Forgot your password?
typodupeerror
Crime Privacy The Almighty Buck Your Rights Online

Why Lenders Overlook Warning Signs of ID Theft 225

Posted by kdawson
from the take-the-money-please dept.
Hugh Pickens writes "Despite all the new fraud alert tools and increased awareness of the perils of identity theft, incidence of the crime remains at 2003 levels, with about 10 million Americans falling victim every year. Now the NY Times reports that there may be a simple reason for the persistence of ID theft: lenders are too willing to extend credit to just about anybody, even when there are big red flags that indicate fraud. Chris Jay Hoofnagle at UC Berkeley worked with a small sample of six ID theft victims and delved into how they were defrauded. Of 16 applications presented by imposters to obtain credit or medical services, almost all were rife with errors that should have suggested fraud — yet in all 16 cases, credit or services were granted anyway. 'Identity theft remains so prevalent because it is less costly to tolerate fraud,' writes Hoofnagle. 'Adopting more aggressive and expensive anti-fraud measures is extremely costly and jeopardizes customer acquisition efforts.' Hoofnagle says business decisions leave individuals and merchants with some of the externalities of identity theft as victims spend their own money, and more often, valuable personal time dealing with the problem. Hoofnagle suggests that lenders contribute to a fund that will compensate victims for the loss of their time in resolving their ID theft problems."
This discussion has been archived. No new comments can be posted.

Why Lenders Overlook Warning Signs of ID Theft

Comments Filter:
  • Here we go.. (Score:4, Insightful)

    by BVis (267028) on Friday April 09, 2010 @08:20AM (#31788420)

    Can't wait to see how people blame the victim on this one.

    • Re:Here we go.. (Score:5, Interesting)

      by WrongSizeGlass (838941) on Friday April 09, 2010 @08:24AM (#31788454)

      Can't wait to see how people blame the victim on this one.

      I think it's pretty clear that these 'honorable institutions' are actually enablers. Accepting that the cost to compensate individuals is lower than fixing the system sounds awfully familiar ... Ford's Pinto comes to mind as does the recent Toyota situation. They're not killing anyone ... they're just ruining their lives for a while.

      • Re:Here we go.. (Score:5, Insightful)

        by Shakrai (717556) on Friday April 09, 2010 @08:41AM (#31788646) Journal

        Ford's Pinto comes to mind as does the recent Toyota situation

        The "Toyota situation" has been blown completely out of proportion. Whatever problems may exist with Toyota automobiles have long since been buried under sensationalist "OMG, if you own a Toyota you are going to die!!!" media headlines and politicians looking to build "I'm tough on big business" street cred. It's been alleged that 37 people have died due to problems with Toyota's in the last ten years. That's a drop in the bucket compared to the number of people who have died in old fashioned automobile accidents. Even if you accept that all of those were due to a design flaw (which hasn't been proven yet) it hardly seems worth all of this FUD.

        I don't own a Toyota but if I did I wouldn't be afraid to drive it. I'd be more worried about getting killed because of the stupidity of a fellow driver than I would be about being killed by a design flaw in my own automobile.

        • Re: (Score:3, Informative)

          by Lumpy (12016)

          Or compared to the number of Ford F150 pickup truck fires that actually caused deaths and damage. Oh wait, let's ignore that because a pickup truck is AMERICAN!

          • Re: (Score:3, Insightful)

            by hairyfeet (841228)

            Actually we ignore that because the "cruise control = fire" bug was actually quite common on several manufacturers vehicles in the mid to late 90s, not just Ford. I myself had a 96 Nissan truck burn its steering column down to the metal (thank goodness I wasn't driving it at the time) thanks to that bug.

            Considering how many makes and model had that bug (I know of a Honda and a Chevy that both had that bug just among friends/relatives) my guess would be a common third party supplier ultimately was responsi

      • by rcamans (252182)

        NO, Not enablers. They are seriously greedy, and frantic for money. Because of this, they are actually ACCESSORIES TO ID THEFT CRIMES. Let's start prosecuting them as such. Oh, wait. The feds already ok banks and lending institutions as ok to steal, etc, so this would be ok, too. Oh, wait, the feds give the banks, etc money to cover their losses, so they could get more money from the feds for this, too.
        Never mind.

    • Re:Here we go.. (Score:5, Interesting)

      by RAMMS+EIN (578166) on Friday April 09, 2010 @08:48AM (#31788710) Homepage Journal

      ``Can't wait to see how people blame the victim on this one.''

      The victims ... are all of us. The fallout of identity fraud is costly, and, eventually, all of society bears that cost. Higher rates for borrowing money, insurance against identity fraud, the enormous cost of cleaning up after your name has been misused, and society missing out on people who would otherwise have been productive members.

      It seems to me that the choices we have are trading the inefficiency of a better identification system against the inefficiency of having more failures, and sharing the burden vs. letting a few shoulders carry it all so the rest of us goes unencumbered.

      Personally, I think that there should, first of all, be fewer occasions where you need to authenticate. Usually, it doesn't matter who you are, so why require authentication? Secondly, authentication should not always disclose everything. If the same data that I need to hand over to buy a $50 mobile phone can be used to get a $20000 loan, that's a security hole.

      Thirdly, when you're lending money, that's your choice. You can charge interest and/or fees to make it worth your while. What you can't do is get someone who wasn't a party to the agreement to be responsible for getting the money back to you. If you lent it to the wrong person based on false credentials, that's your mistake, not that of the person whose credentials were misused. Somehow, institutions seem to be able to strong-arm that person into paying up anyway. I'd like to see the end of that, too.

      • Personally, I think that there should, first of all, be fewer occasions where you need to authenticate. Usually, it doesn't matter who you are, so why require authentication? Secondly, authentication should not always disclose everything. If the same data that I need to hand over to buy a $50 mobile phone can be used to get a $20000 loan, that's a security hole.

        This is a good idea. I just can't figure why one needs to hand over an SSN to buy even a prepaid phone plan. Even worse, I was expected to give it out for a blood draw/lab work. I went in all adamant about kicking ass when they demanded it, telling them that they weren't paying me anything so they didn't need to make any IRS filings, privacy, etc. Then they didn't even care when I left the field on the form blank -- I was almost disappointed. I suppose that many times, SSNs are demanded just because th

        • Re: (Score:3, Interesting)

          by JWSmythe (446288)

          I just can't figure why one needs to hand over an SSN to buy even a prepaid phone plan.

          Really?

          My prepaid phone has some basic (and out of date) information on me. No DOB, no SSN.

          Someone I knew had a stalker, arrested multiple times for stalking her. He'd somehow get her phone number. He'd find out when she moved and to where. She resorted to living with friends and moving frequently, but had no cell phone. I bought a prepaid phone with cash. They only aske

      • Thirdly, when you're lending money, that's your choice. You can charge interest and/or fees to make it worth your while. What you can't do is get someone who wasn't a party to the agreement to be responsible for getting the money back to you. If you lent it to the wrong person based on false credentials, that's your mistake, not that of the person whose credentials were misused. Somehow, institutions seem to be able to strong-arm that person into paying up anyway. I'd like to see the end of that, too.

        I think it has to go further than that. If an institution extends credit to someone who is using a stolen identity they should be liable for the costs of the person whose identity was used that are incurred as a result of this. This is fairly complicated and the amount that institutions should be held responsible for needs to be increased to decrease their incentive to extend credit to people who are using a fraudulent identity. (As an aside where are all the people who say that stealing Intellectual Proper

        • Re: (Score:3, Insightful)

          by RAMMS+EIN (578166)

          ``(As an aside where are all the people who say that stealing Intellectual Property isn't theft on this--if you steal my identity, I still have it)''

          I happen to be one of those people, which is why I prefer speaking of "identity fraud" rather than "identity theft".

    • by Lumpy (12016)

      It's the victims fault for not protecting their info. It's also the victims fault for not checking their credit report every 60 seconds.

      finally it's the victims fault for electing the scumbags they have in government that hates consumers and loves banks.

      Honestly, the US government fully supports credit fraud, otherwise they would have put in rules for banks that made it the banks responsibility and liability at all times. It needs to become expensive for banks to ignore the red flags. I support a $50,00

    • by erroneus (253617)

      That's exactly where I was heading when I read the article. The creditors want to pass the responsibility on to anyone but themselves. And others in turn try to shift responsibility onto the individuals whose names and/or numbers are being used.

      I wonder how often various individual rights activists are involved in the lobbying or proposal for new law and regulation, but someone needs to do something to reform this blame game that ultimately ends up victimizing innocent people.

      I participate VERY sparingly

  • Tell me about it (Score:5, Insightful)

    by cybrthng (22291) on Friday April 09, 2010 @08:21AM (#31788430) Journal

    Bank fraud is why i shutdown my business after losing about 15k. Banks make a LOT of money milking the merchants with fees & services to create a "Safe shopping facade" but to screw you over in the end. What sucks even worse is that the consumer always wins in the end regardless or not if the consumer is legit or fraud and the banks LIKE it that way.

    Banks make a lot of money in playing the high risk game and its screws everyone over in the end.. someone is paying for it.

    • by conureman (748753)

      Kinda ironic, the shite I wade through to cash a legit check with my name on it... My GF's purse was stolen a couple weeks ago, and whoever got it has cashed THOUSANDS of dollars in checks, mostly in the four- to eight-hundred dollar range. I wish I knew the secret, I'd like to get away with cashing my own checks more easily.

      • Re: (Score:2, Flamebait)

        by Shakrai (717556)

        Find a bank that isn't run by assholes. The girls at my local community bank know who I am, never ask me for ID and never give me any issues cashing a check. Do business with an outfit that sees you as a person rather than someone who is looking to rip them off.

        • by Abcd1234 (188840)

          Wow, looks like the mods are on fire today... this one and the reply both got flamebait for no reason whatsoever. You'd almost think some bank employee was trawling Slashdot and downmodding people who point out that many (particularly large) banks are run by dickholes...

    • Re:Tell me about it (Score:4, Interesting)

      by GooberToo (74388) on Friday April 09, 2010 @11:01AM (#31790434)

      This is exactly why I always say, "identify theft" doesn't exist. This is credit fraud which is encouraged by banks and especially credit reporting agencies. If laws didn't exist specifically to protect banks and credit agencies, we would all be calling them fraudulent organizations and lots of people would be jail. But since lots and lots of politicians financially benefit from fraud, the status quo is actively maintained.

      It is impossible to fix credit fraud until lenders and credit agencies are help liable for their willfully fraudulent actions.

  • Hoofnagle is right (Score:5, Interesting)

    by dontmakemethink (1186169) on Friday April 09, 2010 @08:27AM (#31788476)
    Settling the fraudulent debt is one thing, being compensated for the runaround is another. If banks are going to save money by enabling ID theft as a matter of policy, they must compensate for when that policy causes damages to their clients in the form of time and money spent correcting the problems. Then we'll see if it's actually better to save on ID theft prevention.
    • by conureman (748753)

      I think that is like getting compensated for SPAM damages. An idea too good to see daylight. "There was an impassioned plea for an end to corruption in government, but cooler heads prevailed."

    • You might not notice the charges;
    • By the time you do notice, it may be too late to complain;
    • It might be for such a small amount that after getting the run-around, you let it pass;
    • You might notice the charge and think "my birthday/the holidays/our anniversary is coming up - it must be a surprise" - and let it slide until it's too late;
    • CowboyNeal stole your identity and gave you his, and now nobody believes you.

    I'm sure people will add more reasons to the list.

  • Credit Agencies (Score:5, Interesting)

    by Shotgun (30919) on Friday April 09, 2010 @08:29AM (#31788506)

    I've got an idea. How about the credit agencies be required to inform me when they give out reports about me? They already know everything about me, right? If someone is illegitimately getting credit under my name, I'll find out about it. If they have incorrect information, I'll find out about it. The cost of an inquiry would go up by $1(US), the cost of printing and mailing a duplicate report.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I like your plan, but it would first require the approval of the credit agencies and $1 million in lobbying (by the credit agencies) before any congressman would sponsor such a bill. Unless of course some influential consumer advocacy group can out-lobby the credit agencies, but none come to mind.

      Your plan would only work if you use the strategy that got us health reform. The bill has to be written by the enablers (banks and credit agencies). The bill would mandate that all Americans be required to pay f

    • by c-reus (852386)

      If someone can convince a bank to give them a loan using your name, how difficult could it be to have the contact information changed?

    • Re:Credit Agencies (Score:5, Insightful)

      by mcelrath (8027) on Friday April 09, 2010 @09:24AM (#31789124) Homepage

      You seem to be under the illusion that credit agencies are legitimate businesses, interested in the welfare of their customers, and you are their customer.

      Let me fix that for you: Credit reporting agencies are a blackmail and extortion ring that somehow are allowed to legally exist. They don't give a shit that your information is correct or not, or if someone defrauds you. If you get defrauded, they're happy to just put it in the report. After all, if you get defrauded, you're a risk, aren't you? Still not their problem.

      No one has ever been contacted by a credit agency, unsolicited, to verify the accuracy of information in their file.

      The only way your idea will come to pass is if it is legislated.

      Personally I think a better idea is to just get rid of credit agencies. Make holding information about a person without their knowledge or consent illegal. Require that anyone holding information (of a certain nature) about a person notify that person of the content and existence of that data on a regular basis. Thus holding information about people becomes expensive, and illegitimate extortion operations like credit agencies would be forced (economically) to improve.

      • Re:Credit Agencies (Score:5, Insightful)

        by infinite9 (319274) on Friday April 09, 2010 @12:03PM (#31791370)

        You seem to be under the illusion that credit agencies are legitimate businesses, interested in the welfare of their customers, and you are their customer.

        Let me fix that for you:

        You're completely right. The Fair Isaac score is a measure of how likely a creditor is to make money from you. If you're a victim of identity theft, then you may cost the creditor money. So you necessarily get a lower score.

        The credit reporting system is an ingenious scam. They've created a number from nothing. Then tied this number to behaviors they want to see from you. Don't go into enough debt? You get a low score. Don't pay reliably? You get a low score. It's a worthless shiny object that you've been conditioned to pursue.

        They flood television with commercials spouting propaganda for the current system of credit. Responsible people pay their bills on time, even if it means they have to feed their kids crap food for dinner, or pull them out of private schools, or avoid taking them to the doctor because they can't afford it. Responsible people establish and maintain a good credit history. Responsible parents teach their kids about credit and help them get their first credit card. It's a confidence game. You groom the mark. Then you fleece them. You give up your hard-earned money so that a number in a computer doesn't drop.

        Here's how it is folks: take care of yourself and your family first, even if your credit score takes a hit. You can't eat your credit score. It won't keep you warm in the winter. And if you have no desire to finance anything, then your credit score is utterly irrelevant.

    • Even an email would be fine. A simple message saying that "Bank X has requested your credit report in order to process an auto loan. If you have not initiated this loan request, please contact so-and-so at Bank X immediately."

    • by copponex (13876) on Friday April 09, 2010 @09:51AM (#31789464) Homepage

      Did you know you cannot even compel a credit agency to produce the documentation proving that you owe the claimed debt? Verification involves them contacting the party reporting the debt, saying "This guy owes money, right?" When they reply in the affirmative, that's called "verified."

      Financial regulations in the United States are practically non-existent. The reason for uncertainty in our markets has nothing to do with government regulations - it has to do with the total lack of accountability and transparency required. Every five years the scheisters are exposed, and the markets collapse, because everyone - Wall Street, the credit rating agencies, and of course the companies themselves - are in on the take.

    • Re: (Score:3, Informative)

      by QuantumRiff (120817)

      They do that already, but they charge for it. Why would they want to ruin a perfectly good revenue opportunity?

      However, you can put a freeze on your credit report, and people can't pull it unless you are contacted and approve.

    • Re:Credit Agencies (Score:4, Informative)

      by ptbarnett (159784) on Friday April 09, 2010 @10:28AM (#31789976)

      How about the credit agencies be required to inform me when they give out reports about me? They already know everything about me, right?

      You can get this service, for a fee. Unfortunately, you have to pay for it.

      Also, you can put a fraud alert on your credit file. That forces the lender to contact you directly to confirm your application. Unfortunately, you have to renew it every 60-90 days, at all 3 credit reporting agencies. Of course, you can pay a fee to have someone do it for you.

      I've been paying for this service for a few years. I don't like it, but it's a necessary evil after my birth certificate was stolen during a burglary at the home of another family member.

  • by rock_climbing_guy (630276) on Friday April 09, 2010 @08:30AM (#31788516) Journal
    I have an obvious solution to ID fraud. It must be wrong, or else it would be implemented years ago.

    The solution is this: you loan money to Joe and Joe signs his name as David? Wow, too bad for you, lender. You just gave away your money to Joe. David can't be held liable for this since he had no hand in it?

    Doesn't it sound like the logical solution. If someone goes to the bank claiming to be me and the bank gives them a loan in my name, then the impetus is on the bank to track down the schmuck who tricked them. The bank ought to be liable for allowing themselves to be duped like this; they shouldn't be allowed to come after me. After all, I didn't do anything!

    What's wrong with this solution?

    • by P-Nuts (592605) on Friday April 09, 2010 @08:38AM (#31788596)

      Mitchell and Webb covered this [youtube.com]

      • Re: (Score:3, Insightful)

        by noidentity (188756)
        Exactly. I don't get why I should have any part in them giving money to someone who claimed to be me. It wasn't me. Sorry you guys lost money, but it's your problem, not mine. I never agreed to any of it, so fuck off and deal with your loss. Next.
    • Re: (Score:3, Funny)

      by Vanderhoth (1582661)
      Well if you didn't let Joe use your name in the fist place you wouldn't be in that mess would you? You deserve to pay whatever the bank tells you to pay.
    • by HangingChad (677530) on Friday April 09, 2010 @08:42AM (#31788650) Homepage

      What's wrong with this solution?

      The banks spend millions on lobbyists to fight making the laws more fair to the consumer. Otherwise your solution would already be law.

      Banks start whining that making them responsible would raise the cost of extending credit. Good. Credit should be harder to get.

    • One slight problem (Score:3, Insightful)

      by petes_PoV (912422)
      The bank lends some money to Joe. Joe denies ever having seen it, says it must've been David using Joe's assumed name. When the bank challenges Joe and says "but here's the proof that your identity was used", Joe replies "dam' clever these identity theft people, you really should tighten up your procedures". Same standoff, different people benefit and get blamed. Now I'm not saying the banks are blameless - they obviously rely to heavily on shoddy checks to ensure the applicant is who they say they are. How
      • by david_thornley (598059) on Friday April 09, 2010 @09:20AM (#31789074)

        If it's the bank's decision to lend or not, then the bank should take responsibility for fraud. Suppose Joe borrows money under my name fraudulently, from a bank I don't personally do business with. I have had no opportunity to influence the security of the bank's system, except politically. I have had no market influence, not being a customer. The decision of what level of fraud to accept is the bank's.

        Any cost pushed off on me is an externality for the bank, since they don't have to pay, and they aren't even losing a customer. Therefore, market forces will not create incentives for banks to reduce fraud below what is best for their balance sheets. In the situation where I can be forced to repay the loan, there is no incentive for the bank to avoid fraudulent loans, and the amount of fraudulent loans increase until everybody's doing it as a matter of self-defense.

        In general, the cost of a loss is best assigned to those with the ability to avoid the loss. That way, the market pushes them to the correct balance of preventing and accepting the loss.

      • by bendodge (998616) <bendodge@@@bsgprogrammers...com> on Friday April 09, 2010 @10:09AM (#31789726) Homepage Journal

        Even DNA checks are not good enough for this (as cases involving identical twins have shown), so the actual solution is very, very hard.

        Just take a thumbprint with the signature. That's good enough to cover 99% of the cases. (If someone is rich enough that someone else will make a thumbcap to match, then you're getting into real cloak-and-dagger. But most crooks are dumb.) Inkpads are cheap. Even though the bank likely can't verify the thumbprint immediately, it will be invaluable to the police when the fraud is investigated.

      • However, once you make them take the hit, all that will happen is they pass on the costs to the customers by increasing their charges.

        This oft-used expression runs counter to the model of supply-and-demand in a market with any demand elasticity.

    • The only thing wrong is that it's the banks playing field and they set the rules...

    • But outside of criminal cases, you ARE guilty until proven innocent.

    • The rules of accountability only apply to people who don't have any money. Every middle class American needs to accept responsibility for their actions, even if they are victims of simple misfortune.

      Banks and corporations play by a different set of rules. They make big bets, pay themselves billions in bonuses for providing the illusion of profit, and then walk away without a slap on the wrist when the illusion collapses. I think today this is referred to as a "free" market. But the costs are indeed very hig

    • Nothing wrong with it, except as someone pointed out below the banks don't want it that way, so the government makes laws to support the banks. After all, it's their government, not yours. An even larger problem with the way lending works, at least specific to mortgages, is the brokers. The broker sells you the mortgage, and they get a fee for doing so. They don't get a fee if they decide that you're not you or you can't afford the loan, so there's actually incentive for them to check the person getting
    • There is nothing wrong with your solution, that is why that is the law. The problem is that you have to convince the bank (or other lending institution) that you weren't the person who received the loan. As a general rule, the problem with having your identity stolen has more to do with cleaning up the records than with paying the debts. While the lenders will come after you if someone fraudulently used your ID, those that are well-run can be made to go away by providing some basic evidence that you weren't
    • AFAIK, just say no. (Score:5, Interesting)

      by gillbates (106458) on Friday April 09, 2010 @10:54AM (#31790322) Homepage Journal

      I've dealt with things like this before with my bank. The worst I had to do was sign an affidavit that stated I didn't make the fraudulent transaction, and the problem "went away".

      Here's something interesting: about 5 years ago, I was called up by someone claiming to be an insurance company, trying to collect a debt that I supposedly owed for a hit and run accident with my "red truck". I do have a red truck. But I had never, as they claimed, been involved in a hit and run accident with it, two years prior to the call.

      To make a long story short, the insurance company paid out for someone's totalled car in an accident. The accident report listed the other vehicle as a red Dodge pickup, license plate unknown. The insurance company then sold its "debt" to a collection agency, which then acquired the registrations (via the state DMV, no less) for every red truck registered in Illinois. In spite of the fact that mine was a Chevy, and the accident report was for a Dodge, they called me, trying to get me to pay up. Basically, they were cold-calling truck owners in the hope that someone would admit to the crime.

      They called back a few times. Imagine, for a moment, if I had died and my wife had answered the phone. She could have been defrauded into paying a debt which she didn't owe, simply because she didn't know any better. These collection agencies are borderline fraudulent operations. Yet they enjoy legal status.

      It's interesting that banks try to pass the cost onto the consumer. But ultimately, it would take very little to show in a court of law that:

      1. The bank had a duty to affirm the identity of the borrower.
      2. The bank failed that duty, and
      3. As a consequence, you lost time/money correcting the situation, therefore,
      4. The bank is responsible for your lost time.

      Most IT professionals can get between $50 and $100 per hour for there services. Should a bank require me to settle a case of fraud with anything more than a signed affidavit, you can bet I'll be sending them an invoice. After all - they'll charge you an hourly fee for balance reconciliation when you're at fault; therefore, they should expect likewise treatment.

  • by stox (131684) on Friday April 09, 2010 @08:32AM (#31788540) Homepage

    If lendors had to pay for the damage they cause, the problem would disappear overnight. They should be responsible, not the poor victims, for cleaning up the mess. Sadly, they do not care, as it costs them nothing.

  • by Manip (656104) on Friday April 09, 2010 @08:34AM (#31788556)

    You have to keep in mind that a lot of systems that check people's IDs, Credit Cards, and Applications are built on top of legacy systems that were designed to work using modems and other terminals. I mean, yes, they have lovely UIs and web-sites but you rip all that stuff away and the entire process runs on the same communications channel as it did in 1990.

    Credit Cards address information is often only checked in a very vague way. Since there is no encoding standards and since the address often winds up as one string you have to be very easy going about what passes and what doesn't. For example this might be the string you get in (all examples are valid/legal):
    "123 Fake Street TownName State Country POCODE"
    "123 FakeStreetTownNameStateCountryPOCODE"
    "POCODE"
    "123 Fake Street"

    And this is the information you have to validate - Address Line 1, Line 2, Line 3, Line 4, Line 5 (Country), POCode (Post Code/Zip code). See the problem?

    • Shhh, we're working ourselves into a fine froth about corporate greed. Don't ruin it now.
    • by TheSpoom (715771)

      To be fair, programs like Verified by Visa do attempt to stem this... but then, conspiracy theorists could make the argument that Visa only did that to make it harder to make a chargeback in case that password is stolen (kinda like PIN-authenticated transactions in Chip-and-PIN countries).

      It is a little weird to me that some merchant accounts allow online transactions without fully using AVS (address verification system). The real problem here are those last two examples you gave:

      "POCODE"
      "123 Fake Street"

      Where the full set of data

    • Actually, most large companies in the united states are going to third-party address validation solutions that use USPS postal data to mitigate this pretty well: http://www.qas.com/ [qas.com] Interesting to note who owns that company-
  • Considering how lending institutions generally operate, it makes more sense that they are making a bigger profit off of "ID Protection" insurance, than they take in actual losses from ID theft.
    The only solution I see is to introduce regulation that forces the lenders to pay the cost of ID theft instead of the victims.

  • by MetricT (128876) on Friday April 09, 2010 @08:36AM (#31788578) Homepage

    Lenders are being completely rational from their perspective. They get paid for creating a market for loans. If they don't issue loans, they don't get paid.

    They are using Other People's Money by packaging the resulting debt into CDO's and selling them off, so they don't have an incentive to look too closely at how credit-worthy the individual is. It's a bad combination of negative externalities and information asymmetry. It's a market failure that requires government regulation to fix.

    • by nedlohs (1335013)

      Why does it require government regulation?

      I would think that the entities buying those CDOs would all be bankrupt by now and hence not buying anymore putting an end to such a ridiculous setup. Or at least not making enough money to continue funding such schemes.

      Oh, the government bailed them out you say? And the government buys the CODs too?

      Well yes, you do need government regulation if the government intentionally fucks over the market correction.

      • Well yes, you do need government regulation if the government intentionally prevents the next Great Depression.

        Fixed that for you.

      • Why does it require government regulation?

        Because there has to be a relatively uncorrupted third party to enforce contracts for a market to function properly. That's why strong governments dominate economically worldwide. When a government is unable to enforce it's own laws, either by lack of power or by corruption of it's governing body, it's called a failed state.

        If there are no rules than there can be no coherent markets, since it has the same incentive structure as a casino. Put your money in Blue Chips! Sometimes, you get your money back!

        Well yes, you do need government regulation if the government intentionally fucks over the market correction.

        If Gl

    • by medcalf (68293)
      Why is it that when the government creates a poor legal system or poor incentives, the solution to fixing that is always put forth as more of what caused it in the first place? Courts are very good at figuring out who defrauded whom and what to do about it. Simply remove government backing for the banks and lenders, and let them compete in the market, and pretty soon the courts and the market will have sorted it out. It's the government's constant thumb on the scale that causes most of these problems; the s
  • by AnnoyaMooseCowherd (1352247) on Friday April 09, 2010 @08:41AM (#31788638)
    What annoys me is that by coming up with the spin incantation "ID Theft", banks have been able to make what is actually their problem your problem

    Its not "ID Theft" its FRAUD

    Before "ID Theft" existed, con artists would regularly pretend to be someone they weren't in order to steal things. If I pretend to be an engineer from the local telephone company in order to con my way into an old ladies house and steal her purse, no one would even think for a minute that the telephone company should foot the bill, but when someone pretends to be me and convinces a bank to give them some money on that basis, apparently it is ok for the bank to turn round and try to get me to pay for the result of their gullibility.
    • by ikoleverhate (607286) on Friday April 09, 2010 @09:59AM (#31789590)
      If I fall for a phishing scam because I'm convinced the site I'm looking at is owned by my bank, isn't that the bank having it's ID stolen? So if the phishers get me to give them money, the bank pays it back right? Obviosuly not, that would be crazy. Just because it was done in the bank's name doesn't mean it's the bank's responsibility. Surely then, it's just as crazy that private individuals have to pay back banks who get scammed, just becuase it's done in their name.
  • by Alain Williams (2972) <addw@phcomp.co.uk> on Friday April 09, 2010 @08:50AM (#31788728) Homepage
    I recently wanted an 0845 phone number (a non geographic number in the UK). The vendor (uk2numbers.co.uk) wanted to verify my address. The only suitable document (that had my PO box address) was a credit card statement. So I scanned it, blurred out my credit limit and part of the credit card number. Long story short: they refused to deal with me because I refused to give them a copy with these numbers in full. I refused to give it to them because of security concerns.

    It seems evident that most who deal with them just hand this stuff over, and then wonder why they end up being owned.

    In the end it turned out good for me since I looked elsewhere and got a much better service on phone numbers - but at the time it looked to me as if I was paying a cost (today) for trying to keep secure (future). They do not need my credit limit for their purposes, I am concerned about what is happening with such information that others have given them; I will report them to the UK ICO [ico.gov.uk].

    • by Lumpy (12016) on Friday April 09, 2010 @09:15AM (#31789020) Homepage

      That's why I do not blur those numbers but replace them with fake numbers. the idiots making the decision as to the legitimacy of a document never actually try to verify it so they want to see something that LOOKS legitimate. Honestly anyone with an IQ over 90 can generate a legitimate looking document in 30 minutes on a computer. yet banks and phone companies hire people with an IQ under 60 to verify the legitimacy of documents.

  • ID theft is not the crime. It is just another form of fraud where the organizations that grant credit are not the ones who suffer when the fraud is committed against them. ID theft did not really exist until one could get credit based on simply a Social Security Number and little else. It was not that long ago where I worked that old stacks of large green bar print out paper covered on one side with peoples names, Social Security Numbers, and addresses were just taken home by virtually everyone for use
  • by KDN (3283) on Friday April 09, 2010 @08:51AM (#31788744)

    Lenders will not do anything until it costs them more money to get it wrong than to get it right. I have recently been the target of a fraud. The bank has called me 4 times in the past year about this account. They have my name and my home telephone number. They have the wrong home address, nothing right except the state. They have the wrong SSN. They have the wrong birth month, day, and year. The birth year is off more than 30 years. The card has my name and some other guy (I'm not even going there). How much do you need to get wrong before you refuse this guy? How did they get my phone number? My suspicion is that the original phone number was incorrect so they just looked up anyone with my name in my state and updated it.

    Twice I hung up on the bank because I thought they were a telephone phishing attack trying to get me to hand over PII (They were asking my SSN, my home address, my birthdate). The last two times I've talked to their fraud department saying that whomever this is is not me and has no PII even close to me.

    • Re: (Score:3, Interesting)

      by medcalf (68293)
      Something similar happened to me years ago. A person with my wife's name and who had lived on the same street some years prior had taken out a loan and defaulted on it (among many, many other defaults and legal issues). The lender had sent it to collections. The collections agency called us (presumably looking up name and street), and we told them they had the wrong people. They read off the information we had, and the only thing that matched was the first and last name and the street name. We told them the
    • Re: (Score:3, Interesting)

      by KDN (3283)

      Here is a trick I did for the above case. I do not give out SSN to anyone I did not call. They (the other end) were not allowed to give out the SSN, they said that they required me to give it to them. To which I responded that I have no way to confirm who they are. Classic Mexican standoff. So I did a simple hash. Lets say your SSN ends in ABCD (these are variables). I had them add AB to CD and tell me the number. If it does not match mine, and it didn't, I know the SSN does not match. If it does, I have a

  • So it's just like DRM: More costly to implement than the money it saves.

    And like anti-theft in stores.

    There's always a line that you cross where you -can- prevent more theft, but to do so will cost you more money than you save.

  • by Jason Levine (196982) on Friday April 09, 2010 @09:06AM (#31788884)

    I had someone open a credit card in my name. They knew my name, address, date of birth and social security number. What they didn't know, however, was my mother's maiden name. However, the credit card company (*cough* Capital One *cough*) ignored this and let them get a credit card in my name via an online form. Then they immediately changed the address to another address in another state halfway across the country. Then they called up and asked for a $5,000 cash advance before the card was even activated. None of these set off red flags apparently.

    The only reason it was caught was that the thieves tried to get the card quickly and so paid for "rush delivery." The card was sent out before the address change went through and it wound up at my door. When I called up, the credit card company first gave me the runaround insinuating that perhaps my wife did it. (Neither of us would ever open a credit card without consulting the other. Much less open an account in the other person's name and then try to get a $5,000 advance.) Then they claimed that they couldn't give me any information because (and this is a nearly direct quote) they'd be "liable if I went out and shot the person." Yes, they were now insinuating that I'd commit murder and then *they* would be sued.

    Fine, I had the police call them. But they gave the police the runaround also. They insisted the police call a special "police" number, but apparently only an answering machine staffs that number and nobody returns calls from it.

    Basically, the credit card company doesn't care *who* they give a card to because they can write off the fraud and will wind up making a profit either way. Fraudulent charges that consumers pay mean credit card company profits. Fraudulent charges that consumers don't pay are charged back to the merchants for no real loss (to the credit card company, the merchant's out the merchandise). In the end, they don't give a rat's posterior about messed up consumer credit or store losses due to fraud/ID theft. They're making a tidy profit and that's all that matters.

  • Shifting the risk (Score:2, Insightful)

    by rajats (891347)
    The credit card companies and banks are wanting to shift the residual risk to the customers. That's why they want you to pay for "SafeProtect" etc. for which you have to pay in advance so they monitor any ID thefts. My question is shouldn't they already be doing that? If yes, then why do they want you to pay for it? Cost reduction in my humble opinion.
  • At a former job of mine, I had to deal with customers over the phone (a customer service representative). The company actually had some anti-fraud policies that were slightly better than average, but a lot of representatives would ignore them, mostly because many customers were just ignorant (or perhaps they were the fraudsters themselves).

    When I would try to enforce those policies strictly, I would get yelled at a lot by customers. Occasionally, I would get a thank you for enforcing those policies in suc

  • "Identity Theft?" HAH! That's not what it is. It's the lender's failure to provide a secure credit. transaction. And they offload the risk and expense onto the consumer. Enough of this bullshit fucking doublespeak!

    Don't let the PR spin blind you. Push for consumer-oriented credit reform!

  • by sherriw (794536) on Friday April 09, 2010 @09:45AM (#31789356)

    This is why they can get away with it; Lenders sign up as many new lending accounts as possible. They have certain % that will default or are fraudulent. They buy insurance for this risk. The insurance company sells insurance policies which it says have a certain risk (low compared to the # they sell) of actually being claimed on. An insurance policy is something that keeps making money (with a certain % risk of being claimed on). These policies are sold as investment instruments (insurance bonds) to investors. Investors like you and me. They are put into people's pension funds, 401Ks, RRSPs, wrapped into various types of funds. And bingo.... it is now you and I who are carrying the risk. Magic.

  • In the past few months I've had some checks stolen. All the checks were used at the same grocery store and they used the electronic scan thing where they pretty much run the check kind of like they do a debit card. I went to the grocery store ( Harvey's Supermarket....I'm outing them because of how shady this is.) the same day I noticed the check was ran and asked the manager if they still had the check because I wanted to see how it was signed. He told me they do not keep copies of the checks and explai
  • by gcatullus (810326) on Friday April 09, 2010 @10:46AM (#31790222)

    This is exactly why PCI compliance won't do much to stem identity theft. The institutions that get the benefit of credit cards, i.e. the issuers like Visa/Mastercard, have nothing to gain from preventing it and everything to gain from allowing it. If Visa card is fraudulently obtained and used, Visa loses absolutely nothing. The person whose identity was stolen loses time and effort to get things reversed, the merchant loses because the charges will be charged back, and the merchant loses again because she pays fees for the original transaction and fees for the chargeback. The issuers actually make MORE money when this happens. Visa/Mastercard don't even have to game the system, they are the system. PCI stands for payment card industry. Foisting all security onto the merchants is one small step removed from blaming the consumer.

  • by rgviza (1303161) on Friday April 09, 2010 @10:48AM (#31790238)

    Then there's the other factor... to even make the FBI's case load, you need to commit a felony. A felony is more than $5000 USD theft.

    What happens is most ID thefts are under this amount so they don't make the FBI's radar. Even when they do, the FBI has bigger fish to fry. They are in line behind frauds that are much bigger so never make the FBI's case load. This enables id thieves to pretty much operate with impunity. No one files a complaint with local law enforcement so neither locals, nor the FBI goes after them.

    I had the same guy, in Chicago, use my ID 3 separate occasions with Household bank in 2004 (yes, they kept on issuing loans to the same guy that just ripped them off). Each theft was $4500-4900.

    Their collections people kept calling me and my wife, and told my wife I have a mistress in Chicago. She thought this was funny since I was home every night with her and NEVER traveled to Chicago (Indeed I wasn't traveling at all after 2001).

    So not only to they enable thieves to ruin your credit, their asshole collections douchebags try to break up your family too. I was able to straighten this out by calling the credit bureau directly, raising a dispute (once for each fraud), at which point Household could not produce my signature, and I'd never lived in Chicago (according to credit bureau records) which enabled me to tell Household they can go fuck themselves and the bureaus simply deleted the non-payment entries in their database.

    Very nice... but this could have been a real problem had the fraud been local. I'm not sure I'd have been able to clear it.

  • Set things up so that every time a bank allows fraud to happen the amount in question goes into a "register"
    when a certain threshold gets met within a rolling 12 month period (or if 85% of the amount is met within 18 months)
    then all the officers of the bank* get charged with RICO violations and go to prison (and are also barred from ever working in a bank or other financial institution in the future).

    Since this is very definitely a money scam going on and there has to be a conspiracy...

    * to be defined as al

If the facts don't fit the theory, change the facts. -- Albert Einstein

Working...