ID Theft In US Continues Apace Despite Data Breach Laws 117
4roddas points out an article at Techworld about the continued scourge of identify theft in the US, which begins: "Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published (PDF) a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC). 'There doesn't seem to be any evidence that the laws actually reduce identity theft,' said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors. Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends."
Put the onus on financial institutions (Score:5, Insightful)
Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.
The banks and credit card companies could do this, but it's more profitable to let people steal your identity and then just jack up fees and interest rates to cover the losses.
- Greg
Breach notification laws (Score:5, Insightful)
Re:Put the onus on financial institutions (Score:5, Insightful)
Re:Put the onus on financial institutions (Score:2, Insightful)
My friend's husband had his SSN stolen and they were convinced that they'd have to repay. They showed me the IL attorney general's website which supported their conclusion.
If that is true, then this problem will not go away. Make the financial institution eat the loss caused by their stupid reliance on a 9-digit number that is not even supposed to be secret.
The solution is technology (Score:5, Insightful)
Social security numbers have the same problem, only worse, because you can't just cancel your SSN like you can with a credit card. Banks pretend that your SSN is a password, but there are thousands of people who have access to your social security number and at least one of them will sell it on the black market.
Fixing this mess will cost the banks a lot of money, but they made this mess and it's their responsibility to clean it up. We need the federal government to mandate real security measures, because fraud is quickly becoming the norm.
Re:Get Personal Data off your computer (Score:5, Insightful)
Re:Put the onus on financial institutions (Score:5, Insightful)
I also think much would change if everyone had a right to get their own information that is collected from them. I can get credit reports 1 time a freaking year. thats it. Not to mention all the other companies that collect information about me. Some use that information for things like employment screening. How the hell am I supposed to know that I didn't get a job, because some company I have never heard of claims I had a record. (maybe they mistyped my social security or name...). Employers are scared of lawsuits, and they never tell you why you weren't selected..
Re:Breach notification laws (Score:2, Insightful)
So once again... (Score:3, Insightful)
...we've proven that a piece of paper alone can't stop crime, pollution, educate our kids, etc. it is only the enforcement thereof, or in the case of ID theft, steps to prevent such crime that will ultimately solve our problems.
Long story short, let's move along and work to end the problem, not just write paper against it.
Re:Put the onus on financial institutions (Score:5, Insightful)
The problem is, if you call it 'fraud' then the defrauded entity is on the hook, and that entity gives and lends tons of money to politicians, lawyers, and judges. If you call it 'identity theft,' then it seems more reasonable to blame the person whose name was forged, but (and this is important so it's gonna be in all caps) THE PERSON WHOSE ID IS STOLEN IS NOT THE VICTIM. The bank is, and the whole process from start to finish ought to be the bank's problem.
If we had more strict laws on consumer data protection, this shit wouldn't happen.
Re:Identity Clearinghouse (Score:3, Insightful)
With this as a starting point, you can basically get anything you want in Illinois. If you would like a SSN on your driver's license you can have that as well. Again, no verification or validation is needed. It is required that you be able to write your name.
This same practice occurs in a number of other cities and states as well.
I believe they would feel obligated to provide a translator if someone showed up speaking nothing but Klingon.
Just remember, they aren't stealing your identity, just borrowing it.
Re:Put the onus on financial institutions (Score:5, Insightful)
What will really fix things is to recognize that what we call 'identity theft' is nothing more than two frauds jammed together.
The first is some scumbag defrauding the bank into giving them money in someone else's name. The second is when the bank tries to pass the buck by making a third party pay the debt back.
The bank's crime is even worse. They commit extortion by threatening to libel (report an adverse credit event resulting in declined loans and higher interest rates) the 'victim of identity theft' unless they pay for the bad debt they didn't have anything to do with.
I fail to see how the bank's behavior is any better than if I were mugged in the park and decided to "make it right" by mugging the next person I see.
Re:Get Personal Data off your computer (Score:4, Insightful)
How do we even know it's you posting right now?
All jokes aside, banks make tons of profit off of easy credit. When credit is easy for damn near anyone to get, people are (generally) going to run up large bills.
A very good friend of mine had a credit card (I think a Visa) for almost 2 years and they never increased his limit about the initial $500. Why? Delinquent on payments? Nope, it was actually the exact opposite - he paid his bill at the end of every month and on time. He was actually told that he would have to start maintaining a balance (and therefore generate interest) if he wanted his limit to go up.
So he cancelled the Visa card and got an American Express. They took note of his excellent credit record and handed him a card with a much higher limit. He never goes anywhere near it and still pays his bills on time.
Fiscal responsibility is not profitable in the credit and banking industries. If everyone balanced their checkbooks and paid their bills on time, a load of banks and CC companies would go flat broke. That's why things like the minimum payment (which is calculated to make sure you have a balance on the card for 30 years) exist.
since when? (Score:2, Insightful)
Of couse they're not doing anything (Score:3, Insightful)
"If you get hacked, you have to tell us, so that we can prosecute you for having lax security and your customers can abandon you." Or, you know, they can keep their mouthes shut, since the reason for these mandatory disclosure laws to begin with is that, unless these companies say anything, nobody but the thief knows they were compromised.
I'm sure that even the use tax laws are more successful.