The State of Identity Theft in 2013
A National Consumers League White Paper Examining Fifteen Years of
Federal Anti-Identi...
federal employees, including some members of the Senate.4
In each case, the breaches
exposed Americans to possible identit...
at every level. These breaches have caused millions personal records to be compromised,
allowing identity thieves to condu...
effectiveness of the Red Flags Rule in preventing identity theft.
4. Those who shape U.S. foreign policy should set as a k...
61% of consumers named identity theft.15
Similarly, a 2012 Forrester survey found that
consumers’ primary privacy, safety ...
identity theft a top priority. However, trends in the complaint data are suggestive of changes in
how identity thieves are...
seven years, this scam has grown ever more popular among identity thieves, increasing from
63% of all government documents...
Consumers are still concerned about the threat of identity theft and rightfully so. While the direct
cost to consumers of ...
In addition to legislative action increasing consumer protections against identity theft, significant
reforms have been un...
and joint enforcement coordination efforts have been undertaken to make enforcement
efforts more efficient; and
● Identity...
Threats
Consumers and law enforcement agencies have powerful tools at their disposal to attack the
identity theft problem....
must not be on the individual consumer - weak passwords are not the cause of massive ID
theft. Consumers of course should ...
U.S. tax collection system has become a major cause for concern. Consumer should be
empowered to take preemptive action to...
Prochain SlideShare
Chargement dans…5
×

The State of Identity Theft in 2013

341 vues

Publié le

This white paper examines data breaches and identity theft that occurred in 2013.

0 commentaire
1 j’aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Nombre de vues
341
Sur SlideShare
0
Issues des intégrations
0
Intégrations
1
Actions
Partages
0
Téléchargements
7
Commentaires
0
J’aime
1
Intégrations 0
Aucune incorporation

Aucune remarque pour cette diapositive

The State of Identity Theft in 2013

  1. 1. The State of Identity Theft in 2013 A National Consumers League White Paper Examining Fifteen Years of Federal Anti-Identity Theft Consumer Protection Policies Prepared by John D. Breyault Vice President of Public Policy, Telecommunications and Fraud National Consumers League1 Thesis: Identity theft remains a pernicious threat to consumers. While the federal government and private sector have done much to to address this issue, it is important that legislators and regulators remain vigilant to protect consumers from this ever- evolving fraud. Executive Summary May 3, 2006 was a typically beautiful spring day in Washington, DC, with temperatures in the mid 70’s, a slight breeze and clear skies. As the work-day wound down, a data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive, as he had done regularly for the previous four years. That night, however, the laptop and hard drive were stolen during a burglary of the analyst’s Maryland home.2 The two devices contained unencrypted information -- including names, dates of birth, Social Security Numbers and medical information on more than 26.5 million active duty members of the military, National Guardsmen, Reservists, veterans and their spouses. This theft followed a highly publicized data breach at data broker ChoicePoint in February 2005.3 That same month, Bank of America announced that it had lost tapes containing the Social Security Numbers and account information of more than 1.2 million 1 This white paper was underwritten by an unrestricted educational grant from Google, Inc. 2 Electronic Privacy Information Center. “Veterans Affairs Data Theft.” Online: http://epic.org/privacy/vatheft/ 3 “ChoicePoint: More ID Theft Warnings,” CNN/Money. February 17, 2005. Online: http://money.cnn.com/2005/02/17/technology/personaltech/choicepoint/ © National Consumers League 2013 1
  2. 2. federal employees, including some members of the Senate.4 In each case, the breaches exposed Americans to possible identity theft. This spate of high-profile data breaches prompted President George W. Bush to issue Executive Order 13402 on May 10, 2006. The order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations ranging from small incremental steps to broad policy changes.5 More than a year later, in September 2008, the task force released a report describing the progress of the seventeen member agencies in implementing the task force’s recommendations. While many of the recommendations had been successfully implemented, the report noted that the implementation of others were still in progress.6 Many of the reforms prompted by the task force have had an impact, but it remains unclear if the federal government’s policies are keeping up with the threat of identity theft which continues to evolve. The scope of identity theft is massive. Every year for more than a decade this form of fraud has been the single largest source of complaints to the Federal Trade Commission.7 While the number of consumers affected has decreased significantly from 2009-2010, more recent data shows that this scam is once again trending in the wrong direction. In 2012, identity fraud affected 5.26% of American consumers or 12.6 million people, the second straight year the incidence of identity fraud increased. Losses from identity fraud also increased from $18 billion in 2011 to $20.9 billion in 2012.8 Clearly, identity theft perpetrators are becoming more professional and more networked. Sophisticated identity theft black markets exist to facilitate the buying and selling of compromised identities. These black markets are supplied by growing numbers of data breaches affecting organizations from small retailers to large banks and government agencies 4 Nowell, Paul. “Bank of America Loses Tapes With Federal Workers’ Data,” The Washington Post. February 26, 2005. Online: http://www.washingtonpost.com/wp-dyn/articles/A54823-2005Feb25.html 5 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf 6 The President's Identity Theft Task Force. Task Force Report. September 2008. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 7 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 8 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. © National Consumers League 2013 2
  3. 3. at every level. These breaches have caused millions personal records to be compromised, allowing identity thieves to conduct their crimes with greater ease than ever before. Progress, to be sure, has made in a number of areas. Identity thefts affecting existing consumer accounts (e.g. credit cards, bank accounts) appear to have decreased in frequency, and the time and expense necessary to recover from identity theft has decreased. Despite these advances, however, the changing face of identity theft presents consumers with new worries. However, the increasing prevalence of new account fraud, tax-related and medical identity theft suggest that identity thieves are increasingly seeking fraud that can remain undiscovered for longer time periods. For instance, it appears that identity thieves are becoming adept at aggravated identity theft, particularly involving the creation of new accounts.9 A significant concern is the increasing use of stolen identities to commit tax-related identity theft. Government documents or benefits fraud is by far the largest and fastest-growing category of identity theft complaints, increasing from 19.2% of identity theft complaints in 2010 to 46.4% in 2012.10 Tax or wage-related fraud complaints make up 93.5% of this category, up from 81.3% in 2010.11 This much is clear: the threat of identity theft is not going away anytime soon. It is therefore critical that the successes achieved by the President’s Identity Theft Task Force, new consumer protection laws and private sector data security efforts not be taken for granted. Instead, policymakers in Congress and the Executive Branch should consider a range of reforms to address the evolving identity theft threat. These include: 1. The President’s Identity Theft Task Force Report should be updated to reflect reforms undertaken since 2008. 2. Congress should pass comprehensive data breach notification legislation. 3. The Federal Trade Commission should collect and publish data on the 9 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf 10 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 11 Ibid. © National Consumers League 2013 3
  4. 4. effectiveness of the Red Flags Rule in preventing identity theft. 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. 5. The Federal Trade Commission and Internal Revenue Service should launch a comprehensive effort to improve consumer protections for tax-related identity theft. 6. The Obama Administration should explore stronger incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. I. Identity Theft Continues to Affect Millions of Consumers and Cost the U.S. Economy Billions Identity theft is a serious, pernicious threat to millions of consumers annually. According to Javelin Strategy, which publishes one of the few longitudinal studies tracking identity fraud, 12.6 million consumers were affected by identity fraud in 2012. Losses stemming from identity fraud are estimated to total $20.9 billion annually.12 To put this total in context, $20 billion in identity fraud losses annually is equivalent to the insured cost of a Hurricane Sandy hitting the economy every year.13 Consumers reported in an April 2013 Zogby poll that identity theft was their biggest concern about the Internet (39%), higher than viruses and malware (33%), government surveillance of data (12%) or cyber-bullying and stalking (5%).14 This consumer concern about identity theft is reflected consistently in polling. When asked to name the most significant privacy-related threat, 12 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 13 Holm, Erik and Scism, Leslie. “Sandy’s Insured Loss Tab: Up to $20 billion,” The Wall Street Journal. November 2, 2012. Online: http://online.wsj.com/news/articles/SB10001424052970204712904578092663774022062 14 Digital Advertising Alliance. “Poll: Americans Want Free Internet Content, Value Interest-Based Advertising,” Press release. April 18, 2013. Online: http://www.aboutads.info/DAA-Zogby-Poll © National Consumers League 2013 4
  5. 5. 61% of consumers named identity theft.15 Similarly, a 2012 Forrester survey found that consumers’ primary privacy, safety and security concern when it comes to the Internet is having their identities stolen.16 The fallout from identity theft victimization is especially destructive for confidence in small businesses. Fifteen percent of identity theft victims changed their behaviors and avoided smaller online merchants. Larger merchants are not as affected by this behavior change.17 Data breaches are a major source of the compromised personal information that fuel identity theft. Such breaches occur in a myriad of ways, including phishing schemes, insider attacks, and sophisticated hacking attacks. The total impact of these breaches is massive. One study recorded more than 2,500 incidents since 2004, affecting 1.1 billion records.18 The scope and size of the data breach issue is directly relevant to identity theft because consumers whose data is compromised by a breach are significantly more likely to be victims of fraud than those who are unaffected by a breach. In 2011, 5.3% of all consumers were victims of identity fraud, while 22.5% of consumers whose data was compromised became victims of fraud.19 Data breaches clearly increase the risk of consumers becoming victims of fraud, but it appears that identity thieves may be using stolen identity information in new and more egregious ways. For example, the number of identity theft cases filed and the number of defendants convicted both decreased in 2009 and 2010 relative to 2008. However, the numbers of aggravated identity theft cases filed and defendants convicted have continued to increase.20 Identity theft has been the most common fraud complaint to the Federal Trade Commission for the past thirteen years.21 In response, the Commission has rightfully made the fight against 15 Ponemon Institute. 2012 Most Trusted Companies for Privacy. Pg. 2. January 28, 2013. Online: http://www.ponemon.org/local/upload/file/2012%20MTC%20Report%20FINAL.pdf 16 Enright, Allison. “Consumers worry about online privacy, but shop anyway,” Internet Retailer. May 11, 2012. Online: http://www.internetretailer.com/2012/05/11/consumers-worry-about-online-privacy-shop- anyway 17 Javelin Strategy & Research. “2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters,” Press Release. February 2013. Online: https://www.javelinstrategy.com/brochure/276 18 Verizon RISK Team. 2013 Data Breach Investigations Report. Pg. 4. May 2013. Online: http://www.verizonenterprise.com/DBIR/2013/ 19 Source: Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 20 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf 21 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf © National Consumers League 2013 5
  6. 6. identity theft a top priority. However, trends in the complaint data are suggestive of changes in how identity thieves are monetizing stolen information. At one time, compromised identity data was used most often to commit credit card fraud. Now the broad category of government documents or benefits fraud has become by far the largest and fastest-growing sub-category of identity theft complaints. In 2010, complaints about this type of scam accounted for 19.2% of identity theft complaints to the FTC. By 2012 this number had risen to 46.4%, outpacing credit card fraud, bank fraud, employment-related fraud, phone or utilities fraud and loan fraud, combined.22 This should be a wake-up call for the Obama Administration, Congress and state authorities. Fig. 1 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12) Within the government documents/benefits fraud category, the use of stolen identity information to file fraudulent tax returns has historically been the dominant type of scam. Over the past 22 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf © National Consumers League 2013 6
  7. 7. seven years, this scam has grown ever more popular among identity thieves, increasing from 63% of all government documents/benefits fraud complaints in 2006 to 93.53% of such complaints in 2012. Tax identity theft theft occurs when thieves use personal information, such as a consumer’s Social Security Number and full name to submit fraudulent tax returns and obtain refunds to which they are not entitled. In 2011 alone, approximately 1.1 million suspicious tax returns were identified, resulting in $3.6 billion in potentially fraudulent refunds paid by the IRS due to identity theft.23 Fig. 2 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12) While the nature of identity theft is changing, the scope of the problem clearly remains massive. 23 Treasury Inspector General for Tax Administration. “Identity Theft: IRS Detection Has Improved, Yet Billions Still Lost in 2011 Returns,” Press Release. November 7, 2013. Online: http://www.treasury.gov/tigta/press/press_tigta-2013-39.htm © National Consumers League 2013 7
  8. 8. Consumers are still concerned about the threat of identity theft and rightfully so. While the direct cost to consumers of being a victim in money and time have decreased, the indirect costs to the economy, taxpayers and confidence in the Internet are no less worrisome. II. Background On Federal Anti-Identity Theft Efforts Since the 1970s, consumers have benefitted from legislation that safeguards their finances from misuse, providing a basic level of identity theft protection. For example the Fair Credit Reporting Act imposes a duty on consumer reporting agencies to ensure that the information they report is accurate. The FCRA also gives consumers right to file suit for violation of the Act. The Fair Credit Billing Act provides consumers with an opportunity to receive an explanation and proof of charges that may have been made by an imposter. The FCBA also gives consumers the right to have unauthorized charges removed from their accounts. Finally, the Electronic Funds Transfer Act limits consumers’ liability for unauthorized electronic fund transfers as long as they notify their financial institution in a timely manner. The cumulative effect of these 1970’s-era laws is that much of the financial cost of fraud stemming from identity theft is borne not by consumers themselves, but by financial institutions instead. By the late 1990’s, the rise of Internet-fueled identity theft exposed the limitations of these laws. Congress took an important first step in attacking the identity theft problem with the passage of the Identity Theft Assumption and Deterrence Act of 1998, which made identity theft a federal crime. This was followed by the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which directed the FTC to work with credit card issues to improve security procedures.24 FACTA also gave consumers the right to request a free credit report from each of the major credit reporting bureaus every twelve months and to have a fraud alert placed on their credit reports if they suspected identity theft. In 2004, the Identity Theft Penalty Enhancement Act established additional penalties for aggravated identity theft. Most recently, the 2008 Identity Theft Enforcement and Restitution Act authorized restitution for the time spent by victims recovering from the harm caused by an actual or intended identity theft. 24 FACTA’s requirement that the FTC work with businesses to implement security safeguards led to the creation of the Red Flags Rule. This Rule requires many financial institutions and creditors to implement written Identity Theft Prevention Programs to identity the warning signs (“red flags”) of identity theft in their day-to-day operations. The Red Flags Rule went into effect on December 31, 2010. For additional information, see the Federal Trade Commission's “Fighting Identity Theft with the Red Flags Rule: A How- to Guide for Business.” Online: http://www.business.ftc.gov/privacy-and-security/red-flags-rule © National Consumers League 2013 8
  9. 9. In addition to legislative action increasing consumer protections against identity theft, significant reforms have been undertaken by Executive Branch agencies to address the threat of data breaches and the resulting danger of identity theft. In 2006, following a spate of high-profile data breaches, President George W. Bush issued Executive Order 13402. The Order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to more effectively combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations, ranging from small, incremental steps to broad policy changes.25 Notable recommendations from the Task Force included: ● Reducing the use of Social Security Numbers by federal agencies; ● Establishing national standards for private sector protection of personal data; ● Promoting a nation data breach notification standard; ● Implementing a broad and sustained consumer, industry and public sector awareness campaign regarding identity theft; and ● Creating a National Identity Theft Law Enforcement Center to coordinate enforcement resources targeted at identity theft. A progress report released by the task force in September 2008 detailed the federal government’s progress in implementing the strategic plan. Notable reforms undertaken as a result of the Task Force’s recommendations included (but were not limited to): ● Task Force member agencies have significantly reduced their use of Social Security Numbers; ● Federal agencies have increased the use of encryption technology on laptops and other mobile data devices containing agency data; ● Congress passed the Identity Theft Enforcement and Restitution Act, which addressed a number of deficiencies in the federal criminal related to identity theft while giving consumers an avenue for restitution for losses stemming from identity theft; ● Numerous identity theft databases (e.g. the FTC’s Identity Theft Data Clearinghouse) 25 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf © National Consumers League 2013 9
  10. 10. and joint enforcement coordination efforts have been undertaken to make enforcement efforts more efficient; and ● Identity theft coordinators have been established in each U.S. Attorney’s Office to coordinate anti-identity theft efforts between these offices and the Department of Justice.26 While a number of the task force’s recommendations had been successfully implemented, many were still in progress as of the publication of the 2008 report. A notable example is the failure of Congress to pass a comprehensive national data breach notification law. As of November 2013, 46 states as well as the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands have passed state data breach notification laws.27 This has created significant challenges given the national scope of many data breaches.28 The implementation of these consumer protections has correlated with a significant reduction in the incidence of certain types of identity theft, particularly schemes involving credit card fraud, bank fraud and loan fraud. This trend is also reflected in federal identity theft cases filed and defendants convicted, the rates of which peaked in 2007 and declined in each of the following three years.29 Whether these trends are a direct result of the new protections implemented by the federal government is unclear. However, we know that identity thieves tend to seek out schemes that offer the most profit with the least risk, so it seems plausible that these reforms are having an effect on the broader problem. III. Recommendations for Responding to Evolving Identity Theft 26 See generally: The President’s Identity Theft Task Force. Task Force Report. September 2008. Pgs. 6- 49. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 27 National Conference of State Legislatures. “State Security Breach Notification Laws.” Online: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification- laws.aspx 28 For additional discussion on this topic see: Geer, David. “Data breach notification laws, state and federal: A review with commentary for security C-levels,” CSO. November 1, 2013. Online: http://www.csoonline.com/article/742430/data-breach-notification-laws-state-and-federal?page=1 29 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf © National Consumers League 2013 10
  11. 11. Threats Consumers and law enforcement agencies have powerful tools at their disposal to attack the identity theft problem. However, as with other types of cyber crimes, identity thieves are nothing if not resilient and adaptable. For example, they appear to be shifting their activities towards tax- related identity theft, potentially as a way to avoid stronger countermeasures at financial institutions. Significant structural challenges that enable identity theft also remain an issue. In particular, the raw fuel for identity theft − compromised personal information − is more widely available than ever thanks to the explosion of data collection by the private and public sector. More information under the control of more organizations necessarily means that more data will be compromised. It should not be surprising, then, that reports of data breaches are becoming an almost daily news item. Since 2005, the non-profit Privacy Rights Clearinghouse has recorded more than 4,000 data breaches -- more than one per day for nine straight years.30 It is a near-certainty that many more breaches have gone unreported.31 The glut of data breaches may even be driving down the price of stolen identities in the cybercriminal underground due to oversupply.32 The professionalization of identity theft also poses new challenges. Whereas in the past identity theft may have been about establishing bragging rights within the hacker community, today it is a thoroughly organized money-making criminal enterprise.33 Numerous black markets for stolen identity information exist online, some even featuring help desk support.34 While There are steps that consumers can take to mitigate their risk of identity theft, the onus 30 Privacy Rights Clearinghouse. “Chronology of Data Breaches,” (Accessed November 24, 2013). Online: https://www.privacyrights.org/data-breach 31 A dramatic visualization of the growing number of of data breaches was recently created by London- based author and data-journalist David McCandless who plotted the world’s biggest data breaches on a time scale to illustrate the growing threat. Online: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 32 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen- identities-forces-price-c/240164089 33 McAfee Security Advice Center. “The Evolution of Cybercrime,” Spring 2011. Online: http://home.mcafee.com/advicecenter/?id=rs_na_sp11article1 34 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen- identities-forces-price-c/240164089 © National Consumers League 2013 11
  12. 12. must not be on the individual consumer - weak passwords are not the cause of massive ID theft. Consumers of course should monitor credit reports, install anti-virus software, keepcomputer operating systems up-to-date andmaintaining strong passwords to name but a few. However,given the explosive growth of data breaches, the ability to control vulnerability to identity theft is largely out of consumers’ control. Given these operational and structural challenges, policymakers must adapt to ensure that the gains made over the previous seven years of anti-identity theft work are not reversed. To begin a dialogue on this issue, we urge policymakers to consider the following recommendations: 1. Update the President’s Identity Theft Task Force Report. This will enable policymakers and advocates to better evaluate the impact of actions taken in response to the Task Force’s recommendations since 2008 and discuss new reforms that may be necessary given the changing nature of identity theft. 2. Congress should pass comprehensive data breach notification legislation. The 46 state data breach notification laws frequently conflict and may confuse consumers who receive notifications. Given the national (and in many cases, international) scope of data breaches, a national standard for notification is warranted. The most stringent state data breach notification laws should serve as the basis for a federal standard. 3. The Federal Trade Commission should collect and publish data on the effectiveness of the Red Flags Rule in preventing identity theft. A key provision of FACTA directed the FTC to work with the private sector to create a Red Flags Rule to enhance protections against identity theft in the business community. The full enforcement of the Rule was delayed until the end of 2010. The FTC should evaluate whether the Rule is affecting identity theft rates and, if necessary, consider strengthening the Rule to improve consumer protections. 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. The international nature of much identity theft demands cooperation between U.S. law enforcement agencies and their foreign counterparts. This is greatly facilitated when there are clear rules and procedures governing the sharing of information between international partners. 5. Federal regulators should launch a comprehensive effort to improve consumer protections from tax-related identity theft. Identity thieves taking advantage of the © National Consumers League 2013 12
  13. 13. U.S. tax collection system has become a major cause for concern. Consumer should be empowered to take preemptive action to protect themselves from tax-related identity theft. The IRS should expand the availability of PIN technology to consumers that request it, not just identified victims of identity theft. 6. Explore additional incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. Limiting consumer liability for fraudulent credit and debit card purchases has been a key driver of improved fraud protection in the financial services industry. Policymakers should explore whether similar reforms would incentivize the private sector to increase data security standards. IV. Conclusion Identity theft is a pernicious threat that affects millions of American consumers annually, costs the U.S. economy and taxpayers billions of dollars, and reduces confidence in the Internet and small businesses. It has been more than fifteen years since Congress passed its first law specifically targeting the identity theft problem. It has been more than seven years since a Presidential level task force was convened to improve the federal government and private sector’s response to the problem of identity theft. While these efforts have shown some success, it is clear that identity theft remains a problem of massive proportions. It is therefore imperative that policymakers, advocates and the general public recommit themselves to reducing the plague of of identity theft. There are a number of reforms that would help to achieve this objective, several of which are discussed in this report. We urge Congress and federal regulators to consider the continuing threat of identity theft and maintain their vigilance against this serious crime. © National Consumers League 2013 13

×