And identity theft is easier, thanks to the ‘Net
Although e-commerce is boosting economic development, the Web is also fueling identity theft, or using the identifying information of another person – name, social security number, mother’s maiden name, or other personal data – to commit fraud or engage in other unlawful activity.
Statistics on identity fraud are hard to come by, but one study from the General Accounting Office reveals that inquiries to the Fraud Victim Assistance Department at the Trans Union credit bureau climbed from 35,235 in 1992 to 522,922 in 1997. Also, the Social Security Administration Inspector General’s investigations of misuse of Social Security numbers totaled nearly 39,000 in 1999, up from 1,153 in 1997 and 305 in 1996.
It’s not that the Web is increasing identity theft, but that criminals are using the ‘Net to quickly distribute stolen ID information, says Norman A. Willox, CEO of the National Fraud Center in Horsham, PA. “Most of the ID theft data is still obtained offline. But once they get it, criminals are sharing it, spreading the knowledge and the information via the ‘Net,” he says.
For the most part, stealing identifying information is still done the old-fashioned way, says Jodie Bernstein, director of the Bureau of Consumer Protection, Federal Trade Commission. Techniques range from sorting through trash to find account numbers and social security numbers, to using computerized card readers to retrieve the information encoded in the magnetic strips on the backs of stolen credit cards.
Identity theft and the fraudulent activity that follows will continue to rise unless retailers and credit card companies help curb it. In congressional testimony on March 7, Bernstein said: “One caller to the FTC’s hotline whose wallet had been stolen, for example, reported that after placing a fraud alert on her credit reports, at least seven fraudulent accounts were opened in her name at various retail establishments that granted `instant credit’ based only on a credit score that did not take into account fraud alerts.”
Indeed, retailers often fail to make sure of the identity of their customers, Willox says. “Retailers are trying to find easier ways – especially on the ‘Net – to get the transaction done faster.” But that often results in lax authentication, and reduces opportunities for fraud detection. The problem, which isn’t limited to the Web, is bound to increase in all retail sectors, he says, “and it’s going to roll into the cataloging side as well.”
Digital signatures – encrypted bits of code sent through a purchaser’s Web browser – may help detect and prevent online fraud, but they require the merchant to use a security vendor. And in a “faceless” transaction, you would still need to verify the buyer’s identity via authentication, such as asking for the customer’s mother’s maiden name, Willox says.
Ironically, the issue of consumer privacy – what is revealed to whom – may stand in the way of a solution to the problem. “The National Fraud Center’s study of identity theft concluded that the only realistic broad-based solution to identity theft is through authentication,” says Willox. “But this solution requires that private industry be enabled to obtain the relevant personal identifying information,” which privacy-conscious consumers may balk at.