When I started writing for MSN Money in 2002, one of my greatest frustrations was trying to convince people that identity theft was a serious problem.
Many people thought they could immunize themselves against this pernicious crime simply by keeping track of their receipts and buying a shredder. Then:
- The Federal Trade Commission (FTC) released a report in September 2003 saying 9.9 million people had been identity-theft victims in the previous year. Those figures included 3.23 million who had experienced the most serious type: where the thief sets up new credit accounts or obtains other goods or services using the victim's personal information, including renting an apartment or obtaining medical care (see "Diagnosis: Identity theft").
- Research group Gartner reported in 2004 that the checking accounts of nearly 2 million Americans had been raided by criminals in the previous year, causing an average loss of $1,200 and a total cost of more than $2 billion. (Gartner updated the estimate to 3 million victims in 2005, with a total cost of $2.75 billion.)
- In the same year, state laws that required companies to report database breaches began kicking in. Since that tracking began in 2005, U.S. businesses have reported that more than 250 million personal records have been compromised, according to a tally being kept by the Privacy Rights Clearinghouse.
Consumers finally began to understand what fraud experts had known all along: that our personal information is incredibly vulnerable, and the most efficient shredder in the world isn't going to protect us.Almost overnight, it seemed, consumer attitudes swung from smug indifference to paranoia. U.S. businesses, ever alert to new trends, started marketing the heck out of identity-theft related products, including credit monitoring services and ID theft insurance. The District of Columbia and 46 states since have passed laws authorizing credit freezes that allow people to keep anyone from opening credit in their names, and consumers are signing up for these freezes even when they're at low risk (see "Should you freeze your credit report?").
The hysteria led to an inevitable backlash of critics questioning how prevalent and serious an issue identity theft really is. Some even questioned the wisdom of state laws that allow credit freezes or that force companies to divulge database breaches.
Repealing consumer protections against identity theft would be a mistake -- but so is spending a small fortune on mostly unnecessary "protection" products. To best understand and combat identity theft, we need to separate the facts from the rhetoric.
Here's what we know:Fact #1: Half or more of identity-theft cases are actually credit card fraud. In the FTC study, 67% of victims reported their existing credit cards were misused. In a later Justice Department study, which estimated 3.6 million households experienced identity theft in a six-month period in 2004, 48% said the theft consisted solely of credit card fraud. (Another 12% reported multiple types of theft, which could include credit card fraud.)
And credit card fraud is, at least for most consumers, no big deal. As long as you report the bogus transactions within 60 days of receiving your statement, your liability for the charges is typically waived. Sure, it can be inconvenient to have your card canceled and to wait for a new one, plus you generally have to notify any companies that charge your card automatically (such as gyms, wireless carriers, etc.) of your new account number. But the real victims of this kind of theft are the lenders, retailers and other vendors that typically eat the cost.