|The costs of ID theft
|Page | 1 | 2 | 3 | 4 | 5 | 6 |
How much it costs ... businesses
When analyzing the impact of identity fraud on business
and government, the dollar amounts rise considerably.
A study by CIMIP released in October 2007 analyzed closed
cases from the U.S. Secret Service to find out more
about identity theft offenders. The study examined
data from 517 cases from the years 2000 to 2006 and
included banks and businesses as victims as well as
some individuals. The median dollar loss was $31,356.
"We went with the median because one of the cases involved a loss of about $13 million which skewed the average up. Some victims lost no money," says Rebovich.
While personally devastating for individuals, fraud can poke holes in otherwise solid businesses in inventive ways, from security breaches to credit card fraud.
that contain unencrypted sensitive information -- that is the most common thing.”
For example, merchants can lose money from charge backs if they accept a stolen card or number. With charge backs, the bank requires merchants to reimburse it for the value of the fraudulent purchase, plus pay a processing fee as high as $50.
"Everyone is affected differently;
some companies aren't affected at all, they don't
have to disclose it," says Litan. "In other
cases it hurts retailers or accepters of credit cards,
not the creditor, because the accepter has to eat
the fraudulent transaction."
Security breaches at businesses are commonplace but not always covered by the media.
"Unlocked file cabinets, where
they have sensitive information in the file cabinet
and it's not locked, is particularly widespread,"
says Joseph Campana, a privacy consultant and certified
identity theft risk management specialist with J.
Campana and Associates in Madison, Wis.
"And laptops that contain unencrypted sensitive information -- that is the most common thing," he says.
Some states require that businesses notify customers when their data has been lost, which then almost obligates the business to pay for credit monitoring.
"The cost of credit monitoring can be pretty significant as well," says Campana. "And it's become the expectation now. If you lose information, we want credit monitoring and in a lot of cases it's not even warranted because the information was misplaced and there is no evidence that it was misused. But the company still has to pay those expenses."
Larger businesses can face regulatory fines as well as public relations nightmares. "If regulators have to come in and do a forensic audit where they do a deep investigation as to how that information was accessed, those start at about $10,000," says Campana.
|-- Posted: April 21, 2008