Identity fraud:The scourge of cyber business

New US white paper warns consumers and businesses about the danger of identity theft on the Internet
Written by Robert Lemos, Contributor

Digital consumers are still haunted by the potential for credit card theft on the Internet. Now businesses are banding behind an effort to banish this online bogeyman once and for all.

In a white paper detailing how consumers can prevent identity theft in cyberspace, the Software and Information Industry Association, a trade group representing more than 1,000 high-tech companies, is offering businesses specific guidance on how to avoid becoming unwitting accomplices to fraud.

"Businesses get it on both ends," said Tom Arnold, chief technology officer for e-commerce service provider CyberSource and the author of the paper, which was released Thursday. "They have a responsibility to keep information secure."

"On the other hand, they also have to be able to keep their e-commerce site easy to use, otherwise they chase the good consumers away as well," he added.

Arnold and other observers noted that information security is increasingly emerging as an issue that might limit the growth of online business. And it's no wonder.

After a Congressional committee posted the social security numbers of high-ranking military officers online, someone used the list to create false identities and run up charges. For instance, retired Lieutenant Colonel James Jones subsequently discovered that $50,000 (£33,049) worth of goods had been charged to accounts in his name.

"In the US, we struggle for wont of a key identifier for people," said Arnold. "The social security number is the surrogate and it's being overloaded in its use."

The first day that the FBI opened up its Fraud Complaint Centre it received 500 complaints of Internet fraud. Instead of assuming that a proffered social Security number is secure, businesses need to be more responsible and make sure they are doing business with the person who owns that number, according to the report.

At first inspection, that might seem to be a truism, but the report found that businesses already understand the potential risk and often opt to write off losses when faced with a non-paying customer.

Beth Givens, a privacy advocate and the director of the Privacy Rights Clearinghouse, thought the SIIA report needed to go further and lay the blame at the feet of another industry group: credit information collectors.

"The role that the credit industry plays in perpetuating identity theft is a major one," said Givens. "The credit grantors' carelessness in granting credit without checking makes the problem even worse."

Identity theft has become an increasing problem.

The first day that the FBI opened up its Fraud Complaint Centre it received 500 complaints of Internet fraud. Meanwhile, the Social Security Administration reported more than 30,000 complaints of social security card fraud in 1999.

Responding to the issue, vice president Al Gore has proposed a Social Security Protection Act to help citizens protect their identities. "Just by knowing your social security number, a thief is able to steal your identity and steal your money," Gore said earlier this month. "I will make it a national priority to stop this kind of traffic in personal data. And I'll start by making it a federal crime to buy or sell anyone's Social Security number."

If passed, the act would outlaw the sale or purchase of Social Security numbers without the consent of the card holder.

Still, the industry wants to balance the privacy and security equation itself, said Fred Hoch, manager of the eBusiness division for the Software and Information Industry Association.

"We believe the industry should be allowed to figure it out itself," he said. "It is a killer issue for many businesses. When you think about identity fraud, normally you think about the consumer, but it ultimately affects business and the growth of e-commerce in general."

Take me to the e-commerce special.

What do you think about identity fraud? What do you think are the imprtant aspects of identity fraud in the UK? Tell the Mailroom. And read what others have said.

Editorial standards