FTC Seeks Comments on the Use of Social Security Numbers

Many commentators have expressed the view that use of the Social Security Number as an authenticator contributes to identity theft.  The FTC is trying to learn more about this problem.  It seeks comments by September 5 on the following topics: 

1. Current Private Sector Collection and Uses of the SSN
   • What businesses and organizations collect and use the SSN? For what specific purposes are they used?
   • What is the life cycle (collection, use, transfer, storage and disposal) of the SSN within the businesses and organizations that use it?
   • Are governmental mandates driving the private sector’s use of the SSN?
   • Are there alternatives to these uses of the SSN?
   • What has been the impact of state laws restricting the use of the SSN on the private sector’s use of the SSN?
2. The Role of the SSN as an Authenticator
   • The use of the SSN as an authenticator – as proof that consumers are who they say they are – is widely viewed as exacerbating the risk of identity theft. What are the circumstances in which the SSN is used as an authenticator?
   • Are SSNs so widely available that they should never be used as an authenticator?
   • What are the costs or other challenges associated with eliminating the use of the SSN as an authenticator?
3. The SSN as an Internal Identifier
   • Some members of the private sector use the SSN as an internal identifer (e.g. employee or customer number), but others no longer use the SSN for that purpose. What have been the costs for private sector entities that have moved away from using the SSN as an internal identifier? What challenges have these entities faced in substituting another identifier for the SSN? How long have such transitions taken? Do those entities still use the SSN to communicate with other private sector entities and government about their customers or members?
   • For entities that have not moved away from using the SSN as an internal identifier, what are the barriers to doing so?
4. The Role of the SSN in Fraud Prevention
   • Many segments of the private sector use the SSN for fraud prevention, or, in other words, to prevent identity theft. How is the SSN used in fraud prevention?
   • Are alternatives to the SSN available for this purpose? Are those alternatives as effective as using the SSN?
   • If the use of the SSN by other sectors of the economy were limited or restricted, what would the ramifications be for fraud prevention?
5. The Role of the SSN in Identity Theft
   • How do identity thieves obtain SSNs?
   • Which private sector uses of the SSN do thieves exploit to obtain SSNs, i.e, SSN as identifier or SSN as an authenticator? Which of those uses are most vulnerable to identity thieves?
   • Once thieves obtain SSNs, how do they use them to commit identity theft? What types of identity theft are thieves able to commit with the SSN? Do thieves need other information in conjunction with the SSN to commit identity theft? If so, what other kinds of information must they have?
   • Where alternatives to the SSN are available, what kind of identity theft risks do they present, if any?

For more information, and to submit comments, click here.

Senate Hearing Today on Credit Repair Organizations and Telemarketing Fraud

The Senate Commerce Committee is holding a hearing at 2:30 this afternoon on telemarketing (specifically, the Do-Not-Call list and proposals to improve it, as well as telemarketing fraud aimed at seniors) and the Credit Repair Organizations Act (CROA).

The CROA may not be the best-known federal consumer protection statute, but it's an important one.  It was passed in 1996 to address abuses by credit repair organizations, outfits that take money for services that will purportedly improve a consumer's credit score.  The legislation was the result of a rare alliance between consumer advocates and credit reporting agencies, who were getting swamped with dispute letters generated by credit repair services.  The Act requires certain disclosures, provides for a 3-day right to cancel, prohibits the acceptance of payment before services are performed, and prohibits any person--not just "credit repair organizations"--from engaging in certain deceptive acts.  (The statute has thus been applied to lawyers, debt collectors, and payday lenders in certain circumstances.)  CROA has strong civil liability provisions, including punitive damages.

Connnecticut consumer advocate Joanne Faulkner, who an expert on bringing cases under the CROA, is testifying this afternoon on behalf of the National Association of Consumer Advocates, the National Consumer Law Center, U.S. PIRG, and Consumer Federation of America.   Joanne will suggest a number of improvements to CROA, including a clear ban on mandatory binding arbitration, distant forum, and class action waiver clauses, as well as a provision allowing for injunctive relief.  You can read her written testimony here.  The other witnesses are Lydia Parnes (Director of the Bureau of Consumer Protection, FTC),  Richard Johnson (AARP), Jerry Cerasale (lobbyist for the telemarketing industry), Robin Holland (lobbyist for Equifax), and Steve St. Clair (Iowa Attorney General's office).

Confusion in Shopping for Student Loans

The Times had a pair of articles this weekend about how difficult it can be to compare the terms of student loans.  One of the articles, "At Debt's Door," listed loan offers to some students.  For example, one student received the following offers:  '13.25 percent from MyRichUncle ($5,900 only), plus $513 origination fee; 12.25 percent from Sallie Mae, plus 4 percent fee at disbursement and 3 percent at repayment; 7.25 percent from Citibank; 10.46 percent from Education Finance Partners, plus $200 fee."  So much for ease of comparison among quotes, one of the goals of TILA. The other article, "Lessons From the Loan Scandal," spoke more generally about the problem.  As I understand it, TILA applies to private student loans and a similar set of rules applies to government-issued and -sponsored loans.  Sounds like Congress should revisit how well TILA is accomplishing its goals.

Ronald Mann and Jim Hawkins on Payday Lending

In the article, Just Until Payday, 54 UCLA L. Rev. 855, 886, 905, 907 (2007) , Ronald J. Mann & Jim Hawkins offer a particularly interesting take on bans on payday lending.  They also suggest a different form of regulation.  Here's a quote:

* * * The core problem [with a ban] is that bans are unlikely to keep consumers from borrowing.  Rather, the evidence suggests that bans may well cause consumers to borrow from sources that provide products that are less beneficial—products that consumers are more likely to avoid in markets that tolerate payday lending.

* * *

The best solution, from our perspective, is to adopt a simple disclosure scheme, with which reputable lenders readily can comply.  We would require lenders to display in a prominent way the fee per $100 borrowed.  This disclosure requirement solves the problems identified [earlier in the paper]:  It (1) tracks with the survey data that customers use their actual cost to make decisions and not an interest percentage; (2) eliminates the confusion caused by different interest rates for different time periods; (3) ensures borrowers obtain the information up front at little cost; and (4) encourages compliance by allowing lenders to avoid stating misleadingly high APRs.

* * *

[The article also suggests that the industry would be improved if it were dominated by a few large institutions] The most obvious benefit of participation by large institutions is that they have much more to lose from noncompliance [with regulations].  It also is much easier to monitor a small number of large chains than to monitor thousands of separately operated providers.  In addition, large institutions that fail to develop policies that ensure compliance with regulations can be force to pay extremely large fines, in an amount adequate to deter misconduct.

Response to FTC Report on Relationship Between Credit Scores and Insurance Claims

We blogged yesterday on the FTC's report that found that (relatively low) consumer credit scores are predictors of auto insurance claims.  PIRG's consumer blog claims here, however, that the FTC study is flawed.  The PIRG post provides links to a major June 2007 National Consumer Law Center report on the topic and information on a congressional hearing to held tomorrow (Friday July 27).  The hearing is entitled "Credit-Based Insurance Scores: Are They Fair?"

Ninth Circuit Says Company Can't Change Contract Terms Without Notice

It may seem obvious to any first-year law student that one party to a contract can't change the terms of that contract without notifying the other. But the Ninth Circuit in Douglas v. US District Court ex rel Talk America, No. 06-75424 (9th Cir. July 18, 2007), had to remind the district court of this basic principle. In Douglas, Talk America had posted revised contract terms on its website, which included a mandatory arbitration clause for its customers. When Douglas, a Talk America customer, filed a class action lawsuit against the company, the company moved to compel arbitration based on the revised contract, and the district court granted the motion. Douglas petitioned the Ninth Circuit for mandamus. In granting the petition, the Ninth Circuit held that "[p]arties to a contract have no obligation to check the terms on a periodic basis to learn whether they have been changed by the other side." The district court's decision, according to the Ninth Circuit, "reflect[ed] fundamental misapplications of contract law."

An unfortunately large number of companies try to get around this principle of contract law by requiring their customers to agree in advance that they will periodically review their contracts on the company's website for possible changes. One example is the service agreement that Network Solutions requires customers to agree to before signing up for its domain-registration and web-hosting services. When pasted into Microsoft Word, the agreement is 102 pages of single-spaced legalese. On page 8 is this provision:

David Adam Friedman Article on Reinventing Consumer Protection

Here's the abstract:

Consumer fraud presents a continual puzzle. We have significant enforcement and education mechanisms, yet we continue to endure ever-evolving consumer fraud. I contend that the incidence of consumer fraud can be reduced through creative, efficient, non-traditional instruments of deterrence.

This article proposes a plan for re-approaching consumer protection through selection of a protected group and a concentrated reallocation of resources. Specifically, I argue that enhancing sanctions for a vulnerable, reluctant-to-report consumer group will shift fraud perpetrators toward targets that are better able to defend themselves. Additionally, fraud perpetrators will have to operate with extra caution in their schemes to ensure that they will not inadvertently ensnare a member of the protected class. This measure would accomplish further protection of the selected group and moderately increase deterrence throughout the rest of the economy.

However, I argue that this measure should be supplemented with another initiative. If we create a group consisting of randomly selected consumers and provide the members of that group with significant extra protection through higher sanctions and concentrated consumer education, fraud incidence will drop even more significantly. The concealed nature of the randomly protected consumer creates a general aura of deterrence. In this environment, fraud perpetrators never know whether a potential victim carries specially protected status - this elevates the risk of detection and the expected sanction for all consumers.

Group protection enables enforcement to achieve deterrence without having to provide incremental, expensive protection to the entire population. Understanding how the perpetrators and consumers make decisions about engaging in transactions is the key to unlocking efficient methods, like those described, for achieving the objective of efficiently reducing incidence of consumer fraud.

The article is scheduled to appear in the Fall 2007 of the DePaul Law Review. Professor Friedman is on the faculty at Willamette University College of Law.  You can download the article at http://ssrn.com/abstract=984082.

FTC Releases Report on Effects of Credit-Based Insurance Scores

The FTC put out a news release yesterday on credit scores and auto insurance:

The Federal Trade Commission today released a report presenting the results of a study concerning credit-based insurance scores and automobile insurance. The study found that these scores are effective predictors of the claims that consumers will file.

Visit the FTC's website to read the remainder of the release.

Consumers Win 1.6% of Arbitrations

The Christian Science Monitor analyzed a year of data from the top ten biggest arbitrators and found that they decided in favor of the consumer only 1.6% of the time. Smaller arbitrators decided for the consumer 38% of the time.

[via Consumerist]

Children and Identity Theft

Saturday's Times had an article "Never Too Young to Have Your Identity Stolen," about the theft of children's identities.  Because children rarely apply for loans, it can take years for the theft of the identity to be discovered--which also means that we don't know the full extent of this problem.