Credit header data is top-level information from a credit report. It provides basic information about the person the credit report applies to. The types of information traditionally found in credit files include name, name variants, current address, prior addresses, phone number, date of birth and Social Security Number. This personal data links the credit report with an individual.
Any individual who participates in the credit economy has a credit file. They do not have a choice in the matter. A clear majority of adults have credit reports. Because of this, data for credit files is compiled by credit bureaus.
What Systems use Credit Header Data for Identity Verification Checks
The financial sector has used data from credit files to check identities for years. This data is regulated and considered an official data source. Data from credit files provides financial institutions all the information they need to perform an accurate identity check. This is an integral part of the Know Your Customer (KYC) and Anti-Money Laundering (AML) process aimed at combating financial fraud.
The Erosion of Trust
Credit bureaus have the right to sell the data they compile. Individuals are not given an option to opt out. This makes header data extremely valuable. It also makes it vulnerable to attack. This has been showcased by the Equifax data breach in 2017. The Equifax data breach affected nearly half of all Americans and has placed their personal information at risk.
With the recent Equifax data breach, it is assumed that criminals can easily access the data from credit files from US victims. This puts the name, address, date of birth and Social Security the victims at risk. Many affected individuals worry that their personally identifiable information (PII) is publicly available. Many consumers state that they expect companies to protect their PII and consumer data yet have lost trust in companies to do this after this data breach. As a result, this has made individuals, especially in the US, more reluctant to provide PII during the identity verification process.
Compliance Laws Aim to Rebuild Trust
New laws are emerging that aim to restore trust between consumers and businesses. They aim to give consumers peace of mind that their PII is being protected from attack. This will make performing KYC and AML checks easier for many companies, especially financial institutions. Laws like PSD2, GDPR, and other regulations aim to provide consumers with data protection. They will do this without requiring additional identity verification investments and will not put additional consumer data at risk.
Financial Institutions will Continue to Rely on Data from Credit Files
Despite the issues associated with the Equifax breach, the financial industry will continue to use data from credit files for identity checks in KYC and AML processes. Most of the US economy has been built on consumer spending and that is unlikely to change. This means consumers can expect banks to crosscheck their PII against data from credit files when applying for credit for at least the next five years.
A Call for Change
The reliance on data from credit files for identity verification is a dangerous game. The Social Security Number has been glorified as the most important piece of PII a person has, yet it can be easily accessed through credit files. Since individuals do not have a choice in sharing this information, it puts all individuals at risk identity-related fraud. If a criminal gains access to an individual’s Social Security Number, they can wreak havoc on their identity.
In many instances, using public record are a better option for identity verification checks than data from credit files. Even in highly regulated industries, like the financial sector, the use of public record data can reduce cost, complexity, and risk. They can offer a higher return on investment for certain fraud management activities.
Public record data can be obtained from a variety of places: property tax records, information given voluntarily by customers such as subscriptions, and proprietary information such as utility records or mobile subscriber data. These types of files are separate from credit bureaus and usually do not contain sensitive PII—specifically, Social Security Numbers. Minimizing the use of this sort of data for identity verification checks can increase the effectiveness of a fraud management process.
Overall, there are many pro and cons of using credit header data, but in the world of identity verification using multiple and complementary sources will provide robust results.