I really, really wish I could opt out of having accounts with the big 3 credit bureaus. Freezes don’t appear to work - they usually say that I don’t have an active freeze whenever I go to lift one. Or their website is down entirely. Or they won’t let me get to the freeze section without clicking no on their paid monitoring services 8 times. For Transunion all I needed to lift a freeze was the last 4 of my SSN, so how does that help?
I don’t want to have my information with these companies. Please let me not participate. It’s like every American was given a Chase Bank account at birth that we can’t close, it’s weird.
As someone who grew up in Europe and lives in the US now, the whole "credit" thing is still weird to me anyway. In Germany at least, credit cards are mostly only a thing because they are convenient to pay with online, and then often behave like debit cards (paying directly from your bank account) anyway.
Everyday shopping happens with debit cards, bills are paid by wiring money.
When I came here, I "built credit" by paying everything by credit card and making sure to pay off the entire bill immediately to not incur any interest penalty, but when I read stuff like "always pay off the credit card with the highest APR first", my head's still spinning.
Credit cards in the USA are backed by very strong consumer protection laws. That is why you can mindlessly give one to wait staff at a restaurant who will disappear with it for an extended amount of time, while in any other country that would be unimaginable. I have also never once cared about credit card skimmers at gas stations or anything of the sort. It's the bank's responsibility to protect the card, not my own.
Consumer culture in general means that it is very profitable for banks and payment processors to hand out credit cards like candy (with huge spending incentives), despite knowing that a ton of people are going to rack up debt that they will never be able to pay.
The overall credit system is also a lot larger than just credit cards. The country runs on cheap debt. Everything from houses, education, cars all the way to TVs and dresses is financed with long-term payments and low single digit interest rates. Most of what people earn goes towards paying for stuff they bought in the past rather than saving for something they might buy later.
If you want to understand the USA or figure out why something here is the way it is, the answer is usually "because it lets corporations extract the most money out of regular people." Everything, from seemingly odd little cultural quirks to enormous institutions like how we do health care, systems that were deliberately designed and things that emerged organically: everything is the way it is because it optimizes wealth transfer from ordinary people to corporations. That's usually the most straightforward explanation.
Giving loans is a good thing. With them, as the comment above yours points out, people finance education, cars, and homes that they can afford to pay off later due to having a higher salary than before.
Predatory loans are bad and governments do try to crack down on those. Going from "it's easy to get credit in the US" to "the US lets corporations steal from regular people" is a bit much.
Car prices in America are among the lowest in the developed world though. It’s difficult to compare education as you’re getting a wildly different product depending on what specific university you go to.
They pretty much have to be. The infrastructure of the US is such that if cars cost what they do in Europe then a massive section of the population would be entirely locked out of the economy unable to hold a job.
1. The average American is considerably wealthier than the average European.
2. Cars are so expensive in Europe relative to America due to regulations/taxes/etc which are applied by governments (the alleged protectors of the people's welfare).
3. You've got causation backwards in regards to infrastructure, the US infrastructure is the way it is BECAUSE cars are cheaper, cars aren't cheap due to the needs of infrastructure.
I don't think I sidestepped it. People use credit to better themselves because they can. Maybe you are asking why more capital is available to lend and I think that's a good question.
time value of money and capital gains tax make it less efficient to pay cash for large purchases. why don't people in the rest of the world use credit?
There is something wrong about punishing people who don't want loans, however. And making it necessary to have or use credit card, so that you build up your credit score in a maze of rule, despite you consistently being able to pay with debit card or cash is exactly that.
They aren't being punished by not using credit cards, they're just choosing not to avail themselves of the benefits of using credit cards.
If you pay your bill every month, then a credit card is like a debit card plus benefits like up to 20% of the purchase value in points, not to mention benefiting from the time value of money.
I'm sorry, my post must have given the impression that I was talking about credit scores instead of credit cards, which is what I was talking about.
As for your other point, if there were no benefit from floating money for 2 months, then there'd be no benefit from doing that an indefinite number of times, which conflicts with the time value of money, an established, mathematically basic concept.
Giving loans with 0 interest is a good thing, however, giving loans with anything above 0% interest ins a terrible thing. We've known this for literally thousands of years.
If you're willing to give me an interest-free loan then I will take it and invest it in an index. Generally speaking, discounted loans are only available from governments or friends for specific purposes like education or health when they want to invest in people. Even then you still have people taking advantage because money is fungible. It's hard to do this in a sustainable manner.
The premise is that the economy must not be based on loans, it's not sustainable as we are seeing today (not to mention it's parasitic). Loans are given out for charity purposes. If you want to invest your money, there are many moral ways.
A little bit off-topic: If you want an explanation in Germany what things are the way they are, it's often because "otherwise the insurance wouldn't pay in worst case".
Having lived in other countries, I actually missed the benefits that robust competition drives. Consumers in some countries are paying fees that went away 20+ years ago in the US.
And as grandparent says, the robust protections offered in the US are a huge plus to consumers. In other countries they aren’t so generous as to forgive fraud and the like.
> Credit cards in the USA are backed by very strong consumer protection laws. That is why you can mindlessly give one to wait staff at a restaurant who will disappear with it for an extended amount of time, while in any other country that would be unimaginable.
But how is this specific to "credit" cards? Don't debit cards get the same protection? The point here is that in the US one needs to have "credit history" in order to do things like rent an apartment, which is not a thing in the EU.
As to security, the EU has largely gotten around the problem by implementing modern payment systems. In Poland no waiter will "disappear" with your card, they will bring a mobile terminal to the table, so that you can use your (contactless) card.
In fact, living in Poland currently, I can't remember the last time I used a physical card anywhere. For the last two years or so I've only been carrying my phone with me, no wallet at all.
> In fact, living in Poland currently, I can't remember the last time I used a physical card anywhere. For the last two years or so I've only been carrying my phone with me, no wallet at all.
Here in Denmark we recently got an official digital drivers license. You verify your identity with the government issued 2FA system, scan the NFC chip in your (non-expired) passport, and you're golden. The digital license is as valid as the physical license.
Couple this with NFC payment being a requirement anywhere that takes payment, the banks having developed a way of transferring money between accounts in different banks instantly based on just a phone number, and the digital drivers license, there's never a need to have my wallet on me. At the moment I'm not even sure where it is -- it's somewhere in the apartment.
There is a very strong, very simple alignment of incentives that you'd think shouldn't really matter, but makes a huge difference: with credit, the burden is on the bank to collect money from you.
In the US debit cards work completely differently than CCs. In the event of fraud, the debit card holder is technically responsible for any losses. Your bank might step in to deal with that, or they might not.
With a credit card company it's always the card issuing company's problem to address.
> In the US debit cards work completely differently than CCs. In the event of fraud, the debit card holder is technically responsible for any losses
That seems very backward. And as you might suppose, really isn't the case in the EU. Fraud is fraud, and it might take time, but you'll get your money back.
> it might take time, but you'll get your money back.
And that's really the key difference between credit and debit.
With a debit card, if there is fraud, the money is gone from your checking account. You will get it back, but it will take time, and in the meantime you may be suffering from all kinds of unpleasant effects of having a suddenly and unexpectedly empty checking account.
With a credit card, if there is fraud, you have a debt on the books. You will get it removed, but it will take time, and in the meantime you still have all your money.
> You will get it back, but it will take time, and in the meantime you may be suffering from all kinds of unpleasant effects of having a suddenly and unexpectedly empty checking account.
That's what card limits are for. Even on my high-level Visa Premier card, the limit is 1k per day, and there are also per-transaction and per month limits. I can increase it via my bank's app if i plan on making a big purchase with the card, so IMHO it's a good solution for that problem.
The current solution obviates the additional work requirement of changing credit limits before purchase, so IMHO it's a better solution for that problem.
If you're protected from your credit card being used on a $5,000 purchase, why would you lower the credit limit below that?
The US is all about risk, money, and power transfer. Maybe everywhere is but I've only lived in the US.
In the case of of CCs, there is an assumption that a certain portion of people will take high interest credit offered by the cards and that they will incur interest and have to pay that. The rates are often incredibly high, something like 20%+. To encourage more people to use these cards to increase the population and likihood people will be forced to pay these interests, CC companies offer incentives like cash back, no-interest periods to encourage borrowing behavior or misunderstanding of the boundary time for payments for at least one hefty interest payment, etc. They also offer an alternative to people who have difficulty receiving a loan for some item any other way.
Debit cards on the other hand are offered by traditional banks. Many of these are free and associated with free or nearly free accounts (usually requiring your regular income deposited or a minimum balance they can invest elsewhere while you let it sit idle). Banks are not incentivized for you to spend money. It's in their interest for your money to sit in your account theyre investing elsewhere or for them to charge you various service fees. They're less inclined to give you incentives and protections to use these cards.
If consumers get to a point of using credit cards in a responsible manner (essentially more people exploiting their benefits than CC providers exploiting them), you'll see these features and protections slowly peeled away. Many cards used to even offer price protection where if an item changed prices than the price point you purchased at, the CC company would refund you the difference. Obviously enough people took advantage of this vs the pool of people paying high interest that these features slowly peeled away. Time and value limits were introduced and tightened, card providers began to remove these, and now few if any cards provide this. This is one consumer feature/perk that used to exist that no longer exists because the normalized increasingly responsible use of cards by consumers. There are several more (rental protection, road side protection, flight delay protections, and a host of perks). Now you often have to pay a fee for a card that has such perks and need to be sure your spending rates are high enough to warrant the fee.
Payment systems aren't about payment systems and detecting fraud, they're about building complex systems people want to participate in under the assumption the complex system will at large extract wealth from the people using the system, not the other way around. Even something as trivial as just paying for exchange of services/good would be straightforward but it's not, it's gamed to pass risks, extract money, and transfer power.
> It's in their interest for your money to sit in your account theyre investing elsewhere or for them to charge you various service fees.
Generally true, but I have suspected that banks have begun getting payments from the payment processors, however (Mastercard/Visa). Most recent time I created my checking account the bank nearly insisted that I have a debit card although I strongly preferred to have only ATM access with it. Additionally the largest banks have most certainly figured out squeezing fees from people for use of the debit cards.
"If someone makes unauthorized transactions with your debit card number, but your card is not lost, you are not liable for those transactions if you report them within 60 days of your statement being sent to you."
> But how is this specific to "credit" cards? Don't debit cards get the same protection?
No, they don't. It gets confusing because many banks do offer protections against debit card fraud, but that's entirely up to the bank and its terms of service (which of course they can change at any moment).
The credit card protections are by regulation, so you can count on them regardless of bank and the banks can't change them.
A debit card is a straight siphon into your bank account. The bank may or may not help in the case of fraud, depending how much they feel like retaining your business.
A credit card is a strong firewall between expenses and your money, both in implementation (it's a separate account after all) and regulation (you're not liable for fraudulent use).
So, in the USA always use credit cards. Avoid debit cards. I try to not have any debit cards (it can't be exploited if it doesn't exist) although lately it has been more difficult since banks insist on sending me debit cards I don't want. So I store them away, will never carry or use them.
> I have also never once cared about credit card skimmers at gas stations or anything of the sort.
As a European I haven't as well. But that's because it's been the safe chip part of the card that's been used all my adult life and not the easily spoofed magnet stripe.
You are confusing a few things here. First, the chip cards are still vulnerable to man-in-the-middle attacks, which is what the modern intermediate devices now do, even though many still call them "skimmers" out of habit (some are advocating for the similar-sounding "shimmer" to describe these devices).
They are quite effective at stealing from Europeans just as well as they can steal from Americans, except Americans are not on the hook for the stolen funds whereas Europeans are.
There was 1.8 Billion in chip card fraud for cards issued in Europe in 2018, with the highest rates of fraud in France and the UK in Europe in 2018, although only 20% is at Point of Sale and 80% is online.
But the real difference vis-a-vis the US and Europe is not chips in cards but the massive epidemic of wholesale identify theft in the U.S. The vast majority (in terms of dollar amounts) of credit fraud in the US is part of identity theft, something the US suffers from due to lack of consistent ID cards and ID card enforcement - and very little todo with chip and pin technology.
The US has 24 B in credit fraud, the majority of which is identity theft, and the largest amounts related to entire bank accounts and fraudulent loans being taken out, lines of credit being issued in someone else's name, etc, and not some illegal transactions stolen at gas stations with intermediate devices.
Chip cards are vastly safer. From the article you linked about shimmer attacks:
“The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction,”
I'm betting the European cc fraud is mostly from residual magnetic stripes or online forms being used, not the chip usages. Do you have a specific breakdown?
I think you are misreading the article, so let me be clear:
If you enter your card in a compromised device, then you lose control over
1) how many transactions are being made
2) who you are paying
3) how much
Because the chip has no way of asking you for confirmation about the identity and amount of the transaction. There is no secure keypad entry connected to the chip or secure bus going out.
All you have is physical presence. The chip can prove to the input device that it is present, and the input device cam forward that proof to the bank. That is all the chip does. It does not prevent you from paying the wrong person, and it does not prevent you from paying the wrong amount. This is why compromised input devices are created, so that you can be charged the wrong amount and to the wrong party when you think you are buying gas.
The chip only guarantees physical presence. Checking the CVV is only when there is no presence and you are trying to milk the attack into an offline attack rather in addition to the MITM attack. Why are offline attacks also possible? Because vendors want to support online purchases, where there is no physical presence. But that' not the MITM attack I was describing.
Offline (card not present) transactions are a second issue, and indeed they are much larger (80-20) not present:present in terms of card fraud, but you don't need shimmers to conduct card not present fraud, although you can certainly use them for that.
Finally, not verifying CVV is not an abuse of the protocol, it's how you do a card not present transaction, which is also supported in the same payment protocol. It's not some weird form of protocol violation vendors are all mysteriously doing. It is not "doing it wrong".
There's also a reason it's much higher in the UK (I don't know about France) and it's the online component. The UK has long card numbers for debit cards, often usable online with just your credit card number + CVV, similar to how US credit cards work. This is not the case for debit cards in a good number of other European countries.
For example, my Dutch card can only be used physically at an ATM using your PIN, or online by using a payment system like iDEAL for which you need bank login details + password (which is not stored on the card). It does not have a long card number like most US debit/credit cards.
Yes. I've made claims with 2 card providers in two different banks in the UK (one was a transaction for a macbook pro in India, the other was a merchant who refused to cancel a recurring payment despite me making multiple attempts to resolve with them). Both cases required a verbal confirmation, and a letter to claim it was fraud and a refund within 5 working days.
> The country runs on cheap debt. Everything from houses, education, cars all the way to TVs and dresses is financed with long-term payments and low single digit interest rates.
Can you point to a few examples of TVs or dresses being financed in the low single digits? I'm genuinely curious -- as an outsider, my impression of US credit was always one of a system that charged predatory interest. That impression is mostly based on seeing credit cards advertised at 15-25% APR, and hearing stories of student loans with interest rates that approached the double digits (for debt that's not dis-chargeable in bankruptcy, no less).
My point of reference are Switzerland and Germany, which have legal caps on interest rates around 10-13%. Credit agreements with higher interest rates are nullified, voiding all interest claims. As a result, the growing rate for unsecured debt is somewhere in the 8-10% region. (And, of course, significantly lower for secured debt, like mortgages or car leases.)
This exists in the EU and Switzerland too, look at Klarna. They take 3% of a transaction from the merchant (depends on the country) and charge no interest fees at all for the end user. Even a financially responsible buyer might find it worth paying off later since there is no interest.
Oh, I have no doubt that there are situations where it may make sense to buy things on credit. Houses and cars can often be financed at good conditions. I've yet to see an example where this applies to small purchases.
Klarna offers a variety of payment methods. The 30-day factoring looks fine (3% charged to the merchant, no interest to buyers). But as far as I can tell, any financing they offer beyond 30 days comes with significant interest. Their product page for Ratenkauf [1] says "Es fallen Zinsen an." ("Interest is charged"). When I look at their demo store [2], they indicate a 10.43% APR for a €400 purchase paid over 12 months. This, of course, falls on the right side of the law and has a pretty small risk of ruining people -- still, I don't think there are many scenarios where you'll end up better off after paying 10% interest on anything.
Certainly. There’s many cards that provide promotional 0% interest rates for 12 months. The idea is every 12 months you sign up for one of these cards and you can make minimum payments with no interest, when the card is reaching the end of its promotional period you just pay it off in full and don’t use it anymore unless there’s good rewards.
Ah. I hadn't considered credit card churning. Thanks!
(I do have some reservations -- I'm guessing that only a small minority of cardholders attempt to churn their balance from card to card or pay it off before the end of the promotional period. 12-month lines of credit don't come for free, and if the expected average payoff wasn't worth it, credit card companies would probably stop running these promotions.)
It is 100% free money. The catch is you will be charged all the interest in some cases if you reach the end of the promotional period and haven’t paid off the card in full, or something like that.
What if you go bankrupt as a consumer in the US? Credit cards are scarily easy to come by in the US, which suggests to me that credit card issuers aren't worried about consumers potentially unable to pay them off. Which further suggests to me that it's not really the consumers being protected, but rather the credit card companies.
How does consumer bankruptcy work in the US? Raking in a lot of credit card debt, that you cannot afford, could make one liable for life.
You will have difficulty getting credit for 5-7 years. You may think "fine, I'll just pay as I go" but credit checks are often part of the approval process for an apartment lease, or applying for a job.
There's a pretty broad difference between a system that determines "does this person honor their payment agreements according to the objective metrics of their payment history and credit usage" and a system that determines "is this person a 'good citizen' according to an opaque set of random metrics, many of which are non-financial and defined by the state".
Comparing them directly in this way is not only disingenuous, it indirectly handwaves the objectively oppressive system China runs.
Which, contrary to popular perception, is not even a monolithic government scheme but a bunch of mostly unrelated initiatives, the best known of which is Alibaba's Sesame.
If you are in mountains of debt you would be more vulnerable to embezzlement and bribery. Generally only relevant for security and financial industries
Yes, because you could do more than the value of the lease in damage to the property, and then be so insolvent that there is no way to recover any of the money from you.
I'm not saying I agree with this. Landlords are ridiculously abusive, as a renter you will frequently be asked to pay a $300+ nonrefundable "application fee" before they will show you the lease document. They then can put whatever terms they want into the lease, understanding that many renters would not be able to afford another application fee.
Even if the landlord was willing to rent to you by mitigating the risk in this way; at least in NY state that would not be legal anymore.
The state recently limited security deposits to a single month, and do not permit taking more than one months rent up front. This was meant to help tenants avoid having to come up with more money, but of course landlords will simply mitigate the risk by not renting to some people at all or only for a higher monthly amount.
https://ag.ny.gov/sites/default/files/changes-in-nys-rent-la...
"Capping Security Deposits
• Landlords can only charge up to one month of rent for a security deposit or “advance payment.” This applies to all residential rentals, with a few exceptions, whether you have a lease or not.
› This means that if you are moving into an apartment where the rent is $1500 a month, the most your landlord can charge for a security deposit is $1500.
› This also means that your landlord may not charge you in advance for the last month’s rent if you are also paying a security deposit."
I cannot understand how this works at restaurants in the US.
Last time I visited it went like this:
1. I get a bill ($50 for example) and give the server my card
2. A card payment notification appears on my phone for the $50 payment with my bank
3. The receipt comes back with a tip field where I write $10 and sign
4. The server now updates the payment and a few days later when the payment clears, the amount has changed to $60
But what if the server chose to enter $20 instead of the $10 I specified? Do I have to keep the receipt and remember to go check that the cleared payment matches a few days later? How else would that be caught?
In the UK, you enter the tip on the card machine when you put your card in, so the payment is immediately taken and everything is clear. I really want to know why I shouldn't worry about the above scenario next time I cross the pond!
> But what if the server chose to enter $20 instead of the $10 I specified?
Sure, they could. As long as you kept the receipt just show it to the credit card company and they'll reverse it. More importantly, I'd imagine the store would be heavily penalized, up to possibly losing their credit card contract which would leave them unable to accept payments if it's a recurring problem.
So, it doesn't really happen. In decades of eating out a lot, never seen it (and I'm the type who checks every line item in the credit card statement so I'd notice if anything is even a penny off). So no reason to worry about it.
> you enter the tip on the card machine when you put your card in
Personally I hate this so much, because I want to compute the tip and it's really uncomfortable to do so with the waiter staring at me. I want them to go away and give me time and peace to do the calculation.
Yea, it seems to come down to the penalties being high enough that this fraud isn't worth it.
As a software engineer, the idea of writing in my bad handwriting the tip and total and then someone who is probably in a hurry typing it in seems like a way to introduce more human error.
That's much less likely to happen with a terminal and, since most banks here send you instant payment notifications, you're likely to catch it immediately.
Obviously this system is working for billions of payments a year over there so it can't be too much of an issue! Next time I'm there, I'll not worry about it.
It does seem weird. All I can say is that changing the tip amount is rare. I’ve never seen it happen, or perhaps I’ve never noticed.
Additionally, I don’t worry about it thou because my past experience suggests I can reverse the charges if I call the credit card company fairly easily.
One call to your credit card company about the fraudulent charge and it’s resolved. They will do an investigation and the price of the original transaction before the tip will be discovered. Also, the employee who changed the tip amount will likely be fired.
Additionally the whole charge is likely to be reversed (or it has been for me in similar situations) and the business will have to pay a pretty big ($20+) fee. Of course the employee could be a bad actor but it's in the businesses best interest to try to ensure that isn't the case. I think if there are too many chargebacks, the business gets designated as high-risk and will also have to pay more processing fees.
One thing to note about the US is that card processing fees are more than double what they are in the UK/EU. It allows CC companies to eat the costs of fraud more without passing it onto the consumer/business.
Right, so you're saying it up to me to notice and call the credit card company?
In that case, I need to go through my statement and remember that the $70 charge was supposed to be $60, or have the receipts and check it. That isn't something I have to do here, because it all happens at the same time.
Or are you saying that the penalty for the restaurant/server is high enough that this sort of thing just doesn't really happen much?
I've never seen it happen and I use credit cards for everything. I can't remember the last meal in a restaurant that I didn't use a credit card. I've never heard of it happening from any friends or family either. It just isn't a thing.
Same with stealing number. Yes it's kind of strange that most of the time the server just takes your card and disappears for a while, but I've never heard of a number being stolen from anybody I know. Of course, it does happen, but it's very rare.
Here’s the thing man, until you personally see it happen at least once, don’t bother worrying about it. The odds are super slim and the incentives to commit tip fraud on one meal are high risk for little gain. I’ve never seen it happen or heard of it happening.
> But what if the server chose to enter $20 instead of the $10 I specified?
Unless they have complicity with management, the risk over reward is too great to try this. If they kept the skim small to be unnoticed -- $3-5 on each check, perhaps -- it may still not add up to being worthwhile. Most people in the world are not criminal masterminds; I think sometimes engineers like us forget that others are not constantly looking for loopholes in everything. :)
It's the same in Sweden. The laws are very beneficial for cc holders.
If you buy something with a cc and the company for snow reason later does not fulfill it's obligations, the bank is liable. If you paid with cash or a debit card, you're on your own.
From what I've seen, it's still different in the US. If you dispute a payment, in the US the bank apparently sides with you most of the time. In Europe bank sides with you only if it was a clear case of not receiving the service/goods, otherwise it's usually considered a valid transaction.
I once had a conversation with a couple friends of friends who did targeting for the credit card industry, figuring out which demographics to send cards to. Their goal was to find people who paid responsibly and spent irresponsibly. If people who pay well weren't irresponsible enough in their spending, incentives would be provided. I'm sure this is even worse now with all the data and data-driven tools available.
> That is why you can mindlessly give one to wait staff at a restaurant who will disappear with it for an extended amount of time, while in any other country that would be unimaginable
What are you talking about? You do realize that credit cards exist everywhere at this point? You think that when someone pays by card in other parts of the world they maintain constant eye contact with their card, lest the person... skim the largely visible number?
Err... yes. That's exactly how they work in the UK - and most other countries I've visited.
The waiter comes to your table, presents you with the EPOS or tablet. You take it and either tap your card, or insert it and type your PIN. Then you hand the terminal back to the waiter.
Exactly. I can't even imagine how the US system is meant to work with something like Apple Pay. I don't carry my physical card, there's no need to when it is in my phone.
You don't have to pay immediately to avoid interest. They aggregate all your bills within a given 30-day billing period, then you have 30 days from that date to pay. Interest only begins to get accrued after that last deadline.
If you wanted to, you could have the credit card companies float you a purchase for almost 60 days without interest if you timed your charge and the payment right.
Thanks, I understand that. Paying "immediately" was partly hyperbole, partly that I wouldn't forget about it when I started out. I've gotten accustomed to it now.
Btw, for people who aren't living paycheck-to-paycheck, the interest accrual isn't the real issue to worry about. Imagine: if you spend $300 in a month, and miss your payment by a whole month once in a while, even at a crazy 20% APR, you'll have to pay $5. Unless you only have a few dollars to your name, it's probably not going to suddenly break you.
The real issue, I think, is the impact on your credit history for missing a payment entirely, i.e. not paying the minimum amount due. Even if it's $1, you need to pay all of it. That's the real penalty to worry about.
The not paycheck to paycheck people I know, myself included, charge everything they can and put the credit card on auto pay for full balance. So in my case at least, your $300 is more like $10,000 monthly. I’d be pretty mad if something happened and I owed $100+ of interest but like you said, not as mad as having the late payment show up on my credit history
Should mention I make ~$300 a month in cash back by doing this and that’s my main motivation. I actually hate the idea of cash back as I realize it just adds cost to the system but I’m just one dude and the world has spoken on the matter so I may as well get what I can out of it.
See also the Sam Vimes boots theory of socioeconomic unfairness (from Men at Arms, 1993):
> The reason that the rich were so rich, Vimes reasoned, was because they managed to spend less money.
> Take boots, for example. He earned thirty-eight dollars a month plus allowances. A really good pair of leather boots cost fifty dollars. But an affordable pair of boots, which were sort of OK for a season or two and then leaked like hell when the cardboard gave out, cost about ten dollars. Those were the kind of boots Vimes always bought, and wore until the soles were so thin that he could tell where he was in Ankh-Morpork on a foggy night by the feel of the cobbles.
> But the thing was that good boots lasted for years and years. A man who could afford fifty dollars had a pair of boots that’d still be keeping his feet dry in ten years’ time, while the poor man who could only afford cheap boots would have spent a hundred dollars on boots in the same time and would still have wet feet.
This is true, it’s a good system for engineers and travel hackers but bad for the common person. The credit card processors are raking in fees, though. It also provides lots of opportunities for what is essentially legal low-level embezzlement for anyone who can expense things to their employer (especially folks who travel on their dime). Way too comfortable a system for anyone to change it.
Speaking of that. I like to look for loopholes / arbitrage opportunities within.
Once upon a time, when cash back ran benefits were in the 6% range. I bought prepaid visas from a retail store. And ran them through some merchant account. About $50K went in a circle every day and I kept the spread of almost 4% if I recall. I had to pull some other accounting tricks to make sure it did not accrue tax liability in the process but it was actually fairly impressive once I hit a certain volume I knew I tripped the alarm with the credit card issuer. They changed their entire card benefits in a way that was obviously related to blocking the activity I was doing.
The best manufactured spend used to just be buying money at face value and with free shipping from the US Mint. Too bad the mint got wise to that and now there's a premium + shipping.
it’s against the terms of all merchant accounts to use them as a cash advance for yourself, even if there is zero percent cash back. also, what sort of prepaid visa ever offered 6% cash back?
I think about this all the time with so many things in life. Same with employer tax incentives, like a free metro pass/tax deductible contributions towards commuting. I’m actually paying less to take the subway than someone making minimum wage. It doesn’t seem right.
I take full advantage of all the credit card benefits though, as I think everyone should if they can.
It’s absolutely true. In many ways. Although in this case, a poor person could reap the same benefits. The only requirement would be good credit and payments/financial discipline. I know those things are generally inversely correlated but just wanted to point out you don’t have to be wealthy to get a cash back credit card.
> if you spend $300 in a month, and miss your payment by a whole month once in a while, even at a crazy 20% APR, you'll have to pay $5
Careful with this though. The interest rules are very complex. One would think you pay the interest + penalty + balance in full and that's that, but no. Once the account goes into "charging interest" mode, it keeps charging interest on subsequent months even if you pay in full as long as there is a balance on the day of the cycle close (which if you're using the card, there always will be!)
The way out of that trap is, if you ever have a late payment, stop using that card entirely and pre-pay the entire balance (including charges not billed yet) before the close of the cycle. The goal is to get a statement with $0 balance. That will reset the account state to normal.
Wow. I knew that balance transfers had similarly terrible rules, but I hadn't realized that normal usage can end up like this too. That's so... predatory. How is this even legal? If you pay everything in full such that your balance is $0 on a given day, what are they even charging interest on at the end of the billing cycle? The grace period just goes away for the whole billing period?
I'm not sure about that one. Maybe getting the balance to zero on any given day (not just cycle closing day) is enough to reset the account? I don't know.
But I know they'll keep charging interest every month even if you pay in full every month, once the account goes into that state due to a single delayed payment.
As someone who lives in the US, and travelled to europe, one of the toughest things was that many more places only took cash than in the states. Which meant I had to carry around a lot more cash than I was used to, knowing that as a tourist I was a target for theft (and I have been stolen from multiple times while abroad). With a credit card, if it was stolen, I could cancel it immediately, and I wouldn't be responsible for purchases the thief made with it. If cash was stolen, it would just be gone.
Also, I got a better exchange rate with my credit card than with cash from a bank or ATM.
On the other hand, I really liked that I payed for meals at the table instead of giving the card to the waiter, and that listed prices included tax.
That's not to say the US system doesn't have problems, it definetely does. But I wouldn't want a cash-only system either.
This is not a general Europe thing. I live in Denmark and I only use cash to try and teach my kids about money. I can't remember the last time I paid cash for anything. I'm tempted to say it has been a decade or so.
Very good point about using cash to teach kids about money.
I just began teaching my kindergarten going son about money and some of the things he has learned watching us is very insightful. For all purposes, money for him is our phone. He has seen countless places where we pay with phone to buy things (using QR codes) and that has given him an impression that a phone can get anything from a store.
For me, in my own childhood days, money as in cash was easily understandable as a finite resource because once it’s given to someone, it cannot be taken back. So I learned just by watching that money carries a value and is limited. But just scanning a phone or card with no concept of finiteness will carry some repercussions I think in future.
Will be interesting to watch the future generation who might grow without concept of cash money.
I always withdraw cash money using the debit card when I'm abroad. It has acceptable exchange rates(always better than the money exchange rates at the destination country) and much lower fees(mostly just a fixed amount of €) than the credit card (quite high percentage + fixed fee).
This really depends on the credit card and bank. My old French credit card that was supposed to be great for traveling had 2.5% conversion rate plus 0.30 euros fixed fee.
My US amex is usually only 0.1% more than current market rate and so better than any debit card I have by far.
In my experience, European countries are by far the worst when it comes to exchange rate and added fees. One hypothesis is that interchange fees are capped so credit card companies can't make as much from the merchants but even before that happened, I remember the fees being very high.
The problem with exchange rates is usually that the institution managing the ATM/Payment Terminal tries to trick you into using their exchange instead of just charging your card in the local currency and have your bank do the exchange. And the ATMs exchange rate are a ripoff. You’re not a returning customer, so they milk you as much as they can. This holds true for both credit and debit cards. Check with your bank, they’ll give you the proper advice and it’s usually “charge in the local currency and let us handle the exchange.”
Many people in the US use credit cards like “charge cards” and pay them off each month. I’ve never carried a balance on a CC but still use them for nearly all purchases. If something goes wrong a CC give the consumer a lot more leverage than say a debit card. I once had a bad experience with a merchant where they overcharged me and refused to fix it. One phone call to the credit card company had their payment revoked and that was the end of it. Now they have to deal with the CC company on why they are treating CC company’s consumers poorly vs me random consumer that’s not happy with them.
I get that the flip side is the above can suck for businesses if consumers file bogus complaints but as a consumer I’m going to take advantage of every tool at my disposal. If I had paid with a debit card it would have been a big mess to fix.
Its not. Schufa collects negative entries. If you did not pay back loans in time you will have a bad Schufa. To the contrary in the US you have to have “good credit” meaning you have to have participated in the “credit system” and behaved well.
If you don’t have any record: Great for Schufa, bad in the US.
Oh I thought no debt history would equal clean credit. That’s bananas, surely it’s safer to lend to someone who has never been in debt? I don’t get the logic..
Depending on the lender, they might actually be after people who are always in debt, and who pay their credit cards bills each month but never entirely pay them off.
No, it's safer to lend to someone who has handled credit well (i.e. by paying it back) than someone who has no track record.
There's a catch-22 if rules are so strict so that you can't get credit because you haven't had credit before, but in general "positive" credit reporting seems pretty beneficial.
haven't been to the US, but you can get a clean schufa if you just move to the country. I've _heard_ that in the US you'd need to get and pay off debt in order to have a good standing, a lack of any record is considered suspicious.
That is absolutely true. I was treated as subprime despite having no debts and a high credit score (on annualcreditreport.com) merely because I had never taken on debt. I would get rejected even for $500 department store credit cards! It’s ridiculous.
If you're middle class or higher, a credit card is a no-brainer in the US. I pay for 1 international trip a year + a few domestic trips just using my card for every day purchases. I rack up points, pay everything off, and benefit tremendously.
I know that getting a very visible 2% back from an invisible 4% fee is psychologically fun in a way that a European-style 0.5% fee isn't, but the net effect of the American style is still to transfer more money from you to the credit card company.
The fact of the matter is that retail goods and services cost the same whether I pay cash or use a credit card. So might as well take the benefits the card offers.
Every great once in a while I will run into a small business that doesn't take credit cards, or offers a discount for cash. But it's quite rare.
Yeah, which the CC oligopoly has conveniently arranged through merchant contracts. The Europeans negotiated around this with legislation and won a better deal.
In the US, I'm sure people would scream and cry if the evil government tried to take their 2% rewards, even if it meant 3.5% lower prices. We don't like math very much over here -- as this thread is proving.
>"The fact of the matter is that retail goods and services cost the same whether I pay cash or use a credit card. So might as well take the benefits the card offers"
The merchant costs for processing the purchase of those products is baked into price though. The net effect is that the fees the merchant pays push your retail price up. You're not really getting a benefit if you get 2% back and the retail price is 2% higher to account for the merchants processing fees.
The invisible fee is paid by the merchant, not the consumer. And fees aren't 4%, they are generally 1.3% to 3.5%. With higher fees for American Express, and merchant types with higher fraud rates. (American Express also offers greater rewards to consumers...)
In the end, aside from the complicated consumer reward part, the amount that the credit card companies get isn't that different from the European system.
The customer is paying whether or not they use a credit card.
However actual businesses have overhead for dealing with physical cash as well. It is slower at the teller, needs to be manually counted and recounted, transported (sometimes with security) and so on. It is not clear whether real costs of handling money are greater or less than merchant fees.
Doesn't the money have to come from somewhere? I assume merchants need to pay fees to credit card companies, and in turn this results in higher product/service prices?
That's where most of it comes from in the US, interchange rates on credit cards are not regulated, so they're generally somewhere around 2%.
Which, coincidentally, is the benchmark for "decent" credit card rewards.
Some cards will offer rewards on certain kinds of purchases, often up to 5%, but offering only 1%, or nothing for other purposes.
Since the average person only has a single credit card, the majority of cardholders produce more in interchange fees than they collect in rewards.
There's also some complicated accounting voodoo that I don't truly understand, that effectively means that banks can treat extended credit as a pseudo asset, plus, whenever alone is outstanding, it's value is added to the virtual money supply.
It is possible for an individual customer to get significantly more in rewards than interchange, but as this is a relatively small portion of customers, most issuers do not seem to care.
Technically no, no one has to explicitly lose money or pay for these rewards. The economy is not a zero sum game. There are direct costs with handling cash for merchants, for smaller businesses these are often higher than credit card interchangge/merchant fees. There are also indirect costs like lower sales and consumers losing cash due to theft.
Indeed that's the truth but they charge that for every customer including cash customers except specific places like arco. So if everyone is getting charged, best get some benefit from it!
...which is a state of affairs the CC companies have arranged through anticompetitive terms in merchant contracts. Cash never had a chance to compete. The moment people realize they could get effectively twice the rewards points by squeezing out the fat cut taken by the CC companies, they absolutely will. CC companies will fight tooth and nail to make sure the fees stay invisible and unavoidable via cash.
Totally -- if the government passes some law that says, for example, credit card companies can't give out 5% rewards, but only if the prices of goods drops 5%, I would be 100% in support of that.
Until that happens, I'll take the 5% cash back, since it is preferable to 0% cash back while paying the same price.
Do you only pay for things like a car or a house using cash? Or what about if you are applying for a loan to start a business? Is it all just a 100% cash based society?
No, cars and houses are still common to finance, but those are obviously usually much rarer events and of some great magnitude. And given the usual lack of much of a "credit history", banks rather look at your income, assets, and other things.
Business credits exist too of course, but I'd guess that the proportion of the population doing that is even less (and Germans are already much less likely to buy houses or apartments than people in the US).
Of course if you did have a credit somewhere, and you defaulted/didn't pay, it's bad, and there is a credit bureau tracking that and more ("SchuFa").
I think there might be some confusion happening here.
Nearly every “basic” transaction (like buying coffee) is done with what might appear as a “credit card”, but it is actually a debit card. Some people use “credit” for these daily sorts of purchase, but at least among the people I know, this is extremely rare.
If I buy coffee, I buy it on a credit card. Every daily purchase uses a credit card. Why? I want a buffer between me and the purchaser. I don't want them to be able to take money from my bank.
Now, if I shop online, I used to put it on a credit card. Now I generate a virtual debit card using an online service and pay with that. The logic is the same.
That is actually the one thing I grant credit cards to be superior in. Back before I moved here, I was traveling with friends to the US. We knew credit cards were prevalent in the US, so I got a "normal" credit card from my bank, and one of my friends got a debit type credit card.
We later got some fraudulent charges on it, which got resolved for either of us, but for me the money was never gone (I had not paid the bill yet), while for my friend it took a while to get the money back on their account.
Another fun difference: When during our trip, waiters and cashiers would not just take the credit card, but walk away with it, we were horrified. In Germany, you never give your card away to anyone. You stick it in a terminal and type in your PIN.
> That is actually the one thing I grant credit cards to be superior in
I mean, it’s basically their only purpose in life (if you use it for the other purpose to purchase things ahead of your paycheck, that you don’t have the cash for already, you’re going to get yourself in trouble — 20% interest _hurts_)
Amex offers 1.25% cashback, and they also have rewards cards that provide "points" which are redeemable on most major airline/hotel rewards programs. In practice Amex is almost universally accepted (I make 1-2 transactions a month that aren't on my Amex, but almost never a big ticket purchase).
For the cases that amex isn't accepted, all the major airline groups have a rewards card too (although BA's is an Amex), and most of the supermarkets have cashback cards in the 0.75-1% range.
Yup. I’m in Germany and I get cash back points on my Amex. Same experience that it’s very rare not being able to use it, I carry a Mastercard for that case.
Yes, the European/Canadian way to do credit cards at a restaurant is nice. The card never leaves your posession. I wish that would get adopted here, but restaurants will resist having to buy the handheld devices. I like restaurants where you get the bill at the table but pay at a desk near the front door, avoiding the problem of handing your card to the waiter.
Many "family" restaurants in the in my area of the US have tablets at the table which allows you to pay your bill when you are ready to leave with a credit/debit card with no interaction with the server required.
Family restaurant means a chain like Applebees for those unfamiliar with the term.
The tablets are also a revenue-generating device as you can play games on them for a fee. They also have surveys so you can give feedback on the service, this has become somewhat controversial (see https://www.eater.com/2018/6/22/17492528/tablets-restaurants...).
You and I don't know the same people. I use a credit card for everything and pay it off at the end of the month. I know nobody who uses a debit card like that unless their credit cards are maxed out.
Same. Debit cards carry a lot of risk that I can offload by using a credit card. If someone gets ahold of your debit card info, there is very little recourse once the money has left your bank. Not so with credit cards. In addition, credit cards carry a whole bunch of rewards (earning points you can redeem for travel or gift cards, cash back, upgraded status with airlines and hotels, no foreign transaction fees, and the list goes on) you can’t get with debit cards.
> If someone gets ahold of your debit card info, there is very little recourse once the money has left your bank.
This gets repeated, but it's not true everywhere. Some banks may not care or maybe it's harder in some countries. But for example in the UK I could easily revert a few £k the same day without issues. I'd love to read more about where the differences come from, but the blanket statement is not 100% correct.
Once upon a time you didn't see co-branded Visa/Mastercard/etc. debit cards for local banks. In many cases you still don't. If you have access to a co-branded debit card you're often afforded many of the same protections as credit card users. However, you still miss out on other, additional benefits, like building your credit and getting access to rewards.
It always depends, so do your own research, but as far as I understand, it is still considered decent general advice to tell people to prefer credit cards over debit cards. They will build credit, earn rewards, have excellent consumer protection from fraud, increase the distance between their purchases and the cash in their bank account, and so on.
It's true in the US. If someone manages to steal your debit card data and your PIN, all the banks say "well your PIN was used, so it must have been you" and you're SOL.
Yes, the limit is often the difference. Multiply your $500 by 10 and I'm curious how a small to mid-size credit union treats it. If it's a cobranded card, it's one thing. If it's a "Friendly Bank of Central Virginia" debit card, you may have less luck.
This sentence is the epitome of marketing brainwashing in the US. Not trying to single you out, as we all suffer it to different degrees here, but this sentence kind of puts it in such a nice little box.
What's a reward? What actions warrant such gifts? Why don't they just give you money instead of "points"? At any point, does the gameification of debt strike any of us as one of the most abhorrent MBA ideas in history? It's right up there on the list, sitting below indentured servitude and for-profit prisons.
They mostly do cash back as an option these days. The sinister part is we pay more to cover the transaction cost. But if you aren’t using a credit card to get points you’re only hurting yourself. (Unless the biz has a cash deal)
My card has always had cash back. I always pay it off so I don't care what the interest rate is. If somebody steals my debit card I can bounce checks. If somebody steals my credit card I might hit my limit, but they'll give it all back.
Then 'it worked'. That's the whole point of credit cards. They're trying to dissociate the buying and the paying such that it's easily possible to 'overbuy' and slip into the credit card hell of perpetually trying to pay it off.
The closer you are to 'living pay check to pay check' the easier it is to get you into this. And I suppose for some people it takes multiple larger purchases to get you into it. Popular culture, TV shows, Twitter nowadays etc. don't help and 'legitimatize' it (everyone's talking about it that way, so everyone must be doing it that way, so it's OK to do it that way).
You might be good at "paying it off at the end of the month". A lot of people easily slip into credit card hell that way, because they _can't_ pay it off at the end of the month, because they didn't realize how much of their credit they should really be using. Credit card says you have $2000? Let's spend $2000. At the end of the month I only have $1500 left in my account? Oh crap!
Personally I pay it off in sort of regular intervals, since it's all right there in my online banking. I've never waited for a "credit card bill", even when they still sent them to me in actual dead tree form.
I pay it off in full when it's due, and have done almost without fail for years. In two cases I stuffed up (paid the previous month's bill instead on one, can't recall the other), in both cases I hit them up and they ended up refunding my interest anyway.
The points for regular spend, the sign up bonuses, and the interest savings (the average balance on my card ends up saving me interest on my mortgage) put me well ahead.
Credit cards are a solid because many (most?) people use them poorly, but it's certainly possible to use them wisely.
Young people with no credit history can get debit cards if they open bank accounts. I'm not really sure it helps their credit score but it's convenient. The first real credit card a young person gets will have a very low limit, maybe only a few hundred dollars, so they are not all that useful at first other than to start establishing a credit history.
Debit cards do not help credit score. If your score is too low or non-existent you often have to get a 'secured' credit card which means you have a limit (often it's still a low limit which I don't understand), and that limit is how much cash you let the company hold for you. It doesn't seem any different to me than having a bank account + debit card. When you're done using a 'secured' card you get your initial money back
That does not match my experience at all, even before coming here. Credit cards, as far as I could see, are actually credit cards most of the time, and I have been explicitly told that I should start "building credit" by paying as much with a "real" credit card as possible.
"Credit card bills" also seem to be a regular part of everyday conversation here, in sitcoms, on Twitter...
>I have been explicitly told that I should start "building credit" by paying as much with a "real" credit card as possible.
You've been somewhat misinformed. You build credit by obtaining the credit line and just having it available for a long time, not by using it "as much as possible." Actually purchasing items with your credit card is not required.[1]
In fact, "maxing out" your credit cards (when your bill closes using 85%+ of your limit) actually can reduce your score (but only for the month(s) your cards are "maxed out.")
In the UK, there is no such thing as FICO. The "score" the credit bureaus tell you is completely made up and is designed to encourage you to check back regularly so you can see and "engage" with the "offers" (aka ads/spam) next to it. It will vary by a dozen points every month or so.
Lenders get a raw copy of your report when you apply for credit, which contains things like credit account history (max limit, % of limit used, late payments if any, etc) and then run their own scoring algorithm on it. Those are black boxes.
In the UK, getting a credit card and using it regularly seems to be the common advice for building credit, which makes sense considering the scoring algorithms themselves aren't public (and differ by lender).
The US is abnormally obsessed about credit and creditworthiness.
In most nations the debt to income ratio for these things is also much stricter than in the USA, since they don't expect everyone to have 10k in credit card debt and 50k in student loans.
Its amazingly easy to not have those debts, and most people I run into do not. The problem is the people who do are very vocal about it and it's impossible to inform them that they may be spending more than they can afford
My bank in Germany actually has a hybrid system: Any charges are on the card, not your account but you have to specifically apply for deferred payment. The default option is that they settle the credit balance with your checking account every month.
Seems like a good system to me. You give people the "buffer" between your account and merchants but make it very hard for people to go into debt.
This is how the usurious banking system gets you. People continue to cry about the wealth gap, yet they don't want to fix the problems right under their noses.
Equifax drives me insane. I can't manage my own freeze with them because they can't validate who I am over the phone (none of other bureaus had a problem).
Instead, I have spent 6+ hours on the phone with them over the last 3 months. I have faxed the requested information 3 times and mailed it once and nothing has been resolved. I've given up. I recently had to have my credit checked for home purchase and I simply told the lenders that I would not be working with them if they could not use Experian or Transunion to verify my credit.
The most insanely infuriating thing about all of is was that when Equifax got hacked, I immediately froze my wife's and my own credit with Equifax. At the time, they required you to create a unique 16 digit key to manage your freeze. They have apparently done away with that, so even though I own the key and can give it to them, it means nothing to them. My wifes account has no issues.
My account will be frozen for life at Equifax, I don't care to waste any more time with them and I the credit system in the US with a passion.
I have the same issue, PINs are never recognized. They can't find me when I call in either. I've been able to unfreeze from the iOS app, but that's only because it asks for basically zero information to do so.
That is one way to be able to solve the problem, but the most direct way to solve the problem of credit scams is to put the onus on the bank who opened up the account incorrectly to assume responsibility for the debt, not on the person whose details were spoofed to create the account.
Completely agree with this. Credit freezes don't work because credit reporting agencies have never been in the business of identity verification or protection. Whoever grants the line of credit should be doing the due diligence on whether the right person is in front of them or not, but they would rather pad their numbers and shift blame to someone else.
> but the most direct way to solve the problem of credit scams is to put the onus on the bank who opened up the account incorrectly to assume responsibility for the debt, not on the person whose details were spoofed to create the account.
This. "Identity theft" shouldn't be a term. There's already a term for what's happening, it's called fraud, and it's perpetrated on the banks without involving the person whose identity was "stolen." Consumers shouldn't have to deal with the fallout from banks' fuckups, especially given the resources banks have available to avoid said fuckups.
I am a part of a small but passionate group in Denmark, who advocates for giving everyone an account in the national bank at birth.
This account would be able to attach a featureless debit card (using our national standard payment system "DanKort"), and have the same interest rate as the national Bank (so for now, slightly negative).
Employees of the national bank is already able to get accounts like this. So there is precedence.
This is obviously not a particular attractive not sophisticated "product", but it is awfully hard to hurt yourself with, and will have all the functionality that allows you to function in a modern society.
Make banking a choice, and force the banks to make sufficiently attractive products to convince me to participate willingly.
How does “giving everyone an account in the national bank at birth” correspond to making a choice? How about, instead, you give people the option to open an account with the national bank? That sounds more like a choice.
This all stems from the right to privacy and right to control your data, and the overall lack thereof in the United States. All that the credit beuraus do is collect information from various sources about people.
What really upset me was when my wife immigrated, she did so just before Trump passed some new immigration laws. Those laws would have required her to submit her credit scores as part of the paperwork for immigration. The idea that in order to immigrate you have to tell the government information from three private companies is just insane in my opinion. This last week has solidified this opinion as a year and a half later she still can't get info from them, I can't imagine what they would say just after moving here.
Reputation is a pretty fundamental component of existence in a human civilization. The specific implementation leaves a lot to be desired, but the underlying structure - people will talk behind your back about your behavior when deciding how much to trust you - is not going anywhere.
" Freezes don’t appear to work - they usually say that I don’t have an active freeze whenever I go to lift one. Or their website is down entirely. Or they won’t let me get to the freeze section without clicking no on their paid monitoring services 8 times. " It might be worth mentioning that I've had to temporarily lift freezes from all 3 bureaus a number of times and nothing like this has ever happened to me. I've never had any trouble or needed to pay anything.
You could accomplish this by just never applying for credit of any kind, couldn't you? In this way, these agencies might have a file about somebody with your name, but it won't really be relevant to you in any way.
Even if you never open a line of credit in your life, the contents of that record will still affect your ability to rent apartments, get jobs, and even have utilities in your name.
Anytime you open an account at a financial institution for a savings, checking, or retirement account, they will get a credit report. Employers are increasingly requiring a credit report before handing out job offers. Every landlord is going to require a certain credit score before accepting your application.
You don't need worry about your credit if you use cash and store it in a coffee tin, couch surf, and work under the table.
Assuming someone knows your name, address, and SSN (something which isn't meant to be secret - the SSA even printed 'not for identification' on the cards for a while), they can apply for credit cards in your name as they often require no other form of identification. The U.S. doesn't have a national login system for identity verification or anything so there's not much that could be done here from the security aspect besides creating a federal credit beurau or a federal ID system (or if login.gov allowed third-party companies to use it).
My favorite part of this system is when they give you a year of it as compensation for a data breach, saying it’s worth 12x its monthly fee (which they make up). That’s not even touching on the fact that their solution to losing your data is asking you for more of it.
I’ve never been lucky enough to be compensated with such a service. But it wouldn’t surprise me if they were so helpful that they even auto-enroll you in another (paid) year at the end of your free trial!
One also wonders why reforming the credit bureaus is not a bipartisan priority in Washington. Congress is apparently only interested in fighting over the issues that nobody can agree on. Don’t hold your breath for any progress fixing systems that anyone except a lobbyist can clearly point to as broken.
The problems might get some attention if the corporate media chose to hype them, but guess who buys a bunch of advertisements on their news channels?
I recently negotiated two service contracts, one for a company that helps administer employment verification (e.g., if an employee applies for a loan), and another with a company that handles COBRA documentation post-termination. Both of these require the service providers hold some confidential information concerning our employees. Both contracts explicitly provided (i) they will not indemnify me for state/federal penalties if they fail to do their job, and (ii) the only remedies they would provide following their data breach is one year of credit monitoring. I told them that was crazy, and if there's a breach they need to indemnify me for all losses and liability, full stop. Both companies refused so I had our broker approach different companies. Those companies proposed contracts with the same terms and also refused to change them. As the employer here merely contracting with service providers, I can't even find contractors who will take this liability on. I would 100% support legislation that would impose on these bastards penalties for the losses associated with their data breaches or failure to provide the services they say they are going to provide. I am also comfortable with the fact that may cost more, but at least then the costs will be internalized by the proper actor. And those who can efficiently provide secure services to me will get my business.
What a great story. Thank you to share you experience. I wonder if (i) is not enforceable. That said, it is the legal equivalent of David and Goliath to win that case. Even if the clause is legally enforceable, could you win a civil suit on the grounds of negligence (poor service)? Again, maybe, but probably very expensive to discover! I agree: These kinds of clauses should not be allowed. I cannot imagine this same thing happens in EU with GPDR.
(i) is enforceable. You could have a negligence claim, but customer (if a regulated entity) is generally required (on a principles basis, not necessarily prescriptive) to do their own due diligence on the adequacy of the vendor's security practices. The shift away from assigning liability to vendors was part of Dodd-Frank, and NYDFS has taken a similar tack with its cybersecurity rules.
> I am also comfortable with the fact that may cost more, but at least then the costs will be internalized by the proper actor.
The problem with these situations is that liability would induce bankruptcy by a factor of a thousand. If one of these companies screws up, likely they did so for each of their customers, who each have their own customers. Plausibly millions of people, for vendors that aren't exactly Google-sized. So for any non-trivial damages they're out of business and you get three cents on the dollar of your indemnity because so did everybody else. Which is all but worthless. It doesn't even give them much incentive to not screw up, because they're only paying 3% of the damages before they file bankruptcy and start over, which itself only happens if they're unlucky. Plenty of companies would be willing to take those odds and they'll still be the ones with the lowest price.
The only way for them to cover the full amount is to buy insurance, but then you have the liability on the wrong party again and they lose the entire incentive to avoid screwing up. We might like to believe that insurance companies have some magic to reduce claims, but mostly they don't and they just spread the cost of the liability across all their customers.
So really all you're asking for is a law that forces you to pay extra in order to buy insurance. But can't you already buy insurance from an ordinary liability insurance company instead of the vendor?
I can, but the vendor's negligence causes me to suffer higher insurance premiums without any ability to leverage them into better practices. If they were obligated to buy that insurance, the insurers could require that their insured observe the underwriter's mandatory security practices (or otherwise they would be uninsured, and in my ideal universe, out of business). As it stands, the vendors take unreasonable risks, and I'm on the hook trying to insure the bloody mess that results without any control over the vendor's security practices.
> If they were obligated to buy that insurance, the insurers could require that their insured observe the underwriter's mandatory security practices (or otherwise they would be uninsured, and in my ideal universe, out of business).
Then you're hoping that the insurance company's checklist does more good than the overhead in enforcing it costs.
Those type of guidelines generally fall into three categories.
The first is the ones that are sensible and cost effective, but mostly those are the ones that everybody does regardless. You might marginally increase the number of people who do these things. This is where the possible benefit comes from.
The second is the ones that are just ridiculous nonsense. Things insurance companies require because they're fallible entities. The typical "install antivirus on Linux servers" checkbox. It has no benefit but it has a cost and the cost offsets the benefit of the useful measures. The insurance company has minimal incentive not to do this, especially if insurance is required by law, because the cost is being paid by somebody else.
The third are measures that are marginally effective but not cost effective. They do a little and cost a lot. Insurance companies love these because they do marginally reduce the number of claims and the cost is hidden, but it still gets passed on to the customer (you), and the cost exceeds the benefit. It's a deadweight loss to you but the insurance company has a perverse incentive to require it.
When you put them all together you're lucky if you break even.
There's something wrong with a notion that a single actor can cause enormous damages, spread them out between community members and suffer no consequences, and I'm not even talking about only credit companies.
For example, take an action which makes everybody spend an hour of their time. Disposing snail mail for example. Lets say there's 300M people in USA. Lets say only 100M of them are affected. Lets also be charitable and say that an hour of their time is worth $10. That's a 1B damage right away. It is a Fukushima level damage.
I don't have a solution, but it is disturbing that we allow actors capable of causing such damage just go do their business, take risks, and if risks don't work out - just file for bankruptcy and suffer essentially no consequences
The underlying problem is that people are capable of causing more damages than they can cover. If you cause a billion dollars in damages, but you don't have a billion dollars, who pays? Not you, for sure, because you can't.
Some of these have decent solutions. We want people to recycle aluminum cans, so we have a deposit which you get back when you take the can to the recycling machine. If you're too lazy to do that, now it's a means for the homeless to make a buck, you don't get your deposit back, and the cans still get recycled.
For other things the solution isn't obvious. You could require anyone who wants to operate in these industries to post a massive bond of their own money to pay the claims if there are any, but that's just asking for market consolidation. You end up with an abusive monopoly or possibly even nobody willing to offer a product in the market at all. The cure is worse than the disease.
In some sense what you need is the opposite. If there are a thousand competitors then there is no one company who can breach a hundred million users. Moreover, there is plenty of competition, so companies that get breached have to worry about reputational harm and customers switching to a competitor. Then you would expect the companies with good long-term records to take over.
And then we're back to the problem with credit reporting agencies. The problem is that the victim has no way to opt out of the system.
One solid solution would be to eliminate social security numbers whatsoever and otherwise put them out of business. The entire credit system is just a zero-sum bidding war anyway. Making it harder for everyone to get credit only reduces the bidding war for housing and makes it more affordable to everyone.
> One also wonders why reforming the credit bureaus is not a bipartisan priority in Washington.
This is a classic “concentrated benefits, disperse costs” problem that is really hard to solve in society. The three credit bureaus have a huge incentive to maintain the status quo, while millions of people have a small incentive to change it. The three credit bureaus are going to fight a lot harder to maintain the system than everyone else will fight to reform it.
It is the same thing you see with our tax system. For individuals, it just isn’t worth it to try to change the system. The effort would cost more than the gain, but the overall cost to society is great.
> One also wonders why reforming the credit bureaus is not a bipartisan concern in Washington.
And one solution might be to simply create a statutory strict liability of $1000 per consumer per breach. The (possiblity of) class action lawsuits would do the rest to encourage correct behavior.
(It might encourage cover-ups as well, but you could penalize that, and incentivize and protect whistleblowing and well-intentioned security research.)
> The best part about this lax authentication process is
> that one can enter any email address to retrieve the
> PIN — it doesn’t need to be tied to an existing account
> at Equifax. Also, when the PIN is retrieved, Equifax
> doesn’t bother notifying any other email addresses
> already on file for that consumer.
Hang on, so the attacker doesn't even need to break into somebody's email account first, they can just guess the questions and put in their own email address?! This is insane.
Security questions in general are a farce. I've started generating random passwords for answers and storing them in my password manager. that at least helps me feel slightly more secure about how ridiculous security questions are.
> generating random passwords for answers and storing them in my password manager
My friend did this. We made a bet. I called his bank and, when challenged for the answers, laughed and said I'd mashed my keyboard and that it's all gibberish. I got through and won a free drink.
Yeah, and then you have 50 places with all different question where you give incorrect answers lol. Good luck trying to recall it. IMO these questions are the worst.
You put the answers into your password manager for that account. If your password manager doesn't have at least some kind of encrypted "notes" field for each account, get a better one that does.
I did this and once they made me read it out: “three-four-echo-alpha-two-zulu…” At the end, I felt like I just gave them the world’s longest taxi clearance.
This must have been a major hassle, but your metaphor painted such a picture it cracked me up. Maybe it was a controller who had a major personal beef with some particular pilot.
There's one particular company that always asks for these on the phone, and unfortunately I have to call them somewhat regularly. "Yes, my grandma's name is 7lIMkcblbatQ7wXrmamTHc". Interestingly, they always maintain a poker face/tone throughout this process.
i was just thinking about this after I posted this. To be fair there's probably plenty of ways to smooth talk a customer representative. Most of these conversations end up emailing you a link to reset your password anyways, I would hope.
Which is why security questions are a horrible idea. What good does it do to have your nicely salted and hashed password when the answers to the security questions are available in plain text and get you access to the account.
Then you'll love what United Airlines used to do (still does?), which had me selecting answers from a dropdown list. Too bad if your 'favourite sport' isn't listed!
Disclaimer, I work for TransUnion. The following thoughts are my own.
The theory behind this implementation is that probably no one other than you knows what the amount of the mortgage you took out in 1999 is or the size of the car loan you took out in 2015. So in theory it confirms that you are the person who the credit report belongs to. In practice it gets tricky because there are plenty of people who have super boring credit files (e.g. they only have a credit card and have never had a loan). With that kind of user you end up in the situation where the questions either ask about information that can probably be gleaned from public records or the answers end up being “none of the above.” For those users specifically it is a pretty useless solution. I remember signing up for Credit Monitoring and thinking that anyone with a passing knowledge of my life could answer the questions.
It turns out that verifying that someone is who they say they are without needing to see a valid ID is a hard problem to solve.
Is it a great solution no, but before data breaches became so common it was a somewhat reasonable solution. In today’s world though I would agree that it is a pretty terrible solution, but I don’t know how you would solve that without requiring notarization from a trusted third party that the person is for sure who they say they are.
That helps when you set the security questions yourself, which is not the case here. The security questions these companies ask you are data from your credit file (like your past addresses and creditors).
These "security questions" that Experian is asking aren't questions you previously given answers to, they are questions that are generated based on what they know about you based on your credit report and data from other databases. They might ask you about loans you have or had, people and phone numbers you are "associated" with, places you've lived, cars you've insured, etc.
The days of confirming a person's identity by testing their knowledge on the person's metadata are long past (if they ever existed in the first place).
I don't know what the best solution to this will look like, or if society will ever try to implement one. A lot of people are against having a Federal ID. A private solution will have its own set of problems.
The good news is, its the responsibility of the place that's issuing the credit to do due diligence of confirming an identity. If someone steals your private details and gets approved for a line of credit using them, life will suck for a bit while you sort it out, but you'll never actually owe that money (no matter what the debt collectors tell you).
> I don't know what the best solution to this will look like
Changing the law to require that banks prove beyond a reasonable doubt that they entered into a contract with you. The burden should be on the bank/creditor to prove that they extended a line of credit to you. It shouldn't be up to you to prove that you didn't.
I mean, imagine if you could hold any company liable for fraud if you received a phishing email that appeared to be from them.
I believe it needs to be a person-to-person interaction.
You want a line of credit? You have to go into a physical location, get photographed, maybe a fingerprint scan. Ideally, we centralize the data.
This serves several goals:
1) It provides a huge resource bank for fraud detection. On the small scale, you can flip the records to law enforcement as soon as someone says that their identity was stolen. On a big scale, you could identify serial fraudsters-- if the same guy applies at 12 banks under 12 names, a red flag needs to go off as soon as he steps into bank No. 13.
2) It makes applying for credit a serious, conscious thing that discourages frivolous use. The Klarna/Affirm style "instant credit" disappears. I think there are many people who will be better with their money just because of the shame of going into a bank and admitting they need another credit line.
3) You have an opportunity for direct intervention. Applying for credit may be a crisis signal-- maybe te guy taking your picture has some basic training and guidance to ask "are you undergoing financial abuse by a spouse?" or "you know that you're buying into a classic 419 scam?"
Indeed, it's an incentive problem. Banks create shitty systems because when their systems fail someone else suffers.
Even the phrase "identity theft" is a misleading attempt to shift the blame, as humorously depicted in this Mitchell & Webb comedy sketch: https://www.youtube.com/watch?v=CS9ptA3Ya9E
Thanks for linking me to this. From a high level it sounds pretty reasonable. The private sector likely wouldn't be able to implement an in-person verifying service at a national scale.
This an option the German postal service provides. It works quite well. There are different levels of identity verfication available, and employees are able to complete the lower levels at your door.
An personal example I had a few years ago was signing a cellphone contract online. The postal employee delivered the sim card after verifying my identiy at the door (you can't get phone contracts without ID around here).
For the higher levels one has to go to the postal office, and it includes a bit more paperwork. These are only used for higher sums, mine was for a bigger leasing contract for my company.
Using USPS's normal services, mailing etc, is difficult for me at least now because of hours. Its ooen from 8:30 to 5:00 on weekdays, & I have to run in my lunch to get something done, or otherwise have to wait for saturday. Would love it to shift an hour morning or evening, like 7 to 4, or 9 to 6 or something. With this suggested in-person verification, it will be more important than ever.
One of the three's PINs are automatically set, just as the date string from when you froze your credit. Legitimately something like 20191218. You could relatively easily guess them.
One of the three removed the freeze by me just calling and asking, never providing a PIN.
One of the three was alright. I set the PIN to something of my choosing. I had to call, provide all my info and then the PIN to remove it.
The state of credit freezing across the three big companies is an absolute joke.
"Finally, your basic consumer (read: free) account at Experian does not give users the option to enable any sort of multi-factor authentication that might help stymie some of these PIN retrieval attacks on credit freezes.
Unless, that is, you subscribe to Experian’s heavily-marketed and confusingly-worded “CreditLock” service, which charges between $14.99 and $24.99 a month"
It's great to see theyre taking the knowledge that being hacked doesn't matter and putting it to good use
It certainly sounds like a form of extortion to me. "We have a large amount of personal information that can be used to take out loans in your name. We, and others like us, have repeatedly shown that these databases are not secure. They will remain insecure unless you pay us."
The worst part is if you get a FREE credit report with them, they sign you up for this service without you knowing. I was paying $20/month for the bullshit for about a year before I finally caught in. It's a total scam. Did a google search and found MANY other people complaining about the same thing. Their whole company is a scam.
I put a pin on my account after the first Equifax leak. Recently I needed to unfreeze it, and discovered that upon creating a “my equifax” account that I was able to unfreeze it WITHOUT THE PIN. Ive complained to the FTC (including screenshots) but haven’t heard anything. It’s so unbelievably insane these companies are allowed to operate with such massive ramifications to society and individuals!
Funny, I just called to put a Fraud Alert on my credit report. I encourage everyone to do it - so this way reputable lenders are supposed to call you when they're trying to open an account in your name. An attacker would have to port your SIM card as well...
However, all the information I was providing to set the alert, or remove it, is the exact information that any lender would receive on their application. The system if so horribly broken security-wise, I am shocked there aren't more accounts being opened left and right by people who got them from applications emailed to thousands of lenders over the years.
> I encourage everyone to do it - so this way reputable lenders are supposed to call you when they're trying to open an account in your name.
Reputable lender is something like an honest car salesman. Often consumers deal with middlemen and brokers that aren’t bearing the cost of fraudulent transaction.
Isn’t it what partially what caused financial crisis of 2008? Loans were given to people with no income and one, two or even three existing mortgages. Everyone’s incentive was to earn the commission and sell it further misrepresenting low grade bonds as high grade.
Well, I think the fair consumer reporting act (FCRA) criminalizes the act of opening an account in someone else's name without their permission and having done absolutely no due diligence. Maybe it's not criminal but you wouldn't be able to actually get them to pay the debt later.
> and were surprised to find that just one of the five multiple-guess questions they were asked after entering their address, Social Security Number and date of birth had anything to do with information only the credit bureau might know.
And a lot more than the credit bureau know those two pieces of information.
Honestly, the US really needs a government run public key ID service. The government in providing passports and drivers’ licenses is already doing identity verification. If along with your passport they would allow you to register a public key that people could use to verify your identity, it would be a huge help.
The government PKI actually almost exists already.
Passports have an rfid chip inside them that does something like receive a challenge and respond with a signature over a hash of the passports biographical data combined with the challenge, along with the public key corresponding to the signing key, and a certificate signed by a government key to confirm the signing key is legit.
The government public keys are published, so anybody can verify that someone who claims to have possession of a particular passport really does. The weak point is that as far as I can tell the revocation list is not public, so you can't distiguish between a stolen and not stolen passport.
Not necessarily. The chain of trust doesn't require such a drastic deployment.
In Europe, it's common place to be able to subscribe to loans, or similar contracts online. However, the legislation is VERY strict about requiring very tough MFA-authentication.
Say for example you would want to subscribe to a new credit card. You would either have to go personally to do it (which means they can verify your identity), or you can do it from your Online portal. HOWEVER, if you choose to do entirely online, you HAVE to use your phone as a 2nd factor to authorize the operation.
I'm not saying there's no identity theft. There absolutely is. But they are extremely strict about authenticating each and every (considerable) move.
I guess what I'm trying to say is, a PKI for the US. government is not necessary (in fact, given the time and resistance it took to deploy SECURE ID, I'd say it's dead in the waters right now), and would only require legislators not in the bed with credit card companies, to setup and enforce strict rules for authenticating orders / proceedings.
Passports are federal while driver licenses are issued through the state. If you're suggesting that the public key be linked to a passport, then I'm guessing quite a few states will oppose that on "state's rights" standing.
No, it will be opposed because of an American aversion to a national ID. I would argue that a passport is the same thing, but a passport is optional in the U. S.
The REAL ID is a mix of both state and federal. It is "optional", except that they won't let you fly or enter a government building without one. https://en.wikipedia.org/wiki/Real_ID_Act
"Starting October 1, 2021 (originally scheduled for October 1, 2020 but was postponed a year due to a global coronavirus pandemic[6]), every air traveler will need a REAL ID–compliant license or another acceptable form of identification (such as a U.S. passport, U.S. passport card, U.S. military card, or DHS trusted traveler card, e.g. Global Entry, NEXUS, SENTRI, FAST) for domestic air travel."
Apparently the government is gravely concerned that terrorists might fly from Boise to Twin Falls, so we need to make them generate at least 3 to 4 forged documents, to force them to get the super duper secure drivers license.
So why does it need to be federal? Make it a responsibilty of the states. Either way, it will be mismanaged, so might as well make it as complicated as possible by having 50+ mismanaged things.
I'd go find links on RealID, and the resistance to that, but it should be an easy query away. RealID made it the responsibility of the states, and people still didn't want it. As I understand it, mainly because it was just a proxy for a federal ID.
NY wouldn't give me a RealId since I don't have a physical SS card even though I have a passport and birth certificate. So it seems like the system is kind of broken.
It’s so incredibly frustrating as a victim of identity theft to have these fucktards give away my information without any form of care. I wish I had the means to sue them into oblivion.
It's important to remember that you aren't the victim of identity fraud: the banks are.
The reframing of the banks being defrauded as the problem/theft of the "identity" of the name mentioned by the criminal when defrauding the bank is a pretty creative and slimy way of a bank de-risking themselves.
Wonderful theoretically - but I wasted weeks of time trying to get them to even acknowledge a problem. I've called a bank informed someone opened a line of credit pretending to be me, and been told they will get back to me, whilst letting the debt grow. There is no sense of urgency. Its such a broken system.
Credit scams and identity theft are a problem for us because right now the banks don't have to pay any cost of those mistakes. The most direct way to solve the problem of credit scams and identity theft is to put the onus on the bank who opened up the account incorrectly to assume responsibility for the debt, not on the person whose account details were spoofed to create the account.
Here in Norway, we have this system called BankID - it's a signing system where you can sign documents, and it tends to work great. These days, you can pretty much sign _any_ documents, no mater how important, via the BankID authentication system. It's obviously also 2FA.
But still, it does manage to get abused. Unfaithful relatives / spouses / colleagues / etc. can manage to get hold of your password and device, take out loans or buy stuff, and you're 100% in the jam for it. We get cases from time to time where people are basically held accountable for hundreds of thousands in credit/consumer debt, because someone used their signatures to take out those loans. And probably 99 / 100 times, they lose in court, against the banks.
The banks will argue that if they were held responsible for such actions, the modern fast-tracked system would halt to a grind. It'd be like in the old days where you needed to show up in person, with all your financials, and carefully go through everything just to get a small-ish loan.
Hello, a friendly correction if I may. In English 'grind' and 'halt' can function as both nouns and verbs - the common colloquialism is 'grind to a halt' where grind is the verb and halt is the end state.
In response to your comment, I think that the Norwegian system is inferior in the respect of the end-consumer having the final responsibility. I think that if the bank had final responsibility for any credit fraud, the fast-tracked system would hiccup perhaps, but not grind to a halt. Fintech is evolving rapidly and a new innovation could satisfy both fast banking and keep incentives correctly aligned between banks <-> consumers.
The auth systems in nordics are step down from that, but it still doesn't help if that is stolen or your spouse steals it, takes look at pin and so on. It is really hard to fight against this sort of access.
Do you not have community property in the nordics? Here if a married person signs for a loan then the couple is jointly responsible for it, no impersonation required.
Same for withdrawals. Some couples will use individual accounts as a convention but they are each entitled to drain the other’s, whether or not their name is on it.
It's important to realize that the credit monitoring services you can buy are provided by the credit companies.
The same company, which may at times make false claims about you, is in possession of a service / technology they claim can detect those false claims.
Why is it not libel when these companies make false claims about me? Especially when they advertise that they have the ability to detect such false claims? "Pay us and we will not make false claims about you" they say. "Pay us and we'll double check with you before making claims we believe to be suspicious about you."
The answer is, of course, regulation. To fix this will require more regulation. Contact your Congressional representatives. [1] The CFPB can enforce upgraded financial services policy in this regard once the legislation is enacted. Complaining to them today about this specific security failing is also likely helpful [2].
Freezes and thaws are free. Your credit report, and any scoring mechanisms (FICO), should be available to consumers at any time free of charge. Credit monitoring products should be outlawed. Failures to safeguard citizen data (Equifax) or to promptly remove inaccurate data should incur steep financial penalties.
The reason these consumer credit monitoring services came into existence is interesting and, I assume, public knowledge, but I only learned about it when I worked for them.
Once upon a time governments in places with credit reference agencies (so particularly the UK and US for this story) noticed that this is a lot of power with not very much responsibility and they ought to fix that. So what they said was, you must let people see this data you know about them, for a small statutory fee. No option, that's what you have to do now if you want to stay in business.
This actually terrified the CRAs, because they imagined everybody is going to send off their fee, and it costs more for this enormous unwieldy corporation to respond than they're allowed to charge, so if everybody does this the company goes bankrupt.
But internally at Experian somebody says - Aha! The law doesn't require us to explain what the credit data means. So if you pay your fee you will get stuff that's incomprehsible to lay people not because we're deliberately obfuscating it, but because to us maybe "day 60 late ratio" has an obvious and very specific meaning but to a consumer it's noise. Obviously an expert could write a book about how to decode the statutory report, but we can instead offer a product that costs more than this fee but includes friendly explanations and translation. If we set the pricing right on this product, we make a profit while also warding off the statutory reports we dread.
And that project actually worked. As of ten years ago lots of people worried about their credit would cheerfully pay a CRA money to find out what the problem was. The division doing that grew enormously within Experian and other CRAs copied this idea.
In fact popular culture made things that didn't exist in one country (e.g. the numeric FICO score from the US) part of what consumers expected to learn in other countries, and so Experian UK actually has (or had when I worked for them) people who make up the formula for an arbitrary score number, even though creditors in the UK don't use this - so it's as meaningless as your Hacker News "karma" score.
Then somebody had another bright idea, what if we give this product which apparently people value, away for free, and then for a fee attach it to credit offers like new credit cards? We funnel card companies the exact customer profile they were looking for, they save acquisition costs, the customer gets the new credit they wanted, everybody is happy and we're richer. So that's what happens today.
I have complained multiple times, their seemed to be listening, but it does not seem like the “urgency” reached the boiling point.
Furthermore, adding more regulations and more requirement fixes issue short term, but does not address it long term. Even if regulations you suggested are enacted, I am afraid that it won’t take long until they are misused, abused and misinterpret again.
Rather than adding more requirements or stipulating more penalties and burdening regulators with defining right security protocols and mechanisms, it should be reworked into something that allows more competition and more control and forces bad actors fail fast and be replaced. Also it should be actionable at the consumer level.
My ideas are:
1. CRA must explicitly get
permission from a person to keep their financial history.
2. Consumer has a right to “be forgotten by an agency” and the agency must abide within, lets say, 30-60 days.
Also a said agency is required to send the customer or another agency of consumer choosing an authenticated copy of existing credit history. Similar to phone number porting.
3. Collateral. CRA must maintain a collateral fund to be used to pay penalties to consumer in case their information gets stolen. The size of the fund is a function of number of consumers the agency is keeping history for.
It does make it harder for new players to enter the market, but on the other hand:
- they have something to risk
- security evolves, and consumer pressures would make CRA evolve their system as well. If a CRA uses md5 to hash password, get hacked, first, they will loose money in their collateral fund, second, consumers will leave them and they essentially be out of business.
Cautiously optimistic. Having had to advocate for folks who were flagged by CAIVRS [1] (from an FHA mortgage foreclosure), I would support such a mechanism if it had robust transparency around its operation and exception handling mechanisms for those caught at the edges of the gears (which CAIRVRS, an existing federal credit and debt default data system, does not).
Any solution must suck less than current government and private credit reporting agency systems.
[1] https://www.hud.gov/program_offices/housing/sfh/caivrs ("The Credit Alert Verification Reporting System (CAIVRS) is a Federal interagency database that contains the following: Delinquent debt information from the Departments of Housing and Urban Development, Agriculture, Education, and Veterans Affairs and the Small Business Administration.")
Sidenote: The above systems is ripe for overhaul by the US Digital Service. It is a pathetically old mainframe system with limited operational hours (and takes federal holidays off), when it could be a PostgreSQL database (or similar relational db) with an API.
This is like how those horrible antivirus programs for Windows would constantly warn you that you might have viruses and nag you to subscribe to and pay for their services or your system could be at serious risk. I always thought these companies made at least some of the viruses themselves in an effort to self-perpetuate.
I think racketeering might be closer? From Wikipedia:
> Originally and often still specifically, racketeering refers to an organized criminal act in which the perpetrators fraudulently offer a service that will not be put into effect, offer a service to solve a nonexistent problem, or offer a service that solves a problem that would not exist without the racket.
No. You can give the CRA money, and they will take it, gladly, but this doesn't change the credit data they hold about you, which says (for example) that you skipped out on all the utility bills at a place you owned 18 months ago.
I've sat in on calls from consumers to a CRA when I worked there. The typical thrust of the call is that the caller believes they are a good person and so the records of them doing stuff creditors won't approve of should be purged, the CS agent explains that they can purge anything if the consumer sends them proof it is wrong, for example if the record says somebody went to County Court and secured a judgement against them for £800 then a letter from the court saying "Whoops, our bad, we wrote Michael Smith, 43 from Leicester in this judgement but we meant somebody else entirely" will get that erased from their record. But just calling and moaning about how you really wanted to buy a new car but your credit is bad doesn't change anything.
I didn't see any sign there was a way to short cut any of this by paying for credit reports. I guess if you don't remember all the times you didn't pay your bills then a web site that lists them is handy? But that seems like that's on you.
I actually had reports from all the big CRAs in my country, and the best ones (with the most comprehensive coverage, so, Experian, who also happened to be my employer at the time) basically just say this guy seems to pay for some basic utillities and he pays on time. And that's it. The worst ones are like "This guy exists, and we don't have good data so shrug".
The best way to begin "fixing" your credit? Which all of these companies will recommend, but it's no big secret at all? Register to vote.
Creditors prefer to lend to people who actually exist. Governments don't want people who don't exist voting. So register to vote and immediately confidence that you're actually a real person, with a postal address, shoots up.
The next step is easy for me but apparently lots of people find it almost impossible. Pay bills! Got a phone? Agree to pay the phone company to use the phone and then... actually pay them for it. Again, your credit worthiness shoots up because creditors want to get paid, and showing you have some idea how to actually do that part is a good sign.
Now, if you're trying to persuade somebody to lend you Ferrari 488 money on a Fiat Uno income, those two basic tips won't get you there. You're going to need to learn how to manage exactly the right levels of debt, what's recorded and what isn't, lots of tricks. But I assure you that you aren't going to learn that stuff by paying a CRA, because it's like learning how to clip out of bounds in a video game, the designers of the game don't even understand it well.
I only skimmed this comment but it doesn’t seem to do anything to address the fact that CRAs do make mistakes on credit scores and if you pay for “credit monitoring” they will catch those mistakes.
> if you pay for “credit monitoring” they will catch those mistakes.
If you suppose that paying for credit monitoring will cause them to catch mistakes somehow, you'd need to show that.
If your assumption is that the CRAs don't care about mistakes unless you're paying them you need to think again, the value the CRAs had before any of this existed was that they could give a lender valuable intelligence about whether you might pay them. Lenders pay them for that, if the intelligence is often bogus the lender is wasting their money.
No. The proposition is, we'll show you the data we have.
Which is the exact same as what the law already requires (if you ask, free once per year in the US I believe) them to do, but of course the law doesn't require a snazzy web site with animated dials and explanatory videos.
If you're the sort of person who found it easier to get a few hours of exercise every week once they had a device telling them "You've only done 14 minutes of exercise today. That's not on track", then a credit monitoring service might be just the thing you need to actually pay off those cards on time and get your credit back into shape. But if you didn't buy that Fitbit, but did the same exercises, you'd get just as fit - and if you didn't buy credit monitoring but looked after your credit you'd find it easier to qualify for more credit.
So, having the monitoring might cause you to catch mistakes somebody made, and if you do you can inform them of the problem and they'll fix it (if you have documentary evidence) but it doesn't really change their actions compared to people who don't buy monitoring.
If you're thinking, wait, then why do they give you free credit monitoring when a big company loses your data? The answer is, because CRAs had existing sales people in those big companies, and when the big companies wanted to buy something to give peace of mind to people whose data they'd lost, "free credit monitoring" was on offer. Selling them something that actually helps is trickier, and what does it really mean exactly to actually help anyway?
I worked on a product like that, but it wasn't an easy sell. And for most users it seems exactly like it doesn't do anything. Like owning a Carbon Monoxide alarm. It seems to be working, but it doesn't actually go off, because you don't actually have a Carbon Monoxide leak, so... It's unclear what the online equivalent of the reassuring "I have power and am working" LED is, let alone the "Push to test" button. But outfits like Experian are aware that some kind of actual "Do bad guys actually have my stolen data and if so what do they have?" service is a better fit for those "data loss => free credit report" scenarios which is why they acquired the company I worked for when we were doing this.
The problem is that the credit bureaus can and regularly do make mistakes, or the creditors reporting data to them do, and when $shady_business says someone owes him thousands of dollars despite said debt not existing, or when someone steals your identity because the credit bureau has laughable security, the burden of proof is on the accused.
Disclaimer, I work at TransUnion but the following is based on my experience as a consumer.
Since I’m seeing a lot of confusion about how credit reporting is done and how credit monitoring services work let me break it down a bit. Let's say you are getting a new credit card with Chase Bank. When you apply for that credit card Chase does a hard inquiry on your credit report to decide if you are elligible for that card and what credit limit they are going to give you. If they then issue you a card they then report to the credit bureaus that you opened a new line of credit with them and the limit on that line of credit.
If you have credit monitoring you would get 2 notifications. You would get a notification that a hard inquiry was made on your credit report and a second saying a new line of credit was issued to you. The point of credit monitoring isn't for the bureau to catch mistakes but for you to be aware of activity that could negatively impact your credit score. The bureau has no way of knowing if something was legitimate or not since they only have the information that was reported to them. Credit monitoring does however let you know something major happened to your credit which means you now have the ability to respond to that knowledge.
There are 2 important things to remember, all 3 credit bureaus are legally required to give you 1 free credit report per year at your request. You can get it online from https://www.annualcreditreport.com/index.action or the FTC has instructions https://www.consumer.ftc.gov/articles/0155-free-credit-repor... if you want to request it by mail. I have heard a lot of people suggest that consumers should space out requesting the 3 free credit reports so they get one about every 4 months and use that as a form of credit monitoring. It isn't completely fullproof since lenders aren't required to report to all bureaus so something could show up on only 1 report and not the other 2. The second important thing to know is that bureaus are legally required to allow consumers to dispute items on their credit report. The FTC has a sample dispute letter you can use to file a dispute, but some if not all of the bureaus have ways to file disputes online. As someone else in this thread mentioned these disputes generally require some sort of evidence that the reported item is incorrect.
So say I get a credit monitoring alert that says my address has changed because some creditor reported my information incorrectly. Regardless of any other steps I should get that resolved with the creditor because it will probably keep causing issues. But I could then file a dispute with the credit bureau(s) saying that the address is incorrect which would probably require a bill or something to prove my current address (similar to how some state DMVs prove you are a resident).
> A security freeze essentially blocks any potential creditors from being able to view your credit file, unless you affirmatively unfreeze or thaw your file beforehand.
I feel pretty sure they can probably pinky-promise that they really are inquiring about the right person and still do at least a soft inquiry.
Most of the times I've gotten the credit bureau-style security questions (for example, trying to get my credit reports, or trying to open a bank account),
- Every single one is answerable by reference to my Facebook page and a few old area phonebooks [remember when most people used to list their name, phone number, and home address for the world to see? ah yes. good times.]
- And they usually tell me I'm wrong, which would make me suspicious that I was a victim of identity theft, except that the answers I give usually match the data in the report I eventually receive.
When possible fill out the list of security questions with nonsense that you keep a record of/or understand the pattern of answers to. "What's your favorite sport?" "Potato".
I fill them out, screenshot the form and keep that screenshot in an encrypted file that I keep backups of. Not even text searchable that way.
Also completely ridiculous I have to do any of this.
I just generate my security questions as multiple random words in my password manager. I used to just do random passwords but I had to spell the random password with symbols etc over the phone a few times and quit that
Aside from the reported problem, Experian is the worst of the three. Freezing/unfreezing from the website doesn't seem to work, asks for all kinds of PII to be mailed in yikes! Yet it does work (so don't mail anything in!)
Total mess and they seem to have little to no incentive to fix/improve anything
If they mean that the InfoSec is a joke, okay fair enough, but a credit freeze itself is not a joke: it shifts more of the liability to the credit bureaus for allowing your record to be pulled, of in fact that does happen by a scammer. And they notify your device if you set up MFA.
Would anyone here be able to share their experience with freezing their children's credit? We wanted to do this when our kids were born but when reviewing each credit bureau's website, they are all asking to mail paper copies of SSN and birth certificates for each child in addition to the parents' SSN and birth certificates too. There doesn't appear to be any way to freeze a minor's credit online.
Do you know that, or are you assuming? Asking because I don't know if it's an issue but some basic google searches suggests it is.
> Minors are attractive targets for identity theft. Because they’re young, they have clean credit reports, and most don't discover the theft until they reach adulthood.
I've been exposed to the ludicrous US credit system through my fiancee who was affected by the Experian hack, and frankly, I completely get anyone who wants to see it all torn down. I find it ludicrous there are three different credit bureaus and they all seem to be equally incompetent for something as critical as an attempt to summarize a perception of your trustworthiness into a neat little file.
Meanwhile, I can't get equifax to unfreeze my credit. Whatever answers they have on file are wrong and tell me to call - except you cant reach a human without answering those same questions. They've yet to respond to actual mail I've sent them too.
Oh well, the other agencies unlock so it just takes a little talking whenever I need to run a credit check explaining equifax is jacked up.
They're useful. How else would you get on a plane with only a suitcase, land the equivalent of a Europe away, then buy a house from an ecosystem of people that you have never dealt with before? And not overpay for the privilege? For the next 30 years?
Provide (and get verified) bank statements and tax returns that prove your financial history, and then call some old landlords/lenders. Why would it be more complicated than that?
Ok now companies will see there's a huge business need to streamline this process so a new company will come along and make agreements with lenders and landlords to centralize all that information for ease of access and, congratulations, you've just created a credit bureau.
I am pretty confident he or she is not going to maintain a list of acceptable passphrases left by former tenants for the purpose of authenticating credit check phone calls 10 years later.
I'm still waiting for the $150 Experian owes me for leaking my private info all over the internet, after hiring a music theory major as their chief information security officer. Luckily all the lawyers in the case are now driving Lamborghinis.
> We help you store all your financial data, including your free credit reports, in your secure vault. When you control your data it's easy to make the right credit decisions and get access to the best offers.
I think they meant that they want to store "a copy of" all my financial data. That's one more copy. How do I control my data in this scenario?
The credit freeze stops the agencies from sharing your credit report until you remove the freeze. We think this is a lot more control than you have without a freeze! This, and having a local copy of your data are both important steps we can all take now on the path to bigger changes.
Thanks for the shout-out! I am one of the founders building veradan. For all the problems they still have, credit freezes are a huge step in the right direction. We all deserve better than this. I would love to talk more with anyone interested!
Can startup shake up this tripoly - TransUnion, Equifax and Experian? I am curious, what are the hurdles? To imagine any other way is impossible - if it is year 2050, I can't imagine these 3 to keep holding Americans hostage.
Remember - you're the product, not the customer of the credit agencies. You aren't a first party in that relationship - it's a service about you, not a service for you - which is why the agency's interests are not remotely aligned with yours.
The only way to make it aligned with yours is through regulation, which forces your concerns to be taken into account. Unfortunately, in the valley, that's a dirty word.
I really regret posing this question with "SV". Forget about SV, I wanted to open up a discussion about why do we have just 3 agencies monitoring our credit history? Why are they privatized? What are the checks and balances to keep them incentivized?
> why do we have just 3 agencies monitoring our credit history
Because there's a lot of barriers to entry to collecting your financial data, and any industry with lots of barriers to entry, the costs of which are lessened at scale will result in a monopoly, or duopoly, or something of the sort.
> Why are they privatized?
Because we don't have any laws against them existing, and they are providing a valuable service to creditors, landlords, and employers.
> What are the checks and balances to keep them incentivized?
There are a few legislative ones, but there aren't really enough of them.
American Express has their own somewhat automated underwriting program for immigrants of certain countries, I wish they’d expand it to everyone. I’d rather just go through underwriting once with a company I choose like Amex and just use them for credit forever.
What makes you think a Silicon Valley company will result in a better outcome than a non-Silicon Valley company? There are a lot of people angry at Silicon Valley companies.
I mean broadly in the sense a startup that’s funded by YC. After all, we are on YC forums. It was an earnest question and not implying anything to do with what non-SV companies can and cannot do. That said, many startups from SV have shaken up the industry veterans. I was mostly interested in the roadblocks and challenges. Not really about which city and whom can solve this problem which is far less interesting to discuss.
Their credit score is a racket ...my two other scores from other agencies are higher and very, very close to each other.
Experian offers a boost product where you authorize them to monitor your electric bills, etc ..once I did ... gave them permission to do so my Experian credit rating went up to the same number (a point or two off) then the other two. What a racket!!!
I don’t want to have my information with these companies. Please let me not participate. It’s like every American was given a Chase Bank account at birth that we can’t close, it’s weird.