Identity Theft Prevention: 3rd Party Site Inspections


One of the least understood aspects of working with Consumer Reporting Agencies (CRAs) such as EmployeeScreen IQ is the necessity of conducting a physical inspection, or site visit, prior to initiating any services on behalf of new clients. Common misperceptions about the site visit are that it is simply a revenue generator or that the inspecting representative will be unnecessarily intrusive or ask to see proprietary information or company secrets. Nothing could be further from the truth. The purpose of the site visit is to protect you, our client, and most importantly, the privacy of the individuals on whom we obtain information and the confidential nature of the information we provide.

Identity theft and privacy protection are topics that never seem to get old. Not surprisingly, they seem to become more and more significant on a weekly basis. Technological advancements continually make public record information easily accessible to more and more people and lax security measures by organizations tasked to protect this data make the topics ever more controversial.

Historically credit bureaus and state motor vehicle agencies have been the leading proponents of increased security precautions. Not surprisingly, this is because the information they provide is among the most potentially damaging of consumer information at risk of falling into the wrong hands. It can be extremely difficult to police what happens to the information once it is assembled into a Consumer Report and sent to the client end-user of the CRA. For these reasons it is becoming progressively more critical for CRAs to conduct thorough due diligence on their end-user customers.

In July 2003, the credit bureaus issued a mandate that Consumer Reporting Agencies must conduct a site visit, also called a physical inspection, of all privately held new clients. The intent of this requirement is to ensure that the person who sets up a screening account with the CRA truly works for the business in question, and that it is an operating business with a permissible use for Consumer Reports (employment screening). Additionally, the facility where Consumer Reports will be sent and/or stored must be a commercially zoned location with sufficient security to protect the information from any unauthorized access. In the absence of conducting this site visit and obtaining a visual verification of the client, criminals could set up fraudulent accounts under the auspices of legitimate, operating businesses.

For whatever reasons, many CRAs either failed to implement this requirement in 2003 or they failed to consistently enforce it and the result was predictable: criminals successfully set up accounts with CRAs and consumer information databases and used the access to steal identities and commit fraud. Today, many of these organizations have been permanently denied access to consumer information and steps to monitor and identify additional offending organizations have intensified.

EmployeeScreen IQ has strictly followed this mandate since it was issued in July 2003. Frequently we are told that “other screening companies don’t require a site visit.” Be that as it may, we will not sacrifice our commitment to compliance, service, and protection of individual privacy even though it means we occasionally lose an account to an unscrupulous competitor.