With nearly 10 million Americans reporting identity theft that cost banks and other businesses nearly US$48 billion last year, the Federal Trade Commission said the problem is worse than previously estimated.
The latest FTC survey on identity theft, which revealed more than 27 million victims of this crime in the last five years, did not differentiate Internet-related ID theft from standard ID theft, but experts agreed that perpetrators are leveraging technology to commit this kind of offense today.
However, computer technology, particularly encryption, also is helping consumers and businesses — which are increasingly under legal pressure — keep private information from being exposed.
“In some ways, online transactions can be safer than real-world transactions,” Electronic Privacy Information Center deputy counsel Chris Hoofnagle told TechNewsWorld. “A professional e-commerce site uses [secure sockets layer] encryption in transfer and also encryption in storage.”
Growing Number of Victims
With the growing number of victims, who reported $5 billion in out-of-pocket expenses because of it, identity theft is a fast-growing problem, according to the FTC.
“For several years we have been seeing anecdotal evidence that identity theft is a significant problem that is on the rise,” said Howard Beales, director of the FTC’s Bureau of Consumer Protection. “Now we know it is affecting millions of consumers and costing billions of dollars.”
Gartner research vice president Richard Stiennon told TechNewsWorld that the Internet has increased the likelihood that private information will make its way into public and other databases, where it can be vulnerable to exposure.
Credit Cards Targeted
According to the FTC survey, 67 percent of identity theft victims reported that their credit card accounts were misused, while 19 percent reported problems with checking or savings accounts.
Stiennon said the value of credit card numbers to thieves is evident in the significant number of targeted attacks on financial institutions that hold the information in their databases.
EPIC’s Hoofnagle called data storage — whether at an e-commerce site or at a traditional brick-and-mortar operation — the biggest issue contributing to credit card and identity theft.
“The problem is storage,” he said. “That creates fraud risks and passes a lot of cost on to consumers.”
FTC Recommendations
FTC recommendations to deal with identity theft — monitoring accounts and reporting ID theft to law enforcement — fall short of preventing exposure of personal information, according to Hoofnagle.
“None of their recommendations address the problem of ID theft,” he said. “They concern ways to manage fallout of victimization.”
While he said the FTC survey was well done, Hoofnagle criticized the agency, claiming that its advice is the result of lobbying by banks and credit-reporting agencies.
“They’re the same recommendations that Experian would have given,” he said. “That’s very troubling.”
Encryption Solution
Hoofnagle was also critical of the identity protection efforts announced earlier this week by a coalition — including eBay, Amazon and Microsoft — calling the efforts a renewed attack on disclosure requirements.
Recently enacted California legislation — which is being considered on the federal level — requires public disclosure of database breaches but is finding resistance from banking, credit reporting and other industries, according to Hoofnagle.
Stiennon, who indicated that encryption is effective at protecting identity information, said legislative pressure and liability are the main reasons companies encrypt transactions and stored data.
“Going forward, that will be the driver in encryption use,” Stiennon said.