WHICH FIRMS HAVE THE MOST ID THEFT VICTIMS?

Posted: Friday, February 29 at 05:00 am CT by Bob Sullivan

Who’s to blame for the ID theft epidemic? Surprisingly, given all the attention the subject receives, we know strikingly little about the root causes of the problem. ID theft is often called the fastest-growing crime in America, but there’s precious little research into which companies have the worst security measures and which suffer the most data leaks.

Researcher Chris Hoofnagle thinks it’s high time we started pointing fingers.

Hoofnagle recently undertook a laborious task: He scoured thousands of ID theft complaints filed with the Federal Trade Commission, looking for company names. His simple question: How often do people tell the FTC that their accounts or information have been stolen from particular companies, and which companies are named most often?

The answer to his query is Bank of America, which averaged 1,117 complaints in the three months he surveyed. Two cell phone companies — AT&T Wireless and Sprint — were second and third on the list.

Since BofA is America’s biggest bank, and an obvious target for fraud, it’s no surprise that it ranked high on the list. Ditto for the large cell phone firms. In fact, Hoofnagle freely admits that his results need to be taken with a big grain of salt.

“The results suffer from a lot of weaknesses,” Hoofnagle said. “But it’s a start.”

Because the data is self-reported, it’s likely full of mistakes, he conceded. Also, just because a consumer says their Bank of America account was compromised does not mean the crime began with the bank. It could have started when the customer filled out a phishing e-mail, for example. And it’s not fair to compare banks of different sizes, because largest banks would naturally be expected to be named more often.
Hoofnagle tried to normalize the data in a variety of ways, to account for the varying size of the institutions. Eventually he settled on comparing only banks by using total deposits and dividing the number of incidents by a dollar amount.

From another angle, HSBC is No. 1
Even using that trick, Bank of America still ranked high – no. 2 on the list — with 17 incidents per $1 billion. But using that formula, HSBC ranked first, with 21 incidents per $1 billion.

Betty Reiss of Bank of America said the firm hadn’t yet fully analyzed the study, but she pointed to its high potential for errors.

“We take identity theft very seriously, and we provide consumers with tools to fight it,” she said.

HSBC declined to be interviewed for this story, but it did issue a statement to MSNBC.com criticizing the study’s methodology.

“We can say that customer protection around identity theft is of paramount importance to HSBC. We take fraud of any kind very seriously,” the statement read. “We have a range of robust fraud detection and monitoring systems in place for the early identification and prevention of fraud to protect our customers and their accounts.”

One could criticize Hoofnagle’s list as being basically a list of America’s largest companies. As such, perhaps it isn’t very useful.

But it’s not because Hoofnagle didn’t try. A year ago, he began a campaign to get banks to disclose more information about fraud and security. Banks “wouldn’t engage on the issue” he said.

Hoofnagle released the study partly in an attempt to goad banks into releasing more data. Consumers have a right to know about fraud rates at banks, he said, because without this information they can’t make intelligent decisions about their financial institutions.

“Currently the issue is mediated by commercials, with banks portraying themselves as being more effective against ID theft than other banks,” he said. “But none of that is based in reality. It’s all based on public relations. And that’s not fair to consumers.”

Hoofnagle, who is a senior fellow with the Center for Law & Technology at UC-Berkeley, says his goal is to create a real marketplace for identity theft protection.

“I think the disclosure of these problems will drive some competition among banks,” he said.

Consumers ‘flying in the dark’
Avivah Litan, a researcher with consulting firm Gartner, is equally frustrated by the lack of fraud information from banks. In the past, she has released studies that estimate the losses from identity theft and phishing based on consumer telephone surveys — another attempt to read the tea leaves of fraud in the absence of real data.

“(Hoofnagle) is frustrated as any researcher or policy influencer would be,” she said. “You can’t get any data out of the banks. And consumers are flying in the dark right now.”

Other results from Hoofnagle’s survey:
• Small credit unions barely register in the FTC data, suggesting credit union customers might be at a lower risk of identity theft.
• While great attention is paid to bank ID fraud, wireless firms also suffer from high fraud rates. According to the FTC data, 8 percent of all new account fraud involved telecommunications firms. That’s an area which deserves added attention, Hoofnagle said.
• Many consumers blame collection agencies for their bouts with ID theft, probably because often their first indication of the crime is a call from an agency. The AFNI Inc. collection agency cracked the top 20 companies in the FTC data, receiving more complaints than eBay or PayPal. To Hoofnagle, that represents an opportunity. “The collection agencies could act as an early warning sign for identity theft,” he said.

Some Say Federal Agencies Slacking When it Comes To Identity Theft

By KEIRABENSON — WMDT 2/22/2008

Officials from the Government Accountability Office say federal agencies are slacking when it comes to preventing identity theft. Back in 2006 they say they issued recommendations aimed at protecting personal information.

Friday they say only two federal agencies have met all of those recommendations, 18 have met some of them and two have met none of them.

Identity Theft Steals Millions from Government Health Programs

A trend embraced by white-collar criminals is driving up health-care costs and creating nightmares for its victims. Medical identity theft is health-care fraud and ID theft rolled into one, and it’s a crime that’s expected to continue growing because it’s easy to carry out and difficult to detect.

The first study on the subject, done by the World Privacy Forum (WPF) in 2006, estimates that medical identity theft accounts for 2.7 percent to 3.2 percent of total ID theft, which is reported to be the fastest-growing crime over the last seven years.

In November 2007, the Federal Trade Commission estimated the number of cases of medical identity theft at 3 percent of all ID theft cases. That’s at least 250,000 medical identity theft cases per year.

Consumer Protection Expert is Victim of ID Theft

According to the Milwaukee Journal Sentinel, Janet Jenkins, head of Milwaukee’s office of consumer protection, was recently a victim of identity theft. Ironically, her entire profession is devoted to making sure people don’t get scammed or taken advantage of.
But it happened to her. “It just goes to show, you can’t entirely protect yourself,” Jenkins said.

In late December, Jenkins noticed her credit card bill online had some unusual charges. After further investigation, she discovered additional charges. The thief even had “pinged” the account, which Jenkins described as someone making a $1 charge just to make sure the card works.

In the end, the credit card company gave Jenkins back her $350 and she put a fraud alert on her credit report for 90 days.

New Identity Theft Threat (IRS)

by Julie Ann Dawson

February 01, 2008 12:38 PM EST
The IRS is already reporting cases of identity theft scams regarding the upcoming tax rebate program before Congress.

1. The IRS NEVER, EVER, under ANY circumstances will call you or e-mail you and request bank account information for direct deposit. Scammers are contacting people claiming that in order to get the upcoming rebate, it must be handled with direct deposit and you need to provide the bank routing information.

2. The IRS is NOT “verifying information” for this rebate program. Do not follow links in e-mails allegedly from the IRS asking you to verify your taxpayer data.

In short, if the real IRS is looking for you, it will be handled via the USPS. Also, note that official IRS matters requiring your attention will be addressed DIRECTLY to you, not “Dear Taxpayer.”

Senior citizens and people who aren’t internet savvy are the must vulnerable to these schemes, so please make sure they are aware of this identity theft threat.