A bill pending in the House of Representatives would limit who can put a security freeze on credit files. If passed, this federal bill, the Financial Data Protection Act of 2006, would limit credit freezes to identity theft victims. Once you’ve been hit by ID theft you may request a credit freeze, not before.

A credit freeze gives consumers control over their personal financial information by allowing them to block new creditors from accessing their credit reports and scores without permission. Since most credit issuers require a credit check before granting credit, the credit freeze should block most unauthorized attempts to obtain new credit.

Currently, 21 states have passed legislation allowing any consumer to place a credit freeze on his or her credit files — whether a victim of identity theft or not.

The idea of allowing anyone, anytime, to place a freeze on his or her credit sparks controversy between consumer advocates and financial industry proponents. Some see credit freezes as too extreme, while others see them as “the biggest tool in the toolbox.”

The logic behind this bill, says Ed Mierzwinski, U.S. Public Interest Research Group, or PIRG, consumer program director, is “like saying you can’t get a seat belt until you’ve been in an accident.”

J. Craig Shearman, vice president of government affairs for the National Retail Federation, doesn’t think a security freeze is necessary for most consumers.

“Our concern is that the credit freeze issue has become overkill, because most consumers are never going to be the victims of ID theft. If millions of consumers place a credit freeze on their files, it can cause difficulties when trying to purchase homes, cars or even opening simple lines of credit at a department store,” he says.

If not a credit freeze, then what?

Opponents of security freezes say that placing a fraud alert on your account is just as effective for notifying the three credit reporting agencies that your information has been tampered with or stolen. A fraud alert, which is free, allows U.S. citizens to place a 90-day watch on their credit files, requiring banks and other credit lenders to take extra steps to verify their identities before issuing credit.

While a credit freeze offers good protection, it means a consumer may not be able to access his or her own credit during that time period, says Steven Katz, spokesman for TransUnion’s Truecredit.com. Fraud alerts allow you to go about your credit activities without paying or waiting to lift a freeze. An alert, unless removed or renewed by the consumer, falls off after 90 days. A credit freeze stays put until the consumer pays to remove it.

Consumer advocates warn that fraud alerts don’t live up to their labels. Calling fraud alerts a “fig leaf of protection,” Mierzwinski says that they merely place a flag on credit reports. They don’t stop credit from being issued.

The need to protect customers should not be underestimated, especially since most consumers don’t have the option of giving their consent about where their personal information is being sent.

“Credit bureaus and data brokers buy and sell your name, address, Social Security number and credit file to anyone who will pay for it,” says Evan Hendricks, editor of Privacy Times.

Chris Hoofnagle, the west coast director of the Electronic Privacy Information Center, says consumer reporting agencies’ interests are not in tune with consumers’ interests. “The credit bureaus are creatures that serve the creditors and don’t want any slowdown of instant credit.”

Money to be made on your credit reports

PIRG’s Mierzwinski says instant credit isn’t necessarily the main issue when it comes to a credit freeze.

“The three credit reporting agencies oppose credit freezes because they think consumers’ credit information is their product to sell. They make money every time they sell your information to banks, mortgage brokers, car dealerships and other retailers. Of course they don’t want consumers to have control over their credit files; it takes away their bread and butter,” he says.

Hoofnagle agrees, saying credit reporting agencies are the gatekeepers of consumers’ financial information. “Giving consumers the right to see and monitor their own credit threatens them.”

Some financial institutions, such as ING Direct, support allowing consumers to freeze their credit, saying that consumers should be able to monitor it.

“People need to be more aware of their credit report because our financial information is under attack from thieves offshore,” says Jim Kelly, executive vice president for ING Direct. “It’s becoming easier for criminals to get our credit records and misuse them.”

Easy credit, easy theft

Victims of identity theft and advocates of credit freezes say security freezes wouldn’t be necessary if companies were more careful when extending credit.

Hendricks says that instead of being more responsible in verifying identities and checking for fraud, credit reporting agencies create products that require consumers to pay to monitor their credit files.

David Rubinger, vice president of communications at Equifax, says that credit reporting bureaus were not initially set up to monitor consumer accounts for ID theft or fraud. “The bureaus were simply started in an effort to scan consumers for creditworthiness.”

But the question remains that if these agencies collect and sell our data and rightfully own our financial information, whose job is it to protect the information?

Kelly says that consumers should place a stronger importance on watching out for their own credit and take advantage of state laws, such as ones allowing credit freezes, if they can.

He adds that consumers cannot expect the credit reporting agencies to look out for consumers’ best interests; the agencies are looking out for their own interests. Kelly does, however, feel that credit bureaus will start to place stronger emphasis on ID theft and fraud monitoring but at a cost to the consumer.

Advocates strongly argue that companies that fail to secure consumers’ credit files should not be allowed to turn around and charge the consumers to protect themselves.

According to Hoofnagle, who has testified before Congress about identity theft, the credit-granting systems are so flawed that the only way to fix them is to give consumers a freeze.

You decide: Which bill would you vote for?
Financial Data Protection Act of 2006

(HR 3997)

Data Accountability and Trust Act

(HR 4127)

Security Freezes: Security Freezes:
Would limit security freezes to identity theft victims. Makes no uniform mandate on whom can freeze their credit reports.
Would override state laws regarding security freezes. Would allow states to decide on security freezes.
Data breaches: Data breaches:
Would allow individual companies to decide whether a data security breach is serious enough to notify their clients and customers. If the company is not sure, no notification is necessary. Would require companies that experienced a data security breach to notify consumers unless they can show that the breach poses no reasonable risk of harm to consumers. If the risk level cannot be determined, consumers must receive notification about the data exposure.
Now, contact your representatives

If you want to voice your opinion about the security freezes and the manner in which any breach in data is addressed, contact your representatives in Washington, and let them know which of these two bills you prefer and why.

Act quickly. The House of Representatives returned from recess after Labor Day, which means a vote could come at any time.

You can search by ZIP code for your representative on House.gov. If you’d like to speak to a local representative in person, Consumers Union provides detailed instructions on how to do so on their Web site.

Had success or frustration with fraud alerts, credit monitoring services or credit freezes? Tell us about it.