Letter to SD Governor to veto weak identity theft bill
March 3, 2006
Governor Mike Rounds
Office of the Governor
500 E. Capitol Ave.
Pierre, SD 57501
Re: Request for veto of SB 180
Dear Governor Rounds,
Consumers Union, the nonprofit publisher of Consumer Reports, asks you to veto SB 180. We take this unusual step because, while we strongly support state security freeze laws, this measure is so restrictive that it will not provide South Dakota consumers with the benefits of a security freeze.
Here are the significant defects in this measure:
• Only victims of ID theft can place the freeze.
• The freeze language in SB 180 will not stop the release of a credit score, which means that it won’t stop thieves from opening new credit card accounts.
• The freeze language in SB 180 will not stop the release of credit scores or even credit reports for non-credit purposes such as opening of cell phone accounts.
• A freeze expires automatically seven years after it is placed, with no notice to the consumer that the freeze is about to expire. Consumers who think that they are protected won’t be.
Victims only is too narrow: Of the dozen states that have now enacted security freeze laws, eight make the freeze available to all consumers, not just to ID theft victims. Broader availability allows consumers to use the security freeze as a tool to prevent identity theft, rather than simply as a response to it. Perhaps for this reason, there is movement in two of the four states which restrict access to the security freeze to expand those state laws to nonvictims. If this were the only defect in this measure, it would provide a benefit for some South Dakota consumers. However, other defects in SB 180 make it unlikely to be of significant use even to ID theft victims.
Allowing credit scores to be released when the credit report is frozen is a huge loophole:
A key purpose of the security freeze is to stop access to information in the credit file for entities seeking to check the file in order to open new accounts. To do this, a freeze law must restrict access to both the credit report and the credit score. SB 180 restricts only the “releasing the consumer’s credit report, relating to an extension of credit involving that consumer’s report.” The credit score is not part of the credit report, yet a creditor may choose to open a new account after checking only the credit score and not the credit report. Because Section 2 of the bill has two express references to the credit report, this freeze law would stop only the distribution of the credit report and not of the credit score. Most of the other states with freeze laws have dealt with this issue by restricting the release of information from the report (CO, CT, IL, NC, NJ, VT, by addressing the credit report or the credit score. (LA), or by covering the entire consumer credit file (TX). The narrow language of SB 180 means that consumers who place the freeze may still find new credit card accounts opened in their names, because only the credit score and not the credit report was used to evaluate the credit application.
Restricting the effect of the freeze to “relating to the extension of credit” makes the freeze worthless for the largest category of unauthorized new account complaints – phone and utility accounts: Section 2 of SB 180 restricts the effect of the freeze to release of the credit report “relating to the extension of credit involving the consumer’s report.” However, ID thieves open both credit and non-credit accounts in the names of consumers. Opening false phone and utility accounts is a significant area of identity theft. The Federal Trade Commission’s January 2006 report on identity theft statistics showed that consumers made more complaints about identity thieves opening fraudulent new accounts fraud for wireless (cell phone), regular phone accounts and utility accounts than for new credit card accounts. New credit card account ID theft totaled 15.6% of ID theft complaints; while wireless, phone and utility new account opened by thieves together totaled 19.7% of all ID theft complaints to the FTC. None of the twelve state security freeze laws are restricted to new credit accounts.
Automatic expiration of the security freeze with no notice to the consumer will leave consumers lacking protection that they believe they have placed: Finally, this measure calls for the security freeze to cease seven years after it is placed, but does not require any notice to the consumer that the freeze which the consumer took the trouble to place is being eliminated. Consumers will be surprised to learn that their credit files have automatically become accessible without their permission at the end of seven years. No other state law has this restriction.
Taken together, these limitations would make the security freeze an illusion, not a real protection for South Dakota consumers. For this reason, we respectfully ask that you veto SB 180 with a message that you would welcome a stronger security freeze measure. SB 180 came to our attention after it had already been sent to you. We regret that we were not able to bring forward these concerns while this bill was still under consideration by the Legislature. If you veto this measure, we will work with your office, the bill authors, and other interested parties toward a strong security freeze measure for South Dakota.
Very truly yours,
Cc: Senator Gant