STOLEN NAMES, BIG NUMBERS

By Published on .

DAMON CARLTON GORHAM HAD AN UNLUCKY DAY THIS SUMMER

Gorham was arrested for unauthorized purchases of computer and multimedia equipment by the Prince William County police in Virginia, with help from the U.S. Secret Service. According to a local newspaper, Gorham allegedly created credit accounts online using other peoples' identity and purchased at least $8,000 in products from various retailers, including Best Buy and Circuit City.

For Michael Higgins, the case literally hits close to home, as it marks the first arrest of its kind in his hometown of Dumfries, Va., a suburb of Washington D.C. And Higgins would know, being an authority on the subject. He teaches information security at George Washington University and is also the managing director of TekSecure Labs, the network security division of Tekmark Global Solutions, a technology and consulting services firm in Edison, N.J. Reacting to the arrest and the subsequent publicity, Higgins ruefully remarks, This undermines the confidence among consumers about safety.

While crime didn't pay for Gorham, it certainly does for other crafty con artists and pays well. These morally flexible miscreants committing identity theft both on and off the Web, lined their pockets with nearly $50 billion in ill-gotten gains in the U.S. last year alone, according to the Federal Trade Commission. As if that's not bad enough, the FTC says U.S. consumers reported losses from fraud of more than $400 million last year. And, like Gorham, increasingly, the weapon of choice is the Internet.

That should strike a nerve with U.S. business executives, especially as recent reports reveal that fraud and identity theft are already a much bigger issue than conventional wisdom estimates. A lot more people than we thought had suffered from identity theft, confesses Keith Anderson, an economist at the FTC. In 2003, the agency received 516,740 consumer fraud and identity theft complaints, up from 404,000 in 2002. Last year's tally comprised 301,835 complaints of fraud and 214,905 complaints of identity theft. Of the fraud complaints, 55 percent were Internet-related, up from 45 percent in 2002. Collectively, the victims of Internet-related fraud lost an estimated $200 million, with a median loss of $195, the report states. Over half a million people have had losses. I can't comprehend that number being kept quiet. I know the banking community and people on the fraud side of the business, they never indicated it is a problem on that scale, Higgins attests.

Yet, it is a significant problem and one that will likely get worse. With online sales soaring to new heights every holiday season, incidences of fraud and identity theft will undoubtedly continue to rise, sparking more fear and mistrust in the hearts and minds of consumers. And for corporate America, Higgins worries this will eventually increase the cost of doing business. However, some recent research reports indicate that while consumer trust is hard to earn, it is easier to keep.

Already, pundits argue consumer sentiment is at an all-time low, largely due to diminishing trust. The trust is at the floor. We continue to see unimaginable things happening, such as the surreal attacks of 9/11, the unimaginable betrayal of Catholic priests and the molestation scandals, the corporate betrayals of Enron and the like, Martha Stewart's insider trading and Sammy Sosa's corked bat. Everywhere we look we see deceit, mistrust and dishonor, says Craig Wood, president of the Monitor division of Yankelovich Partners in Chapel Hill, N.C. and author of a study, entitled The State of Consumer Trust Report. According to the report, consumer distrust has a potentially devastating impact on profitability. In fact, 45 percent of respondents in the study say there is at least one retail business that they trusted but no longer trust. Of those people, an overwhelming 94 percent say they spent less money with that company, and spending declined by an average of 87 percent.

Surprisingly, once victimized, consumers' concerns decrease, to a point. According to an Accenture consumer survey, almost all consumers 97 percent are concerned about privacy issues, and 9 in 10 maintain that identity theft and its financial consequences are a concern. However, according to the FTC Identity Theft Survey Report, the actual victims are less fearful once they've been defrauded. Considering all victims of identity theft, only 44 percent say they are at least somewhat concerned that they will be victimized again, while 55 percent say they are not very or not at all concerned. Yet, those whose personal information was used to open new accounts or to commit other types of fraud are slightly more concerned: 47 percent of these victims are at least somewhat concerned about future misuse of their information, compared with those who only experienced the misuse of an existing credit card (36 percent were at least somewhat concerned). However, concerns rise drastically when multiple violations or misuses occur four appears to be the breaking point for most people. Those who suffered four or more misuses of either an existing account, the unauthorized opening of a new account or improper use of personal information, were considerably more concerned about future misuse than victims of fewer incidences of misuse. More than two-thirds (68 percent) of those with four or more distinct misuses stated they were at least somewhat to very concerned about future incidents, compared with only 38 percent of those with one to three distinct misuses.

Interestingly, nonwhites reported a slightly higher rate of victimization 16 percent compared with whites at 12 percent, which naturally yields greater fear levels. Nonwhite victims (53 percent) are more likely than their white counterparts (40 percent) to be concerned about future acts of misuse by an identity thief. And lower-income victims were most likely to express concern about being swindled again: 60 percent of victims whose household incomes were less than $25,000 said they were at least somewhat concerned.

FIGHTING BACK

So what can companies do to allay consumer concerns? Gaining consumer trust has become a significant issue, especially for online retailers and financial services firms. Companies will go to great lengths to build or rebuild consumer trust. Citibank did this with its recent spate of identity theft television commercials. One jarring commercial shows an elderly woman cleaning her backyard pool, bragging in a Southern male voice about illegally purchasing a pickup truck and mud flaps with them naked ladies on em. Another ad shows a portly middle-aged man sitting at home, watching a bowling match on television, beer in hand, and describing (in the voice of a vibrant young woman) his latest unauthorized purchases, particularly the leather bustier that lifts and separates. Yet another ad shows a young, trendy, African American woman describing in a male teen's voice how she's going to buy parts for my robot my girl robot. Clearly, these people pictured didn't authorize these purchases. Instead, we are informed the subjects were all victims of identity theft, but in the end, Citibank assures viewers that their money is protected. Knowing, for example, that Citibank accounts are FDIC insured gives consumers some measure of protection if something should go wrong. That gives consumers a much better basis to continue to extend their trust to companies than when consumers don't have any recourse, says Glover T. Ferguson, chief scientist at Accenture.

Still, winning the hearts of consumers through promises of protection is not enough. Businesses cannot afford to ignore fraudsters and identity thieves, because, as Higgins says, the cost of doing business will likely increase if these crimes don't subside. The challenge, though, is staying ahead of the criminals. As new approaches to fraud and identity theft surface, corporations are finding it increasingly difficult to keep on top of them. Most vulnerability researchers are saying we're approaching a zero-day vulnerability where we'll have no ability to respond to security threats, says Fred Rica, a director at consulting services firm PricewaterhouseCoopers. One overwhelming trend among fraudsters, Higgins warns, is a tactic called phishing, where an e-mail is sent to unsuspecting consumers to log in to a bogus Web site that looks exactly like the legitimate site where the consumer is asked to enter banking or other personal information. Already, companies such as MasterCard and eBay, Higgins says, are partnering with Internet watchdogs that sniff out fake Web sites and notifies all banks affected by the scam within four hours.

MasterCard also provides an additional layer of security with a three-digit number on the back of its credit cards. Users have to physically possess the card to view the numbers, and the numbers are not transferred with the credit card account number so identity thieves cannot use the card on sites that require the three extra numbers. Web sites such as Amazon.com and BarnesandNoble.com already have the ability to stop a transaction if these numbers aren't entered. This provides an added level of security for online retailers, Higgins says, because MasterCard will assume the liability in the event of identity theft if these numbers are presented. Without asking for the numbers, retailers are liable.

This requires an extra step for consumers to make a purchase, albeit a minor step. But is there such a thing as overprotection, especially if it interferes with good business practices? According to Erin Kinikin, a vice president at Forrester Research, there is. Fraud detection is a two-edged sword from a consumer perspective. On the one hand, it's great for a company to show it's watching out for consumers. On the other hand, no one really wants to have a card cancelled for fraud right in the middle of an expensive vacation or a shopping spree. It's all about appropriate, individualized behavior, she says. Consumers want to be able to specify the level of protection they want, how they want to be notified and what they want the company to do about it. The more technology-savvy the consumer, the more they will expect differentiated treatment and the right to get the information when they want it and on the appropriate device.

Accenture's Ferguson maintains that privacy protection should be viewed as an opportunity and not a liability. Rather than posing security as a hurdle to overcome, companies should view their customers' privacy needs as an opportunity through which they can differentiate themselves as trust leaders, increase their financial value and even energize entire economies.

In this article: