Column: Equifax and FICO are getting into bed together. ‘This should keep everyone up at night’

This Feb. 20, 2019, photo shows logos for credit cards in Zelienople, Pa.
This Feb. 20, 2019, photo shows logos for credit cards in Zelienople, Pa.
(Keith Srakocic / AP)
Share via

The headline on the press release was bland enough to attract little scrutiny: “Equifax and FICO introduce strategic partnership to deliver the Data Decisions Cloud.”

The contents of the announcement, meanwhile, gave the impression this was something good for consumers, albeit a bit on the techno-wonky side.

“The new Data Decisions Cloud is an end-to-end data and analytics suite that addresses key needs across risk, marketing and fraud to enable financial institutions to meet the needs of consumers faster and more precisely than ever before,” it proclaimed.


“This broad strategic alignment will enable organizations to easily explore differentiated data, uncover deep new insights, build highly predictive models and rapidly deploy decisions into production systems across the customer lifecycle,” the release said.

So what does that mean in English?

“Call it Big Data on steroids,” answered Jeff Chester, executive director of the Center for Digital Democracy, an advocacy group. “They’re unleashing a very powerful, unaccountable, potentially harmful technology to help other companies make decisions about us.”

And remember, it’s your personal information. These companies are selling it to banks for their own gain, without your permission.

“This should keep everyone up at night,” Chester told me. “This is a huge consolidation of information that gobbles up everything you do.”

The Equifax-FICO partnership is the latest example of Big Data getting bigger — a merging of vast, shadowy databases and technologies that businesses use to decide how creditworthy you are, what rates to charge, what products to offer and to predict what you’ll do in the future.

It is, in other words, a sprawling network of consumer surveillance and manipulation that strives to know you better than you know yourself.


Equifax is a credit reporting agency — a company that specializes in telling lenders and others how creditworthy you are. In recent years, it and other credit bureaus have expanded to provide a variety of other services, including credit monitoring and background checks for employers, insurance companies and landlords.

FICO isn’t so much a data aggregator as a number cruncher, using sophisticated algorithms to generate credit scores and other information.

It’s hard to tell from the press release exactly what the two companies are cooking up beyond making lots of info about consumers available to financial firms, which already have lots of info about consumers.

“This appears to be an effort to take Equifax’s treasure trove of consumer data, which includes information going well beyond Equifax’s namesake credit reporting agency, and monetize it by using FICO’s software capabilities,” said Paul Stephens, director of policy and advocacy for San Diego’s Privacy Rights Clearinghouse.

“Obviously, the more data that can be included, the greater the threat to consumer privacy,” he noted.

Equifax and FICO say they’re making the world a better place.

“Two industry leaders are joining forces to help financial institutions better meet the needs of consumers and improve business agility,” Mark Begor, chief executive of Equifax, said in a statement.


Will Lansing, FICO’s CEO, didn’t go into specifics about what information would be made available to clients, but told me the beauty of the deal is that Equifax has tons of consumer data and FICO is really good at putting such data to use.

“In very simple terms,” he said, “you have companies interested in optimizing their interactions with consumers based on data. We’ll be able to do it.”

Well, that sounds fairly benign.

Except for a few teeny-weeny things.

Such as the fact that one of the partners here — Equifax — was hit by hackers a couple of years ago, resulting in the Social Security numbers, driver’s license numbers and other personal information of 148 million people being put at risk.

The company had failed to update software that it knew for months was vulnerable to attack. It didn’t tell the public for nearly six weeks after it learned of the breach.

Then there’s the cloud aspect of the plan, presumably meaning that whatever data they’re offering will be stored online and accessed by clients via internet connections.

Equifax and FICO are pitching the new service as a one-stop shop for data crunching, including “real-time access to raw and trended data.”


If anyone doesn’t think this could be Christmas for hackers, they need to catch up on current events. There were more than 6,500 known data breaches last year and more than 5 billion records exposed, according to the tech-security firm Risk Based Security.

Last but not least, there’s the troubling notion of all our personal information — again, without our say-so — being parsed and examined by corporate interests using increasingly advanced methods, forming connections and conclusions that once were solely the realm of science fiction.

With enough data points, computer programs now can predict what you will buy, whom you will vote for, your likelihood of getting sick, your chances of committing a crime, the likelihood you’ll fall in love and how trustworthy you are, to cite just a few things that machines are learning about us.

The more Big Data players pool their resources, the more naked we become in this digital orgy of exploitation.

“The partnership is basically claiming, ‘Hey, we’re just using technology to leverage greater efficiencies and crunch more data so customer-banks can make better decisions about consumers,’” said Ed Mierzwinski, senior director of the federal consumer program for the U.S. Public Interest Research Group.

“But how will we know if any new AI-weaponized decision-making platform feeding on vast new data sets really complies with the consumer, fair credit and civil rights laws?” he asked.


Short answer: We won’t.

The Federal Trade Commission and Consumer Financial Protection Bureau have authority to oversee credit agencies but don’t delve into the minutiae of the companies’ data-collection practices. There is no federal law regulating data brokers, companies whose sole purpose is to collect and sell people’s personal information.

To a great extent, Big Data companies run on the honor system.

Considering that hardly a week goes by without news of yet another privacy breach, that should worry everyone.

“I agree that data has to be used carefully and managed wisely,” FICO’s Lansing told me. “But it should also provide utility. It should help us offer you the things you really want.”

Some modest suggestions:

  • A law requiring that all commercially stored data be encrypted, with hefty fines for any company that fails to do so.
  • Empowering consumers to “opt in” to any data sharing, rather than allowing companies to sell our information without prior approval.
  • Significantly more regulatory oversight over businesses that gather, store and sell people’s personal info.

Equifax and FICO say they’re “focused on a connected, end-to-end development and decisioning management platform that allows customers to quickly explore, develop, test and deploy powerful insights into production systems across the organization.”

Not one privacy advocate I spoke with understood what that means.

But it sure doesn’t sound good.

David Lazarus’ column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to