By Ed Lowe
Senior Writer
In their analysis of this Christmas shopping season, economists are expressing their wonder at the increase in buying over the Internet. The phenomenon that, just a few years ago, was such a wonder, has now become a major element in our national economy. People have actually learned how to use the Internet to shop for goods, and sellers have learned that they can make substantial profits from using the electronic medium to sell merchandise.
But with these modern developments, the crooks have been keeping up very well. Recently someone tried to victimize me by stealing the pertinent elements of my identity. It works this way. I received an email purportedly from my bank. It said that a service (which I have never used) was being canceled unless I responded to the email by giving them my account number and social security number. They explained that these were necessary to verify the validity of my request to continue the service. The email had the bank's logo and a lot of usual disclaimers that banks publish with all their material and it looked very authentic. Except for one fact. If the bank knew my account number, why would they be asking me for it?
I was suspicious because they were asking me to confirm a service I didn't use and had never requested. So I took a printout of the email to the bank which confirmed the fact that this was a fraudulent attempt to steal my identity and clean out my bank account. It was one of several emails from the same source that had been brought to the bank's attention, and they told me that their fraud department was "investigating" the problem.
I was a bit shaken by the experience. While my liability to the bank would be limited to $50 under the terms of U.S. law (for lawyers and those who want to read legalese, it's 12CFR 205.6), the liability doesn't stop there. Usually identity thieves use their information to open new credit card accounts showing new addresses. Those sums are obviously not paid by the thieves and they ultimately show up on your credit record. You're labeled a deadbeat and your problems have just begun. You have to prove that you did not buy the items shown on the billings, that you aren't responsible for the debts someone else rang up, and that your credit should not be affected. People have spent thousands of dollars and untold hours of time proving that they are responsible people who pay their own bills. You are the victim of someone
else's theft.
Recognizing this as a real problem, Congress has passed the Identity Theft Assumption and Deterrence Act which penalizes identity thieves up to 15 years for identity theft and up to 25 years if the theft is used to further an act of terrorism. The main problem with this law is the difficulty in enforcing it. Much of this identity theft is done via the Internet as was my experience. You have to find the people who get credit cards using false identities and then catch them. Typically, those thieves use the cards for only a short time, run up huge charges and then disappear—usually before the first billing cycle of the new card. Their reason for using the bank account number is simply to give the issuing banks an opportunity to set higher limits on the card they are more than anxious to issue.
Another friend told me that someone had used a credit card which had been stolen out of his locker at his health club. Federal law requires that his loss be limited to the same $50 for the fraudulent use of a stolen credit card. In each instance, the bank that had issued his card returned the charge to the merchant who had originated the transaction with the phony signature. The merchant "ate" the loss—it was part of his cost of doing business. His only remedy was to fire the clerk who had not seen proper identification from the purchaser. And his only way to recover his loss was to raise the price of his merchandise for which the consumer
ultimately pays.
I realized that I had rarely had my use of a credit card challenged. When I present the card, it is swiped through the terminal then it is given to me for signature. All I have to know is the name on the face of the card and I am allowed to walk out with the merchandise. Only rarely does the clerk even compare the signature on the back of the card with the one on the charge slips.
There is little incentive for banks to actively eliminate the possibilities of fraud from the matrix of their credit card or electronic fund transfer businesses. Usually, bank fund transfers are controlled by personal identification numbers (PIN) that aren't given to identity thieves, so transfers simply are bounced back to the bank where they originated. On the other hand, while you're only responsible for the first $50 of the theft, the problems you could have with the fraudulently obtained credit cards is massive.
What could be done about it? There are several ways to protect customers when there is adequate incentive to do so. So, the answer is first to create those incentives through legislation. The wild marketing solicitations by banks for credit card customers is something that should be controlled. Then, having done that, allow the computer mavens at the banks to come up with fail-safe devices to protect legitimate purchasers and account holders from thieves who are also sophisticated computer hackers.
If we're going into a new economy based on our newfound love for computers, the least we can do is quickly eliminate problems that they may cause to people who use them. We put locks on our doors and ignition locks in our cars. The least we can do is find a way to lock our electronic computer accounts. We're not professional computer geeks. We're simply trying to get along and save some time and money by using the gadgets that we bought with the hope of entering the brave new world of electronic fund transfers, direct deposits, credit card purchases and high tech economics. It's time to level the playing field, Mr. Banker and Mr. Legislator. Get on the stick! |
