Just one day after launching its online credit report service, credit bureau Experian has pulled the service off the Web because of technical problems, company representatives told CNET's NEWS.COM today.
The service, which used encrypted communications to let consumers check their credit records and history almost instantly on the Net for $8 per search, launched despite concerns voiced by privacy advocates that such systems may present easy targets for hackers.
The company, formerly known as TRW Information Systems & Services in the United States, decided to discontinue the service this morning because more than one customer entered all the correct access information--including full name, Social Security number, year of birth, address, former address, and credit card account number--but received someone else?s credit report, according Maxine Sweet, Experian's vice president for consumer education.
One consumer advocate sympathized with the company's intent to give consumers instant access to their credit records but expressed concerns about the potential for privacy violations.
"There are benefits to it if the security issues are resolved," said Audrie Krause, executive director of NetAction. "But the lesson here is we?re not yet at the point of ensuring the security of private, personal information. Until we do, it's not in the interest of consumers to have this information available online."
The technical problem could also present legal troubles for the company, which signed a consent decree in 1991 after being sued by the Federal Trade Commission.
"The law doesn't require perfection, but it requires that there be procedures in place to prevent improper access," said David Medine, the commission?s associate director for credit practices.
Experian competitors Equifax and Trans Union also signed consent decrees after industry investigations in the late 1980s and early 1990s. Those companies have balked at providing instant online access to credit records.
"We would like to do it to serve consumers on the Internet, but we're not yet convinced that the security and confidentiality can be maintained," said Dave Mooney, spokesman for Equifax.
Other instances of sensitive information such as Social Security numbers becoming available online have drawn considerable attention in the past year. Many types of information have long been publicly available, but instant, efficient access of such information via the Net has kindled a heated privacy debate.
For example, the Social Security Administration opened some databases to the general public through its Web site--providing a person's salary information, the amount of taxes paid to Social Security and Medicare, and Social Security benefits. The agency bowed to outcry from concerned citizens and privacy groups and shut down the Web service in April, though people can still--as always--get the exact same information through the mail. (See related story)
On the other hand, the same privacy concerns that nudged the Social Security Administration to close down access to its information led Lexis-Nexis to open up its own. One of many companies that collects and sells personal information, Lexis-Nexis agreed in June to give the public Web access to its records. Such access is important as it allows individuals to check for errors in information that is used by, say, banks to decide on a loan or by landlords to decide on a rental application. (See related story)
Under FTC policy, Medine said he could not confirm that any new investigation of Experian had been opened. But he did say that legal action was possible if the company did not take adequate steps to ensure the confidentiality of consumer information. Such oversight would violate the 1991 decree, which effectively put the company on permanent probation.
"Given the fact we?ve already sued them, they're facing the possibility of contempt-of-court sanctions," Medine added.
Experian vice president of information policy Martin Abrams denied any breach of the consent decree. "I can tell you that we tested the service and took reasonable procedures to ensure security, and as soon as we discovered the glitch we turned off the system."
The fact that the company promptly pulled the service would work in its favor if there were an investigation, Medine noted.
The company is working to fix the problem and does not know when the service will be back online. "It could go back on in a day or two or in a few weeks," Sweet said. "It depends on what we find. We spent a lot of time testing the security aspects and thought we had them all worked out."