Corrie Kruger
CREDIT bureaus are governed by the provisions of the National Credit Act, 34 of 2005 (NCA), and the regulations pursuant thereto, and are regulated by the National Credit Regulator (NCR).
They gather and amass information around the credit and spending habits of consumers/companies on behalf of third parties (banks and financing institutions) to help them determine whether to lend credit or not to the person/company concerned.
That’s a lot of information and control over us mere mortals, and in the wrong hands can be a potential disaster, blackmail, and a weapon of note.
TransUnion, a US-based global consumer credit-checking agency, was alerted on Friday by a group calling itself, N4ughtySec – bad actors (hackers) apparently based in Brazil – claiming to be responsible for breaching cybersecurity at TransUnion South Africa, and demanding ransom money of some $15 million (R219.1m).
The breach constituted a theft of personal details belonging to some 54 million South Africans.
Lee Naik, chief executive of TransUnion South Africa said: “The security and protection of the information we hold is TransUnion’s top priority.
“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”
In an email to people whose data has been compromised, they state, among others, that: “The TransUnion South Africa team is working closely with external experts to understand what data was affected. Based on our investigation to date, fields of information that might be affected include name, ID number, date of birth, gender, telephone number, email address, address, marital status and information, identity of employer and duration of employment, vehicle finance contract number, and VIN (vehicle identification number) numbers.”
The company said that in isolated circumstances, spouse information, passport numbers, credit or insurance scores may be impacted. Each consumer may have a combination of different fields impacted, depending on what data was available.
But TransUnion is not the first, and I doubt it will be the last to be hit by hackers. In 2020, Experian for example, a consumer, business and credit information services agency, experienced a breach of data, which exposed the personal information of as many as 24 million South Africans and 793 749 business entities.
Of deep concern now, is that the ID information N4ughtySec is said to have in its possession is believed to be related to Home Affairs, and is stored on the TransUnion (so-called “secure”) server.
The bad actors also allege they have information linked to major South African banks such as Capitec, Nedbank, Standard Bank and FNB.
Credit bureaus use two similar credit-rating products. One is called FICO and the other, VantageScore, (developed by EquiFax, TransUnion and Experian).
The two systems are similar. As an example, on FICO, the following weighting is used to compile a “score", which then allows lenders to determine who is credit worthy or not:
∎ 35 percent for payment history: includes the record of payments on all types of loans and the amounts owed (and number of them) in any delinquent accounts
∎ 30 percent for credit utilisation or amounts owed: includes such factors as the percentage of total available credit on all of a borrower’s credit cards that are being used and the amount still owed on a loan paid in instalments.
∎ 15 percent for credit age or length of credit history: includes the age of the oldest credit account, the age of your newest account, and the average age of all of your accounts.
∎ 10 percent for new credit or recent applications: includes the number of new accounts that have been opened, as well as the number of recent requests by lenders to review credit reports or scores.
∎ 10 percent for mix of credit: includes whether there are different types of credit accounts, divided into revolving (such as credit cards and home equity lines of credit) and instalment (such as mortgages and student loans).
Consumer Credit Market Report Third Quarter September 2021
The following tables are an extract from the report. A closer look reveals who are serviced by banks, and it is not the poor.
It is astounding to see that home mortgages allocated to people in the R15 000 per month income group to the extent of 99.43 percent. The credit-scoring system used by all the banks is, therefore, a great disservice to most of the people of South Africa.
The figures show a distinct lack of appetite for developmental loans. In South Africa, there are regular talks about development and the banks are excellent at paying lip service to the demands facing South Africa, but the numbers do not lie.
This reality runs parallel with the shrinking pool of wealthy taxpayers in our country. There are about 5.2 million individuals, representing about 9 percent of the population who contribute 40 percent of South Africa’s total tax revenue.
Breaking it down further, about 20 percent of individual taxpayers contributed to three-quarters of personal income tax revenue in 2020.
South Africa is a net recipient of migrants, but it loses more skilled workers than it receives. In 2019, only 294 417 working immigrants were skilled compared to 410 550 highly skilled emigrants in the Organisation for Economic Co-operation and Development (OECD) region.
So how is “money” transforming?
Brownstone Research recently published an article titled: “The End of the Dollar”. In this work, they reveal that patents have been registered that entail a “cryptocurrency system using body activity data”.
“It means Microsoft has invented a system that can sense things like a person’s movement, body temperature, heart rate, eye activity, blood flow – maybe even our brain waves – to track our body’s activity and transmit a digital currency wirelessly.”
This mining system essentially leverages human behaviour.
In the US Senate, a new bill put forward on March 23, 2022, proposes that a new “digital dollar” be adopted. This will pave the way to exit cash, and make the way for a digital currency.
This in turn will give the government total control over all financial transactions, as they can trace every transaction and implement any measures instantly that could affect every individual and corporation.
The EU, along with the US and several other Western countries, have now barred certain Russian banks from SWIFT, the international payments standardisation settlement telecommunication system to punish the country for its attack on Ukraine.
China’s central bank launched its own Cross-Border Interbank Payment System, known as CIPS, in 2015. The programme is part of China’s efforts to increase global use of the yuan, especially among countries involved in the “Belt and Road Initiative”, while reducing the country’s reliance on US dollars for global transactions.
CIPS is mainly responsible for the flow of funds, while the corresponding flow of information can go through either CIPS or SWIFT. The two systems are thus in a symbiotic relationship rather than competing.
Given the preponderance of digital and its influence and undoubted ability to track, monitor, and score us at every stage of our financial lifecycle, is there still a place for credit unions and banks or bad actors, for that matter, when our information is already an open secret to be controlled by those who switch us on or off at will?
In this transformation of the money system, is there a place for the masses of people whose behaviour may well be better than those who earn more than R15 000 per month to qualify for financial largesse?
Only time will tell…
* Corrie Kruger is an independent analyst