What to Do About Equifax
I am not going to lie; I am extremely disappointed with how the Equifax situation was handled. There was little to no media coverage on the issue, except for the recent committee hearings, and at least half of Americans are left in the dark about what really happened with their information. What is even more disturbing is that at an event I tabled last Friday at the University of Pennsylvania, my classmates either didn't know the impact of Equifax or were bafflingly apathetic.
Equifax isn't just your typical data breach. 143 million people's (including maybe yours!) Social Security numbers (SSNs), birth dates and home addresses are on the web!
Given the direction of the current administration, I doubt there will be much change in how credit agencies will be regulated. However, there are some tips I gathered in my meeting with PennCASE that I would like to share with all bloggers and non-bloggers. For those of you not familiar, PennCASE is a student-run organization (that I am a part of) devoted to educating people, both students and residents of the West Philadelphia area, about consumer fraud. We plan to host a variety of events during the school year, so if you live in Philly, please consider stopping by!
First off, it would be a good idea to check if your information has been compromised. Equifax's website is not the easiest to navigate, so I will provide you all with a direct link to go to , https://www.equifaxsecurity2017.com/ Once you get there, click on the tab "Am I Impacted" and you will be prompted to enter your last name and the last six digits of your SSN which will not be stored!
If you are in the clear, great! If you are not, consider enrolling in TrustedID Premier which will monitor your credit activity for up to 1 year, and you will not waive your rights to enter a class-action suit! Also be sure to get a free credit report (if you have to pay for it, don't use it) to track any suspicious transactions, freeze your accounts if needed which will make it harder for identity thieves to open other accounts in your name. I would also strongly advise changing your passwords to secure your other accounts.
For passwords, the general advice is to use random characters. I instead suggest creating a special phrase that is really only meaningful to you. Use words, not random numbers and a nonsensical string of characters.
Where We Go From Here
So, I just gave you general advice on how to protect yourself from future scams, but what would really be effective would be a systematic change in how credit agencies operate and how our information is stored. Again, I am not exactly advocating for a spike in current regulation; to me, a coordinated effort in the form of public-private partnerships would be the best course of action. Superfluous laws are just going to create more confusion and more loopholes.
What do I mean exactly?
Your personal data should be managed by you. Currently, sensitive information is controlled by one entity, but what if we were to decentralize it? Interestingly enough, the Trump administration is looking into replacing Social Security numbers with another form of identification. The current system is precarious and costly to not only you but also the federal government; since everything is stored and managed in one place, the government has to invest in all sorts of precautions to keep your data safe. However, the old adage still holds: no matter how much you beef up security, the people looking to steal will always be one step ahead.
Of course, decentralization comes with its risks, but ultimately lessening the influence of credit agencies will prove to be helpful in the long run. In fact, Dr. Werbach along with many other Internet scholars are floating around the concept of a "self-sovereign identity." Basically, instead of asking for some institution to watch over your personal data, you would have your own virtual wallet complete with a public ID number and a private key. The private key would be randomized every instance it is used, and you could actively choose to give out your information to businesses in the case you need to purchase something.
It is often a misconception that the SSN has always been intended as a means for identification. Especially with the frequency of data breaches, SSN is becoming far too vulnerable to be reliable. What the government should be doing is encouraging companies and people to move to a decentralized, digital-focused platform (think blockchain and biometrics). I truly believe there is a lot of potential in public-private partnerships where the Trump administration particularly could offer incentives and create funding opportunities for businesses and consumers like you and me to transition to a new system. I remain cautiously optimistic about the White House's willingness to start doing away with SSN; however, there should be a viable option in place and I can think of nothing better.