Who Loses In Identity Theft
If you happen to catch it in time, the bank gives you back your money, but the hell goes on and on and on from there. And, if the bank is the one who laid you open for identity theft, as I have reason to believe happened in my case (I write checks only to a trusted handful like my landlord and assistant, and don't pay with an ATM card), who compensates you for that?
The always-excellent Katherine Mangu-Ward makes a good point via Bruce Schneier in interviewing him for reason:
Reason: One theme that comes up in your book and some of the interviews you've done recently is the idea that when money/profit is involved, security operations tend to be tighter and more efficient. Explain to Reason.com readers--or at least speculate on--why that's the case.Schneier: The person or organization who is subject to the risk needs to be responsible for risk mitigation. In banking, for example, the banks need to be responsible for their own risk. They lose money if the bank is robbed, so they're in the best position to weigh the cost of security measures against the risk of robbery. Customers don't lose money when there's a bank robbery, so they can't balance the risks and costs. Conversely, it makes no sense for bank customers to be penalized for identity theft losses. They're in no position to mitigate the risks--whereas the banks are--so customers shouldn't be responsible for the losses.
This doesn't mean there's no place for government to be responsible for risks. In airline security, the risks are far greater than any one airline. It makes no sense for airlines to hire security screeners--they can't do a proper risk analysis--and a lot of sense for the government to step in to fill that role.
Banks like the incredibly negligent Bank of America, which allowed me to be a victim of identity theft through their spectacular negligence, don't pick up the cost of your time in sweeping up the mess afterward. They don't pay you back for loss of peace of mind that goes on for years afterward. And if you're one of the few who gets picked up on criminal charges for a crime committed by the person running around with your identity, just try not to be murdered in jail, 'kay?
Banks are notoriously hard to sue, and attorney and identity theft expert Mari Frank told me that a bank will bury you in paperwork, costing you megabucks. And because the bank pays you back the money the thief took from your account, the law makes them the victim, and you're left rather toothless in terms of an ability to take corrective action. The law needs to be changed to give the real victim rights.
"It makes no sense for airlines to hire security screeners--they can't do a proper risk analysis--and a lot of sense for the government to step in to fill that role."
Although government agencies like the FBI and NTSB are superb investigators who will have a sense of threat levels, they do not have a stake in directly protecting you. They cannot be sued or enjoined to protect you, personally, no matter what. After the bomber gets by the minimum-wage drooler - or the bright and earnest lady who is distracted by yet another idiot who has not heard he can't bring six carry-ons and wants to argue - it's going to be just too bad.
Airlines have the ability to do these threat analyses, because the problem is one of simple physics: there is a set number of ways to do harm to a passenger, many passengers, a plane, many planes and targets on the ground. The problems really lie in what to do about each scenario - and the feds, in charge of air traffic control, are saddled with outcome-based testing in their employment measures.
In the case of air travel, you are prevented from being responsible for yourself by government policies that also fail to be responsible for you. In the case of large banks allowing identity theft, it's bank policy leaving you out in the cold.
Radwaste at January 17, 2009 1:33 PM
Four years ago, someone inside my bank stole my address, account number, my wife's birthday and drivers license numbers from a check she wrote at a store. They used it to buy prepaid cell phones from several carriers and a $1000 prepaid debit card, and prepaid travel among other purchases.
I notified the bank which made good the losses within a day or two, even though they sent me a letter saying under Federal law banks need not make up looses due to identity theft.
I also tried to file a police report in my local suburban Los Angles police station. They could not have been less interested, saying they dont investigate nonviolent property crimes. The local police did tell me that cell phone companies refuse to cooperate with police and generally repay victims when they must.
Police in another LA suburb where the cell phone stores were located also refused to investigate my theft.
The one guy who really helped was a VP of the debit card company. I tracked down the company and its officers in Oklahoma and left a message at 4 am on his office voicemail..telling him I had a theft, his company was involved and I was going to the FBI office in LA that morning. Would he like to help before the FBI was notified?
He called back, got his security chief on the case and they blocked the cards... soon after, they got an angry call from a woman in Memphis whose card didn't work at bank ATM. The company told her they had a computer glitch and offered to meet her the next day at a Memphis bank to replace the "faulty" debit card. When she came to the meeting the next day, the Secret Service arrested her.
About two years later, the bank sent a letter saying that one of their employees had been the identity thief and had victimized many customers. The bank apologized and offered us three months free service if we signed up for their identity protection plan.
Mike in So Cal at January 24, 2009 12:28 PM
Amy Alkon
http://www.advicegoddess.com/archives/2009/01/17/who_loses_in_id.html#comment-1622950">comment from Mike in So CalDisgusting, isn't it, how nobody will pursue these thieves. Loved your persistence and your refusal to let them get away with it. Just wondering...what bank do you bank at?
Amy Alkon
at January 24, 2009 1:26 PM
Amy,
It was Bank of America, and we still use them.
In rereading my post, I see I did not give the bank the credit they deserved for handling our problem so quickly and so well. The bank really was very helpful and saved us from a lot of trouble and inconvenience. I think they did a good job of recovering from a bad situation.
Mike
Mike in So Cal at January 24, 2009 9:15 PM
Amy Alkon
http://www.advicegoddess.com/archives/2009/01/17/who_loses_in_id.html#comment-1623021">comment from Mike in So CalMike, I would rather keep my money in a mason jar in my backyard than bank with Bank of America after what I found out about them. Their tellers, on seven separate occasions, in places I never go, gave a total of $12,000 of my money to thieves with ONLY a fake driver's license in my name. Bank of America refused (despite the fact that it's the law) to give me videotape of the thieves, probably because it would've revealed the way they just seem to...HOPE it's you they're giving your money to. People ran tests in B of A branches in various places in America and found that they were able to use ONLY a driver's license -- and not that of the person presenting it in one case -- to get money out of accounts. In the midwest, the teller didn't even look at the driver's license and they gave the person money. Knowing that, I sure wouldn't bank at B of A. One of their reps told me California is not connected by computer to the rest of the country. Many branches seem not to be connected by one main system, since they are unable to read the bankcards at teller windows of people from Texas when they are in California. I know this from two people who have their accounts at B of A branches in Texas who bank in California.
Amy Alkon
at January 25, 2009 12:05 AM
Leave a comment