Scanning For Equifax Fallout (EFX)

Hacking

By now you’ve probably heard that Equifax (NYSE:EFX), one of the three major consumer credit reporting agencies, has suffered a major data breach. If initial reports are correct, around 143 million Americans’ data was compromised.

That is about 44 percent of the country. But census numbers include people with no credit reports, like young children. If you are an adult who uses the banking system, there is a better-than-even chance your data was exposed in the breach.

While other hacks have been larger in number of users affected, this was the real nightmare scenario everyone was waiting for. The Equifax breach included all the information necessary to select a target for identity theft (that is, someone who has a history of qualifying for big credit lines, indicating substantial resources), plus account numbers, plus Social Security numbers, plus subsidiary information, such as driver’s license numbers and dates of birth – all in one place, and reportedly reachable through a single, simple software vulnerability.

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” Avivah Litan, a fraud analyst at Gartner, told The New York Times.

I went to the much-criticized Equifax site created to help consumers determine whether their data had been compromised. I wasn’t at all surprised that both my information and my wife’s likely had been. Most American adults who have been involved in the credit system probably had their personal data exposed to some degree, in ways that are bound to cause long-term inconvenience or worse. The site instructed me to go back this week to enroll in Equifax’ TrustedID program. As a Florida resident, however, I have been a little busy dealing with a different disaster.

There is no turning back from this hack; no account number changes, no credit monitoring will fix things. Even given the commerce-friendly attitude of the Trump administration, when the nation can turn its attention back to ordinary business, I expect we will see big changes in the credit reporting industry soon. Equifax has proved that not only can the industry not be trusted to maintain accurate data (which is why we have a Fair Credit Reporting Act), it cannot be relied upon to keep the data it collects secure.

Nor did Equifax help its public image by sitting on the leak for six weeks, a period during which several of its executives reportedly unloaded significant chunks of company stock. But this problem extends beyond Equifax’s bad handling of the breach.

Consumers face the added aggravation of knowing there was nothing they could have done to protect themselves in advance, and they cannot know for sure now whether they have been affected. After all, you and I are not Equifax’s customers; we are their product. Equifax monitors individuals’ credit automatically, leaving the responsibility with individuals to check the report once annually for free or to pay for more up-to-date monitoring of the information they did not ask Equifax to store in the first place.

While Equifax is now offering one year of credit monitoring free to anyone who signs up, the compromised information could cause headaches years or decades down the road, since most people’s Social Security numbers never change. Smart crooks won’t use the information now, while the public is on high alert. They will wait until the headlines have moved on and the free monitoring runs out.

There are a few steps individuals can take to protect themselves, at least partially. Placing fraud alerts on file with all three of the major credit agencies could make it harder for thieves to take advantage of stolen information. A credit freeze is even more effective. Equifax is offering the service for free, though only for a limited time and only after customer outcry at initially continuing to charge for it; you will have to pay for a freeze with the other two credit reporting agencies. (I suspect Equifax will eventually be forced to reimburse many such expenses, but that is just a guess.) You may currently run into technical problems at all three, considering they have been swamped with requests. You will also need to “thaw” your credit any time you want to open a new line of credit or allow a legitimate entity to review your credit history. Even this solution won’t protect you from, say, someone using your Social Security number to file a fraudulent tax return.

Eventually, we will have to move away from using Social Security numbers as an identifying measure and metric. It was never a good idea, and it is no longer necessary in a world where any decent smartphone can read a fingerprint.

Once upon a time, commercial banks offered “signature guarantees” to customers, which proved to the satisfaction of financial firms that the person opening an account or applying for a loan was known to someone in that industry and was who they said they were. To open a mutual fund account you might have needed such a guarantee; a notary public wasn’t good enough. That system has mostly died out, although I was asked to get a signature guarantee as recently as a year or two ago.

I can envision a replacement system evolving, where financial institutions or other businesses – maybe Google or Amazon, or maybe a brick-and-mortar retailer like Walmart or Home Depot – maintain a network of fingerprint or iris scanners that is accessible to the public. Someone else, perhaps the government at the state or federal level, would maintain a database that matched the physical data with an identity used for driver’s licenses or passports. We’ll be scanned when we go to the airport, and we’ll be scanned when we apply for credit. Maybe we can scan ourselves with our own devices if there is enough authentication involved.

This is only one scenario. But something has to change, which means something will change. The Equifax incident is probably the death knell for identification based on Social Security numbers plus some other piece of hackable data. When it comes to big transactions, and maybe not so big ones, I suspect we’ll have to present ourselves somehow to prove that we are who we say we are.

About Larry M. Elkin 553 Articles

Affiliation: Palisades Hudson Financial Group

Larry M. Elkin, CPA, CFP®, has provided personal financial and tax counseling to a sophisticated client base since 1986. After six years with Arthur Andersen, where he was a senior manager for personal financial planning and family wealth planning, he founded his own firm in Hastings on Hudson, New York in 1992. That firm grew steadily and became the Palisades Hudson organization, which moved to Scarsdale, New York in 2002. The firm expanded to Fort Lauderdale, Florida, in 2005, and to Atlanta, Georgia, in 2008.

Larry received his B.A. in journalism from the University of Montana in 1978, and his M.B.A. in accounting from New York University in 1986. Larry was a reporter and editor for The Associated Press from 1978 to 1986. He covered government, business and legal affairs for the wire service, with assignments in Helena, Montana; Albany, New York; Washington, D.C.; and New York City’s federal courts in Brooklyn and Manhattan.

Larry established the organization’s investment advisory business, which now manages more than $800 million, in 1997. As president of Palisades Hudson, Larry maintains individual professional relationships with many of the firm’s clients, who reside in more than 25 states from Maine to California as well as in several foreign countries. He is the author of Financial Self-Defense for Unmarried Couples (Currency Doubleday, 1995), which was the first comprehensive financial planning guide for unmarried couples. He also is the editor and publisher of Sentinel, a quarterly newsletter on personal financial planning.

Larry has written many Sentinel articles, including several that anticipated future events. In “The Economic Case Against Tobacco Stocks” (February 1995), he forecast that litigation losses would eventually undermine cigarette manufacturers’ financial position. He concluded in “Is This the Beginning Of The End?” (May 1998) that there was a better-than-even chance that estate taxes would be repealed by 2010, three years before Congress enacted legislation to repeal the tax in 2010. In “IRS Takes A Shot At Split-Dollar Life” (June 1996), Larry predicted that the IRS would be able to treat split dollar arrangements as below-market loans, which came to pass with new rules issued by the Service in 2001 and 2002.

More recently, Larry has addressed the causes and consequences of the “Panic of 2008″ in his Sentinel articles. In “Have We Learned Our Lending Lesson At Last” (October 2007) and “Mortgage Lending Lessons Remain Unlearned” (October 2008), Larry questioned whether or not America has learned any lessons from the savings and loan crisis of the 1980s. In addition, he offered some practical changes that should have been made to amend the situation. In “Take Advantage Of The Panic Of 2008” (January 2009), Larry offered ways to capitalize on the wealth of opportunity that the panic presented.

Larry served as president of the Estate Planning Council of New York City, Inc., in 2005-2006. In 2009 the Council presented Larry with its first-ever Lifetime Achievement Award, citing his service to the organization and “his tireless efforts in promoting our industry by word and by personal example as a consummate estate planning professional.” He is regularly interviewed by national and regional publications, and has made nearly 100 radio and television appearances.

Visit: Palisades Hudson

Be the first to comment

Leave a Reply

Your email address will not be published.


*