Slashdot Mirror
Big ID Thefts Not To Be Feared
goldseries writes "A
new study released by ID Analytics says that only about 1 out of every 1000 stolen identities are actually used, due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year. The likelihood that your information will be used increases drastically when the size a the theft is small. So size does not matter, in identity thefts at least; the identity thefts you need to worry about aren't the big ones heard on the news but the small unreported ones." From the article: "While the findings will provide some comfort to consumers whose credit cards are lost or lifted, or whose sensitive information is compromised when, for instance, a laptop is stolen, as recently happened at Chicago-based Boeing, some of ID Analytics' suggestions could be controversial. The company suggests, for instance, that companies shouldn't always notify consumers of data breaches because they may be unnecessarily alarming people who stand little chance of being victimized."
This is the most stupid thing I've read recently.
If a criminal gets his hands on a million records, and he can only use a few hundred a year, what do you think he is going to do, throw all the others away?
No, he's going to sell them to other criminals or pass them on as favours.
Right, blame the victim. How about we blame the person breaking the law, harming other people... the person committing the identity theft itself?
The technology exists to make credit cards secure. The technology exists to keep our identities secure from fraud. Let's have gov't and big corporations start to take it seriously. All they do right now is accept a certain % of fraud per year and consider it an expense against their bottom line, and charge all their customers extra to compensate. The criminals are getting away with it, and it costs everyone.
Heck, even if they integrated a 4 digit PIN on all credit card transactions in addition to a signature, you'd cut down on fraud significantly. Point of sale and internet transactions could easily be adapted to this. The only problem would be selling stuff over the phone, where you're left with the same problem, but the credit card companies already charge an extra amount to those retailers who can't do signature verification, and that makes this kind of transaction more expensive, so the buyer of that particular product ultimately pays the risk, which is better than the current situation where we all pay extra.
"I have never let my schooling interfere with my education." - Mark Twain
Mastercard at least, has a solution for this, even if it's a little bit of a hassle. You create throw-away card numbers that are only valid for a certain amount and expire after a month or two. It's all about minimalizing your exposure to fraud.
When I signed up for my credit card, I don't recall the terms & conditions including anything like "We may, from time to time, be recklessly negligent with the data we hold on you. At the Credit Card Companies discretion, we may lose or otherwise inadvertently pass on your data to a third party."
If that was in the contract then I agree, yeah I did know the risks when I signed up and it is my problem if the company does just that; they warned me about it, after all.
In my experience, the fraud alert doesn't do anything.
My wife's wallet was stolen, containing a credit card, our debit card, and her driver's license. We cancelled/re-issued the cards and she had her DL# changed. We called experian, equifax, and transunion to have a fraud alert set on our credit reports.
A few days later we got letters from all three indicating the fraud alert was set. According to the letters, we shouldn't be receiving any pre-approved credit offers in the mail for 90 days. Any query against our credit report would return a fraud alert. We also signed up for a service offered by our bank to receive notification on any activity against our credit report.
Unfortunately, we continued to receive those damn credit card offers, often "pre-approved" , every Tuesday non-stop. We opened an account with Home Depot about a month later and there wasn't any mention of a fraud alert. We also never received any notification of any activity against our credit report, not the inquiry that HD should have run, nor the appearance of a new trade line. We cancelled the credit report monitoring service and got our money back.
Bottom line, using the fraud alert didn't really do anything, positive or negative. I expected to get a request for some additional ID from the CSR at Home Depot, but instead she just said "You've been approved" after a couple of minutes and handed me my temporary credit info.
Give a man a beer and he wastes an hour. Teach a man to brew and he wastes a lifetime.
"Never attribute to malice what can be attributed to human stupidity." It's also possible that the cashier ignored or bypassed the message. Her pay isn't likely to be influenced either way by it and if multiple people are putting on "fraud alert" alarms on their credit records, it's entirely possible she gets so many bogus alerts that she doesn't even think twice before dismissing the dialogue. *grumble* I really wish I had the URL to that study someone posted on Slashdot... they were ostensibly heavily involved with the "photo ID on a credit card" concept at its first inception and he posted a nice long summary of his results. Basically, it didn't matter what the picture looked like; the cashiers passed the card. They even tried people of the wrong gender and it didn't make a difference. They then tried adding alerts, first a notification that popped up to ask the cashier to check the picture, then a dialogue which asked them to call into the credit agency, which required using a bypass key to dismiss. The rates of checking the picture were actually lower because the dialogue would get automatically dismissed without thinking about it.
Come to think of it, I think that article was in something about biometrics... someone was publishing instructions on how to fake fingerprints using gelatin and he was commenting on other failed security features.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Having known those who suffered identity theft, I don't need an article to imply this. It takes five years before you can even *start* to breath easier: the first two are full of collection agencies attempting to recover on the "bad debt" in your name. Unlike other businesses who have to stop calling if you ask, collection agencies are exempt from do not call requirements. Attempting to purchase anything major becomes impossible because the three major companies still report your credit as bad, but "contested". They *don't* strike the charges completely off your record. Meanwhile, the company that fumbled the ball claims "we have done what we can" by sending a letter to the credit companies saying that the charger "may" be related to identity theft.
You end up carrying police reports and your own copy of the credit report, annotated to indicate the problem when trying to buy a car. But it doesn't help because the lacky who is the "loan officer" for the dealership has no real power to make a decision. You receive "mechanics leans" on your property and have to fight repeatedly to not lose ownership of perperty you already owned because of state laws (at least here in Arizona) that allow a mechanic to force the sale of property to pay for "services rendered". Even if the services were rendered to a crook instead of you, they are not barred from trying until you sue them into submission.
All while the company that screwed up claims that they are faultless because they sent three letters out, and that perhaps "there are other issues here".
Sig under construction since 1998.