Tuesday, December 30, 2008

Credit industry uses several different scores and formulas to rate consumers


The credit reporting industry offers up to six kinds of credit scores. They are all developed by Fair Isaac Corporation (FICO) but they differ. Equifax uses BEACON, TransUnion uses Rico Risk and Experian (formerly TRW and Chilton) uses FICO II. (I remember the “risk predictor” project when working for Chilton in Dallas back in 1987.) Fair Isaac has three other scores used by insurance companies (especially auto insurance) and possibly other businesses like employers. What would worry me would be an effort to score something like “online reputation” but I haven’t heard of this happening yet. I’ll try to find out what goes in these other three scores and report later. When I worked for Chilton, I used to hear about “investigative consumer reports” (background investigations into “mode of living”) but it seemed that these were rarely done in actual practice.

One important myth this that a credit score is highest if all bills are always paid in full. A small balance may actually show the ability to pay off bills over time and use credit and could improve some scores.

When you have a dispute with a creditor it may help to pay the bill on time and then go to small claims court.

All of this material comes from Lita Epstein, “Eight Myths About Your Credit Score” on AOL today (Dec. 29). The Walletpop link is here.

Saturday, December 27, 2008

"Noble" accolade for American Express for its payment reminders


This posting is probably at most tangential to the theme of this particular blog, but I wanted to announce an accolade. Say, like the “Nobles and Knaves” in the Washington Times editorials.

The Noble award at the year end goes to American Express cards for sending reminders by email to clients several days before a payment is due. None of my other cards do that. They even send the reminder the day after you made the payment, if the bank hasn’t processes it yet.

I suppose this is a good security protection, too. If you get an email about a bill in advance and think you don’t owe the money, you start checking, for possible wrongdoing by others.

Tuesday, December 23, 2008

Wired covers the story of a master con man ("Catch Me If You Can!")


Wired Magazine, for January 2009, runs, on p 94, a detailed article by Kevin Poulsen, “Catch Me If You Can” (after Leonardo Di Caprio’s famous movie on a 1969 con artist), about “Last Days of a Hacker: Taking Down a Credit Card Con Man.” The link is here. This is the detailed story of San Francisco dark knight Max Butler, who developed in his Victorian apartment a plan to “rule the world,” that is, black market credit cards and identities. The story presents him as somewhat of a hacker godfather, who tried to reign in on all the operations, sometimes pretending he was going to turn out to be the good guy.

The story would make a good movie, and perhaps actually will some day. (Make Di Caprio would play him.) The story has other characters, like Christopher Aragon. The story says he could trick SQL servers into running his own commands. (Just think how a typical MySQL facility on a shared Unix hosting works. Something I’ve noticed: the security works for me in Internet Explorer 7 with all the latest fixes – despite the publicity over the flaws; it doesn’t work in Firefox, at least for me.)

The moral of the story is the incredible complexity of all of these applications and the multiple points of vulnerabilities, and the enormous number of user “trust points” in the world of making loans and giving credit.

Thursday, December 04, 2008

Governments should require acquiring companies to strenghten consumer idenfitication as condition for bailout money


During the financial crisis and following bailouts, a lot of banks, insurance companies and financial institutions buy weaker comparable institutions, sometimes as a condition of receiving government guarantees or shares. This can happen in the United States and in Europe or Britain.

Even so, financial institutions are shedding jobs, not just of analysts and traders but also of support information technology staffs, and postponing new projects. Even in “retirement”, I have heard some disturbing stories from other associates first-hand recently.

It seems that government could prod these companies to improve their due diligence in identifying credit or loan applicants. Most companies have some soft of National Change of Address interface, and acquiring other businesses would mean that stronger acquiring companies would need to schedule projects to integrate these acquired companies into their NCOA systems.

As I outlined on my Sept. 25, 2006 entry on this blog, the USPS NCOA system could provide an effective entrance key for designing a securable procedure that all financial institutions should use in identifying customers. This would also be effective in promoting homeland security. The government and the new Obama administration should take advantage of the “opportunity” offered by the bailouts to require financial institutions to schedule and complete projects related to due diligence in properly identifying customers.