Skip to content

Identity Theft: Not Dead Yet

lifelock logoJulia Angwin's column in The Wall Street Journal argues that identity theft is nothing but a "fear campaign."

Not exactly.

I also have some strong words about the overuse and abuse of the term "identity theft" in The Laws of Disruption, and have written elsewhere in this blog on the subject. But I don't think the problem is, as Angwin writes, merely a linguistic construct "designed to get us to buy expensive services that we don't need."

Let's start with where I agree. By and large, "identity theft" is a term that is being kept alive by organizations with a vested interest in making the problem sound as severe and dangerous as possible. Angwin mentions credit bureaus and companies such as Lifelock who sell insurance against the problem. I would add to that list traditional insurers who are also selling identity theft policies, software companies such as McAfee and Norton who sell anti-malware products and services, and the U.S. Federal Trade Commission, which reports every information theft as identity theft even when it is only credit card companies who are at risk. Each of these groups has its own reasons for keeping the problem at the forefront of consumer fears about Internet commerce.

Angwin is also right to point out that the true problem--which for the most part are unauthorized purchases--is not a problem for consumers. Credit card companies and banks, by law, bear nearly all of the actual losses. (Of course the losses--still some $48 billion in 2008--are ultimately paid by consumers in the form of higher interest rates and other card and merchant fees.) Most consumers pay nothing when their card is stolen and used by thieves. Even when new accounts are opened in your name (the truer example of identity theft), the average loss to consumers is less than $600. The scale of identity theft in both frequency and cost has been steadily declining since the FTC began keeping records in 1999.

But I wouldn't go as far as Angwin in saying there's no problem here. Because while it's true that consumers have no legal responsibility to pay for unauthorized charges on credit cards and bank withdrawals, many victims of Internet-related fraud do pay a significant price.

Once consumers stop the unauthorized charges and close the fraudulent accounts, many encounter a demonic maze of obstacles trying to clear the criminal activity from their credit reports, scores, and credit card accounts. And ignoring the errors is not an option. Keeping an accurate profile is essential for everything from applying for a mortgage to getting a job or apartment--basic life activities, in other words. Yet these financial records are in the hands of shadowy third parties--who charge, when they can, just to divulge what inaccurate information they have on file. Either by design or ineptitude, these organizations make correcting their own errors nearly impossible for consumers.

The victims of identity theft are victimized not so much by the information criminals, but by the information managers.

Federal and state regulations are supposed to protect consumers from this kind of abuse, too, but enforcement is poor.

Accurate financial data is critical in the development of the information economy. We need more transparency in the operation of credit bureaus, agencies, credit card companies and others who have appointed themselves the guardians of consumer financial records. We need a Federal Trade Commission that is interested more in protecting consumers than protecting the markets for consumer protection products that are in part unnecessary and in part insurance against the incompetence of the industry the FTC supposedly regulates.

As Mark Twain once said, "A lie can travel halfway around the world while the truth is putting on its shoes."

We still need tools to give the truth a fighting chance.