WHAT EXACTLY IS IDENTITY THEFT?
That's a difficult question to answer because the definition, and indeed, even the crime is changing.
Basically, identity theft occurs when someone assumes some or all of your identity to engage in criminal behavior. This may be as simple as using your telephone calling card number to place long distance calls on your account. It may involve getting a hold of information that identifies you, like your social Security number, and using it to open new credit accounts or to lease a car in your name, and leave you with the bills. It may even mean having someone take on your identity to create a new life in which the thief rents an apartment, applies for government beneath, gets a job, or-if you're really unlucky-commits a crime that gets you sent to jail.
IS IDENTITY THEFT A REALLY BIG DEAL?
Identity theft has been getting a lot of press in the past few years and the tone of some of the reports has been dramatic. In the face of so much hype, it's worth taking a look at some basic facts. The truth is that no one can reliably quantify how bad identity theft is, because some crimes-like using your credit card number to make a few bad charges-often don't get reported to the agencies that track it. Past estimates of the number of people affected range from 250,000 to 10 million per year.
Taking the biggest estimate of the problem, the likelihood you'll be a victim this year is around 1 in 26. This number includes someone using your credit card to make some bad charges-a pretty small inconvenience-as well as the more extreme cases of opening fake accounts, renting apartments, leasing cars, and filing false tax returns-a decidedly bigger deal. If you only consider the serious cases, the likelihood that you'll fall prey to an identity thief is more like 1 in 74. Clearly, it is less likely that you will suffer this kind of problem.
Unfortunately, all trends suggest that the numbers are growing and growing fast. A big study by the Federal Trade Commission (FTC), the government agency that enforces consumer protection laws, reports that ID thefts in 2003 were up 33 percent over the year before. If you just look at fake charges on credit card accounts, the number of problems grew 71 percent. Other studies report growth rates that are even higher. Given the current rates, identity theft could well touch 1 out of 9 Americans annually by 2007.
And here's another way to think about it. Even if you are never personally victimized by identity theft, you're definitely a victim in the aggregate. The cost of identity theft is estimated to be about $5 billion for the folks whose identity is stolen. However, for business, which absorbs the majority of the costs, the price tag is closer to $50 billion. Companies don't just pay these kinds of amounts without passing them on to you in the form of higher fees or penalties. Without even realizing it, you're already a victim of identity theft you're helping to foot the bill for it.
Finally, as you think about identity theft, it's important to consider where the real danger is. You can control some personal risk we'll talk later about how-but you can't control or often even find out about the risk that the companies you do business with expose you to. And, increasingly, that's where the real action is.
See if you think you could have protected yourself from cases like these: A theft of computer equipment (and the data it contained) from the once of TriWest Healthcare Alliance put the Social Security numbers and other highly personal information of 500,000 servicemen and women at risk. A similar theft of the laptop belonging to a consultant for Wells Fargo Bank posed a risk to the personal information of thousands of bank account holders. An insider at a data processing company sold 30,000 credit files stored on his company's computers to a ring of identity thieves for sixty dollars apiece. An accountant bled thirty-six fake tax returns using information from his company's legitimate clients. A sale of surplus computers owned by the State of Virginia exposed employee evaluations, credit card numbers, and other sensitive data of Virginia citizens, because the hard drives on these computers hadn't been wiped clean before going to auction.
This list is chilling enough, but the really scary thing to consider is that these are only the problems that we've heard about. Because most companies are under no obligation to report security breaches, and because they don't want the bad PR that goes with reporting one, the majority of companies are choosing to keep silent when information is stolen. In a survey conducted by the FBI and the Computer Security Institute, 60 percent of roughly five hundred companies inter-viewed suffered a computer security breach in the year they studied. Only one third reported the break-ins to law enforcement.
The state government of California knows all about this. In April 2002, hackers stole payroll records for 265,000 of its employees. The company housing the data for the state didn't tell anyone about the break-in-which included theft of names, Social Security Numbers, and bank account info for everybody all the way up to the governor-for three weeks. Startled by the lack of disclosure, the state legislature passed the first law in the country that requires companies to inform customers if any of their identifying information is ever stolen from databases. If you don't live in a state with a law like the one in California, it is almost impossible for you to know just how risky it is to give your information to a company.
Given the explosive growth, the fact that you're at the mercy of the companies you do business with and the fact that you pay for the crime whether you experience it personally or not, the answer to the question "is it really a big deal" is yes. It's worth your time to paid attention to what is going on.
