Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft Rates Among Top Banks

Posted by kdawson on from the naming-names dept.

Hugh Pickens writes "Consumers, regulators, and businesses lack objective tools to compare the incidence of identity theft across financial institutions and without such tools, consumers cannot 'vote with their feet' and choose safer institutions. Now a study by Chris Hoofnagle has analyzed 88,000 complaints submitted by victims to the FTC over a three month period in 2006 and found that Bank of America ranked highest of all firms in the study, with an average of 1,117 incidents over a three-month period. AT&T had 763 incidents, followed by Sprint Nextel, JP Morgan, Chase and its Chase and Bank One, and Capital One. When the estimated events are divided by the total deposits, the data show that HSBC, Washington Mutual, and Bank of America have the highest rates of identity theft. Hoofnagle said lending institutions should publicly report information about identity theft events such as the rate of identity theft; the form of identity theft attempted; whether it was a mortgage loan or credit card; and the amount of loss suffered as a result. would help consumers choose safer financial institutions. The full study(PDF) is available from the Berkeley Center for Law and Technology."

8 of 85 comments (clear)

  1. Not a Bit Surprised About Sprint by Comatose51 · · Score: 3, Interesting

    When I stupidly signed up with Sprint again after a few years of using Cingular, I had trouble activating my phone. I call customer service and the lady asked me for my password. I was initially very hesitant about it. I couldn't believe that she had my password in plaintext in front of her. She couldn't reset the password or anything like that, instead she just have it in front of her screen. After going through a few non-financially related password (weaker passwords), I decided to give up and told her I couldn't think of it. At that point, she tried to verify me through my mailing address. I tried it a few but that didn't work until I tried my parent's address. It turns out that when I gave her my social security number initially (stupid me, I know), she pulled up my old account from 8 years ago before I switched to Cingular. Since both the new and old accounts were keyed by my SSN, she got my old account, along with my parent's address, and my old password. How insane is that? Sprint kept all my information for 8 years along with the password in plaintext.

    --
    EvilCON - Made Famous by /.
  2. Re:If you ever wondered... by gsslay · · Score: 5, Interesting

    You've missed the subtle twist in the process.

    It used to be that if a bank lost money because someone defrauded them by pretending to be a customer of theirs it was their problem. But now, with the wonderful new term "identity theft", it's your identity that's been stolen and therefore your money. You may appear to still have your identity, and they may appear to have lost their money, but that's just looking at it too simplistically.

    So remember; fraud = their money, identity theft = your money. Change the way you describe the crime and magically you change who's the victim. Isn't that clever?

  3. Re:But they're huge... by greg1104 · · Score: 2, Interesting

    Another thing that bugs me about this is there's no notion of how much on-line activity is involved.

    As an example, one of the reasons I have a Bank of America account is that you can do just about anything from their web site. I routinely move money around between accounts, pay bills, all sorts of stuff. Now, probably because of this, as well as their wide customer base, I regularly see phishing attacks aimed at BoA, with plenty of them e-mailed to me over the years. I've seen some pretty sophisticated replicas of their site aimed just at getting people to think they're at the real deal so they put their passwords in. The fact that many of their customers get scammed by such things is no surprise to me. Is that the bank's fault?

    Chase and Citibank have pretty good on-line features as well so I'd expect them to be near the top as they are. What really bothers me about this study is how miserably the phone carriers did; it's not like they're doing anything as sophisticated as the banks are.

  4. Re:Voting with your feet is "dangerous" by WaZiX · · Score: 2, Interesting

    and that's why the financial sector is so expensive. To the public at least and in almost all countries. A big knowitall aganecy telling the little dumb citizen whom to trust, and even if they fail there is always the (knowitall) government to pay the bill - from the pocket of the little citizen.
    The catch is that you have to trust the regulators who are appointed by a government/president elected by representatives/electors elected through a sometimes complicated process by you. Too many leverages there. Actually, most of the regulations are set by the Basel Committee (The Basel accords), which theoretically should guarantee that there is at any point 99.7% chance that the bank doesn't go bankrupt. What you have to trust are the agencies supervising the applications of those accords. Either way, the banks are the first wishing those rules to be enforced, because failure of on bank usually means crisis in the sector, and problems for every bank. But indeed, risk management is a very costly aspect of banking, not only in terms of overhead, but also in terms of return banks can make, so ironically it's in the interest of every bank to both follow and try to circumvent regulations at the same time (hence all the securitising that is taking place).
  5. Re:But they're huge... by CastrTroy · · Score: 2, Interesting

    It probably has a lot to do with their clients more than their banking system. I remember hearing that ING had very low identity theft rates, and people chalked it up to their convoluted login system. I would say it has more to do with the fact that they are only online, and scare away a lot of web-savvy people. Also, because they mostly only for savings accounts, their clients pass the automatic IQ test by actually saving some money.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  6. WaMu victim here by DigitAl56K · · Score: 4, Interesting

    I was hit with identity theft as a WaMu customer last year. I don't know how it happened, I pay for most things in cash and I don't use my card on small/disreputable websites, I use Firefox with NoScript, don't click links in e-mail even when they look legit (always type the URL myself), etc.

    However, I have to say that my experience with WaMu was really bad:

    * They canceled my card while I was displaced during the California wildfires
    * If you call the number on the back of your bank card it's actually extremely hard to work out how to get through to an actual person to talk about card fraud
    * When I did get through to an actual person, using an alternative number they provided me at an actual bank, they tried to forward me to their fraud department. I sat on hold for an hour before deciding to give up and call back later
    * The would not reverse fraudulent charges to my account. They told me that they would send me an affidavit that I would have to sign before they would refund the charges, and then it would take 30 days or more to process. This affidavit never arrived.
    * I had much better luck calling the numbers listed on my statement and getting merchants to refund fraudulent charges
    * WaMu did refund one fraudulent charge eventually

    Short story: If you're a fraud victim at WaMu don't expect them to go out of their way to help you as a customer. You may have better luck taking care of it yourself.

    More recently, I tried to pay off a loan with my WaMu debit card. Big mistake. According to my statement there was a double-charge pending for thousands of dollars. I called WaMu immediately, here is how that conversation went:

    Me: I'm looking at my statement, it looks like there is a double charge for several thousand dollars
    Them: Yes, we do see that, we see one charge has cleared and another pending
    Me: That's an unauthorized charge, and clearly a mistake
    Them: Well, the good news is that it that the money hasn't left your account yet, it is still pending
    Me: Okay, can you stop the charge?
    Them: No. But after it gets charged you could file a dispute with the merchant
    Me: But you just said that the money hasn't left my account yet, and I'm telling you it's unauthorized, so why don't you stop it?
    Them: We can't do that.
    Me: Well that's completely useless then, isn't it?
    Them: Yes, I understand, sorry about that..

    It's not identity theft, per-say, but more indicitive of my experiences with WaMu so far. They don't exactly go out of their way to help you out during a bad situation.

    So, yes, I believe this information should be published, and not only that, each and every customer affected should be questioned as to how well they feel their bank dealt with the situation and as to how secure they feel at their bank. WaMu would not be getting a very high rating from me at all.

    1. Re:WaMu victim here by DigitAl56K · · Score: 2, Interesting

      Thank you, that is a much clearer explanation than WaMu was able to muster.

      However, even given that explanation, it does appear that simply having a debit card is a severe security risk for any customer - the bank seems to be unwilling to prevent the capture of funds when an account holder flags an authorization as false, and refunding fraudulent transactions may take well over a month. I've never seen any of my debit card transactions blocked for security purposes either - I have only ever received calls questioning certain transactions 24-28 hours after the fact, and the transaction that I mentioned in the grandparent post was an international transaction for thousands of dollars which was authorized immediately without the card CVC code (accurately reflected in my account statement as a "Debit without PIN" transaction).

      It is no wonder to me that identity theft is so easy to perform and so hard to recover from. As a customer, you have very little protection and nearly no power to resolve the matter beyond the effort the bank is willing to expend on its own accord.

  7. BofA Stinks by psychobiker · · Score: 2, Interesting

    Two years ago I was shopping for a mortgage and contacted BofA. Their rates were high and I passed them by. Then a set of checks arrived from BofA from an account I had not asked them to set up. I called and was told it was a mistake. Then a statement for a saving account appeared and I kept on the phone until I found their security head in my area. It turns out I worked with one of her kids and knew where she lived. I did not state that as a threat but until the veil of anonymity was lift, she was not will to do anything to help me.