Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft Rates Among Top Banks

Posted by kdawson on from the naming-names dept.

Hugh Pickens writes "Consumers, regulators, and businesses lack objective tools to compare the incidence of identity theft across financial institutions and without such tools, consumers cannot 'vote with their feet' and choose safer institutions. Now a study by Chris Hoofnagle has analyzed 88,000 complaints submitted by victims to the FTC over a three month period in 2006 and found that Bank of America ranked highest of all firms in the study, with an average of 1,117 incidents over a three-month period. AT&T had 763 incidents, followed by Sprint Nextel, JP Morgan, Chase and its Chase and Bank One, and Capital One. When the estimated events are divided by the total deposits, the data show that HSBC, Washington Mutual, and Bank of America have the highest rates of identity theft. Hoofnagle said lending institutions should publicly report information about identity theft events such as the rate of identity theft; the form of identity theft attempted; whether it was a mortgage loan or credit card; and the amount of loss suffered as a result. would help consumers choose safer financial institutions. The full study(PDF) is available from the Berkeley Center for Law and Technology."

7 of 85 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  2. It would depend on the type of business, no? by chevman · · Score: 4, Insightful

    It would depend on the type of business, no?

    - Online banking
    - ATM access
    - Point of sale transactions
    - Brokerage Transactions

    etc, etc.

    My strategy has always been to spread my risk - make all point of sale transactions with a publically exposed credit card, which I pay off monthly from a completely separate checking account, which is totally divorced from my investment accounts. Each account is at a different bank, which i use different logins and passwords for.

    If any one is compromised, I have at least a marginal degree of separation from all the others.

  3. Re:"Bank of America" is an actual bank? by Anonymous Coward · · Score: 1, Insightful

    Yes, and they're evil incarnate. Although at least they have the decency to close your account when it hits a zero inactive balance, rather than using monthly charges to drive you under zero and then charge overdrafts on top of that...

  4. I bet AOL users are more likely to be phised too by logicnazi · · Score: 2, Insightful

    That hardly implies that if I choose to use AOL I will run a greater risk of having my identity theft. It shows that AOL users are more likely to be computer naieve and stupidly type their info into random phishing sites. Determining what banks have the highest rates of identity theft is useless unless from a security standpoint unless you determine WHY they have it.

    In particular did anyone else notice that the highest rates of identity theft seemed to occur at the largest banks who likely had the most customers? This suggests to me that it's not bad IT practices that account for these results but the make up of their customer bases. I suspect that while many financially and technologically savy people (such as me) have accounts at these banks their success at appealing to the largest possible market means they have a larger percent of non-savy customers. On the other hand another good hypothesis is just that more phising attacks attacks target the institution with the most customers. But if you are confident of your ability to avoid those then this shouldn't worry you much.

    In either case this seems like a totally useless statistic and not a result of poor security as the write up suggests.

    --

    If you liked this thought maybe you would find my blog nice too:

  5. Banks != Market by WaZiX · · Score: 2, Insightful

    Isn't it the role of supervisors to regulate banks, and NOT the consumer?

    I mean isn't the whole point of being able to call yourself a bank is that you apply to prudential rules set by the government and therefore the consumer doesn't have to ask himself questions whether the bank is safe or not?

    Quite frankly identity theft is a detail compared to other risks the banks are facing, this is why the whole financial market is divided between the banking system (black box supervised by the government) and the markets (where the government just guarantees transparency and it's up to the consumer to make his choices based on the information he is given).

    The problem with disclosing this kind of information is that it sets doubt on the banking system, and the whole banking system relies on trust to function (hence the tight regulation of the banking sector).

    We're not going to ask consumers to assess the risk exposure of banks are we?

  6. Re:Uh, no... by Zeinfeld · · Score: 2, Insightful
    I am not at all sure what the paper shows, or even what definition of 'identity theft' is being used. Do the authors mean taking out fraudulent loans in the victim's name or fraudulent use of a credit card they hold?

    The difference is pretty important as the number of customers of a bank is not going to make it more or less attractive as a place to take a fraudulent loan out at. That is going to be determined by the fraud measures in place and how well known the brand is. If we are talking about loan frauds then why don't we see sub-prime bucket shop operations like DiTech represented?

    I suspect that the majority of these cases are actually credit card fraud and they scale to the number of cards issued. MBNA is the issuer of a vast number of affinity cards. So I would expect a high fraud rate.

    Another bias is that this is FTC complaints. So what is being measured is people complaining about a loss which is not the same as theft rates. The people complaining to the FTC are probably people who have lost money because the bank refuses to reimburse them.

    So yet another academic study that presents a corpus of information that is superficially interesting but does not really tell us very much at all.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  7. Re:Identity Theft by vertinox · · Score: 2, Insightful

    Identity theft, which is usually the fault of the person for improperly disposing of information is also viewed as a PERSONAL problem, and people believe all banks to be the same.

    I've had to write nasty letters to employers, brokers, and banks because they constantly put SSN on statements. Mail theft isn't that uncommon in larger cities (happened to my room mate once and sometimes I get important mail that appears to have been opened) so even though one could shred everything you cannot prevent someone from getting into your mail.

    It also appeared that someone at the USPS was actually the one doing since the mailboxes are locked. How can you protect yourself against that?

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)