Identity theft is the No. 1 consumer crime in the United States, and it’s growing rapidly. In 2004, almost 1-in-12 households were victimized by some form of identity theft, and surveys indicate that about one-fifth of U.S. citizens have been victims at one time or another. The total amount of identity fraud in 2004 reached a staggering $200 for every man, woman and child in the United States, totaling $52.6 billion.
Once stolen, identity information enters an enormous international marketplace, and often is sold and resold many times, and reused in a variety of scams. In 2005 alone, more than 50 million identities were stolen from public and private databases, and many experts worry that a wave of fraud should be anticipated over the coming months and years as this information is sold into the criminal world and used to perpetrate increasingly sophisticated frauds.
A Gathering Storm
Not too many years ago, before computers and telecommunications revolutionized the way business and personal transactions take place, identity theft was a difficult and dangerous proposition. Forgery was time-consuming work and required rare expertise and equipment. Identity impersonation was a dangerous activity fraught with personal risk on every attempt. And things were hardly easier in the early years of the Information Age because identity data was maintained in only a few databases with very high security levels. For all practical purposes, the process of stealing and using a false identity was just as difficult as it had ever been.
The Internet and other recent technological advances have changed all that. In the blink of an eye data is everywhere, everything is connected and transactions take place in the virtual anonymity and speed of cyberspace. Although legislators are becoming aware of the problem and are slowly working on laws to improve consumer notification of thefts and liability limitations for certain fraudulent charges, the truth is that the problem will continue to worsen before getting better.
Ingredients of Effective Solutions
Effectively dealing with the enormous challenge of identity theft requires a comprehensive approach:
* Prevention of a wide variety of rapidly evolving threats
* Constant monitoring of numerous sources for exposure
* Insurance against losses and expenses
* Quick and efficient expert guidance and support through the identity recovery process, if needed.
The first step in stopping identity theft is to assess at-risk areas, so that effective protection steps can be taken. In many ways, this is the most important step. Basic awareness and understanding are absolutely critical in focusing on the problem areas and taking the steps that provide the greatest protection.
The next step is to safeguard data from exposure. Computer-based thefts of data are becoming more sophisticated and directed at larger and larger populations. Every day, security experts discover new threats and uncover new storehouses of stolen data often in the millions of records so sound information security practices coupled with quality anti-hacking tools are critical.
Thefts of private information from mail, discarded papers, online sources and public records are another danger, and attention to simple recommendations will produce a dramatic reduction in risk.
Although many people are generally aware that viruses and their younger electronic cousins (spyware and adware) are dangerous, most are primarily worried about the potential damage to their computer or loss of valuable data. While these are valid concerns, they overlook the more significant threat. Though a small percentage of authors of malware (viruses and other intrusive software) are just pranksters trying to wreak a little havoc, the majority of them use these and other electronic attacks to steal personal information from target computers or to breach security to steal information held by companies.
Safeguarding identity requires disciplined vigilance to ensure that one’s identity records contain “the truth, the whole truth and nothing but the truth.” Information should be verified, then regularly monitored for changes that might indicate theft or some other error. Any suspicious activities should be responded to quickly, thoroughly and properly.
Navigating the vast and growing universe of identity databases, verifying their information and keeping up with changes in each of them can be overwhelming unless well-organized, accurate and comprehensive guidance is in place.
Maintaining privacy means:
* Reducing the number of people with access to information down to the very few who have a legitimate “need to know.”
* Preventing even those few from releasing that information to any third party without consent.
* Preventing anyone else from accessing that information, either electronically or physically.
Eliminating unwanted contacts is an important first step in reducing the number of people who have access to private information and the opportunities for theft.
Identity Theft Identified
There are two basic types of identity fraud. The first, which is easier to detect and resolve, is when a thief simply uses your existing accounts and credit cards to make fraudulent purchases. These charges show up on account statements and, with a little attention, can be quickly detected and contained by closing the accounts. In most cases, the maximum liability is $50 per account if the false charges are detected and addressed in a timely fashion.
The second type of identity theft occurs when the thief uses a stolen identity to open new accounts, receive loans or lines of credit, or take fraudulent ownership of assets, all while using an address different from the actual owner. This type of fraud is much harder to detect and can potentially lead to greater financial losses and be more difficult to resolve. A variation of this occurs when the thief runs up charges on existing accounts, but changes the billing address in account profiles, or files a change-of-address with the post office. In these cases, the key is that by using a different address, the thief makes it difficult for the correct owner to know that the fraudulent activity is taking place.
Credit monitoring services are heavily advertised, and many people have the impression that, by themselves, they will provide a high level of protection against identity theft. This is a serious misconception that is important for consumers to understand. While monitoring services have their place in a comprehensive identity protection arsenal, they are by no means the most important arrow in the quiver.
The major credit reporting agencies track information related to credit history for every individual in the United States with a record of credit activity. Any time a financial account or credit card is opened, a loan is extended or ownership of a major asset is transferred, a credit inquiry is recorded with at least one of the agencies, and an update is made to the credit record of the owner. Credit monitoring services can be an effective tool for detecting that an identity thief is doing any of these things in someone’s name.
Identity theft has been the subject of a great deal of hype, but there’s a lot of fire along with the smoke. The growing threat, the heavy cost and the long-term effects are real. But almost all of the purported solutions that emerge daily capitalizing on the atmosphere of fear that the hype has raised are seriously inadequate, missing most of the key elements. The complexity and fast-changing nature of the problem make it difficult for consumers to separate the wheat from the chaff, and many are seduced by a brand name or by scare tactics, throwing good money away on ineffective solutions. An effective identity theft protection program should include:
* Prevention across all of the major risk areas, including online and offline threats
* Monitoring for exposures, including credit and other sources
* Insurance with the right level of coverage (this is key)
* Recovery that provides expert guidance and assistance through the entire process.
Benefits of Protection
Many employers are beginning to realize that identity theft protection can be a highly valuable addition to an employee benefits program. Recent surveys indicate that identity theft is at the top of the list of financial concerns of Americans, especially for professionals, who have more exposure and more to lose.
Free or discounted access to a reliable identity theft protection program can be a highly marketable competitive differentiator in the employee marketplace. This offering can be especially compelling in areas where employees are most aware of the threat (e.g., financial services, technology, other professional domains). And the ongoing hype around identity theft only reinforced the appeal of this benefit.
Importantly, identity theft protection also has a real and significant return on investment (ROI) for employers. Conservative estimates yield a calculated return for the employer of approximately $180 per year per employee, based on avoidance of time lost to recovery alone. Other factors, such as reduction of redundant computer security expenses, identity protection training costs and others can increase this return substantially.
Do Your Homework
Caution there are significant differences between the programs that are now available. Many new programs have appeared on the market to take advantage of the fear and confusion around identity theft, and it is easy to spend hundreds of dollars on partial solutions that do not effectively prevent identity theft or protect the user from harm.
The services offered tend to fall into four categories:
1) Computer protection anti-virus, anti-spyware, wireless security, etc.
2) Guidance and tools to protect against a variety of exposures of personal data from shredding documents, to opting out of marketing databases, to tracking data in social security, driving, medical, and financial databases.
3) Credit monitoring, at varying levels of frequency, sometimes with alert services in the event of credit inquiries or changes.
4) Insurance coverage, sometimes including assistance with identity recovery activities.
There are high quality programs available in each of these categories, that taken together and used diligently, will significantly reduce the majority of identity theft risks and provide basic protection and recovery from harm. However, it can be very costly to purchase the superior programs in each category, so it’s important to look for low-priced, bundled solutions that address the full range of identity protection, and are continuously updated to deal with new threats.