Monday, August 14, 2006
The threat of identity theft has become a given in most consumers’ minds. Merely going online, let alone making a simple purchase while on the Web, has become akin to walking solo down an inner city back alley after midnight. And yet another laptop stolen from the Veterans Affairs Department, not to mention the latest security breakdown at the Department of Transportation, only serve to chip away even further at consumer confidence. The potential costs to consumers and industry alike have reached enormous proportions. Consumers who have yet to take notice soon will—and probably the hard way.
New research last week provided insight into consumers’ attitudes about data security breaches and into the demographics of those most susceptible to identity fraud and theft. Other findings placed the annual cost to victims of cybercrime in the billions of dollars for U.S. and British citizens. And while the data mostly spell trouble for industry, some of the results suggest companies that understand the importance of security could convert the bad news to opportunity.
Research released in a flurry from various organizations last week underscored the daunting costs of cybercrime and the fragile state of consumer confidence in data security:
=>A survey of 2,200-plus consumers, conducted by Princeton, NJ’s Opinion Research Group, found more than half of respondents reporting a rise in their concerns over data security. Released on Aug. 7, the results also revealed that this heightened awareness caused 40 percent of those surveyed to halt a transaction online, over the phone, or in person. Furthermore, no single industry, brand, or company stood out when researchers asked respondents to name a most trusted.
=>On Aug. 8, the BBC News reported the results of research conducted by Britain-based market research firm YouGov and commissioned by Npower, an energy firm. One in every 10 of the 2,200 people polled believed they had fallen prey at some point to identity fraudsters. According to the findings, people under 30 years old, less prone to protect information such as the PIN numbers to their ATM cards, may be more susceptible to identity thieves.
=>As reported in the Aug. 6 edition of the Sunday Mirror, the British government has estimated the annual cost of cybercrime there to be in excess of £2 billion. On Aug. 8, an article in California’s Central Valley Business Times shared results from Consumer Reports’ “State of the Net Survey,” which found that U.S. consumers lost more than $8 billion over the past two years to cybercrime.
The these various findings, while worrisome, also present opportunities. Security consciousness has become a necessity for industry, and anyone who markets this consciousness ahead of the curve will not only retain existing customers; these sage companies will also woo jaded consumers from unconscious competitors. But only believable, strong countermeasures properly communicated to the public will work. After all, how can any company expect to conduct business, especially e-commerce, in an environment fraught with so many fears about security?
Earlier this summer, one of the three major credit unions, Equifax Inc., lost one of its own laptops to theft. This event strikes like no other to the core of our data security system’s fundamental flaws. Laptops are no place for sensitive data. And the response from both industry and government to all the breaches prior and since has remained slow at best—and counterproductive at worst. Companies continue in their unwillingness to learn basic lessons. Meanwhile, we’ve seen proposals from government this summer to further restrict access to the credit freeze, a major consumer-empowering tool against identity theft.
On June 20, Reuters and others reported that Equifax Inc., one of the three major credit reporting companies, had suffered the theft of a laptop computer. The machine contained identifying information on the company’s 2,500 U.S. employees. According to the company, the laptop housed no data on the millions of consumers whose credit scores Equifax sets. The company also said the employee was not allowed to store the information on his laptop, but did have authorized access the data.
Equifax is one of the companies whose information databases determine whether we’re good enough to get credit. And yet it seems that their security measures aren’t good enough to keep their own employees’ information safe. We can only hope they will offer those affected more than "free credit monitoring for one year"—the party line, it seems, these days.
We face the cold reality that we must go without much help from industry or government in protecting our own identities. I encourage any consumer to take her identity into her own hand—before a thief takes it into his. Luckily, despite the hurdles that face us, tools are at our disposal at the individual level. We’re going to need them.
Plenty of options exist for consumers to protect themselves. Identity theft insurance, for instance, is a wise choice, and companies should consider investing in password-protected locks for their employees’ laptop computers—that is, if they make the mistake of using laptops to transport personal financial information in the first place.
The Equifax laptop theft followed the loss of a Department of Veterans Affairs laptop containing personal data on millions of U.S. veterans. I encourage all veterans affected by the multiple VA data breaches this year to immediately enroll in IdentitySweep, a service that manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA consumer identity protection company that created the service.
According to some estimates, well over 88 million Americans’ identities are at risk of theft in the wake of a steady stream of data breaches since February 2005’s at ChoicePoint Inc. The circumstances call for immediate changes to the rules that have disallowed consumers in many states from requesting a credit freeze. The credit freeze, after all, is far superior to monitoring when it comes to fighting identity thieves. A credit freeze locks access to your credit, whereas a monitoring service simply alerts you that someone has gained access. Then you still have to deal with it—and it’s a real headache. Are we going to make the credit freeze—something with teeth—available? Or are we just going to go through the motions and offer them little more than the consolation prize, credit monitoring?
Only a fraction of the country’s 50 states allow consumers to choose the credit freeze, and prohibitive restrictions in a number of those states render the option impractical anyway. As a result, activists have called for lifts on credit freeze restrictions. And yet, according to a June 16 report in the Cherry Hill Courier Post, a bill before U.S. Congress actually sought to pre-empt laws that make the credit freeze available to consumers. For this and other reasons, the Financial Data Protection Act of 2006 has drawn ire from columnists everywhere and from advocacy groups such as Consumers Union and the U.S. Public Interest Research Group.
Following the May 3 theft of a Department of Veterans Affairs laptop from an employee who took the computer home against Department policy, about 17.5 million past and current U.S. veterans found themselves at risk of identity theft. On June 22, The New York Times reported that the Department offered all affected veterans one year of free credit monitoring.
Great. Why don't we simply intruct the thieves to wait a year before using the information? Identity thieves are smart. They know how to work the system. In response, we make laws that disallow consumers from working that same system. Where’s the logic?