The largest percentage of fraud involves thieves using stolen consumer information to open up new accounts, says Unisys security consultant John Pironti. A fraudulent account can go undetected for months, because the consumer never sees any bills, and the financial provider and retailers have no previous history with the account that would make it possible for them to detect unusual patterns. Often the fraud is detected only when the consumer whose information has been stolen undergoes a credit check, such as when he’s buying a home or applying for refinancing.
Repairing the damage from identity theft can take hundreds of hours (330 on average, according to a 2004 study by the Identity Theft Resource Center), but because the number of victims of this kind of identity theft is still small, there’s been little incentive for data brokers to take stronger preventive measures. Also, because it’s very hard to prove where the stolen information came from, data brokers and processors can safely dodge liability for the damage, says Matt Curtin, founder of the security consultancy Interhack.
But a straightforward and relatively inexpensive technology could address this problem: notification. If a customer has an e-mail account or a telephone, it should be a simple matter to send a real-time alert to a cell phone number or e-mail address when a new account is opened, says Jeff Schmidt, CEO at security consultancy Authis. Credit bureaus already alert consumers when someone opens a new account in their name—but only if the consumer previously had his identity stolen and requested such notifications to prevent further activity without express permission. Requiring this notification for every new account could considerably eliminate identity theft. –G.G.