Kafka and Credit Bureaus

Tara Siegel Bernard of the New York Times reports on the abominable way that credit reporting bureaus treat consumers — unless those consumers happen to be rich and well connected:

The three major agencies, Equifax, Experian and TransUnion, keep a V.I.P. list of sorts, according to consumer lawyers and legal documents, consisting of celebrities, politicians, judges and other influential people….For everyone else, disputes are herded into a largely automated system. Their complaints are often electronically ferried to a subcontractor overseas, where a worker spends, on average, about two minutes figuring out the gist of the matter, boiling it down to a one-to-three-digit computer code that signifies the problem — “account not his/hers,” for example — and sending a dispute form to the creditor to investigate.

….Consumers who have trouble fixing errors through the dispute process can quickly find themselves trapped in a Kafkaesque no man’s land, where the only escape is through the court system. “You are guilty before you are proven innocent in a situation like this,” said Catherine Taylor, 45, of Benton, Ark., who said she had been denied employment and credit because her filing was mixed up with a felon who had the same name and birthday.

….The bureaus, meanwhile, do not have an economic incentive to improve the system, consumer advocates say, because their main customers are the creditors, not consumers.

That last sentence is true: credit reporting bureaus have very little incentive to keep their records straight. If there’s a problem, it’s up to you to notice it and it’s up to you to beg them to fix it. It’s also up to you to prove that their information is wrong. The credit reporting industry has probably done more to promote use of the adjective “Kafkaesque” than Kafka himself.

The core reason that the process is so often Kafkaesque is that credit reporting bureaus don’t care. If they make a mistake, it doesn’t cost them anything. If a member bank or credit card issuer passes along bogus information to them, it doesn’t cost either the bank or the bureau anything. They simply don’t have much incentive to get things right. (In fact, they actually make money by selling special credit protection packages to protect consumers from the mistakes that bureaus make in the first place.) That’s why, a few years ago, I wrote a piece for the Washington Monthly suggesting that we should give them an incentive:

There’s no need to create mountains of regulations, which are uniformly despised by the credit industry. Instead, simply make the industry itself — and any institution that handles personal data — liable for the losses in both time and money currently borne by consumers. The responsible parties will do the rest themselves.

How would this work? Congress could assign specific minimum values — statutory damages — for each of the acts associated with identity theft. Extending credit without conducting adequate background checks, or issuing a faulty credit report thanks to undiscovered theft of identity, might be worth $10,000 per incident. Losing someone’s personal information in the first place might be worth less — perhaps around $1,000 — since only a small percentage of cases of information loss ultimately lead to a full-fledged theft of identity.

The establishment of statutory damages would allow consumers to bring personal or class-action lawsuits for any of these transgressions. (Currently, such suits are difficult to win because breaches of privacy are extremely hard to value — some courts even flirt with the notion that privacy has no value at all.) And consumers would not need to show that those responsible for the theft acted negligently. When your money is stolen from a bank, the bank is liable no matter how diligently it tried to protect it. That’s why banks take care of your deposits. If the credit industry and other data-handlers knew that the legal system would hold them responsible for extending credit to impostors, issuing inaccurate credit reports, or losing data, you can bet they’d figure out better ways to stop those things from happening.

The beauty of this solution is that by giving the credit industry a financial stake in solving the problem, it uses market-based self-interest rather than top-down federal mandates….On a more basic level, the plan relocates the burden of responsibility for identity theft in a way that makes intuitive sense. If a company makes a mistake — by neglecting to conduct adequate background checks before extending credit, by issuing inaccurate credit reports or by failing to safeguard sensitive information — that company pays the price.

Alternatively, we could ratchet up the regulatory regime surrounding credit reporting bureaus, and that appears to be the path we’re going to eventually take. Roughly speaking, that’s how it’s already done in Europe, and it works OK. But it’s not the only option.


Mother Jones was founded as a nonprofit in 1976 because we knew corporations and the wealthy wouldn’t fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation so we can keep on doing the type of journalism that 2018 demands.

Donate Now