We're losing the war on identity theft, implies the panicky above-the-fold headline on Page One of today's (May 30) New York Times: "Technology and Easy Credit Give Identity Thieves an Edge."
The horror builds as we learn that some of the crooks—ripped on that scariest of scary drugs, methamphetamine—have "outpaced" law enforcement's "efforts to stop them" in the Phoenix area. Those dastardly tweakers now use the Web to data-mine court documents for the sensitive financial information found on divorce documents: bank account numbers; addresses; and scans of signatures. Just before the story jumps inside, we learn of a 2003 federal government survey finding that the economy took a $48 billion hit the previous year from identity fraud, and that 1 in 30 Americans had their identities stolen.
The article cools off after the jump, as "officials and consumer advocates" describe identity-theft as a byproduct of easy credit. Identity thieves rob banks because that's where the money is—and because the banks leave the vaults open. But try as it may, the piece never translates the criminal inventiveness in Arizona into anything close to a technological "edge" enjoyed by ID thieves over law enforcement. By one important measure, cited in the article, the banks are actually winning the identity-theft war. Visa tells the Times it's "reduced loss from fraud as a percentage of overall transaction volume" from 18 cents per $100 in transactions in 1990 to today's 7 cents per $100.
The idea of rampant ID theft grows out of the government's 2003 estimate of a $48 billion loss to the economy from identity theft, which the Times cites before the jump. But how good are those numbers? I wouldn't take them to the bank.
A Federal Trade Commission telephone survey asked 4,057 U.S. adults about their personal experiences with identity theft.Just 1.5 percent of them claimed that they had suffered the kind of classic kind of identity theft most of us worry about—that is, somebody abducts your personal information to open a unauthorized new credit account, take out a new loan, or engages "in other types of fraud, such as misuse of the victim's name and identifying information when someone is charged with a crime, when renting an apartment, or when obtaining medical care."
When the surveyors expanded the definition of ID theft to include "misuse of one or more" existing credit cards, another 2.4 percent of survey participants responded in the affirmative. When misuse of noncredit accounts was folded in (checking, savings, or telephone accounts), another 0.7 percent were tallied. In all, 4.6 percent of survey participants claimed some sort of ID theft in the previous year, or about 10 million.
While I'm prepared to accept the survey's census of 10 million, I doubt the $48 billion worth of economic damages. Survey question No. 29 allows the participants to estimate the "approximate total dollar value of what the person obtained while misusing" the ID information. Is the victim the best-informed source about how much financial institutions and business lost when his identity was stolen—or is he just the easiest to find? I'm also troubled by the fact that the survey report doesn't explain how these numbers volunteered by victims produce the $48 billion estimate.
Additional reasons to distrust the survey's results appear on Page 9 of the FTC report. Only 25 percent of all victims reported the ID theft crime to local police, and only 43 percent of the victims of ID theft "classic" did so. Why not? Could it be because many of the thieves are friends or family members, a notion supported by pages 28 and 29?
None of this is to suggest that identity theft isn't real. It is. Nor do I mean to imply that the Times is fantasizing about tech-savvy meth-heads surfing the Web for financial information. But the paper hypes the prevalence of ID theft completely out of proportion. I'm not the only one who thinks so. As I finished this column, I discovered via Nexis a sober and skeptical Associated Press story from 2005 by reporter Brian Bergstein.
Bergstein ri ngs all the right bells, finding that "identity theft is too broadly defined and often misunderstood"; kicks holes in the FTC report; and points to a 2005 study in which half of the "victims" who figured out who ripped them off blamed relatives, friends, neighbors, or in-home employees for the theft of their ID. *
If I hadn't written all but these last three paragraphs before laying eyes on Bergstein's, I'd accuse myself of stealing his identity and plagiarizing him.
Addendum, May 31: Pat Regnier at Moneymagazine cut through the identity-theft hype for his magazine back in September, noting that biggest threat to your financial identity is not necessarily a stranger but most often somebody who knows you and knows your habits. He adds:
Financial companies, including big names like American Express, Chase, Citi, Discover and MBNA, see opportunities in the hysteria over this, and they're hawking services designed to protect you from the threat. A few of them might be useful for some folks. But before you shell out one thin dime, take a deep breath and try to understand what the real risks are—and what's just lurid hype. …
When it comes to ID theft, it's hard to escape the feeling that you're getting pinched coming and going. As we detailed in our July issue, one reason we're all so vulnerable now is that the data and financial services industries have fought laws that would give you more control over how your data are used. And the banks and the credit bureaus could do a lot more to spot and thwart imposters. Certainly it's a bit, shall we say, poignant that many of the card issuers stuffing your mailbox with the junk mail you're supposed to shred are also marketing ID protection.
The data industry has lobbied to defeat state laws that allow you to slap a freeze on your report for a small fee. With a freeze, no potential lender can order your credit information unless you first contact the agencies and tell them to unlock your report. The idea is to make it nearly impossible for someone else to borrow money in your name. "Credit monitoring can't prevent ID theft," says Chris Hoofnagle of the Electronic Privacy Information Center. "The thing that is worth paying for is the security freeze."
Dear Reader: Having lost my identity, if not my mind, I can not compose my usual sardonic sign-off. Please suggest one via e-mail to firstname.lastname@example.org. (E-mail may be quoted by name unless the writer stipulates otherwise. No mail from earthlink.net addresses will receive responses unless you promise to turn off your anti-spam protection.)
Correction, June 3, 2006: This story erred by quoting an AP piece that contained an error: The AP mistakenly stated that half of the ID theft victims in a study blamed the theft on relatives, friends, neighbors, or in-home employees. In fact, half of ID theft victims in the study who determined who ripped them off blamed those people. The AP later moved a corrected version, to which this story now links. (Return to the corrected sentence.)