IT Managers Critical Front in War on Identity Theft
A steady rise in online identity theft should be signaling IT managers to shore up customer information before they face any further deterioration in consumer confidence.
Online consumers are growing increasingly wary of identity theft and that fear is hurting e-commerce, according to industry analysts. Protecting customer data -- while it's in transit, while it's stored in databases and while it's being shared with business partners -- is a critical component in the fight against this costly form of fraud.
''IT managers need to take a hard look at their own security,'' says Jay Foley, co-executive director of the San Diego-based Identity Theft Resource Center. ''Who has access to their system? What kind of security is around it? Who has access to that information when it's sitting in their database? These are questions that have to be answered.''
A new study from industry analyst firm Gartner Inc. this week highlighted the identity theft problem.
''Many banks, credit card issuers, cell phone service providers and other enterprises that extend financial credit to consumers don't recognize most identity theft fraud for what it is,'' says Avivah Litan, vice president and research director for Gartner. ''Instead, they mistakenly write it off as credit losses, causing a serious disconnect between the magnitude of identity theft that innocent consumers experience and the industry's proper recognition of the crime. This causes a disincentive to fix the problem with the urgency it requires.''
Identity theft is defined as a thief stealing a person's identity by lifting critical personal information, like credit card numbers, Social Security numbers, bank account information, driver's license information and address. The thief uses that information to make purchases, open up lines of credit and even obtain illegal loans.
But while identity theft incidents are on the rise, some analysts have doubts that it's risen by nearly 80 percent in the last year.
''We have been believing for quite a while that credit reporting agencies and creditors have misreporting identity theft,'' says Foley. ''They've been misclassifying it as general fraud. The real numbers haven't been coming out. Part of it is that we're becoming more aware of it, but I do believe the problem is becoming worse.''
Christine Pratt, a senior analyst with the TowerGroup, an analyst firm based in Needham, Mass., says identity theft is a growing problem, but she doesn't think it's growing as fast as Gartner is reporting.
''I did not find anywhere near that big of a jump,'' says Pratt. ''I would say it has grown but certainly not to that extent.''
The U.S. Federal Trade Commission (FTC) has made major efforts to report identity theft and calculate its effect on the e-commerce industry.
Last year, there were 161,819 cases of identity theft reported to the FTC. The agency also reported that identity fraud complaints were the most common type of fraud complaint reported by American consumers in 2002, accounting for 43 percent of all FTC complaints. Nationwide, identity theft reports nearly doubled last year, totaling more than 160,00 with losses of more than $343 million.
Whether identity fraud has jumped 80 percent or five percent, fear of it is creeping into U.S. consumers, hindering online shopping.
''I wouldn't be the slightest bit surprised if 25 percent or 30 percent of the population is flat out afraid to try e-commerce because of identity theft,'' says Foley. ''When e-commerce first got started, people were afraid they would order one thing and get another, or they would order something and it would never come. Now there is a new level of fear coming into play. People have to think if what they're seeing is real or is it just another scam to get money and information out of them.
''Now people are worried their information will be used to ruin them,'' Foley adds.
But consumers aren't the only ones feeling the ill effects of identity theft, says a TowerGroup report.
Lending institutions are getting hit hard. A recently released TowerGroup report notes that U.S. lender losses due to identity theft total more than $1 billion annually.
''Lenders have always been willing to accept a certain amount of risk,'' says Christine Pratt, a senior analyst at the TowerGroup Consumer Credit practice. ''Fraud losses, if they're not actively rising, have been an area of complacency... Financial institutions should take a strategic, enterprise-wide approach to implementing technology solutions to deal with fraud, and identity theft in particular.''
Pratt and Foley agree that IT managers will play a critical role in stopping identity theft and reassuring consumers about the safety of buying online and giving out their personal information.
''In terms of IT managers, they need to look at how secure information is when it comes to them and how secure it is when it's under their control,'' says Pratt. ``How secure is the information when it goes to other parties they do business with? How safe is it from third parties they share information with? How safe is it from their employees when it's sitting in their database?''
June 12, 2003
The security community and the federal government are on alert for what could be another evolution in computer viruses. The newest variant of the Bugbear virus is designed to specifically target financial institutions.