Solomon Semere

March 6, 2018

Last September’s high-profile security breach at Equifax ignited consumer concerns around information privacy and security. While most consumers are familiar with credit scores and reports, many are unaware of the role Credit Reporting Agencies (CRAs) play in the financial system. This has led to calls for greater transparency and a closer look “behind the curtains” at the vast amount of information being collected without a consumer’s expressed consent. While consumers are afforded certain protections under the Fair Credit Reporting Act (FCRA), including the ability to request copies of their consumer report, dispute inaccuracies, and put security freezes on files, many are unaware of these protections or feel at the mercy of credit reporting agencies.

How is data collected today?

Data collected by traditional credit bureaus typically consists of payment history on financial obligations reported by banks and other lenders. Other specialty credit reporting agencies aggregate public records, specialty tradeline data, subscription/purchase history, and other private source information such as telecom/utility payments, employment information, and checking/deposit data. A key benefit CRAs provide is the ability to aggregate information across a wide variety of sources and handle linking and layout standardization so that an end user can easily consume this data. All of this consumer information must be used, stored and disseminated in compliance with all relevant consumer protection laws and regulations like the FCRA and the Equal Credit Opportunity Act (ECOA).

Due to the central role CRAs play in maintaining a stable, reliable, and fair lending environment, it is unlikely that the current structure will be completely dismantled. While government bodies and consumer advocates have called for stricter enforcement and greater regulation, others are looking to new technologies as a path to a safer alternative future. One commonly discussed idea is the use of Blockchain and the distributed ledger to plug some of the security holes in big databases. While the concept seems promising, it is also rife with complexities and potential for exploitation.

Where do we go from here?

Another intriguing development has been a push for more consumer control over data that is being used in lending decisions. A wide array of data that is typically considered to be owned exclusively by the consumer has historically been neglected by lenders either because of the sensitivity of the information or the difficulty in collecting and distilling it for meaningful purposes. Examples of such data include bank account/credit card transactions, utility and payment history, as well as mobile and social data. The quality of such content sources and their relationship to individual financial responsibility make them potentially intriguing inputs into a credit risk model. Additionally, by leaving control in the hands of the consumer, concerns around privacy and data security can be mitigated. Perhaps most importantly, a model which allows consumers to opt-in with data outside of the mainstream system has the potential to promote financial inclusion and produce fairer lending outcomes.

The major obstacle with a consumer consent model is that it requires entry of unique user credentials for each content source before access can be granted to a third party. As such, the impact on customer experience and operational efficiency is significant. Still, there are a number of companies working to solve these issues. DecisionLogic and Yodlee provide access to aggregated bank-account information which can be used as part of a credit decision. WattzOn and Urjanet provide a similar service for utility history. Abroad, companies like Credolabs, Lenddo, and HelloSoda provide access to a variety of mobile, device, and social data that can be used as part of a credit decision.

Although these innovations offer a lot of promise, there is a lot of work to do to gain the confidence of the general populace. With security and privacy top of mind across the globe, adoption of these technologies will rely on the ability of FIs and technology companies to explain the benefits and gain broad consumer acceptance.