Slashdot Mirror

← Back to Stories (view on slashdot.org)

ID Theft In US Continues Apace Despite Data Breach Laws

Posted by timothy on from the lack-of-a-parallel-universe-for-experiments dept.

4roddas points out an article at Techworld about the continued scourge of identify theft in the US, which begins: "Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published (PDF) a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC). 'There doesn't seem to be any evidence that the laws actually reduce identity theft,' said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors. Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends."

6 of 117 comments (clear)

  1. Put the onus on financial institutions by gbulmash · · Score: 5, Insightful

    Plain and simple, the only thing that's going to really make a dent in identity theft is to make identities harder to steal, and that means requiring all the banks and credit card companies to jump through more identity verification hoops before they give someone your money or a line of credit in your name.

    Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.

    The banks and credit card companies could do this, but it's more profitable to let people steal your identity and then just jack up fees and interest rates to cover the losses.

    - Greg

    --
    Start a happiness pandemic
    1. Re:Put the onus on financial institutions by sydbarrett74 · · Score: 5, Insightful

      Wonderful points. I would also add that if laws/regs forced the onus of losses on the financial institutions themselves (rather than allowing them to write losses off as a cost of business), said firms would rapidly implement better security mechanisms. As it stands, banks have little incentive to prevent these crimes, because the victims have the burden of proof and responsibility for cleaning up the resulting mess.

      --
      'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
    2. Re:Put the onus on financial institutions by menace3society · · Score: 5, Insightful

      I've been saying this for years. Identity theft, like intellectual property theft, doesn't actually occur. What happens is financial-services fraud, to take advantage of my name and fiscal responsibility to get cash. At no point does anything that properly belongs to me ever get taken, or even leveraged. What gets leveraged are things like Social Security Number (property of the US government) and Credit Rating/Credit Score (property of the various agencies that compile them). I don't get tricked into anything, the bank gets tricked.

      The problem is, if you call it 'fraud' then the defrauded entity is on the hook, and that entity gives and lends tons of money to politicians, lawyers, and judges. If you call it 'identity theft,' then it seems more reasonable to blame the person whose name was forged, but (and this is important so it's gonna be in all caps) THE PERSON WHOSE ID IS STOLEN IS NOT THE VICTIM. The bank is, and the whole process from start to finish ought to be the bank's problem.

      If we had more strict laws on consumer data protection, this shit wouldn't happen.

    3. Re:Put the onus on financial institutions by sjames · · Score: 5, Insightful

      What will really fix things is to recognize that what we call 'identity theft' is nothing more than two frauds jammed together.

      The first is some scumbag defrauding the bank into giving them money in someone else's name. The second is when the bank tries to pass the buck by making a third party pay the debt back.

      The bank's crime is even worse. They commit extortion by threatening to libel (report an adverse credit event resulting in declined loans and higher interest rates) the 'victim of identity theft' unless they pay for the bad debt they didn't have anything to do with.

      I fail to see how the bank's behavior is any better than if I were mugged in the park and decided to "make it right" by mugging the next person I see.

  2. Get Personal Data off your computer by imus · · Score: 5, Interesting

    Search your files for social security and credit card numbers before hackers do.

  3. Breach notification laws by computerman413 · · Score: 5, Insightful

    Data breach notification are useless when institutions don't know they've been breached. I'm sure there are lots of those cases.