Identity theft and the case for a national credit report freeze law

North Carolina Banking Institute, March, 2008 by Kristan T. Cheng

W. WHY A FEDERAL STANDARD IS NECESSARY AND ASSOCIATED CONCERNS

A federal standard is necessary because current federal law does not provide sufficient identity theft protection to consumers. (127) A federal standard would provide a uniform, base-level of protection for consumers nationwide. (128)

A. Credit Freezes Would Remedy the Current, Insufficient Federal Protection

Credit freezes prevent identity theft and are therefore superior to solutions that focus on restoring credit to its original status after identity theft has occurred. (129) Credit consultants and fraud investigators believe that credit freezes are the best protection against the messiest form of identity theft: new account fraud. (130)

A credit freeze allows consumers to completely block any new accounts from being created in their name. (131) All state credit freeze laws provide for a default expiration period of at least seven years, and, under most laws, credit freezes remain in place for the seven-year or longer time period until an individual requests that the freeze be removed. (132) Although consumers may place a fraud alert on their accounts under the FACTA, this alert lasts only ninety days for all individuals and up to seven years for identity theft victims. (133) Therefore, individuals who wish to preemptively protect their credit would be required to request a new fraud alert every three months. (134) Additionally, although CRAs maintain that a fraud alert placed at one agency automatically places an alert with the other major reporting agencies, this is oftentimes not the case. (135) Theoretically, a consumer that wished to place constant fraud alerts on her account would have to request credit reports twelve times a year. (136) This could prove unduly burdensome for individuals, especially when fraud alerts only warn retailers to use extra caution but do not actually block any activity on an individual's account. (137)

Credit freezes would address the ITADA's failure to account for the fact that identity theft is unavoidable, undetectable, and unstoppable. (138) A credit freeze would prevent identity thieves from using a consumer's identity to open new accounts. (139) The fact that a consumer would not be aware of this attempt would be less relevant because the consumer's credit report would be protected by the credit freeze. (140) The freeze would essentially block identity thieves from stealing a consumer's identity. (141)

Credit freezes would also address the limitations of the GLBA. (142) Although the GLBA only applies to financial institutions, a credit freeze would apply to any entity that was attempting to obtain a copy of a consumer's credit report. (143) The scope of protection of a credit freeze would not be limited to the opening of new bank accounts, but instead could be used when applying for products such as new credit cards, cellular phone plans, and car loans. (144) A credit freeze would mitigate the harm that a data breach could potentially cause because that information could not be used to open new lines of credit without a copy of the consumer's credit report. (145)