For the fifth time in a week, I needed to give out my social security number. This happened to be to an insurance company so that I could purchase insurance on a house of mine. Despite having a policy with this insurance company, on that has been in force for over seven years, I needed to give my social security number for them to actually insure me. The agent refused to insure me without the number.
This annoys me BEYOND belief. I have an account with the company. I have a history with the company. The agent could look up the account and see, hey, there have been exactly ZERO claims made on this account, maybe I'm just fine as a credit risk.
This was after I had to provide my account with two other agents with other companies where I didn't have a history with. Them I could understand.
So, in the car, on the way to Velocity with Kris, I complained about the need to provide the number and, more importantly, the lack of protection for that number once I had given it out.
Instead, I told Kris, there should be a system in place where I control who can access my credit information, but without access to my number directly. The access would be, Instead, with a proxy number, one that I generate.
Here's what I propose. Here's what I would pay a large sum of money yearly to have in place.
A company (hell, a bastard, f---ing credit agency, for all I care) sets up a system where I have access to my SSN, and ONLY I have access to that SSN. If I wish to have someone review my credit, say, because I wish to obtain a loan from this someone, or prove my credit-worthiness to an insurance company so that they will insure a property of mine, I log into the company's system (probably via a web interface), and provide the requestor's information. I am then given a proxy number from the company.
I take this proxy number, and give it to the someone wishing to access my credit history.
Now, the person who wants to see my credit history uses this proxy number in the request for my credit history to the company (recall, this is the credit agency - yeah, the one who never seems to get my information correct DESPITE several letters informing them of the errors - no, I have NEVER lived in Washington, look at the zipcode, even my dog can see the typo in the zipcode). The company / credit agency knows that this request is going to be made, because I provided the requestor's information. The company looks to see if the proxy number matches the requestor. If it doesn't, the history is denied. If it does, the credit history is provided.
This process removes the need to share my social security number.
This process gives ME control on who can access my information.
This process checks that the person / company looking at my information has been authorized by me to look at my history.
That history is MY property, not the credit agency's property, a distinction that many people don't make. They're selling my information without my permission. This process puts that access back into MY hands, where it belonged in the first place.
I would pay a service fee to credit agencies to enable this permission proxy system on my information.
After telling Kris about this idea, he tried to poke holes in it. The only difficulties he could see with it were standards adoption and implementation costs. It'll cost money and money to implement, but only money and time, as there are no technology hurdles overcome. First to market could define the standards of requestor naming and matching issues. Really, though, neither of those is a deal breaker.
I might need to start a company to implement this.