Slashdot Mirror
Identity Theft Rates Among Top Banks
Hugh Pickens writes "Consumers, regulators, and businesses lack objective tools to compare the incidence of identity theft across financial institutions and without such tools, consumers cannot 'vote with their feet' and choose safer institutions. Now a study by Chris Hoofnagle has analyzed 88,000 complaints submitted by victims to the FTC over a three month period in 2006 and found that Bank of America ranked highest of all firms in the study, with an average of 1,117 incidents over a three-month period. AT&T had 763 incidents, followed by Sprint Nextel, JP Morgan, Chase and its Chase and Bank One, and Capital One. When the estimated events are divided by the total deposits, the data show that HSBC, Washington Mutual, and Bank of America have the highest rates of identity theft. Hoofnagle said lending institutions should publicly report information about identity theft events such as the rate of identity theft; the form of identity theft attempted; whether it was a mortgage loan or credit card; and the amount of loss suffered as a result. would help consumers choose safer financial institutions. The full study(PDF) is available from the Berkeley Center for Law and Technology."
Comment removed based on user account deletion
It would depend on the type of business, no?
- Online banking
- ATM access
- Point of sale transactions
- Brokerage Transactions
etc, etc.
My strategy has always been to spread my risk - make all point of sale transactions with a publically exposed credit card, which I pay off monthly from a completely separate checking account, which is totally divorced from my investment accounts. Each account is at a different bank, which i use different logins and passwords for.
If any one is compromised, I have at least a marginal degree of separation from all the others.
Voting with your feet will not help if the underlying cause is not the practices of the institution. If people are not careful with their own info they can switch banks all day long and still be at risk. There is a huge assumption here that it is the bank that is the cause of the problem. It may be the customer or other institutions.
I honestly had no idea Bank of America actually existed. I thought it was another one of those made-up company names spammers use, like Prime Staadslotterij, Commercial Trust or Coventry Promotions. I mean, it doesn't even sound like a believable name.
Trust the Computer. The Computer is your friend.
When I stupidly signed up with Sprint again after a few years of using Cingular, I had trouble activating my phone. I call customer service and the lady asked me for my password. I was initially very hesitant about it. I couldn't believe that she had my password in plaintext in front of her. She couldn't reset the password or anything like that, instead she just have it in front of her screen. After going through a few non-financially related password (weaker passwords), I decided to give up and told her I couldn't think of it. At that point, she tried to verify me through my mailing address. I tried it a few but that didn't work until I tried my parent's address. It turns out that when I gave her my social security number initially (stupid me, I know), she pulled up my old account from 8 years ago before I switched to Cingular. Since both the new and old accounts were keyed by my SSN, she got my old account, along with my parent's address, and my old password. How insane is that? Sprint kept all my information for 8 years along with the password in plaintext.
EvilCON - Made Famous by
You've missed the subtle twist in the process.
It used to be that if a bank lost money because someone defrauded them by pretending to be a customer of theirs it was their problem. But now, with the wonderful new term "identity theft", it's your identity that's been stolen and therefore your money. You may appear to still have your identity, and they may appear to have lost their money, but that's just looking at it too simplistically.
So remember; fraud = their money, identity theft = your money. Change the way you describe the crime and magically you change who's the victim. Isn't that clever?
I was hit with identity theft as a WaMu customer last year. I don't know how it happened, I pay for most things in cash and I don't use my card on small/disreputable websites, I use Firefox with NoScript, don't click links in e-mail even when they look legit (always type the URL myself), etc.
However, I have to say that my experience with WaMu was really bad:
* They canceled my card while I was displaced during the California wildfires
* If you call the number on the back of your bank card it's actually extremely hard to work out how to get through to an actual person to talk about card fraud
* When I did get through to an actual person, using an alternative number they provided me at an actual bank, they tried to forward me to their fraud department. I sat on hold for an hour before deciding to give up and call back later
* The would not reverse fraudulent charges to my account. They told me that they would send me an affidavit that I would have to sign before they would refund the charges, and then it would take 30 days or more to process. This affidavit never arrived.
* I had much better luck calling the numbers listed on my statement and getting merchants to refund fraudulent charges
* WaMu did refund one fraudulent charge eventually
Short story: If you're a fraud victim at WaMu don't expect them to go out of their way to help you as a customer. You may have better luck taking care of it yourself.
More recently, I tried to pay off a loan with my WaMu debit card. Big mistake. According to my statement there was a double-charge pending for thousands of dollars. I called WaMu immediately, here is how that conversation went:
Me: I'm looking at my statement, it looks like there is a double charge for several thousand dollars
Them: Yes, we do see that, we see one charge has cleared and another pending
Me: That's an unauthorized charge, and clearly a mistake
Them: Well, the good news is that it that the money hasn't left your account yet, it is still pending
Me: Okay, can you stop the charge?
Them: No. But after it gets charged you could file a dispute with the merchant
Me: But you just said that the money hasn't left my account yet, and I'm telling you it's unauthorized, so why don't you stop it?
Them: We can't do that.
Me: Well that's completely useless then, isn't it?
Them: Yes, I understand, sorry about that..
It's not identity theft, per-say, but more indicitive of my experiences with WaMu so far. They don't exactly go out of their way to help you out during a bad situation.
So, yes, I believe this information should be published, and not only that, each and every customer affected should be questioned as to how well they feel their bank dealt with the situation and as to how secure they feel at their bank. WaMu would not be getting a very high rating from me at all.