In our industry, what’s in a name is identification. But as we all know, not a worthy, standalone identifier. For public records, first, middle, and last name and date of birth are good starters, but still not unique. Your best practice is to ask for a middle name and if not given, make the client affirm that the consumer has no middle name or they were unable to procure it. (In fact, if you can confirm that the consumer has no middle name and you find records that have a middle name, the absence in itself can be an identifier.)
Knowing gender (still) helps in the “Chris Terry Smith” type scenarios. But, even if an exact full name and date of the birth match are so rare as to be one in a million, that means in the U.S., there are still 340 of that one in a million perhaps looking for a job and undergoing background checks.
Given that full name and date of birth is not unique identification, and CRAs are tasked with maximum possible accuracy, the CFPB has “suggested” another factor in identification: “…using algorithms to distinguish records by middle name and match common names…”. The full CFPB Consent Order can be found here:
https://files.consumerfinance.gov/f/201510_cfpb_consent-order_general-information-service-inc.pdf
Well-known versus Common Names
These are two different concepts. Some very well-known names are very uncommon. As an example, most people certainly recognize the last names of “Biden” and “Roosevelt” but those are not common names. Ethnicity also matters. “Tran” is a relatively rare last name, but is the 5th most common Asian last name in the U.S.
These are a couple of the reasons for the CFPB’s suggestion of an “algorithm” to evaluate what is a “common” name rather than having workers decide on the fly whether a name is “common.” An algorithm doesn’t mean a computer program (although it may be), or AI to make a determination. It does suggest that decision-making should be somewhat empirical.
The great slope of Common Names
Names are not evenly distributed. Names are common, across gender, race, and ethnicity—for about the first 100 most common names—and then drop like a rock. There is little difference in commonness rank from 100th most common to 500th most common. If you graph it, it starts high for the first 100 names—and then drops and nearly straight lines.
Common Names and PBSA Accreditation Considerations
For those of you who are accredited companies, or, if PBSA accreditation is in your future, clause 2.15 is “Identification Confirmation.” This clause lays out specific parameters you must follow to have reasonable procedures for maximum possible accuracy when determining the identity of a subject prior to reporting information. One of the requirements is a written policy and procedure. If you incorporate some common name logic in your process, make sure you update your existing written policy or, incorporate it into what you create for accreditation in the future.
Some points to consider or discuss with your counsel
- Make middle name a required field and allow ordering only if the client affirmatively indicates the subject has no middle name or it is unattainable.
- Look into obtaining census data of the most common names and set a point at which you will perform additional due diligence prior to reporting if it is an extremely common name. Alternatively, consider using an off-the-shelf service such as NameGrades.com.
- Put your identification protocol including common name procedure into a policy document to be followed by your workers.
ABOUT THE AUTHOR
Derek Hinton is President of CRAzoom, a company used by the majority of CRAs to achieve and maintain PBSA Accreditation. In addition, Derek consults as a fractional Compliance Officer for CRAs, has created “plug and play” packages for CRAs being audited by their vendors, and is the owner and creator of CrimApollo, a criminal record assessment tool for employers and CRAs. Derek is also the managing partner of NameGrades, a program that assesses the commonality of names in the United States.