Putting An End To Identity Theft

Two books shaped my ideas about identity theft.  The first was Michael Crichton’s excellent “State of Fear,” in which he postulated that the government and media conspire to keep us in a constant state of fear through the waves of Columbian Drug Czars, AIDS, Global Warming, Global Terrorism, etc.  The second was Tom Clancy’s bestseller, “Clear and Present Danger,” in which we all pretended that a Columbian Drug Lord would murder us in our sleep. 

The mantra: Be afraid, be very afraid.

Truth is, none of these big scary things was really big and scary to the majority of us.  With no disrespect to victims of identity theft, let’s look at the numbers.

According to the 2013 Identity Fraud Report from Javelin Strategy and Research  (see https://www.javelinstrategy.com/brochure/276), the number of identity fraud incidents increased by one million more consumers in 2012, with the dollar amount stolen up to $21 billion.  That’s not as key a finding as the fact that nearly one in four consumers who received “data breach” letters became victims of identity fraud.

Identity fraud is considered different from identity theft.  That is, identity theft refers specifically to stealing money (as in the theft of a credit card number and its illicit use)  Identity fraud also included efforts to steal an identity for other purposes, as when a deceased child’s ID is stolen to get a bogus driver’s license.

No one likes to report how many people have their bank accounts cleaned out, their credit cards hit for merchandise or phony loans taken out, because it is easier to lump together a lot of different kinds of “identity fraud” to make the problem seem bigger than it is. 

Javelin reports that 12.6 million Americans were victims of identity fraud in 2012, or about 3.8 percent of the population.  And far less than that, if one considers how broad the category of “identity fraud” might be.  That is, the number of people who are victims of identity theft as we think of it are about half as many who believe in alien abductions.

So if you wanted to put an immediate end of identity theft (and probably identity fraud as well), we need to take only two simple steps:

• Make the companies whose databases are stolen financially liable for identity thefts from those stolen databases.  Look, if you borrow my car and smash it up, you have to pay for the damage.  Why should these companies be held to a lesser standard?  It’s not as if they will actually have to pay – they will simply set out reserves or take out insurance policies to cover the risk.  Meanwhile, the ones who are careless with my data have to pay a little more than just a year’s credit reports.  Make them liable for being careless.
• Make the merchants who sell to someone using my identity eat the cost.  It just isn’t that hard to verify identities, and companies that don’t do basic security should pay for their carelessness as well.  This includes bank loans, new credit cards, etc.  If they are so anxious to do a deal without due diligence, they should pay for the privilege.

No doubt the merchants and financial institutions would argue that these are draconian measures, but the reality is that these two steps would shift the pain of identity theft from the innocent victims to the people who profit by going along with identity theft.

These two points will never become law, simply because those entities have lobbying dollars and the ear of the Congress.  Still, if you are serious about solving the problem of identity theft, these two steps would end it immediately.

Identity theft is a real problem for those who have suffered it, but the number of people who have suffered is smaller than you think.  And that means that while it is prudent to take some common-sense precautions, the real solution is to hold the guilty, not the innocent, responsible.

But then, I believe that the death penalty should be a reasonable suggestion for spammers and identity thieves. Surely that would be a deterrent.