>You don't want the name or address in the credit report to just point to your user's table, with an assumption that that was the name in the report

Well ok. In your example, call it a "credit report subjects" table.

>Thus, simply pointing to a user_id and hoping the data on the user's table was the data at some point in time in the past

References can be versioned or even hashed, i.e. Git. You would run the same risk with tokens, no?