Insights & Analyses

Lawmaker wants to stop credit firms like Equifax from using Social Security numbers

October 16, 2017

In response to the Equifax hack that could affect more than half of the U.S. adult population, a new bill in the House of Representatives aims to phase out the use of Social Security numbers at credit reporting companies by 2020.

Proposed by Rep. Patrick McHenry, R-N.C., the bill would also require Equifax, Experian and TransUnion to be subjected to federal cybersecurity reviews. Dubbed the “PROTECT Act,” the bill would create uniform security standards and subject credit reporting bureaus to onsite examinations.

In addition, McHenry’s bill would create a national framework for credit freezes, simplifying a confusing process that sometimes costs money to implement.

H.R. 4028 is also known as the Promote Responsible Oversight of Transactions and Examinations of Credit Technology Act of 2017. McHenry is a deputy GOP whip and is vice chairman of the House Financial Services Committee.

“The Equifax data breach has harmed my constituents in western North Carolina and Americans across the country,” McHenry said. “It exposed a major shortcoming in our nation’s cybersecurity laws and Congress must act.”

Saying the bill focuses on the trio of prevention, protection and prohibition, the representative believes that credit reporting agencies should be held to the same standards and supervision as the rest of the financial industry.

“It protects Americans by creating a national credit freeze that actually works,” he said.

But it’s McHenry’s inclusion of protecting Social Security numbers that has drawn the most attention from security advocates. Using SSNs as a primary method of identifying American citizens is viewed by many as an archaic and insecure way of sharing and verifying identity.

The Equifax hack is believed to have exposed as many as 143 million Social Security numbers, or nearly 60 percent of the U.S. adult population.

The massive breach led to the ouster of the company’s CEO, Richard Smith. Days after his departure, Smith spoke to Congress and called for a public-private partnership to replace the Social Security number as the primary method of identity in the U.S.

“It is time to have identity verification procedures that match the technological age in which we live,” he said.