Privacy / Data Protection

Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors

Author(s): Chris Jay Hoofnagle
Year: 2005

Abstract: Identity theft is a growing problem. In any given identity theft situation, there are three actors - the victim, the impostor, and an institution, such as a bank or credit card company. Thus far, policymakers have attempted to address the crime by focusing on victims and impostors; victims are told to try to shield their personal information and impostors are increasingly subject to stiffened penalties for committing identity theft. Neither approach has been effective.

This article argues that the third actor, credit granting institutions, are culpable for a large number of identity theft cases. Institutions enable identity theft by maintaining lax credit granting practices, ones that make it easy for impostors to get credit in victims' names.

This article proposes a fix to address lax credit granting practices. It takes the form of a change in the default state of credit reports from their current liquid state to a frozen one. That is, our current credit system allows our personal information to flow like water to almost anyone who requests it. Once credit information is released, credit grantors who are operating in an extremely competitive market, race to issue new accounts. This makes it simple for impostors to commit identity theft by obtaining new credit accounts.

Under the proposed system, credit reports would be sealed or frozen, available only when the individual thaws her file, and specifies to whom, when, or in what contexts it should be released. Creditors will not extend tradelines without a credit report, and thus under a frozen credit report system, impostors would have great difficulty in obtaining new accounts. A simple barrier to obtaining a credit report will provide a shield for all individuals against most identity thieves.

This article is a short book chapter in a forthcoming book to be published by Stanford University Press of papers presented at a March 2004 symposium on privacy and security at Stanford Law School.

Keywords: Privacy, security, identity theft, Fair Credit Reporting Act, social security number, credit