Customers of top companies -- including Bank of America, HSBC, Sprint and AT&T -- are suffering the most identity theft, according to a survey of complaints to the U.S. Federal Trade Commission published last week.
The study, Measuring Identity Theft at Top Banks, found that the Bank of America, AT&T, Sprint and JP Morgan were associated with the largest number of identity theft complaints each month. When the data was compared to the size of the bank's existing deposits (a similar measure of size was not available for telecommunications companies), the survey found that HSBC, Bank of America and Washington Mutual were the top-three most defrauded institutions.
The report is based on three months of complaints obtained through a Freedom of Information Act (FOIA) request by Chris Hoofnagle, a senior fellow at the Berkeley Center for Law & Technology. Hoofnagle stressed that the quality of the data posed problems. Consumers were asked to name institutions where fraudulent accounts were created or where their accounts were affected by fraudulent activity. While the size of banks could be estimated by the amount of money they held in deposits, no such measure is available for telecommunications firms.
Hoofnagle stressed that getting better data to consumers is extremely important.
"If data were available on this crime, consumers could choose safer institutions, regulators could focus attention on problem actors, and businesses themselves could compete to protect customers from this crime," he stated in the paper.
In 2007, the impact of reported data breaches skyrocketed, with 163 million records containing some type of personally identifiable information (PII) being reported lost or stolen during the year. Information from cases investigated by the U.S. Secret Service found that the average identity thief is a first time criminal and not known to the victim. (The case data could be skewed, however, by the fact that people known to the victim might not be reported to the police.) While breaches have skyrocketed, estimates of the losses due to account fraud and identity theft have fallen, to $15.6 million in 2006, according to an annual survey.
For the latest study, Hoofnagle was only given access to three random months of data in 2006, because the Federal Trade Commission said the task of vetting the information and deleting any identifiable information for an entire year's worth of data was too onerous.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos