ID Theft Overstated? Some Think So

It has been dubbed "the fastest-growing crime in America," but what is it? Achieving a consensus definition of identity theft, a term that by now is familiar to the general public, is one of the aims of an industry roundtable jointly organised by the Federal Reserve Board and Gartner, Inc. when it meets this month. The shocking statement that almost ten million Americans a year are victims of identity theft, made by the Federal Trade Commission report last September, has provided fresh impetus to the industry's desire to get a better handle on the problem. Some, including ABA's Senior Federal Counsel Nessa Feddis, say that identity theft is being exaggerated because all kinds of fraud are being redefined as such. "People call identity theft what they would before have called a stolen check," says Feddis. Judging by sources consulted for this article, the FTC went out on a limb in "exposing" the problem. Avivah Litan, a research director at Gartner, criticises the FTC's methodology, notably its inclusion of all unauthorised credit card use, saying, "Nobody ever did it that way before." Keith Anderson, an economist in the FTC's Bureau of Economics, defends the FTC's approach by noting, "The misuse of an existing credit card account is considered to be identity theft under the Identity Theft and Assumption Deterrence Act of 1998 Public Law No. 105-318, 112 Stat. 3007--the ID Theft Act.' The Act potentially considers "any name or number" as "means of identification." Michael Gray, who lectures on identity theft at San Jose State University, adds that "a lot of states treat stolen credit cards as identity theft." The FTC's Anderson also says that victims may perceive their identities as having been stolen in cases where others in the financial industry would not. However, non-FTC sources shared the baseline definition of Dennis Behrman, an analyst with Financial Insights, an IDC subsidiary. He says, "Identity theft requires sensitive, personal information," such as someone's Social Security number, in effect a unique, lifelong identifier; "it can't just be a credit card number being hacked." "The FTC numbers are not feasible," he adds. "It's outrageous to suggest there are ten million victims a year--that's 15% to 20% of the banked population." More than 6.5 million of the 9.9 million victims identified by the FTC had their credit card accounts misused, possibly in addition to other more serious forms of identity theft. Consumers were surveyed between spring of 2002 and spring of 2003 and their responses projected into an annual number for the FTC report released last September. The term "identity theft" may set consumers thinking of The Invasion of the Body Snatchers, but financial industry sources increasingly distinguish "account takeover/identity theft" from the far more common phenomenon of "identity fraud," where elements of a real person's identity--typically their Social Security number--are blended with made-up elements, such as a false name, to open new accounts. There, notes Behrman, "The victim is the institution." The individual's credit history is not tarnished, so they will never know. Meanwhile, when the short-lived account is depleted, "The bank will register it as a credit loss, not a fraud loss." Behrman disagrees with the contention that the growth in ID theft is not with new accounts, but with unauthorized credit card transactions. Behrman says fraudulent new accounts represent a growing trend that is "very scary." Financial institutions lost $4.3 billion on identity theft last year, a figure that will likely double to $8.6 billion by 2006, Behrman estimates. He drew these conclusions by analysing data from ten of members of the ID Analytics consortium last summer (see story on pg. 8). Behrman sees bigger banks as most vulnerable since they have the most outstandings. …