Many observers have described identity theft as the "fastest growing crime in America." According to the Federal Trade Commission (FTC), consumer complaints have nearly doubled almost every year since the agency began tracking the crime. Further, the FTC reported that in the one-year period ending June 2003, crime associated with identity theft had affected nearly 10 million consumers and cost businesses and victims upwards of $50 billion and $5 billion, respectively.
Obviously, the direct financial costs of this crime are damaging. Even more insidious, though, are the indirect costs to victims of identity theft, who are faced with a lengthy and complex process to restore their credit standing. Moreover, as Philadelphia Fed President Anthony Santomero emphasized during the conference's opening talk, it is critical that payment systems command the trust and confidence of consumers. Left unchecked, an increased incidence of identity theft and the onerous consequences for victims could threaten the growth of electronic payments and restrict progress toward a more efficient payments system.
To address these issues, the Payment Cards Center, in conjunction with Gartner Inc. and the Gartner Fellows Program, sponsored the discussion forum, "Identity Theft: Where Do We Go From Here?" In part, the forum was motivated by an earlier Payment Cards Center workshop on the same topic led by Avivah Litan, vice president and research director of Financial Services at Gartner. The February conference brought together participants from banks, retail merchants, Internet service and technology providers, and regulatory and law enforcement agencies. The intent was to allow this diverse group of stakeholders to share their perspectives and to develop new insights into the effort to coordinate solutions to the problem of identity theft.
Over the course of the four-session program, three general themes emerged: the definition and scope of identity theft and its impact on solutions, the efforts to track identity theft and to share data with law enforcement agencies, and the role of government in protecting the victim of identity theft.
Early in the program, it became clear that the way participants defined identity theft depended on the role they played in fighting this crime. In enacting the Identity Theft and Assumption Deterrence Act of 1998, lawmakers, for example, aimed to provide broad consumer protections against the fraudulent use of personal information in any form. Alternatively, credit card issuers have developed very segmented approaches to managing fraud, and they use a much narrower definition of identity theft. Legally, there is no distinction between fraud committed with a lost or stolen credit card and the more complex frauds that occur when the perpetrator uses someone else's identity to establish new accounts, often with multiple lenders. The banking industry, on the other hand, uses very different detection and prevention tools in dealing with these two types of fraud and applies the term identity theft only to refer to the latter more-difficult-to-detect form of identity fraud.
Danny Buttafogo, of Juniper Bank, and Michael Cunningham, of JP Morgan Chase, emphasized that the industry's success in managing and controlling payment fraud is, in large part, the result of such a nuanced approach. Once the rationale behind the different definitions of identity theft was recognized, participants accepted a statement by Lois Greisman, of the Federal Trade Commission (FTC), that such definitional distinctions were not necessarily roadblocks to solutions but, instead, could be assimilated into the search for solutions.
Assistant U.S. Attorney Richard Goldberg emphasized that prosecuting crimes related to identity theft alone is not a sufficient response. The extent to which personal information is accessible in our society and the numerous potential "points of compromise" presents particular investigative challenges. Instead, he argued that solutions must include a combination of establishing robust protocols for protecting data, tracking incidents, and giving law enforcement agencies access to case data. Several participants outlined initiatives to achieve these goals, including the FTC's Data Clearinghouse and BITS Identity Theft Assistance Center.
As the discussion turned to consumer protection, Oliver Ireland, of Morrison and Foerster, LLP, noted that the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) includes important provisions that should go a long way toward providing consumers with tools to assist them with protecting personal data, monitoring their credit data, and recovering their credit standing. Other participants observed that the FACT Act's success will also depend on consumer education programs.
Howard Schmidt, of eBay, stressed that another component of finding a solution to the problem of identity theft resides in developing ubiquitous authentication technology. He believes that such a system is technologically within reach but that it must be marketed in a way that encourages widespread adoption.
Participants generally agreed that in developing solutions, it is important to leverage the experience of each stakeholder group and to recognize that each plays a particular role in fighting this crime. At the end of the day, an ability to coordinate efforts to fight identity theft will assist all market participants in limiting its effects, both financial and otherwise.
For more details on the day's discussions, including additional insights gleaned from these sessions, please see the conference summary entitled, "Identity Theft: Where Do We Go From Here?" on the Center's website.