More than a year after President Bush commissioned a task force on the topic, the Department of Justice has finally drawn up legislation to combat identity theft. And if the DoJ's efforts remain consistent with the objectives stated in the task force's strategic plan (PDF), the new bill could in fact mark significant progress in protecting personal identity data.
[ Mario Apicella's column is now a blog! Get the latest storage news in the Storage Adviser blog. ]
Just last month I myself became a victim of identity theft. Fortunately, it was of a less damaging variety, one that the DoJ labels "existing account fraud," which it defines as an incident in which "thieves obtain account information involving credit, brokerage, banking, or utility accounts that are already open. Existing account fraud is typically a less costly, but more prevalent, form of identity theft."
It appears that the thieves had access to only my credit card number, but they made good use of that information. I first realized that something was wrong when the grocery store rejected payment with my Visa. I used another card to check out, without thinking much of it because I had just used the same card without problems at another store.
Back at home, a message from my bank informed me that my card had been suspended because of "suspicious activity." Suspicious, indeed: Checking my account online, I found about 30 fraudulent transactions for a total of about $600.
Not more than 24 hours apart, the charges were registered in Europe, the United States, and Canada, including a hotel bill in Germany, payment to an Islamic organization in California, and another to the Red Cross in Washington. Obviously, someone was treating themselves to quite a shopping spree using my account number while my card was still in my wallet.
A call to my bank confirmed that my credit card number had been hijacked. "Wait to see if those temporary charges become confirmed," I was told, "then call us again to dispute what's left."
Two days later, only a handful of those charges had been confirmed. I called every payee and found that none of them had bothered to check the identity of my impersonator. That person was able to pay using only my credit card number, without having to prove his or her identity.
Worse yet, my impersonator had given a completely different name and address for those bogus transactions, and the merchants failed to check these against the information associated with my card.
I probably won't have to take any direct financial impact from that experience because either my bank or the merchants will absorb the loss. However, that expense eventually trickles down to everyone in the form of higher service fees or an increased cost of goods and services.