savings accounts (no balance, unfortunately), and two more credit cards by Sunday night—very productive, I’m almost impressed! When I finally got hold of someone at Experian on Monday morning, they informed me they couldn’t possibly close my account, give me access to it, or even take access away from the hacker until I mailed or faxed (in the year of our lord 2024) copies of my driver’s license, social security card, and electric bill. In the meantime, the hacker would retain access to my credit report account, all of my sensitive information, and the ability to open all the Kohl’s cards they fancy. Luckily, Lina Khan came to the rescue—a frequent occurrence these days. The Federal Trade Commission’s Identitytheft.gov gives you a nifty checklist for what to do when you’ve been a victim of identity theft, including mean letter templates to send to credit reporting agencies and banks. After six hours on the phone, all of the accounts were closed and I’d placed freezes and fraud alerts with the other credit bureaus. However, my Experian account remains in the hands of our dear hacker. They tell me they’re investigating it, that they’ll be sure to follow up (reader, it’s been 10 days, they have not followed up). This whole thing got me reminiscing to a few years ago when a nifty policy idea was floating around: What if, instead of shady private companies, we had a public credit bureau? Pitched by Demos and picked up by Bernie Sanders’s and Joe Biden’s 2020 campaigns, the proposal would house a public credit registry at the Consumer Financial Protection Bureau (CFPB) and phase out existing for-profit credit agencies. So, I emailed my friend Graham Steele, Roosevelt Institute fellow and former assistant secretary for financial institutions at the Treasury Department (and barred attorney) to see if this was really all that wacky. We think not. My issue with Experian, while extremely annoying, is hardly the worst of it.A few years ago, Equifax announced a data breach had exposed sensitive information about nearly 150 million people. As concerning as that data mismanagement sounds, it’s actually even worse because a bunch of that information might not even be that accurate. A recent study from Consumer Reports found that 34 percent of 6,000 respondents have incorrect information on their credit reports. Credit agencies match information from creditors lackadaisically, not even ensuring the full social security numbers match between reports, relying on just a couple of digits matching. Many people don’t even know what their credit report says, because credit bureaus are only required to give you one free copy per year (and it doesn’t even have to include your credit score). Even when people figure out that there are errors on their credit reports, bureaus often don’t fix the problem. Consumers filed nearly 1 million complaints with the CFPB about the big three credit reporting companies in 2022, and in many cases, they didn’t get adequate responses or changes to their credit reports. Credit or consumer reporting has been the most-complained-about category of consumer financial products and services to the CFPB every year for nearly a decade. Further, there are large variations between the scores credit reporting agencies show to consumers versus the ones they sell to creditors, meaning that it’s nearly impossible for a person to know how lenders are evaluating them. And as Princeton sociologist Frederick Wherry has put it, “The data used in current credit scoring models are not neutral.” Credit scores are less accurate for low-income borrowers and borrowers of color—they’re far less predictive of default risk—and credit bureaus’ opaque algorithms disproportionately code Black and Latino consumers as riskier. Scores include payment history for credit cards and more formal loans (like mortgages), but not rent, utility bills, or car title loans, disadvantaging borrowers of color who are less likely to have “score-able” debt payments. Consumers in majority Black and Hispanic neighborhoods are also more likely to have disputes for errors on their reports. All of this has material effects on people’s lives. Credit scores affect car insurance premiums; whether or not you can get a credit card, mortgage, or business loan, and at what interest rate; and if you can rent an apartment or, in some cases, get a job. Changing what’s included in credit reports—like Vice President Harris’s work on erasing medical debt from credit reports—is a good step in the right direction. But what we really need is a The federal government harnesses quite a bit of power over the shady stuff credit reporting agencies do, and increasingly so over the last 50 years.In 1970, Congress enacted the Fair Credit Reporting Act (FCRA), establishing national credit reporting standards. For example, FCRA limits the amount of time that negative information, like a late payment or foreclosure, can be on a credit report. Further, it regulates what information can be provided to a credit reporting agency and who can use credit reports. FCRA also requires credit bureaus to “follow reasonable procedures to assure maximum possible accuracy.” (It’s curious then how errors are so present.) The 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act built on FCRA, establishing new consumer protections related to credit reporting, including the right to a free credit freeze. (Though not one, apparently, that stops new accounts from being opened.) But importantly for our purposes, credit reporting agencies, since the Dodd-Frank Act, are largely regulated by the CFPB, with some authorities left to the FTC. Dodd-Frank gave the CFPB broad regulatory and enforcement authority over unfair, deceptive, and abusive acts in consumer financial products or services and the power to enforce most provisions of the FCRA. And the CFPB hasn’t been afraid to use that authority: In recent years, the CFPB has fined all three national credit bureaus millions of dollars for deceiving customers. The Gramm-Leach-Bliley Act, meanwhile, gives the FTC the authority to establish standards for data security and consumer privacy at financial institutions, including credit reporting agencies (these standards are known as the Safeguards Rule). The FTC also has some authorities to address identity theft in credit reports (this is known as the Red Flags Rule). Finally, the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce” (buying or selling products or services). Both the FTC and CFPB have dual missions to protect consumers and ensure that markets are fair and competitive. Acts or practices are unfair under the FTC Act if they cause harm to consumers that is both unavoidable and not outweighed by the countervailing benefits to consumers. The CFPB has similar authority to deal with unfair acts and practices, as well as acts or practices that are abusive, meaning a consumer can’t protect her own interests when using a product or service. There is no way to opt out of credit reporting agencies unless you entirely opt out of the formal financial system—thus, the harm is unavoidable. The first CFPB director categorized credit reporting as a “dead end” industry, where consumers have little say, option, or redress. In some sense, the credit reporting industry is working as intended. Consumers, and the trove of consumer data that the reporting companies do such a poor job of safeguarding, are the product. Credit reporting companies’ customers are actually banks and other lenders that pay for their data. And the market is an oligopoly, dominated by just three companies: Experian, Equifax, TransUnion. All of this means that credit bureaus lack any incentive to help consumers. After all, people can’t vote with their feet by leaving a credit bureau if they’re unhappy with it. The federal government could harness this power to create a public credit reporting agency and rein in existing for-profit ones.The CFPB has the authority to require financial institutions to make consumers’ personal financial information available to them. It is also required to ensure that financial institutions provide consumers with timely information about their products and services and to make consumer financial data that it collects publicly available. The CFPB has already created a public registry of consumer financial companies that have violated consumer finance laws and proposed establishing a registry of companies that require consumers to waive their legal rights. Taken together, the CFPB has ample authority to make consumers’ information available to them, and to financial institutions, at low or no cost. Instead of being beholden to the lack of transparency, accountability, and accuracy of private credit reporting corporations, the CFPB could improve equity, security, and accuracy for both debtors and creditors. It should create a public credit registry to replace the for-profit credit industry. As a first step, the CFPB should require that all financial institutions and existing credit reporting agencies report consumer data, and then it can establish more equitable and transparent algorithms for computing scores and increased security and privacy measures to better protect consumer’s information. Much of the innovation in credit scoring and the use of alternative financial data is not happening through private sector initiatives, but instead at government agencies like the Federal Housing Finance Agency. Once a public registry is established, regulators can take on the task of transitioning away from existing private ones. When a company violates a law enforced by the FTC, the FTC Act gives the Commission authority to “bring suit in a district court of the United States to enjoin such an act or practice.” In particular, as of changes made to the FTC Act in 1973, the FTC is allowed to seek a permanent injunction. In other words, to the extent that credit reporting agencies’ actions are unfair and deceptive (we think they are), the FTC could ask a court to permanently shut them down. The CFPB has taken these sorts of dramatic steps in the past, barring predatory for-profit colleges from offering student loans and recently blocking the Wall Street bank Goldman Sachs from offering new financial products to consumers until it cleans up its act. Even in a world where regulators can’t formally shut existing creditors down under existing laws (to say nothing of existing court benches), the demand for for-profit credit reporting agencies would plummet when a public option enters the market. Even if a public option required creditors to pay the operating cost (kind of like how the Securities and Exchange Commission collects a small fee from stock sales), it would be way cheaper than the $15.7 billion in revenue the big three reporting agencies collected last year. This wouldn’t just benefit consumers. Offering consumer information at cost would benefit small lenders, like community banks, too. In a world where there’s a public option, there’s no real benefit to additional private credit reporting agencies. Even a rule like only requiring lenders to use one credit report, rather than the custom of using all three, would inject some much-needed competition into the marketplace. It’s important to acknowledge that some populations might feel uneasy sharing their personal information with the government, out of concerns about protecting their privacy and civil liberties. But much of the financial information we’re talking about is already under the purview of agencies like the CFPB, Treasury Department, and others. While the federal government has learned its own hard lessons about protecting against data breaches, it has come a long way in implementing safeguards against data breaches and anonymizing individuals’ information so that it won’t be misused by hostile foreign governments, private hackers, or even domestic political adversaries. And the IRS’s successful Direct File program has shown that the government can provide valuable, low-cost services that save people real money. A credit reporting system that is motivated by profits and which provides no consumer choice will always be extractive. And people will always be treated like products, not human beings. Compared to the current system of opaque algorithms, inaccurate data matching, security breaches, and many, many hoops when there’s a problem, we’d welcome more government oversight that tames existing unscrupulous actors. If you ask Eleanor
Fireside Stacks is a weekly newsletter from Roosevelt Forward about progressive politics, policy, and economics. If you enjoyed this installment, consider sharing it with your friends. |