The growing problem
of ID theft
On first viewing, those clever TV commercials where
an identity thief recounts through the mouth of a victim all the
great stuff he bought with the stolen credit card information might
bring a smile. But the smile quickly fades when it happens to you.
By now, if you haven't had a credit card misused,
you probably know someone who has. In a 2004 report, the Federal
Trade Commission estimates that 9.9 million Americans, or 4.6
percent of the population, had their identity hijacked in 2002 alone.
More than half of those, 5.2 million, came through credit card accounts,
at a cost of $47 billion. On average, victims lost $1,180 and spent
60 hours resolving the problem.
The warm-fuzzy ad campaigns seem to be working. According
to a June survey on Internet security by the Cyber
Security Industry Alliance, three-fourths of all respondents
say they feel good about the Internet, but 97 percent consider identity
theft a very-serious or somewhat-serious problem.
There is a growing public suspicion that thieves have
never had easier access to our personal information, known as identifiers,
than they do today, despite the reality that far more card fraud
occurs offline than online.
Credit much of that uneasy feeling to the rash of
security breaches. In the most recent, CardSystems Solutions,
a third-party credit card processor, put more than 40 million Visa
and MasterCard holders at risk of fraud when its Tucson, Ariz.,
database was compromised. The company admitted it was not in compliance
with the card companies' security rules. In response, Visa USA and
American Express have recently announced their decisions to end
business relations with the processor.
Other recent high-profile breaches involving Wells
Fargo, Bank of America, Time Warner and ChoicePoint have left consumers
understandably wondering: If this is happening to the big guys,
how exposed am I at the lower rungs of database management? And
what can I do to protect myself?
The good news is: We may be
making headway in the war on credit card fraud. The bad news is: Our legislative
defense against the greater threat of identity theft continues to struggle in
a climate of watered-down consumer rights.
hacking vs. identity theft
Mari Frank, the author of "The
Identity Theft Survival Kit" who consulted with Sen. Dianne
Feinstein, D-Calif., on California's trend-setting anti-ID theft
statutes, knows firsthand the damage identity thieves can do: Her
identity clone wracked up $50,000 in purchases, including a Mustang
convertible. Frank estimates it took her 500 hours and the better
part of a year to regain her credit.
She says the high-profile
cases often alarm the public without educating them on the important distinction
between credit card hacking, where typically only your name, address, account
number and PIN are exposed, and the larger threat of identity theft where your
Social Security number, mother's maiden name and other personal identifiers may
be acquired. Criminals use the latter to fraudulently obtain everything from phone
service and cable TV to legal representation and operating cash, of course.
"When you have a security breach where your total
identity is revealed, similar to the Wells Fargo, Bank of America,
Time Warner and ChoicePoint breaches, we're talking about your sensitive
identifiers, which can be used for a variety of reasons such as
financial identity theft, criminal identity theft or terrorism,"
says Frank. "That is much scarier because those can be used
across the world, and if they are used, you're going to face hundreds
of hours trying to get your life back. If someone uses my MasterCard,
I see (the charge) on the bill and I'm going to call up my credit
card company and know I'm not going to be responsible for the charges."
Despite the bad press, the credit card
industry has made considerable progress in fighting electronic fraud in recent
years, according to Todd Linden, president and CEO of Card Commerce Inc., a Los
Angeles processor of merchant loyalty accounts. He says the industry standard
of multiple firewalls, technology that blocks access to database applications
and encryption of account numbers has reduced fraud overall.
In addition, back-end "smart" security systems
that learn each cardholder's spending patterns and flag anomalies
have reduced losses by catching fraud at the first or second purchase
instead of the fifth or sixth. A Visa spokesman, who requested anonymity,
says the company's fraud rate has been in decline in recent years
and is now at an all-time low of 5 cents per $100 transacted.