IT Confidential: Is Anyone Doing Anything About Identity Theft?
3/16/2007 – MARCH 16, 2007 | Incidents of identity theft are increasing in the United States at an alarming rate, according to a survey by Gartner. Approximately 15 million Americans were victims of fraud related to identity theft in the 12 months from August 2005 to August 2006, Gartner says, a more than 50% increase from the Federal Trade Commission’s estimate of 9.9 million identity-theft-related crimes in 2003.
Now, Gartner didn’t talk with all 300 million Americans to find this out. As with most research surveys, Gartner extrapolated its findings from talking with a significant subset of the population, in this case 5,000 Internet-using adults. The survey was taken last August.
The funny thing is, an FTC report in February said the agency had received 9,578 fewer complaints about identity theft in 2006 than in 2005–246,035 compared with 255,613–a 3.7% drop. A survey by Javelin Research and the Better Business Bureau released in January extrapolated that the number of Americans experiencing identity theft had actually declined in 2006, to 8.9 million from 9.3 million in 2005.
So maybe Gartner hit a deep vein of identity theft victims, the Love Canal of personal data loss, and it skewed the results. The point is that identity theft is a serious crime in the United States, and something needs to be done about it.
Part of the confusion may be caused by the shifting definition of identity theft. When I was a kid, it referred to Fred Demara, aka the Great Imposter, who was played by Tony Curtis in a 1961 movie. Then, with the rise of information technology, it meant accumulating personal information–name, Social Security number, mother’s maiden name, etc.–to open a fraudulent line of credit. Today it often refers to scamming a piece of digital financial data–credit or debit card number and PIN–and pillaging a savings or checking account.
Gartner pulls no punches as to where to lay the blame. “Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves,” the firm said in a statement. Let’s face it, if your chain has weak links on both ends, it’s a pretty damn weak chain.
There are no great feats of hacksterism involved in identity theft. Stealing laptops is a popular way to attain such information. There’s also a process known as “skimming,” in which a thief plants a device on a card reader in your local retail shop and intercepts data when you swipe your card and enter the PIN. And there’s the always popular phishing, where victims actually offer up their personal information willingly, for free.
Banks and retailers have been slow to propose solutions, so I’ve got a few of my own.
Drop the Social Security number. It wasn’t intended as a personal identifier; Congress made that clear in 1936 when the system began. Now, everybody knows Social Security will be bankrupt in 25 years anyway, so let’s put it out of its misery.
Declare a moratorium on credit cards. Since, by most accounts, American consumers are drowning in debt, we’d be doing most people a favor. Online fraudsters also target debit cards, so let’s stick with cash-only transactions.
Ban the use of laptops. Let’s go back to the old green-screen monitors. Nobody’s going to be walking out of a building with one of those babies.
Legalize phishing. If someone is stupid enough to fall for it, they deserve to get fleeced.
Let’s swap identities. You go first. Send your personal data, and an industry tip, to firstname.lastname@example.org, or phone 516-562-5326.
Rob Preston’s column will return next week.