How could a credit card company have driver license information? That's what I asked myself recently when I activated a new Discover card, and was asked to verify my identity by giving the height written on my license. The problem: Driver licenses in Washington state are not public.
Finding out exactly how they get this information isn't easy. But it appears that companies that mine and sell information are the likely culprits.
According to Christine Anthony, a spokesperson for the state Department of Licensing, state law does allow some exceptions to the general prohibition on releasing driver license information. One allows the state to sell such information to insurance companies for the purposes of underwriting. That, for the most part, is who the department releases license information to, Anthony says.
However, the department also sells license information to so-called "data brokers." The most well-known locally is Bellevue-based Intelius, a company that has also come under fire for various dubious business practices. But the state says it doesn't contract with Intelius, but instead seven other companies nationwide including Lexis Nexis, the Insurance Information Exchange and Softech International, the latter billing itself as the "nationwide leader in providing instant and easy access to the most cost-effective driver and vehicle registration information available."
All these companies must pledge that the information will be used only for the purposes specified in state law: In addition to insurance companies, the data can go to prospective employers, prosecutors, public schools and a few other types of organizations. Credit card companies are not one of them, Anthony confirms.
If a data broker is nonetheless selling license information to Discover, the company isn't saying, at least not yet. In conversations over the past two days, Discover spokespeople say they are looking into the situation.
That wouldn't surprise Paul Stephens, director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse. He says other consumers have been disturbed by the information financial institutions have about them: their date of birth, the cars they drive, things they've posted to social networking sites. But when consumers have asked the companies where they got that information, they were met with non-answers.
Stephens, who worries about such information being used for nefarious purposes like identity theft, says his organization has been pushing the Federal Trade Commission to regulate data brokers. So far, the organization hasn't had any luck.
In the mean time, he says, there's another problem. Some people are failing the validation process because even they can't remember the dated and trivial facts about them that companies have dug up.