Security Products

By Garnet Steen · April 2006

Survey reveals that identity theft is still a growing concern for Americans

IN January, the FTC announced that 37 percent of all consumer complaints it received in 2005 concerned identity theft, making it the top consumer complaint for yet another year. On a daily basis, the media reveals new warnings, breaches of consumer data, proposed legislation, and consumer horror stories. Not surprisingly, surveys reveal that identity theft is a major concern for Americans, but for the average person the questions remain.

What's real and what's hype? What is being done to solve the problem? What can I do to protect myself?

RelyData, a company dedicated to identity restoriation and endorsed by the credit reporting industry, sees the reality of identity theft on a daily basis. RelyData has relationships with both individual and lender victims, law enforcement, government agencies and financial industry fraud experts, and communicates with them on a regular basis.

The Facts
In prior years, the FTC has estimated that identity theft strikes roughly 10 million Americans each year, costing lenders $48 billion and consumers $5 billion. Consumers can spend hundreds or thousands of dollars, and between 30 and 175 hours unraveling the fraud and restoring their identities on their own, often over the period of six months or longer. Worse still, Gartner Group estimates that one in four will not succeed, leaving their personal identity records tarnished.

In reality, the number of victims may be closer to 3 million because simple credit card fraud and other crimes are mistakenly categorized as identity theft, but the other estimates seem accurate based on RelyData's experience with victims.

Regardless of what the actual number of victims is, the most chilling of these statistics is the amount of time and effort it takes people to solve the problem on their own. Why is this? Simply put, do-it-yourself identity restoration is like do-it-yourself dentistry. Lacking the knowledge, tools and access to the data necessary to repair their own records, victims struggle and often make mistakes, compounding their difficulties. If this were not enough, frustrated victims do not know what to do and are treated like they are guilty until proven innocent.

Where an identity restoration company might spend two hours to repair a credit file, a victim could easily spend two months and achieve incomplete results.

In February 2005, a large reseller of consumer data had a breach that gained national attention and served as a wake-up call for the industry, individuals and legislators. In the ensuing year, the Privacy Rights Clearinghouse, a non-profit consumer research organization, has tallied breaches that have exposed more than 50 million American consumers. The message to consumers is clear: Others have your information, and many of them are in the business of selling it. No matter how careful you are with your personal information, you simply cannot control what others do with it, and eventually your personal identity records will likely be exposed.

What happens then?

Legislation, Law Enforcement Will Not Solve the Problem
Legislators in most states have responded to these breaches by proposing laws that often require organizations to notify consumers, take action to protect data and provide various services to breach victims. Unfortunately, many industry observers and consumer advocates believe that a watered-down federal law may be passed that will supersede these state laws. While it has not happened yet, industry experts predict that the eventual federal law will allow the organization that experienced the breach to decide how serious it was and whether it warrants notification.

Whether consumers will hear about breaches that expose their personal information in the future is unclear.

Beyond breach notification, stiffer penalties for committing identity fraud have been enacted in many jurisdictions, but while these are helpful, they are not likely to deter the growth and impact of the crime. The risk-reward ratio of the crime is simply too attractive for the thieves, given the estimate that only 7 percent of cases involve an arrest. With odds like those, this crime will not go away soon.

Compounding the problem is the reality that the increasing numbers of identity theft cases involving the Internet appear to originate in other countries, making detection and prosecution virtually impossible.

Other actions to prevent identity theft will undoubtedly have varied effectiveness. The best technology has been deployed to help lenders catch and prevent fraud, and protect people from Internet-based fraud, but this will only address a fraction of the cases.

Last year, Javelin Research published a study indicating that in those cases where the source of the identity theft could be determined, nearly half of all fraud originated in the victim?s home or place of work. While people can be more vigilant in protecting their personal information -- shredding confidential papers -- it is unlikely that they will change their behaviors so much as to protect themselves from family, friends and coworkers.

Individuals Need to Assume Greater Responsibility
One law that did help was the FACT Act, which took effect in all states Sept. 1, 2005. This law allows consumers to obtain a free copy of their credit report from each of the three major credit bureaus at least once per year by calling (877) 322-8228 or by visiting www.annualcreditreport.com. Doing so will not prevent identity theft but it can help a consumer uncover a problem and monitor their credit reports in general.

The three credit bureaus and RelyData also offer various credit monitoring solutions that actively monitor credit files and report relevant changes to the consumer. The price for these services varies depending on how extensive and comprehensive the monitoring is. These are solutions worth considering, especially for consumers who believe they are at risk or who have already been victimized by identity theft.

Other services that provide information on other personal records -- generally non-credit records held by various government agencies -- are of dubious value. Unlike a credit record, which is typically highly accurate and relates only to you, many of these services provide numerous records related to anyone with a similar name or address as yours, mixing the files of different people and making it difficult to distinguish between fraud and someone who merely has a similar name as you.

Personal responsibility also is a factor, and many parties will advise to safeguard mail, not provide information over the telephone or the Internet and shred personal documents. All of these things can help limit the possible sources of identity theft. The credit bureaus allow consumers to place a fraud alert on their own file and to freeze the file of minor children to prevent them from becoming victims of identity fraud.

In the end, however, there are no guarantees. Consumers are advised to have a plan, as are businesses that want to protect their employees, customers or members.

About the author

Garnet Steen
Garnet Steen is the president of RelyData.