Debate Over What Constitutes Identity Theft Delaying Policy And Technology Solutions

November 12, 2004

For Financial Industry to Move Forward on Issue, TowerGroup Finds It Must Recognize That Consumers / Regulators

NEEDHAM, MA, — As concerns over identity theft in the US intensify, so do debates within the financial services community over exactly what type of crime is at the heart of the matter. At issue is the distinction between identity theft and identity fraud - and whether the identity theft threat actually matches the hype.

Formally defined, identity theft involves financial or other personal information stolen with the intent of establishing another person's identity as the thief's own. As rightly portrayed in the press, this act is extremely damaging to the victim and can mean months or years spent "cleaning up" records and re-establishing good credit. Identity fraud - exponentially more common - involves financial or other private information stolen, or totally invented, to make purchases or gain access to financial accounts.

Yet new research from TowerGroup asserts that when it comes to consumer perceptions, the valid distinctions between identity theft and fraud simply don't matter.

"The ongoing debate over what constitutes identity theft from a consumer or governmental perspective is delaying needed policy and technology solutions within many financial institutions," said Jerry Silva, senior analyst in the Delivery Channels research service at TowerGroup and co-author of the research. "It's critical that the industry recognize the likelihood that consumers and regulatory bodies will never see a clear distinction between identity theft and fraud. By coming to clarity on this point, institutions will be able to place ID theft in the context of enterprise risk management, and develop policies and actual solutions to attack the issue."

Other highlights of the research include:

  • Responding to consumer concerns, the Federal Trade Commission (FTC) has extended the Fair Credit Reporting Act (FCRA) and added regulations in the guise of the Fair and Accurate Credit Transaction Act (FACT). These regulations use a much broader definition of identity theft, one which includes more simple forms of fraud.
  • Many credit risk executives are both frustrated and concerned by regulatory and consumer response to what they view as a problem largely well-controlled by the industry - namely fraud
  • Financial institutions face unique challenges in battling identity theft and fraud, in that the customer is often the source of the information "breach" - unwittingly or carelessly providing the tools needed by fraudsters to commit their crimes. Also, financial institutions are rarely in "control" of an individual's total financial network, despite the fact that they typically bear the cost of losses incurred when a customer's information is exploited in some other sphere.
"However the terms are defined, the collective issue is becoming a real problem in the US," said Christine Pratt, senior analyst in the Consumer Lending research service and co-author of the research. "It's true that the vast majority of the 9.9 million events cited by the Federal Trade Commission as identity theft are actually identity fraud. And it's also true that the financial services industry has the fraud issue fairly well solved, balancing good protection against liability for consumers against costs to control fraud. Yet trying to convince a consumer whose credit card has been used to buy someone else's stereo that he or she is really not a victim of identity theft is just an exercise in futility."

Source: TowerGroup

Contact ALTA at 202-296-3671 or