A federal watchdog says the federal government ought to cease counting on the credit score businesses to confirm the identifies of these utilizing authorities companies.
In a report out this week, the the Authorities Accountability Workplace stated a number of authorities departments nonetheless depend on the credit score businesses — Equifax, Experian and TransUnion — to test if an individual is who they are saying they’re earlier than they will entry their companies on-line.
Companies just like the U.S. Postal Service, the Social Safety Administration, Veterans Affairs, and the Facilities for Medicare and Medicaid Providers ask a number of questions of a brand new person and match their solutions to data held in a person’s credit score file. The logic is that these credit score recordsdata have data solely the individual signing up for companies can know.
However following the Equifax breach in 2017 these solutions are not secure, the watchdog stated.
The Equifax breach resulted within the theft of 148 million shoppers. A lot of the buyer monetary knowledge had been collected with out the express permission of these whose knowledge it held. An investigation later discovered the breach was “totally preventable” had the credit score company employed fundamental safety measures.
“The danger that an attacker might get hold of and use a person’s private data to reply knowledge-based verification questions and impersonate that particular person led the Nationwide Institute of Requirements and Know-how (NIST) to problem steerage in 2017 that successfully prohibits businesses from utilizing knowledge-based verification for delicate purposes,” wrote the watchdog.
In response, the named businesses stated the price of new verification methods are too excessive and will exclude sure demographics from the inhabitants.
Solely Veterans Affairs applied a brand new system however nonetheless depends on knowledge-based verification in some circumstances.
The opposite draw back is that in case you have no credit score, you merely don’t present up in these methods. You want a bank card or some sort of mortgage to be able to “seem” within the eyes of credit score businesses. That’s a significant drawback for the tens of millions who don’t have any credit score file, like overseas nationals working within the U.S. on a visa. In 2015, some 26 million folks had been estimated to be “credit score invisible.”
“However, till these businesses take steps to eradicate their use of knowledge-based verification, the people they serve will stay at elevated threat of id fraud,” wrote the watchdog.