ID Theft In US Continues Apace Despite Data Breach Laws 117
4roddas points out an article at Techworld about the continued scourge of identify theft in the US, which begins: "Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published (PDF) a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC). 'There doesn't seem to be any evidence that the laws actually reduce identity theft,' said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors. Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends."
Put the onus on financial institutions (Score:5, Insightful)
Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.
The banks and credit card companies could do this, but it's more profitable to let people steal your identity and then just jack up fees and interest rates to cover the losses.
- Greg
Re:Put the onus on financial institutions (Score:5, Insightful)
Re:Put the onus on financial institutions (Score:5, Insightful)
I also think much would change if everyone had a right to get their own information that is collected from them. I can get credit reports 1 time a freaking year. thats it. Not to mention all the other companies that collect information about me. Some use that information for things like employment screening. How the hell am I supposed to know that I didn't get a job, because some company I have never heard of claims I had a record. (maybe they mistyped my social security or name...). Employers are scared of lawsuits, and they never tell you why you weren't selected..
Re: (Score:2)
Re: (Score:2)
Huh??? for $48 you can get all 3 reports any time of year you want... as many times as you care to pay $48. I do it 4 times a year if I'm financially active, opening closing accounts, buying a house, a car, etc. If not I do it 2 times a year just to check up on things.
Sure a lower price would be nice (It was only $30 2 years ago). But hey... it's certainly not that expensive when you consider the alternative... ie: ignorance.
Re: (Score:2)
Re: (Score:2)
Do you have all the records of every payment you ever made on all of your accounts? Do you keep a running spreadsheet of your balance to available credit on revolving credit lines with a time axis multiplier?
Neither do the companies you want to do business with. They don't know you, why should they trust you to pay? Reputation an
Re:Put the onus on financial institutions (Score:5, Insightful)
The problem is, if you call it 'fraud' then the defrauded entity is on the hook, and that entity gives and lends tons of money to politicians, lawyers, and judges. If you call it 'identity theft,' then it seems more reasonable to blame the person whose name was forged, but (and this is important so it's gonna be in all caps) THE PERSON WHOSE ID IS STOLEN IS NOT THE VICTIM. The bank is, and the whole process from start to finish ought to be the bank's problem.
If we had more strict laws on consumer data protection, this shit wouldn't happen.
Re: (Score:3, Interesting)
The reason why it's referred to as identity theft is that fraudsters will use a real identity to open multiple accounts with multiple institutions and leave the bill for the victim to pay. And yes, that's how banks want it to work, they usually draw things out for many months, refuse to admit that it was their fault for having a shoddy system to verify these things.
The
Re: (Score:2)
Re:Put the onus on financial institutions (Score:5, Interesting)
there is more sophisticated type of 'identity theft' that is much more complex, basically, all you need is a mark, a few social security numbers, a couple weeks and a home. every couple of weeks, you use the money you've stolen to acquire more properties, and for each 'fabricated' identity, you take out a new mortgage on a property, legally you can't take out 10 mortgages on one property, but if you work the system, you can get dozens though on the same property, seemingly from different individuals all who appear to be the only owner of that property. this crime scales all the way up to multi-million dollar skyscrapers, at least if you do it right. if you can manage to beat the system long enough you can run away with millions leaving a massive massive debt several millions of dollars greater all belonging to your 'mark;' who, according to all the paper work, did all the signing, even though there was massive massive fraud committed. and for once, banks actually call it fraud. the marks always wind up in prison, they thought they were doing a 'work at home business' helping their lover... they guy i heard about who managed to do all this, did it three times to three different women, but he was too greedy, and never pulled out with the millions he could have... the first thing that happens is they freeze all the assets, if they even suspect someone is doing this, so it's all a matter of pulling out before they know what you've done. it's crazy how easily this kind of identity theft can be done, once you know the whole mortgage system, and how to get a mark to sign all the paperwork, without them knowing what you're up to.
it was on dateline, the guy who kept coming back to the same scam, he even wrote a 'fictional' book, all about how he did all his crimes, sadly the book itself was the most incriminating evidence against him in the crime, all the paper trails led to his 'women.' finding a woman who doesn't know much about running a business, and learning all the skills needed to pull off the crime are way too easy, banks really really want to believe what people are telling them. especially when the paperwork all goes through fine.
Re:Put the onus on financial institutions (Score:5, Insightful)
What will really fix things is to recognize that what we call 'identity theft' is nothing more than two frauds jammed together.
The first is some scumbag defrauding the bank into giving them money in someone else's name. The second is when the bank tries to pass the buck by making a third party pay the debt back.
The bank's crime is even worse. They commit extortion by threatening to libel (report an adverse credit event resulting in declined loans and higher interest rates) the 'victim of identity theft' unless they pay for the bad debt they didn't have anything to do with.
I fail to see how the bank's behavior is any better than if I were mugged in the park and decided to "make it right" by mugging the next person I see.
Re: (Score:2)
So you are saying that the banks have a problem, and they have somehow found a way to make the people whose credentials were used pay for it? How does this work? How can we stop it?
Because, the way I see it, it's like this: Alice has some account with the Bank. Then Eve comes along and uses Alice's credentials to perform transactions. These transactions benefit Eve, but
Re: (Score:2)
Alice has accounts at a Bank. One of the accounts involves credit, so the Bank reports to the Credit Agency. Eve steals Alice's SSN and opens a credit account with Discover. Eve doesn't pay off the account, Discover reports it to the Creditagency, and tries to collect from Alice. Alice tries to get a loan from the Bank for a new car, the Bank gets a report from the Creditagency and refuses the loan. Discover finds out it was the victim of fraud, but instead of pursuing the frau
Re: (Score:2)
I would also add that if laws/regs forced the onus of losses on the financial institutions themselves (rather than allowing them to write losses off as a cost of business), said firms would rapidly implement better security mechanisms.
Such losses tend to be borne ultimately by the customers rather than the institution. The only way to negate that is to enforce fines so large that passing them onto the customer would actually wind up more expensive in terms of lost custom than simply obeying the law.
Re: (Score:2)
Re: (Score:2)
You still write checks? (Score:2)
Re: (Score:2)
Not sure what you mean? Most people I know use checks....how else do you mail in bill payments?
I usually only write checks for rent, I've started paying most everything else online, but, not everyone has a computer hooked to the internet, not to mention so many people are scared to do transactions online dues to ID theft risks.
Re: (Score:2, Insightful)
My friend's husband had his SSN stolen and they were convinced that they'd have to repay. They showed me the IL attorney general's website which supported their conclusion.
If that is true, then this problem will not go away. Make the financial institution eat the loss caused by their stupid reliance on a 9-digit number that is not even supposed to be secret.
Comment removed (Score:5, Interesting)
Re: (Score:3, Informative)
It is not just the banks though - people are using SSNs to collect other people's unemployment. Good luck trying to get your benefits when you need them most.
Comment removed (Score:4, Interesting)
Re: (Score:2)
It is far from perfect though - forged signatures, corrupt notaries & bad titles increase the cost of doing business. But I'll take that any day over relying on a number that about a thousand people know by now.
Re: (Score:2)
It already is - kind of - because you are not required to pay for the fraudulant actions, however, we all pay like you said in higher fees and interest rates.
I just can't believe a criminal would break the law! If we could just have stricter jay-walking laws then everyone would be in jail befor
Re:Put the onus on financial institutions (Score:4, Interesting)
http://www.notarypublicstamps.com/products.asp?StateID=15 [notarypublicstamps.com]
Put the onus on the financial institution monetarily and make it treble damages in addition to jury awarded punitive damages and legal fees. Make it so that it must go before a jury and not ever arbitration. I'd want punitive damages so high their investors suffer and I'd want those damages set aside in a fund to help identity theft victims have damages that don't warrant or won't benefit fro a lawsuit or have emergency needs.
Notary probably not even robust enough (Score:1)
Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.
Even a notary might not be robust enough. Almost anybody with a relatively clean criminal record can be a notary in most states -- you pay like $50, tell the judge you want to be a notary, they pull a background check and if you have no felonies or major larcenies on your record -- well, there you go -- the judge will sign theo order making you a notary. You'll have to get your own seal, of course, and these usually are like around $100.
Re: (Score:1)
One-Time Passwords for Transactions (Score:3, Interesting)
Every transaction should have its own unique PIN attached to the transaction's amount and recipient. Credit cards with chips could do this right now, RSA-password style, generated against the one-time password from the vendor's machine for the transaction, in a data package with the vendor's invoice signed by the vendor's transaction password t
Re: (Score:2)
Re: (Score:2)
Yes, yours too.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Credit card companies ignore breeches (Score:1)
All that was required was to put in an order number and up popped everyone's info.
I had to cancel the card I used, and then I spent 4 hours trying to get someone interested.
Getting in touch with the site owner in SoCal took a couple of hours, including me explaining the issue repeatedly, and threatening d
Get Personal Data off your computer (Score:5, Interesting)
Re:Get Personal Data off your computer (Score:5, Insightful)
Re:Get Personal Data off your computer (Score:4, Insightful)
How do we even know it's you posting right now?
All jokes aside, banks make tons of profit off of easy credit. When credit is easy for damn near anyone to get, people are (generally) going to run up large bills.
A very good friend of mine had a credit card (I think a Visa) for almost 2 years and they never increased his limit about the initial $500. Why? Delinquent on payments? Nope, it was actually the exact opposite - he paid his bill at the end of every month and on time. He was actually told that he would have to start maintaining a balance (and therefore generate interest) if he wanted his limit to go up.
So he cancelled the Visa card and got an American Express. They took note of his excellent credit record and handed him a card with a much higher limit. He never goes anywhere near it and still pays his bills on time.
Fiscal responsibility is not profitable in the credit and banking industries. If everyone balanced their checkbooks and paid their bills on time, a load of banks and CC companies would go flat broke. That's why things like the minimum payment (which is calculated to make sure you have a balance on the card for 30 years) exist.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Breach notification laws (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Have the responsibility be on those responsible... (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Or even simpler not using SSN's for anything other than their intended purpose in the first place.
The solution is technology (Score:5, Insightful)
Social security numbers have the same problem, only worse, because you can't just cancel your SSN like you can with a credit card. Banks pretend that your SSN is a password, but there are thousands of people who have access to your social security number and at least one of them will sell it on the black market.
Fixing this mess will cost the banks a lot of money, but they made this mess and it's their responsibility to clean it up. We need the federal government to mandate real security measures, because fraud is quickly becoming the norm.
Re:The solution is technology (Score:5, Interesting)
Credit card companies have very strict rules for merchants that prevent them from validating who a customer is beyond the signature on the card. For instance, they are not allowed to ask for a photo ID. If the card says "check ID" instead of being signed they are not supposed to accept it as it is not signed. The signature indicates that you have accepted the terms of the credit agreement, not any sort of identity verification. Violation of the merchant agreement can result in the merchant account being terminated. These days, a retail store not being able to accept credit cards might as well just fold up shop.
Fraudulent loans and financing are a very small percentage. The FBI mandated that credit card fraud be lumped into "identity theft" a while back and that is where all the numbers are coming from. Unfortunately, there isn't any motivation to fix the problem because the wrong people - the merchants - are paying for the fraud.
Re: (Score:2)
security? (Score:1)
because joe and jane public know almost nothing about how the banking system works (and most don't seem to care), they don't understand the lack of security. another way to look at it might be to find some way to convince the average american that the government isn't looking our for everyone's interests, that's a tertiary objective. i've had many conversations with people about how various chemicals tha
Re: (Score:2)
The solution is to replace credit cards with smart cards that use public-key cryptography. That means that your credit card contains a number which you can use to sign transactions and prove that you are authorized to make payments, but you don't have to give every employee of every merchant you buy from the power to impersonate you. .......
Fixing this mess will cost the banks a lot of money, but they made this mess and it's their responsibility to clean it up.
Stop right there. You're taking the classic /. argument which says "It is technically possible to solve this problem, therefore the solution must be implemented".
Thing is, it's been technically possible to solve this problem for years. Go back in time 50 years or so (when people actually had to go into their bank to do anything) and they could have solved it simply by taking fingerprints and keeping someone onsite who was an expert in fingerprint analysis.
The reason that these technical solutions are se
Identity Clearinghouse (Score:5, Interesting)
To register with the clearinghouse, you go to a local government agency where identity is "managed" - e.g., your local DMV. You register there by providing your current contact information, and they ensure that you are the person you claim to be through their normal identification procedures (such as picture ID/driver's license pictures on file). If you later need to change your contact info, you do the same procedure (going to the DMV in person) to prove your identity.
When you apply for credit somewhere, the lender first uses the identifying information you have provided to them (such as name, address, SS#, etc.) to verify your identity with the clearinghouse. If you haven't registered, the clearinghouse just responds that there's no such registrant in their records, and the lender is free to grant credit to the applicant. But if you have registered, the clearinghouse first checks to make sure the information they have on file matches the information the lender provides, and second, they use the information they have on file to contact you directly and ensure that you actually applied for credit with the lender in question. If both of those checks succeed, they respond to the lender with "yes", and if either fails, they tell the lender "no".
This would greatly reduce the instances of people opening lines of credit in other people's names. However, one problem it doesn't address is fraudulent charges to legitimate lines of credit you already have (e.g., stolen/copied credit cards). Credit card issuers and merchants are both often on the hook for most of those sorts of charges, though, so they already take at least some steps to reduce that kind of fraud.
Re: (Score:3, Insightful)
Re: (Score:2)
OTOH if they were letting you pick out a DL and SSN from a list of existing people... well that would just be dumb, but then they'd be actively promoting ID theft...
Re: (Score:2)
Re: (Score:2)
Yeah, I know, the gubment isn't always the most trustworthy organization, but look at the FTC - people seem to like them pretty well, and the identity clearinghouse is right up their alley.
Re: (Score:2)
ROFLMAO. We're talking about the government here. Do you really believe that? The only government agency that is anywhere close to efficient is the post office (an opinion I did not have until I spent some time in Europe and dealt with their shitty postal service).
Re: (Score:2)
too many notices (Score:1)
So once again... (Score:3, Insightful)
...we've proven that a piece of paper alone can't stop crime, pollution, educate our kids, etc. it is only the enforcement thereof, or in the case of ID theft, steps to prevent such crime that will ultimately solve our problems.
Long story short, let's move along and work to end the problem, not just write paper against it.
Some peope here are dead wrong (Score:2)
Also, its rare for the illegal aliens to take out credit or anything on the SS number. They are just using it for employment purposes and thats it.
Re: (Score:1)
About immigration, I don't think it's mostly our policies that are ineffective, it's the enforcement. We need a southern border that a greased cockroach would find it
Re: (Score:1)
Well, for some value of correctly. He *is* a stupid piece of shit, so I could actually go with +1 Insightful.
Thanks, folks, I'll be here all week.
Re: (Score:1)
Additionally, a big part of the problem comes from financial institutionswith poor email hygiene practices. I routinely see email from banks that I could believ
Re: (Score:2)
It sounds to me like you're making the assumption that what is happening is completely victimless. Not only does it change one's tax bracket for
FBI Out to Lunch (Score:4, Interesting)
Feel safer?
Re: (Score:1)
However, they face a lot of problems, none of which can be laid at the feet of Bush, or o
Re: (Score:3, Interesting)
The FBI isn't nearly interested enough in these frauds. Despite how hard it is to find and bring these criminals to justice, that's
Re: (Score:1)
By "don't much care for him," I mean that Bush is a tool. He's a false conservative, but he's no liberal, either. The best I can say about him is that he sucks less than Obama or either of the Clintons, and that's d
Re: (Score:2)
Your Bush cut taxes while creating catastrophic, expensive problems. But you think that we shouldn't pay more taxes. I agree. I believe
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
ID theft is trivially easy, today. (Score:4, Interesting)
Re: (Score:2)
All your most basic "personal" details are probably widely known along with you credit card numbers, SSN etc...
Biometrics will not help - how do you prove you are you to get the Biometric info in the first place?
It all comes down to - how can you prove you are you to a stranger - the answer is, you can't!
In other news ... (Score:2)
Re: (Score:2)
Uh? (Score:2)
Sounds familiar (Score:2)
And in other news, people have been shot in in "Gun free zones".
Let's make it illegal to store and share the info. (Score:1)
Additionally, it would help if not so much was public record. If you purchase a house,
Re: (Score:2)
ahmcguffin (Score:1)
Two items forgotten here (Score:3, Interesting)
laws, but has all of this legislation actually cut down on identity theft? Legislation does not stop crime. Prosecution stops crime. Besides, these laws are weak. They are unenforcable since they state "if you did something wrong, you must tell us" and obviously if they don't tell they don't get caught. And even if they do tell, there is nothing you can do to stop it and it doesn't make the companies any more likely to take security measures. So these bills are probably a good idea that doesn't go far enough.
#2:
I called Comcast today to register for service (yeah yeah, make fun of me, but they are the only game in town) and they asked me for my SSN. When I told them I couldn't do that, they hung-up on me. So this just shows me that not only is this business as usual, but it is getting worse. 10 years ago nobody would have dared ask for a social security number for something like this. How come things are getting worse while at the same time we are supposedly doing all this stuff to prevent identity theft?
Bottom line: nobody cares, nobody does anything about it. The only ones who do are academics and a vocal minority like Slashdot.
Re: (Score:2)
Actually Comcast has been demanding SSN for at least 10 years. I've been trying that long to get my grandmothers SSN removed from their system.
At this point, Comcast is the only company I do business with that demands SSN (and I only do business with them to pay my grandmother's cable bill which she refuses to cancel). I've had the opposite experience than you as the number of places demanding SSN has dropped significantly in the last decade or so.
At the very least you did the right thing by not givin
since when? (Score:2, Insightful)
Re: (Score:2)
No, its guns that kill people, or more specifically bullets that kill people, go ask the NRA
What we need is an RFDI chip in each gun that won't fire unless it's fully licensed
Of couse they're not doing anything (Score:3, Insightful)
"If you get hacked, you have to tell us, so that we can prosecute you for having lax security and your customers can abandon you." Or, you know, they can keep their mouthes shut, since the reason for these mandatory disclosure laws to begin with is that, unless these companies say anything, nobody but the thief knows they were compromised.
I'm sure that even the use tax laws are more successful.
reasons why laws don't reduce identity theft .. (Score:2)
Because it's a technological problem that requires a technological fix. A totally new kind of online trading system, one that don't require the use of Credit Cards. I mean does any of this fix the software, err
Like those (Score:2)