Saturday, April 30, 2005
Miami Herald: A consumer should be able to buy a pair of shoes, paying by credit card or check, without worrying that the purchase will lead to identity theft. Yet the opposite is true for thousands of DSW Shoe Warehouse customers whose driver's licenses, credit and debit cards, and checking-account numbers are now in the hands of thieves. The DSW security breach is the latest instance in which cyber-thieves got hold of private information through fraud or from insufficiently secured data technology.
This month the giant information-broker LexisNexis said that personal data on as many as 310,000 people were obtained fraudulently -- 15,615 of them from Florida -- in a case first uncovered in March. Thieves used passwords issued to LexisNexis customers to retrieve Social Security numbers and other personal data. Recently, ChoicePoint, another data broker, was duped into selling records to a fraud ring. Both LexisNexis and ChoicePoint eventually sent letters to everyone exposed.
Not so DSW. The theft of 1.4 million credit- and debit-card transactions and 96,000 check transactions at 108 stores was delivered to its customers courtesy of media reports. Only California has a law requiring such notification.
Bad guys winning
Truth is, when it comes to identity theft, the bad guys are ahead. Fraud-related complaints from consumers increased by 17 percent in 2004 over 2003, climbing to 635,173 complaints from 542,378, according to the Federal Trade Commission. The biggest problem reported to the FTC in '04 was identity theft. Clearly, the businesses from which private information can be stolen by computer hacking or via fraudulent means are under-prepared to deal with the threat. Regulators and law enforcers are only beginning to develop the necessary tools to combat this growing menace.
Congress finally is beginning to respond. Florida Sen. Bill Nelson is sponsoring a bill that would require data brokers and others to notify people when their information gets into the wrong hands. Two other Senate bills also would mandate notification. Nelson's bill would create an Office of Identity Theft within the FTC to help victims of identity theft regain their personal security and protection from financial loss. His bill -- S 768 -- also would strengthen federal protections to keep Social Security numbers private and mandate more fire walls for information sharers.
U.S. Rep. Ed Markey, D-Mass, is pushing a similar bill -- HR 1080 -- in the House. These bills deserve priority action in Congress this session.