Spotlight: Chris Jay Hoofnagle
Page | 1 | 2 | 3 | 4 | 5 | 6 | 7 |

Have you seen improvements in the system since you got involved?

Consumers: Be on high alert

• Prevalence of ID theft • Identification/authentication • ID theft losses • Phone company ID theft • Benefits of banks reporting fraud • Protection for consumers • Weird impulsivity • Recent improvements

Oh yeah. I'm not sure that the dual factor identification rules will help when I speak with consumers about that. They don't understand it.

The dual factor authentication rules require banks to implement some form of additional password. On the corporate level, this is accomplished by giving employees a token. With consumers, it's often accomplished by presenting a picture or something else that the consumer chooses in addition to their password in order to recognize the bank.

And I do think that the red flag rules are going to help. The red flag rules require banks to employ additional procedures to verify identity when there are suspicious or high-risk qualities to a transaction. For instance, if a consumer applies for a new credit card, using an address that does not appear on her consumer report, that would trigger a red flag. The bank would have to use some form of additional procedure to ensure she was who she claimed to be.

But I think that consumers are more careful about disclosing information. It's still very hit or miss; it's still not rational. My advice is that one has to be more careful about identity level information. You often see a lot of concern around sharing a credit card number which presents less of a risk to the consumer than sharing, for instance, a Social Security number.

What regulatory changes need to be made to help identity theft victims or prevent identity theft from occurring?

I think the red flag rules, which specify common-sense, basic scenarios where fraud may be present, will help reduce fraud. But to address other issues, I believe that banks and payment companies should have to publicly report basic statistics on their fraud rates. Basic fraud reporting is performed by banks in the UK already.

Is there any place that lists known identity thieves that people can search before giving out their information to someone -- for instance, an employer?

Not that I know of. There's so little enforcement and this might change because there's a federal law that has a two-year minimum for identity theft and prosecutors want to put people in jail.

If they have identity theft laws that put people in jail, we might start seeing enforcement, we might see more prosecution. And that's where you'll start to see lists of people involved in that kind of stuff.